| draft-ietf-ipv6-rfc2462bis-07.txt | draft-ietf-ipv6-rfc2462bis-08.txt | |||
|---|---|---|---|---|
| IETF IPv6 Working Group S. Thomson | IETF IPv6 Working Group S. Thomson | |||
| Internet-Draft Cisco | Internet-Draft Cisco | |||
| Expires: June 10, 2005 T. Narten | Expires: November 13, 2005 T. Narten | |||
| IBM | IBM | |||
| T. Jinmei | T. Jinmei | |||
| Toshiba | Toshiba | |||
| December 10, 2004 | May 12, 2005 | |||
| IPv6 Stateless Address Autoconfiguration | IPv6 Stateless Address Autoconfiguration | |||
| draft-ietf-ipv6-rfc2462bis-07.txt | draft-ietf-ipv6-rfc2462bis-08.txt | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is subject to all provisions | By submitting this Internet-Draft, each author represents that any | |||
| of section 3 of RFC 3667. By submitting this Internet-Draft, each | applicable patent or other IPR claims of which he or she is aware | |||
| author represents that any applicable patent or other IPR claims of | have been or will be disclosed, and any of which he or she becomes | |||
| which he or she is aware have been or will be disclosed, and any of | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| which he or she become aware will be disclosed, in accordance with | ||||
| RFC 3668. | ||||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as | other groups may also distribute working documents as Internet- | |||
| Internet-Drafts. | Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on June 10, 2005. | This Internet-Draft will expire on November 13, 2005. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (2004). | Copyright (C) The Internet Society (2005). | |||
| Abstract | Abstract | |||
| This document specifies the steps a host takes in deciding how to | This document specifies the steps a host takes in deciding how to | |||
| autoconfigure its interfaces in IP version 6. The autoconfiguration | autoconfigure its interfaces in IP version 6. The autoconfiguration | |||
| process includes generating a link-local address, generating global | process includes generating a link-local address, generating global | |||
| addresses via stateless address autoconfiguration, and the Duplicate | addresses via stateless address autoconfiguration, and the Duplicate | |||
| Address Detection procedure to verify the uniqueness of the addresses | Address Detection procedure to verify the uniqueness of the addresses | |||
| on a link. | on a link. | |||
| skipping to change at page 2, line 36 | skipping to change at page 2, line 35 | |||
| 5.5.1 Soliciting Router Advertisements . . . . . . . . . . . 17 | 5.5.1 Soliciting Router Advertisements . . . . . . . . . . . 17 | |||
| 5.5.2 Absence of Router Advertisements . . . . . . . . . . . 17 | 5.5.2 Absence of Router Advertisements . . . . . . . . . . . 17 | |||
| 5.5.3 Router Advertisement Processing . . . . . . . . . . . 18 | 5.5.3 Router Advertisement Processing . . . . . . . . . . . 18 | |||
| 5.5.4 Address Lifetime Expiry . . . . . . . . . . . . . . . 20 | 5.5.4 Address Lifetime Expiry . . . . . . . . . . . . . . . 20 | |||
| 5.6 Configuration Consistency . . . . . . . . . . . . . . . . 21 | 5.6 Configuration Consistency . . . . . . . . . . . . . . . . 21 | |||
| 5.7 Retaining Configured Addresses for Stability . . . . . . . 21 | 5.7 Retaining Configured Addresses for Stability . . . . . . . 21 | |||
| 6. SECURITY CONSIDERATIONS . . . . . . . . . . . . . . . . . . . 22 | 6. SECURITY CONSIDERATIONS . . . . . . . . . . . . . . . . . . . 22 | |||
| 7. IANA CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . 22 | 7. IANA CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 22 | 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 9.1 Normative References . . . . . . . . . . . . . . . . . . . . 23 | 9.1 Normative References . . . . . . . . . . . . . . . . . . . 23 | |||
| 9.2 Informative References . . . . . . . . . . . . . . . . . . . 23 | 9.2 Informative References . . . . . . . . . . . . . . . . . . 23 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 24 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 24 | |||
| A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION . . . . . . 24 | A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION . . . . . . 24 | |||
| B. CHANGES SINCE RFC 1971 . . . . . . . . . . . . . . . . . . . . 26 | B. CHANGES SINCE RFC 1971 . . . . . . . . . . . . . . . . . . . . 26 | |||
| C. CHANGES SINCE RFC 2462 . . . . . . . . . . . . . . . . . . . . 26 | C. CHANGES SINCE RFC 2462 . . . . . . . . . . . . . . . . . . . . 26 | |||
| D. CHANGE HISTORY . . . . . . . . . . . . . . . . . . . . . . . . 27 | D. CHANGE HISTORY . . . . . . . . . . . . . . . . . . . . . . . . 27 | |||
| Intellectual Property and Copyright Statements . . . . . . . . 31 | Intellectual Property and Copyright Statements . . . . . . . . 31 | |||
| 1. INTRODUCTION | 1. INTRODUCTION | |||
| This document specifies the steps a host takes in deciding how to | This document specifies the steps a host takes in deciding how to | |||
| skipping to change at page 4, line 49 | skipping to change at page 4, line 49 | |||
| protocols being "tunneled" over (i.e., encapsulated in) IP such as | protocols being "tunneled" over (i.e., encapsulated in) IP such as | |||
| IPX, AppleTalk, or IP itself. | IPX, AppleTalk, or IP itself. | |||
| link - a communication facility or medium over which nodes can | link - a communication facility or medium over which nodes can | |||
| communicate at the link layer, i.e., the layer immediately below | communicate at the link layer, i.e., the layer immediately below | |||
| IP. Examples are Ethernets (simple or bridged); PPP links; X.25, | IP. Examples are Ethernets (simple or bridged); PPP links; X.25, | |||
| Frame Relay, or ATM networks; and internet (or higher) layer | Frame Relay, or ATM networks; and internet (or higher) layer | |||
| "tunnels", such as tunnels over IPv4 or IPv6 itself. The protocol | "tunnels", such as tunnels over IPv4 or IPv6 itself. The protocol | |||
| described in this document will be used on all types of links | described in this document will be used on all types of links | |||
| unless specified otherwise in the link type specific document | unless specified otherwise in the link type specific document | |||
| describing how to operate IP on the link in line with | describing how to operate IP on the link in line with [I-D.ietf- | |||
| [I-D.ietf-ipv6-2461bis]. | ipv6-2461bis]. | |||
| interface - a node's attachment to a link. | interface - a node's attachment to a link. | |||
| packet - an IP header plus payload. | packet - an IP header plus payload. | |||
| address - an IP-layer identifier for an interface or a set of | address - an IP-layer identifier for an interface or a set of | |||
| interfaces. | interfaces. | |||
| unicast address - an identifier for a single interface. A packet | unicast address - an identifier for a single interface. A packet | |||
| sent to a unicast address is delivered to the interface identified | sent to a unicast address is delivered to the interface identified | |||
| skipping to change at page 7, line 25 | skipping to change at page 7, line 25 | |||
| Stateless autoconfiguration is designed with the following goals in | Stateless autoconfiguration is designed with the following goals in | |||
| mind: | mind: | |||
| o Manual configuration of individual machines before connecting them | o Manual configuration of individual machines before connecting them | |||
| to the network should not be required. Consequently, a mechanism | to the network should not be required. Consequently, a mechanism | |||
| is needed that allows a host to obtain or create unique addresses | is needed that allows a host to obtain or create unique addresses | |||
| for each of its interfaces. Address autoconfiguration assumes | for each of its interfaces. Address autoconfiguration assumes | |||
| that each interface can provide a unique identifier for that | that each interface can provide a unique identifier for that | |||
| interface (i.e., an "interface identifier"). In the simplest | interface (i.e., an "interface identifier"). In the simplest | |||
| case, an interface identifier consists of the interface's | case, an interface identifier consists of the interface's link- | |||
| link-layer address. An interface identifier can be combined with | layer address. An interface identifier can be combined with a | |||
| a prefix to form an address. | prefix to form an address. | |||
| o Small sites consisting of a set of machines attached to a single | o Small sites consisting of a set of machines attached to a single | |||
| link should not require the presence of a DHCPv6 server or router | link should not require the presence of a DHCPv6 server or router | |||
| as a prerequisite for communicating. Plug-and-play communication | as a prerequisite for communicating. Plug-and-play communication | |||
| is achieved through the use of link-local addresses. Link-local | is achieved through the use of link-local addresses. Link-local | |||
| addresses have a well-known prefix that identifies the (single) | addresses have a well-known prefix that identifies the (single) | |||
| shared link to which a set of nodes attach. A host forms a | shared link to which a set of nodes attach. A host forms a link- | |||
| link-local address by appending its interface identifier to the | local address by appending its interface identifier to the link- | |||
| link-local prefix. | local prefix. | |||
| o A large site with multiple networks and routers should not require | o A large site with multiple networks and routers should not require | |||
| the presence of a DHCPv6 server for address configuration. In | the presence of a DHCPv6 server for address configuration. In | |||
| order to generate global addresses, hosts must determine the | order to generate global addresses, hosts must determine the | |||
| prefixes that identify the subnets to which they attach. Routers | prefixes that identify the subnets to which they attach. Routers | |||
| generate periodic Router Advertisements that include options | generate periodic Router Advertisements that include options | |||
| listing the set of active prefixes on a link. | listing the set of active prefixes on a link. | |||
| o Address configuration should facilitate the graceful renumbering | o Address configuration should facilitate the graceful renumbering | |||
| of a site's machines. For example, a site may wish to renumber | of a site's machines. For example, a site may wish to renumber | |||
| skipping to change at page 9, line 7 | skipping to change at page 9, line 7 | |||
| The next phase of autoconfiguration involves obtaining a Router | The next phase of autoconfiguration involves obtaining a Router | |||
| Advertisement or determining that no routers are present. If routers | Advertisement or determining that no routers are present. If routers | |||
| are present, they will send Router Advertisements that specify what | are present, they will send Router Advertisements that specify what | |||
| sort of autoconfiguration a host can do. Note that the DHCPv6 | sort of autoconfiguration a host can do. Note that the DHCPv6 | |||
| service for address configuration may still be available even if no | service for address configuration may still be available even if no | |||
| routers are present. | routers are present. | |||
| Routers send Router Advertisements periodically, but the delay | Routers send Router Advertisements periodically, but the delay | |||
| between successive advertisements will generally be longer than a | between successive advertisements will generally be longer than a | |||
| host performing autoconfiguration will want to wait | host performing autoconfiguration will want to wait [I-D.ietf-ipv6- | |||
| [I-D.ietf-ipv6-2461bis]. To obtain an advertisement quickly, a host | 2461bis]. To obtain an advertisement quickly, a host sends one or | |||
| sends one or more Router Solicitations to the all-routers multicast | more Router Solicitations to the all-routers multicast group. | |||
| group. | ||||
| Router Advertisements also contain zero or more Prefix Information | Router Advertisements also contain zero or more Prefix Information | |||
| options that contain information used by stateless address | options that contain information used by stateless address | |||
| autoconfiguration to generate global addresses. It should be noted | autoconfiguration to generate global addresses. It should be noted | |||
| that a host may use both stateless address autoconfiguration and | that a host may use both stateless address autoconfiguration and | |||
| DHCPv6 simultaneously. One Prefix Information option field, the | DHCPv6 simultaneously. One Prefix Information option field, the | |||
| "autonomous address-configuration flag", indicates whether or not the | "autonomous address-configuration flag", indicates whether or not the | |||
| option even applies to stateless autoconfiguration. If it does, | option even applies to stateless autoconfiguration. If it does, | |||
| additional option fields contain a subnet prefix together with | additional option fields contain a subnet prefix together with | |||
| lifetime values indicating how long addresses created from the prefix | lifetime values indicating how long addresses created from the prefix | |||
| skipping to change at page 9, line 38 | skipping to change at page 9, line 37 | |||
| By default, all addresses should be tested for uniqueness prior to | By default, all addresses should be tested for uniqueness prior to | |||
| their assignment to an interface for safety. The test should | their assignment to an interface for safety. The test should | |||
| individually be performed on all addresses obtained manually, via | individually be performed on all addresses obtained manually, via | |||
| stateless address autoconfiguration, or via DHCPv6. To accommodate | stateless address autoconfiguration, or via DHCPv6. To accommodate | |||
| sites that believe the overhead of performing Duplicate Address | sites that believe the overhead of performing Duplicate Address | |||
| Detection outweighs its benefits, the use of Duplicate Address | Detection outweighs its benefits, the use of Duplicate Address | |||
| Detection can be disabled through the administrative setting of a | Detection can be disabled through the administrative setting of a | |||
| per-interface configuration flag. | per-interface configuration flag. | |||
| To speed the autoconfiguration process, a host may generate its | To speed the autoconfiguration process, a host may generate its link- | |||
| link-local address (and verify its uniqueness) in parallel with | local address (and verify its uniqueness) in parallel with waiting | |||
| waiting for a Router Advertisement. Because a router may delay | for a Router Advertisement. Because a router may delay responding to | |||
| responding to a Router Solicitation for a few seconds, the total time | a Router Solicitation for a few seconds, the total time needed to | |||
| needed to complete autoconfiguration can be significantly longer if | complete autoconfiguration can be significantly longer if the two | |||
| the two steps are done serially. | steps are done serially. | |||
| 4.1 Site Renumbering | 4.1 Site Renumbering | |||
| Address leasing facilitates site renumbering by providing a mechanism | Address leasing facilitates site renumbering by providing a mechanism | |||
| to time-out addresses assigned to interfaces in hosts. At present, | to time-out addresses assigned to interfaces in hosts. At present, | |||
| upper layer protocols such as TCP provide no support for changing | upper layer protocols such as TCP provide no support for changing | |||
| end-point addresses while a connection is open. If an end-point | end-point addresses while a connection is open. If an end-point | |||
| address becomes invalid, existing connections break and all | address becomes invalid, existing connections break and all | |||
| communication to the invalid address fails. Even when applications | communication to the invalid address fails. Even when applications | |||
| use UDP as a transport protocol, addresses must generally remain the | use UDP as a transport protocol, addresses must generally remain the | |||
| skipping to change at page 10, line 34 | skipping to change at page 10, line 33 | |||
| itself before starting a new communication or may leave the address | itself before starting a new communication or may leave the address | |||
| unspecified, in which case the upper networking layers will use the | unspecified, in which case the upper networking layers will use the | |||
| mechanism provided by the IP layer to choose a suitable address on | mechanism provided by the IP layer to choose a suitable address on | |||
| the application's behalf. | the application's behalf. | |||
| Detailed address selection rules are beyond the scope of this | Detailed address selection rules are beyond the scope of this | |||
| document and are described in [RFC3484]. | document and are described in [RFC3484]. | |||
| 5. PROTOCOL SPECIFICATION | 5. PROTOCOL SPECIFICATION | |||
| Autoconfiguration is performed on a per-interface basis on | Autoconfiguration is performed on a per-interface basis on multicast- | |||
| multicast-capable interfaces. For multihomed hosts, | capable interfaces. For multihomed hosts, autoconfiguration is | |||
| autoconfiguration is performed independently on each interface. | performed independently on each interface. Autoconfiguration applies | |||
| Autoconfiguration applies primarily to hosts, with two exceptions. | primarily to hosts, with two exceptions. Routers are expected to | |||
| Routers are expected to generate a link-local address using the | generate a link-local address using the procedure outlined below. In | |||
| procedure outlined below. In addition, routers perform Duplicate | addition, routers perform Duplicate Address Detection on all | |||
| Address Detection on all addresses prior to assigning them to an | addresses prior to assigning them to an interface. | |||
| interface. | ||||
| 5.1 Node Configuration Variables | 5.1 Node Configuration Variables | |||
| A node MUST allow the following autoconfiguration-related variable to | A node MUST allow the following autoconfiguration-related variable to | |||
| be configured by system management for each multicast-capable | be configured by system management for each multicast-capable | |||
| interface: | interface: | |||
| DupAddrDetectTransmits | DupAddrDetectTransmits | |||
| The number of consecutive Neighbor Solicitation messages sent | The number of consecutive Neighbor Solicitation messages sent | |||
| skipping to change at page 11, line 47 | skipping to change at page 11, line 41 | |||
| A node forms a link-local address whenever an interface becomes | A node forms a link-local address whenever an interface becomes | |||
| enabled. An interface may become enabled after any of the following | enabled. An interface may become enabled after any of the following | |||
| events: | events: | |||
| - The interface is initialized at system startup time. | - The interface is initialized at system startup time. | |||
| - The interface is reinitialized after a temporary interface failure | - The interface is reinitialized after a temporary interface failure | |||
| or after being temporarily disabled by system management. | or after being temporarily disabled by system management. | |||
| - The interface attaches to a link for the first time. | - The interface attaches to a link for the first time. This | |||
| includes the case where the attached link is dynamically changed | ||||
| due to a change of the access point of wireless networks. | ||||
| - The interface becomes enabled by system management after having | - The interface becomes enabled by system management after having | |||
| been administratively disabled. | been administratively disabled. | |||
| A link-local address is formed by combining the well-known link-local | A link-local address is formed by combining the well-known link-local | |||
| prefix FE80::0 [RFC3513] (of appropriate length) with the interface | prefix FE80::0 [RFC3513] (of appropriate length) with the interface | |||
| identifier as follows: | identifier as follows: | |||
| 1. The left-most 'prefix length' bits of the address are those of | 1. The left-most 'prefix length' bits of the address are those of | |||
| the link-local prefix. | the link-local prefix. | |||
| 2. The bits in the address to the right of the link-local prefix are | 2. The bits in the address to the right of the link-local prefix are | |||
| set to all zeroes. | set to all zeroes. | |||
| 3. If the length of the interface identifier is N bits, the | 3. If the length of the interface identifier is N bits, the right- | |||
| right-most N bits of the address are replaced by the interface | most N bits of the address are replaced by the interface | |||
| identifier. | identifier. | |||
| If the sum of the link-local prefix length and N is larger than 128, | If the sum of the link-local prefix length and N is larger than 128, | |||
| autoconfiguration fails and manual configuration is required. The | autoconfiguration fails and manual configuration is required. The | |||
| length of the interface identifier is defined in a separate link-type | length of the interface identifier is defined in a separate link-type | |||
| specific document, which should also be consistent with the address | specific document, which should also be consistent with the address | |||
| architecture [RFC3513] (see Section 2). These documents will | architecture [RFC3513] (see Section 2). These documents will | |||
| carefully define the length so that link-local addresses can be | carefully define the length so that link-local addresses can be | |||
| autoconfigured on the link. | autoconfigured on the link. | |||
| skipping to change at page 13, line 6 | skipping to change at page 12, line 52 | |||
| Duplicate Address Detection for the link-local address and skip | Duplicate Address Detection for the link-local address and skip | |||
| the test for the global address using the same interface | the test for the global address using the same interface | |||
| identifier as that of the link-local address. Whereas this | identifier as that of the link-local address. Whereas this | |||
| document does not invalidate such implementations, this kind of | document does not invalidate such implementations, this kind of | |||
| "optimization" is NOT RECOMMENDED, and new implementations MUST | "optimization" is NOT RECOMMENDED, and new implementations MUST | |||
| NOT do that optimization. This optimization came from the | NOT do that optimization. This optimization came from the | |||
| assumption that all of an interface's addresses are generated from | assumption that all of an interface's addresses are generated from | |||
| the same identifier. However, the assumption does actually not | the same identifier. However, the assumption does actually not | |||
| stand; new types of addresses have been introduced where the | stand; new types of addresses have been introduced where the | |||
| interface identifiers are not necessarily the same for all unicast | interface identifiers are not necessarily the same for all unicast | |||
| addresses on a single interface [RFC3041][I-D.ietf-send-cga]. | addresses on a single interface [RFC3041] [RFC3972]. Requiring to | |||
| Requiring to perform Duplicate Address Detection for all unicast | perform Duplicate Address Detection for all unicast addresses will | |||
| addresses will make the algorithm robust for the current and | make the algorithm robust for the current and future such special | |||
| future such special interface identifiers. | interface identifiers. | |||
| The procedure for detecting duplicate addresses uses Neighbor | The procedure for detecting duplicate addresses uses Neighbor | |||
| Solicitation and Advertisement messages as described below. If a | Solicitation and Advertisement messages as described below. If a | |||
| duplicate address is discovered during the procedure, the address | duplicate address is discovered during the procedure, the address | |||
| cannot be assigned to the interface. If the address is derived from | cannot be assigned to the interface. If the address is derived from | |||
| an interface identifier, a new identifier will need to be assigned to | an interface identifier, a new identifier will need to be assigned to | |||
| the interface, or all IP addresses for the interface will need to be | the interface, or all IP addresses for the interface will need to be | |||
| manually configured. Note that the method for detecting duplicates | manually configured. Note that the method for detecting duplicates | |||
| is not completely reliable, and it is possible that duplicate | is not completely reliable, and it is possible that duplicate | |||
| addresses will still exist (e.g., if the link was partitioned while | addresses will still exist (e.g., if the link was partitioned while | |||
| skipping to change at page 14, line 51 | skipping to change at page 14, line 50 | |||
| multicast address by a random delay between 0 and | multicast address by a random delay between 0 and | |||
| MAX_RTR_SOLICITATION_DELAY if the address being checked is configured | MAX_RTR_SOLICITATION_DELAY if the address being checked is configured | |||
| by a router advertisement message sent to a multicast address. The | by a router advertisement message sent to a multicast address. The | |||
| delay will avoid similar congestion when multiple nodes are going to | delay will avoid similar congestion when multiple nodes are going to | |||
| configure addresses by receiving the same single multicast router | configure addresses by receiving the same single multicast router | |||
| advertisement. | advertisement. | |||
| Note that when a node joins a multicast address, it typically sends a | Note that when a node joins a multicast address, it typically sends a | |||
| Multicast Listener Discovery (MLD) report message [RFC2710][RFC3810] | Multicast Listener Discovery (MLD) report message [RFC2710][RFC3810] | |||
| for the multicast address. In the case of Duplicate Address | for the multicast address. In the case of Duplicate Address | |||
| Detection, the MLD report message is required in order to inform | Detection, the MLD report message is required in order to inform MLD- | |||
| MLD-snooping switches, rather than routers, to forward multicast | snooping switches, rather than routers, to forward multicast packets. | |||
| packets. In the above description, the delay for joining the | In the above description, the delay for joining the multicast address | |||
| multicast address thus means delaying transmission of the | thus means delaying transmission of the corresponding MLD report | |||
| corresponding MLD report message. Since the MLD specifications do | message. Since the MLD specifications do not request a random delay | |||
| not request a random delay to avoid race conditions, just delaying | to avoid race conditions, just delaying Neighbor Solicitation would | |||
| Neighbor Solicitation would cause congestion by the MLD report | cause congestion by the MLD report messages. The congestion would | |||
| messages. The congestion would then prevent the MLD-snooping | then prevent the MLD-snooping switches from working correctly, and, | |||
| switches from working correctly, and, as a result, prevent Duplicate | as a result, prevent Duplicate Address Detection from working. The | |||
| Address Detection from working. The requirement to include the delay | requirement to include the delay for the MLD report in this case | |||
| for the MLD report in this case avoids this scenario. [RFC3590] also | avoids this scenario. [RFC3590] also talks about some interaction | |||
| talks about some interaction issues between Duplicate Address | issues between Duplicate Address Detection and MLD, and specifies | |||
| Detection and MLD, and specifies which source address should be used | which source address should be used for the MLD report in this case. | |||
| for the MLD report in this case. | ||||
| In order to improve the robustness of the Duplicate Address Detection | In order to improve the robustness of the Duplicate Address Detection | |||
| algorithm, an interface MUST receive and process datagrams sent to | algorithm, an interface MUST receive and process datagrams sent to | |||
| the all-nodes multicast address or solicited-node multicast address | the all-nodes multicast address or solicited-node multicast address | |||
| of the tentative address during the delay period. This does not | of the tentative address during the delay period. This does not | |||
| necessarily conflict with the requirement that joining the multicast | necessarily conflict with the requirement that joining the multicast | |||
| group be delayed. In fact, in some cases it is possible for a node | group be delayed. In fact, in some cases it is possible for a node | |||
| to start listening to the group during the delay period before MLD | to start listening to the group during the delay period before MLD | |||
| report transmission. It should be noted, however, that in some | report transmission. It should be noted, however, that in some link- | |||
| link-layer environments, particularly with MLD-snooping switches, no | layer environments, particularly with MLD-snooping switches, no | |||
| multicast reception will be available until the MLD report is sent. | multicast reception will be available until the MLD report is sent. | |||
| 5.4.3 Receiving Neighbor Solicitation Messages | 5.4.3 Receiving Neighbor Solicitation Messages | |||
| On receipt of a valid Neighbor Solicitation message on an interface, | On receipt of a valid Neighbor Solicitation message on an interface, | |||
| node behavior depends on whether the target address is tentative or | node behavior depends on whether the target address is tentative or | |||
| not. If the target address is not tentative (i.e., it is assigned to | not. If the target address is not tentative (i.e., it is assigned to | |||
| the receiving interface), the solicitation is processed as described | the receiving interface), the solicitation is processed as described | |||
| in [I-D.ietf-ipv6-2461bis]. If the target address is tentative, and | in [I-D.ietf-ipv6-2461bis]. If the target address is tentative, and | |||
| the source address is a unicast address, the solicitation's sender is | the source address is a unicast address, the solicitation's sender is | |||
| skipping to change at page 16, line 4 | skipping to change at page 15, line 49 | |||
| If the source address of the Neighbor Solicitation is the unspecified | If the source address of the Neighbor Solicitation is the unspecified | |||
| address, the solicitation is from a node performing Duplicate Address | address, the solicitation is from a node performing Duplicate Address | |||
| Detection. If the solicitation is from another node, the tentative | Detection. If the solicitation is from another node, the tentative | |||
| address is a duplicate and should not be used (by either node). If | address is a duplicate and should not be used (by either node). If | |||
| the solicitation is from the node itself (because the node loops back | the solicitation is from the node itself (because the node loops back | |||
| multicast packets), the solicitation does not indicate the presence | multicast packets), the solicitation does not indicate the presence | |||
| of a duplicate address. | of a duplicate address. | |||
| Implementor's Note: many interfaces provide a way for upper layers to | Implementor's Note: many interfaces provide a way for upper layers to | |||
| selectively enable and disable the looping back of multicast packets. | selectively enable and disable the looping back of multicast packets. | |||
| The details of how such a facility is implemented may prevent | The details of how such a facility is implemented may prevent | |||
| Duplicate Address Detection from working correctly. See the Appendix | Duplicate Address Detection from working correctly. See the | |||
| A for further discussion. | Appendix A for further discussion. | |||
| The following tests identify conditions under which a tentative | The following tests identify conditions under which a tentative | |||
| address is not unique: | address is not unique: | |||
| - If a Neighbor Solicitation for a tentative address is received | - If a Neighbor Solicitation for a tentative address is received | |||
| prior to having sent one, the tentative address is a duplicate. | prior to having sent one, the tentative address is a duplicate. | |||
| This condition occurs when two nodes run Duplicate Address | This condition occurs when two nodes run Duplicate Address | |||
| Detection simultaneously, but transmit initial solicitations at | Detection simultaneously, but transmit initial solicitations at | |||
| different times (e.g., by selecting different random delay values | different times (e.g., by selecting different random delay values | |||
| before joining the solicited-node multicast address and | before joining the solicited-node multicast address and | |||
| skipping to change at page 19, line 44 | skipping to change at page 19, line 40 | |||
| address. We call the remaining time "RemainingLifetime" in the | address. We call the remaining time "RemainingLifetime" in the | |||
| following discussion: | following discussion: | |||
| 1. If the received Valid Lifetime is greater than 2 hours or | 1. If the received Valid Lifetime is greater than 2 hours or | |||
| greater than RemainingLifetime, set the valid lifetime of the | greater than RemainingLifetime, set the valid lifetime of the | |||
| corresponding address to the advertised Valid Lifetime. | corresponding address to the advertised Valid Lifetime. | |||
| 2. If RemainingLifetime is less than or equal to 2 hours, ignore | 2. If RemainingLifetime is less than or equal to 2 hours, ignore | |||
| the Prefix Information option with regards to the valid | the Prefix Information option with regards to the valid | |||
| lifetime, unless the Router Advertisement from which this | lifetime, unless the Router Advertisement from which this | |||
| option was obtained has been authenticated (e.g., via IP | option was obtained has been authenticated (e.g., via Secure | |||
| security [RFC2402]). If the Router Advertisement was | Neighbor Discovery [RFC3971]). If the Router Advertisement | |||
| authenticated, the valid lifetime of the corresponding address | was authenticated, the valid lifetime of the corresponding | |||
| should be set to the Valid Lifetime in the received option. | address should be set to the Valid Lifetime in the received | |||
| option. | ||||
| 3. Otherwise, reset the valid lifetime of the corresponding | 3. Otherwise, reset the valid lifetime of the corresponding | |||
| address to two hours. | address to two hours. | |||
| The above rules address a specific denial of service attack in | The above rules address a specific denial of service attack in | |||
| which a bogus advertisement could contain prefixes with very small | which a bogus advertisement could contain prefixes with very small | |||
| Valid Lifetimes. Without the above rules, a single | Valid Lifetimes. Without the above rules, a single | |||
| unauthenticated advertisement containing bogus Prefix Information | unauthenticated advertisement containing bogus Prefix Information | |||
| options with short Valid Lifetimes could cause all of a node's | options with short Valid Lifetimes could cause all of a node's | |||
| addresses to expire prematurely. The above rules ensure that | addresses to expire prematurely. The above rules ensure that | |||
| skipping to change at page 21, line 22 | skipping to change at page 21, line 19 | |||
| address selection including this case are described in [RFC3484] and | address selection including this case are described in [RFC3484] and | |||
| beyond the scope of this document. | beyond the scope of this document. | |||
| An address (and its association with an interface) becomes invalid | An address (and its association with an interface) becomes invalid | |||
| when its valid lifetime expires. An invalid address MUST NOT be used | when its valid lifetime expires. An invalid address MUST NOT be used | |||
| as a source address in outgoing communications and MUST NOT be | as a source address in outgoing communications and MUST NOT be | |||
| recognized as a destination on a receiving interface. | recognized as a destination on a receiving interface. | |||
| 5.6 Configuration Consistency | 5.6 Configuration Consistency | |||
| It is possible for hosts to obtain address information using both the | It is possible for hosts to obtain address information using both | |||
| stateless protocol and DHCPv6 since both may be enabled at the same | stateless autoconfiguration and DHCPv6 since both may be enabled at | |||
| time. It is also possible that the values of other configuration | the same time. It is also possible that the values of other | |||
| parameters such as MTU size and hop limit will be learned from both | configuration parameters such as MTU size and hop limit will be | |||
| Router Advertisements and DHCPv6. If the same configuration | learned from both Router Advertisements and DHCPv6. If the same | |||
| information is provided by multiple sources, the value of this | configuration information is provided by multiple sources, the value | |||
| information should be consistent. However, it is not considered a | of this information should be consistent. However, it is not | |||
| fatal error if information received from multiple sources is | considered a fatal error if information received from multiple | |||
| inconsistent. Hosts accept the union of all information received via | sources is inconsistent. Hosts accept the union of all information | |||
| the stateless protocol and DHCPv6. If inconsistent information is | received via Neighbor Discovery and DHCPv6. | |||
| learned from different sources, the most recently obtained values | ||||
| always have precedence over information learned earlier. | If inconsistent information is learned from different sources, an | |||
| implementation may want to give information learned securely higher | ||||
| precedence over information learned without protection. For | ||||
| instance, Section 8 of [RFC3971] discusses how to deal with | ||||
| information learned through Secure Neighbor Discovery conflicting | ||||
| with information learned through plain Neighbor Discovery. The same | ||||
| discussion can apply to the preference between information learned | ||||
| through plain Neighbor Discovery and information learned via secured | ||||
| DHCPv6, and so on. | ||||
| In any case, if there is no security difference, the most recently | ||||
| obtained values SHOULD have precedence over information learned | ||||
| earlier. | ||||
| 5.7 Retaining Configured Addresses for Stability | 5.7 Retaining Configured Addresses for Stability | |||
| An implementation that has stable storage may want to retain | An implementation that has stable storage may want to retain | |||
| addresses in the storage when the addresses were acquired using | addresses in the storage when the addresses were acquired using | |||
| stateless address autoconfiguration. Assuming the lifetimes used are | stateless address autoconfiguration. Assuming the lifetimes used are | |||
| reasonable, this technique implies that a temporary outage (less than | reasonable, this technique implies that a temporary outage (less than | |||
| the valid lifetime) of a router will never result in the node losing | the valid lifetime) of a router will never result in the node losing | |||
| its global address even if the node were to reboot. When this | its global address even if the node were to reboot. When this | |||
| technique is used, it should also be noted that the expiration times | technique is used, it should also be noted that the expiration times | |||
| skipping to change at page 22, line 21 | skipping to change at page 22, line 27 | |||
| and use a network, the threat is inherently present in the Internet | and use a network, the threat is inherently present in the Internet | |||
| architecture. Any node with a physical attachment to a network can | architecture. Any node with a physical attachment to a network can | |||
| generate an address (using a variety of ad hoc techniques) that | generate an address (using a variety of ad hoc techniques) that | |||
| provides connectivity. | provides connectivity. | |||
| The use of stateless address autoconfiguration and Duplicate Address | The use of stateless address autoconfiguration and Duplicate Address | |||
| Detection opens up the possibility of several denial of service | Detection opens up the possibility of several denial of service | |||
| attacks. For example, any node can respond to Neighbor Solicitations | attacks. For example, any node can respond to Neighbor Solicitations | |||
| for a tentative address, causing the other node to reject the address | for a tentative address, causing the other node to reject the address | |||
| as a duplicate. A separate document [RFC3756] discusses details | as a duplicate. A separate document [RFC3756] discusses details | |||
| about these attacks. These attacks can be addressed by requiring | about these attacks, which can be addressed with the Secure Neighbor | |||
| that Neighbor Discovery packets be authenticated with IP security | Discovery protocol [RFC3971]. It should also be noted that [RFC3756] | |||
| [RFC2402]. However, it should be noted that [RFC3756] points out the | points out the use of IP security is not always feasible depending on | |||
| use of IP security is not always feasible depending on network | network environments. | |||
| environments. | ||||
| 7. IANA CONSIDERATIONS | 7. IANA CONSIDERATIONS | |||
| This document has no actions for IANA. | This document has no actions for IANA. | |||
| 8. Acknowledgements | 8. Acknowledgements | |||
| The authors would like to thank the members of both the IPNG (which | The authors would like to thank the members of both the IPNG (which | |||
| is now IPV6) and ADDRCONF working groups for their input. In | is now IPV6) and ADDRCONF working groups for their input. In | |||
| particular, thanks to Jim Bound, Steve Deering, Richard Draves, and | particular, thanks to Jim Bound, Steve Deering, Richard Draves, and | |||
| skipping to change at page 23, line 7 | skipping to change at page 23, line 10 | |||
| issues, on which this version is based. In addition to those listed | issues, on which this version is based. In addition to those listed | |||
| above, the contributors include Jari Arkko, Brian E Carpenter, | above, the contributors include Jari Arkko, Brian E Carpenter, | |||
| Gregory Daley, Elwyn Davies, Ralph Droms, Jun-ichiro itojun Hagino, | Gregory Daley, Elwyn Davies, Ralph Droms, Jun-ichiro itojun Hagino, | |||
| Christian Huitema, Suresh Krishnan, Soohong Daniel Park, Markku | Christian Huitema, Suresh Krishnan, Soohong Daniel Park, Markku | |||
| Savela, Pekka Savola, and Margaret Wasserman. | Savela, Pekka Savola, and Margaret Wasserman. | |||
| 9. References | 9. References | |||
| 9.1 Normative References | 9.1 Normative References | |||
| [RFC2402] Kent, S. and R. Atkinson, "IP Authentication Header", RFC | ||||
| 2402, November 1998. | ||||
| [RFC2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet | [RFC2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet | |||
| Networks", RFC 2464, December 1998. | Networks", RFC 2464, December 1998. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6 | [RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6 | |||
| (IPv6) Addressing Architecture", RFC 3513, April 2003. | (IPv6) Addressing Architecture", RFC 3513, April 2003. | |||
| [I-D.ietf-ipv6-2461bis] | [I-D.ietf-ipv6-2461bis] | |||
| Narten, T., Nordmark, E., Simpson, W. and H. Soliman, | Narten, T., Nordmark, E., Simpson, W., and H. Soliman, | |||
| "Neighbor Discovery for IP version 6 (IPv6)", | "Neighbor Discovery for IP version 6 (IPv6)", | |||
| draft-ietf-ipv6-2461bis-01 (work in progress), October | draft-ietf-ipv6-2461bis-02 (work in progress), | |||
| 2004. | February 2005. | |||
| Note: this reference is expected to be published in | Note: this reference is expected to be published in | |||
| parallel with the referring document, both of which will | parallel with the referring document, both of which will | |||
| be recycled as a draft standard. Upon publication the | be recycled as a draft standard. Upon publication the | |||
| reference will be updated and this note will be removed. | reference will be updated and this note will be removed. | |||
| 9.2 Informative References | 9.2 Informative References | |||
| [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and | [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., | |||
| M. Carney, "Dynamic Host Configuration Protocol for IPv6 | and M. Carney, "Dynamic Host Configuration Protocol for | |||
| (DHCPv6)", RFC 3315, July 2003. | IPv6 (DHCPv6)", RFC 3315, July 2003. | |||
| [RFC3484] Draves, R., "Default Address Selection for Internet | [RFC3484] Draves, R., "Default Address Selection for Internet | |||
| Protocol version 6 (IPv6)", RFC 3484, February 2003. | Protocol version 6 (IPv6)", RFC 3484, February 2003. | |||
| [RFC3041] Narten, T. and R. Draves, "Privacy Extensions for | [RFC3041] Narten, T. and R. Draves, "Privacy Extensions for | |||
| Stateless Address Autoconfiguration in IPv6", RFC 3041, | Stateless Address Autoconfiguration in IPv6", RFC 3041, | |||
| January 2001. | January 2001. | |||
| [I-D.ietf-send-cga] | [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", | |||
| Aura, T., "Cryptographically Generated Addresses (CGA)", | RFC 3972, March 2005. | |||
| draft-ietf-send-cga-06 (work in progress), April 2004. | ||||
| [RFC2710] Deering, S., Fenner, W. and B. Haberman, "Multicast | [RFC2710] Deering, S., Fenner, W., and B. Haberman, "Multicast | |||
| Listener Discovery (MLD) for IPv6", RFC 2710, October | Listener Discovery (MLD) for IPv6", RFC 2710, | |||
| 1999. | October 1999. | |||
| [RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery | [RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery | |||
| Version 2 (MLDv2) for IPv6", RFC 3810, June 2004. | Version 2 (MLDv2) for IPv6", RFC 3810, June 2004. | |||
| [RFC3590] Haberman, B., "Source Address Selection for the Multicast | [RFC3590] Haberman, B., "Source Address Selection for the Multicast | |||
| Listener Discovery (MLD) Protocol", RFC 3590, September | Listener Discovery (MLD) Protocol", RFC 3590, | |||
| 2003. | September 2003. | |||
| [RFC3756] Nikander, P., Kempf, J. and E. Nordmark, "IPv6 Neighbor | [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure | |||
| Discovery (ND) Trust Models and Threats", RFC 3756, May | Neighbor Discovery (SEND)", RFC 3971, March 2005. | |||
| 2004. | ||||
| [RFC3756] Nikander, P., Kempf, J., and E. Nordmark, "IPv6 Neighbor | ||||
| Discovery (ND) Trust Models and Threats", RFC 3756, | ||||
| May 2004. | ||||
| [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, | [RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, | |||
| RFC 1112, August 1989. | RFC 1112, August 1989. | |||
| [IEEE802.11] | [IEEE802.11] | |||
| IEEE, "Wireless LAN Medium Access Control (MAC) and | IEEE, "Wireless LAN Medium Access Control (MAC) and | |||
| Physical Layer (PHY) Specifications", ANSI/IEEE STd | Physical Layer (PHY) Specifications", ANSI/IEEE | |||
| 802.11, August 1999. | STd 802.11, August 1999. | |||
| Authors' Addresses | Authors' Addresses | |||
| Susan Thomson | Susan Thomson | |||
| Cisco Systems | Cisco Systems | |||
| EMail: sethomso@cisco.com | Email: sethomso@cisco.com | |||
| Thomas Narten | Thomas Narten | |||
| IBM Corporation | IBM Corporation | |||
| P.O. Box 12195 | P.O. Box 12195 | |||
| Research Triangle Park, NC 27709-2195 | Research Triangle Park, NC 27709-2195 | |||
| USA | USA | |||
| Phone: +1 919-254-7798 | Phone: +1 919-254-7798 | |||
| EMail: narten@us.ibm.com | Email: narten@us.ibm.com | |||
| Tatuya Jinmei | Tatuya Jinmei | |||
| Corporate Research & Development Center, Toshiba Corporation | Corporate Research & Development Center, Toshiba Corporation | |||
| 1 Komukai Toshiba-cho, Saiwai-ku | 1 Komukai Toshiba-cho, Saiwai-ku | |||
| Kawasaki-shi, Kanagawa 212-8582 | Kawasaki-shi, Kanagawa 212-8582 | |||
| Japan | Japan | |||
| Phone: +81 44-549-2230 | Phone: +81 44-549-2230 | |||
| EMail: jinmei@isl.rdc.toshiba.co.jp | Email: jinmei@isl.rdc.toshiba.co.jp | |||
| Appendix A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION | Appendix A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION | |||
| Determining whether a received multicast solicitation was looped back | Determining whether a received multicast solicitation was looped back | |||
| to the sender or actually came from another node is implementation- | to the sender or actually came from another node is implementation- | |||
| dependent. A problematic case occurs when two interfaces attached to | dependent. A problematic case occurs when two interfaces attached to | |||
| the same link happen to have the same identifier and link-layer | the same link happen to have the same identifier and link-layer | |||
| address, and they both send out packets with identical contents at | address, and they both send out packets with identical contents at | |||
| roughly the same time (e.g., Neighbor Solicitations for a tentative | roughly the same time (e.g., Neighbor Solicitations for a tentative | |||
| address as part of Duplicate Address Detection messages). Although a | address as part of Duplicate Address Detection messages). Although a | |||
| skipping to change at page 26, line 7 | skipping to change at page 26, line 11 | |||
| interface, it will also discard packets from other nodes also | interface, it will also discard packets from other nodes also | |||
| using the same link-layer address, including Neighbor | using the same link-layer address, including Neighbor | |||
| Advertisement and Neighbor Solicitation messages required to make | Advertisement and Neighbor Solicitation messages required to make | |||
| Duplicate Address Detection work correctly. This particular | Duplicate Address Detection work correctly. This particular | |||
| problem can be avoided by temporarily disabling the software | problem can be avoided by temporarily disabling the software | |||
| suppression of loopbacks while a node performs Duplicate Address | suppression of loopbacks while a node performs Duplicate Address | |||
| Detection, if it is possible to disable the suppression. | Detection, if it is possible to disable the suppression. | |||
| o If a node that is already using a particular IP address discards | o If a node that is already using a particular IP address discards | |||
| received packets having the same link-layer source address as the | received packets having the same link-layer source address as the | |||
| interface, it will also discard Duplicate Address | interface, it will also discard Duplicate Address Detection- | |||
| Detection-related Neighbor Solicitation messages sent by another | related Neighbor Solicitation messages sent by another node also | |||
| node also using the same link-layer address. Consequently, | using the same link-layer address. Consequently, Duplicate | |||
| Duplicate Address Detection will fail, and the other node will | Address Detection will fail, and the other node will configure a | |||
| configure a non-unique address. Since it is generally impossible | non-unique address. Since it is generally impossible to know when | |||
| to know when another node is performing Duplicate Address | another node is performing Duplicate Address Detection, this | |||
| Detection, this scenario can be avoided only if software | scenario can be avoided only if software suppression of loopback | |||
| suppression of loopback is permanently disabled. | is permanently disabled. | |||
| Thus, to perform Duplicate Address Detection correctly in the case | Thus, to perform Duplicate Address Detection correctly in the case | |||
| where two interfaces are using the same link-layer address, an | where two interfaces are using the same link-layer address, an | |||
| implementation must have a good understanding of the interface's | implementation must have a good understanding of the interface's | |||
| multicast loopback semantics, and the interface cannot discard | multicast loopback semantics, and the interface cannot discard | |||
| received packets simply because the source link-layer address is the | received packets simply because the source link-layer address is the | |||
| same as the interface's. It should also be noted that a link-layer | same as the interface's. It should also be noted that a link-layer | |||
| specification can conflict with the condition necessary to make | specification can conflict with the condition necessary to make | |||
| Duplicate Address Detection work. | Duplicate Address Detection work. | |||
| skipping to change at page 27, line 26 | skipping to change at page 27, line 32 | |||
| o Recommended to perform Duplicate Address Detection for all unicast | o Recommended to perform Duplicate Address Detection for all unicast | |||
| addresses more strongly, considering a variety of different | addresses more strongly, considering a variety of different | |||
| interface identifiers, while keeping care of existing | interface identifiers, while keeping care of existing | |||
| implementations. | implementations. | |||
| o Clarified wording in Section 5.5.4 to make clear that a deprecated | o Clarified wording in Section 5.5.4 to make clear that a deprecated | |||
| address specified by an application should be used for any | address specified by an application should be used for any | |||
| communication. | communication. | |||
| o Clarified the prefix check described in Section 5.5.3 using more | o Clarified the prefix check described in Section 5.5.3 using more | |||
| appropriate terms and that the check is done against the prefixes | appropriate terms and that the check is done against the prefixes | |||
| of addresses configured by stateless autoconfiguration. | of addresses configured by stateless autoconfiguration. | |||
| o Revised the Security Considerations section with a reference to | o Changed the references to the IP security Authentication Header to | |||
| RFC 3756 and a note that the use of IP security is not always | references to RFC 3971 (Secure Neighbor Discovery). Also revised | |||
| feasible. | the Security Considerations section with a reference to RFC 3756. | |||
| o Added a note when an implementation uses stable storage for | o Added a note when an implementation uses stable storage for | |||
| autoconfigured addresses. | autoconfigured addresses. | |||
| o Added consideration about preference between inconsistent | ||||
| information sets, one from a secured source and the other learned | ||||
| without protection. | ||||
| Other miscellaneous clarifications: | Other miscellaneous clarifications: | |||
| o Removed references to site-local and revised wording around the | o Removed references to site-local and revised wording around the | |||
| keyword. | keyword. | |||
| o Removed redundant code in denial of service protection in Section | o Removed redundant code in denial of service protection in | |||
| 5.5.3. | Section 5.5.3. | |||
| o Clarified that a unicasted Neighbor Solicitation or Advertisement | o Clarified that a unicasted Neighbor Solicitation or Advertisement | |||
| should be discarded while performing Duplicate Address Detection. | should be discarded while performing Duplicate Address Detection. | |||
| o Noted in Section 5.3 that an interface can be considered as | ||||
| becoming enabled when a wireless access point changes. | ||||
| Appendix D. CHANGE HISTORY | Appendix D. CHANGE HISTORY | |||
| [NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION UPON PUBLICATION.] | [NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION UPON PUBLICATION.] | |||
| Changes in draft-ietf-ipv6-rfc2462bis-00.txt since RFC 2462 are: | Changes in draft-ietf-ipv6-rfc2462bis-00.txt since RFC 2462 are: | |||
| o Fixed a typo in Section 2. | o Fixed a typo in Section 2. | |||
| o Updated references and categorized them into normative and | o Updated references and categorized them into normative and | |||
| informative ones. | informative ones. | |||
| skipping to change at page 29, line 4 | skipping to change at page 29, line 16 | |||
| autoconfigured addresses. | autoconfigured addresses. | |||
| o Resolved conflict with the Multicast Listener Discovery | o Resolved conflict with the Multicast Listener Discovery | |||
| specification about random delay for the first packet from the | specification about random delay for the first packet from the | |||
| host. | host. | |||
| o Clarified the semantics of the M and O flags based on the latest | o Clarified the semantics of the M and O flags based on the latest | |||
| standard and operational status. In particular, clarified that | standard and operational status. In particular, clarified that | |||
| these flags show the availability of the stateful protocol instead | these flags show the availability of the stateful protocol instead | |||
| of a trigger to invoke the stateful protocol. ManagedFlag and | of a trigger to invoke the stateful protocol. ManagedFlag and | |||
| OtherConfigFlag, which were implementation-internal variables, | OtherConfigFlag, which were implementation-internal variables, | |||
| were removed accordingly. | were removed accordingly. | |||
| o Recommended to perform Duplicate Address Detection for all unicast | o Recommended to perform Duplicate Address Detection for all unicast | |||
| addresses more strongly, considering a variety of different | addresses more strongly, considering a variety of different | |||
| interface identifiers, while keeping care of existing | interface identifiers, while keeping care of existing | |||
| implementations. | implementations. | |||
| o Added a requirement for a random delay before sending Neighbor | o Added a requirement for a random delay before sending Neighbor | |||
| Solicitations for Duplicate Address Detection if the address being | Solicitations for Duplicate Address Detection if the address being | |||
| checked is configured by a multicasted Router Advertisements. | checked is configured by a multicasted Router Advertisement. | |||
| o Clarified that the prefix comparison in Section 5.5.3 is based on | o Clarified that the prefix comparison in Section 5.5.3 is based on | |||
| exact match. Also clarified the comparison described in this | exact match. Also clarified the comparison described in this | |||
| document concentrates on addresses configured by the stateless | document concentrates on addresses configured by the stateless | |||
| mechanism. | mechanism. | |||
| o Revisited the author list. | o Revisited the author list. | |||
| o Added IANA Considerations Section. | o Added IANA Considerations Section. | |||
| Changes since draft-ietf-ipv6-rfc2462bis-02.txt are: | Changes since draft-ietf-ipv6-rfc2462bis-02.txt are: | |||
| o Updated the I-D / IPR boilerplate to the latest ones. Applied | o Updated the I-D / IPR boilerplate to the latest ones. Applied | |||
| skipping to change at page 31, line 5 | skipping to change at page 30, line 33 | |||
| o Noted that the host should make sure that an autoconfigured global | o Noted that the host should make sure that an autoconfigured global | |||
| address is not yet in the address list before adding it to the | address is not yet in the address list before adding it to the | |||
| list. | list. | |||
| o Replaced "stateful configuration" with "DHCPv6". | o Replaced "stateful configuration" with "DHCPv6". | |||
| o Added a reference to [RFC3513] from Section 4. | o Added a reference to [RFC3513] from Section 4. | |||
| o Changed wording about Duplicate Address Detection in Section 4 to | o Changed wording about Duplicate Address Detection in Section 4 to | |||
| avoid confusion on the requirement level. | avoid confusion on the requirement level. | |||
| o Clarified that the use of the RFC2119 keywords is intentionally | o Clarified that the use of the RFC2119 keywords is intentionally | |||
| limited to the protocol specification (Section 5). | limited to the protocol specification (Section 5). | |||
| Changes since draft-ietf-ipv6-rfc2462bis-07.txt are: | ||||
| o Noted in Section 5.3 that an interface can be considered as | ||||
| becoming enabled when a wireless access point changes. | ||||
| o Changed the references to IPsec Authentication Header to | ||||
| references to SEND [RFC3971], and categorized the new reference as | ||||
| informative. | ||||
| o Added consideration about preference between inconsistent | ||||
| information sets, one from a secured source and the other learned | ||||
| without protection. | ||||
| Intellectual Property Statement | Intellectual Property Statement | |||
| The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
| Intellectual Property Rights or other rights that might be claimed to | Intellectual Property Rights or other rights that might be claimed to | |||
| pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
| this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
| might or might not be available; nor does it represent that it has | might or might not be available; nor does it represent that it has | |||
| made any independent effort to identify any such rights. Information | made any independent effort to identify any such rights. Information | |||
| on the procedures with respect to rights in RFC documents can be | on the procedures with respect to rights in RFC documents can be | |||
| found in BCP 78 and BCP 79. | found in BCP 78 and BCP 79. | |||
| skipping to change at page 31, line 41 | skipping to change at page 31, line 41 | |||
| This document and the information contained herein are provided on an | This document and the information contained herein are provided on an | |||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | |||
| ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | |||
| INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | |||
| INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | |||
| WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | |||
| Copyright Statement | Copyright Statement | |||
| Copyright (C) The Internet Society (2004). This document is subject | Copyright (C) The Internet Society (2005). This document is subject | |||
| to the rights, licenses and restrictions contained in BCP 78, and | to the rights, licenses and restrictions contained in BCP 78, and | |||
| except as set forth therein, the authors retain all their rights. | except as set forth therein, the authors retain all their rights. | |||
| Acknowledgment | Acknowledgment | |||
| Funding for the RFC Editor function is currently provided by the | Funding for the RFC Editor function is currently provided by the | |||
| Internet Society. | Internet Society. | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||