IETF Logo Mail Archive

Re: MLD snooping of solicted-node multicast (Was: Re: New Version Notification for draft-halpern-6man-nd-pre-resolve-addr-00.txt

Tim Chown <tjc@ecs.soton.ac.uk> Fri, 17 January 2014 13:39 UTC

Return-Path: <tjc@ecs.soton.ac.uk>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE0531AE0B9 for <ipv6@ietfa.amsl.com>; Fri, 17 Jan 2014 05:39:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.759
X-Spam-Level:
X-Spam-Status: No, score=-1.759 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.538, SPF_NEUTRAL=0.779] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gHlvR604MxGv for <ipv6@ietfa.amsl.com>; Fri, 17 Jan 2014 05:38:58 -0800 (PST)
Received: from falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [IPv6:2001:630:d0:f102::25e]) by ietfa.amsl.com (Postfix) with ESMTP id 9363E1ADF60 for <ipv6@ietf.org>; Fri, 17 Jan 2014 05:38:58 -0800 (PST)
Received: from falcon.ecs.soton.ac.uk (localhost [127.0.0.1]) by falcon.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id s0HDc8tM028880; Fri, 17 Jan 2014 13:38:08 GMT
X-DKIM: Sendmail DKIM Filter v2.8.2 falcon.ecs.soton.ac.uk s0HDc8tM028880
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=ecs.soton.ac.uk; s=201304; t=1389965889; bh=DF9HFkXIHZuYnVbR2cb0IkJKZS8=; h=Mime-Version:Subject:From:In-Reply-To:Date:Cc:References:To; b=OoxMglUa9JWy1pzQMppSrBJkkMO1aV6tCraHald7r6sLDQbzdjLicMBHAASn2NciV 4m/J01kLeQUN7jvflxxKwE19LEvfkXC8SmOr9Rwk7RWkkt/RGWbaaDV5zfkNC0CRyK 7kdntFDN0rcK75mB4gPuGJHtw+2yj53LcDFro0sI=
Received: from gander.ecs.soton.ac.uk ([2001:630:d0:f102:250:56ff:fea0:401]) by falcon.ecs.soton.ac.uk (falcon.ecs.soton.ac.uk [2001:630:d0:f102:250:56ff:fea0:68da]) envelope-from <tjc@ecs.soton.ac.uk> with ESMTP (valid=N/A) id q0GDc80959608839YA ret-id none; Fri, 17 Jan 2014 13:38:09 +0000
Received: from dhcp-163-20.wireless.soton.ac.uk (dhcp-163-20.wireless.soton.ac.uk [152.78.163.20] (may be forged)) (authenticated bits=0) by gander.ecs.soton.ac.uk (8.13.8/8.13.8) with ESMTP id s0HDc4Hx027137 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 17 Jan 2014 13:38:04 GMT
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
Subject: Re: MLD snooping of solicted-node multicast (Was: Re: New Version Notification for draft-halpern-6man-nd-pre-resolve-addr-00.txt
From: Tim Chown <tjc@ecs.soton.ac.uk>
In-Reply-To: <892FB91E-311D-4A50-A38B-4972F70847AB@employees.org>
Date: Fri, 17 Jan 2014 13:38:06 +0000
Content-Transfer-Encoding: quoted-printable
Message-ID: <EMEW3|25336b861042fd40fe5245953c91fd64q0GDc803tjc|ecs.soton.ac.uk|5DC8FA82-DD79-49F5-8842-0243CDF77B7D@ecs.soton.ac.uk>
References: <20140111004402.10451.90724.idtracker@ietfa.amsl.com> <BF6E0BD839774345977891C597F8B50C5CE74C@eusaamb109.ericsson.se> <72381AF1F18BAE4F890A0813768D992817FCA84E@sdcexchms.au.logicalis.com> <892FB91E-311D-4A50-A38B-4972F70847AB@employees.org> <5DC8FA82-DD79-49F5-8842-0243CDF77B7D@ecs.soton.ac.uk>
To: Ole Troan <otroan@employees.org>
X-Mailer: Apple Mail (2.1510)
X-ECS-MailScanner: Found to be clean, Found to be clean
X-smtpf-Report: sid=q0GDc8095960883900; tid=q0GDc80959608839YA; client=relay,forged,no_ptr,ipv6; mail=; rcpt=; nrcpt=4:0; fails=0
X-ECS-MailScanner-Information: Please contact the ISP for more information
X-ECS-MailScanner-ID: s0HDc8tM028880
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
Cc: Ing-Wher Chen <ing-wher.chen@ericsson.com>, 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2014 13:39:01 -0000

On 17 Jan 2014, at 09:43, Ole Troan <otroan@employees.org> wrote:

> Greg, sorry to divert your thread.
> 
>> Neighbour Solicitation messages for incomplete entries (per RFC 4861 S7.2.2) will be dropped by the snooping switches if there is no Multicast subscriber for the solicited nodes' multicast address.  Not only is this a mitigation of the potential attack, but also indicates an alternative for non-snooping networks:
> 
> I hear that MLD snooping for the solicited-node multicast groups isn't supported in most (if not all) switches.
> partly because MLD snooping doesn't work well, but also because it becomes very costly to support state for this many multicast groups.
> 
> anyone with differing experience?

Well, MLD snooping seems very prone to bugs.  We have an open case currently with a particular vendor which means if we enable MLD snooping (which is beneficial given we have several multicast IPv6 TV channels) the devices will get a little 'enthusiastic' and filter all RAs.  We have had at least one similar case in the past.  I guess use of MLD snooping in enterprise networks is relatively rare though.

Tim

v2.23.0 | Report a Bug | By Email