Re: [v6ops] Interesting problems with using IPv6

Brian Haberman <brian@innovationslab.net> Wed, 10 September 2014 12:26 UTC

Return-Path: <brian@innovationslab.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70A541A0039 for <v6ops@ietfa.amsl.com>; Wed, 10 Sep 2014 05:26:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id juvUGCpaoY_v for <v6ops@ietfa.amsl.com>; Wed, 10 Sep 2014 05:26:38 -0700 (PDT)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51D321A002B for <v6ops@ietf.org>; Wed, 10 Sep 2014 05:26:38 -0700 (PDT)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id 2F933880F7 for <v6ops@ietf.org>; Wed, 10 Sep 2014 05:26:38 -0700 (PDT)
Received: from 102529956.rude2.ra.johnshopkins.edu (addr16212925014.ippl.jhmi.edu [162.129.250.14]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id E8CBF71B0001 for <v6ops@ietf.org>; Wed, 10 Sep 2014 05:26:37 -0700 (PDT)
Message-ID: <5410437E.2070208@innovationslab.net>
Date: Wed, 10 Sep 2014 08:26:38 -0400
From: Brian Haberman <brian@innovationslab.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: v6ops@ietf.org
References: <1410082125488.85722@surrey.ac.uk> <540CB702.3000605@gmail.com> <20140908183339.GB98785@ricotta.doit.wisc.edu> <540E26D9.3070907@gmail.com> <540E7DC3.8060408@gont.com.ar> <540EAA55.7000207@gmail.com> <540F0BCF.1060905@gont.com.ar> <540F3432.5030702@innovationslab.net> <540F65C4.7050503@gmail.com> <540F9FA9.3070300@si6networks.com> <540FB46F.2010200@gmail.com> <CAPi140MmfaqG9kFNTdAi=RhH8YJDV2OVXYvi4FgxvkD_mEQx=Q@mail.gmail.com>
In-Reply-To: <CAPi140MmfaqG9kFNTdAi=RhH8YJDV2OVXYvi4FgxvkD_mEQx=Q@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="4mhBApJCuU08wgW492FLRUeq2s2tQJVno"
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/myCd4iXUp3T9UB1Fa3aRrBpPFW0
Subject: Re: [v6ops] Interesting problems with using IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Sep 2014 12:26:39 -0000

Hi Andrew,

On 9/10/14 6:18 AM, Andrew 👽  Yourtchenko wrote:
> On 9/10/14, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>> On 10/09/2014 12:47, Fernando Gont wrote:
>>> On 09/09/2014 05:40 PM, Brian E Carpenter wrote:
>>>>>> Then, let me change the question: Why do I need MLD for *this*?
>>>> I think Brian Haberman's reply shows why that is the wrong question.
>>>> You need MLD for every multicast group, including a solicited-node
>>>> group, and if you insist on MLD snooping in the bridges (let's not
>>>> obfuscate by calling them switches) then you need to snoop every
>>>> solicited-node group.
>>>>
>>>> My question is orthogonal to MLD snooping: why do we require
>>>> router-alert
>>>> for MLD messages referring to a solicited-node group, since it by
>>>> definition is limited to a single L2 link (even if that link is
>>>> split up by bridges)?
>>>
>>> .. to avoid them being a special case?  -- i.e., all MLD packets carry a
>>> Router Alert option.
>>
>> Yes, it would be an exception. But we know that HbH options in general
>> and Router Alert in particular are a serious performance issue, and
>> that all links carry this particular kind of MLD traffic, so an
>> exception seems like something to be discussed.
> 
> How does this interact with the case where a "pure L2" switch within
> the link would want to snoop MLD ? Presumably, today the L2 switch
> would see the "router alert" and know that it needs to process this
> traffic.
> 
> If this were to be removed, then it would be much trickier to direct
> the traffic to the slow path in that scenario, wouldn't it ?

I think that depends.  As I mentioned in an earlier e-mail, some routers
simply use the IPv4 Protocol field or the IPv6 Next Header field to see
if they need to process the packet.  It is unclear (to me) how many
implementations still use the Router Alert to determine if the packet
needs local processing.  Maybe some vendors could chime in?

Regards,
Brian