Home page logo
/

nanog logo nanog mailing list archives

Re: IPV6 in enterprise best practices/white papaers
From: Jussi Peltola <pelzi () pelzi net>
Date: Wed, 30 Jan 2013 06:41:12 +0200

On Tue, Jan 29, 2013 at 09:07:57PM +1100, Karl Auer wrote:
Also, if a switch does not do MLD snooping, it will flood multicast to
all ports. You lose one of the major benefits of IPv6 multicast - less
admin traffic.

You need to spec new switches with IPv6 capability.
 
NDP multicast has scaling issues, and I'd not be surprised if switches
will soon stop learning it and flood all NDP multicasts to save space
for the users' higher-traffic multicast groups.

This is very reasonable, because end-host Ethernet chipsets have been
discarding useless frames since the beginning. Even unicast frames were
flooded in the times of coax and hubs; ethernet chipsets will drop
disinteresting frames on the floor.

The problem with ARP and other broadcasts was that they were never
dropped by any ethernet chipset, because there was no way for it to know
if it is interesting. NDP multicast addresses, on the other hand, allow
for the device to program only the multicast MACs it is interested about
in the ethernet chipset, so the CPU will never see the useless packets.

This is a very good compromise for most cases; you haul some useless
packets, but they are dropped by the ethernet chipset, so even the most
measly print server or internet controlled coffee maker CPU will not be
unduly burdened. You will also not need to burden your network with
multicast groups (=state) to save hauling a few useless packets around.

* * *

There are some cases where it actually is expensive to flood ARP/NDP
requests, like 802.11 WLANs where bandwidth can be limited and
multicast/broadcast is implemented by transmitting at a very low bitrate
to hope everyone can hear it, taking up airtime on access points,
instead of transmitting at high rates with an ACK mechanism like unicast
frames. (*)

If the WLAN implements MLD snooping, an NDP broadcast is unlikely to be
listened to by more than one host; a smart AP could deliver it like a
unicast frame at a high rate to said single client. The other APs in the
same L2 network can drop the frame on the floor altogether, or never see
it if the wired network has MLD snooping. But even in this case it
scales better to have access points throw away a small amount of frames
than have the whole wired switch network learn a large amount of
multicast groups that churn each time the client roams to a new AP.



* I am aware this is a simplification, and many modern WLANs are
smarter than this; many also do proxy ARP to eliminate the problem with
flooded ARP broadcasts altogether.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]