Re: [v6ops] Interesting problems with using IPv6

Brian E Carpenter <> Tue, 09 September 2014 20:40 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 9F5391A0149 for <>; Tue, 9 Sep 2014 13:40:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NSDY37AME71u for <>; Tue, 9 Sep 2014 13:40:36 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c03::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8A70F1A010A for <>; Tue, 9 Sep 2014 13:40:36 -0700 (PDT)
Received: by with SMTP id bj1so4977601pad.14 for <>; Tue, 09 Sep 2014 13:40:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=TTPfTc9HVrN99VdSiOginMERt+pb7r1c0HOmDCLURCI=; b=NUuQ7x5JNlvjjj9kST8OdBD32xU4q2U6/9TE7tLM28ddokt7K1isYqDzt+qzAnyrTr sEjIx4S/sH+W/Uf+v07SfmrcMM+kEmpCaeWvleA+7oG84lBBMOc/OeoRY4Cd4JofnVzo 8dKwNtkeP2VUEF9K0Joe9OeFTByf7593BviTlzl5hdVSqTkGNEoVOFS1AgMfAhrtomO/ m0NABGp/71Nz5bnFme/BkNbiYaUz1ma4oRtFpJaWiuJF1VjPvj0uhZwvveb04Lecri5S j9KgOnZsLWPyEfHkJS6Yc9xNtqgWqBaAtkalQnuICa6olRmP4TiM/Y8I7NLdFNH8hpRj BPBg==
X-Received: by with SMTP id rx6mr18278591pab.128.1410295236162; Tue, 09 Sep 2014 13:40:36 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id lx10sm12591713pdb.31.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 09 Sep 2014 13:40:35 -0700 (PDT)
Message-ID: <>
Date: Wed, 10 Sep 2014 08:40:36 +1200
From: Brian E Carpenter <>
Organization: University of Auckland
User-Agent: Thunderbird (Windows/20070728)
MIME-Version: 1.0
To: Brian Haberman <>
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [v6ops] Interesting problems with using IPv6
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 09 Sep 2014 20:40:38 -0000

On 10/09/2014 05:09, Brian Haberman wrote:
> On 9/9/14 10:16 AM, Fernando Gont wrote:
>> On 09/09/2014 04:20 AM, Brian E Carpenter wrote:
>>>>> OK, but I would also like to understand why we require
>>>>> MLD messages for a Solicited-Node multicast address to
>>>>> set Router Alert.
>>>> Because in theory the multicast router needs to process the MLD message
>>>> to build its forwarding table....
>>> Why, for the Solicited-Node group, which is only meaningful on the link
>>> from which the MLD message arrives?
>> Then, let me change the question: Why do I need MLD for *this*?

I think Brian Haberman's reply shows why that is the wrong question.
You need MLD for every multicast group, including a solicited-node
group, and if you insist on MLD snooping in the bridges (let's not
obfuscate by calling them switches) then you need to snoop every
solicited-node group.

My question is orthogonal to MLD snooping: why do we require router-alert
for MLD messages referring to a solicited-node group, since it by
definition is limited to a single L2 link (even if that link is
split up by bridges)?

I tend to think this requirement is an error in the MLD spec.

    Brian C

> The MLD specs say that an MLD Report is sent for every multicast group
> joined except the All-Nodes multicast address.
> The use of MLD Reports for essentially all multicast addresses was done
> to facilitate this very type of snooping functionality.  The use of
> Router Alerts in MLD messages is due to MLDv1 (and IGMPv2) using the
> group address as the IP destination rather than the All-Routers
> multicast address.
>> We probably use MLD because "If you use multicast, you use MLD". Truth
>> is that, *unless your switch does MLD snooping* (and hence you *need*
>> MLD, or else your packets will not flow around), you could completely
>> kill MLD, and ND would still work just fine.
> Sure, since NDP is link-local.  The drawback is what happens if your
> network is using RFC 4541 snooping that relies on seeing those MLD
> messages to build forwarding/filtering tables?
>> Not to mention that there are nodes that default t running MLDv2 *for
>> this* (way overkill, IMO)
> Why is MLDv2 overkill?
> Brian
> ------------------------------------------------------------------------
> _______________________________________________
> v6ops mailing list