Too-frequent change of privacy address / ND monitoring
Phil Mayers
p.mayers at imperial.ac.uk
Wed Mar 27 12:45:12 CET 2013
On 27/03/13 11:22, Tim Chown wrote:
>> From my experience: I don't know about firewalls, but loss of
>> multicast RAs sometimes is coaused by buggy implementations of
>> igmp-snooping or mld-snooping on Ethernet switches. I have encountered
>> some switches where igmp-sooping blocked all L2 multicasts with
>> destination 33:33:xx:xx:xx:xx.
>>
>> More recently, I have found switches where mld-snooping blocks all
>> IPv6 multicasts directed to ff02::1. I presume that the implementors
>> did not know that mld-registers are not required for that particular
>> group. As a turn-around, I had to enable explicitly group ff02::1 on
>> all ports via manual configuration.
>
> Or quirky 'first hop security' implementations.
Ha, chance would be a fine thing... our L2 vendor is quite literally
blind to the value of this (or simply incapable of implementing it; who
knows)
More information about the ipv6-ops
mailing list