Thus spake Scott Weeks (sur...@mauigateway.com) on Sun, Sep 07, 2014 at 12:17:18PM -0700: > --- fergdawgs...@mykolab.com wrote: > From: Paul Ferguson <fergdawgs...@mykolab.com> > > There's been a lot of on-and-off discussion about v6, > especially about security and operational concerns > about some aspects of IPv6 deployment, specifically > regarding neighbor discovery (although there are other > operational security concerns, as well). > > I'd like to provide this as an example of those > concerns, without any additional commentary. :-) > > See also: > > http://www.ietf.org/mail-archive/web/ietf/current/msg89517.html > -------------------------------------------------- > > > I read the article and Tim Warnock on ipv6.org.au gave > a pretty good and very brief summary. Pasted here for > those that don't have time to read it. :-) > > "large L2 domain + ipv6 windows privacy extensions + some > intel card bug + some mention of igmp snooping = multicast > flood w/ high switch/router cpu..."
This is well known. see: draft-pashby-magma-simplify-mld-snooping-01 About 4-5 years ago there was CSCtl51859. Vendor implementations that treat v6 neighbor discovery like it's IGMPv2 are doomed to fail. Dale