On (2014-01-19 08:08 +0400), Mukom Akong T. wrote:
How prevalent is this problem? There might be not point fixing a problem with a 0.2% probability of occurring, especially as it might be cheaper to detect and fix the errors at the application layer.
I have no data on prevalency. But just this week we caught issue where ingress PE was mangling packets on IP2MPLS encap and calculating correct FCS on the mangled frame. All egress PE routers logged IP checksum error, it was very rare, maybe 1 per 30min on average. If it was IPv6, no error would have been logged, and customers would receive their share of these, <1 per month per customer, for sure, we would have never have found this issue in IPv6 network.
Could you please explain how broadcast is better than solicited node multicast. In any case we aren't getting round that for now and it is deeply imbedded in NDP. I am interested in your negative experiences with solicited node multicasts.
It requires group state in switches, potentially 16M groups, switches typically support few thousands and only populate them in SW (but forward on HW once built). Several attack vectors there.
Just because you can have 2^64 possible hosts on a LAN still doesn't mean we through principles of good LAN design out the door. :-) So I'd say it's rather the fault of shoddy network design rather than address policy.
Nick covered this, thanks. -- ++ytti