Re: [v6ops] Interesting problems with using IPv6

Brian E Carpenter <> Thu, 11 September 2014 01:33 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id BB9A61A0141 for <>; Wed, 10 Sep 2014 18:33:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6RBES73thDSt for <>; Wed, 10 Sep 2014 18:33:09 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 82FFE1A013B for <>; Wed, 10 Sep 2014 18:33:09 -0700 (PDT)
Received: by with SMTP id rd3so8108185pab.18 for <>; Wed, 10 Sep 2014 18:33:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=yB3ol2oTS3u/rlZDkCKTnjp0zhlJFTvzUBFaIhRp/2A=; b=PEf6D9u2PqC/GY2Oh4oLbUroNf6aCe8KxYP9qfoIuNeLM7HjgMj3uaDKsXDOl+wS4w ET67yEo8tFsxMIj2T04kiYdQM8F7tyvc7OGqiiFvu77RSIQ5EAovIe07EQ/IOIVpGSJz D9HxTUrq+8UF5K6sBjPOVaUq1mhy/+0TPW6uphBDmkFn5ECklm80i2MMwHvFzws/ZcUR Wn6sB2iSNuTB2uD/oLM+tC8aQCXf0VHwGRg5OGLZdaxTdiq7TvwU5lclMtALksTKf1eM FYVelnlXyejvDsysSqL8zr+DMH/YDVAqZlviHVOcq4xvTAapfIk/drP9jSehHeJwVPD5 /U8w==
X-Received: by with SMTP id q12mr1558251pdn.5.1410399189177; Wed, 10 Sep 2014 18:33:09 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id wh10sm16547734pac.20.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 10 Sep 2014 18:33:08 -0700 (PDT)
Message-ID: <>
Date: Thu, 11 Sep 2014 13:33:15 +1200
From: Brian E Carpenter <>
Organization: University of Auckland
User-Agent: Thunderbird (Windows/20070728)
MIME-Version: 1.0
To: Brian Haberman <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [v6ops] Interesting problems with using IPv6
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 11 Sep 2014 01:33:10 -0000

On 11/09/2014 00:26, Brian Haberman wrote:
> Hi Andrew,
> On 9/10/14 6:18 AM, Andrew 👽  Yourtchenko wrote:
>> On 9/10/14, Brian E Carpenter <> wrote:
>>> On 10/09/2014 12:47, Fernando Gont wrote:
>>>> On 09/09/2014 05:40 PM, Brian E Carpenter wrote:
>>>>>>> Then, let me change the question: Why do I need MLD for *this*?
>>>>> I think Brian Haberman's reply shows why that is the wrong question.
>>>>> You need MLD for every multicast group, including a solicited-node
>>>>> group, and if you insist on MLD snooping in the bridges (let's not
>>>>> obfuscate by calling them switches) then you need to snoop every
>>>>> solicited-node group.
>>>>> My question is orthogonal to MLD snooping: why do we require
>>>>> router-alert
>>>>> for MLD messages referring to a solicited-node group, since it by
>>>>> definition is limited to a single L2 link (even if that link is
>>>>> split up by bridges)?
>>>> .. to avoid them being a special case?  -- i.e., all MLD packets carry a
>>>> Router Alert option.
>>> Yes, it would be an exception. But we know that HbH options in general
>>> and Router Alert in particular are a serious performance issue, and
>>> that all links carry this particular kind of MLD traffic, so an
>>> exception seems like something to be discussed.
>> How does this interact with the case where a "pure L2" switch within
>> the link would want to snoop MLD ? Presumably, today the L2 switch
>> would see the "router alert" and know that it needs to process this
>> traffic.
>> If this were to be removed, then it would be much trickier to direct
>> the traffic to the slow path in that scenario, wouldn't it ?
> I think that depends.  As I mentioned in an earlier e-mail, some routers
> simply use the IPv4 Protocol field or the IPv6 Next Header field to see
> if they need to process the packet.  It is unclear (to me) how many
> implementations still use the Router Alert to determine if the packet
> needs local processing.  Maybe some vendors could chime in?

I have the impression that many boxes will look at *any* ICMPv6
packet, because in their firewall role they filter ICMPv6.
In that case the Router Alert is certainly redundant. However,
we do need vendor feedback, as you say.

   Brian C