idnits 2.17.1 draft-ietf-dna-simple-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 2 instances of too long lines in the document, the longest one being 7 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (August 9, 2010) is 5008 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'Appendix A' is mentioned on line 155, but not defined == Missing Reference: 'S' is mentioned on line 273, but not defined == Missing Reference: 'D' is mentioned on line 292, but not defined == Unused Reference: 'RFC3736' is defined on line 738, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3736 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) Summary: 3 errors (**), 0 flaws (~~), 6 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Krishnan 3 Internet-Draft Ericsson 4 Intended status: Standards Track G. Daley 5 Expires: February 10, 2011 NetStar Networks 6 August 9, 2010 8 Simple procedures for Detecting Network Attachment in IPv6 9 draft-ietf-dna-simple-15 11 Abstract 13 Detecting Network Attachment allows hosts to assess if its existing 14 addressing or routing configuration is valid for a newly connected 15 network. This document provides simple procedures for detecting 16 network attachment in IPv6 hosts, and procedures for routers to 17 support such services. 19 Status of this Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at http://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on February 10, 2011. 36 Copyright Notice 38 Copyright (c) 2010 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (http://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Requirements notation . . . . . . . . . . . . . . . . . . . . 3 54 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2.1. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2.2. Applicability . . . . . . . . . . . . . . . . . . . . . . 4 57 2.3. Link Identification model . . . . . . . . . . . . . . . . 4 58 2.4. DNA Overview . . . . . . . . . . . . . . . . . . . . . . . 4 59 2.5. Working Assumptions . . . . . . . . . . . . . . . . . . . 5 60 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 61 4. The Simple DNA Address Table (SDAT) . . . . . . . . . . . . . 7 62 5. Host Operations . . . . . . . . . . . . . . . . . . . . . . . 7 63 5.1. On receipt of a Router Advertisement . . . . . . . . . . . 7 64 5.2. After assignment of a DHCPv6 address . . . . . . . . . . . 8 65 5.3. Steps involved in detecting link change . . . . . . . . . 8 66 5.4. Link-Layer Indication . . . . . . . . . . . . . . . . . . 8 67 5.5. Sending Neighbor Discovery probes . . . . . . . . . . . . 9 68 5.5.1. Sending Router Solicitations . . . . . . . . . . . . . 9 69 5.5.2. Sending Neighbor Solicitations . . . . . . . . . . . . 9 70 5.5.3. Concurrent sending of RS and NS probes . . . . . . . . 9 71 5.5.4. Initiating DHCPv6 exchange . . . . . . . . . . . . . . 9 72 5.6. Contents of the Neighbor Discovery messages . . . . . . . 11 73 5.6.1. Neighbor Solicitation messages . . . . . . . . . . . . 11 74 5.6.2. Router Solicitation messages . . . . . . . . . . . . . 11 75 5.7. Response Gathering . . . . . . . . . . . . . . . . . . . . 12 76 5.7.1. Receiving Neighbor Advertisements . . . . . . . . . . 12 77 5.7.2. Receiving Router Advertisements . . . . . . . . . . . 12 78 5.7.3. Conflicting results . . . . . . . . . . . . . . . . . 12 79 5.8. Further Host Operations . . . . . . . . . . . . . . . . . 12 80 5.9. On connecting to a new point of attachment . . . . . . . . 13 81 5.10. Periodic Maintenance of the SDAT . . . . . . . . . . . . . 13 82 5.11. Recommended retransmission behavior . . . . . . . . . . . 13 83 6. Pseudocode for Simple DNA . . . . . . . . . . . . . . . . . . 15 84 7. Constants . . . . . . . . . . . . . . . . . . . . . . . . . . 16 85 8. Relationship to DNAv4 . . . . . . . . . . . . . . . . . . . . 17 86 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 87 10. Security Considerations . . . . . . . . . . . . . . . . . . . 17 88 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 89 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 90 12.1. Normative References . . . . . . . . . . . . . . . . . . . 18 91 12.2. Informative References . . . . . . . . . . . . . . . . . . 19 92 Appendix A. Issues with confirming manually assigned addresses . 19 93 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20 95 1. Requirements notation 97 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 98 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 99 document are to be interpreted as described in [RFC2119]. 101 2. Introduction 103 Hosts require procedures to simply and reliably identify if they have 104 moved to a network to which they had been recently connected. In 105 order to detect reconnection to a previously visited network, router 106 and neighbor discovery messages are used to collect reachability and 107 configuration information. This information is used to detect if the 108 host has attached to a link for which it may still have valid address 109 and other configuration information, and which it can use until it 110 receives confirmation through either through the Neighbor Discovery 111 protocol or DHCPv6. 113 This document incorporates feedback from host and router operating 114 systems implementors, which seeks to make implementation and adoption 115 of IPv6 change detection procedures simple for general use. 117 2.1. Goals 119 The goal of this document is to specify a simple procedure for 120 detecting network attachment (Simple DNA) that has the following 121 characteristics. 123 o Routers do not have to be modified to support this scheme. 125 o The most common use cases are optimized. 127 o In the worst case, detection latency is equal to that of standard 128 neighbor discovery so that performance is never degraded. 130 o False positives are not acceptable. A host MUST NOT wrongly 131 conclude that it has reattached to a previouly visited network. 133 o False negatives are acceptable. A host MAY fail to identify a 134 previously visited link correctly and attempt to acquire fresh 135 addressing and configuration information. 137 2.2. Applicability 139 The Simple DNA protocol provides substantial benefits over standard 140 neighbor discovery procedures [RFC4861] in some scenarios and does 141 not provide any benefit at all in certain other scenarios. This is 142 intentional as Simple DNA was designed for simplicity rather than 143 completeness. In particular, the Simple DNA protocol provides 144 maximum benefits when a host moves between a small set of known 145 links. When a host moves to a completely new link that is previously 146 unknown, the performance of the Simple DNA protocol will be identical 147 to that using standard neighbor discovery procedures [RFC4861]. In 148 this case the main benefit of the Simple DNA protocol is to 149 immediately flush out the inoperable addresses and configuration 150 instead of timing them out. The Simple DNA procedure provides 151 support for addresses configured using either IPv6 Stateless Address 152 Autoconfiguration [RFC4862] or DHCPv6 [RFC3315]. It does not support 153 manually configured addresses since they are not widely used and can 154 cause unpredictable results and/or aggressive probing behavior 155 [Appendix A]. 157 2.3. Link Identification model 159 Earlier methods of detecting network attachment, e.g. the procedure 160 defined in [I-D.ietf-dna-protocol], relied on detecting whether the 161 host was still connected to the same link. If the host was attached 162 to the same link, all information related to the link such as the 163 routers, prefixes and configuration parameters was considered to be 164 valid. The Simple DNA protocol follows an alternate approach where 165 it relies on probing each previously known router to determine 166 whether to use information learnt from THAT router. This allows 167 simple DNA to probe routers learnt from multiple earlier attachments 168 to optimize movement between a known set of links. 170 2.4. DNA Overview 172 Detecting Network Attachment is performed by hosts after detecting a 173 link-layer "up" indication. The host uses a combination of unicast 174 Neighbor Solicitations (NSs), multicast Router Solicitations (RSs) 175 and DHCPv6 message exchanges in order to determine whether previously 176 encountered routers are present on the link, and if they are not, 177 acquire the new configuration information. 179 Hosts implementing simple DNA may also send DHCPv6 packets, as 180 described in Section 5.5.4. Since simple DNA does not modify the 181 DHCPv6 protocol or state machine, the operation of DHCPv6 is 182 unchanged. 184 Routers that follow the standard neighbor discovery procedure 185 described in [RFC4861] will delay the router advertisement by a 186 random period between 0 and MAX_RA_DELAY_TIME (defined to be 500ms) 187 as described in Section 6.2.6 of [RFC4861]. In addition, consecutive 188 RAs sent to the all-nodes multicast address are rate limited to no 189 more than one advertisement every MIN_DELAY_BETWEEN_RAS (defined to 190 be 3 seconds). This will result in a worst-case delay of 3.5 seconds 191 in the absence of any packet loss. 193 Hosts implementing simple DNA can detect the presence of a previously 194 encountered router using unicast Neighbor Solicitations. As a 195 result, where the host with a valid configuration is returning to a 196 previously encountered link, delays in the sending of a Router 197 Advertisement (RA) will not delay configuration as long as NS probing 198 is successful. However in situations where the host is attaching to 199 a link for the first time, or where it does not have a valid IP 200 address on the link, it will be dependent on the receipt of an RA for 201 stateless auto-configuration. In these situations delays in the 202 receipt of an RA can be significant and may result in service 203 disruption. 205 2.5. Working Assumptions 207 There are a series of assumptions about the network environment which 208 underpin these procedures. 210 o The combination of the link layer address and the link local IPv6 211 address of a router is unique across links. 213 o Hosts receive indications when a link-layer comes up. Without 214 this, they would not know when to commence the DNA procedure. 216 If these assumptions do not hold, host change detection systems will 217 not function optimally. In that case, they may occasionally detect 218 change spuriously, or experience some delay in detecting network 219 attachment. The delays so experienced will be no longer than those 220 caused by following the standard neighbor discovery procedure 221 described in [RFC4861]. 223 3. Terminology 225 +---------------------+---------------------------------------------+ 226 | Term | Definition | 227 +---------------------+---------------------------------------------+ 228 | Valid IPv6 address | An IPv6 address configured on the node that | 229 | | has a valid lifetime greater than zero. | 230 | | | 231 | Operable IPv6 | An IPv6 address configured on the node that | 232 | address | can be used safely on the current link. | 233 | | | 234 | Router identifier | Identifier formed using the link-local | 235 | | address of a router along with its | 236 | | link-layer address. | 237 | | | 238 | D-Flag | Flag indicating whether the address was | 239 | | obtained using SLAAC or DHCPv6. If it is | 240 | | set to 0, then SLAAC was used to configure | 241 | | the address. If it is set to 1, then DHCPv6 | 242 | | was used to configure the address. | 243 | | | 244 | O-Flag | Flag indicating whether the address is | 245 | | operable. If it is set to 0, the address is | 246 | | inoperable. If it is set to 1, the address | 247 | | is operable. | 248 | | | 249 | S-Flag | Flag indicating whether SEND [RFC3971] was | 250 | | used in the Router Advertisement that | 251 | | resulted in the creation/modification of | 252 | | this SDAT entry. If it is set to 0, then | 253 | | SEND was not used. If it is set to 1, then | 254 | | SEND was used. | 255 | | | 256 | Candidate Router | A router address in the SDAT that is | 257 | Address | associated with at least one valid address. | 258 | | | 259 | Candidate Router | A set of router addresses that has been | 260 | Set | identified for NS based probing. | 261 +---------------------+---------------------------------------------+ 263 Table 1: Simple DNA Terminology 265 4. The Simple DNA Address Table (SDAT) 267 In order to correctly perform the procedure described in this 268 document the host needs to maintain a data structure called the 269 Simple DNA address table (SDAT). The host needs to maintain this 270 data structure for each interface on which it performs Simple DNA. 271 Each entry in the SDAT table will be indexed by the router identifier 272 (link-local + link layer address of the router) and consists of at 273 least the following parameters. Fields tagged as [S] are used for 274 addresses configured using SLAAC. Fields tagged as [D] are used for 275 addresses obtained using DHCPv6. Fields tagged as [S+D] are used in 276 both cases. 278 o [S+D]Link-local IPv6 address of the router(s) 280 o [S+D]Link-layer (MAC) address of the router(s) 282 o [S+D]Flag indicating whether the address was obtained using SLAAC 283 or DHCPv6.(The D-Flag) 285 o [S+D]IPv6 address and its related parameters like valid lifetime, 286 preferred lifetime etc. 288 o [S]Prefix from which the address was formed. 290 o [S]Flag indicating whether SEND was used.(The S-Flag) 292 o [D]DHCP specific information in case DHCPv6 [RFC3315] was used to 293 acquire the address. This information includes DUID, IA_ID, a 294 flag indicating IA_NA/IA_TA, configuration information such as DNS 295 server address, NTP server address etc. 297 o [S+D]Flag indicating whether the address is operable.(The O-Flag) 299 5. Host Operations 301 On connecting to a new point of attachment, the host performs the 302 detecting network attachment procedure in order to determine whether 303 the existing addressing and configuration information are still 304 valid. 306 5.1. On receipt of a Router Advertisement 308 When the host receives a Router Advertisement and the router 309 identifier of the sending router is not present in the SDAT, the host 310 processes the Router Advertisement as specified in Section 6.3.4. of 311 [RFC4861]. Additionally, the host performs the following operations. 313 If the Router Advertisement is protected by SEND the S-Flag MUST be 314 set to 1 in the SDAT entries created/modified by this RA. 316 o The host configures addresses out of the autoconfigurable prefixes 317 advertised in the RA, as specified in [RFC4862]. The host MUST 318 add an SDAT entry (indexed by this router identifier) for each 319 such address the host configures. 321 o The host might have already configured addresses out of the 322 autoconfigurable prefixes advertised in the RA. This could be a 323 result of receiving the prefix in an RA from another router on the 324 same link. The host MUST add an SDAT entry (indexed by this 325 router identifier) for each such address the host had already 326 configured. 328 o The host might have DHCPv6 assigned addresses that are known to be 329 operable on the link. The host MUST add an SDAT entry (indexed by 330 this router identifier) for each such DHCPv6 address. 332 5.2. After assignment of a DHCPv6 address 334 After the host is assigned an address by a DHCPv6 server, it needs to 335 associate the address with the routers on link. The host MUST create 336 one SDAT entry for each of the on-link routers associated with the 337 DHCPv6 assigned address. 339 5.3. Steps involved in detecting link change 341 The steps involved in basic detection of network attachment are: 343 o Link-Layer Indication 345 o Sending of neighbor discovery and/or DHCPv6 probes 347 o Response gathering and assessment 349 These steps are described below. 351 5.4. Link-Layer Indication 353 In order to start Detection of network attachment procedures, a host 354 typically requires a link-layer indication that the medium has become 355 available [RFC4957]. 357 After the indication is received, the host MUST mark all currently 358 configured (non-tentative) IP addresses as inoperable until the 359 change detection process completes. It MUST also set all Neighbor 360 Cache entries for the routers on its Default Router List to STALE. 362 This is done to speed up the acquisition of a new default router in 363 case the host attaches to a previously unvisited link. 365 5.5. Sending Neighbor Discovery probes 367 5.5.1. Sending Router Solicitations 369 When a host receives a link-layer "up" indication, it SHOULD 370 immediately send a Router Solicitation (as specified in as specified 371 in section 6.3.7 of [RFC4861]). The Router Solicitation is sent to 372 the All-routers multicast address using a link-local address as the 373 source address [RFC4861]. Even if the host is in possession of more 374 than one valid IPv6 address, it MUST send only one router 375 solicitation using a valid link-local address as the source address. 377 5.5.2. Sending Neighbor Solicitations 379 The host iterates through the SDAT to identify a set of candidate 380 routers for NS based probing. Each router in the SDAT that is 381 associated with at least one valid address is added to the candidate 382 router set exactly once. For each router in the candidate router set 383 the host MUST send an unicast Neighbor Solicitation to the router's 384 link-local address it obtained from the lookup on the SDAT. The host 385 MUST set link-layer destination address in each of these neighbor 386 solicitations to the link-layer address of the router stored in the 387 SDAT. The host MUST NOT send unicast Neighbor Solicitations to a 388 router that is not associated to a valid address in the SDAT. If at 389 least one entry in the SDAT for a given router had the S-Flag set, 390 the host SHOULD use SEND to secure the NS probe being sent to the 391 router. 393 5.5.3. Concurrent sending of RS and NS probes 395 The host SHOULD send the Neighbor Solicitation based unicast probes 396 in parallel with the multicast Router Solicitation. Since sending 397 NSs is just an optimization, doing the NSs and the RS in parallel 398 ensures that the procedure does not run slower than it would if it 399 only used an Router Solicitation. 401 NOTE: A Simple DNA implementation SHOULD limit its NS based probing 402 to at most six previously seen routers 404 5.5.4. Initiating DHCPv6 exchange 406 On receiving a link-layer "up" indication, the host will initiate a 407 DHCPv6 exchange when and as specified in [RFC3315] in order to verify 408 whether the addresses and configuration obtained using DHCPv6 are 409 still usable on the link. Note that DHCPv6, as specified today, only 410 attempts to confirm addresses obtained on the most recently attached 411 link. 413 5.6. Contents of the Neighbor Discovery messages 415 5.6.1. Neighbor Solicitation messages 417 This section describes the contents of the neighbor solicitation 418 probe messages sent during the probing procedure. 420 Source Address: A link-local address assigned to the 421 probing host. 423 Destination Address: The link-local address of the router being 424 probed as learned from the SDAT. 426 Hop Limit: 255 428 ND Options: 430 Target Address: The link-local address of the router being 431 probed as learnt from the SDAT. 433 Link Layer Header: 435 Destination Address: The link-layer (MAC) address of the router 436 being probed as learnt from the SDAT. 438 The probing node SHOULD include the Source link-layer address option 439 in the probe messages. 441 5.6.2. Router Solicitation messages 443 This section describes the contents of the router solicitation probe 444 message sent during the probing procedure. 446 Source Address: A link-local address assigned to the 447 probing host. 449 Destination Address: The all-routers multicast address. 451 Hop Limit: 255 453 The probing node SHOULD NOT include the Source link-layer address 454 option in the probe messages. 456 5.7. Response Gathering 458 5.7.1. Receiving Neighbor Advertisements 460 When a Neighbor Advertisement is received from a router in response 461 to a NS probe, the host MUST verify that both the IPv6 and link layer 462 (MAC) addresses of the router match the expected values before 463 utilizing the configuration associated with the detected network 464 (prefixes, MTU etc.). The host MUST then go through the SDAT and 465 mark the addresses associated with the router as operable. 467 5.7.2. Receiving Router Advertisements 469 On reception of a Router Advertisement the host MUST go through the 470 SDAT and mark all the addresses associated with the router as 471 inoperable. The host MUST then process the Router Advertisement as 472 specified in Section 6.3.4. of [RFC4861]. 474 5.7.3. Conflicting results 476 5.7.3.1. Conflicting results between RS and NS probes 478 Where the conclusions obtained from the Neighbor Solicitation/ 479 Advertisement from a given router and the RS/RA exchange with the 480 same router differ, the results obtained from the RS/RA will be 481 considered definitive. In case the Neighbor Advertisement was 482 secured using SEND and the Router Advertisement was not, the host 483 MUST wait for SEND_NA_GRACE_TIME to see if a SEND-secured RA is 484 received. If a SEND-secured RA is not received, the conclusions 485 obtained from the NS/NA exchange will be considered definitive. 487 5.7.3.2. Conflicting results between DHCPv6 and NS probes 489 Where the conclusions obtained from the Neighbor Solicitation/ 490 Advertisement for a given DHCPv6-assigned address and the conclusions 491 obtained from the DHCPv6 exchange differ, the results obtained from 492 the DHCPv6 exchange will be considered definitive. 494 5.8. Further Host Operations 496 Operations subsequent to detecting network attachment depend upon 497 whether or not the host has reconnected to a previously visited 498 network. 500 After confirming the reachability of the associated router using an 501 NS/NA pair, the host performs the following steps. 503 o The host SHOULD rejoin any solicited nodes' multicast groups for 504 addresses it continues to use. 506 o The host SHOULD select a default router as described in Section 507 6.3.6 of [RFC4861]. 509 If the host has determined that it has reattached to a previously 510 visited link, it SHOULD NOT perform duplicate address detection on 511 the addresses that have been confirmed to be operable. 513 If the NS based probe with a router did not complete or if the RS 514 based probe on the same router completed with different prefixes than 515 the ones in the SDAT the host MUST begin address configuration 516 techniques, as indicated in a received Router Advertisement 517 [RFC4861][RFC4862]. 519 5.9. On connecting to a new point of attachment 521 A host usually maintains SDAT entries from some number of previously 522 visited networks. When the host attaches to a previously unknown 523 network it MAY need to discard some older SDAT entries. 525 5.10. Periodic Maintenance of the SDAT 527 The host SHOULD maintain the SDAT table by removing entries when the 528 valid lifetime for the prefix and address expires, that is, at the 529 same as as the prefix is removed from the Prefix List in [RFC4861]. 530 The host SHOULD also remove a router from a SDAT entry when that 531 router stops advertising a particular prefix. When three consequtive 532 RAs from a particular router have not included a prefix, then the 533 router should be removed from the corresponding SDAT entry. 534 Likewise, if a router starts advertising a prefix for which there 535 already exists a SDAT entry then that router should be added to the 536 SDAT entry. 538 5.11. Recommended retransmission behavior 540 Where the NS probe does not complete successfully, it usually implies 541 that the host is not attached to the network whose configuration is 542 being tested. In such circumstances, there is typically little value 543 in aggressively retransmitting unicast neighbor solicitations that do 544 not elicit a response. 546 Where unicast Neighbor Solicitations and Router Solicitations are 547 sent in parallel, one strategy is to forsake retransmission of 548 Neighbor Solicitations and to allow retransmission only of Router 549 Solicitations or DHCPv6. In order to reduce competition between 550 unicast Neighbor Solicitations and Router Solicitations and DHCPv6 551 retransmissions, a DNAv6 implementation that retransmits may utilize 552 the retransmission strategy described in the DHCPv6 specification 553 [RFC3315], scheduling DNAv6 retransmissions between Router 554 Solicitations or DHCPv6 retransmissions. 556 If a response is received to any unicast Neighbor Solicitation or 557 Router Solicitation message, pending retransmissions MUST be 558 canceled. A Simple DNA implementation SHOULD NOT retransmit a 559 Neighbor Solicitation more than twice. To provide damping in the 560 case of spurious Link Up indications, the host SHOULD NOT perform the 561 Simple DNA procedure more than once a second. 563 6. Pseudocode for Simple DNA 565 /* Link up indication received on INTERFACE */ 566 /* Start Simple DNA process */ 568 /* Mark All Addresses as inoperable */ 569 Configured_Address_List=Get_Address_List(INTERFACE); 570 foreach Configured_Address in Configured_Address_List 571 { 572 if (Get_Address_State(Configured_Address)!=AS_TENTATIVE) 573 { 574 Set_Address_State(Configured_Address,AS_INOPERABLE); 575 } 576 } 578 /* Mark all routers' NC entries as STALE to speed up */ 579 /* acquisition of new router if link change has occurred */ 580 foreach Router_Address in DEFAULT_ROUTER_LIST 581 { 582 NCEntry=Get_Neighbor_Cache_Entry(Router_Address); 583 Set_Neighbor_Cache_Entry_State(NCEntry,NCS_STALE); 584 } 586 /* Thread A : Send Router Solicitation */ 587 RS_Target_Address=FF02::2; 588 RS_Source_Address=Get_Any_Link_Local_Address(INTERFACE); 589 Send_Router_Solicitation(RS_Source_Address,RS_Target_Address); 591 /* Thread B : Send Neighbor Solicitation(s) */ 592 Previously_Known_Router_List=Get_Router_List_from_SDAT(); 593 NS_Source_Address=Get_Any_Link_Local_Address(INTERFACE); 595 foreach Router_Address in Previously_Known_Router_List 596 { 597 if (Get_Any_Valid_Address_from_SDAT(Router_Address)) 598 { 599 Send_Neighbor_Solicitation(NS_Source_Address,Router_Address.L3_Address, 600 Router_Address.L2_Address); 601 } 602 } 604 /* Thread C : Response collection of RAs */ 606 /* Received Router Advertisement processing */ 607 /* Only for RAs received from routers in the SDAT */ 609 L3_Source=Get_L3_Source(RECEIVED_MESSAGE); 610 L2_Source=Get_L2_Source(RECEIVED_MESSAGE); 611 SDAT_Entry_List=Get_Entries_from_SDAT_L2L3(L3_Source,L2_Source)); 613 /* Mark all the addresses associated with the router as inoperable */ 614 foreach SDAT_Entry in SDAT_Entry_List 615 { 616 Set_Address_State(SDAT_Entry,AS_INOPERABLE); 617 } 619 /* Ignore further NAs from this router */ 620 /* after delaying for x milliseconds */ 621 Add_Router_to_NA_Ignore_List(L3_Source,SEND_NA_GRACE_PERIOD); 623 /* Perform Standard RA processing as per RFC4861/RFC4862 */ 625 /* Thread D : Response collection of NAs */ 627 /* Received Neighbor Advertisement processing */ 628 /* Only for NAs received as response to DNA NSs */ 630 L3_Source=Get_L3_Source(RECEIVED_MESSAGE); 631 L2_Source=Get_L2_Source(RECEIVED_MESSAGE); 633 if (Is_Router_on_NA_Ignore_List(L3_Source)) { 634 /* Ignore message and wait for next message */ 635 continue; 636 } 638 SDAT_Entry_List=Get_Entries_from_SDAT_L2L3(L3_Source,L2_Source)); 640 foreach SDAT_Entry in SDAT_Entry_List 641 { 642 /* Address is operable. */ 643 Set_Address_State(SDAT_Entry,AS_OPERABLE); 644 /* Configure on Interface */ 645 } 647 Figure 1: Pseudocode for Simple DNA 649 NOTE: This section does not include any pseudo-code for sending of 650 the DHCPv6 packets since the DHCPv6 exchange is orthogonal to the 651 simple DNA process. 653 7. Constants 654 SEND_NA_GRACE_TIME 656 Definition: An optional period to wait after Neighbor 657 Solicitation before adopting a non-SEND RA's link change 658 information. 660 Value: 40 milliseconds 662 8. Relationship to DNAv4 664 DNAv4 [RFC4436] specifies a set of steps that optimize the (common) 665 case of re-attachment to an IPv4 network that one has been connected 666 to previously by attempting to re-use a previous (but still valid) 667 configuration. This document shares the same goal as DNAv4 (that of 668 minimizing the handover latency in moving between points of 669 attachment) but differs in the steps it performs to achieve this 670 goal. Another difference is that this document also supports 671 stateless autoconfiguration of addresses in addition to addresses 672 configured using DHCPv6. 674 9. IANA Considerations 676 There are no changes to IANA registries required in this document. 678 10. Security Considerations 680 A host may receive Router Advertisements from non-SEND devices, after 681 receiving a link-layer indications. While it is necessary to assess 682 quickly whether a host has moved to another network, it is important 683 that the host's current secured SEND [RFC3971] router information is 684 not replaced by an attacker which spoofs an RA and purports to change 685 the link. 687 As such, the host SHOULD send a Neighbor Solicitation to the existing 688 SEND router upon link-up indication as described above in 689 Section 5.4. The host SHOULD then ensure that unsecured router 690 information does not cause deletion of existing SEND state, within 691 MIN_DELAY_BETWEEN_RAS, in order to allow for a present SEND router to 692 respond. 694 If the current default router is a SEND-secured router, the host 695 SHOULD wait SEND_NA_GRACE_TIME after transmission before adopting a 696 new default router. 698 Even if SEND signatures on RAs are used, it may not be immediately 699 clear if the router is authorized to make such advertisements. As 700 such, a host SHOULD NOT treat such devices as secure until and unless 701 authorization delegation discovery is successful. 703 Unless SEND or other form of secure address configuration is used, 704 the DNA procedure does not in itself provide positive, secure 705 authentication of the router(s) on the network, or authentication of 706 the network itself, as e.g. would be provided by mutual 707 authentication at the link layer. Therefore when such assurance is 708 not available, the host MUST NOT make any security-sensitive 709 decisions based on the DNA procedure alone. In particular, it MUST 710 NOT decide that it has moved from an untrusted to a trusted network, 711 and MUST NOT make any security decisions that depend on the 712 determination that such a transition has occurred. 714 11. Acknowledgments 716 This document is the product of a discussion the authors had with 717 Bernard Aboba, Thomas Narten, Erik Nordmark and Dave Thaler at IETF 718 69. The authors would like to thank them for clearly detailing the 719 requirements of the solution and the goals it needed to meet and for 720 helping to explore the solution space. The authors would like to 721 thank the authors and editors of the complete DNA specification for 722 detailing the overall problem space and solutions. The authors would 723 like to thank Jari Arkko for driving the evolution of a simple and 724 probabilistic DNA solution. The authors would like to thank Bernard 725 Aboba, Thomas Narten, Jari Arkko, Sathya Narayan, Julien Laganier, 726 Domagoj Premec, Jin Hyeock-Choi, Alfred Hoenes, Frederic Rossi, Ralph 727 Droms, Ted Lemon, Erik Nordmark, Lars Eggert, Brian Carpenter and 728 Yaron Sheffer for performing reviews on the document and providing 729 valuable comments to drive the document forward. 731 12. References 733 12.1. Normative References 735 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 736 Requirement Levels", BCP 14, RFC 2119, March 1997. 738 [RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol 739 (DHCP) Service for IPv6", RFC 3736, April 2004. 741 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 742 and M. Carney, "Dynamic Host Configuration Protocol for 743 IPv6 (DHCPv6)", RFC 3315, July 2003. 745 [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure 746 Neighbor Discovery (SEND)", RFC 3971, March 2005. 748 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 749 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 750 September 2007. 752 12.2. Informative References 754 [I-D.ietf-dna-protocol] 755 Narayanan, S., "Detecting Network Attachment in IPv6 756 Networks (DNAv6)", draft-ietf-dna-protocol (work in 757 progress), June 2007. 759 [RFC4957] Krishnan, S., Montavont, N., Njedjou, E., Veerepalli, S., 760 and A. Yegin, "Link-Layer Event Notifications for 761 Detecting Network Attachments", RFC 4957, August 2007. 763 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 764 Address Autoconfiguration", RFC 4862, September 2007. 766 [RFC4436] Aboba, B., Carlson, J., and S. Cheshire, "Detecting 767 Network Attachment in IPv4 (DNAv4)", RFC 4436, March 2006. 769 Appendix A. Issues with confirming manually assigned addresses 771 Even though DNAv4 [RFC4436] supports verification of manually 772 assigned addresses this feature of DNAv4 has not been widely 773 implemented or used. There are two major issues that come up with 774 confirming manually assigned addresses using Simple DNA. 776 o When DHCPv6 or SLAAC addresses are used for probing, there is no 777 need to aggressively retransmit lost probes. This is because the 778 address configuration falls back to vanilla DHCPv6 or SLAAC and 779 the host will eventually obtain an address. This is not the case 780 with manually assigned addresses. If the probes are lost, the 781 host runs the risk of ending up with no addresses at all. Hence 782 agressive retransmissions are necessary. 784 o Another issue comes up when the host moves between two networks, 785 one where manual addressing is being used (say NET1)and the other 786 where dynamic addressing (stateless autoconfig or DHCPv6) is being 787 used (say NET2). Since the host can obtain a dynamic address in 788 some situations, it will need to send simple DNA probes and may 789 also engage in a DHCPv6 exchange. In a situation where the host 790 moves to NET1 and the NS probes are lost and in addition an RA is 791 not received, the host will not be able to confirm that it 792 attached to NET1, and therefore that it should use the manual 793 configuration for that network. As a result, if DHCPv6 is enabled 794 on NET1, then the host could mistakenly obtain a dynamic address 795 and configuration instead of using the manual configuration. To 796 prevent this problem, simple DNA probing needs to continue even 797 after the DHCPv6 exchange has completed, and DNA probes need to 798 take precedence over DHCPv6, contrary to the advice provided in 799 Section 5.7.3 801 Given these issues, it is NOT RECOMMENDED to use manual addressing 802 with Simple DNA. 804 Authors' Addresses 806 Suresh Krishnan 807 Ericsson 808 8400 Decarie Blvd. 809 Town of Mount Royal, QC 810 Canada 812 Phone: +1 514 345 7900 x42871 813 Email: suresh.krishnan@ericsson.com 815 Greg Daley 816 NetStar Networks 817 Level 9/636 St Kilda Rd 818 Melbourne, Victoria 3004 819 Australia 821 Phone: +61 3 8532 4042 822 Email: gdaley@netstarnetworks.com