| < draft-ietf-6man-impatient-nud-01.txt | draft-ietf-6man-impatient-nud-02.txt > | |||
|---|---|---|---|---|
| 6MAN WG E. Nordmark | 6MAN WG E. Nordmark | |||
| Internet-Draft Cisco Systems, Inc. | Internet-Draft Cisco Systems, Inc. | |||
| Updates: 4861 (if approved) I. Gashinsky | Updates: 4861 (if approved) I. Gashinsky | |||
| Expires: September 13, 2012 Yahoo! | Expires: January 2, 2013 Yahoo! | |||
| March 12, 2012 | Jul 2012 | |||
| Neighbor Unreachability Detection is too impatient | Neighbor Unreachability Detection is too impatient | |||
| draft-ietf-6man-impatient-nud-01.txt | draft-ietf-6man-impatient-nud-02.txt | |||
| Abstract | Abstract | |||
| IPv6 Neighbor Discovery includes Neighbor Unreachability Detection. | IPv6 Neighbor Discovery includes Neighbor Unreachability Detection. | |||
| That function is very useful when a host has an alternative, for | That function is very useful when a host has an alternative, for | |||
| instance multiple default routers, since it allows the host to switch | instance multiple default routers, since it allows the host to switch | |||
| to the alternative in short time. This time is 3 seconds after the | to the alternative in short time. This time is 3 seconds after the | |||
| node starts probing by default. However, if there are no | node starts probing by default. However, if there are no | |||
| alternatives, this is far too impatient. This document specifies | alternatives, this is far too impatient. This document specifies | |||
| relaxed rules for Neighbor Discovery retransmissions that allows an | relaxed rules for Neighbor Discovery retransmissions that allows an | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 39 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 13, 2012. | This Internet-Draft will expire on January 2, 2013. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 34 ¶ | skipping to change at page 3, line 34 ¶ | |||
| However, when there is no alternative there are several benefits in | However, when there is no alternative there are several benefits in | |||
| making NUD try probing for a longer time. One of those benefits is | making NUD try probing for a longer time. One of those benefits is | |||
| to be more robust against transient failures, such as spanning tree | to be more robust against transient failures, such as spanning tree | |||
| reconvergence and other layer 2 issues that can take many seconds to | reconvergence and other layer 2 issues that can take many seconds to | |||
| resolve. Marking the NCE as unreachable in that case causes | resolve. Marking the NCE as unreachable in that case causes | |||
| additional multicast on the network. Assuming there are IP packets | additional multicast on the network. Assuming there are IP packets | |||
| to send, the lack of an NCE will result in multicast Neighbor | to send, the lack of an NCE will result in multicast Neighbor | |||
| Solicitations every second instead of the unicast Neighbor | Solicitations every second instead of the unicast Neighbor | |||
| Solicitations that NUD sends. | Solicitations that NUD sends. | |||
| As a result IPv6 is operationally more brittle than IPv4. For IPv4 | As a result IPv6 Neighbor Discovery is operationally more brittle | |||
| there is no mandatory time limit on the retransmission behavior for | than IPv4 ARP. For IPv4 there is no mandatory time limit on the | |||
| ARP [RFC0826] which allows implementors to pick more robust schemes. | retransmission behavior for ARP [RFC0826] which allows implementors | |||
| to pick more robust schemes. | ||||
| The following constant values in [RFC4861] seem to have been made | The following constant values in [RFC4861] seem to have been made | |||
| part of IPv6 conformance testing: MAX_MULTICAST_SOLICIT, | part of IPv6 conformance testing: MAX_MULTICAST_SOLICIT, | |||
| MAX_UNICAST_SOLICIT, and RETRANS_TIMER. While such strict | MAX_UNICAST_SOLICIT, and RETRANS_TIMER. While such strict | |||
| conformance testing seems consistent with [RFC4861], it means that we | conformance testing seems consistent with [RFC4861], it means that we | |||
| need to update the standard if we want to allow IPv6 Neighbor | need to update the standard if we want to allow IPv6 Neighbor | |||
| Discovery to be as operationally robust as ARP. | Discovery to be as robust as ARP. | |||
| This document updates RFC 4861 to relax the retransmission rules. | This document updates RFC 4861 to relax the retransmission rules. | |||
| Additional motivations for making IPv6 Neighbor Discovery as robust | Additional motivations for making IPv6 Neighbor Discovery more robust | |||
| as ARP are covered in [I-D.gashinsky-v6nd-enhance]. | in the face of degenerate conditions are covered in [RFC6583]. | |||
| 2. Definition Of Terms | 2. Definition Of Terms | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| 3. Protocol Updates | 3. Protocol Updates | |||
| Giving up after three packets spaced one second apart is only | Giving up after three packets spaced one second apart is only | |||
| REQUIRED when there is an alternative, such as an additional default | REQUIRED when there is an alternative, such as an additional default | |||
| route or a redirect. | route or a redirect. | |||
| If implementations transmit more than MAX_*CAST_SOLICIT packets it | If implementations transmit more than MAX_*CAST_SOLICIT packets it | |||
| SHOULD use (binary) exponential backoff of the retransmit timer. | SHOULD use (binary) exponential backoff of the retransmit timer. | |||
| This is to avoid any significant load due to a steady background | This is to avoid any significant load due to a steady background | |||
| level of retransmissions from implementations that try for a long | level of retransmissions from implementations that try for a long | |||
| time. | time. | |||
| However, even if there is no alternative, the protocol needs to be | Even if there is no alternative, the protocol needs to be able to | |||
| able to handle the case when the link-layer address of the | handle the case when the link-layer address of the destination has | |||
| destination has changed by switching to multicast Neighbor | changed by switching to multicast Neighbor Solicitations at some | |||
| Solicitations at some point in time. | point in time. | |||
| In order to capture all the cases above this document introduces a | In order to capture all the cases above this document introduces a | |||
| new UNREACHABLE state in the conceptual model described in [RFC4861]. | new UNREACHABLE state in the conceptual model described in [RFC4861]. | |||
| A NCE in the UNREACHABLE state retains the link-layer address, and | A NCE in the UNREACHABLE state retains the link-layer address, and | |||
| IPv6 packets continue to be sent to that link-layer address. But in | IPv6 packets continue to be sent to that link-layer address. But in | |||
| the UNREACHABLE state the NUD Neighbor Solicitations are multicast, | the UNREACHABLE state the NUD Neighbor Solicitations are multicast, | |||
| using a timeout that follows a (binary) exponential backoff. | using a timeout that follows a (binary) exponential backoff. | |||
| In the places where RFC4861 says to to discard/delete the NCE after N | In the places where RFC4861 says to to discard/delete the NCE after N | |||
| probes (Section 7.3, 7.3.3 and Appendix C) we will instead transition | probes (Section 7.3, 7.3.3 and Appendix C) we will instead transition | |||
| skipping to change at page 5, line 46 ¶ | skipping to change at page 5, line 46 ¶ | |||
| That needs to be replaced by: | That needs to be replaced by: | |||
| PROBE Retransmit timeout, Double timeout UNREACHABLE | PROBE Retransmit timeout, Double timeout UNREACHABLE | |||
| N or more Send multicast NS | N or more Send multicast NS | |||
| retransmissions. | retransmissions. | |||
| UNREACHABLE Retransmit timeout Double timeout UNREACHABLE | UNREACHABLE Retransmit timeout Double timeout UNREACHABLE | |||
| Send multicast NS | Send multicast NS | |||
| The binary exponential backoff SHOULD be clamped at some reasonable | The binary exponential backoff SHOULD be clamped at some reasonable | |||
| maximum retransmit timeout, such as 60 seconds. And if there is no | maximum retransmit timeout, such as 60 seconds. If there is no IPv6 | |||
| IPv6 packets sent using the UNREACHABLE NCE, then it makes sense to | packets sent using the UNREACHABLE NCE, then it makes sense to stop | |||
| stop the retransmits of the multicast NS until either the NCE is | the retransmits of the multicast NS until either the NCE is garbage | |||
| garbage collected, or there are IPv6 packets sent using the NCE. In | collected or there are IPv6 packets sent using the NCE. The | |||
| essence the multicast NS and associated binary exponential backoff | multicast NS and associated binary exponential backoff can be applied | |||
| can be conditioned on the continued use of the NCE to send IPv6 | on the condition of the continued use of the NCE to send IPv6 packets | |||
| packets to the recorded link-layer address. | to the recorded link-layer address. | |||
| A node MAY unicast the first few Neighbor Solicitation messages while | A node MAY unicast the first few Neighbor Solicitation messages while | |||
| in UNREACHABLE state, but it MUST switch to multicast Neighbor | in UNREACHABLE state, but it MUST switch to multicast Neighbor | |||
| Solicitations. Otherwise it would not detect a link-layer address | Solicitations. Otherwise it would not detect a link-layer address | |||
| change for the target. | change for the target. | |||
| 4. Example Algorithm | 4. Example Algorithm | |||
| This section is NOT normative, but specifies a simple implementation | This section is NOT normative, but specifies a simple implementation | |||
| which conforms with this document. The implementation is described | which conforms with this document. The implementation is described | |||
| skipping to change at page 7, line 21 ¶ | skipping to change at page 7, line 21 ¶ | |||
| configure are BACKOFF_MULTIPLE, MAX_UNICAST_SOLICIT and | configure are BACKOFF_MULTIPLE, MAX_UNICAST_SOLICIT and | |||
| MAX_MULTICAST_SOLICIT. | MAX_MULTICAST_SOLICIT. | |||
| It would be useful to have a maximum value for | It would be useful to have a maximum value for | |||
| ($BACKOFF_MULTIPLE^$solicit_attempt_num)*$RetransTimer so that the | ($BACKOFF_MULTIPLE^$solicit_attempt_num)*$RetransTimer so that the | |||
| retransmissions are not too far apart. A value 60 seconds is | retransmissions are not too far apart. A value 60 seconds is | |||
| consistent with DHCP. | consistent with DHCP. | |||
| 5. Acknowledgements | 5. Acknowledgements | |||
| The comments from Thomas Narten and Philip Homburg have helped | The comments from Thomas Narten, Philip Homburg, and Joel Jaeggli | |||
| improve this draft. | have helped improve this draft. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| Relaxing the retransmission behavior for NUD has no impact on | Relaxing the retransmission behavior for NUD is belived to have no | |||
| security. In particular, it doesn't impact applying Secure Neighbor | impact on security. In particular, it doesn't impact the application | |||
| Discovery [RFC3971]. | Secure Neighbor Discovery [RFC3971]. | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| This are no IANA considerations for this document. | This are no IANA considerations for this document. | |||
| 8. References | 8. References | |||
| 8.1. Normative References | 8.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| skipping to change at page 8, line 7 ¶ | skipping to change at page 8, line 7 ¶ | |||
| [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure | [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure | |||
| Neighbor Discovery (SEND)", RFC 3971, March 2005. | Neighbor Discovery (SEND)", RFC 3971, March 2005. | |||
| [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, | [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, | |||
| "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, | "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, | |||
| September 2007. | September 2007. | |||
| 8.2. Informative References | 8.2. Informative References | |||
| [I-D.gashinsky-v6nd-enhance] | ||||
| Kumari, W., "Operational Neighbor Discovery Problems and | ||||
| Enhancements.", draft-gashinsky-v6nd-enhance-00 (work in | ||||
| progress), June 2011. | ||||
| [RFC0826] Plummer, D., "Ethernet Address Resolution Protocol: Or | [RFC0826] Plummer, D., "Ethernet Address Resolution Protocol: Or | |||
| converting network protocol addresses to 48.bit Ethernet | converting network protocol addresses to 48.bit Ethernet | |||
| address for transmission on Ethernet hardware", STD 37, | address for transmission on Ethernet hardware", STD 37, | |||
| RFC 826, November 1982. | RFC 826, November 1982. | |||
| [RFC6583] Gashinsky, I., Jaeggli, J., and W. Kumari, "Operational | ||||
| Neighbor Discovery Problems", RFC 6583, March 2012. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Erik Nordmark | Erik Nordmark | |||
| Cisco Systems, Inc. | Cisco Systems, Inc. | |||
| 510 McCarthy Blvd. | 510 McCarthy Blvd. | |||
| Milpitas, CA, 95035 | Milpitas, CA, 95035 | |||
| USA | USA | |||
| Phone: +1 408 527 6625 | Phone: +1 408 527 6625 | |||
| Email: nordmark@cisco.com | Email: nordmark@cisco.com | |||
| End of changes. 12 change blocks. | ||||
| 31 lines changed or deleted | 30 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||