IETF Logo Mail Archive

Re: [v6ops] new draft: draft-elkins-v6ops-multicast-virtual-nodes

Nalini Elkins <nalini.elkins@insidethestack.com> Fri, 19 September 2014 23:52 UTC

Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 401B51A8902 for <v6ops@ietfa.amsl.com>; Fri, 19 Sep 2014 16:52:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.6
X-Spam-Level:
X-Spam-Status: No, score=-1.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jGq8TlBeVZtO for <v6ops@ietfa.amsl.com>; Fri, 19 Sep 2014 16:52:20 -0700 (PDT)
Received: from nm20-vm4.bullet.mail.ne1.yahoo.com (nm20-vm4.bullet.mail.ne1.yahoo.com [98.138.91.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF7D31A8901 for <v6ops@ietf.org>; Fri, 19 Sep 2014 16:52:19 -0700 (PDT)
Received: from [98.138.100.117] by nm20.bullet.mail.ne1.yahoo.com with NNFMP; 19 Sep 2014 23:52:19 -0000
Received: from [98.138.226.161] by tm108.bullet.mail.ne1.yahoo.com with NNFMP; 19 Sep 2014 23:52:19 -0000
Received: from [127.0.0.1] by omp1062.mail.ne1.yahoo.com with NNFMP; 19 Sep 2014 23:52:19 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 149417.16600.bm@omp1062.mail.ne1.yahoo.com
Received: (qmail 50876 invoked by uid 60001); 19 Sep 2014 23:52:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1411170739; bh=9eDuKt4CYm3RsGCSl1cMjp+HeeO/e1HTvTR2AH2/Doc=; h=References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=y4DDz6RR1iFXAAfQmWZzIInAlQEzryV7gSCzM/qnFvApAXhlUp0BGDNnvosQBqka1QiUloQSplpws1DnCciaH1McRAqng7smwsWU8FttxVM7+iIGn6sLaNM6qVK/w18K/5WJpekyVYsmyuys0QYvozTLejJziG7AIHWmwVKXT/8=
X-YMail-OSG: 0TxfN5gVM1mjvvLW2M17igXzWtg3rqzB26VNDM_OeWzKeJD KOiy2dqYQcmVCA9qW8qP9EE9jBww19Utrs1qI7WSqM7xhkd33G94Prq0o11v eBCA3OTrH09yepKD5LGZO9SNSAu.EgTuP40LugZ22bBvp9LHC91ByAx7gC2X 1_vWHm_8hhEjcP9Z299Y6zDtj.fHSk_lLoSjFZElaBKzzG.P_v1u7pnC7Np_ KNQfnPkcKrH3rY55cifWl_d6H2FQmDklJhM5wyFsunSdqfQGLkBFaWIh0K1o rPXl1hkvBC1L7A1bcZAfoi0jKBS.0sEpcep6GXwENSYhvKK1ILGHhpC3lmkS kn5njqE6nEVXMoi0p7Q2jWl.vn8nbKO7zfUAqh7HHMi28Xzxo2UFfMD6nAau 5gS.2KI_yu6ZMek28lgLP7E6Eeik1Oysocj4CBJJitJji6PxAs3ORRQm_Reh Z0X5M5N_7W5Xa9Bt9UwtEY7LwHO3VuxpJkBiGrVr3dD5p2lKWwj.8M9Vd4wj 5ZpmcknjfDmPOw5tVg7LLRczRYOWeg_cgFU9koNuYapYiFl4GIo.e7vO.Bib _oDijdB1xcl4IMHIunkfwmBlPcw49Z0NGL_afovMTeyJgxX4bGUtWKq40dr1 Xwy2mRNOn76eAt42tgg--
Received: from [24.130.244.175] by web125106.mail.ne1.yahoo.com via HTTP; Fri, 19 Sep 2014 16:52:18 PDT
X-Rocket-MIMEInfo: 002.001, TmljaywKClRyeSBkb2luZyA6CgpQSU5HIEZGMDI6OjEgLW4gMTAKCkhvdyBtYW55IGRldmljZXMgaGF2ZSB5b3Ugb24gbGluayB3aXRoIHlvdT8KCkFtIGhhcHB5IHRvIHNoYXJlIHRoZSBQQ0FQIHdpdGggeW91IHByaXZhdGVseS4gICBQbHMgbGV0IG1lIGtub3cuCiAKVGhhbmtzLAoKTmFsaW5pIEVsa2lucwpJbnNpZGUgUHJvZHVjdHMsIEluYy4KKDgzMSkgNjU5LTgzNjAKd3d3Lmluc2lkZXRoZXN0YWNrLmNvbQoKCgotLS0tLSBPcmlnaW5hbCBNZXNzYWdlIC0tLS0tCkZyb206IE5pY2sgSGlsbGlhcmQgPG4BMAEBAQE-
X-Mailer: YahooMailWebService/0.8.203.696
References: <201409191147.s8JBl1Fe016458@irp-lnx1.cisco.com> <CAPi140O_WkcS9uFCSK0+tVDF3Z1sB4_UF5Zv9kpNEMh7m94Vww@mail.gmail.com> <1411154671.21942.YahooMailNeo@web125102.mail.ne1.yahoo.com> <CAPi140Ob+TeDyYfw_1A2Q55gEF5-rNrLynQ1LkGHOVnGcNcpLA@mail.gmail.com> <4FC37E442D05A748896589E468752CAA0CCCABFB@PWN401EA160.ent.corp.bcbsm.com> <CAPi140MfAqRpCV8cW50N0cGZsE4Q9CC0ZUB6xQoAgUn4F3P6WA@mail.gmail.com> <541CBD81.20209@foobar.org>
Message-ID: <1411170738.31683.YahooMailNeo@web125106.mail.ne1.yahoo.com>
Date: Fri, 19 Sep 2014 16:52:18 -0700
From: Nalini Elkins <nalini.elkins@insidethestack.com>
To: Nick Hilliard <nick@foobar.org>, Andrew 👽 Yourtchenko <ayourtch@gmail.com>
In-Reply-To: <541CBD81.20209@foobar.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/AuFRR1jJagspJToC20DYKDidq8w
Cc: "draft-elkins-v6ops-multicast-virtual-nodes@tools.ietf.org" <draft-elkins-v6ops-multicast-virtual-nodes@tools.ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>
Subject: Re: [v6ops] new draft: draft-elkins-v6ops-multicast-virtual-nodes
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Nalini Elkins <nalini.elkins@insidethestack.com>
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2014 23:52:21 -0000

Nick,

Try doing :

PING FF02::1 -n 10

How many devices have you on link with you?

Am happy to share the PCAP with you privately.   Pls let me know.
 
Thanks,

Nalini Elkins
Inside Products, Inc.
(831) 659-8360
www.insidethestack.com



----- Original Message -----
From: Nick Hilliard <nick@foobar.org>
To: Andrew 👽 Yourtchenko <ayourtch@gmail.com>
Cc: "draft-elkins-v6ops-multicast-virtual-nodes@tools.ietf.org" <draft-elkins-v6ops-multicast-virtual-nodes@tools.ietf.org>; "v6ops@ietf.org" <v6ops@ietf.org>
Sent: Friday, September 19, 2014 4:34 PM
Subject: Re: [v6ops] new draft: draft-elkins-v6ops-multicast-virtual-nodes

On 19/09/2014 23:24, Andrew 👽  Yourtchenko wrote:
> If the draft had just the (2) above (even limit it to just
> observations, maybe? Could someone else from the community chime in
> who thinks it is a problem?),and also discussed whether one can use
> larger scopes (what happens if ff05::1?), and the *operational*
> measures that can be taken today to prevent that threat, this would
> make it self-contained. 

the draft describes that when pinging the mcast all-hosts address, a bunch
of replies are received from third party hosts which populated the nd cache
on the author's machine with a bunch of entries.  The authors have not
provided enough detail in the email to show the cause of the amplification;
anecdotally on my home network, pinging ff02::1%en0 causes some ND packets
and gets a single echo reply per node, which is nothing like what the
authors of this draft are seeing.

It would be more useful at this stage for the authors to upload a pcap file
for analysis rather than assuming there is a protocol level problem.  It
seems unusual that 10 icmp requests would result in 2840 replies but
without details, it's not possible to tell what's going on and on that
basis, an ID seems premature.

As a side note, the ND cache entries look like they're derived from Xen MAC
adddresses (00:16:3E:*).  If the virtual hosting provider in question has
made ipv6 end-user access available on a shared broadcast domain on Xen,
then large ND caches are probably the least of their worries: neither Xen
nor openvswitch support RA guard at the time of writing, which means that
if the authors were to inject fake RAs, they could trivially take over the
entire ipv6 network.

Nick





_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email