draft-ietf-ipv6-rfc2462bis-07.txt   draft-ietf-ipv6-rfc2462bis-08.txt 
IETF IPv6 Working Group S. Thomson IETF IPv6 Working Group S. Thomson
Internet-Draft Cisco Internet-Draft Cisco
Expires: June 10, 2005 T. Narten Expires: November 13, 2005 T. Narten
IBM IBM
T. Jinmei T. Jinmei
Toshiba Toshiba
December 10, 2004 May 12, 2005
IPv6 Stateless Address Autoconfiguration IPv6 Stateless Address Autoconfiguration
draft-ietf-ipv6-rfc2462bis-07.txt draft-ietf-ipv6-rfc2462bis-08.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions By submitting this Internet-Draft, each author represents that any
of section 3 of RFC 3667. By submitting this Internet-Draft, each applicable patent or other IPR claims of which he or she is aware
author represents that any applicable patent or other IPR claims of have been or will be disclosed, and any of which he or she becomes
which he or she is aware have been or will be disclosed, and any of aware will be disclosed, in accordance with Section 6 of BCP 79.
which he or she become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as Internet-
Internet-Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 10, 2005. This Internet-Draft will expire on November 13, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). Copyright (C) The Internet Society (2005).
Abstract Abstract
This document specifies the steps a host takes in deciding how to This document specifies the steps a host takes in deciding how to
autoconfigure its interfaces in IP version 6. The autoconfiguration autoconfigure its interfaces in IP version 6. The autoconfiguration
process includes generating a link-local address, generating global process includes generating a link-local address, generating global
addresses via stateless address autoconfiguration, and the Duplicate addresses via stateless address autoconfiguration, and the Duplicate
Address Detection procedure to verify the uniqueness of the addresses Address Detection procedure to verify the uniqueness of the addresses
on a link. on a link.
skipping to change at page 2, line 36 skipping to change at page 2, line 35
5.5.1 Soliciting Router Advertisements . . . . . . . . . . . 17 5.5.1 Soliciting Router Advertisements . . . . . . . . . . . 17
5.5.2 Absence of Router Advertisements . . . . . . . . . . . 17 5.5.2 Absence of Router Advertisements . . . . . . . . . . . 17
5.5.3 Router Advertisement Processing . . . . . . . . . . . 18 5.5.3 Router Advertisement Processing . . . . . . . . . . . 18
5.5.4 Address Lifetime Expiry . . . . . . . . . . . . . . . 20 5.5.4 Address Lifetime Expiry . . . . . . . . . . . . . . . 20
5.6 Configuration Consistency . . . . . . . . . . . . . . . . 21 5.6 Configuration Consistency . . . . . . . . . . . . . . . . 21
5.7 Retaining Configured Addresses for Stability . . . . . . . 21 5.7 Retaining Configured Addresses for Stability . . . . . . . 21
6. SECURITY CONSIDERATIONS . . . . . . . . . . . . . . . . . . . 22 6. SECURITY CONSIDERATIONS . . . . . . . . . . . . . . . . . . . 22
7. IANA CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . 22 7. IANA CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . 22
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 22 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 22
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23
9.1 Normative References . . . . . . . . . . . . . . . . . . . . 23 9.1 Normative References . . . . . . . . . . . . . . . . . . . 23
9.2 Informative References . . . . . . . . . . . . . . . . . . . 23 9.2 Informative References . . . . . . . . . . . . . . . . . . 23
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 24 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 24
A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION . . . . . . 24 A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION . . . . . . 24
B. CHANGES SINCE RFC 1971 . . . . . . . . . . . . . . . . . . . . 26 B. CHANGES SINCE RFC 1971 . . . . . . . . . . . . . . . . . . . . 26
C. CHANGES SINCE RFC 2462 . . . . . . . . . . . . . . . . . . . . 26 C. CHANGES SINCE RFC 2462 . . . . . . . . . . . . . . . . . . . . 26
D. CHANGE HISTORY . . . . . . . . . . . . . . . . . . . . . . . . 27 D. CHANGE HISTORY . . . . . . . . . . . . . . . . . . . . . . . . 27
Intellectual Property and Copyright Statements . . . . . . . . 31 Intellectual Property and Copyright Statements . . . . . . . . 31
1. INTRODUCTION 1. INTRODUCTION
This document specifies the steps a host takes in deciding how to This document specifies the steps a host takes in deciding how to
skipping to change at page 4, line 49 skipping to change at page 4, line 49
protocols being "tunneled" over (i.e., encapsulated in) IP such as protocols being "tunneled" over (i.e., encapsulated in) IP such as
IPX, AppleTalk, or IP itself. IPX, AppleTalk, or IP itself.
link - a communication facility or medium over which nodes can link - a communication facility or medium over which nodes can
communicate at the link layer, i.e., the layer immediately below communicate at the link layer, i.e., the layer immediately below
IP. Examples are Ethernets (simple or bridged); PPP links; X.25, IP. Examples are Ethernets (simple or bridged); PPP links; X.25,
Frame Relay, or ATM networks; and internet (or higher) layer Frame Relay, or ATM networks; and internet (or higher) layer
"tunnels", such as tunnels over IPv4 or IPv6 itself. The protocol "tunnels", such as tunnels over IPv4 or IPv6 itself. The protocol
described in this document will be used on all types of links described in this document will be used on all types of links
unless specified otherwise in the link type specific document unless specified otherwise in the link type specific document
describing how to operate IP on the link in line with describing how to operate IP on the link in line with [I-D.ietf-
[I-D.ietf-ipv6-2461bis]. ipv6-2461bis].
interface - a node's attachment to a link. interface - a node's attachment to a link.
packet - an IP header plus payload. packet - an IP header plus payload.
address - an IP-layer identifier for an interface or a set of address - an IP-layer identifier for an interface or a set of
interfaces. interfaces.
unicast address - an identifier for a single interface. A packet unicast address - an identifier for a single interface. A packet
sent to a unicast address is delivered to the interface identified sent to a unicast address is delivered to the interface identified
skipping to change at page 7, line 25 skipping to change at page 7, line 25
Stateless autoconfiguration is designed with the following goals in Stateless autoconfiguration is designed with the following goals in
mind: mind:
o Manual configuration of individual machines before connecting them o Manual configuration of individual machines before connecting them
to the network should not be required. Consequently, a mechanism to the network should not be required. Consequently, a mechanism
is needed that allows a host to obtain or create unique addresses is needed that allows a host to obtain or create unique addresses
for each of its interfaces. Address autoconfiguration assumes for each of its interfaces. Address autoconfiguration assumes
that each interface can provide a unique identifier for that that each interface can provide a unique identifier for that
interface (i.e., an "interface identifier"). In the simplest interface (i.e., an "interface identifier"). In the simplest
case, an interface identifier consists of the interface's case, an interface identifier consists of the interface's link-
link-layer address. An interface identifier can be combined with layer address. An interface identifier can be combined with a
a prefix to form an address. prefix to form an address.
o Small sites consisting of a set of machines attached to a single o Small sites consisting of a set of machines attached to a single
link should not require the presence of a DHCPv6 server or router link should not require the presence of a DHCPv6 server or router
as a prerequisite for communicating. Plug-and-play communication as a prerequisite for communicating. Plug-and-play communication
is achieved through the use of link-local addresses. Link-local is achieved through the use of link-local addresses. Link-local
addresses have a well-known prefix that identifies the (single) addresses have a well-known prefix that identifies the (single)
shared link to which a set of nodes attach. A host forms a shared link to which a set of nodes attach. A host forms a link-
link-local address by appending its interface identifier to the local address by appending its interface identifier to the link-
link-local prefix. local prefix.
o A large site with multiple networks and routers should not require o A large site with multiple networks and routers should not require
the presence of a DHCPv6 server for address configuration. In the presence of a DHCPv6 server for address configuration. In
order to generate global addresses, hosts must determine the order to generate global addresses, hosts must determine the
prefixes that identify the subnets to which they attach. Routers prefixes that identify the subnets to which they attach. Routers
generate periodic Router Advertisements that include options generate periodic Router Advertisements that include options
listing the set of active prefixes on a link. listing the set of active prefixes on a link.
o Address configuration should facilitate the graceful renumbering o Address configuration should facilitate the graceful renumbering
of a site's machines. For example, a site may wish to renumber of a site's machines. For example, a site may wish to renumber
skipping to change at page 9, line 7 skipping to change at page 9, line 7
The next phase of autoconfiguration involves obtaining a Router The next phase of autoconfiguration involves obtaining a Router
Advertisement or determining that no routers are present. If routers Advertisement or determining that no routers are present. If routers
are present, they will send Router Advertisements that specify what are present, they will send Router Advertisements that specify what
sort of autoconfiguration a host can do. Note that the DHCPv6 sort of autoconfiguration a host can do. Note that the DHCPv6
service for address configuration may still be available even if no service for address configuration may still be available even if no
routers are present. routers are present.
Routers send Router Advertisements periodically, but the delay Routers send Router Advertisements periodically, but the delay
between successive advertisements will generally be longer than a between successive advertisements will generally be longer than a
host performing autoconfiguration will want to wait host performing autoconfiguration will want to wait [I-D.ietf-ipv6-
[I-D.ietf-ipv6-2461bis]. To obtain an advertisement quickly, a host 2461bis]. To obtain an advertisement quickly, a host sends one or
sends one or more Router Solicitations to the all-routers multicast more Router Solicitations to the all-routers multicast group.
group.
Router Advertisements also contain zero or more Prefix Information Router Advertisements also contain zero or more Prefix Information
options that contain information used by stateless address options that contain information used by stateless address
autoconfiguration to generate global addresses. It should be noted autoconfiguration to generate global addresses. It should be noted
that a host may use both stateless address autoconfiguration and that a host may use both stateless address autoconfiguration and
DHCPv6 simultaneously. One Prefix Information option field, the DHCPv6 simultaneously. One Prefix Information option field, the
"autonomous address-configuration flag", indicates whether or not the "autonomous address-configuration flag", indicates whether or not the
option even applies to stateless autoconfiguration. If it does, option even applies to stateless autoconfiguration. If it does,
additional option fields contain a subnet prefix together with additional option fields contain a subnet prefix together with
lifetime values indicating how long addresses created from the prefix lifetime values indicating how long addresses created from the prefix
skipping to change at page 9, line 38 skipping to change at page 9, line 37
By default, all addresses should be tested for uniqueness prior to By default, all addresses should be tested for uniqueness prior to
their assignment to an interface for safety. The test should their assignment to an interface for safety. The test should
individually be performed on all addresses obtained manually, via individually be performed on all addresses obtained manually, via
stateless address autoconfiguration, or via DHCPv6. To accommodate stateless address autoconfiguration, or via DHCPv6. To accommodate
sites that believe the overhead of performing Duplicate Address sites that believe the overhead of performing Duplicate Address
Detection outweighs its benefits, the use of Duplicate Address Detection outweighs its benefits, the use of Duplicate Address
Detection can be disabled through the administrative setting of a Detection can be disabled through the administrative setting of a
per-interface configuration flag. per-interface configuration flag.
To speed the autoconfiguration process, a host may generate its To speed the autoconfiguration process, a host may generate its link-
link-local address (and verify its uniqueness) in parallel with local address (and verify its uniqueness) in parallel with waiting
waiting for a Router Advertisement. Because a router may delay for a Router Advertisement. Because a router may delay responding to
responding to a Router Solicitation for a few seconds, the total time a Router Solicitation for a few seconds, the total time needed to
needed to complete autoconfiguration can be significantly longer if complete autoconfiguration can be significantly longer if the two
the two steps are done serially. steps are done serially.
4.1 Site Renumbering 4.1 Site Renumbering
Address leasing facilitates site renumbering by providing a mechanism Address leasing facilitates site renumbering by providing a mechanism
to time-out addresses assigned to interfaces in hosts. At present, to time-out addresses assigned to interfaces in hosts. At present,
upper layer protocols such as TCP provide no support for changing upper layer protocols such as TCP provide no support for changing
end-point addresses while a connection is open. If an end-point end-point addresses while a connection is open. If an end-point
address becomes invalid, existing connections break and all address becomes invalid, existing connections break and all
communication to the invalid address fails. Even when applications communication to the invalid address fails. Even when applications
use UDP as a transport protocol, addresses must generally remain the use UDP as a transport protocol, addresses must generally remain the
skipping to change at page 10, line 34 skipping to change at page 10, line 33
itself before starting a new communication or may leave the address itself before starting a new communication or may leave the address
unspecified, in which case the upper networking layers will use the unspecified, in which case the upper networking layers will use the
mechanism provided by the IP layer to choose a suitable address on mechanism provided by the IP layer to choose a suitable address on
the application's behalf. the application's behalf.
Detailed address selection rules are beyond the scope of this Detailed address selection rules are beyond the scope of this
document and are described in [RFC3484]. document and are described in [RFC3484].
5. PROTOCOL SPECIFICATION 5. PROTOCOL SPECIFICATION
Autoconfiguration is performed on a per-interface basis on Autoconfiguration is performed on a per-interface basis on multicast-
multicast-capable interfaces. For multihomed hosts, capable interfaces. For multihomed hosts, autoconfiguration is
autoconfiguration is performed independently on each interface. performed independently on each interface. Autoconfiguration applies
Autoconfiguration applies primarily to hosts, with two exceptions. primarily to hosts, with two exceptions. Routers are expected to
Routers are expected to generate a link-local address using the generate a link-local address using the procedure outlined below. In
procedure outlined below. In addition, routers perform Duplicate addition, routers perform Duplicate Address Detection on all
Address Detection on all addresses prior to assigning them to an addresses prior to assigning them to an interface.
interface.
5.1 Node Configuration Variables 5.1 Node Configuration Variables
A node MUST allow the following autoconfiguration-related variable to A node MUST allow the following autoconfiguration-related variable to
be configured by system management for each multicast-capable be configured by system management for each multicast-capable
interface: interface:
DupAddrDetectTransmits DupAddrDetectTransmits
The number of consecutive Neighbor Solicitation messages sent The number of consecutive Neighbor Solicitation messages sent
skipping to change at page 11, line 47 skipping to change at page 11, line 41
A node forms a link-local address whenever an interface becomes A node forms a link-local address whenever an interface becomes
enabled. An interface may become enabled after any of the following enabled. An interface may become enabled after any of the following
events: events:
- The interface is initialized at system startup time. - The interface is initialized at system startup time.
- The interface is reinitialized after a temporary interface failure - The interface is reinitialized after a temporary interface failure
or after being temporarily disabled by system management. or after being temporarily disabled by system management.
- The interface attaches to a link for the first time. - The interface attaches to a link for the first time. This
includes the case where the attached link is dynamically changed
due to a change of the access point of wireless networks.
- The interface becomes enabled by system management after having - The interface becomes enabled by system management after having
been administratively disabled. been administratively disabled.
A link-local address is formed by combining the well-known link-local A link-local address is formed by combining the well-known link-local
prefix FE80::0 [RFC3513] (of appropriate length) with the interface prefix FE80::0 [RFC3513] (of appropriate length) with the interface
identifier as follows: identifier as follows:
1. The left-most 'prefix length' bits of the address are those of 1. The left-most 'prefix length' bits of the address are those of
the link-local prefix. the link-local prefix.
2. The bits in the address to the right of the link-local prefix are 2. The bits in the address to the right of the link-local prefix are
set to all zeroes. set to all zeroes.
3. If the length of the interface identifier is N bits, the 3. If the length of the interface identifier is N bits, the right-
right-most N bits of the address are replaced by the interface most N bits of the address are replaced by the interface
identifier. identifier.
If the sum of the link-local prefix length and N is larger than 128, If the sum of the link-local prefix length and N is larger than 128,
autoconfiguration fails and manual configuration is required. The autoconfiguration fails and manual configuration is required. The
length of the interface identifier is defined in a separate link-type length of the interface identifier is defined in a separate link-type
specific document, which should also be consistent with the address specific document, which should also be consistent with the address
architecture [RFC3513] (see Section 2). These documents will architecture [RFC3513] (see Section 2). These documents will
carefully define the length so that link-local addresses can be carefully define the length so that link-local addresses can be
autoconfigured on the link. autoconfigured on the link.
skipping to change at page 13, line 6 skipping to change at page 12, line 52
Duplicate Address Detection for the link-local address and skip Duplicate Address Detection for the link-local address and skip
the test for the global address using the same interface the test for the global address using the same interface
identifier as that of the link-local address. Whereas this identifier as that of the link-local address. Whereas this
document does not invalidate such implementations, this kind of document does not invalidate such implementations, this kind of
"optimization" is NOT RECOMMENDED, and new implementations MUST "optimization" is NOT RECOMMENDED, and new implementations MUST
NOT do that optimization. This optimization came from the NOT do that optimization. This optimization came from the
assumption that all of an interface's addresses are generated from assumption that all of an interface's addresses are generated from
the same identifier. However, the assumption does actually not the same identifier. However, the assumption does actually not
stand; new types of addresses have been introduced where the stand; new types of addresses have been introduced where the
interface identifiers are not necessarily the same for all unicast interface identifiers are not necessarily the same for all unicast
addresses on a single interface [RFC3041][I-D.ietf-send-cga]. addresses on a single interface [RFC3041] [RFC3972]. Requiring to
Requiring to perform Duplicate Address Detection for all unicast perform Duplicate Address Detection for all unicast addresses will
addresses will make the algorithm robust for the current and make the algorithm robust for the current and future such special
future such special interface identifiers. interface identifiers.
The procedure for detecting duplicate addresses uses Neighbor The procedure for detecting duplicate addresses uses Neighbor
Solicitation and Advertisement messages as described below. If a Solicitation and Advertisement messages as described below. If a
duplicate address is discovered during the procedure, the address duplicate address is discovered during the procedure, the address
cannot be assigned to the interface. If the address is derived from cannot be assigned to the interface. If the address is derived from
an interface identifier, a new identifier will need to be assigned to an interface identifier, a new identifier will need to be assigned to
the interface, or all IP addresses for the interface will need to be the interface, or all IP addresses for the interface will need to be
manually configured. Note that the method for detecting duplicates manually configured. Note that the method for detecting duplicates
is not completely reliable, and it is possible that duplicate is not completely reliable, and it is possible that duplicate
addresses will still exist (e.g., if the link was partitioned while addresses will still exist (e.g., if the link was partitioned while
skipping to change at page 14, line 51 skipping to change at page 14, line 50
multicast address by a random delay between 0 and multicast address by a random delay between 0 and
MAX_RTR_SOLICITATION_DELAY if the address being checked is configured MAX_RTR_SOLICITATION_DELAY if the address being checked is configured
by a router advertisement message sent to a multicast address. The by a router advertisement message sent to a multicast address. The
delay will avoid similar congestion when multiple nodes are going to delay will avoid similar congestion when multiple nodes are going to
configure addresses by receiving the same single multicast router configure addresses by receiving the same single multicast router
advertisement. advertisement.
Note that when a node joins a multicast address, it typically sends a Note that when a node joins a multicast address, it typically sends a
Multicast Listener Discovery (MLD) report message [RFC2710][RFC3810] Multicast Listener Discovery (MLD) report message [RFC2710][RFC3810]
for the multicast address. In the case of Duplicate Address for the multicast address. In the case of Duplicate Address
Detection, the MLD report message is required in order to inform Detection, the MLD report message is required in order to inform MLD-
MLD-snooping switches, rather than routers, to forward multicast snooping switches, rather than routers, to forward multicast packets.
packets. In the above description, the delay for joining the In the above description, the delay for joining the multicast address
multicast address thus means delaying transmission of the thus means delaying transmission of the corresponding MLD report
corresponding MLD report message. Since the MLD specifications do message. Since the MLD specifications do not request a random delay
not request a random delay to avoid race conditions, just delaying to avoid race conditions, just delaying Neighbor Solicitation would
Neighbor Solicitation would cause congestion by the MLD report cause congestion by the MLD report messages. The congestion would
messages. The congestion would then prevent the MLD-snooping then prevent the MLD-snooping switches from working correctly, and,
switches from working correctly, and, as a result, prevent Duplicate as a result, prevent Duplicate Address Detection from working. The
Address Detection from working. The requirement to include the delay requirement to include the delay for the MLD report in this case
for the MLD report in this case avoids this scenario. [RFC3590] also avoids this scenario. [RFC3590] also talks about some interaction
talks about some interaction issues between Duplicate Address issues between Duplicate Address Detection and MLD, and specifies
Detection and MLD, and specifies which source address should be used which source address should be used for the MLD report in this case.
for the MLD report in this case.
In order to improve the robustness of the Duplicate Address Detection In order to improve the robustness of the Duplicate Address Detection
algorithm, an interface MUST receive and process datagrams sent to algorithm, an interface MUST receive and process datagrams sent to
the all-nodes multicast address or solicited-node multicast address the all-nodes multicast address or solicited-node multicast address
of the tentative address during the delay period. This does not of the tentative address during the delay period. This does not
necessarily conflict with the requirement that joining the multicast necessarily conflict with the requirement that joining the multicast
group be delayed. In fact, in some cases it is possible for a node group be delayed. In fact, in some cases it is possible for a node
to start listening to the group during the delay period before MLD to start listening to the group during the delay period before MLD
report transmission. It should be noted, however, that in some report transmission. It should be noted, however, that in some link-
link-layer environments, particularly with MLD-snooping switches, no layer environments, particularly with MLD-snooping switches, no
multicast reception will be available until the MLD report is sent. multicast reception will be available until the MLD report is sent.
5.4.3 Receiving Neighbor Solicitation Messages 5.4.3 Receiving Neighbor Solicitation Messages
On receipt of a valid Neighbor Solicitation message on an interface, On receipt of a valid Neighbor Solicitation message on an interface,
node behavior depends on whether the target address is tentative or node behavior depends on whether the target address is tentative or
not. If the target address is not tentative (i.e., it is assigned to not. If the target address is not tentative (i.e., it is assigned to
the receiving interface), the solicitation is processed as described the receiving interface), the solicitation is processed as described
in [I-D.ietf-ipv6-2461bis]. If the target address is tentative, and in [I-D.ietf-ipv6-2461bis]. If the target address is tentative, and
the source address is a unicast address, the solicitation's sender is the source address is a unicast address, the solicitation's sender is
skipping to change at page 16, line 4 skipping to change at page 15, line 49
If the source address of the Neighbor Solicitation is the unspecified If the source address of the Neighbor Solicitation is the unspecified
address, the solicitation is from a node performing Duplicate Address address, the solicitation is from a node performing Duplicate Address
Detection. If the solicitation is from another node, the tentative Detection. If the solicitation is from another node, the tentative
address is a duplicate and should not be used (by either node). If address is a duplicate and should not be used (by either node). If
the solicitation is from the node itself (because the node loops back the solicitation is from the node itself (because the node loops back
multicast packets), the solicitation does not indicate the presence multicast packets), the solicitation does not indicate the presence
of a duplicate address. of a duplicate address.
Implementor's Note: many interfaces provide a way for upper layers to Implementor's Note: many interfaces provide a way for upper layers to
selectively enable and disable the looping back of multicast packets. selectively enable and disable the looping back of multicast packets.
The details of how such a facility is implemented may prevent The details of how such a facility is implemented may prevent
Duplicate Address Detection from working correctly. See the Appendix Duplicate Address Detection from working correctly. See the
A for further discussion. Appendix A for further discussion.
The following tests identify conditions under which a tentative The following tests identify conditions under which a tentative
address is not unique: address is not unique:
- If a Neighbor Solicitation for a tentative address is received - If a Neighbor Solicitation for a tentative address is received
prior to having sent one, the tentative address is a duplicate. prior to having sent one, the tentative address is a duplicate.
This condition occurs when two nodes run Duplicate Address This condition occurs when two nodes run Duplicate Address
Detection simultaneously, but transmit initial solicitations at Detection simultaneously, but transmit initial solicitations at
different times (e.g., by selecting different random delay values different times (e.g., by selecting different random delay values
before joining the solicited-node multicast address and before joining the solicited-node multicast address and
skipping to change at page 19, line 44 skipping to change at page 19, line 40
address. We call the remaining time "RemainingLifetime" in the address. We call the remaining time "RemainingLifetime" in the
following discussion: following discussion:
1. If the received Valid Lifetime is greater than 2 hours or 1. If the received Valid Lifetime is greater than 2 hours or
greater than RemainingLifetime, set the valid lifetime of the greater than RemainingLifetime, set the valid lifetime of the
corresponding address to the advertised Valid Lifetime. corresponding address to the advertised Valid Lifetime.
2. If RemainingLifetime is less than or equal to 2 hours, ignore 2. If RemainingLifetime is less than or equal to 2 hours, ignore
the Prefix Information option with regards to the valid the Prefix Information option with regards to the valid
lifetime, unless the Router Advertisement from which this lifetime, unless the Router Advertisement from which this
option was obtained has been authenticated (e.g., via IP option was obtained has been authenticated (e.g., via Secure
security [RFC2402]). If the Router Advertisement was Neighbor Discovery [RFC3971]). If the Router Advertisement
authenticated, the valid lifetime of the corresponding address was authenticated, the valid lifetime of the corresponding
should be set to the Valid Lifetime in the received option. address should be set to the Valid Lifetime in the received
option.
3. Otherwise, reset the valid lifetime of the corresponding 3. Otherwise, reset the valid lifetime of the corresponding
address to two hours. address to two hours.
The above rules address a specific denial of service attack in The above rules address a specific denial of service attack in
which a bogus advertisement could contain prefixes with very small which a bogus advertisement could contain prefixes with very small
Valid Lifetimes. Without the above rules, a single Valid Lifetimes. Without the above rules, a single
unauthenticated advertisement containing bogus Prefix Information unauthenticated advertisement containing bogus Prefix Information
options with short Valid Lifetimes could cause all of a node's options with short Valid Lifetimes could cause all of a node's
addresses to expire prematurely. The above rules ensure that addresses to expire prematurely. The above rules ensure that
skipping to change at page 21, line 22 skipping to change at page 21, line 19
address selection including this case are described in [RFC3484] and address selection including this case are described in [RFC3484] and
beyond the scope of this document. beyond the scope of this document.
An address (and its association with an interface) becomes invalid An address (and its association with an interface) becomes invalid
when its valid lifetime expires. An invalid address MUST NOT be used when its valid lifetime expires. An invalid address MUST NOT be used
as a source address in outgoing communications and MUST NOT be as a source address in outgoing communications and MUST NOT be
recognized as a destination on a receiving interface. recognized as a destination on a receiving interface.
5.6 Configuration Consistency 5.6 Configuration Consistency
It is possible for hosts to obtain address information using both the It is possible for hosts to obtain address information using both
stateless protocol and DHCPv6 since both may be enabled at the same stateless autoconfiguration and DHCPv6 since both may be enabled at
time. It is also possible that the values of other configuration the same time. It is also possible that the values of other
parameters such as MTU size and hop limit will be learned from both configuration parameters such as MTU size and hop limit will be
Router Advertisements and DHCPv6. If the same configuration learned from both Router Advertisements and DHCPv6. If the same
information is provided by multiple sources, the value of this configuration information is provided by multiple sources, the value
information should be consistent. However, it is not considered a of this information should be consistent. However, it is not
fatal error if information received from multiple sources is considered a fatal error if information received from multiple
inconsistent. Hosts accept the union of all information received via sources is inconsistent. Hosts accept the union of all information
the stateless protocol and DHCPv6. If inconsistent information is received via Neighbor Discovery and DHCPv6.
learned from different sources, the most recently obtained values
always have precedence over information learned earlier. If inconsistent information is learned from different sources, an
implementation may want to give information learned securely higher
precedence over information learned without protection. For
instance, Section 8 of [RFC3971] discusses how to deal with
information learned through Secure Neighbor Discovery conflicting
with information learned through plain Neighbor Discovery. The same
discussion can apply to the preference between information learned
through plain Neighbor Discovery and information learned via secured
DHCPv6, and so on.
In any case, if there is no security difference, the most recently
obtained values SHOULD have precedence over information learned
earlier.
5.7 Retaining Configured Addresses for Stability 5.7 Retaining Configured Addresses for Stability
An implementation that has stable storage may want to retain An implementation that has stable storage may want to retain
addresses in the storage when the addresses were acquired using addresses in the storage when the addresses were acquired using
stateless address autoconfiguration. Assuming the lifetimes used are stateless address autoconfiguration. Assuming the lifetimes used are
reasonable, this technique implies that a temporary outage (less than reasonable, this technique implies that a temporary outage (less than
the valid lifetime) of a router will never result in the node losing the valid lifetime) of a router will never result in the node losing
its global address even if the node were to reboot. When this its global address even if the node were to reboot. When this
technique is used, it should also be noted that the expiration times technique is used, it should also be noted that the expiration times
skipping to change at page 22, line 21 skipping to change at page 22, line 27
and use a network, the threat is inherently present in the Internet and use a network, the threat is inherently present in the Internet
architecture. Any node with a physical attachment to a network can architecture. Any node with a physical attachment to a network can
generate an address (using a variety of ad hoc techniques) that generate an address (using a variety of ad hoc techniques) that
provides connectivity. provides connectivity.
The use of stateless address autoconfiguration and Duplicate Address The use of stateless address autoconfiguration and Duplicate Address
Detection opens up the possibility of several denial of service Detection opens up the possibility of several denial of service
attacks. For example, any node can respond to Neighbor Solicitations attacks. For example, any node can respond to Neighbor Solicitations
for a tentative address, causing the other node to reject the address for a tentative address, causing the other node to reject the address
as a duplicate. A separate document [RFC3756] discusses details as a duplicate. A separate document [RFC3756] discusses details
about these attacks. These attacks can be addressed by requiring about these attacks, which can be addressed with the Secure Neighbor
that Neighbor Discovery packets be authenticated with IP security Discovery protocol [RFC3971]. It should also be noted that [RFC3756]
[RFC2402]. However, it should be noted that [RFC3756] points out the points out the use of IP security is not always feasible depending on
use of IP security is not always feasible depending on network network environments.
environments.
7. IANA CONSIDERATIONS 7. IANA CONSIDERATIONS
This document has no actions for IANA. This document has no actions for IANA.
8. Acknowledgements 8. Acknowledgements
The authors would like to thank the members of both the IPNG (which The authors would like to thank the members of both the IPNG (which
is now IPV6) and ADDRCONF working groups for their input. In is now IPV6) and ADDRCONF working groups for their input. In
particular, thanks to Jim Bound, Steve Deering, Richard Draves, and particular, thanks to Jim Bound, Steve Deering, Richard Draves, and
skipping to change at page 23, line 7 skipping to change at page 23, line 10
issues, on which this version is based. In addition to those listed issues, on which this version is based. In addition to those listed
above, the contributors include Jari Arkko, Brian E Carpenter, above, the contributors include Jari Arkko, Brian E Carpenter,
Gregory Daley, Elwyn Davies, Ralph Droms, Jun-ichiro itojun Hagino, Gregory Daley, Elwyn Davies, Ralph Droms, Jun-ichiro itojun Hagino,
Christian Huitema, Suresh Krishnan, Soohong Daniel Park, Markku Christian Huitema, Suresh Krishnan, Soohong Daniel Park, Markku
Savela, Pekka Savola, and Margaret Wasserman. Savela, Pekka Savola, and Margaret Wasserman.
9. References 9. References
9.1 Normative References 9.1 Normative References
[RFC2402] Kent, S. and R. Atkinson, "IP Authentication Header", RFC
2402, November 1998.
[RFC2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet [RFC2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet
Networks", RFC 2464, December 1998. Networks", RFC 2464, December 1998.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6 [RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6
(IPv6) Addressing Architecture", RFC 3513, April 2003. (IPv6) Addressing Architecture", RFC 3513, April 2003.
[I-D.ietf-ipv6-2461bis] [I-D.ietf-ipv6-2461bis]
Narten, T., Nordmark, E., Simpson, W. and H. Soliman, Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", "Neighbor Discovery for IP version 6 (IPv6)",
draft-ietf-ipv6-2461bis-01 (work in progress), October draft-ietf-ipv6-2461bis-02 (work in progress),
2004. February 2005.
Note: this reference is expected to be published in Note: this reference is expected to be published in
parallel with the referring document, both of which will parallel with the referring document, both of which will
be recycled as a draft standard. Upon publication the be recycled as a draft standard. Upon publication the
reference will be updated and this note will be removed. reference will be updated and this note will be removed.
9.2 Informative References 9.2 Informative References
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
M. Carney, "Dynamic Host Configuration Protocol for IPv6 and M. Carney, "Dynamic Host Configuration Protocol for
(DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3484] Draves, R., "Default Address Selection for Internet [RFC3484] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003. Protocol version 6 (IPv6)", RFC 3484, February 2003.
[RFC3041] Narten, T. and R. Draves, "Privacy Extensions for [RFC3041] Narten, T. and R. Draves, "Privacy Extensions for
Stateless Address Autoconfiguration in IPv6", RFC 3041, Stateless Address Autoconfiguration in IPv6", RFC 3041,
January 2001. January 2001.
[I-D.ietf-send-cga] [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)",
Aura, T., "Cryptographically Generated Addresses (CGA)", RFC 3972, March 2005.
draft-ietf-send-cga-06 (work in progress), April 2004.
[RFC2710] Deering, S., Fenner, W. and B. Haberman, "Multicast [RFC2710] Deering, S., Fenner, W., and B. Haberman, "Multicast
Listener Discovery (MLD) for IPv6", RFC 2710, October Listener Discovery (MLD) for IPv6", RFC 2710,
1999. October 1999.
[RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery [RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery
Version 2 (MLDv2) for IPv6", RFC 3810, June 2004. Version 2 (MLDv2) for IPv6", RFC 3810, June 2004.
[RFC3590] Haberman, B., "Source Address Selection for the Multicast [RFC3590] Haberman, B., "Source Address Selection for the Multicast
Listener Discovery (MLD) Protocol", RFC 3590, September Listener Discovery (MLD) Protocol", RFC 3590,
2003. September 2003.
[RFC3756] Nikander, P., Kempf, J. and E. Nordmark, "IPv6 Neighbor [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure
Discovery (ND) Trust Models and Threats", RFC 3756, May Neighbor Discovery (SEND)", RFC 3971, March 2005.
2004.
[RFC3756] Nikander, P., Kempf, J., and E. Nordmark, "IPv6 Neighbor
Discovery (ND) Trust Models and Threats", RFC 3756,
May 2004.
[RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5,
RFC 1112, August 1989. RFC 1112, August 1989.
[IEEE802.11] [IEEE802.11]
IEEE, "Wireless LAN Medium Access Control (MAC) and IEEE, "Wireless LAN Medium Access Control (MAC) and
Physical Layer (PHY) Specifications", ANSI/IEEE STd Physical Layer (PHY) Specifications", ANSI/IEEE
802.11, August 1999. STd 802.11, August 1999.
Authors' Addresses Authors' Addresses
Susan Thomson Susan Thomson
Cisco Systems Cisco Systems
EMail: sethomso@cisco.com Email: sethomso@cisco.com
Thomas Narten Thomas Narten
IBM Corporation IBM Corporation
P.O. Box 12195 P.O. Box 12195
Research Triangle Park, NC 27709-2195 Research Triangle Park, NC 27709-2195
USA USA
Phone: +1 919-254-7798 Phone: +1 919-254-7798
EMail: narten@us.ibm.com Email: narten@us.ibm.com
Tatuya Jinmei Tatuya Jinmei
Corporate Research & Development Center, Toshiba Corporation Corporate Research & Development Center, Toshiba Corporation
1 Komukai Toshiba-cho, Saiwai-ku 1 Komukai Toshiba-cho, Saiwai-ku
Kawasaki-shi, Kanagawa 212-8582 Kawasaki-shi, Kanagawa 212-8582
Japan Japan
Phone: +81 44-549-2230 Phone: +81 44-549-2230
EMail: jinmei@isl.rdc.toshiba.co.jp Email: jinmei@isl.rdc.toshiba.co.jp
Appendix A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION Appendix A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION
Determining whether a received multicast solicitation was looped back Determining whether a received multicast solicitation was looped back
to the sender or actually came from another node is implementation- to the sender or actually came from another node is implementation-
dependent. A problematic case occurs when two interfaces attached to dependent. A problematic case occurs when two interfaces attached to
the same link happen to have the same identifier and link-layer the same link happen to have the same identifier and link-layer
address, and they both send out packets with identical contents at address, and they both send out packets with identical contents at
roughly the same time (e.g., Neighbor Solicitations for a tentative roughly the same time (e.g., Neighbor Solicitations for a tentative
address as part of Duplicate Address Detection messages). Although a address as part of Duplicate Address Detection messages). Although a
skipping to change at page 26, line 7 skipping to change at page 26, line 11
interface, it will also discard packets from other nodes also interface, it will also discard packets from other nodes also
using the same link-layer address, including Neighbor using the same link-layer address, including Neighbor
Advertisement and Neighbor Solicitation messages required to make Advertisement and Neighbor Solicitation messages required to make
Duplicate Address Detection work correctly. This particular Duplicate Address Detection work correctly. This particular
problem can be avoided by temporarily disabling the software problem can be avoided by temporarily disabling the software
suppression of loopbacks while a node performs Duplicate Address suppression of loopbacks while a node performs Duplicate Address
Detection, if it is possible to disable the suppression. Detection, if it is possible to disable the suppression.
o If a node that is already using a particular IP address discards o If a node that is already using a particular IP address discards
received packets having the same link-layer source address as the received packets having the same link-layer source address as the
interface, it will also discard Duplicate Address interface, it will also discard Duplicate Address Detection-
Detection-related Neighbor Solicitation messages sent by another related Neighbor Solicitation messages sent by another node also
node also using the same link-layer address. Consequently, using the same link-layer address. Consequently, Duplicate
Duplicate Address Detection will fail, and the other node will Address Detection will fail, and the other node will configure a
configure a non-unique address. Since it is generally impossible non-unique address. Since it is generally impossible to know when
to know when another node is performing Duplicate Address another node is performing Duplicate Address Detection, this
Detection, this scenario can be avoided only if software scenario can be avoided only if software suppression of loopback
suppression of loopback is permanently disabled. is permanently disabled.
Thus, to perform Duplicate Address Detection correctly in the case Thus, to perform Duplicate Address Detection correctly in the case
where two interfaces are using the same link-layer address, an where two interfaces are using the same link-layer address, an
implementation must have a good understanding of the interface's implementation must have a good understanding of the interface's
multicast loopback semantics, and the interface cannot discard multicast loopback semantics, and the interface cannot discard
received packets simply because the source link-layer address is the received packets simply because the source link-layer address is the
same as the interface's. It should also be noted that a link-layer same as the interface's. It should also be noted that a link-layer
specification can conflict with the condition necessary to make specification can conflict with the condition necessary to make
Duplicate Address Detection work. Duplicate Address Detection work.
skipping to change at page 27, line 26 skipping to change at page 27, line 32
o Recommended to perform Duplicate Address Detection for all unicast o Recommended to perform Duplicate Address Detection for all unicast
addresses more strongly, considering a variety of different addresses more strongly, considering a variety of different
interface identifiers, while keeping care of existing interface identifiers, while keeping care of existing
implementations. implementations.
o Clarified wording in Section 5.5.4 to make clear that a deprecated o Clarified wording in Section 5.5.4 to make clear that a deprecated
address specified by an application should be used for any address specified by an application should be used for any
communication. communication.
o Clarified the prefix check described in Section 5.5.3 using more o Clarified the prefix check described in Section 5.5.3 using more
appropriate terms and that the check is done against the prefixes appropriate terms and that the check is done against the prefixes
of addresses configured by stateless autoconfiguration. of addresses configured by stateless autoconfiguration.
o Revised the Security Considerations section with a reference to o Changed the references to the IP security Authentication Header to
RFC 3756 and a note that the use of IP security is not always references to RFC 3971 (Secure Neighbor Discovery). Also revised
feasible. the Security Considerations section with a reference to RFC 3756.
o Added a note when an implementation uses stable storage for o Added a note when an implementation uses stable storage for
autoconfigured addresses. autoconfigured addresses.
o Added consideration about preference between inconsistent
information sets, one from a secured source and the other learned
without protection.
Other miscellaneous clarifications: Other miscellaneous clarifications:
o Removed references to site-local and revised wording around the o Removed references to site-local and revised wording around the
keyword. keyword.
o Removed redundant code in denial of service protection in Section o Removed redundant code in denial of service protection in
5.5.3. Section 5.5.3.
o Clarified that a unicasted Neighbor Solicitation or Advertisement o Clarified that a unicasted Neighbor Solicitation or Advertisement
should be discarded while performing Duplicate Address Detection. should be discarded while performing Duplicate Address Detection.
o Noted in Section 5.3 that an interface can be considered as
becoming enabled when a wireless access point changes.
Appendix D. CHANGE HISTORY Appendix D. CHANGE HISTORY
[NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION UPON PUBLICATION.] [NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION UPON PUBLICATION.]
Changes in draft-ietf-ipv6-rfc2462bis-00.txt since RFC 2462 are: Changes in draft-ietf-ipv6-rfc2462bis-00.txt since RFC 2462 are:
o Fixed a typo in Section 2. o Fixed a typo in Section 2.
o Updated references and categorized them into normative and o Updated references and categorized them into normative and
informative ones. informative ones.
skipping to change at page 29, line 4 skipping to change at page 29, line 16
autoconfigured addresses. autoconfigured addresses.
o Resolved conflict with the Multicast Listener Discovery o Resolved conflict with the Multicast Listener Discovery
specification about random delay for the first packet from the specification about random delay for the first packet from the
host. host.
o Clarified the semantics of the M and O flags based on the latest o Clarified the semantics of the M and O flags based on the latest
standard and operational status. In particular, clarified that standard and operational status. In particular, clarified that
these flags show the availability of the stateful protocol instead these flags show the availability of the stateful protocol instead
of a trigger to invoke the stateful protocol. ManagedFlag and of a trigger to invoke the stateful protocol. ManagedFlag and
OtherConfigFlag, which were implementation-internal variables, OtherConfigFlag, which were implementation-internal variables,
were removed accordingly. were removed accordingly.
o Recommended to perform Duplicate Address Detection for all unicast o Recommended to perform Duplicate Address Detection for all unicast
addresses more strongly, considering a variety of different addresses more strongly, considering a variety of different
interface identifiers, while keeping care of existing interface identifiers, while keeping care of existing
implementations. implementations.
o Added a requirement for a random delay before sending Neighbor o Added a requirement for a random delay before sending Neighbor
Solicitations for Duplicate Address Detection if the address being Solicitations for Duplicate Address Detection if the address being
checked is configured by a multicasted Router Advertisements. checked is configured by a multicasted Router Advertisement.
o Clarified that the prefix comparison in Section 5.5.3 is based on o Clarified that the prefix comparison in Section 5.5.3 is based on
exact match. Also clarified the comparison described in this exact match. Also clarified the comparison described in this
document concentrates on addresses configured by the stateless document concentrates on addresses configured by the stateless
mechanism. mechanism.
o Revisited the author list. o Revisited the author list.
o Added IANA Considerations Section. o Added IANA Considerations Section.
Changes since draft-ietf-ipv6-rfc2462bis-02.txt are: Changes since draft-ietf-ipv6-rfc2462bis-02.txt are:
o Updated the I-D / IPR boilerplate to the latest ones. Applied o Updated the I-D / IPR boilerplate to the latest ones. Applied
skipping to change at page 31, line 5 skipping to change at page 30, line 33
o Noted that the host should make sure that an autoconfigured global o Noted that the host should make sure that an autoconfigured global
address is not yet in the address list before adding it to the address is not yet in the address list before adding it to the
list. list.
o Replaced "stateful configuration" with "DHCPv6". o Replaced "stateful configuration" with "DHCPv6".
o Added a reference to [RFC3513] from Section 4. o Added a reference to [RFC3513] from Section 4.
o Changed wording about Duplicate Address Detection in Section 4 to o Changed wording about Duplicate Address Detection in Section 4 to
avoid confusion on the requirement level. avoid confusion on the requirement level.
o Clarified that the use of the RFC2119 keywords is intentionally o Clarified that the use of the RFC2119 keywords is intentionally
limited to the protocol specification (Section 5). limited to the protocol specification (Section 5).
Changes since draft-ietf-ipv6-rfc2462bis-07.txt are:
o Noted in Section 5.3 that an interface can be considered as
becoming enabled when a wireless access point changes.
o Changed the references to IPsec Authentication Header to
references to SEND [RFC3971], and categorized the new reference as
informative.
o Added consideration about preference between inconsistent
information sets, one from a secured source and the other learned
without protection.
Intellectual Property Statement Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
skipping to change at page 31, line 41 skipping to change at page 31, line 41
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights. except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/