| draft-ietf-vrrp-ipv6-spec-05.txt | draft-ietf-vrrp-ipv6-spec-06.txt | |||
|---|---|---|---|---|
| INTERNET-DRAFT R. Hinden/Nokia | INTERNET-DRAFT R. Hinden/Nokia | |||
| June 29, 2003 | February 13, 2004 | |||
| Virtual Router Redundancy Protocol for IPv6 | Virtual Router Redundancy Protocol for IPv6 | |||
| <draft-ietf-vrrp-ipv6-spec-05.txt> | <draft-ietf-vrrp-ipv6-spec-06.txt> | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of [RFC2026]. | all provisions of Section 10 of [RFC2026]. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| To view the list Internet-Draft Shadow Directories, see | To view the list Internet-Draft Shadow Directories, see | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This internet draft expires on January 4, 2004. | This internet draft expires on August 18, 2004. | |||
| Abstract | Abstract | |||
| This memo defines the Virtual Router Redundancy Protocol (VRRP) for | This memo defines the Virtual Router Redundancy Protocol (VRRP) for | |||
| IPv6. It is version three (3) of the protocol. It is based on the | IPv6. It is version three (3) of the protocol. It is based on the | |||
| original version of VRRP (version 2) for IPv4 that is defined in | original version of VRRP (version 2) for IPv4 that is defined in | |||
| RFC2338. | RFC2338. | |||
| VRRP specifies an election protocol that dynamically assigns | VRRP specifies an election protocol that dynamically assigns | |||
| responsibility for a virtual router to one of the VRRP routers on a | responsibility for a virtual router to one of the VRRP routers on a | |||
| LAN. The VRRP router controlling the IP address associated with a | LAN. The VRRP router controlling the IP address(es) associated with | |||
| virtual router is called the Master, and forwards packets sent to | a virtual router is called the Master, and forwards packets sent to | |||
| this IP address. The election process provides dynamic fail over in | these IP addresses. The election process provides dynamic fail over | |||
| the forwarding responsibility should the Master become unavailable. | in the forwarding responsibility should the Master become | |||
| The advantage gained from using VRRP for IPv6 is a quicker switch | unavailable. The advantage gained from using VRRP for IPv6 is a | |||
| over to back up routers than can be obtained with standard IPv6 | quicker switch over to back up routers than can be obtained with | |||
| Neighbor Discovery [ND] mechanisms. | standard IPv6 Neighbor Discovery [ND] mechanisms. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction................................................3 | 1. Introduction................................................3 | |||
| 2. Required Features...........................................5 | 2. Required Features...........................................5 | |||
| 3. VRRP Overview...............................................6 | 3. VRRP Overview...............................................6 | |||
| 4. Sample Configurations.......................................8 | 4. Sample Configurations.......................................8 | |||
| 5. Protocol...................................................10 | 5. Protocol...................................................10 | |||
| 5.1 VRRP Packet Format....................................10 | 5.1 VRRP Packet Format....................................10 | |||
| 5.2 IP Field Descriptions.................................10 | 5.2 IP Field Descriptions.................................11 | |||
| 5.3 VRRP Field Descriptions...............................11 | 5.3 VRRP Field Descriptions...............................11 | |||
| 6. Protocol State Machine....................................13 | 6. Protocol State Machine....................................13 | |||
| 6.1 Parameters per Virtual Router.........................13 | 6.1 Parameters per Virtual Router.........................13 | |||
| 6.2 Timers................................................14 | 6.2 Timers................................................13 | |||
| 6.3 State Transition Diagram..............................14 | 6.3 State Transition Diagram..............................15 | |||
| 6.4 State Descriptions....................................14 | 6.4 State Descriptions....................................15 | |||
| 7. Sending and Receiving VRRP Packets........................18 | 7. Sending and Receiving VRRP Packets........................19 | |||
| 7.1 Receiving VRRP Packets................................18 | 7.1 Receiving VRRP Packets................................19 | |||
| 7.2 Transmitting Packets..................................18 | 7.2 Transmitting Packets..................................19 | |||
| 7.3 Virtual MAC Address...................................19 | 7.3 Virtual MAC Address...................................20 | |||
| 7.4 IPv6 Interface Identifiers............................19 | 7.4 IPv6 Interface Identifiers............................20 | |||
| 8. Operational Issues........................................20 | 8. Operational Issues........................................21 | |||
| 8.1 ICMPv6 Redirects......................................20 | 8.1 ICMPv6 Redirects......................................21 | |||
| 8.2 ND Neighbor Solicitation..............................20 | 8.2 ND Neighbor Solicitation..............................21 | |||
| 8.3 Potential Forwarding Loop.............................21 | 8.3 Potential Forwarding Loop.............................22 | |||
| 9. Operation over FDDI, Token Ring, and ATM LANE.............21 | 8.4 Recommendations regarding setting priority values.....22 | |||
| 9.1 Operation over FDDI...................................21 | 9. Operation over FDDI, Token Ring, and ATM LANE.............22 | |||
| 9.2 Operation over Token Ring.............................21 | 9.1 Operation over FDDI...................................22 | |||
| 9.3 Operation over ATM LANE...............................23 | 9.2 Operation over Token Ring.............................22 | |||
| 10. Security Considerations...................................24 | 9.3 Operation over ATM LANE...............................25 | |||
| 11. Acknowledgments...........................................24 | 10. Security Considerations...................................25 | |||
| 12. IANA Considerations.......................................24 | 11. Intellectual Property.....................................26 | |||
| 13. Normative References......................................25 | 12. Acknowledgments...........................................26 | |||
| 14. Informative References....................................26 | 13. IANA Considerations.......................................27 | |||
| 15. Authors' Address..........................................26 | 14. Normative References......................................27 | |||
| 16. Changes from RFC2338......................................26 | 15. Informative References....................................28 | |||
| 16. Authors' Address..........................................28 | ||||
| 17. Changes from RFC2338......................................29 | ||||
| 1. Introduction | 1. Introduction | |||
| IPv6 hosts on a LAN will usually learn about one or more default | IPv6 hosts on a LAN will usually learn about one or more default | |||
| routers by receiving Router Advertisements sent using the IPv6 | routers by receiving Router Advertisements sent using the IPv6 | |||
| Neighbor Discovery protocol [ND]. The Router Advertisements are | Neighbor Discovery protocol [ND]. The Router Advertisements are | |||
| multicast periodically at a rate that the hosts will learn about the | multicast periodically at a rate that the hosts will learn about the | |||
| default routers in a few minutes. They are not sent frequently enough | default routers in a few minutes. They are not sent frequently enough | |||
| to rely on the absence of the router advertisement to detect router | to rely on the absence of the router advertisement to detect router | |||
| failures. | failures. | |||
| skipping to change at page 3, line 44 | skipping to change at page 3, line 44 | |||
| The Virtual Router Redundancy Protocol for IPv6 provides a much | The Virtual Router Redundancy Protocol for IPv6 provides a much | |||
| faster switch over to an alternate default router than can be | faster switch over to an alternate default router than can be | |||
| obtained using standard ND procedures. Using VRRP a backup router | obtained using standard ND procedures. Using VRRP a backup router | |||
| can take over for a failed default router in around three seconds | can take over for a failed default router in around three seconds | |||
| (using VRRP default parameters). This is done with out any | (using VRRP default parameters). This is done with out any | |||
| interaction with the hosts and a minimum amount of VRRP traffic. | interaction with the hosts and a minimum amount of VRRP traffic. | |||
| VRRP specifies an election protocol that dynamically assigns | VRRP specifies an election protocol that dynamically assigns | |||
| responsibility for a virtual router to one of the VRRP routers on a | responsibility for a virtual router to one of the VRRP routers on a | |||
| LAN. The VRRP router controlling the IP address associated with a | LAN. The VRRP router controlling the IP address(es) associated with | |||
| virtual router is called the Master, and forwards packets sent to | a virtual router is called the Master, and forwards packets sent to | |||
| this IP address. The election process provides dynamic fail over in | these IP addresses. The election process provides dynamic fail over | |||
| the forwarding responsibility should the Master become unavailable. | in the forwarding responsibility should the Master become | |||
| unavailable. | ||||
| VRRP provides a function similar to a Cisco Systems, Inc. proprietary | VRRP provides a function similar to the proprietary protocols Hot | |||
| protocol named Hot Standby Router Protocol (HSRP) [HSRP] and to a | Standby Router Protocol (HSRP) [HSRP] and IP Standby Protocol | |||
| Digital Equipment Corporation, Inc. proprietary protocol named IP | [IPSTB]. | |||
| Standby Protocol [IPSTB]. | ||||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC 2119]. | document are to be interpreted as described in [RFC 2119]. | |||
| The IESG/IETF take no position regarding the validity or scope of any | ||||
| intellectual property right or other rights that might be claimed to | ||||
| pertain to the implementation or use of the technology, or the extent | ||||
| to which any license under such rights might or might not be | ||||
| available. See the IETF IPR web page at http://www.ietf.org/ipr.html | ||||
| for additional information. | ||||
| 1.1 Scope | 1.1 Scope | |||
| The remainder of this document describes the features, design goals, | The remainder of this document describes the features, design goals, | |||
| and theory of operation of VRRP for IPv6. The message formats, | and theory of operation of VRRP for IPv6. The message formats, | |||
| protocol processing rules and state machine that guarantee | protocol processing rules and state machine that guarantee | |||
| convergence to a single Virtual Router Master are presented. | convergence to a single Virtual Router Master are presented. | |||
| Finally, operational issues related to MAC address mapping, handling | Finally, operational issues related to MAC address mapping, handling | |||
| of Neighbor Discovery requests, generation of ICMPv6 redirect | of Neighbor Discovery requests, generation of ICMPv6 redirect | |||
| messages, and security issues are addressed. | messages, and security issues are addressed. | |||
| skipping to change at page 4, line 38 | skipping to change at page 4, line 31 | |||
| 1.2 Definitions | 1.2 Definitions | |||
| VRRP Router A router running the Virtual Router Redundancy | VRRP Router A router running the Virtual Router Redundancy | |||
| Protocol. It may participate in one or more | Protocol. It may participate in one or more | |||
| virtual routers. | virtual routers. | |||
| Virtual Router An abstract object managed by VRRP that acts | Virtual Router An abstract object managed by VRRP that acts | |||
| as a default router for hosts on a shared LAN. | as a default router for hosts on a shared LAN. | |||
| It consists of a Virtual Router Identifier and | It consists of a Virtual Router Identifier and | |||
| an IPv6 address across a common LAN. A VRRP | an a set of associated IPv6 address(es) across | |||
| Router may backup one or more virtual routers. | a common LAN. A VRRP Router may backup one or | |||
| more virtual routers. | ||||
| IPv6 Address Owner The VRRP router that has the virtual router's | IPv6 Address Owner The VRRP router that has the virtual router's | |||
| IPv6 address as real interface address. This | IPv6 address(es) as real interface address. | |||
| is the router that, when up, will respond to | This is the router that, when up, will respond | |||
| packets addressed to the IPv6 addresses for | to packets addressed to the IPv6 address(es) | |||
| ICMPv6 pings, TCP connections, etc. | for ICMPv6 pings, TCP connections, etc. | |||
| Virtual Router Master The VRRP router that is assuming the | Virtual Router Master The VRRP router that is assuming the | |||
| responsibility of forwarding packets sent to | responsibility of forwarding packets sent to | |||
| the IPv6 address associated with the virtual | the IPv6 address(es) associated with the | |||
| router, and answering ND requests for this | virtual router, and answering ND requests for | |||
| IPv6 address. Note that if the IPv6 address | these IPv6 address(es). Note that if the IPv6 | |||
| owner is available, then it will always become | address owner is available, then it will | |||
| the Master. | always become the Master. | |||
| Virtual Router Backup The set of VRRP routers available to assume | Virtual Router Backup The set of VRRP routers available to assume | |||
| forwarding responsibility for a virtual router | forwarding responsibility for a virtual router | |||
| should the current Master fail. | should the current Master fail. | |||
| 2.0 Required Features | 2.0 Required Features | |||
| This section outlines the set of features that were considered | This section outlines the set of features that were considered | |||
| mandatory and that guided the design of VRRP. | mandatory and that guided the design of VRRP. | |||
| 2.1 IPv6 Address Backup | 2.1 IPv6 Address Backup | |||
| Backup of an IPv6 address is the primary function of the Virtual | Backup of an IPv6 address(es) is the primary function of the Virtual | |||
| Router Redundancy Protocol. While providing election of a Virtual | Router Redundancy Protocol. While providing election of a Virtual | |||
| Router Master and the additional functionality described below, the | Router Master and the additional functionality described below, the | |||
| protocol should strive to: | protocol should strive to: | |||
| - Minimize the duration of black holes. | - Minimize the duration of black holes. | |||
| - Minimize the steady state bandwidth overhead and processing | - Minimize the steady state bandwidth overhead and processing | |||
| complexity. | complexity. | |||
| - Function over a wide variety of multiaccess LAN technologies | - Function over a wide variety of multiaccess LAN technologies | |||
| capable of supporting IPv6 traffic. | capable of supporting IPv6 traffic. | |||
| - Provide for election of multiple virtual routers on a network for | - Provide for election of multiple virtual routers on a network for | |||
| skipping to change at page 6, line 15 | skipping to change at page 6, line 6 | |||
| 2.3 Minimization of Unnecessary Service Disruptions | 2.3 Minimization of Unnecessary Service Disruptions | |||
| Once Master election has been performed then any unnecessary | Once Master election has been performed then any unnecessary | |||
| transitions between Master and Backup routers can result in a | transitions between Master and Backup routers can result in a | |||
| disruption in service. The protocol should ensure after Master | disruption in service. The protocol should ensure after Master | |||
| election that no state transition is triggered by any Backup router | election that no state transition is triggered by any Backup router | |||
| of equal or lower preference as long as the Master continues to | of equal or lower preference as long as the Master continues to | |||
| function properly. | function properly. | |||
| Some environments may find it beneficial to avoid the state | Some environments may find it beneficial to avoid the state | |||
| transition triggered when a router becomes available that is more | transition triggered when a router becomes available that is | |||
| preferential than the current Master. It may be useful to support an | preferred over the current Master. It may be useful to support an | |||
| override of the immediate convergence to the preferred path. | override of the immediate convergence to the preferred path. | |||
| 2.4 Efficient Operation over Extended LANs | 2.4 Efficient Operation over Extended LANs | |||
| Sending IPv6 packets on a multiaccess LAN requires mapping from an | Sending IPv6 packets on a multiaccess LAN requires mapping from an | |||
| IPv6 address to a MAC address. The use of the virtual router MAC | IPv6 address to a MAC address. The use of the virtual router MAC | |||
| address in an extended LAN employing learning bridges can have a | address in an extended LAN employing learning bridges can have a | |||
| significant effect on the bandwidth overhead of packets sent to the | significant effect on the bandwidth overhead of packets sent to the | |||
| virtual router. If the virtual router MAC address is never used as | virtual router. If the virtual router MAC address is never used as | |||
| the source address in a link level frame then the station location is | the source address in a link level frame then the station location is | |||
| skipping to change at page 6, line 48 | skipping to change at page 6, line 39 | |||
| function described earlier. All protocol messaging is performed | function described earlier. All protocol messaging is performed | |||
| using IPv6 multicast datagrams, thus the protocol can operate over a | using IPv6 multicast datagrams, thus the protocol can operate over a | |||
| variety of multiaccess LAN technologies supporting IPv6 multicast. | variety of multiaccess LAN technologies supporting IPv6 multicast. | |||
| Each VRRP virtual router has a single well-known MAC address | Each VRRP virtual router has a single well-known MAC address | |||
| allocated to it. This document currently only details the mapping to | allocated to it. This document currently only details the mapping to | |||
| networks using the IEEE 802 48-bit MAC address. The virtual router | networks using the IEEE 802 48-bit MAC address. The virtual router | |||
| MAC address is used as the source in all periodic VRRP messages sent | MAC address is used as the source in all periodic VRRP messages sent | |||
| by the Master router to enable bridge learning in an extended LAN. | by the Master router to enable bridge learning in an extended LAN. | |||
| A virtual router is defined by its virtual router identifier (VRID) | A virtual router is defined by its virtual router identifier (VRID) | |||
| and an IPv6 address. A VRRP router may associate a virtual router | and a set of IPv6 address(es). A VRRP router may associate a virtual | |||
| with its real address on an interface, and may also be configured | router with its real address on an interface, and may also be | |||
| with additional virtual router mappings and priority for virtual | configured with additional virtual router mappings and priority for | |||
| routers it is willing to backup. The mapping between VRID and its | virtual routers it is willing to backup. The mapping between VRID | |||
| IPv6 address must be coordinated among all VRRP routers on a LAN. | and its IPv6 address(es) must be coordinated among all VRRP routers | |||
| However, there is no restriction against reusing a VRID with a | on a LAN. However, there is no restriction against reusing a VRID | |||
| different address mapping on different LANs. The scope of each | with a different address mapping on different LANs. The scope of | |||
| virtual router is restricted to a single LAN. | each virtual router is restricted to a single LAN. | |||
| To minimize network traffic, only the Master for each virtual router | To minimize network traffic, only the Master for each virtual router | |||
| sends periodic VRRP Advertisement messages. A Backup router will not | sends periodic VRRP Advertisement messages. A Backup router will not | |||
| attempt to preempt the Master unless it has higher priority. This | attempt to preempt the Master unless it has higher priority. This | |||
| eliminates service disruption unless a more preferred path becomes | eliminates service disruption unless a more preferred path becomes | |||
| available. It's also possible to administratively prohibit all | available. It's also possible to administratively prohibit all | |||
| preemption attempts. The only exception is that a VRRP router will | preemption attempts. The only exception is that a VRRP router will | |||
| always become Master of any virtual router associated with address it | always become Master of any virtual router associated with address it | |||
| owns. If the Master becomes unavailable then the highest priority | owns. If the Master becomes unavailable then the highest priority | |||
| Backup will transition to Master after a short delay, providing a | Backup will transition to Master after a short delay, providing a | |||
| skipping to change at page 10, line 29 | skipping to change at page 10, line 29 | |||
| the IPv6 multicast address assigned to VRRP. | the IPv6 multicast address assigned to VRRP. | |||
| 5.1 VRRP Packet Format | 5.1 VRRP Packet Format | |||
| This section defines the format of the VRRP packet and the relevant | This section defines the format of the VRRP packet and the relevant | |||
| fields in the IPv6 header. | fields in the IPv6 header. | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| |Version| Type | Virtual Rtr ID| Priority | (reserved) | | |Version| Type | Virtual Rtr ID| Priority |Count IPv6 Addr| | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | (reserved) | Adver Int | Checksum | | |(rsvd) | Adver Int | Checksum | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | | | | | | |||
| + + | + + | |||
| | | | | IPv6 Address(es) | | |||
| + IPv6 Address + | + + | |||
| + + | ||||
| + + | ||||
| + + | ||||
| | | | | | | |||
| + + | + + | |||
| | | | | | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| 5.2 IPv6 Field Descriptions | 5.2 IPv6 Field Descriptions | |||
| 5.2.1 Source Address | 5.2.1 Source Address | |||
| The IPv6 link-local address of the interface the packet is being sent | The IPv6 link-local address of the interface the packet is being sent | |||
| skipping to change at page 12, line 17 | skipping to change at page 12, line 23 | |||
| VRRP routers backing up a virtual router MUST use priority values | VRRP routers backing up a virtual router MUST use priority values | |||
| between 1-254 (decimal). The default priority value for VRRP routers | between 1-254 (decimal). The default priority value for VRRP routers | |||
| backing up a virtual router is 100 (decimal). | backing up a virtual router is 100 (decimal). | |||
| The priority value zero (0) has special meaning indicating that the | The priority value zero (0) has special meaning indicating that the | |||
| current Master has stopped participating in VRRP. This is used to | current Master has stopped participating in VRRP. This is used to | |||
| trigger Backup routers to quickly transition to Master without having | trigger Backup routers to quickly transition to Master without having | |||
| to wait for the current Master to timeout. | to wait for the current Master to timeout. | |||
| 5.3.5 Reserved | 5.3.5 Count IPv6 Addr | |||
| This field MUST be set to zero on transmission and ignored on | The number of IPv6 addresses contained in this VRRP advertisement. | |||
| reception. | The minimum value is 1. | |||
| 5.3.5 Reserved | 5.3.5 Rsvd | |||
| This field MUST be set to zero on transmission and ignored on | This field MUST be set to zero on transmission and ignored on | |||
| reception. | reception. | |||
| 5.3.6 Advertisement Interval (Adver Int) | 5.3.6 Advertisement Interval (Adver Int) | |||
| The Advertisement interval indicates the time interval (in seconds) | The Advertisement interval is a 12-bit field that indicates the time | |||
| between ADVERTISEMENTS. The default is 1 second. This field is used | interval (in centiseconds) between ADVERTISEMENTS. The default is | |||
| for troubleshooting misconfigured routers. | 100 centiseconds (1 second). This field is used for troubleshooting | |||
| misconfigured routers. | ||||
| 5.3.7 Checksum | 5.3.7 Checksum | |||
| The checksum field is used to detect data corruption in the VRRP | The checksum field is used to detect data corruption in the VRRP | |||
| message. | message. | |||
| The checksum is the 16-bit one's complement of the one's complement | The checksum is the 16-bit one's complement of the one's complement | |||
| sum of the entire VRRP message starting with the version field and a | sum of the entire VRRP message starting with the version field and a | |||
| "pseudo-header" as defined in section 8.1 of RFC2460 [IPv6]. The | "pseudo-header" as defined in section 8.1 of RFC2460 [IPv6]. The | |||
| next header field in the "pseudo-header" should be set to 112 | next header field in the "pseudo-header" should be set to 112 | |||
| (decimal) for VRRP. For computing the checksum, the checksum field | (decimal) for VRRP. For computing the checksum, the checksum field | |||
| is set to zero. See RFC1071 for more detail [CKSM]. | is set to zero. See RFC1071 for more detail [CKSM]. | |||
| 5.3.8 IPv6 Address | 5.3.8 IPv6 Address(es) | |||
| The IPv6 link-local address associated with the virtual router. | One or more IPv6 addresses associated associated with the virtual | |||
| router. The number of addresses included is specified in the "Count | ||||
| IP Addr" field. The first address must be the IPv6 link-local | ||||
| address associated with the virtual router. These fields are used | ||||
| for troubleshooting misconfigured routers. | ||||
| 6. Protocol State Machine | 6. Protocol State Machine | |||
| 6.1 Parameters per Virtual Router | 6.1 Parameters per Virtual Router | |||
| VRID Virtual Router Identifier. Configured item | VRID Virtual Router Identifier. Configurable | |||
| in the range 1-255 (decimal). There is no | item in the range 1-255 (decimal). There is | |||
| default. | no default. | |||
| Priority Priority value to be used by this VRRP | Priority Priority value to be used by this VRRP | |||
| router in Master election for this virtual | router in Master election for this virtual | |||
| router. The value of 255 (decimal) is | router. The value of 255 (decimal) is | |||
| reserved for the router that owns the IPv6 | reserved for the router that owns the IPv6 | |||
| address associated with the virtual router. | address associated with the virtual router. | |||
| The value of 0 (zero) is reserved for Master | The value of 0 (zero) is reserved for Master | |||
| router to indicate it is releasing | router to indicate it is releasing | |||
| responsibility for the virtual router. The | responsibility for the virtual router. The | |||
| range 1-254 (decimal) is available for VRRP | range 1-254 (decimal) is available for VRRP | |||
| routers backing up the virtual router. The | routers backing up the virtual router. The | |||
| default value is 100 (decimal). | default value is 100 (decimal). | |||
| IPv6_Address The IPv6 link-local address associated with | IPv6_Addresses One or more IPv6 addresses associated with | |||
| this virtual router. Configured item. No | this virtual router. Configured item. No | |||
| default. | default. The first address must be the | |||
| Link-Local address associated with the | ||||
| virtual router. | ||||
| Advertisement_Interval Time interval between ADVERTISEMENTS | Advertisement_Interval Time interval between ADVERTISEMENTS | |||
| (seconds). Default is 1 second. | (centiseconds). Default is 100 centiseconds | |||
| (1 second). | ||||
| Skew_Time Time to skew Master_Down_Interval in | Skew_Time Time to skew Master_Down_Interval in | |||
| seconds. Calculated as: | centiseconds. Calculated as: | |||
| ( (256 - Priority) / 256 ) | ||||
| (((256 - Priority) / 256) * | ||||
| Advertisement_Interval) | ||||
| Master_Down_Interval Time interval for Backup to declare Master | Master_Down_Interval Time interval for Backup to declare Master | |||
| down (seconds). Calculated as: | down (centiseconds). Calculated as: | |||
| (3 * Advertisement_Interval) + Skew_time | (3 * Advertisement_Interval) + Skew_time | |||
| Preempt_Mode Controls whether a higher priority Backup | Preempt_Mode Controls whether a higher priority Backup | |||
| router preempts a lower priority Master. | router preempts a lower priority Master. | |||
| Values are True to allow preemption and | Values are True to allow preemption and | |||
| False to prohibit preemption. Default is | False to prohibit preemption. Default is | |||
| True. | True. | |||
| Note: Exception is that the router that owns | Note: Exception is that the router that owns | |||
| the IPv6 address associated with the virtual | the IPv6 address associated with the virtual | |||
| router always preempts independent of the | router always preempts independent of the | |||
| setting of this flag. | setting of this flag. | |||
| Accept_Mode Controls whether a virtual router in Master | ||||
| state will accept packets addressed to the | ||||
| address owner's IPv6 address as its own if | ||||
| it is not the IPv6 address owner. Default | ||||
| is False. | ||||
| 6.2 Timers | 6.2 Timers | |||
| Master_Down_Timer Timer that fires when ADVERTISEMENT has not | Master_Down_Timer Timer that fires when ADVERTISEMENT has not | |||
| been heard for Master_Down_Interval. | been heard for Master_Down_Interval. | |||
| Adver_Timer Timer that fires to trigger sending of | Adver_Timer Timer that fires to trigger sending of | |||
| ADVERTISEMENT based on | ADVERTISEMENT based on | |||
| Advertisement_Interval. | Advertisement_Interval. | |||
| 6.3 State Transition Diagram | 6.3 State Transition Diagram | |||
| skipping to change at page 15, line 24 | skipping to change at page 16, line 13 | |||
| endif | endif | |||
| 6.4.2 Backup | 6.4.2 Backup | |||
| The purpose of the {Backup} state is to monitor the availability and | The purpose of the {Backup} state is to monitor the availability and | |||
| state of the Master Router. | state of the Master Router. | |||
| While in this state, a VRRP router MUST do the following: | While in this state, a VRRP router MUST do the following: | |||
| - MUST NOT respond to ND Neighbor Solicitation messages for the IPv6 | - MUST NOT respond to ND Neighbor Solicitation messages for the IPv6 | |||
| address associated with the virtual router. | address(es) associated with the virtual router. | |||
| - MUST NOT send ND Router Advertisement messages for the virtual | - MUST NOT send ND Router Advertisement messages for the virtual | |||
| router. | router. | |||
| - MUST discard packets with a destination link layer MAC address | - MUST discard packets with a destination link layer MAC address | |||
| equal to the virtual router MAC address. | equal to the virtual router MAC address. | |||
| - MUST NOT accept packets addressed to the IPv6 address associated | - MUST NOT accept packets addressed to the IPv6 address(es) | |||
| with the virtual router. | associated with the virtual router. | |||
| - If a Shutdown event is received, then: | - If a Shutdown event is received, then: | |||
| o Cancel the Master_Down_Timer | o Cancel the Master_Down_Timer | |||
| o Transition to the {Initialize} state | o Transition to the {Initialize} state | |||
| endif | endif | |||
| - If the Master_Down_Timer fires, then: | - If the Master_Down_Timer fires, then: | |||
| o Send an ADVERTISEMENT | o Send an ADVERTISEMENT | |||
| o Compute and join the Solicited-Node multicast address [ADD-ARH] | o Compute and join the Solicited-Node multicast address [ADD-ARH] | |||
| for the link-local IPv6 address of the Virtual Router. | for the IPv6 address(es) addresses associated with the the | |||
| Virtual Router. | ||||
| o Send an unsolicited ND Neighbor Advertisement with the Router | o Send an unsolicited ND Neighbor Advertisement with the Router | |||
| Flag (R) set, the Solicited Flag (S) unset, the Override flag | Flag (R) set, the Solicited Flag (S) unset, the Override flag | |||
| (O) set, the Target Address set to the IPv6 link-local address | (O) set, the Target Address set to the IPv6 link-local address | |||
| of the Virtual Router, and the Target Link Layer address set to | of the Virtual Router, and the Target Link Layer address set to | |||
| the virtual router MAC address. | the virtual router MAC address. | |||
| o Set the Adver_Timer to Advertisement_Interval | o Set the Adver_Timer to Advertisement_Interval | |||
| o Transition to the {Master} state | o Transition to the {Master} state | |||
| endif | endif | |||
| - If an ADVERTISEMENT is received, then: | - If an ADVERTISEMENT is received, then: | |||
| If the Priority in the ADVERTISEMENT is Zero, then: | If the Priority in the ADVERTISEMENT is Zero, then: | |||
| o Set the Master_Down_Timer to Skew_Time | o Set the Master_Down_Timer to Skew_Time | |||
| skipping to change at page 16, line 43 | skipping to change at page 17, line 31 | |||
| While in the {Master} state the router functions as the forwarding | While in the {Master} state the router functions as the forwarding | |||
| router for the IPv6 address associated with the virtual router. | router for the IPv6 address associated with the virtual router. | |||
| While in this state, a VRRP router MUST do the following: | While in this state, a VRRP router MUST do the following: | |||
| - MUST be a member of the Solicited-Node multicast address for the | - MUST be a member of the Solicited-Node multicast address for the | |||
| IPv6 link-local address associated with the virtual router. | IPv6 link-local address associated with the virtual router. | |||
| - MUST respond to ND Neighbor Solicitation message for the IPv6 | - MUST respond to ND Neighbor Solicitation message for the IPv6 | |||
| address associated with the virtual router. | address(es) associated with the virtual router. | |||
| - MUST send ND Router Advertisements for the virtual router. | - MUST send ND Router Advertisements for the virtual router. | |||
| - MUST respond to ND Router Solicitation message for the virtual | - MUST respond to ND Router Solicitation message for the virtual | |||
| router. | router. | |||
| - MUST forward packets with a destination link layer MAC address | - MUST forward packets with a destination link layer MAC address | |||
| equal to the virtual router MAC address. | equal to the virtual router MAC address. | |||
| - MUST NOT accept packets addressed to the IPv6 address associated | - MUST accept packets addressed to the IPv6 address(es) associated | |||
| with the virtual router if it is not the IPv6 address owner. | with the virtual router if it is the IPv6 address owner or if | |||
| Accept_Mode is True. Otherwise, MUST NOT accept these packets. | ||||
| - MUST accept packets addressed to the IPv6 address associated with | ||||
| the virtual router if it is the IPv6 address owner. | ||||
| - If a Shutdown event is received, then: | - If a Shutdown event is received, then: | |||
| o Cancel the Adver_Timer | o Cancel the Adver_Timer | |||
| o Send an ADVERTISEMENT with Priority = 0 | o Send an ADVERTISEMENT with Priority = 0 | |||
| o Transition to the {Initialize} state | o Transition to the {Initialize} state | |||
| endif | endif | |||
| - If the Adver_Timer fires, then: | - If the Adver_Timer fires, then: | |||
| o Send an ADVERTISEMENT | o Send an ADVERTISEMENT | |||
| o Reset the Adver_Timer to Advertisement_Interval | o Reset the Adver_Timer to Advertisement_Interval | |||
| endif | endif | |||
| - If an ADVERTISEMENT is received, then: | - If an ADVERTISEMENT is received, then: | |||
| If the Priority in the ADVERTISEMENT is Zero, then: | If the Priority in the ADVERTISEMENT is Zero, then: | |||
| skipping to change at page 18, line 36 | skipping to change at page 19, line 36 | |||
| If the above check fails, the receiver SHOULD log the event and | If the above check fails, the receiver SHOULD log the event and | |||
| SHOULD indicate via network management that a misconfiguration was | SHOULD indicate via network management that a misconfiguration was | |||
| detected. If the packet was not generated by the address owner | detected. If the packet was not generated by the address owner | |||
| (Priority does not equal 255 (decimal)), the receiver MUST drop the | (Priority does not equal 255 (decimal)), the receiver MUST drop the | |||
| packet, otherwise continue processing. | packet, otherwise continue processing. | |||
| - MUST verify that the Adver Interval in the packet is the same as | - MUST verify that the Adver Interval in the packet is the same as | |||
| the locally configured for this virtual router | the locally configured for this virtual router | |||
| If the above check fails, the receiver MUST discard the packet, | If the above check fails, the receiver SHOULD log the event and | |||
| SHOULD log the event and SHOULD indicate via network management that | SHOULD indicate via network management that a misconfiguration was | |||
| a misconfiguration was detected. | detected. | |||
| 7.2 Transmitting VRRP Packets | 7.2 Transmitting VRRP Packets | |||
| The following operations MUST be performed when transmitting a VRRP | The following operations MUST be performed when transmitting a VRRP | |||
| packet. | packet. | |||
| - Fill in the VRRP packet fields with the appropriate virtual | - Fill in the VRRP packet fields with the appropriate virtual | |||
| router configuration state | router configuration state | |||
| - Compute the VRRP checksum | - Compute the VRRP checksum | |||
| - Set the source MAC address to Virtual Router MAC Address | - Set the source MAC address to Virtual Router MAC Address | |||
| skipping to change at page 21, line 18 | skipping to change at page 22, line 18 | |||
| Address it becomes Master for if it is not the owner. Forwarding | Address it becomes Master for if it is not the owner. Forwarding | |||
| these packets would result in unnecessary traffic. Also in the case | these packets would result in unnecessary traffic. Also in the case | |||
| of LANs that receive packets they transmit (e.g., token ring) this | of LANs that receive packets they transmit (e.g., token ring) this | |||
| can result in a forwarding loop that is only terminated when the IPv6 | can result in a forwarding loop that is only terminated when the IPv6 | |||
| TTL expires. | TTL expires. | |||
| One such mechanism for VRRP routers is to add/delete a reject host | One such mechanism for VRRP routers is to add/delete a reject host | |||
| route for each adopted IPv6 address when transitioning to/from MASTER | route for each adopted IPv6 address when transitioning to/from MASTER | |||
| state. | state. | |||
| 8.4 Recommendations regarding setting priority values | ||||
| A priority value of 255 designates a particular router as the "IPv6 | ||||
| address owner". Care must be taken not to configure more than one | ||||
| router on the link in this way for a single VRID. | ||||
| Routers with priority 255 will, as soon as they start up, preempt all | ||||
| lower priority routers. Configure no more than one router on the | ||||
| link with priority 255, especially if preemption is set. If no | ||||
| router has this priority, and preemption is disabled, then no | ||||
| preemption will occur. | ||||
| When there are multiple Backup routers, their priority values should | ||||
| be uniformly distributed. For example, if one Backup routers has the | ||||
| default priority of 100 and another BR is added, a priority of 50 | ||||
| would be a better choice for it than 99 or 100 to facilitate faster | ||||
| convergence. | ||||
| 9. Operation over FDDI, Token Ring, and ATM LANE | 9. Operation over FDDI, Token Ring, and ATM LANE | |||
| 9.1 Operation over FDDI | 9.1 Operation over FDDI | |||
| FDDI interfaces remove from the FDDI ring frames that have a source | FDDI interfaces remove from the FDDI ring frames that have a source | |||
| MAC address matching the device's hardware address. Under some | MAC address matching the device's hardware address. Under some | |||
| conditions, such as router isolations, ring failures, protocol | conditions, such as router isolations, ring failures, protocol | |||
| transitions, etc., VRRP may cause there to be more than one Master | transitions, etc., VRRP may cause there to be more than one Master | |||
| router. If a Master router installs the virtual router MAC address | router. If a Master router installs the virtual router MAC address | |||
| as the hardware address on a FDDI device, then other Masters' | as the hardware address on a FDDI device, then other Masters' | |||
| skipping to change at page 23, line 46 | skipping to change at page 25, line 19 | |||
| in [RFC1469]. | in [RFC1469]. | |||
| 9.3 Operation over ATM LANE | 9.3 Operation over ATM LANE | |||
| Operation of VRRP over ATM LANE on routers with ATM LANE interfaces | Operation of VRRP over ATM LANE on routers with ATM LANE interfaces | |||
| and/or routers behind proxy LEC's are beyond the scope of this | and/or routers behind proxy LEC's are beyond the scope of this | |||
| document. | document. | |||
| 10. Security Considerations | 10. Security Considerations | |||
| VRRP for IPv6 does not include any type of authentication. Earlier | VRRP for IPv6 does not currently include any type of authentication. | |||
| versions of VRRP for IPv4 specification included several types of | Earlier versions of the VRRP (for IPv4) specification included | |||
| authentication ranging from none to strong [VRRP-V4]. | several types of authentication ranging from none to strong. | |||
| Operational experience and further analysis determined that these did | Operational experience and further analysis determined that these did | |||
| not provide any real measure of security and do to the nature of the | not provide any real measure of security. Due to the nature of the | |||
| VRRP protocol they did not prevent incorrectly configured or hostile | VRRP protocol, even if VRRP messages are cryptographically protected, | |||
| routers from becoming VRRP masters. In general on LANs any device on | it does not prevent hostile routers from behaving as if they are a | |||
| the LAN has the ability to disrupt all communication. For example | VRRP master, creating multiple masters. Authentication of VRRP | |||
| although securing VRRP prevents unauthorized machines from taking | messages could have prevented a hostile router from causing all | |||
| part in the election protocol, it does not protect hosts on the | properly functioning routers from going into backup state. However, | |||
| network from being deceived. A gratuitous ND reply from what | having multiple masters can cause as much disruption as no routers, | |||
| purports to be the virtual router's IPv6 address can redirect traffic | which authentication cannot prevent. Also, even if a hostile router | |||
| to an unauthorized machine. Similarly, individual connections can be | could not disrupt VRRP, it can disrupt ARP and create the same effect | |||
| diverted by means of forged ICMPv6 Redirect messages. Consequentially | as having all routers go into backup. | |||
| it was determined it was better to remove the additional | ||||
| authentication methods in this specification of the VRRP protocol as | ||||
| it did not provide the authentication originally intended. | ||||
| VRRP includes a mechanism (setting TTL=255, checking on receipt) that | It should be noted that these attacks are not worse and are a subset | |||
| protects against VRRP packets being injected from another remote | of the attacks that any node attached to a LAN can do independently | |||
| network. This limits most vulnerabilities to local attacks. | of VRRP. The kind of attacks a malicious node on a LAN can do | |||
| include promiscuously receiving packets for any routers MAC address, | ||||
| sending packets with the routers MAC address as the source MAC | ||||
| addresses in the L2 header to tell the L2 switches to send packets | ||||
| addressed to the router to the malicious node instead of the router, | ||||
| send redirects to tell the hosts to send their traffic somewhere | ||||
| else, send unsolicited ND replies, answer ND requests, etc., etc. | ||||
| All of this can be done independently of implementing VRRP. VRRP | ||||
| does not add to these vulnerabilities. | ||||
| Independent of any authentication type VRRP includes a mechanism | ||||
| (setting TTL=255, checking on receipt) that protects against VRRP | ||||
| packets being injected from another remote network. This limits most | ||||
| vulnerabilities to local attacks. | ||||
| VRRP does not provide any confidentiality. Confidentiality is not | VRRP does not provide any confidentiality. Confidentiality is not | |||
| necessary for the correct operation of VRRP and there is no | necessary for the correct operation of VRRP and there is no | |||
| information in the VRRP messages that must be kept secret from other | information in the VRRP messages that must be kept secret from other | |||
| nodes on the LAN. | nodes on the LAN. | |||
| 11. Acknowledgments | 11. Intellectual Property | |||
| The IETF takes no position regarding the validity or scope of any | ||||
| intellectual property or other rights that might be claimed to | ||||
| pertain to the implementation or use of the technology described in | ||||
| this document or the extent to which any license under such rights | ||||
| might or might not be available; neither does it represent that it | ||||
| has made any effort to identify any such rights. Information on the | ||||
| IETF's procedures with respect to rights in standards-track and | ||||
| standards-related documentation can be found in BCP-11. Copies of | ||||
| claims of rights made available for publication and any assurances of | ||||
| licenses to be made available, or the result of an attempt made to | ||||
| obtain a general license or permission for the use of such | ||||
| proprietary rights by implementors or users of this specification can | ||||
| be obtained from the IETF Secretariat. See the IETF IPR web page at | ||||
| http://www.ietf.org/ipr.html for additional information. | ||||
| The IETF invites any interested party to bring to its attention any | ||||
| copyrights, patents or patent applications, or other proprietary | ||||
| rights which may cover technology that may be required to practice | ||||
| this standard. Please address the information to the IETF Executive | ||||
| Director. | ||||
| The IETF has been notified of intellectual property rights claimed in | ||||
| regard to some or all of the specification contained in this | ||||
| document. For more information consult the online list of claimed | ||||
| rights. | ||||
| 12. Acknowledgments | ||||
| This specification is based on RFC2238. The authors of RFC2238 are | This specification is based on RFC2238. The authors of RFC2238 are | |||
| S. Knight, D. Weaver, D. Whipple, R. Hinden, D. Mitzel, P. Hunt, P. | S. Knight, D. Weaver, D. Whipple, R. Hinden, D. Mitzel, P. Hunt, P. | |||
| Higginson, M. Shand, and A. Lindem. | Higginson, M. Shand, and A. Lindem. | |||
| The author of this document would also like to thank Erik Nordmark, | The author of this document would also like to thank Erik Nordmark, | |||
| Thomas Narten, Steve Deering, Radia Perlman, and Danny Mitzel for | Thomas Narten, Steve Deering, Radia Perlman, Danny Mitzel, Mukesh | |||
| their helpful suggestions. | Gupta, Don Provan, and Mark Hollinger for their helpful suggestions. | |||
| 12. IANA Considerations | 13. IANA Considerations | |||
| VRRP for IPv6 needs an IPv6 link-local scope multicast address | VRRP for IPv6 needs an IPv6 link-local scope multicast address | |||
| assigned by the IANA for this specification. The IPv6 multicast | assigned by the IANA for this specification. The IPv6 multicast | |||
| address should be of the following form: | address should be of the following form: | |||
| FF02:0:0:0:0:0:XXXX:XXXX | FF02:0:0:0:0:0:XXXX:XXXX | |||
| The values assigned address should be entered into section 5.2.2. | The values assigned address should be entered into section 5.2.2. | |||
| A convenient assignment of this link-local scope multicast would be: | A convenient assignment of this link-local scope multicast would be: | |||
| skipping to change at page 25, line 18 | skipping to change at page 27, line 30 | |||
| The IANA should also reserve a block of IANA Ethernet unicast | The IANA should also reserve a block of IANA Ethernet unicast | |||
| addresses from: | addresses from: | |||
| 00-00-5E-00-02-00 to 00-00-5E-00-02-FF in hex | 00-00-5E-00-02-00 to 00-00-5E-00-02-FF in hex | |||
| for VRRP for IPv6. Similar assignments are documented in: | for VRRP for IPv6. Similar assignments are documented in: | |||
| http://www.iana.org/assignments/ethernet-numbers | http://www.iana.org/assignments/ethernet-numbers | |||
| 13. Normative References | 14. Normative References | |||
| [802.1D] International Standard ISO/IEC 10038: 1993, ANSI/IEEE Std | [802.1D] International Standard ISO/IEC 10038: 1993, ANSI/IEEE Std | |||
| 802.1D, 1993 edition. | 802.1D, 1993 edition. | |||
| [ADD-ARH] Hinden, R., S. Deering, "IP Version 6 Addressing | [ADD-ARH] Hinden, R., S. Deering, "IP Version 6 Addressing | |||
| Architecture", RFC3513, April 2003. | Architecture", RFC3513, April 2003. | |||
| [CKSM] Braden, R., D. Borman, C. Partridge, "Computing the | [CKSM] Braden, R., D. Borman, C. Partridge, "Computing the | |||
| Internet Checksum", RFC1071, September 1988. | Internet Checksum", RFC1071, September 1988. | |||
| skipping to change at page 26, line 9 | skipping to change at page 28, line 21 | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", RFC2119, BCP0014, March 1997. | Requirement Levels", RFC2119, BCP0014, March 1997. | |||
| [TKARCH] IBM Token-Ring Network, Architecture Reference, Publication | [TKARCH] IBM Token-Ring Network, Architecture Reference, Publication | |||
| SC30-3374-02, Third Edition, (September, 1989). | SC30-3374-02, Third Edition, (September, 1989). | |||
| [VRRP-V4] Knight, S., et. al., "Virtual Router Redundancy Protocol", | [VRRP-V4] Knight, S., et. al., "Virtual Router Redundancy Protocol", | |||
| RFC2338, April 1998. | RFC2338, April 1998. | |||
| 14. Informative References | 15. Informative References | |||
| [HSRP] Li, T., B. Cole, P. Morton, D. Li, "Cisco Hot Standby | [HSRP] Li, T., B. Cole, P. Morton, D. Li, "Cisco Hot Standby | |||
| Router Protocol (HSRP)", RFC2281, March 1998. | Router Protocol (HSRP)", RFC2281, March 1998. | |||
| [IPSTB] Higginson, P., M. Shand, "Development of Router Clusters to | [IPSTB] Higginson, P., M. Shand, "Development of Router Clusters to | |||
| Provide Fast Failover in IP Networks", Digital Technical | Provide Fast Failover in IP Networks", Digital Technical | |||
| Journal, Volume 9 Number 3, Winter 1997. | Journal, Volume 9 Number 3, Winter 1997. | |||
| [OSPF] Moy, J., "OSPF version 2", RFC2328, STD0054, April 1998. | [OSPF] Moy, J., "OSPF version 2", RFC2328, STD0054, April 1998. | |||
| [RIP] Malkin, G., "RIP Version 2", RFC2453, STD0056, November | [RIP] Malkin, G., "RIP Version 2", RFC2453, STD0056, November | |||
| 1998. | 1998. | |||
| 15. Author's Address | 16. Author's Address | |||
| Robert Hinden | Robert Hinden | |||
| Nokia | Nokia | |||
| 313 Fairchild Drive | 313 Fairchild Drive | |||
| Mountain View, CA 94043 | Mountain View, CA 94043 | |||
| USA | USA | |||
| Phone: +1 650 625-2004 | Phone: +1 650 625-2004 | |||
| EMail: hinden@iprg.nokia.com | EMail: bob.hinden@nokia.com | |||
| 16. Changes from RFC2338 | 17. Changes from RFC2338 | |||
| - Changed VMAC assignements to a separate block of IANA Ethernet | - Added new subsection (8.4) with recommendations about setting | |||
| priority values and it's relationship to the preempt flag. | ||||
| - Changed rules for receiving VRRP packets to not drop the packet if | ||||
| the Adver Interval is not consistent with the local configuration | ||||
| for the virtual router. Only log and notify network management. | ||||
| - Reduced granularity of the Advertisement_Interval to centiseconds | ||||
| (i.e., 1/100 of a second). Changes include: | ||||
| o Made Adver Int field in the header 12-bits to allow range from | ||||
| 1 to 4096 centiseconds. | ||||
| o Change Skew_Timer calculation to skew over one | ||||
| Advertisement_Interval. | ||||
| - Added switch (Accept_Mode) to control whether a virtual router in | ||||
| Master state will accept packets addresses to the address owner's | ||||
| IPv6 address as its own if it is not the IPv6 address owner. | ||||
| - Changed VMAC assignments to a separate block of IANA Ethernet | ||||
| addresses and added this to the IANA considerations section. | addresses and added this to the IANA considerations section. | |||
| - Removed different authentication methods, header fields, and | - Removed different authentication methods, header fields, and | |||
| updated the security considerations section. | updated the security considerations section to explain the reasons | |||
| for doing this. | ||||
| - General rewrite to change protocol to provide virtual router | - General rewrite to change protocol to provide virtual router | |||
| functionality from IPv4 to IPv6. Specific changes include: | functionality from IPv4 to IPv6. Specific changes include: | |||
| o Increment VRRP version to 3. | o Increment VRRP version to 3. | |||
| o Change packet format to support an 128-bit IPv6 address. | o Change packet format to support an 128-bit IPv6 address. | |||
| o Change to only support one router address (instead of multiple | ||||
| addresses). This included removing address count field from | ||||
| header. | ||||
| o Rewrote text to specify IPv6 Neighbor Discovery mechanisms | o Rewrote text to specify IPv6 Neighbor Discovery mechanisms | |||
| instead of ARP. | instead of ARP. | |||
| o Changed state machine actions to use Neighbor Discovery | o Changed state machine actions to use Neighbor Discovery | |||
| mechanisms. This includes sending unsolicited Neighbor | mechanisms. This includes sending unsolicited Neighbor | |||
| Advertisements, Receiving Neighbor Solicitations, joining the | Advertisements, Receiving Neighbor Solicitations, joining the | |||
| appropriate solicited node multicast group, sending Router | appropriate solicited node multicast group, sending Router | |||
| Advertisements, and receiving Router Solicitations. | Advertisements, and receiving Router Solicitations. | |||
| - Revised the section 4 examples text with a clearer description of | - Revised the section 4 examples text with a clearer description of | |||
| mapping of IPv6 address owner, priorities, etc. | mapping of IPv6 address owner, priorities, etc. | |||
| - Clarify the section 7.1 text describing address list validation. | - Clarify the section 7.1 text describing address list validation. | |||
| - Corrected text in Preempt_Mode definition. | - Corrected text in Preempt_Mode definition. | |||
| - Changed authentication to be per Virtual Router instead of per | - Changed authentication to be per Virtual Router instead of per | |||
| skipping to change at page 27, line 21 | skipping to change at page 29, line 48 | |||
| mapping of IPv6 address owner, priorities, etc. | mapping of IPv6 address owner, priorities, etc. | |||
| - Clarify the section 7.1 text describing address list validation. | - Clarify the section 7.1 text describing address list validation. | |||
| - Corrected text in Preempt_Mode definition. | - Corrected text in Preempt_Mode definition. | |||
| - Changed authentication to be per Virtual Router instead of per | - Changed authentication to be per Virtual Router instead of per | |||
| Interface. | Interface. | |||
| - Added new subsection (9.3) stating that VRRP over ATM LANE is | - Added new subsection (9.3) stating that VRRP over ATM LANE is | |||
| beyond the scope of this document. | beyond the scope of this document. | |||
| - Clarified text describing received packet length check. | - Clarified text describing received packet length check. | |||
| - Clarified text describing received authentication check. | - Clarified text describing received authentication check. | |||
| - Clarified text describing VRID verification check. | - Clarified text describing VRID verification check. | |||
| - Added new subsection (8.4) describing need to not forward packets | - Added new subsection (8.3) describing need to not forward packets | |||
| for adopted IPv6 addresses. | for adopted IPv6 addresses. | |||
| - Added clarification to the security considerations section. | - Added clarification to the security considerations section. | |||
| - Added reference for computing the internet checksum. | - Added reference for computing the internet checksum. | |||
| - Updated references and author information. | - Updated references and author information. | |||
| - Removed IPR section as no IPR claims have been made against this | ||||
| draft. | ||||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||