On Tue, 2013-02-12 at 13:49 -0500, Brandon Ross wrote:
MLD Snooping and IPv6 ACLs are a must.
MLD Snooping only seems important to me if you are actually going to do multicast outside of the local broadcast domain
MLD snooping allows the switch to send multicast traffic only to those listeners wanting to receive it. Witout MLD snooping, the switch floods multicast to all ports. May be a security issue, is definitely a traffic issue, though in a small network, it may make no difference. For example, multicast is used by ND, the IPv6 equivalent of ARP. MLD snooping means only a few hosts (typically only one, in fact) in the subnet see any given ND request. Without MLD snooping, every port in the subnet sees it. Or DHCPv6 - without MLD snooping, every port sees all client traffic for all DHCP requests; with MLD snooping only the routers/relays in the subnet see it. "See" with MLD snooping means "see it at all", not "see and ignore it" as in the broadcast world. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@biplane.com.au) http://www.biplane.com.au/kauer http://www.biplane.com.au/blog GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017