Re: Fwd: Interesting problems with using IPv6

["Dale W. Carder" <dwcarder () wisc edu>]

Thus spake Scott Weeks (surfer () mauigateway com) on Sun, Sep 07, 2014 at 12:17:18PM -0700:
> --- fergdawgster () mykolab com wrote:
> From: Paul Ferguson <fergdawgster () mykolab com>
>
> There's been a lot of on-and-off discussion about v6, 
> especially about security and operational concerns 
> about some aspects of IPv6 deployment, specifically 
> regarding neighbor discovery (although there are other 
> operational security concerns, as well).
>
> I'd like to provide this as an example of those 
> concerns, without any additional commentary. :-)
>
> See also:
>
> http://www.ietf.org/mail-archive/web/ietf/current/msg89517.html
> --------------------------------------------------
>
>
> I read the article and Tim Warnock on ipv6.org.au gave 
> a pretty good and very brief summary.  Pasted here for
> those that don't have time to read it.  :-)
>
> "large L2 domain + ipv6 windows privacy extensions + some 
> intel card bug + some mention of igmp snooping = multicast 
> flood w/ high switch/router cpu..."


This is well known. see: draft-pashby-magma-simplify-mld-snooping-01

About 4-5 years ago there was CSCtl51859.

Vendor implementations that treat v6 neighbor discovery like it's IGMPv2
are doomed to fail.

Dale