Re: [v6ops] Interesting problems with using IPv6

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 11 September 2014 01:33 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB9A61A0141 for <v6ops@ietfa.amsl.com>; Wed, 10 Sep 2014 18:33:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6RBES73thDSt for <v6ops@ietfa.amsl.com>; Wed, 10 Sep 2014 18:33:09 -0700 (PDT)
Received: from mail-pa0-x22d.google.com (mail-pa0-x22d.google.com [IPv6:2607:f8b0:400e:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82FFE1A013B for <v6ops@ietf.org>; Wed, 10 Sep 2014 18:33:09 -0700 (PDT)
Received: by mail-pa0-f45.google.com with SMTP id rd3so8108185pab.18 for <v6ops@ietf.org>; Wed, 10 Sep 2014 18:33:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=yB3ol2oTS3u/rlZDkCKTnjp0zhlJFTvzUBFaIhRp/2A=; b=PEf6D9u2PqC/GY2Oh4oLbUroNf6aCe8KxYP9qfoIuNeLM7HjgMj3uaDKsXDOl+wS4w ET67yEo8tFsxMIj2T04kiYdQM8F7tyvc7OGqiiFvu77RSIQ5EAovIe07EQ/IOIVpGSJz D9HxTUrq+8UF5K6sBjPOVaUq1mhy/+0TPW6uphBDmkFn5ECklm80i2MMwHvFzws/ZcUR Wn6sB2iSNuTB2uD/oLM+tC8aQCXf0VHwGRg5OGLZdaxTdiq7TvwU5lclMtALksTKf1eM FYVelnlXyejvDsysSqL8zr+DMH/YDVAqZlviHVOcq4xvTAapfIk/drP9jSehHeJwVPD5 /U8w==
X-Received: by 10.70.49.12 with SMTP id q12mr1558251pdn.5.1410399189177; Wed, 10 Sep 2014 18:33:09 -0700 (PDT)
Received: from [192.168.178.23] (4.195.69.111.dynamic.snap.net.nz. [111.69.195.4]) by mx.google.com with ESMTPSA id wh10sm16547734pac.20.2014.09.10.18.33.06 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 10 Sep 2014 18:33:08 -0700 (PDT)
Message-ID: <5410FBDB.1070507@gmail.com>
Date: Thu, 11 Sep 2014 13:33:15 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Brian Haberman <brian@innovationslab.net>
References: <1410082125488.85722@surrey.ac.uk> <540CB702.3000605@gmail.com> <20140908183339.GB98785@ricotta.doit.wisc.edu> <540E26D9.3070907@gmail.com> <540E7DC3.8060408@gont.com.ar> <540EAA55.7000207@gmail.com> <540F0BCF.1060905@gont.com.ar> <540F3432.5030702@innovationslab.net> <540F65C4.7050503@gmail.com> <540F9FA9.3070300@si6networks.com> <540FB46F.2010200@gmail.com> <CAPi140MmfaqG9kFNTdAi=RhH8YJDV2OVXYvi4FgxvkD_mEQx=Q@mail.gmail.com> <5410437E.2070208@innovationslab.net>
In-Reply-To: <5410437E.2070208@innovationslab.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/zE0MUGyqVFmZAIVqpmnbixykN8M
Cc: v6ops@ietf.org
Subject: Re: [v6ops] Interesting problems with using IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Sep 2014 01:33:10 -0000

On 11/09/2014 00:26, Brian Haberman wrote:
> Hi Andrew,
> 
> On 9/10/14 6:18 AM, Andrew 👽  Yourtchenko wrote:
>> On 9/10/14, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>> On 10/09/2014 12:47, Fernando Gont wrote:
>>>> On 09/09/2014 05:40 PM, Brian E Carpenter wrote:
>>>>>>> Then, let me change the question: Why do I need MLD for *this*?
>>>>> I think Brian Haberman's reply shows why that is the wrong question.
>>>>> You need MLD for every multicast group, including a solicited-node
>>>>> group, and if you insist on MLD snooping in the bridges (let's not
>>>>> obfuscate by calling them switches) then you need to snoop every
>>>>> solicited-node group.
>>>>>
>>>>> My question is orthogonal to MLD snooping: why do we require
>>>>> router-alert
>>>>> for MLD messages referring to a solicited-node group, since it by
>>>>> definition is limited to a single L2 link (even if that link is
>>>>> split up by bridges)?
>>>> .. to avoid them being a special case?  -- i.e., all MLD packets carry a
>>>> Router Alert option.
>>> Yes, it would be an exception. But we know that HbH options in general
>>> and Router Alert in particular are a serious performance issue, and
>>> that all links carry this particular kind of MLD traffic, so an
>>> exception seems like something to be discussed.
>> How does this interact with the case where a "pure L2" switch within
>> the link would want to snoop MLD ? Presumably, today the L2 switch
>> would see the "router alert" and know that it needs to process this
>> traffic.
>>
>> If this were to be removed, then it would be much trickier to direct
>> the traffic to the slow path in that scenario, wouldn't it ?
> 
> I think that depends.  As I mentioned in an earlier e-mail, some routers
> simply use the IPv4 Protocol field or the IPv6 Next Header field to see
> if they need to process the packet.  It is unclear (to me) how many
> implementations still use the Router Alert to determine if the packet
> needs local processing.  Maybe some vendors could chime in?

I have the impression that many boxes will look at *any* ICMPv6
packet, because in their firewall role they filter ICMPv6.
In that case the Router Alert is certainly redundant. However,
we do need vendor feedback, as you say.

   Brian C