draft-ietf-ipv6-rfc2462bis-02.txt   draft-ietf-ipv6-rfc2462bis-03.txt 
IETF IPv6 Working Group S. Thomson IETF IPv6 Working Group S. Thomson
Internet-Draft Cisco Internet-Draft Cisco
Expires: December 16, 2004 T. Narten Expires: January 17, 2005 T. Narten
IBM IBM
T. Jinmei T. Jinmei
Toshiba Toshiba
June 17, 2004 July 19, 2004
IPv6 Stateless Address Autoconfiguration IPv6 Stateless Address Autoconfiguration
draft-ietf-ipv6-rfc2462bis-02.txt draft-ietf-ipv6-rfc2462bis-03.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with By submitting this Internet-Draft, I certify that any applicable
all provisions of Section 10 of RFC2026. patent or other IPR claims of which I am aware have been disclosed,
or will be disclosed, and any of which I become aware will be
disclosed, in accordance with RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that
groups may also distribute working documents as Internet-Drafts. other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at
www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 16, 2004. This Internet-Draft will expire on January 17, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract Abstract
This document specifies the steps a host takes in deciding how to This document specifies the steps a host takes in deciding how to
autoconfigure its interfaces in IP version 6. The autoconfiguration autoconfigure its interfaces in IP version 6. The autoconfiguration
process includes creating a link-local address and verifying its process includes creating a link-local address and verifying its
uniqueness on a link, determining what information can be uniqueness on a link, determining what information can be
autoconfigured (addresses, other information, or both), and in the autoconfigured (addresses, other information, or both), and in the
case of addresses, whether they can be obtained through the stateless case of addresses, whether they can be obtained through the stateless
mechanism, the stateful mechanism, or both. This document defines the mechanism, the stateful mechanism, or both. This document defines
process for generating a link-local address, the process for the process for generating a link-local address, the process for
generating global addresses via stateless address autoconfiguration, generating global addresses via stateless address autoconfiguration,
and the Duplicate Address Detection procedure. The details of and the Duplicate Address Detection procedure. The details of
autoconfiguration using the stateful protocol is specified in RFC autoconfiguration using the stateful protocol is specified in RFC
3315 and RFC 3736. 3315 and RFC 3736.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. TERMINOLOGY . . . . . . . . . . . . . . . . . . . . . . . . 5 2. TERMINOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1 Requirements . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1 Requirements . . . . . . . . . . . . . . . . . . . . . . . 7
3. DESIGN GOALS . . . . . . . . . . . . . . . . . . . . . . . . 7 3. DESIGN GOALS . . . . . . . . . . . . . . . . . . . . . . . . . 7
4. PROTOCOL OVERVIEW . . . . . . . . . . . . . . . . . . . . . 8 4. PROTOCOL OVERVIEW . . . . . . . . . . . . . . . . . . . . . . 8
4.1 Site Renumbering . . . . . . . . . . . . . . . . . . . . . . 10 4.1 Site Renumbering . . . . . . . . . . . . . . . . . . . . . 10
5. PROTOCOL SPECIFICATION . . . . . . . . . . . . . . . . . . . 11 5. PROTOCOL SPECIFICATION . . . . . . . . . . . . . . . . . . . . 11
5.1 Node Configuration Variables . . . . . . . . . . . . . . . . 11 5.1 Node Configuration Variables . . . . . . . . . . . . . . . 11
5.2 Autoconfiguration-Related Structures . . . . . . . . . . . . 12 5.2 Autoconfiguration-Related Structures . . . . . . . . . . . 12
5.3 Creation of Link-Local Addresses . . . . . . . . . . . . . . 12 5.3 Creation of Link-Local Addresses . . . . . . . . . . . . . 12
5.4 Duplicate Address Detection . . . . . . . . . . . . . . . . 13 5.4 Duplicate Address Detection . . . . . . . . . . . . . . . 13
5.4.1 Message Validation . . . . . . . . . . . . . . . . . . . . . 14 5.4.1 Message Validation . . . . . . . . . . . . . . . . . . 14
5.4.2 Sending Neighbor Solicitation Messages . . . . . . . . . . . 14 5.4.2 Sending Neighbor Solicitation Messages . . . . . . . . 14
5.4.3 Receiving Neighbor Solicitation Messages . . . . . . . . . . 15 5.4.3 Receiving Neighbor Solicitation Messages . . . . . . . 16
5.4.4 Receiving Neighbor Advertisement Messages . . . . . . . . . 16 5.4.4 Receiving Neighbor Advertisement Messages . . . . . . 17
5.4.5 When Duplicate Address Detection Fails . . . . . . . . . . . 17 5.4.5 When Duplicate Address Detection Fails . . . . . . . . 17
5.5 Creation of Global Addresses . . . . . . . . . . . . . . . . 17 5.5 Creation of Global Addresses . . . . . . . . . . . . . . . 17
5.5.1 Soliciting Router Advertisements . . . . . . . . . . . . . . 17 5.5.1 Soliciting Router Advertisements . . . . . . . . . . . 18
5.5.2 Absence of Router Advertisements . . . . . . . . . . . . . . 17 5.5.2 Absence of Router Advertisements . . . . . . . . . . . 18
5.5.3 Router Advertisement Processing . . . . . . . . . . . . . . 18 5.5.3 Router Advertisement Processing . . . . . . . . . . . 18
5.5.4 Address Lifetime Expiry . . . . . . . . . . . . . . . . . . 20 5.5.4 Address Lifetime Expiry . . . . . . . . . . . . . . . 20
5.6 Configuration Consistency . . . . . . . . . . . . . . . . . 21 5.6 Configuration Consistency . . . . . . . . . . . . . . . . 21
5.7 Retaining Configured Addresses for Stability . . . . . . . . 21 5.7 Retaining Configured Addresses for Stability . . . . . . . 22
6. SECURITY CONSIDERATIONS . . . . . . . . . . . . . . . . . . 21 6. SECURITY CONSIDERATIONS . . . . . . . . . . . . . . . . . . . 22
7. IANA CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . 22 7. IANA CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . 22
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 22
Normative References . . . . . . . . . . . . . . . . . . . . 22 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Informative References . . . . . . . . . . . . . . . . . . . 23 9.1 Normative References . . . . . . . . . . . . . . . . . . . . 23
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 23 9.2 Informative References . . . . . . . . . . . . . . . . . . . 23
A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION . . . . . 24 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 24
B. CHANGES SINCE RFC 1971 . . . . . . . . . . . . . . . . . . . 25 A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION . . . . . . 25
C. CHANGE HISTORY . . . . . . . . . . . . . . . . . . . . . . . 26 B. CHANGES SINCE RFC 1971 . . . . . . . . . . . . . . . . . . . . 26
Intellectual Property and Copyright Statements . . . . . . . 29 C. CHANGE HISTORY . . . . . . . . . . . . . . . . . . . . . . . . 26
Intellectual Property and Copyright Statements . . . . . . . . 29
1. Introduction 1. INTRODUCTION
This document specifies the steps a host takes in deciding how to This document specifies the steps a host takes in deciding how to
autoconfigure its interfaces in IP version 6. The autoconfiguration autoconfigure its interfaces in IP version 6 (IPv6). The
process includes creating a link-local address and verifying its autoconfiguration process includes creating a link-local address and
uniqueness on a link, determining what information can be verifying its uniqueness on a link, determining what information can
autoconfigured (addresses, other information, or both), and in the be autoconfigured (addresses, other information, or both), and in the
case of addresses, whether they can be obtained through the stateless case of addresses, whether they can be obtained through the stateless
mechanism, the stateful mechanism, or both. This document defines the mechanism, the stateful mechanism, or both. This document defines
process for generating a link-local address, the process for the process for generating a link-local address, the process for
generating global addresses via stateless address autoconfiguration, generating global addresses via stateless address autoconfiguration,
and the Duplicate Address Detection procedure. The details of and the Duplicate Address Detection procedure. The details of
autoconfiguration using the stateful protocol is specified in RFC autoconfiguration using the stateful protocol is specified in
3315 [6] and RFC 3736 [7]. [RFC3315] and [RFC3736].
IPv6 defines both a stateful and stateless address autoconfiguration IPv6 defines both a stateful and stateless address autoconfiguration
mechanism. Stateless autoconfiguration requires no manual mechanism. Stateless autoconfiguration requires no manual
configuration of hosts, minimal (if any) configuration of routers, configuration of hosts, minimal (if any) configuration of routers,
and no additional servers. The stateless mechanism allows a host to and no additional servers. The stateless mechanism allows a host to
generate its own addresses using a combination of locally available generate its own addresses using a combination of locally available
information and information advertised by routers. Routers advertise information and information advertised by routers. Routers advertise
prefixes that identify the subnet(s) associated with a link, while prefixes that identify the subnet(s) associated with a link, while
hosts generate an "interface identifier" that uniquely identifies an hosts generate an "interface identifier" that uniquely identifies an
interface on a subnet. An address is formed by combining the two. In interface on a subnet. An address is formed by combining the two.
the absence of routers, a host can only generate link-local In the absence of routers, a host can only generate link-local
addresses. However, link-local addresses are sufficient for allowing addresses. However, link-local addresses are sufficient for allowing
communication among nodes attached to the same link. communication among nodes attached to the same link.
In the stateful autoconfiguration model, hosts obtain interface In the stateful autoconfiguration model, hosts obtain interface
addresses and/or configuration information and parameters from a addresses and/or configuration information and parameters from a
DHCPv6 server. Servers maintain a database that keeps track of which Dynamic Host Configuration Protocol (DHCPv6) server. Servers
addresses have been assigned to which hosts. The stateful maintain a database that keeps track of which addresses have been
autoconfiguration protocol allows hosts to obtain addresses, other assigned to which hosts. The stateful autoconfiguration protocol
configuration information or both from a server. Stateless and allows hosts to obtain addresses, other configuration information or
stateful autoconfiguration complement each other. For example, a host both from a server. Stateless and stateful autoconfiguration
can use stateless autoconfiguration to configure its own addresses, complement each other. For example, a host can use stateless
but use stateful autoconfiguration to obtain other information. autoconfiguration to configure its own addresses, but use stateful
autoconfiguration to obtain other information.
To obtain other configuration information without configuring To obtain other configuration information without configuring
addresses in the stateful autoconfiguration model, a subset of DHCPv6 addresses in the stateful autoconfiguration model, a subset of DHCPv6
will be used [7]. While the model is called "stateful" here in order [RFC3736] will be used. While the model is called "stateful" here in
to highlight the contrast to the stateless protocol defined in this order to highlight the contrast to the stateless protocol defined in
document, the intended protocol is also defined to work in a this document, the intended protocol is also defined to work in a
stateless fashion. This is based on a result, through operational stateless fashion. This is based on a result, through operational
experiments, that all known "other" configuration information can be experiments, that all known "other" configuration information can be
managed by a stateless server, that is, a server that does not managed by a stateless server, that is, a server that does not
maintain state of each client that the server provides with the maintain state of each client that the server provides with the
configuration information. configuration information.
The stateless approach is used when a site is not particularly The stateless approach is used when a site is not particularly
concerned with the exact addresses hosts use, so long as they are concerned with the exact addresses hosts use, so long as they are
unique and properly routable. The stateful approach is used when a unique and properly routable. The stateful approach is used when a
site requires tighter control over exact address assignments. Both site requires tighter control over exact address assignments. Both
stateful and stateless address autoconfiguration may be used stateful and stateless address autoconfiguration may be used
simultaneously. The site administrator specifies which type of simultaneously. The site administrator specifies which type of
autoconfiguration is available through the setting of appropriate autoconfiguration is available through the setting of appropriate
fields in Router Advertisement messages [5]. fields in Router Advertisement messages [RFC2461].
IPv6 addresses are leased to an interface for a fixed (possibly IPv6 addresses are leased to an interface for a fixed (possibly
infinite) length of time. Each address has an associated lifetime infinite) length of time. Each address has an associated lifetime
that indicates how long the address is bound to an interface. When a that indicates how long the address is bound to an interface. When a
lifetime expires, the binding (and address) become invalid and the lifetime expires, the binding (and address) become invalid and the
address may be reassigned to another interface elsewhere in the address may be reassigned to another interface elsewhere in the
Internet. To handle the expiration of address bindings gracefully, an Internet. To handle the expiration of address bindings gracefully,
address goes through two distinct phases while assigned to an an address goes through two distinct phases while assigned to an
interface. Initially, an address is "preferred", meaning that its use interface. Initially, an address is "preferred", meaning that its
in arbitrary communication is unrestricted. Later, an address becomes use in arbitrary communication is unrestricted. Later, an address
"deprecated" in anticipation that its current interface binding will becomes "deprecated" in anticipation that its current interface
become invalid. While in a deprecated state, the use of an address is binding will become invalid. While in a deprecated state, the use of
discouraged, but not strictly forbidden. New communication (e.g., an address is discouraged, but not strictly forbidden. New
the opening of a new TCP connection) should use a preferred address communication (e.g., the opening of a new TCP connection) should use
when possible. A deprecated address should be used only by a preferred address when possible. A deprecated address should be
applications that have been using it and would have difficulty used only by applications that have been using it and would have
switching to another address without a service disruption. difficulty switching to another address without a service disruption.
To ensure that all configured addresses are likely to be unique on a To ensure that all configured addresses are likely to be unique on a
given link, nodes run a "duplicate address detection" algorithm on given link, nodes run a "duplicate address detection" algorithm on
addresses before assigning them to an interface. The Duplicate addresses before assigning them to an interface. The Duplicate
Address Detection algorithm is performed on all addresses, Address Detection algorithm is performed on all addresses,
independent of whether they are obtained via stateless or stateful independent of whether they are obtained via stateless or stateful
autoconfiguration. This document defines the Duplicate Address autoconfiguration. This document defines the Duplicate Address
Detection algorithm. Detection algorithm.
The autoconfiguration process specified in this document applies only The autoconfiguration process specified in this document applies only
skipping to change at page 5, line 36 skipping to change at page 5, line 37
Frame Relay, or ATM networks; and internet (or higher) layer Frame Relay, or ATM networks; and internet (or higher) layer
"tunnels", such as tunnels over IPv4 or IPv6 itself. "tunnels", such as tunnels over IPv4 or IPv6 itself.
interface - a node's attachment to a link. interface - a node's attachment to a link.
packet - an IP header plus payload. packet - an IP header plus payload.
address - an IP-layer identifier for an interface or a set of address - an IP-layer identifier for an interface or a set of
interfaces. interfaces.
unicast address - an identifier for a single interface. A packet sent unicast address - an identifier for a single interface. A packet
to a unicast address is delivered to the interface identified by sent to a unicast address is delivered to the interface identified
that address. by that address.
multicast address - an identifier for a set of interfaces (typically multicast address - an identifier for a set of interfaces (typically
belonging to different nodes). A packet sent to a multicast belonging to different nodes). A packet sent to a multicast
address is delivered to all interfaces identified by that address. address is delivered to all interfaces identified by that address.
anycast address - an identifier for a set of interfaces (typically anycast address - an identifier for a set of interfaces (typically
belonging to different nodes). A packet sent to an anycast belonging to different nodes). A packet sent to an anycast
address is delivered to one of the interfaces identified by that address is delivered to one of the interfaces identified by that
address (the "nearest" one, according to the routing protocol's address (the "nearest" one, according to the routing protocol's
measure of distance). See the IPv6 addressing architecture [4]. measure of distance). See [RFC3513].
solicited-node multicast address - a multicast address to which solicited-node multicast address - a multicast address to which
Neighbor Solicitation messages are sent. The algorithm for Neighbor Solicitation messages are sent. The algorithm for
computing the address is given in RFC 2461 [5]. computing the address is given in [RFC3513].
link-layer address - a link-layer identifier for an interface. link-layer address - a link-layer identifier for an interface.
Examples include IEEE 802 addresses for Ethernet links and E.164 Examples include IEEE 802 addresses for Ethernet links and E.164
addresses for ISDN links. addresses for ISDN links.
link-local address - an address having link-only scope that can be link-local address - an address having link-only scope that can be
used to reach neighboring nodes attached to the same link. All used to reach neighboring nodes attached to the same link. All
interfaces have a link-local unicast address. interfaces have a link-local unicast address.
global address - an address with unlimited scope. global address - an address with unlimited scope.
skipping to change at page 6, line 46 skipping to change at page 7, line 5
expected. A deprecated address may continue to be used as a expected. A deprecated address may continue to be used as a
source address in communications where switching to a preferred source address in communications where switching to a preferred
address causes hardship to a specific upper-layer activity (e.g., address causes hardship to a specific upper-layer activity (e.g.,
an existing TCP connection). an existing TCP connection).
valid address - a preferred or deprecated address. A valid address valid address - a preferred or deprecated address. A valid address
may appear as the source or destination address of a packet, and may appear as the source or destination address of a packet, and
the internet routing system is expected to deliver packets sent to the internet routing system is expected to deliver packets sent to
a valid address to their intended recipients. a valid address to their intended recipients.
invalid address - an address that is not assigned to any interface. A invalid address - an address that is not assigned to any interface.
valid address becomes invalid when its valid lifetime expires. A valid address becomes invalid when its valid lifetime expires.
Invalid addresses should not appear as the destination or source Invalid addresses should not appear as the destination or source
address of a packet. In the former case, the internet routing address of a packet. In the former case, the internet routing
system will be unable to deliver the packet, in the latter case system will be unable to deliver the packet, in the latter case
the recipient of the packet will be unable to respond to it. the recipient of the packet will be unable to respond to it.
preferred lifetime - the length of time that a valid address is preferred lifetime - the length of time that a valid address is
preferred (i.e., the time until deprecation). When the preferred preferred (i.e., the time until deprecation). When the preferred
lifetime expires, the address becomes deprecated. lifetime expires, the address becomes deprecated.
valid lifetime - the length of time an address remains in the valid valid lifetime - the length of time an address remains in the valid
state (i.e., the time until invalidation). The valid lifetime must state (i.e., the time until invalidation). The valid lifetime
be greater than or equal to the preferred lifetime. When the must be greater than or equal to the preferred lifetime. When the
valid lifetime expires, the address becomes invalid. valid lifetime expires, the address becomes invalid.
interface identifier - a link-dependent identifier for an interface interface identifier - a link-dependent identifier for an interface
that is (at least) unique per link [4]. Stateless address that is (at least) unique per link [RFC3513]. Stateless address
autoconfiguration combines an interface identifier with a prefix autoconfiguration combines an interface identifier with a prefix
to form an address. From address autoconfiguration's perspective, to form an address. From address autoconfiguration's perspective,
an interface identifier is a bit string of known length. The exact an interface identifier is a bit string of known length. The
length of an interface identifier and the way it is created is exact length of an interface identifier and the way it is created
defined in a separate link-type specific document that covers is defined in a separate link-type specific document that covers
issues related to the transmission of IP over a particular link issues related to the transmission of IP over a particular link
type (e.g., IPv6 over Ethernet [2]). Note that the address type (e.g., [RFC2464]). Note that the address architecture
architecture [4] also defines the length of the interface [RFC3513] also defines the length of the interface identifiers for
identifiers for some set of addresses, but the two sets of some set of addresses, but the two sets of definitions must be
definitions must be consistent. In many cases, the identifier will consistent. In many cases, the identifier will be derived from
be derived from the interface's link-layer address. the interface's link-layer address.
2.1 Requirements 2.1 Requirements
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in RFC 2119 [3]. document, are to be interpreted as described in [RFC2119].
3. DESIGN GOALS 3. DESIGN GOALS
Stateless autoconfiguration is designed with the following goals in Stateless autoconfiguration is designed with the following goals in
mind: mind:
o Manual configuration of individual machines before connecting them o Manual configuration of individual machines before connecting them
to the network should not be required. Consequently, a mechanism to the network should not be required. Consequently, a mechanism
is needed that allows a host to obtain or create unique addresses is needed that allows a host to obtain or create unique addresses
for each of its interfaces. Address autoconfiguration assumes that for each of its interfaces. Address autoconfiguration assumes
each interface can provide a unique identifier for that interface that each interface can provide a unique identifier for that
(i.e., an "interface identifier"). In the simplest case, an interface (i.e., an "interface identifier"). In the simplest
interface identifier consists of the interface's link-layer case, an interface identifier consists of the interface's
address. An interface identifier can be combined with a prefix to link-layer address. An interface identifier can be combined with
form an address. a prefix to form an address.
o Small sites consisting of a set of machines attached to a single o Small sites consisting of a set of machines attached to a single
link should not require the presence of a stateful server or link should not require the presence of a stateful server or
router as a prerequisite for communicating. Plug-and-play router as a prerequisite for communicating. Plug-and-play
communication is achieved through the use of link-local addresses. communication is achieved through the use of link-local addresses.
Link-local addresses have a well-known prefix that identifies the Link-local addresses have a well-known prefix that identifies the
(single) shared link to which a set of nodes attach. A host forms (single) shared link to which a set of nodes attach. A host forms
a link-local address by appending its interface identifier to the a link-local address by appending its interface identifier to the
link-local prefix. link-local prefix.
o A large site with multiple networks and routers should not require o A large site with multiple networks and routers should not require
the presence of a stateful address configuration server. In order the presence of a stateful address configuration server. In order
to generate global addresses, hosts must determine the prefixes to generate global addresses, hosts must determine the prefixes
that identify the subnets to which they attach. Routers generate that identify the subnets to which they attach. Routers generate
periodic Router Advertisements that include options listing the periodic Router Advertisements that include options listing the
set of active prefixes on a link. set of active prefixes on a link.
o Address configuration should facilitate the graceful renumbering o Address configuration should facilitate the graceful renumbering
of a site's machines. For example, a site may wish to renumber all of a site's machines. For example, a site may wish to renumber
of its nodes when it switches to a new network service provider. all of its nodes when it switches to a new network service
Renumbering is achieved through the leasing of addresses to provider. Renumbering is achieved through the leasing of
interfaces and the assignment of multiple addresses to the same addresses to interfaces and the assignment of multiple addresses
interface. Lease lifetimes provide the mechanism through which a to the same interface. Lease lifetimes provide the mechanism
site phases out old prefixes. The assignment of multiple through which a site phases out old prefixes. The assignment of
addresses to an interface provides for a transition period during multiple addresses to an interface provides for a transition
which both a new address and the one being phased out work period during which both a new address and the one being phased
simultaneously. out work simultaneously.
o System administrators need the ability to specify whether o System administrators need the ability to specify whether
stateless autoconfiguration, stateful autoconfiguration, or both stateless autoconfiguration, stateful autoconfiguration, or both
are available. Router Advertisements include flags specifying are available. Router Advertisements include flags specifying
which mechanisms a host can use. which mechanisms a host can use.
4. PROTOCOL OVERVIEW 4. PROTOCOL OVERVIEW
This section provides an overview of the typical steps that take This section provides an overview of the typical steps that take
place when an interface autoconfigures itself. Autoconfiguration is place when an interface autoconfigures itself. Autoconfiguration is
skipping to change at page 9, line 33 skipping to change at page 9, line 38
The next phase of autoconfiguration involves obtaining a Router The next phase of autoconfiguration involves obtaining a Router
Advertisement or determining that no routers are present. If routers Advertisement or determining that no routers are present. If routers
are present, they will send Router Advertisements that specify what are present, they will send Router Advertisements that specify what
sort of autoconfiguration a host can do. Note that stateful sort of autoconfiguration a host can do. Note that stateful
autoconfiguration may still be available even if no routers are autoconfiguration may still be available even if no routers are
present. present.
Routers send Router Advertisements periodically, but the delay Routers send Router Advertisements periodically, but the delay
between successive advertisements will generally be longer than a between successive advertisements will generally be longer than a
host performing autoconfiguration will want to wait [5]. To obtain an host performing autoconfiguration will want to wait [RFC2461]. To
advertisement quickly, a host sends one or more Router Solicitations obtain an advertisement quickly, a host sends one or more Router
to the all-routers multicast group. Router Advertisements contain two Solicitations to the all-routers multicast group. Router
flags indicating what type of stateful autoconfiguration (if any) is Advertisements contain two flags indicating what type of stateful
available. A "managed address configuration (M)" flag indicates autoconfiguration (if any) is available. A "managed address
whether hosts can use stateful autoconfiguration [6] to obtain configuration (M)" flag indicates whether hosts can use stateful
addresses. An "other stateful configuration (O)" flag indicates autoconfiguration [RFC3315] to obtain addresses. An "other stateful
whether hosts can use stateful autoconfiguration [7] to obtain configuration (O)" flag indicates whether hosts can use stateful
additional information (excluding addresses). autoconfiguration [RFC3736] to obtain additional information
(excluding addresses).
The details of how a host may use the M flags, including any use of The details of how a host may use the M flag, including any use of
the "on" and "off" transitions for this flag, to control the use of the "on" and "off" transitions for this flag, to control the use of
the stateful protocol for address assignment will be described in a the stateful protocol for address assignment will be described in a
separate document. Similarly, the details of how a host may use the O separate document. Similarly, the details of how a host may use the
flags, including any use of the "on" and "off" transitions for this O flag, including any use of the "on" and "off" transitions for this
flag, to control the use of the stateful protocol for getting other flag, to control the use of the stateful protocol for getting other
configuration information will be described in a separate document. configuration information will be described in a separate document.
Router Advertisements also contain zero or more Prefix Information Router Advertisements also contain zero or more Prefix Information
options that contain information used by stateless address options that contain information used by stateless address
autoconfiguration to generate global addresses. It should be noted autoconfiguration to generate global addresses. It should be noted
that the stateless and stateful address autoconfiguration fields in that the stateless and stateful address autoconfiguration fields in
Router Advertisements are processed independently of one another, and Router Advertisements are processed independently of one another, and
a host may use both stateful and stateless address autoconfiguration a host may use both stateful and stateless address autoconfiguration
simultaneously. One Prefix Information option field, the "autonomous simultaneously. One Prefix Information option field, the "autonomous
skipping to change at page 12, line 4 skipping to change at page 12, line 10
DupAddrDetectTransmits DupAddrDetectTransmits
The number of consecutive Neighbor Solicitation messages sent The number of consecutive Neighbor Solicitation messages sent
while performing Duplicate Address Detection on a tentative while performing Duplicate Address Detection on a tentative
address. A value of zero indicates that Duplicate Address address. A value of zero indicates that Duplicate Address
Detection is not performed on tentative addresses. A value of one Detection is not performed on tentative addresses. A value of one
indicates a single transmission with no follow up retransmissions. indicates a single transmission with no follow up retransmissions.
Default: 1, but may be overridden by a link-type specific value in Default: 1, but may be overridden by a link-type specific value in
the document that covers issues related to the transmission of IP the document that covers issues related to the transmission of IP
over a particular link type (e.g., IPv6 over Ethernet [2]). over a particular link type (e.g., [RFC2464]).
Autoconfiguration also assumes the presence of the variable Autoconfiguration also assumes the presence of the variable
RetransTimer as defined in RFC 2461 [5]. For autoconfiguration RetransTimer as defined in [RFC2461]. For autoconfiguration
purposes, RetransTimer specifies the delay between consecutive purposes, RetransTimer specifies the delay between consecutive
Neighbor Solicitation transmissions performed during Duplicate Neighbor Solicitation transmissions performed during Duplicate
Address Detection (if DupAddrDetectTransmits is greater than 1), Address Detection (if DupAddrDetectTransmits is greater than 1),
as well as the time a node waits after sending the last Neighbor as well as the time a node waits after sending the last Neighbor
Solicitation before ending the Duplicate Address Detection Solicitation before ending the Duplicate Address Detection
process. process.
5.2 Autoconfiguration-Related Structures 5.2 Autoconfiguration-Related Structures
Beyond the formation of a link-local address and using Duplicate Beyond the formation of a link-local address and using Duplicate
skipping to change at page 12, line 42 skipping to change at page 12, line 48
- The interface is reinitialized after a temporary interface failure - The interface is reinitialized after a temporary interface failure
or after being temporarily disabled by system management. or after being temporarily disabled by system management.
- The interface attaches to a link for the first time. - The interface attaches to a link for the first time.
- The interface becomes enabled by system management after having - The interface becomes enabled by system management after having
been administratively disabled. been administratively disabled.
A link-local address is formed by prepending the well-known link- A link-local address is formed by prepending the well-known link-
local prefix FE80::0 [4] (of appropriate length) to the interface local prefix FE80::0 [RFC3513] (of appropriate length not less than
identifier. If the interface identifier has a length of N bits, the 10 bits) to the interface identifier. If the interface identifier
interface identifier replaces the right-most N zero bits of the has a length of N bits, the interface identifier replaces the
link-local prefix. If the interface identifier is more than 118 bits right-most N zero bits of the link-local prefix. If the interface
in length, autoconfiguration fails and manual configuration is identifier is more than 118 bits in length, autoconfiguration fails
required. The length of the interface identifier is defined in a and manual configuration is required. The length of the interface
separate link-type specific document, which should also be consistent identifier is defined in a separate link-type specific document,
with the address architecture [4] (see Section 2). These documents which should also be consistent with the address architecture
will carefully define the length so that link-local addresses can be [RFC3513] (see Section 2). These documents will carefully define the
autoconfigured on the link. length so that link-local addresses can be autoconfigured on the
link.
A link-local address has an infinite preferred and valid lifetime; it A link-local address has an infinite preferred and valid lifetime; it
is never timed out. is never timed out.
5.4 Duplicate Address Detection 5.4 Duplicate Address Detection
Duplicate Address Detection is performed on unicast addresses prior Duplicate Address Detection is performed on unicast addresses prior
to assigning them to an interface whose DupAddrDetectTransmits to assigning them to an interface whose DupAddrDetectTransmits
variable is greater than zero. Duplicate Address Detection MUST take variable is greater than zero. Duplicate Address Detection MUST take
place on all unicast addresses, regardless of whether they are place on all unicast addresses, regardless of whether they are
obtained through stateful, stateless or manual configuration, with obtained through stateful, stateless or manual configuration, with
the exception of the following cases: the exception of the following cases:
IP - Duplicate Address Detection MUST NOT be performed on anycast - Duplicate Address Detection MUST NOT be performed on anycast
addresses. addresses.
IP - Each individual unicast address SHOULD be tested for uniqueness. - Each individual unicast address SHOULD be tested for uniqueness.
Note that there are implementations deployed that only perform Note that there are implementations deployed that only perform
Duplicate Address Detection for the link-local address and skip Duplicate Address Detection for the link-local address and skip
the test for the global address using the same interface the test for the global address using the same interface
identifier as that of the link-local address. Whereas this identifier as that of the link-local address. Whereas this
document does not invalidate such implementations, this kind of document does not invalidate such implementations, this kind of
"optimization" is NOT RECOMMENDED, and new implementations MUST "optimization" is NOT RECOMMENDED, and new implementations MUST
NOT do that optimization. This optimization came from the NOT do that optimization. This optimization came from the
assumption that all of an interface's addresses are generated from assumption that all of an interface's addresses are generated from
the same identifier. However, the assumption does actually not the same identifier. However, the assumption does actually not
stand; new types of addresses have been introduced where the stand; new types of addresses have been introduced where the
interface identifiers are not necessarily the same for all unicast interface identifiers are not necessarily the same for all unicast
addresses on a single interface [9] [10]. Requiring to perform addresses on a single interface [RFC3041][I-D.ietf-send-cga].
Duplicate Address Detection for all unicast addresses will make Requiring to perform Duplicate Address Detection for all unicast
the algorithm robust for the current and future such special addresses will make the algorithm robust for the current and
interface identifiers. future such special interface identifiers.
The procedure for detecting duplicate addresses uses Neighbor The procedure for detecting duplicate addresses uses Neighbor
Solicitation and Advertisement messages as described below. If a Solicitation and Advertisement messages as described below. If a
duplicate address is discovered during the procedure, the address duplicate address is discovered during the procedure, the address
cannot be assigned to the interface. If the address is derived from cannot be assigned to the interface. If the address is derived from
an interface identifier, a new identifier will need to be assigned to an interface identifier, a new identifier will need to be assigned to
the interface, or all IP addresses for the interface will need to be the interface, or all IP addresses for the interface will need to be
manually configured. Note that the method for detecting duplicates manually configured. Note that the method for detecting duplicates
is not completely reliable, and it is possible that duplicate is not completely reliable, and it is possible that duplicate
addresses will still exist (e.g., if the link was partitioned while addresses will still exist (e.g., if the link was partitioned while
Duplicate Address Detection was performed). Duplicate Address Detection was performed).
An address on which the Duplicate Address Detection Procedure is An address on which the Duplicate Address Detection procedure is
applied is said to be tentative until the procedure has completed applied is said to be tentative until the procedure has completed
successfully. A tentative address is not considered "assigned to an successfully. A tentative address is not considered "assigned to an
interface" in the traditional sense. That is, the interface must interface" in the traditional sense. That is, the interface must
accept Neighbor Solicitation and Advertisement messages containing accept Neighbor Solicitation and Advertisement messages containing
the tentative address in the Target Address field, but processes such the tentative address in the Target Address field, but processes such
packets differently from those whose Target Address matches an packets differently from those whose Target Address matches an
address assigned to the interface. Other packets addressed to the address assigned to the interface. Other packets addressed to the
tentative address should be silently discarded. Note that the "other tentative address should be silently discarded. Note that the "other
packets" include Neighbor Solicitation and Advertisement messages to packets" include Neighbor Solicitation and Advertisement messages
the tentative address containing the tentative address in the Target which have the tentative (i.e., unicast) address as the IP
destination address and contain the tentative address in the Target
Address field. Such a case should not happen in normal operation, Address field. Such a case should not happen in normal operation,
though, since these messages are multicasted in the Duplicate Address though, since these messages are multicasted in the Duplicate Address
Detection Procedure. Detection procedure.
It should also be noted that Duplicate Address Detection must be It should also be noted that Duplicate Address Detection must be
performed prior to assigning an address to an interface in order to performed prior to assigning an address to an interface in order to
prevent multiple nodes from using the same address simultaneously. If prevent multiple nodes from using the same address simultaneously.
a node begins using an address in parallel with Duplicate Address If a node begins using an address in parallel with Duplicate Address
Detection, and another node is already using the address, the node Detection, and another node is already using the address, the node
performing Duplicate Address Detection will erroneously process performing Duplicate Address Detection will erroneously process
traffic intended for the other node, resulting in such possible traffic intended for the other node, resulting in such possible
negative consequences as the resetting of open TCP connections. negative consequences as the resetting of open TCP connections.
The following subsections describe specific tests a node performs to The following subsections describe specific tests a node performs to
verify an address's uniqueness. An address is considered unique if verify an address's uniqueness. An address is considered unique if
none of the tests indicate the presence of a duplicate address within none of the tests indicate the presence of a duplicate address within
RetransTimer milliseconds after having sent DupAddrDetectTransmits RetransTimer milliseconds after having sent DupAddrDetectTransmits
Neighbor Solicitations. Once an address is determined to be unique, Neighbor Solicitations. Once an address is determined to be unique,
it may be assigned to an interface. it may be assigned to an interface.
5.4.1 Message Validation 5.4.1 Message Validation
A node MUST silently discard any Neighbor Solicitation or A node MUST silently discard any Neighbor Solicitation or
Advertisement message that does not pass the validity checks Advertisement message that does not pass the validity checks
specified in RFC 2461 [5]. A Neighbor Solicitation or Advertisement specified in [RFC2461]. A Neighbor Solicitation or Advertisement
message that passes these validity checks is called a valid message that passes these validity checks is called a valid
solicitation or valid advertisement, respectively. solicitation or valid advertisement, respectively.
5.4.2 Sending Neighbor Solicitation Messages 5.4.2 Sending Neighbor Solicitation Messages
Before sending a Neighbor Solicitation, an interface MUST join the Before sending a Neighbor Solicitation, an interface MUST join the
all-nodes multicast address and the solicited-node multicast address all-nodes multicast address and the solicited-node multicast address
of the tentative address. The former ensures that the node receives of the tentative address. The former ensures that the node receives
Neighbor Advertisements from other nodes already using the address; Neighbor Advertisements from other nodes already using the address;
the latter ensures that two nodes attempting to use the same address the latter ensures that two nodes attempting to use the same address
skipping to change at page 15, line 11 skipping to change at page 15, line 18
To check an address, a node sends DupAddrDetectTransmits Neighbor To check an address, a node sends DupAddrDetectTransmits Neighbor
Solicitations, each separated by RetransTimer milliseconds. The Solicitations, each separated by RetransTimer milliseconds. The
solicitation's Target Address is set to the address being checked, solicitation's Target Address is set to the address being checked,
the IP source is set to the unspecified address and the IP the IP source is set to the unspecified address and the IP
destination is set to the solicited-node multicast address of the destination is set to the solicited-node multicast address of the
target address. target address.
If the Neighbor Solicitation is going to be the first message to be If the Neighbor Solicitation is going to be the first message to be
sent from an interface after interface (re)initialization, the node sent from an interface after interface (re)initialization, the node
SHOULD delay joining the solicited-node multicast address by a random SHOULD delay joining the solicited-node multicast address by a random
delay between 0 and MAX_RTR_SOLICITATION_DELAY as specified in RFC delay between 0 and MAX_RTR_SOLICITATION_DELAY as specified in
2461 [5]. This serves to alleviate congestion when many nodes start [RFC2461]. This serves to alleviate congestion when many nodes start
up on the link at the same time, such as after a power failure, and up on the link at the same time, such as after a power failure, and
may help to avoid race conditions when more than one node is trying may help to avoid race conditions when more than one node is trying
to solicit for the same address at the same time. to solicit for the same address at the same time.
Even if the Neighbor Solicitation is not going to be the first Even if the Neighbor Solicitation is not going to be the first
message to be sent, the node SHOULD delay joining the solicited-node message to be sent, the node SHOULD delay joining the solicited-node
multicast address by a random delay between 0 and multicast address by a random delay between 0 and
MAX_RTR_SOLICITATION_DELAY if the address being checked is configured MAX_RTR_SOLICITATION_DELAY if the address being checked is configured
by a router advertisement message sent to a multicast address. The by a router advertisement message sent to a multicast address. The
delay will avoid similar congestion when multiple nodes are going to delay will avoid similar congestion when multiple nodes are going to
configure addresses by receiving a same single multicast router configure addresses by receiving a same single multicast router
advertisement. advertisement.
Note that the delay for joining the multicast address implicitly Note that the delay for joining the multicast address implicitly
means delaying transmission of the corresponding MLD report message means delaying transmission of the corresponding Multicast Listener
[11]. Since RFC 2710 [11] does not request a random delay to avoid Discovery (MLD) report message [RFC2710]. Since [RFC2710] does not
race conditions, just delaying Neighbor Solicitation would cause request a random delay to avoid race conditions, just delaying
congestion by the MLD report messages. The congestion would then Neighbor Solicitation would cause congestion by the MLD report
prevent MLD-snooping switches from working correctly, and, as a messages. The congestion would then prevent MLD-snooping switches
result, prevent Duplicate Address Detection from working. The from working correctly, and, as a result, prevent Duplicate Address
requirement to include the delay for the MLD report in this case Detection from working. The requirement to include the delay for the
avoids this scenario. MLD report in this case avoids this scenario.
In order to improve the robustness of the Duplicate Address Detection In order to improve the robustness of the Duplicate Address Detection
algorithm, an interface MUST receive and process datagrams sent to algorithm, an interface MUST receive and process datagrams sent to
the all-nodes multicast address or solicited-node multicast address the all-nodes multicast address or solicited-node multicast address
of the tentative address while the delaying period. This does not of the tentative address while the delaying period. This does not
necessarily conflict with the requirement that joining the multicast necessarily conflict with the requirement that joining the multicast
group be delayed. In fact, in some cases it is possible for a node to group be delayed. In fact, in some cases it is possible for a node
start listening to the group during the delay period before MLD to start listening to the group during the delay period before MLD
report transmission. It should be noted, however, that in some report transmission. It should be noted, however, that in some
link-layer environments, particularly with MLD-snooping switches, no link-layer environments, particularly with MLD-snooping switches, no
multicast reception will be available until the MLD report is sent. multicast reception will be available until the MLD report is sent.
5.4.3 Receiving Neighbor Solicitation Messages 5.4.3 Receiving Neighbor Solicitation Messages
On receipt of a valid Neighbor Solicitation message on an interface, On receipt of a valid Neighbor Solicitation message on an interface,
node behavior depends on whether the target address is tentative or node behavior depends on whether the target address is tentative or
not. If the target address is not tentative (i.e., it is assigned to not. If the target address is not tentative (i.e., it is assigned to
the receiving interface), the solicitation is processed as described the receiving interface), the solicitation is processed as described
in RFC 2461 [5]. If the target address is tentative, and the source in [RFC2461]. If the target address is tentative, and the source
address is a unicast address, the solicitation's sender is performing address is a unicast address, the solicitation's sender is performing
address resolution on the target; the solicitation should be silently address resolution on the target; the solicitation should be silently
ignored. Otherwise, processing takes place as described below. In ignored. Otherwise, processing takes place as described below. In
all cases, a node MUST NOT respond to a Neighbor Solicitation for a all cases, a node MUST NOT respond to a Neighbor Solicitation for a
tentative address. tentative address.
If the source address of the Neighbor Solicitation is the unspecified If the source address of the Neighbor Solicitation is the unspecified
address, the solicitation is from a node performing Duplicate Address address, the solicitation is from a node performing Duplicate Address
Detection. If the solicitation is from another node, the tentative Detection. If the solicitation is from another node, the tentative
address is a duplicate and should not be used (by either node). If address is a duplicate and should not be used (by either node). If
skipping to change at page 17, line 4 skipping to change at page 17, line 11
condition occurs when two nodes run Duplicate Address Detection condition occurs when two nodes run Duplicate Address Detection
simultaneously and transmit solicitations at roughly the same simultaneously and transmit solicitations at roughly the same
time. time.
5.4.4 Receiving Neighbor Advertisement Messages 5.4.4 Receiving Neighbor Advertisement Messages
On receipt of a valid Neighbor Advertisement message on an interface, On receipt of a valid Neighbor Advertisement message on an interface,
node behavior depends on whether the target address is tentative or node behavior depends on whether the target address is tentative or
matches a unicast or anycast address assigned to the interface. If matches a unicast or anycast address assigned to the interface. If
the target address is assigned to the receiving interface, the the target address is assigned to the receiving interface, the
solicitation is processed as described in RFC 2461 [5]. If the target solicitation is processed as described in [RFC2461]. If the target
address is tentative, the tentative address is not unique. address is tentative, the tentative address is not unique.
5.4.5 When Duplicate Address Detection Fails 5.4.5 When Duplicate Address Detection Fails
A tentative address that is determined to be a duplicate as described A tentative address that is determined to be a duplicate as described
above MUST NOT be assigned to an interface and the node SHOULD log a above MUST NOT be assigned to an interface and the node SHOULD log a
system management error. If the address is a link-local address system management error.
formed from an interface identifier based on the hardware address
(e.g., EUI-64), the interface SHOULD be disabled. In this case, the If the address is a link-local address formed from an interface
IP address duplication probably means duplicate hardware addresses identifier based on the hardware address which is supposed to be
are in use, and trying to recover from it by configuring another IP uniquely assigned (e.g., EUI-64 for an Ethernet interface), IP
address will not result in a usable network. In fact, it probably operation on the interface SHOULD be disabled. By disabling IP
makes things worse by creating problems that are harder to diagnose operation, the node will then
than just shutting down the interface; the user will see a partially
working network where some things work, and other things will not. On - not send any IP packets from the interface
the other hand, if the duplicated link-local address is not formed - silently drop any IP packets received on the interface
from an interface identifier based on the hardware address, the - not forward any IP packets to the interface (when acting as a
interface MAY continue to be used. router or processing a packet with a Routing header)
In this case, the IP address duplication probably means duplicate
hardware addresses are in use, and trying to recover from it by
configuring another IP address will not result in a usable network.
In fact, it probably makes things worse by creating problems that are
harder to diagnose than just disabling network operation on the
interface; the user will see a partially working network where some
things work, and other things will not.
On the other hand, if the duplicate link-local address is not formed
from an interface identifier based on the hardware address which is
supposed to be uniquely assigned, IP operation on the interface MAY
be continued.
Note: as specified in Section 2, "IP" means "IPv6" in the above
description. While the background rationale about the hardware
address is independent of particular network protocols, the effect on
other protocols is beyond the scope of this document.
5.5 Creation of Global Addresses 5.5 Creation of Global Addresses
Global addresses are formed by appending an interface identifier to a Global addresses are formed by appending an interface identifier to a
prefix of appropriate length. Prefixes are obtained from Prefix prefix of appropriate length. Prefixes are obtained from Prefix
Information options contained in Router Advertisements. Creation of Information options contained in Router Advertisements. Creation of
global addresses and configuration of other parameters as described global addresses and configuration of other parameters as described
in this section SHOULD be locally configurable. However, the in this section SHOULD be locally configurable. However, the
processing described below MUST be enabled by default. processing described below MUST be enabled by default.
5.5.1 Soliciting Router Advertisements 5.5.1 Soliciting Router Advertisements
Router Advertisements are sent periodically to the all-nodes Router Advertisements are sent periodically to the all-nodes
multicast address. To obtain an advertisement quickly, a host sends multicast address. To obtain an advertisement quickly, a host sends
out Router Solicitations as described in RFC 2461 [5]. out Router Solicitations as described in [RFC2461].
5.5.2 Absence of Router Advertisements 5.5.2 Absence of Router Advertisements
Even if a link has no routers, stateful autoconfiguration to obtain Even if a link has no routers, stateful autoconfiguration to obtain
addresses and other configuration information may still be available, addresses and other configuration information may still be available,
and hosts may want to use the mechanism. From the perspective of and hosts may want to use the mechanism. From the perspective of
autoconfiguration, a link has no routers if no Router Advertisements autoconfiguration, a link has no routers if no Router Advertisements
are received after having sent a small number of Router Solicitations are received after having sent a small number of Router Solicitations
as described in RFC 2461 [5]. as described in [RFC2461].
Note that it is possible that there is no router on the link in this Note that it is possible that there is no router on the link in this
sense but there is a node that has the ability to forward packets. In sense but there is a node that has the ability to forward packets.
this case, the forwarding node's address must be manually configured In this case, the forwarding node's address must be manually
in hosts to be able to send packets off-link, since the only configured in hosts to be able to send packets off-link, since the
mechanism to configure the default router's address automatically is only mechanism to configure the default router's address
the one using router advertisements. automatically is the one using router advertisements.
5.5.3 Router Advertisement Processing 5.5.3 Router Advertisement Processing
For each Prefix-Information option in the Router Advertisement: For each Prefix-Information option in the Router Advertisement:
a) If the Autonomous flag is not set, silently ignore the Prefix a) If the Autonomous flag is not set, silently ignore the Prefix
Information option. Information option.
b) If the prefix is the link-local prefix, silently ignore the b) If the prefix is the link-local prefix, silently ignore the
Prefix Information option. Prefix Information option.
skipping to change at page 18, line 39 skipping to change at page 19, line 15
| 128 - N bits | N bits | | 128 - N bits | N bits |
+---------------------------------------+------------------------+ +---------------------------------------+------------------------+
| link prefix | interface identifier | | link prefix | interface identifier |
+----------------------------------------------------------------+ +----------------------------------------------------------------+
If the sum of the prefix length and interface identifier length If the sum of the prefix length and interface identifier length
does not equal 128 bits, the Prefix Information option MUST be does not equal 128 bits, the Prefix Information option MUST be
ignored. An implementation MAY wish to log a system management ignored. An implementation MAY wish to log a system management
error in this case. The length of the interface identifier is error in this case. The length of the interface identifier is
defined in a separate link-type specific document, which should defined in a separate link-type specific document, which should
also be consistent with the address architecture [4] (see Section also be consistent with the address architecture [RFC3513] (see
2). Section 2).
It is the responsibility of the system administrator to insure It is the responsibility of the system administrator to insure
that the lengths of prefixes contained in Router Advertisements that the lengths of prefixes contained in Router Advertisements
are consistent with the length of interface identifiers for that are consistent with the length of interface identifiers for that
link type. It should be noted, however, that this does not mean link type. It should be noted, however, that this does not mean
the advertised prefix length is meaningless. In fact, the the advertised prefix length is meaningless. In fact, the
advertised length has non trivial meaning for on-link advertised length has non trivial meaning for on-link
determination in RFC 2461 [5] where the sum of the prefix length determination in [RFC2461] where the sum of the prefix length and
and the interface identifier length may not be equal to 128. Thus, the interface identifier length may not be equal to 128. Thus, it
it should be safe to validate the advertised prefix length here, should be safe to validate the advertised prefix length here, in
in order to detect and avoid a configuration error specifying an order to detect and avoid a configuration error specifying an
invalid prefix length in the context of address autoconfiguration. invalid prefix length in the context of address autoconfiguration.
Note that a future revision of the address architecture [4] and a Note that a future revision of the address architecture [RFC3513]
future link-type specific document, which will still be consistent and a future link-type specific document, which will still be
with each other, could potentially allow for an interface consistent with each other, could potentially allow for an
identifier of length other than the value defined in the current interface identifier of length other than the value defined in the
documents. Thus, an implementation should not assume a particular current documents. Thus, an implementation should not assume a
constant. Rather, it should expect any lengths of interface particular constant. Rather, it should expect any lengths of
identifiers. interface identifiers.
If an address is formed successfully, the host adds it to the list If an address is formed successfully, the host adds it to the list
of addresses assigned to the interface, initializing its preferred of addresses assigned to the interface, initializing its preferred
and valid lifetime values from the Prefix Information option. and valid lifetime values from the Prefix Information option.
e) If the advertised prefix is equal to the prefix of an address e) If the advertised prefix is equal to the prefix of an address
configured by stateless autoconfiguration in the list, the configured by stateless autoconfiguration in the list, the
preferred lifetime of the address is reset to the Preferred preferred lifetime of the address is reset to the Preferred
Lifetime in the received advertisement. The specific action to Lifetime in the received advertisement. The specific action to
perform for the valid lifetime of the address depends on the Valid perform for the valid lifetime of the address depends on the Valid
skipping to change at page 19, line 36 skipping to change at page 20, line 13
following discussion: following discussion:
1. If the received Valid Lifetime is greater than 2 hours or 1. If the received Valid Lifetime is greater than 2 hours or
greater than RemainingLifetime, set the valid lifetime of the greater than RemainingLifetime, set the valid lifetime of the
corresponding address to the advertised Valid Lifetime. corresponding address to the advertised Valid Lifetime.
2. If RemainingLifetime is less than or equal to 2 hours, ignore 2. If RemainingLifetime is less than or equal to 2 hours, ignore
the Prefix Information option with regards to the valid the Prefix Information option with regards to the valid
lifetime, unless the Router Advertisement from which this lifetime, unless the Router Advertisement from which this
option was obtained has been authenticated (e.g., via IP option was obtained has been authenticated (e.g., via IP
security [1]). If the Router Advertisement was authenticated, security [RFC2402]). If the Router Advertisement was
the valid lifetime of the corresponding address should be set authenticated, the valid lifetime of the corresponding address
to the Valid Lifetime in the received option. should be set to the Valid Lifetime in the received option.
3. Otherwise, reset the valid lifetime of the corresponding 3. Otherwise, reset the valid lifetime of the corresponding
address to two hours. address to two hours.
The above rules address a specific denial of service attack in The above rules address a specific denial of service attack in
which a bogus advertisement could contain prefixes with very small which a bogus advertisement could contain prefixes with very small
Valid Lifetimes. Without the above rules, a single unauthenticated Valid Lifetimes. Without the above rules, a single
advertisement containing bogus Prefix Information options with unauthenticated advertisement containing bogus Prefix Information
short Valid Lifetimes could cause all of a node's addresses to options with short Valid Lifetimes could cause all of a node's
expire prematurely. The above rules ensure that legitimate addresses to expire prematurely. The above rules ensure that
advertisements (which are sent periodically) will "cancel" the legitimate advertisements (which are sent periodically) will
short Valid Lifetimes before they actually take effect. "cancel" the short Valid Lifetimes before they actually take
effect.
Note that the preferred lifetime of the corresponding address is Note that the preferred lifetime of the corresponding address is
always reset to the Preferred Lifetime in the received Prefix always reset to the Preferred Lifetime in the received Prefix
Information option, regardless of whether the valid lifetime is Information option, regardless of whether the valid lifetime is
also reset or ignored. The difference comes from the fact that the also reset or ignored. The difference comes from the fact that
possible attack for the preferred lifetime is relatively minor. the possible attack for the preferred lifetime is relatively
Additionally, it is even undesirable to ignore the preferred minor. Additionally, it is even undesirable to ignore the
lifetime when a valid administrator wants to deprecate a preferred lifetime when a valid administrator wants to deprecate a
particular address by sending a short preferred lifetime (and the particular address by sending a short preferred lifetime (and the
valid lifetime is ignored by accident). valid lifetime is ignored by accident).
5.5.4 Address Lifetime Expiry 5.5.4 Address Lifetime Expiry
A preferred address becomes deprecated when its preferred lifetime A preferred address becomes deprecated when its preferred lifetime
expires. A deprecated address SHOULD continue to be used as a source expires. A deprecated address SHOULD continue to be used as a source
address in existing communications, but SHOULD NOT be used to address in existing communications, but SHOULD NOT be used to
initiate new communications if an alternate (non-deprecated) address initiate new communications if an alternate (non-deprecated) address
of sufficient scope can easily be used instead. of sufficient scope can easily be used instead.
skipping to change at page 20, line 36 skipping to change at line 962
deprecated address was (or still is) in use by the application. For deprecated address was (or still is) in use by the application. For
example, if an application explicitly specifies the protocol stack to example, if an application explicitly specifies the protocol stack to
use a deprecated address as a source address, the protocol stack must use a deprecated address as a source address, the protocol stack must
accept that; the application might request it because that IP address accept that; the application might request it because that IP address
is used for in higher-level communication and there might be a is used for in higher-level communication and there might be a
requirement that the multiple connections in such a grouping use the requirement that the multiple connections in such a grouping use the
same pair of IP addresses. same pair of IP addresses.
IP and higher layers (e.g., TCP, UDP) MUST continue to accept and IP and higher layers (e.g., TCP, UDP) MUST continue to accept and
process datagrams destined to a deprecated address as normal since a process datagrams destined to a deprecated address as normal since a
deprecated address is still a valid address for the interface. In the deprecated address is still a valid address for the interface. In
case of TCP, this means TCP SYN segments sent to a deprecated address the case of TCP, this means TCP SYN segments sent to a deprecated
are responded to using the deprecated address as a source address in address are responded to using the deprecated address as a source
the corresponding SYN-ACK (if the connection would otherwise be address in the corresponding SYN-ACK (if the connection would
allowed). otherwise be allowed).
An implementation MAY prevent any new communication from using a An implementation MAY prevent any new communication from using a
deprecated address, but system management MUST have the ability to deprecated address, but system management MUST have the ability to
disable such a facility, and the facility MUST be disabled by disable such a facility, and the facility MUST be disabled by
default. default.
Other subtle cases should also be noted about source address Other subtle cases should also be noted about source address
selection. For example, the above description does not clarify which selection. For example, the above description does not clarify which
address should be used between a deprecated, smaller-scope address address should be used between a deprecated, smaller-scope address
and a non-deprecated, enough scope address. The details of the and a non-deprecated, enough scope address. The details of the
address selection including this case are described in RFC 3484 [8] address selection including this case are described in [RFC3484] and
and beyond the scope of this document. beyond the scope of this document.
An address (and its association with an interface) becomes invalid An address (and its association with an interface) becomes invalid
when its valid lifetime expires. An invalid address MUST NOT be used when its valid lifetime expires. An invalid address MUST NOT be used
as a source address in outgoing communications and MUST NOT be as a source address in outgoing communications and MUST NOT be
recognized as a destination on a receiving interface. recognized as a destination on a receiving interface.
5.6 Configuration Consistency 5.6 Configuration Consistency
It is possible for hosts to obtain address information using both It is possible for hosts to obtain address information using both
stateless and stateful protocols since both may be enabled at the stateless and stateful protocols since both may be enabled at the
same time. It is also possible that the values of other same time. It is also possible that the values of other
configuration parameters such as MTU size and hop limit will be configuration parameters such as MTU size and hop limit will be
learned from both Router Advertisements and the stateful learned from both Router Advertisements and the stateful
autoconfiguration protocol. If the same configuration information is autoconfiguration protocol. If the same configuration information is
provided by multiple sources, the value of this information should be provided by multiple sources, the value of this information should be
consistent. However, it is not considered a fatal error if consistent. However, it is not considered a fatal error if
information received from multiple sources is inconsistent. Hosts information received from multiple sources is inconsistent. Hosts
accept the union of all information received via the stateless and accept the union of all information received via the stateless and
stateful protocols. If inconsistent information is learned different stateful protocols. If inconsistent info
sources, the most recently obtained values always have precedence
over information learned earlier.
5.7 Retaining Configured Addresses for Stability
An implementation that has stable storage may want to retain
addresses in the storage when the addresses were acquired using
stateless address autoconfiguration. Assuming the lifetimes used are
reasonable, this technique implies that a temporary outage (less than
the valid lifetime) of a router will never result in the node losing
its global address even if the node were to reboot. When this
technique is used, it should also be noted that the expiration times
of the preferred and valid lifetimes must be retained, in order to
prevent the use of an address after it has become deprecated or
invalid.
Further details on this kind of extension are beyond the scope of
this document.
6. SECURITY CONSIDERATIONS
Stateless address autoconfiguration allows a host to connect to a
network, configure an address and start communicating with other
nodes without ever registering or authenticating itself with the
local site. Although this allows unauthorized users to connect to
and use a network, the threat is inherently present in the Internet
architecture. Any node with a physical attachment to a network can
generate an address (using a variety of ad hoc techniques) that
provides connectivity.
The use of stateless address autoconfiguration and Duplicate Address
Detection opens up the possibility of several denial of service
attacks. For example, any node can respond to Neighbor Solicitations
for a tentative address, causing the other node to reject the address
as a duplicate. A separate document [12] discusses details about
these attacks. These attacks can be addressed by requiring that
Neighbor Discovery packets be authenticated [1]. However, it should
be noted that [12] points out the use of IP security is not always
feasible depending on network environments.
7. IANA CONSIDERATIONS
This document has no actions for IANA.
8. Acknowledgements
The authors would like to thank the members of both the IPNG (which
is now IPV6) and ADDRCONF working groups for their input. In
particular, thanks to Jim Bound, Steve Deering, Richard Draves, and
Erik Nordmark. Thanks also goes to John Gilmore for alerting the WG
of the "0 Lifetime Prefix Advertisement" denial of service attack
vulnerability; this document incorporates changes that address this
vulnerability.
A number of people have contributed to identifying issues on a
previous version of this document and to proposing resolutions to the
issues, on which this version is based. In addition to those listed
above, the contributors include Jari Arkko, Brian E Carpenter,
Gregory Daley, Ralph Droms, Christian Huitema, Soohong Daniel Park,
Markku Savela, and Pekka Savola.
Normative References
[1] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402,
November 1998.
[2] Crawford, M., "A Method for the Transmission of IPv6 Packets
over Ethernet Networks", RFC 2464, December 1998.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March 1997.
[4] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6)
Addressing Architecture", RFC 3513, April 2003.
[5] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery for
IP Version 6 (IPv6)", RFC 2461, December 1998.
Informative References
[6] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and M.
Carney, "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", RFC 3315, July 2003.
[7] Droms, R., "Stateless Dynamic Host Configuration Protocol
(DHCP) Service for IPv6", RFC 3736, April 2004.
[8] Draves, R., "Default Address Selection for Internet Protocol
version 6 (IPv6)", RFC 3484, February 2003.
[9] Narten, T. and R. Draves, "Privacy Extensions for Stateless
Address Autoconfiguration in IPv6", RFC 3041, January 2001.
[10] Aura, T., "Cryptographically Generated Addresses (CGA)",
draft-ietf-send-cga-06.txt (work in progress), April 2004.
[11] Deering, S., Fenner, W. and B. Haberman, "Multicast Listener
Discovery (MLD) for IPv6", RFC 2710, October 1999.
[12] Nikander, P., Kempf, J. and E. Nordmark, "IPv6 Neighbor
Discovery (ND) Trust Models and Threats", RFC 3756, May 2004.
[13] Deering, S., "Host Extensions for IP Multicasting", RFC 1112,
August 1989.
[14] IEEE, "Wireless LAN Medium Access Control (MAC) and Physical
Layer (PHY) Specifications", ANSI/IEEE STd 802.11, August 1999.
Authors' Addresses
Susan Thomson
Cisco Systems
EMail: sethomso@cisco.com
Thomas Narten
IBM Corporation
P.O. Box 12195
Research Triangle Park, NC 27709-2195
USA
Phone: +1 919-254-7798
EMail: narten@us.ibm.com
Tatuya Jinmei
Corporate Research & Development Center, Toshiba Corporation
1 Komukai Toshiba-cho, Saiwai-ku
Kawasaki-shi, Kanagawa 212-8582
Japan
Phone: +81 44-549-2230
EMail: jinmei@isl.rdc.toshiba.co.jp
Appendix A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION
Determining whether a received multicast solicitation was looped back
to the sender or actually came from another node is implementation-
dependent. A problematic case occurs when two interfaces attached to
the same link happen to have the same identifier and link-layer
address, and they both send out packets with identical contents at
roughly the same time (e.g., Neighbor Solicitations for a tentative
address as part of Duplicate Address Detection messages). Although a
receiver will receive both packets, it cannot determine which packet
was looped back and which packet came from the other node by simply
comparing packet contents (i.e., the contents are identical). In this
particular case, it is not necessary to know precisely which packet
was looped back and which was sent by another node; if one receives
more solicitations than were sent, the tentative address is a
duplicate. However, the situation may not always be this
straightforward.
The IPv4 multicast specification [13] recommends that the service
interface provide a way for an upper-layer protocol to inhibit local
delivery of packets sent to a multicast group that the sending host
is a member of. Some applications know that there will be no other
group members on the same host, and suppressing loopback prevents
them from having to receive (and discard) the packets they themselves
send out. A straightforward way to implement this facility is to
disable loopback at the hardware level (if supported by the
hardware), with packets looped back (if requested) by software. On
interfaces in which the hardware itself suppresses loopbacks, a node
running Duplicate Address Detection simply counts the number of
Neighbor Solicitations received for a tentative address and compares
them with the number expected. If there is a mismatch, the tentative
address is a duplicate.
In those cases where the hardware cannot suppress loopbacks, however,
one possible software heuristic to filter out unwanted loopbacks is
to discard any received packet whose link-layer source address is the
same as the receiving interface's. There is even a link-layer
specification that requires to discard any such packets [14].
Unfortunately, use of that criteria also results in the discarding of
all packets sent by another node using the same link-layer address.
Duplicate Address Detection will fail on interfaces that filter
received packets in this manner:
o If a node performing Duplicate Address Detection discards received
packets having the same source link-layer address as the receiving
interface, it will also discard packets from other nodes also
using the same link-layer address, including Neighbor
Advertisement and Neighbor Solicitation messages required to make
Duplicate Address Detection work correctly. This particular
problem can be avoided by temporarily disabling the software
suppression of loopbacks while a node performs Duplicate Address
Detection, if it is possible to disable the suppression.
o If a node that is already using a particular IP address discards
received packets having the same link-layer source address as the
interface, it will also discard Duplicate Address
Detection-related Neighbor Solicitation messages sent by another
node also using the same link-layer address. Consequently,
Duplicate Address Detection will fail, and the other node will
configure a non-unique address. Since it is generally impossible
to know when another node is performing Duplicate Address
Detection, this scenario can be avoided only if software
suppression of loopback is permanently disabled.
Thus, to perform Duplicate Address Detection correctly in the case
where two interfaces are using the same link-layer address, an
implementation must have a good understanding of the interface's
multicast loopback semantics, and the interface cannot discard
received packets simply because the source link-layer address is the
same as the interfaces. It should also be noted that a link-layer
specification can conflict with the condition necessary to make
Duplicate Address Detection work.
Appendix B. CHANGES SINCE RFC 1971
o Changed document to use term "interface identifier" rather than
"interface token" for consistency with other IPv6 documents.
o Clarified definition of deprecated address to make clear it is OK
to continue sending to or from deprecated addresses.
o Added rules to Section 5.5.3 Router Advertisement processing to
address potential denial-of-service attack when prefixes are
advertised with very short Lifetimes.
o Clarified wording in Section 5.5.4 to make clear that all upper
layer protocols must process (i.e., send and receive) packets sent
to deprecated addresses.
Appendix C. CHANGE HISTORY
Changes since RFC 2462 are:
o Fixed a typo in Section 2.
o Updated references and categorized them into normative and
informative ones.
o Removed redundant code in denial of service protection in Section
5.5.3.
o Clarified that a unicasted NS or NA should be discarded while
performing Duplicate Address Detection.
o Replaced the word "StoredLifetime" with "RemainingLifetime" with a
precise definition to avoid confusion.
o Removed references to site-local and revise wording around the
keyword.
o Added a note about source address selection with regards to
deprecated vs insufficient-scope addresses, etc. Added a reference
to RFC 3484 for further details.
o Clarified what "new communication" means in Section 5.5.4.
o Added a new subsection (5.7) to mention the possibility to use
stable storage to retain configured addresses for stability.
o Revised the Security Considerations section with a reference to
RFC 3756 and a note that the use of IP security is not always
feasible.
o Added a note with a reference in Appendix A about the case where a
link-layer filtering conflicts with a condition to make DAD work
correctly.
o Specified that a node performing Duplicate Address Detection delay
joining the solicited-node multicast group, not just delay sending
Neighbor Solicitations, explaining the detailed reason.
o Clarified the reason why the interface should be disabled after an
address duplicate is detected. Also clarified that the interface
may continue to be used if the interface identifier is not based
on the hardware address.
o Clarified that the preferred lifetime for an existing configured
address is always reset to the advertised value by Router
Advertisement.
o Updated the description of interface identifier considering the
latest format.
Changes since draft-ietf-ipv6-rfc2462bis-00.txt are:
o Clarified how the length of interface identifiers should be
determined, described the relationship with the prefix length
advertised in Router Advertisements, and avoided using a
particular length hard-coded in this document.
o Added a note when an implementation uses stable storage for
autoconfigured addresses.
o Resolved conflict with the Multicast Listener Discovery
specification about random delay for the first packet from the
host.
o Clarified the semantics of the M and O flags based on the latest
standard and operational status. In particular, clarified that
these flags show the availability of the stateful protocol instead
of a trigger to invoke the stateful protocol. ManagedFlag and
OtherConfigFlag, which were implementation-internal variables,
were removed accordingly.
o Recommended to perform Duplicate Address Detection for all unicast
addresses more strongly, considering a variety of different
interface identifiers, while keeping care of existing
implementations.
o Added a requirement for a random delay befor sending Neighbor
Solicitations for Duplicate Address Detection if the address being
checked is configured by a multicasted Router Advertisements.
o Clarified that the prefix comparison in Section 5.5.3 is based on
exact match. Also clarified the comparison described in this
document concentrates on addresses configured by the stateless
mechanism.
o Revisited the author list.
o Added IANA Considerations Section.
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
Full Copyright Statement
Copyright (C) The Internet Society (2004). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/