Marcelo and Frank -
It seems to be hard to deal with the following scenarios: 1)A host isauthorized to use a static address, while the host does not connect thenetworkright, we need to think how to deal with this case one obvious option isthat since the address is manually configured in the host, it can also be manually included in the SAVI cache, so it knows that has been manually assigned
Right. An alternative, more automated solution might be to have the switch perform proxy DAD when a new address is used on a given port. This would enable the switch to determine whether the new address is pre-configured and hence already in use, because the pre-configured host would respond to the switch's Neighbor Solicitation during the proxy DAD procedure. FCFS already uses proxy DAD -- in the Neighbor Unreachability Detection variant -- to prevent attackers from hijacking an address by faking link-layer movements. An obvious optimization to avoid unnecessary proxy DAD is for the switch to listen for non-proxy DAD, and to skip proxy DAD if non-proxy DAD was performed for the same address/port combination. - Christian
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.