AMT/vPro MLD storms?
Phil Mayers
p.mayers at imperial.ac.uk
Thu Feb 6 13:21:27 CET 2014
All,
In the last week or so, we've started to see a problem on newer PCs with
the Intel AMT/vPro (a kind of inline out-of-band management controller,
for those unfamiliar with it) which now "supports" IPv6... after a fashion.
The specific issues is that under certain as-yet unidentified
conditions, two such machines which are asleep will start to emit MLD
packets at a high rate - >1kpps. This eats a lot of CPU on the attached
router (and can't be great for everything else, either).
The MLD packets must of course be coming from the AMT/vPro stack which
shares the system MAC address (an unwise design decision IMO) and sort
of shares it's IP stack. We've confirmed this by looking at the port
speed, which is 10meg when the machine is asleep (versus 1gig when awake).
It seems that the AMT controllers "goad" each other into emitting the
packets - if you take one offline, the other stops.
The MLD packets are of the form:
2c:44:fd:xx:xx:xx > 33:33:00:01:00:03, ethertype IPv6 (0x86dd), length
86: fe80::2e44:fdff:fexx:xxxx > ff02::1:3: HBH ICMP6, multicast listener
reportmax resp delay: 0 addr: ff02::1:3, length 24
...and alternate from each machine; as above, as if each machine is
induced to emit an MLD packet by seeing the other do it.
Note the v6 LL IP is a mutated form of EUI-64 (locally-assigned bit
toggled?)
Has anyone seen anything like this?
Cheers,
Phil
More information about the ipv6-ops
mailing list