IETF Logo Mail Archive

MLD snooping of solicted-node multicast (Was: Re: New Version Notification for draft-halpern-6man-nd-pre-resolve-addr-00.txt

Ole Troan <otroan@employees.org> Fri, 17 January 2014 09:44 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FE7C1ADFB9 for <ipv6@ietfa.amsl.com>; Fri, 17 Jan 2014 01:44:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pSYrqKilEuFp for <ipv6@ietfa.amsl.com>; Fri, 17 Jan 2014 01:44:05 -0800 (PST)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) by ietfa.amsl.com (Postfix) with ESMTP id 295371ADFB6 for <ipv6@ietf.org>; Fri, 17 Jan 2014 01:44:05 -0800 (PST)
X-Files: signature.asc : 496
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ai0FAJFf2FKQ/khR/2dsb2JhbABZgwu8H4EPFnSCJQEBAQMBdwIFCxktC1cGiA8IxUEXjn8HgySBFASQOpl+gW+BPzs
X-IronPort-AV: E=Sophos; i="4.95,670,1384300800"; d="asc'?scan'208"; a="3761707"
Received: from ams-core-1.cisco.com ([144.254.72.81]) by aer-iport-1.cisco.com with ESMTP; 17 Jan 2014 09:43:52 +0000
Received: from dhcp-lys01-vla250-10-147-113-220.cisco.com (dhcp-lys01-vla250-10-147-113-220.cisco.com [10.147.113.220]) by ams-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s0H9hpKk013833 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 17 Jan 2014 09:43:51 GMT
Content-Type: multipart/signed; boundary="Apple-Mail=_CBC3F3EC-DDFC-4D44-A5CB-615898CCA569"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
Subject: MLD snooping of solicted-node multicast (Was: Re: New Version Notification for draft-halpern-6man-nd-pre-resolve-addr-00.txt
From: Ole Troan <otroan@employees.org>
In-Reply-To: <72381AF1F18BAE4F890A0813768D992817FCA84E@sdcexchms.au.logicalis.com>
Date: Fri, 17 Jan 2014 10:43:50 +0100
Message-Id: <892FB91E-311D-4A50-A38B-4972F70847AB@employees.org>
References: <20140111004402.10451.90724.idtracker@ietfa.amsl.com> <BF6E0BD839774345977891C597F8B50C5CE74C@eusaamb109.ericsson.se> <72381AF1F18BAE4F890A0813768D992817FCA84E@sdcexchms.au.logicalis.com>
To: Greg Daley <gdaley@au.logicalis.com>
X-Mailer: Apple Mail (2.1827)
Cc: 6man WG <ipv6@ietf.org>, Ing-Wher Chen <ing-wher.chen@ericsson.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2014 09:44:06 -0000

Greg, sorry to divert your thread.

> Neighbour Solicitation messages for incomplete entries (per RFC 4861 S7.2.2) will be dropped by the snooping switches if there is no Multicast subscriber for the solicited nodes' multicast address.  Not only is this a mitigation of the potential attack, but also indicates an alternative for non-snooping networks:

I hear that MLD snooping for the solicited-node multicast groups isn't supported in most (if not all) switches.
partly because MLD snooping doesn't work well, but also because it becomes very costly to support state for this many multicast groups.

anyone with differing experience?

cheers,
Ole

v2.23.0 | Report a Bug | By Email