RE: [NDP] Router autoconfiguration with RS/RA

To: "Silviu VLASCEANU" <silviu.vlasceanu at gmail.com>, <ipv6 at ietf.org>
Subject: RE: [NDP] Router autoconfiguration with RS/RA
From: "Hemant Singh (shemant)" <shemant at cisco.com>
Date: Fri, 6 Jun 2008 09:27:51 -0400
Authentication-results: rtp-dkim-1; header.From=shemant at cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
Delivered-to: ietfarch-ipv6-web-archive at core3.amsl.com
Delivered-to: ipv6 at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=8688; t=1212758872; x=1213622872; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=shemant at cisco.com; z=From:=20=22Hemant=20Singh=20(shemant)=22=20<shemant at cisco. com> |Subject:=20RE=3A=20[NDP]=20Router=20autoconfiguration=20wi th=20RS/RA |Sender:=20 |To:=20=22Silviu=20VLASCEANU=22=20<silviu.vlasceanu at gmail.c om>,=20<ipv6 at ietf.org>; bh=NwTJ9Vr+lGeLRddVShXu81dw49ZF9Y141zzLc0REd8A=; b=k4JegpyNy1DIdLQcLme41naawNWJQCFnekq9K0zhgbSR0Wb9+renm0oSRe +gk4EXfZIn/mA+zu4/4j59HhHMcrtze7bME/4QN/esuOmQNrEIauDxer3CKI oJZyzjcjtf;
In-reply-to: <3a44f430806060528o3ab46c73k863537e53e62275b@mail.gmail.com>
List-archive: <https://www.ietf.org/mailman/private/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
References: <3a44f430806060528o3ab46c73k863537e53e62275b@mail.gmail.com>
Sender: ipv6-bounces at ietf.org
Thread-index: AcjH0OmurtYwvKMiQqCtIxZbNHtHMgAAYIKA
Thread-topic: [NDP] Router autoconfiguration with RS/RA

Silviu,

A router can receive an RA on the router's upstream and use this RA to autoconfigure the ipv6 address on interface(s) of the router. Such a router interface configuration is no different from how a host interface statelessly autoconfigures as per ND RFC 4861 and 4862. However, ND RFC's do not mandate what does a router implementation do for sending RA, configuring network prefixes in the router downstream direction - these are conceptual variables that a router vendor is left to do what they want to do.

As to answering your question which was:

"Why wouldn't a router be authorized to send Router Sollicitation messages?"

here is my reply.

As far as the interface on the router has no RA configured, and the interface is configuring an IPv6 address using stateless autoconfiguration or even manual configuration, this interface is OK to send an RS in the router downstream. However, soon as any RA configuration for router downstream is configured on the network interface, then ND prohibits a router to send any RS.

Furthermore, I totally agree with Remi on his reply to this question of yours:

"The same question for autoconfiguring the prefix it advertises on its subnets."

You cannot mix router upstream and downstream operations in random fashion. IPv6 stateless autoconfiguration does not support prefix and router configuration of an upstream router. One should be careful discussing router downstream vs. router upstream directions for address configuration, routing configuration, and IPv6 ND RA configuration.

Hemant

From: ipv6-bounces at ietf.org [mailto:ipv6-bounces at ietf.org] On Behalf Of Silviu VLASCEANU
Sent: Friday, June 06, 2008 8:29 AM
To: ipv6 at ietf.org
Subject: [NDP] Router autoconfiguration with RS/RA

Hello,

I have been trying to figure out a response for the following questions, but I have only suppositions and I haven't found (yet) a document that accurately talks about. So I am asking here.

Why wouldn't a router be authorized to send Router Sollicitation messages?
Moreover, why couldn't a router autoconfigure its egress interface based on Router Advertisements received on this interface? The same question for autoconfiguring the prefix it advertises on its subnets.

The only answer that comes in my mind is because an attack over these messages could render not only a host unreachable, but maybe a whole subnet. But apart this, is there really any other reason for not allowing this?

Thank you in advance for the answers.

Best regards,
--
Silviu

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Follow-Ups:
- Re: [NDP] Router autoconfiguration with RS/RA
  - From: Alexandru Petrescu
- Re: [NDP] Router autoconfiguration with RS/RA
  - From: Silviu VLASCEANU

References:
- [NDP] Router autoconfiguration with RS/RA
  - From: Silviu VLASCEANU

Prev by Date: Re: [NDP] Router autoconfiguration with RS/RA
Next by Date: Re: [NDP] Router autoconfiguration with RS/RA
Previous by thread: Re: [NDP] Router autoconfiguration with RS/RA
Next by thread: Re: [NDP] Router autoconfiguration with RS/RA
Index(es):
- Date
- Thread

RE: [NDP] Router autoconfiguration with RS/RA

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.