IETF Logo Mail Archive

Re: [v6ops] ref Hosts dont MLD to join LL groups

Owen DeLong <owen@delong.com> Fri, 24 July 2015 01:15 UTC

Return-Path: <owen@delong.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EEF61AD05D for <v6ops@ietfa.amsl.com>; Thu, 23 Jul 2015 18:15:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.11
X-Spam-Level:
X-Spam-Status: No, score=-1.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UN7e924T9RBm for <v6ops@ietfa.amsl.com>; Thu, 23 Jul 2015 18:15:15 -0700 (PDT)
Received: from owen.delong.com (owen.delong.com [IPv6:2620:0:930::200:2]) by ietfa.amsl.com (Postfix) with ESMTP id ADC821A1A87 for <v6ops@ietf.org>; Thu, 23 Jul 2015 18:15:14 -0700 (PDT)
Received: from [IPv6:2620::930:0:ae87:a3ff:fe29:7192] ([IPv6:2620:0:930:0:ae87:a3ff:fe29:7192]) (authenticated bits=0) by owen.delong.com (8.14.5/8.14.2) with ESMTP id t6O1FBl6018824 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 23 Jul 2015 18:15:12 -0700
Content-Type: multipart/alternative; boundary="Apple-Mail=_ABAC8489-9F8D-496D-9761-530018BCD0C6"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Owen DeLong <owen@delong.com>
In-Reply-To: <55B0E2C5.2060309@gmail.com>
Date: Thu, 23 Jul 2015 18:15:11 -0700
Message-Id: <39785499-6DB4-4DA4-BA48-2E4A7FA8224F@delong.com>
References: <55AE42A4.8020908@gmail.com> <5CD05758-D7B7-476D-9936-E5A1D0614AF8@employees.org> <55B0D356.7070505@gmail.com> <6666FED5-227B-496F-B5F5-2883A12F9B96@employees.org> <55B0DB2B.1030703@gmail.com> <20150723122710.GX57117@ernw.de> <55B0E2C5.2060309@gmail.com>
To: Alexandru Petrescu <alexandru.petrescu@gmail.com>
X-Mailer: Apple Mail (2.2098)
Archived-At: <http://mailarchive.ietf.org/arch/msg/v6ops/Rv-yKYviih8k-jpyI0_9UIShDUA>
Cc: v6ops@ietf.org
Subject: Re: [v6ops] ref Hosts dont MLD to join LL groups
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2015 01:15:19 -0000

> On Jul 23, 2015, at 05:49 , Alexandru Petrescu <alexandru.petrescu@gmail.com> wrote:
> 
> 
> 
> Le 23/07/2015 14:27, Enno Rey a écrit :
>> Hi,
>> 
>> On Thu, Jul 23, 2015 at 02:16:43PM +0200, Alexandru Petrescu wrote:
>>> If one disallows all MLD joins for all link-scoped IP multicast
>>> addresses - why does one need IP multicast addresses with link
>>> scope?
>>> 
>>> Why does one need the lino-layer  33::1 address?
>>> 
>>> If one doesnt need 33::1 then why Ethernet provides it?
>>> 
>>> I guess what I am trying to say is that it's useless to have
>>> multicast groups if one can't join them.
>> 
>> define "join a multicast group"...
> 
> Inform the sender willingnes to be part of the group.  If not part of
> group, then sender will not send it.  Same concept at L2 and at L3.

That’s simply not true…

Even if I turn off every SSDP listener on my network, I still have many devices sending many SSDP
packets in IPv4 _AND_ IPv6.

And those packets are visible to _EVERY_ host on the link, not just the ones that subscribed.

MLD is used to tell routers that you want to join a group so that it knows someone on link A
wants to see the multicast packets for that group from Link B.

>> strictly speaking MLD as a whole is only needed for interdomain
>> multicast anyway.
> 
> Disagree - beyond just interdomain multicast, Ethernet has link-layer
> multicast builtin.  There is no 'broadcast' address anymore in Ethernet
> since some time, replaced by 'multicast': supposedly better at saving
> battery and other advantages.

Yes, but Ethernet Link Layer Multicast doesn’t use MLD for delivery decisions.

From Cisco’s documentation on MLD snooping:

MLD Snooping Overview 

 <>MLD snooping allows the switch to examine MLD packets and make forwarding decisions based on their content. 

 <>You can configure the switch to use MLD snooping in subnets that receive MLD queries from either MLD or the MLD snooping querier. MLD snooping constrains IPv6 multicast traffic at Layer 2 by configuring Layer 2 LAN ports dynamically to forward IPv6 multicast traffic only to those ports that want to receive it. 

 <>MLD, which runs at Layer 3 on a multicast router, generates Layer 3 MLD queries in subnets where the multicast traffic needs to be routed. For information about MLD, see this publication: 

 <>http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/12-2sx/ipv6-12-2sx-book.html <http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/12-2sx/ipv6-12-2sx-book.html> <>You can configure the MLD snooping querier on the switch to support MLD snooping in subnets that do not have any multicast router interfaces. For more information about the MLD snooping querier, see the "Enabling the MLD Snooping Querier" section <http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoopmld.html#wp1050624>. 

 <>MLD (on a multicast router) or, locally, the MLD snooping querier, sends out periodic general MLD queries that the switch forwards through all ports in the VLAN, and to which hosts respond. MLD snooping monitors the Layer 3 MLD traffic. 



In other words, MLD is strictly a layer 3 function. Some Layer 2 devices do interesting things with it (MLD Snooping), but counting on MLD to discover a listener that is not trying to listen or subscribe beyond the local link scope is not guaranteed to work.

Unfortunately, there probably are many other misguided implementers like Alexandru out there, so it is likely that turning off MLD for Link Local would break things in a number of existing implementations even though it shouldn’t.

Tough call whether that’s overall a good thing (let’s break it to make the world better and fix the implementations that identify themselves when it breaks) or a bad idea (generally breaking stuff is bad unless you have a really good reason to do so.).

I will say that ideally, we should pick a consistent decision… Either require MLD for all multicast joins, including link local or prohibit MLD for link-scoped multicast. The current “You can MLD if you want to and what happens when you don’t is undefined for all but a select few pre-defined groups is anybody’s guess” probably isn’t ideal no matter what.

>> on the local link you join a MC group by kind-of self declaration
>> ("hey I consider myself part of that group
> 
> That is an Ethernet message.

Nope… It’s a matter of adding the applicable Mac address and IP address to the “interesting addresses” list on the interface.

To the best of my knowledge, there’s no Ethernet L2 message for expressing interest or lack thereof in a multicast group.

MAC addressing is handled by a reserved Mac range (01:00:5E:00:00:00/25)  for IPv4 multicast, where the low-order 23-bits of the multicast group IP address are placed in the low order 23 bits of the MAC address.

IPv6 multicast uses MAC addresses in the range 33:33:0:0:0:0/16 and maps the low order 32 bits of the multicast group onto the low order 32 bits of the MAC address.

Nowhere in the ethernet L2 world is there anything special about 33:33::/16. It’s strictly a conventional reservation from an Ethernet perspective. A bridge does not (necessarily)  see it as different from any other MAC address.

The exception would be bridges that implement MLD snooping where you are then counting on receiving L3 MLD messages to tell the bridge how to behave, but said MLD messages may or may not exist. An MLD querier can be configured on some bridges in order to solicit additional MLD joins, but hosts are not required or necessarily expected to send said joins for link local scoped groups unless solicited. Even then, it is a Layer 3 function which the switch is using kind of a hack to take advantage of to inform L2 forwarding.

> Some cards send that message, others don't.  All should.

Source? Nothing in the standards I could find requires or even says “Should” in any of the IEEE documents I could find.

>> so I'm interested in
>> certain traffic and hence instruct my stack to listen to/process
>> packets with certain addresses"). no need of MLD for that action.
> 
> How does the Ethernet layer know this is a Router, and not a Host?  Only by knowing that it can join the all-hosts or all-routers link-layer address.  And only the IP stack knows whether it's a Host or a Router. So the IP stack should tell the Ethernet layer to make that link-layer join.

It cannot be a router and not a host. It can be a host and not a router. All routers are by definition hosts. Not all hosts are routers.

The IP stack tells the ethernet layer which addresses are interesting. 

On Linux, you can find it here:

owen.delong.com:owen /proc/16742/net (167) % cat /proc/net/dev_mcast
2    em1             1     0     333300000001
2    em1             1     0     01005e000001
2    em1             1     0     3333ff5abc51
2    em1             1     0     01005e0000fb
2    em1             1     0     3333ff000001
2    em1             1     0     3333ff000002
2    em1             1     0     3333ff000004
2    em1             1     0     3333ff000005
2    em1             1     0     3333ff000006
2    em1             1     0     3333ff000007
2    em1             1     0     3333ff000009
2    em1             1     0     3333ff00000a
2    em1             1     0     3333ff00000b
2    em1             1     0     3333ff00000c
2    em1             1     0     3333ff00000d
2    em1             1     0     3333ff00000e
2    em1             1     0     3333ff00000f
2    em1             1     0     3333ff000012
2    em1             1     0     3333ff000013
2    em1             1     0     3333ff000014
2    em1             1     0     3333ff000015
2    em1             1     0     3333ff000016
2    em1             1     0     3333ff000017
2    em1             1     0     3333ff000018
2    em1             1     0     3333ff000019
2    em1             1     0     3333ff00001a
2    em1             1     0     3333ffefcafe
2    em1             1     0     01005e7ffffa


Again, to the ethernet card, it’s just another MAC address it listens for. It doesn’t care multicast, unicast, broadcast. If the DST MAC Address of an arriving packet is in the list of addresses to listen to (which is the concatenation of the unicast MAC address(es), the broadcast MAC address(es), and the multicast MAC address(es) configured by the IP stack), it hands the packet up to the kernel. If not, it discards the packet.

Owen

> 
> Yours,
> 
> Alex
> 
>> but
>> "joining" on the local-link doesn't need MLD.
>> 
>> best
>> 
>> Enno
>> 
>> 
>> 
>> 
>> 
>>> 
>>> Alex
>>> 
>>> Le 23/07/2015 13:51, Ole Troan a ??crit :
>>>> Alexandru,
>>>> 
>>>> I???m afraid I couldn???t interpret your message. would someone
>>>> else be able to translate?
>>>> 
>>>> cheers, Ole
>>>> 
>>>>>> 
>>>>>> I do wonder if we should expand that exception to all
>>>>>> link-scope multicast addresses.
>>>>>> 
>>>>> 
>>>>> I would beg to disagree.
>>>>> 
>>>>> If we expand that to all link-scoped groups, may lead to
>>>>> dismantling IPv6 dependence on 33::1 - ff:ff:ff:ff:ff would be
>>>>> sufficient.
>>>>> 
>>>>> My oppinion would rather be to modify the MLD RFC to mandate
>>>>> MLD joins for all scopes.
>>>>> 
>>>>> Ethernet has primitives for joining the corresponding
>>>>> link-layer groups, and in some cases they are used. Maybe all
>>>>> should use them.
>>>>> 
>>>>>> the bridge implementors I speak to tell me that they don???t
>>>>>> have enough state to do MLD snooping for link-local scoped
>>>>>> multicast addresses anyway...
>>>>> 
>>>>> This may be dumb from my side, but why dont bridge
>>>>> implementers use link-layer multicast?  They shouldnt implement
>>>>> MLD, and not snoop it. The Hosts should send the necessary
>>>>> link-layer multicast joins (triggered by themselves sending MLD
>>>>> REPORT for these groups) to the bridge addresses.
>>>>> 
>>>>> Alex
>>>>> 
>>>>>> cheers, Ole
>>>> 
>>> 
>>> _______________________________________________ v6ops mailing list
>>> v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
>> 
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email