Thus spake Scott Weeks (surfer@mauigateway.com) on Sun, Sep 07, 2014 at 12:17:18PM -0700:
--- fergdawgster@mykolab.com wrote: From: Paul Ferguson <fergdawgster@mykolab.com>
There's been a lot of on-and-off discussion about v6, especially about security and operational concerns about some aspects of IPv6 deployment, specifically regarding neighbor discovery (although there are other operational security concerns, as well).
I'd like to provide this as an example of those concerns, without any additional commentary. :-)
See also:
http://www.ietf.org/mail-archive/web/ietf/current/msg89517.html --------------------------------------------------
I read the article and Tim Warnock on ipv6.org.au gave a pretty good and very brief summary. Pasted here for those that don't have time to read it. :-)
"large L2 domain + ipv6 windows privacy extensions + some intel card bug + some mention of igmp snooping = multicast flood w/ high switch/router cpu..."
This is well known. see: draft-pashby-magma-simplify-mld-snooping-01 About 4-5 years ago there was CSCtl51859. Vendor implementations that treat v6 neighbor discovery like it's IGMPv2 are doomed to fail. Dale