idnits 2.17.1 

draft-ietf-ipv6-rfc2462bis-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords. 

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (June 17, 2004) is 7250 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Obsolete normative reference: RFC 2402 (ref. '1') (Obsoleted by RFC
     4302, RFC 4305)

  ** Obsolete normative reference: RFC 3513 (ref. '4') (Obsoleted by RFC 4291)

  ** Obsolete normative reference: RFC 2461 (ref. '5') (Obsoleted by RFC 4861)

  -- Obsolete informational reference (is this intentional?): RFC 3315 (ref.
     '6') (Obsoleted by RFC 8415)

  -- Obsolete informational reference (is this intentional?): RFC 3736 (ref.
     '7') (Obsoleted by RFC 8415)

  -- Obsolete informational reference (is this intentional?): RFC 3484 (ref.
     '8') (Obsoleted by RFC 6724)

  -- Obsolete informational reference (is this intentional?): RFC 3041 (ref.
     '9') (Obsoleted by RFC 4941)


     Summary: 4 errors (**), 0 flaws (~~), 3 warnings (==), 6 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------

1	IETF IPv6 Working Group                                       S. Thomson
2	Internet-Draft                                                     Cisco
3	Expires: December 16, 2004                                     T. Narten
4	                                                                     IBM
5	                                                               T. Jinmei
6	                                                                 Toshiba
7	                                                           June 17, 2004

9	                IPv6 Stateless Address Autoconfiguration
10	                   draft-ietf-ipv6-rfc2462bis-02.txt

12	Status of this Memo

14	   This document is an Internet-Draft and is in full conformance with
15	   all provisions of Section 10 of RFC2026.

17	   Internet-Drafts are working documents of the Internet Engineering
18	   Task Force (IETF), its areas, and its working groups. Note that other
19	   groups may also distribute working documents as Internet-Drafts.

21	   Internet-Drafts are draft documents valid for a maximum of six months
22	   and may be updated, replaced, or obsoleted by other documents at any
23	   time. It is inappropriate to use Internet-Drafts as reference
24	   material or to cite them other than as "work in progress."

26	   The list of current Internet-Drafts can be accessed at http://
27	   www.ietf.org/ietf/1id-abstracts.txt.

29	   The list of Internet-Draft Shadow Directories can be accessed at
30	   http://www.ietf.org/shadow.html.

32	   This Internet-Draft will expire on December 16, 2004.

34	Copyright Notice

36	   Copyright (C) The Internet Society (2004). All Rights Reserved.

38	Abstract

40	   This document specifies the steps a host takes in deciding how to
41	   autoconfigure its interfaces in IP version 6. The autoconfiguration
42	   process includes creating a link-local address and verifying its
43	   uniqueness on a link, determining what information can be
44	   autoconfigured (addresses, other information, or both), and in the
45	   case of addresses, whether they can be obtained through the stateless
46	   mechanism, the stateful mechanism, or both. This document defines the
47	   process for generating a link-local address, the process for
48	   generating global addresses via stateless address autoconfiguration,
49	   and the Duplicate Address Detection procedure. The details of
50	   autoconfiguration using the stateful protocol is specified in RFC
51	   3315 and RFC 3736.

53	Table of Contents

55	   1.    Introduction . . . . . . . . . . . . . . . . . . . . . . . .  3
56	   2.    TERMINOLOGY  . . . . . . . . . . . . . . . . . . . . . . . .  5
57	   2.1   Requirements . . . . . . . . . . . . . . . . . . . . . . . .  7
58	   3.    DESIGN GOALS . . . . . . . . . . . . . . . . . . . . . . . .  7
59	   4.    PROTOCOL OVERVIEW  . . . . . . . . . . . . . . . . . . . . .  8
60	   4.1   Site Renumbering . . . . . . . . . . . . . . . . . . . . . . 10
61	   5.    PROTOCOL SPECIFICATION . . . . . . . . . . . . . . . . . . . 11
62	   5.1   Node Configuration Variables . . . . . . . . . . . . . . . . 11
63	   5.2   Autoconfiguration-Related Structures . . . . . . . . . . . . 12
64	   5.3   Creation of Link-Local Addresses . . . . . . . . . . . . . . 12
65	   5.4   Duplicate Address Detection  . . . . . . . . . . . . . . . . 13
66	   5.4.1 Message Validation . . . . . . . . . . . . . . . . . . . . . 14
67	   5.4.2 Sending Neighbor Solicitation Messages . . . . . . . . . . . 14
68	   5.4.3 Receiving Neighbor Solicitation Messages . . . . . . . . . . 15
69	   5.4.4 Receiving Neighbor Advertisement Messages  . . . . . . . . . 16
70	   5.4.5 When Duplicate Address Detection Fails . . . . . . . . . . . 17
71	   5.5   Creation of Global Addresses . . . . . . . . . . . . . . . . 17
72	   5.5.1 Soliciting Router Advertisements . . . . . . . . . . . . . . 17
73	   5.5.2 Absence of Router Advertisements . . . . . . . . . . . . . . 17
74	   5.5.3 Router Advertisement Processing  . . . . . . . . . . . . . . 18
75	   5.5.4 Address Lifetime Expiry  . . . . . . . . . . . . . . . . . . 20
76	   5.6   Configuration Consistency  . . . . . . . . . . . . . . . . . 21
77	   5.7   Retaining Configured Addresses for Stability . . . . . . . . 21
78	   6.    SECURITY CONSIDERATIONS  . . . . . . . . . . . . . . . . . . 21
79	   7.    IANA CONSIDERATIONS  . . . . . . . . . . . . . . . . . . . . 22
80	   8.    Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22
81	         Normative References . . . . . . . . . . . . . . . . . . . . 22
82	         Informative References . . . . . . . . . . . . . . . . . . . 23
83	         Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 23
84	   A.    LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION . . . . . 24
85	   B.    CHANGES SINCE RFC 1971 . . . . . . . . . . . . . . . . . . . 25
86	   C.    CHANGE HISTORY . . . . . . . . . . . . . . . . . . . . . . . 26
87	         Intellectual Property and Copyright Statements . . . . . . . 29

89	1. Introduction

91	   This document specifies the steps a host takes in deciding how to
92	   autoconfigure its interfaces in IP version 6. The autoconfiguration
93	   process includes creating a link-local address and verifying its
94	   uniqueness on a link, determining what information can be
95	   autoconfigured (addresses, other information, or both), and in the
96	   case of addresses, whether they can be obtained through the stateless
97	   mechanism, the stateful mechanism, or both. This document defines the
98	   process for generating a link-local address, the process for
99	   generating global addresses via stateless address autoconfiguration,
100	   and the Duplicate Address Detection procedure. The details of
101	   autoconfiguration using the stateful protocol is specified in RFC
102	   3315 [6] and RFC 3736 [7].

104	   IPv6 defines both a stateful and stateless address autoconfiguration
105	   mechanism. Stateless autoconfiguration requires no manual
106	   configuration of hosts, minimal (if any) configuration of routers,
107	   and no additional servers.  The stateless mechanism allows a host to
108	   generate its own addresses using a combination of locally available
109	   information and information advertised by routers. Routers advertise
110	   prefixes that identify the subnet(s) associated with a link, while
111	   hosts generate an "interface identifier" that uniquely identifies an
112	   interface on a subnet. An address is formed by combining the two. In
113	   the absence of routers, a host can only generate link-local
114	   addresses. However, link-local addresses are sufficient for allowing
115	   communication among nodes attached to the same link.

117	   In the stateful autoconfiguration model, hosts obtain interface
118	   addresses and/or configuration information and parameters from a
119	   DHCPv6 server. Servers maintain a database that keeps track of which
120	   addresses have been assigned to which hosts. The stateful
121	   autoconfiguration protocol allows hosts to obtain addresses, other
122	   configuration information or both from a server. Stateless and
123	   stateful autoconfiguration complement each other. For example, a host
124	   can use stateless autoconfiguration to configure its own addresses,
125	   but use stateful autoconfiguration to obtain other information.

127	   To obtain other configuration information without configuring
128	   addresses in the stateful autoconfiguration model, a subset of DHCPv6
129	   will be used [7]. While the model is called "stateful" here in order
130	   to highlight the contrast to the stateless protocol defined in this
131	   document, the intended protocol is also defined to work in a
132	   stateless fashion. This is based on a result, through operational
133	   experiments, that all known "other" configuration information can be
134	   managed by a stateless server, that is, a server that does not
135	   maintain state of each client that the server provides with the
136	   configuration information.

138	   The stateless approach is used when a site is not particularly
139	   concerned with the exact addresses hosts use, so long as they are
140	   unique and properly routable. The stateful approach is used when a
141	   site requires tighter control over exact address assignments. Both
142	   stateful and stateless address autoconfiguration may be used
143	   simultaneously. The site administrator specifies which type of
144	   autoconfiguration is available through the setting of appropriate
145	   fields in Router Advertisement messages [5].

147	   IPv6 addresses are leased to an interface for a fixed (possibly
148	   infinite) length of time. Each address has an associated lifetime
149	   that indicates how long the address is bound to an interface. When a
150	   lifetime expires, the binding (and address) become invalid and the
151	   address may be reassigned to another interface elsewhere in the
152	   Internet. To handle the expiration of address bindings gracefully, an
153	   address goes through two distinct phases while assigned to an
154	   interface. Initially, an address is "preferred", meaning that its use
155	   in arbitrary communication is unrestricted. Later, an address becomes
156	   "deprecated" in anticipation that its current interface binding will
157	   become invalid. While in a deprecated state, the use of an address is
158	   discouraged, but not strictly forbidden.  New communication (e.g.,
159	   the opening of a new TCP connection) should use a preferred address
160	   when possible.  A deprecated address should be used only by
161	   applications that have been using it and would have difficulty
162	   switching to another address without a service disruption.

164	   To ensure that all configured addresses are likely to be unique on a
165	   given link, nodes run a "duplicate address detection" algorithm on
166	   addresses before assigning them to an interface.  The Duplicate
167	   Address Detection algorithm is performed on all addresses,
168	   independent of whether they are obtained via stateless or stateful
169	   autoconfiguration. This document defines the Duplicate Address
170	   Detection algorithm.

172	   The autoconfiguration process specified in this document applies only
173	   to hosts and not routers. Since host autoconfiguration uses
174	   information advertised by routers, routers will need to be configured
175	   by some other means. However, it is expected that routers will
176	   generate link-local addresses using the mechanism described in this
177	   document. In addition, routers are expected to successfully pass the
178	   Duplicate Address Detection procedure described in this document on
179	   all addresses prior to assigning them to an interface.

181	   Section 2 provides definitions for terminology used throughout this
182	   document. Section 3 describes the design goals that lead to the
183	   current autoconfiguration procedure. Section 4 provides an overview
184	   of the protocol, while Section 5 describes the protocol in detail.

186	2. TERMINOLOGY

188	   IP - Internet Protocol Version 6. The terms IPv4 and IPv6 are used
189	      only in contexts where necessary to avoid ambiguity.

191	   node - a device that implements IP.

193	   router - a node that forwards IP packets not explicitly addressed to
194	      itself.

196	   host - any node that is not a router.

198	   upper layer - a protocol layer immediately above IP. Examples are
199	      transport protocols such as TCP and UDP, control protocols such as
200	      ICMP, routing protocols such as OSPF, and internet or lower-layer
201	      protocols being "tunneled" over (i.e., encapsulated in) IP such as
202	      IPX, AppleTalk, or IP itself.

204	   link - a communication facility or medium over which nodes can
205	      communicate at the link layer, i.e., the layer immediately below
206	      IP.  Examples are Ethernets (simple or bridged); PPP links; X.25,
207	      Frame Relay, or ATM networks; and internet (or higher) layer
208	      "tunnels", such as tunnels over IPv4 or IPv6 itself.

210	   interface - a node's attachment to a link.

212	   packet - an IP header plus payload.

214	   address - an IP-layer identifier for an interface or a set of
215	      interfaces.

217	   unicast address - an identifier for a single interface. A packet sent
218	      to a unicast address is delivered to the interface identified by
219	      that address.

221	   multicast address - an identifier for a set of interfaces (typically
222	      belonging to different nodes). A packet sent to a multicast
223	      address is delivered to all interfaces identified by that address.

225	   anycast address - an identifier for a set of interfaces (typically
226	      belonging to different nodes).  A packet sent to an anycast
227	      address is delivered to one of the interfaces identified by that
228	      address (the "nearest" one, according to the routing protocol's
229	      measure of distance). See the IPv6 addressing architecture [4].

231	   solicited-node multicast address - a multicast address to which
232	      Neighbor Solicitation messages are sent. The algorithm for
233	      computing the address is given in RFC 2461 [5].

235	   link-layer address - a link-layer identifier for an interface.
236	      Examples include IEEE 802 addresses for Ethernet links and E.164
237	      addresses for ISDN links.

239	   link-local address - an address having link-only scope that can be
240	      used to reach neighboring nodes attached to the same link.  All
241	      interfaces have a link-local unicast address.

243	   global address - an address with unlimited scope.

245	   communication - any packet exchange among nodes that requires that
246	      the address of each node used in the exchange remain the same for
247	      the duration of the packet exchange.  Examples are a TCP
248	      connection or a UDP request-response.

250	   tentative address - an address whose uniqueness on a link is being
251	      verified, prior to its assignment to an interface.  A tentative
252	      address is not considered assigned to an interface in the usual
253	      sense. An interface discards received packets addressed to a
254	      tentative address, but accepts Neighbor Discovery packets related
255	      to Duplicate Address Detection for the tentative address.

257	   preferred address - an address assigned to an interface whose use by
258	      upper layer protocols is unrestricted. Preferred addresses may be
259	      used as the source (or destination) address of packets sent from
260	      (or to) the interface.

262	   deprecated address - An address assigned to an interface whose use is
263	      discouraged, but not forbidden.  A deprecated address should no
264	      longer be used as a source address in new communications, but
265	      packets sent from or to deprecated addresses are delivered as
266	      expected.  A deprecated address may continue to be used as a
267	      source address in communications where switching to a preferred
268	      address causes hardship to a specific upper-layer activity (e.g.,
269	      an existing TCP connection).

271	   valid address - a preferred or deprecated address. A valid address
272	      may appear as the source or destination address of a packet, and
273	      the internet routing system is expected to deliver packets sent to
274	      a valid address to their intended recipients.

276	   invalid address - an address that is not assigned to any interface. A
277	      valid address becomes invalid when its valid lifetime expires.
278	      Invalid addresses should not appear as the destination or source
279	      address of a packet. In the former case, the internet routing
280	      system will be unable to deliver the packet, in the latter case
281	      the recipient of the packet will be unable to respond to it.

283	   preferred lifetime - the length of time that a valid address is
284	      preferred (i.e., the time until deprecation). When the preferred
285	      lifetime expires, the address becomes deprecated.

287	   valid lifetime - the length of time an address remains in the valid
288	      state (i.e., the time until invalidation). The valid lifetime must
289	      be greater than or equal to the preferred lifetime.  When the
290	      valid lifetime expires, the address becomes invalid.

292	   interface identifier - a link-dependent identifier for an interface
293	      that is (at least) unique per link [4]. Stateless address
294	      autoconfiguration combines an interface identifier with a prefix
295	      to form an address. From address autoconfiguration's perspective,
296	      an interface identifier is a bit string of known length. The exact
297	      length of an interface identifier and the way it is created is
298	      defined in a separate link-type specific document that covers
299	      issues related to the transmission of IP over a particular link
300	      type (e.g., IPv6 over Ethernet [2]). Note that the address
301	      architecture [4] also defines the length of the interface
302	      identifiers for some set of addresses, but the two sets of
303	      definitions must be consistent. In many cases, the identifier will
304	      be derived from the interface's link-layer address.

306	2.1 Requirements

308	   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
309	   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
310	   document, are to be interpreted as described in RFC 2119 [3].

312	3. DESIGN GOALS

314	   Stateless autoconfiguration is designed with the following goals in
315	   mind:

317	   o  Manual configuration of individual machines before connecting them
318	      to the network should not be required. Consequently, a mechanism
319	      is needed that allows a host to obtain or create unique addresses
320	      for each of its interfaces. Address autoconfiguration assumes that
321	      each interface can provide a unique identifier for that interface
322	      (i.e., an "interface identifier").  In the simplest case, an
323	      interface identifier consists of the interface's link-layer
324	      address. An interface identifier can be combined with a prefix to
325	      form an address.

327	   o  Small sites consisting of a set of machines attached to a single
328	      link should not require the presence of a stateful server or
329	      router as a prerequisite for communicating.  Plug-and-play
330	      communication is achieved through the use of link-local addresses.
331	      Link-local addresses have a well-known prefix that identifies the
332	      (single) shared link to which a set of nodes attach. A host forms
333	      a link-local address by appending its interface identifier to the
334	      link-local prefix.

336	   o  A large site with multiple networks and routers should not require
337	      the presence of a stateful address configuration server. In order
338	      to generate global addresses, hosts must determine the prefixes
339	      that identify the subnets to which they attach.  Routers generate
340	      periodic Router Advertisements that include options listing the
341	      set of active prefixes on a link.

343	   o  Address configuration should facilitate the graceful renumbering
344	      of a site's machines. For example, a site may wish to renumber all
345	      of its nodes when it switches to a new network service provider.
346	      Renumbering is achieved through the leasing of addresses to
347	      interfaces and the assignment of multiple addresses to the same
348	      interface.  Lease lifetimes provide the mechanism through which a
349	      site phases out old prefixes.  The assignment of multiple
350	      addresses to an interface provides for a transition period during
351	      which both a new address and the one being phased out work
352	      simultaneously.

354	   o  System administrators need the ability to specify whether
355	      stateless autoconfiguration, stateful autoconfiguration, or both
356	      are available. Router Advertisements include flags specifying
357	      which mechanisms a host can use.

359	4. PROTOCOL OVERVIEW

361	   This section provides an overview of the typical steps that take
362	   place when an interface autoconfigures itself.  Autoconfiguration is
363	   performed only on multicast-capable links and begins when a
364	   multicast-capable interface is enabled, e.g., during system startup.
365	   Nodes (both hosts and routers) begin the autoconfiguration process by
366	   generating a link-local address for the interface. A link-local
367	   address is formed by appending the interface's identifier to the
368	   well-known link-local prefix.

370	   Before the link-local address can be assigned to an interface and
371	   used, however, a node must attempt to verify that this "tentative"
372	   address is not already in use by another node on the link.
373	   Specifically, it sends a Neighbor Solicitation message containing the
374	   tentative address as the target. If another node is already using
375	   that address, it will return a Neighbor Advertisement saying so. If
376	   another node is also attempting to use the same address, it will send
377	   a Neighbor Solicitation for the target as well. The exact number of
378	   times the Neighbor Solicitation is (re)transmitted and the delay time
379	   between consecutive solicitations is link-specific and may be set by
380	   system management.

382	   If a node determines that its tentative link-local address is not
383	   unique, autoconfiguration stops and manual configuration of the
384	   interface is required.  To simplify recovery in this case, it should
385	   be possible for an administrator to supply an alternate interface
386	   identifier that overrides the default identifier in such a way that
387	   the autoconfiguration mechanism can then be applied using the new
388	   (presumably unique) interface identifier.  Alternatively, link-local
389	   and other addresses will need to be configured manually.

391	   Once a node ascertains that its tentative link-local address is
392	   unique, it assigns the address to the interface. At this point, the
393	   node has IP-level connectivity with neighboring nodes.  The remaining
394	   autoconfiguration steps are performed only by hosts; the
395	   (auto)configuration of routers is beyond the scope of this document.

397	   The next phase of autoconfiguration involves obtaining a Router
398	   Advertisement or determining that no routers are present. If routers
399	   are present, they will send Router Advertisements that specify what
400	   sort of autoconfiguration a host can do. Note that stateful
401	   autoconfiguration may still be available even if no routers are
402	   present.

404	   Routers send Router Advertisements periodically, but the delay
405	   between successive advertisements will generally be longer than a
406	   host performing autoconfiguration will want to wait [5]. To obtain an
407	   advertisement quickly, a host sends one or more Router Solicitations
408	   to the all-routers multicast group. Router Advertisements contain two
409	   flags indicating what type of stateful autoconfiguration (if any) is
410	   available. A "managed address configuration (M)" flag indicates
411	   whether hosts can use stateful autoconfiguration [6] to obtain
412	   addresses. An "other stateful configuration (O)" flag indicates
413	   whether hosts can use stateful autoconfiguration [7] to obtain
414	   additional information (excluding addresses).

416	   The details of how a host may use the M flags, including any use of
417	   the "on" and "off" transitions for this flag, to control the use of
418	   the stateful protocol for address assignment will be described in a
419	   separate document. Similarly, the details of how a host may use the O
420	   flags, including any use of the "on" and "off" transitions for this
421	   flag, to control the use of the stateful protocol for getting other
422	   configuration information will be described in a separate document.

424	   Router Advertisements also contain zero or more Prefix Information
425	   options that contain information used by stateless address
426	   autoconfiguration to generate global addresses.  It should be noted
427	   that the stateless and stateful address autoconfiguration fields in
428	   Router Advertisements are processed independently of one another, and
429	   a host may use both stateful and stateless address autoconfiguration
430	   simultaneously.  One Prefix Information option field, the "autonomous
431	   address-configuration flag", indicates whether or not the option even
432	   applies to stateless autoconfiguration.  If it does, additional
433	   option fields contain a subnet prefix together with lifetime values
434	   indicating how long addresses created from the prefix remain
435	   preferred and valid.

437	   Because routers generate Router Advertisements periodically, hosts
438	   will continually receive new advertisements. Hosts process the
439	   information contained in each advertisement as described above,
440	   adding to and refreshing information received in previous
441	   advertisements.

443	   For safety, all addresses must be tested for uniqueness prior to
444	   their assignment to an interface. The test should individually be
445	   performed on all addresses obtained manually, via stateless address
446	   autoconfiguration, or via stateful address autoconfiguration. To
447	   accommodate sites that believe the overhead of performing Duplicate
448	   Address Detection outweighs its benefits, the use of Duplicate
449	   Address Detection can be disabled through the administrative setting
450	   of a per-interface configuration flag.

452	   To speed the autoconfiguration process, a host may generate its
453	   link-local address (and verify its uniqueness) in parallel with
454	   waiting for a Router Advertisement. Because a router may delay
455	   responding to a Router Solicitation for a few seconds, the total time
456	   needed to complete autoconfiguration can be significantly longer if
457	   the two steps are done serially.

459	4.1 Site Renumbering

461	   Address leasing facilitates site renumbering by providing a mechanism
462	   to time-out addresses assigned to interfaces in hosts.  At present,
463	   upper layer protocols such as TCP provide no support for changing
464	   end-point addresses while a connection is open. If an end-point
465	   address becomes invalid, existing connections break and all
466	   communication to the invalid address fails.  Even when applications
467	   use UDP as a transport protocol, addresses must generally remain the
468	   same during a packet exchange.

470	   Dividing valid addresses into preferred and deprecated categories
471	   provides a way of indicating to upper layers that a valid address may
472	   become invalid shortly and that future communication using the
473	   address will fail, should the address's valid lifetime expire before
474	   communication ends.  To avoid this scenario, higher layers should use
475	   a preferred address (assuming one of sufficient scope exists) to
476	   increase the likelihood that an address will remain valid for the
477	   duration of the communication.  It is up to system administrators to
478	   set appropriate prefix lifetimes in order to minimize the impact of
479	   failed communication when renumbering takes place.  The deprecation
480	   period should be long enough that most, if not all, communications
481	   are using the new address at the time an address becomes invalid.

483	   The IP layer is expected to provide a means for upper layers
484	   (including applications) to select the most appropriate source
485	   address given a particular destination and possibly other
486	   constraints.  An application may choose to select the source address
487	   itself before starting a new communication or may leave the address
488	   unspecified, in which case the upper networking layers will use the
489	   mechanism provided by the IP layer to choose a suitable address on
490	   the application's behalf.

492	   Detailed address selection rules are beyond the scope of this
493	   document.

495	5. PROTOCOL SPECIFICATION

497	   Autoconfiguration is performed on a per-interface basis on
498	   multicast-capable interfaces.  For multihomed hosts,
499	   autoconfiguration is performed independently on each interface.
500	   Autoconfiguration applies primarily to hosts, with two exceptions.
501	   Routers are expected to generate a link-local address using the
502	   procedure outlined below. In addition, routers perform Duplicate
503	   Address Detection on all addresses prior to assigning them to an
504	   interface.

506	5.1 Node Configuration Variables

508	   A node MUST allow the following autoconfiguration-related variable to
509	   be configured by system management for each multicast interface:

511	   DupAddrDetectTransmits

513	      The number of consecutive Neighbor Solicitation messages sent
514	      while performing Duplicate Address Detection on a tentative
515	      address. A value of zero indicates that Duplicate Address
516	      Detection is not performed on tentative addresses. A value of one
517	      indicates a single transmission with no follow up retransmissions.

519	      Default: 1, but may be overridden by a link-type specific value in
520	      the document that covers issues related to the transmission of IP
521	      over a particular link type (e.g., IPv6 over Ethernet [2]).

523	      Autoconfiguration also assumes the presence of the variable
524	      RetransTimer as defined in RFC 2461 [5]. For autoconfiguration
525	      purposes, RetransTimer specifies the delay between consecutive
526	      Neighbor Solicitation transmissions performed during Duplicate
527	      Address Detection (if DupAddrDetectTransmits is greater than 1),
528	      as well as the time a node waits after sending the last Neighbor
529	      Solicitation before ending the Duplicate Address Detection
530	      process.

532	5.2 Autoconfiguration-Related Structures

534	   Beyond the formation of a link-local address and using Duplicate
535	   Address Detection, how routers (auto)configure their interfaces is
536	   beyond the scope of this document.

538	   A host maintains a list of addresses together with their
539	   corresponding lifetimes. The address list contains both
540	   autoconfigured addresses and those configured manually.

542	5.3 Creation of Link-Local Addresses

544	   A node forms a link-local address whenever an interface becomes
545	   enabled.  An interface may become enabled after any of the following
546	   events:

548	   -  The interface is initialized at system startup time.

550	   -  The interface is reinitialized after a temporary interface failure
551	      or after being temporarily disabled by system management.

553	   -  The interface attaches to a link for the first time.

555	   -  The interface becomes enabled by system management after having
556	      been administratively disabled.

558	   A link-local address is formed by prepending the well-known link-
559	   local prefix FE80::0 [4] (of appropriate length) to the interface
560	   identifier. If the interface identifier has a length of N bits, the
561	   interface identifier replaces the right-most N zero bits of the
562	   link-local prefix. If the interface identifier is more than 118 bits
563	   in length, autoconfiguration fails and manual configuration is
564	   required. The length of the interface identifier is defined in a
565	   separate link-type specific document, which should also be consistent
566	   with the address architecture [4] (see Section 2). These documents
567	   will carefully define the length so that link-local addresses can be
568	   autoconfigured on the link.

570	   A link-local address has an infinite preferred and valid lifetime; it
571	   is never timed out.

573	5.4 Duplicate Address Detection

575	   Duplicate Address Detection is performed on unicast addresses prior
576	   to assigning them to an interface whose DupAddrDetectTransmits
577	   variable is greater than zero. Duplicate Address Detection MUST take
578	   place on all unicast addresses, regardless of whether they are
579	   obtained through stateful, stateless or manual configuration, with
580	   the exception of the following cases:

582	   IP - Duplicate Address Detection MUST NOT be performed on anycast
583	      addresses.

585	   IP - Each individual unicast address SHOULD be tested for uniqueness.
586	      Note that there are implementations deployed that only perform
587	      Duplicate Address Detection for the link-local address and skip
588	      the test for the global address using the same interface
589	      identifier as that of the link-local address. Whereas this
590	      document does not invalidate such implementations, this kind of
591	      "optimization" is NOT RECOMMENDED, and new implementations MUST
592	      NOT do that optimization. This optimization came from the
593	      assumption that all of an interface's addresses are generated from
594	      the same identifier. However, the assumption does actually not
595	      stand; new types of addresses have been introduced where the
596	      interface identifiers are not necessarily the same for all unicast
597	      addresses on a single interface [9] [10]. Requiring to perform
598	      Duplicate Address Detection for all unicast addresses will make
599	      the algorithm robust for the current and future such special
600	      interface identifiers.

602	   The procedure for detecting duplicate addresses uses Neighbor
603	   Solicitation and Advertisement messages as described below. If a
604	   duplicate address is discovered during the procedure, the address
605	   cannot be assigned to the interface. If the address is derived from
606	   an interface identifier, a new identifier will need to be assigned to
607	   the interface, or all IP addresses for the interface will need to be
608	   manually configured.  Note that the method for detecting duplicates
609	   is not completely reliable, and it is possible that duplicate
610	   addresses will still exist (e.g., if the link was partitioned while
611	   Duplicate Address Detection was performed).

613	   An address on which the Duplicate Address Detection Procedure is
614	   applied is said to be tentative until the procedure has completed
615	   successfully.  A tentative address is not considered "assigned to an
616	   interface" in the traditional sense. That is, the interface must
617	   accept Neighbor Solicitation and Advertisement messages containing
618	   the tentative address in the Target Address field, but processes such
619	   packets differently from those whose Target Address matches an
620	   address assigned to the interface. Other packets addressed to the
621	   tentative address should be silently discarded. Note that the "other
622	   packets" include Neighbor Solicitation and Advertisement messages to
623	   the tentative address containing the tentative address in the Target
624	   Address field. Such a case should not happen in normal operation,
625	   though, since these messages are multicasted in the Duplicate Address
626	   Detection Procedure.

628	   It should also be noted that Duplicate Address Detection must be
629	   performed prior to assigning an address to an interface in order to
630	   prevent multiple nodes from using the same address simultaneously. If
631	   a node begins using an address in parallel with Duplicate Address
632	   Detection, and another node is already using the address, the node
633	   performing Duplicate Address Detection will erroneously process
634	   traffic intended for the other node, resulting in such possible
635	   negative consequences as the resetting of open TCP connections.

637	   The following subsections describe specific tests a node performs to
638	   verify an address's uniqueness.  An address is considered unique if
639	   none of the tests indicate the presence of a duplicate address within
640	   RetransTimer milliseconds after having sent DupAddrDetectTransmits
641	   Neighbor Solicitations. Once an address is determined to be unique,
642	   it may be assigned to an interface.

644	5.4.1 Message Validation

646	   A node MUST silently discard any Neighbor Solicitation or
647	   Advertisement message that does not pass the validity checks
648	   specified in RFC 2461 [5]. A Neighbor Solicitation or Advertisement
649	   message that passes these validity checks is called a valid
650	   solicitation or valid advertisement, respectively.

652	5.4.2 Sending Neighbor Solicitation Messages

654	   Before sending a Neighbor Solicitation, an interface MUST join the
655	   all-nodes multicast address and the solicited-node multicast address
656	   of the tentative address. The former ensures that the node receives
657	   Neighbor Advertisements from other nodes already using the address;
658	   the latter ensures that two nodes attempting to use the same address
659	   simultaneously detect each other's presence.

661	   To check an address, a node sends DupAddrDetectTransmits Neighbor
662	   Solicitations, each separated by RetransTimer milliseconds. The
663	   solicitation's Target Address is set to the address being checked,
664	   the IP source is set to the unspecified address and the IP
665	   destination is set to the solicited-node multicast address of the
666	   target address.

668	   If the Neighbor Solicitation is going to be the first message to be
669	   sent from an interface after interface (re)initialization, the node
670	   SHOULD delay joining the solicited-node multicast address by a random
671	   delay between 0 and MAX_RTR_SOLICITATION_DELAY as specified in RFC
672	   2461 [5]. This serves to alleviate congestion when many nodes start
673	   up on the link at the same time, such as after a power failure, and
674	   may help to avoid race conditions when more than one node is trying
675	   to solicit for the same address at the same time.

677	   Even if the Neighbor Solicitation is not going to be the first
678	   message to be sent, the node SHOULD delay joining the solicited-node
679	   multicast address by a random delay between 0 and
680	   MAX_RTR_SOLICITATION_DELAY if the address being checked is configured
681	   by a router advertisement message sent to a multicast address. The
682	   delay will avoid similar congestion when multiple nodes are going to
683	   configure addresses by receiving a same single multicast router
684	   advertisement.

686	   Note that the delay for joining the multicast address implicitly
687	   means delaying transmission of the corresponding MLD report message
688	   [11]. Since RFC 2710 [11] does not request a random delay to avoid
689	   race conditions, just delaying Neighbor Solicitation would cause
690	   congestion by the MLD report messages. The congestion would then
691	   prevent MLD-snooping switches from working correctly, and, as a
692	   result, prevent Duplicate Address Detection from working. The
693	   requirement to include the delay for the MLD report in this case
694	   avoids this scenario.

696	   In order to improve the robustness of the Duplicate Address Detection
697	   algorithm, an interface MUST receive and process datagrams sent to
698	   the all-nodes multicast address or solicited-node multicast address
699	   of the tentative address while the delaying period. This does not
700	   necessarily conflict with the requirement that joining the multicast
701	   group be delayed. In fact, in some cases it is possible for a node to
702	   start listening to the group during the delay period before MLD
703	   report transmission. It should be noted, however, that in some
704	   link-layer environments, particularly with MLD-snooping switches, no
705	   multicast reception will be available until the MLD report is sent.

707	5.4.3 Receiving Neighbor Solicitation Messages

709	   On receipt of a valid Neighbor Solicitation message on an interface,
710	   node behavior depends on whether the target address is tentative or
711	   not.  If the target address is not tentative (i.e., it is assigned to
712	   the receiving interface), the solicitation is processed as described
713	   in RFC 2461 [5].  If the target address is tentative, and the source
714	   address is a unicast address, the solicitation's sender is performing
715	   address resolution on the target; the solicitation should be silently
716	   ignored.  Otherwise, processing takes place as described below. In
717	   all cases, a node MUST NOT respond to a Neighbor Solicitation for a
718	   tentative address.

720	   If the source address of the Neighbor Solicitation is the unspecified
721	   address, the solicitation is from a node performing Duplicate Address
722	   Detection. If the solicitation is from another node, the tentative
723	   address is a duplicate and should not be used (by either node). If
724	   the solicitation is from the node itself (because the node loops back
725	   multicast packets), the solicitation does not indicate the presence
726	   of a duplicate address.

728	   Implementor's Note: many interfaces provide a way for upper layers to
729	   selectively enable and disable the looping back of multicast packets.
730	   The details of how such a facility is implemented may prevent
731	   Duplicate Address Detection from working correctly. See the Appendix
732	   A for further discussion.

734	   The following tests identify conditions under which a tentative
735	   address is not unique:

737	   -  If a Neighbor Solicitation for a tentative address is received
738	      prior to having sent one, the tentative address is a duplicate.
739	      This condition occurs when two nodes run Duplicate Address
740	      Detection simultaneously, but transmit initial solicitations at
741	      different times (e.g., by selecting different random delay values
742	      before joining the solicited-node multicast address and
743	      transmitting an initial solicitation).

745	   -  If the actual number of Neighbor Solicitations received exceeds
746	      the number expected based on the loopback semantics (e.g., the
747	      interface does not loopback packet, yet one or more solicitations
748	      was received), the tentative address is a duplicate. This
749	      condition occurs when two nodes run Duplicate Address Detection
750	      simultaneously and transmit solicitations at roughly the same
751	      time.

753	5.4.4 Receiving Neighbor Advertisement Messages

755	   On receipt of a valid Neighbor Advertisement message on an interface,
756	   node behavior depends on whether the target address is tentative or
757	   matches a unicast or anycast address assigned to the interface.  If
758	   the target address is assigned to the receiving interface, the
759	   solicitation is processed as described in RFC 2461 [5]. If the target
760	   address is tentative, the tentative address is not unique.

762	5.4.5 When Duplicate Address Detection Fails

764	   A tentative address that is determined to be a duplicate as described
765	   above MUST NOT be assigned to an interface and the node SHOULD log a
766	   system management error. If the address is a link-local address
767	   formed from an interface identifier based on the hardware address
768	   (e.g., EUI-64), the interface SHOULD be disabled. In this case, the
769	   IP address duplication probably means duplicate hardware addresses
770	   are in use, and trying to recover from it by configuring another IP
771	   address will not result in a usable network. In fact, it probably
772	   makes things worse by creating problems that are harder to diagnose
773	   than just shutting down the interface; the user will see a partially
774	   working network where some things work, and other things will not. On
775	   the other hand, if the duplicated link-local address is not formed
776	   from an interface identifier based on the hardware address, the
777	   interface MAY continue to be used.

779	5.5 Creation of Global Addresses

781	   Global addresses are formed by appending an interface identifier to a
782	   prefix of appropriate length. Prefixes are obtained from Prefix
783	   Information options contained in Router Advertisements. Creation of
784	   global addresses and configuration of other parameters as described
785	   in this section SHOULD be locally configurable. However, the
786	   processing described below MUST be enabled by default.

788	5.5.1 Soliciting Router Advertisements

790	   Router Advertisements are sent periodically to the all-nodes
791	   multicast address. To obtain an advertisement quickly, a host sends
792	   out Router Solicitations as described in RFC 2461 [5].

794	5.5.2 Absence of Router Advertisements

796	   Even if a link has no routers, stateful autoconfiguration to obtain
797	   addresses and other configuration information may still be available,
798	   and hosts may want to use the mechanism. From the perspective of
799	   autoconfiguration, a link has no routers if no Router Advertisements
800	   are received after having sent a small number of Router Solicitations
801	   as described in RFC 2461 [5].

803	   Note that it is possible that there is no router on the link in this
804	   sense but there is a node that has the ability to forward packets. In
805	   this case, the forwarding node's address must be manually configured
806	   in hosts to be able to send packets off-link, since the only
807	   mechanism to configure the default router's address automatically is
808	   the one using router advertisements.

810	5.5.3 Router Advertisement Processing

812	   For each Prefix-Information option in the Router Advertisement:

814	    a) If the Autonomous flag is not set, silently ignore the Prefix
815	      Information option.

817	    b) If the prefix is the link-local prefix, silently ignore the
818	      Prefix Information option.

820	    c) If the preferred lifetime is greater than the valid lifetime,
821	      silently ignore the Prefix Information option. A node MAY wish to
822	      log a system management error in this case.

824	    d) If the prefix advertised is not equal to the prefix of an address
825	      configured by stateless autoconfiguration already in the list of
826	      addresses associated with the interface (where "equal" means the
827	      two prefix lengths are the same and the first prefix-length bits
828	      of the prefixes are identical), and the Valid Lifetime is not 0,
829	      form an address (and add it to the list) by combining the
830	      advertised prefix with the link's interface identifier as follows:

832	      |            128 - N bits               |       N bits           |
833	      +---------------------------------------+------------------------+
834	      |            link prefix                |  interface identifier  |
835	      +----------------------------------------------------------------+

837	      If the sum of the prefix length and interface identifier length
838	      does not equal 128 bits, the Prefix Information option MUST be
839	      ignored. An implementation MAY wish to log a system management
840	      error in this case. The length of the interface identifier is
841	      defined in a separate link-type specific document, which should
842	      also be consistent with the address architecture [4] (see Section
843	      2).

845	      It is the responsibility of the system administrator to insure
846	      that the lengths of prefixes contained in Router Advertisements
847	      are consistent with the length of interface identifiers for that
848	      link type. It should be noted, however, that this does not mean
849	      the advertised prefix length is meaningless. In fact, the
850	      advertised length has non trivial meaning for on-link
851	      determination in RFC 2461 [5] where the sum of the prefix length
852	      and the interface identifier length may not be equal to 128. Thus,
853	      it should be safe to validate the advertised prefix length here,
854	      in order to detect and avoid a configuration error specifying an
855	      invalid prefix length in the context of address autoconfiguration.

857	      Note that a future revision of the address architecture [4] and a
858	      future link-type specific document, which will still be consistent
859	      with each other, could potentially allow for an interface
860	      identifier of length other than the value defined in the current
861	      documents. Thus, an implementation should not assume a particular
862	      constant. Rather, it should expect any lengths of interface
863	      identifiers.

865	      If an address is formed successfully, the host adds it to the list
866	      of addresses assigned to the interface, initializing its preferred
867	      and valid lifetime values from the Prefix Information option.

869	    e) If the advertised prefix is equal to the prefix of an address
870	      configured by stateless autoconfiguration in the list, the
871	      preferred lifetime of the address is reset to the Preferred
872	      Lifetime in the received advertisement. The specific action to
873	      perform for the valid lifetime of the address depends on the Valid
874	      Lifetime in the received advertisement and the remaining time to
875	      the valid lifetime expiration of the previously autoconfigured
876	      address. We call the remaining time "RemainingLifetime" in the
877	      following discussion:

879	      1.  If the received Valid Lifetime is greater than 2 hours or
880	          greater than RemainingLifetime, set the valid lifetime of the
881	          corresponding address to the advertised Valid Lifetime.

883	      2.  If RemainingLifetime is less than or equal to 2 hours, ignore
884	          the Prefix Information option with regards to the valid
885	          lifetime, unless the Router Advertisement from which this
886	          option was obtained has been authenticated (e.g., via IP
887	          security [1]). If the Router Advertisement was authenticated,
888	          the valid lifetime of the corresponding address should be set
889	          to the Valid Lifetime in the received option.

891	      3.  Otherwise, reset the valid lifetime of the corresponding
892	          address to two hours.

894	      The above rules address a specific denial of service attack in
895	      which a bogus advertisement could contain prefixes with very small
896	      Valid Lifetimes. Without the above rules, a single unauthenticated
897	      advertisement containing bogus Prefix Information options with
898	      short Valid Lifetimes could cause all of a node's addresses to
899	      expire prematurely. The above rules ensure that legitimate
900	      advertisements (which are sent periodically) will "cancel" the
901	      short Valid Lifetimes before they actually take effect.

903	      Note that the preferred lifetime of the corresponding address is
904	      always reset to the Preferred Lifetime in the received Prefix
905	      Information option, regardless of whether the valid lifetime is
906	      also reset or ignored. The difference comes from the fact that the
907	      possible attack for the preferred lifetime is relatively minor.
908	      Additionally, it is even undesirable to ignore the preferred
909	      lifetime when a valid administrator wants to deprecate a
910	      particular address by sending a short preferred lifetime (and the
911	      valid lifetime is ignored by accident).

913	5.5.4 Address Lifetime Expiry

915	   A preferred address becomes deprecated when its preferred lifetime
916	   expires. A deprecated address SHOULD continue to be used as a source
917	   address in existing communications, but SHOULD NOT be used to
918	   initiate new communications if an alternate (non-deprecated) address
919	   of sufficient scope can easily be used instead.

921	   Note that the feasibility of initiating new communication using a
922	   non-deprecated address may be an application-specific decision, as
923	   only the application may have knowledge about whether the (now)
924	   deprecated address was (or still is) in use by the application. For
925	   example, if an application explicitly specifies the protocol stack to
926	   use a deprecated address as a source address, the protocol stack must
927	   accept that; the application might request it because that IP address
928	   is used for in higher-level communication and there might be a
929	   requirement that the multiple connections in such a grouping use the
930	   same pair of IP addresses.

932	   IP and higher layers (e.g., TCP, UDP) MUST continue to accept and
933	   process datagrams destined to a deprecated address as normal since a
934	   deprecated address is still a valid address for the interface. In the
935	   case of TCP, this means TCP SYN segments sent to a deprecated address
936	   are responded to using the deprecated address as a source address in
937	   the corresponding SYN-ACK (if the connection would otherwise be
938	   allowed).

940	   An implementation MAY prevent any new communication from using a
941	   deprecated address, but system management MUST have the ability to
942	   disable such a facility, and the facility MUST be disabled by
943	   default.

945	   Other subtle cases should also be noted about source address
946	   selection. For example, the above description does not clarify which
947	   address should be used between a deprecated, smaller-scope address
948	   and a non-deprecated, enough scope address. The details of the
949	   address selection including this case are described in RFC 3484 [8]
950	   and beyond the scope of this document.

952	   An address (and its association with an interface) becomes invalid
953	   when its valid lifetime expires.  An invalid address MUST NOT be used
954	   as a source address in outgoing communications and MUST NOT be
955	   recognized as a destination on a receiving interface.

957	5.6 Configuration Consistency

959	   It is possible for hosts to obtain address information using both
960	   stateless and stateful protocols since both may be enabled at the
961	   same time.  It is also possible that the values of other
962	   configuration parameters such as MTU size and hop limit will be
963	   learned from both Router Advertisements and the stateful
964	   autoconfiguration protocol.  If the same configuration information is
965	   provided by multiple sources, the value of this information should be
966	   consistent. However, it is not considered a fatal error if
967	   information received from multiple sources is inconsistent. Hosts
968	   accept the union of all information received via the stateless and
969	   stateful protocols. If inconsistent information is learned different
970	   sources, the most recently obtained values always have precedence
971	   over information learned earlier.

973	5.7 Retaining Configured Addresses for Stability

975	   An implementation that has stable storage may want to retain
976	   addresses in the storage when the addresses were acquired using
977	   stateless address autoconfiguration. Assuming the lifetimes used are
978	   reasonable, this technique implies that a temporary outage (less than
979	   the valid lifetime) of a router will never result in the node losing
980	   its global address even if the node were to reboot. When this
981	   technique is used, it should also be noted that the expiration times
982	   of the preferred and valid lifetimes must be retained, in order to
983	   prevent the use of an address after it has become deprecated or
984	   invalid.

986	   Further details on this kind of extension are beyond the scope of
987	   this document.

989	6. SECURITY CONSIDERATIONS

991	   Stateless address autoconfiguration allows a host to connect to a
992	   network, configure an address and start communicating with other
993	   nodes without ever registering or authenticating itself with the
994	   local site.  Although this allows unauthorized users to connect to
995	   and use a network, the threat is inherently present in the Internet
996	   architecture. Any node with a physical attachment to a network can
997	   generate an address (using a variety of ad hoc techniques) that
998	   provides connectivity.

1000	   The use of stateless address autoconfiguration and Duplicate Address
1001	   Detection opens up the possibility of several denial of service
1002	   attacks. For example, any node can respond to Neighbor Solicitations
1003	   for a tentative address, causing the other node to reject the address
1004	   as a duplicate. A separate document [12] discusses details about
1005	   these attacks. These attacks can be addressed by requiring that
1006	   Neighbor Discovery packets be authenticated [1]. However, it should
1007	   be noted that [12] points out the use of IP security is not always
1008	   feasible depending on network environments.

1010	7. IANA CONSIDERATIONS

1012	   This document has no actions for IANA.

1014	8. Acknowledgements

1016	   The authors would like to thank the members of both the IPNG (which
1017	   is now IPV6) and ADDRCONF working groups for their input. In
1018	   particular, thanks to Jim Bound, Steve Deering, Richard Draves, and
1019	   Erik Nordmark.  Thanks also goes to John Gilmore for alerting the WG
1020	   of the "0 Lifetime Prefix Advertisement" denial of service attack
1021	   vulnerability; this document incorporates changes that address this
1022	   vulnerability.

1024	   A number of people have contributed to identifying issues on a
1025	   previous version of this document and to proposing resolutions to the
1026	   issues, on which this version is based. In addition to those listed
1027	   above, the contributors include Jari Arkko, Brian E Carpenter,
1028	   Gregory Daley, Ralph Droms, Christian Huitema, Soohong Daniel Park,
1029	   Markku Savela, and Pekka Savola.

1031	Normative References

1033	   [1]  Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402,
1034	        November 1998.

1036	   [2]  Crawford, M., "A Method for the Transmission of IPv6 Packets
1037	        over Ethernet Networks", RFC 2464, December 1998.

1039	   [3]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
1040	        Levels", RFC 2119, March 1997.

1042	   [4]  Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6)
1043	        Addressing Architecture", RFC 3513, April 2003.

1045	   [5]  Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery for
1046	        IP Version 6 (IPv6)", RFC 2461, December 1998.

1048	Informative References

1050	   [6]   Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and M.
1051	         Carney, "Dynamic Host Configuration Protocol for IPv6
1052	         (DHCPv6)", RFC 3315, July 2003.

1054	   [7]   Droms, R., "Stateless Dynamic Host Configuration Protocol
1055	         (DHCP) Service for IPv6", RFC 3736, April 2004.

1057	   [8]   Draves, R., "Default Address Selection for Internet Protocol
1058	         version 6 (IPv6)", RFC 3484, February 2003.

1060	   [9]   Narten, T. and R. Draves, "Privacy Extensions for Stateless
1061	         Address Autoconfiguration in IPv6", RFC 3041, January 2001.

1063	   [10]  Aura, T., "Cryptographically Generated Addresses (CGA)",
1064	         draft-ietf-send-cga-06.txt (work in progress), April 2004.

1066	   [11]  Deering, S., Fenner, W. and B. Haberman, "Multicast Listener
1067	         Discovery (MLD) for IPv6", RFC 2710, October 1999.

1069	   [12]  Nikander, P., Kempf, J. and E. Nordmark, "IPv6 Neighbor
1070	         Discovery (ND) Trust Models and Threats", RFC 3756, May 2004.

1072	   [13]  Deering, S., "Host Extensions for IP Multicasting", RFC 1112,
1073	         August 1989.

1075	   [14]  IEEE, "Wireless LAN Medium Access Control (MAC) and Physical
1076	         Layer (PHY) Specifications", ANSI/IEEE STd 802.11, August 1999.

1078	Authors' Addresses

1080	   Susan Thomson
1081	   Cisco Systems

1083	   EMail: sethomso@cisco.com
1084	   Thomas Narten
1085	   IBM Corporation
1086	   P.O. Box 12195
1087	   Research Triangle Park, NC  27709-2195
1088	   USA

1090	   Phone: +1 919-254-7798
1091	   EMail: narten@us.ibm.com

1093	   Tatuya Jinmei
1094	   Corporate Research & Development Center, Toshiba Corporation
1095	   1 Komukai Toshiba-cho, Saiwai-ku
1096	   Kawasaki-shi, Kanagawa  212-8582
1097	   Japan

1099	   Phone: +81 44-549-2230
1100	   EMail: jinmei@isl.rdc.toshiba.co.jp

1102	Appendix A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION

1104	   Determining whether a received multicast solicitation was looped back
1105	   to the sender or actually came from another node is implementation-
1106	   dependent.  A problematic case occurs when two interfaces attached to
1107	   the same link happen to have the same identifier and link-layer
1108	   address, and they both send out packets with identical contents at
1109	   roughly the same time (e.g., Neighbor Solicitations for a tentative
1110	   address as part of Duplicate Address Detection messages). Although a
1111	   receiver will receive both packets, it cannot determine which packet
1112	   was looped back and which packet came from the other node by simply
1113	   comparing packet contents (i.e., the contents are identical). In this
1114	   particular case, it is not necessary to know precisely which packet
1115	   was looped back and which was sent by another node; if one receives
1116	   more solicitations than were sent, the tentative address is a
1117	   duplicate. However, the situation may not always be this
1118	   straightforward.

1120	   The IPv4 multicast specification [13] recommends that the service
1121	   interface provide a way for an upper-layer protocol to inhibit local
1122	   delivery of packets sent to a multicast group that the sending host
1123	   is a member of. Some applications know that there will be no other
1124	   group members on the same host, and suppressing loopback prevents
1125	   them from having to receive (and discard) the packets they themselves
1126	   send out.  A straightforward way to implement this facility is to
1127	   disable loopback at the hardware level (if supported by the
1128	   hardware), with packets looped back (if requested) by software.  On
1129	   interfaces in which the hardware itself suppresses loopbacks, a node
1130	   running Duplicate Address Detection simply counts the number of
1131	   Neighbor Solicitations received for a tentative address and compares
1132	   them with the number expected. If there is a mismatch, the tentative
1133	   address is a duplicate.

1135	   In those cases where the hardware cannot suppress loopbacks, however,
1136	   one possible software heuristic to filter out unwanted loopbacks is
1137	   to discard any received packet whose link-layer source address is the
1138	   same as the receiving interface's. There is even a link-layer
1139	   specification that requires to discard any such packets [14].
1140	   Unfortunately, use of that criteria also results in the discarding of
1141	   all packets sent by another node using the same link-layer address.
1142	   Duplicate Address Detection will fail on interfaces that filter
1143	   received packets in this manner:

1145	   o  If a node performing Duplicate Address Detection discards received
1146	      packets having the same source link-layer address as the receiving
1147	      interface, it will also discard packets from other nodes also
1148	      using the same link-layer address, including Neighbor
1149	      Advertisement and Neighbor Solicitation messages required to make
1150	      Duplicate Address Detection work correctly. This particular
1151	      problem can be avoided by temporarily disabling the software
1152	      suppression of loopbacks while a node performs Duplicate Address
1153	      Detection, if it is possible to disable the suppression.

1155	   o  If a node that is already using a particular IP address discards
1156	      received packets having the same link-layer source address as the
1157	      interface, it will also discard Duplicate Address
1158	      Detection-related Neighbor Solicitation messages sent by another
1159	      node also using the same link-layer address. Consequently,
1160	      Duplicate Address Detection will fail, and the other node will
1161	      configure a non-unique address. Since it is generally impossible
1162	      to know when another node is performing Duplicate Address
1163	      Detection, this scenario can be avoided only if software
1164	      suppression of loopback is permanently disabled.

1166	   Thus, to perform Duplicate Address Detection correctly in the case
1167	   where two interfaces are using the same link-layer address, an
1168	   implementation must have a good understanding of the interface's
1169	   multicast loopback semantics, and the interface cannot discard
1170	   received packets simply because the source link-layer address is the
1171	   same as the interfaces. It should also be noted that a link-layer
1172	   specification can conflict with the condition necessary to make
1173	   Duplicate Address Detection work.

1175	Appendix B. CHANGES SINCE RFC 1971

1177	   o  Changed document to use term "interface identifier" rather than
1178	      "interface token" for consistency with other IPv6 documents.

1180	   o  Clarified definition of deprecated address to make clear it is OK
1181	      to continue sending to or from deprecated addresses.

1183	   o  Added rules to Section 5.5.3 Router Advertisement processing to
1184	      address potential denial-of-service attack when prefixes are
1185	      advertised with very short Lifetimes.

1187	   o  Clarified wording in Section 5.5.4 to make clear that all upper
1188	      layer protocols must process (i.e., send and receive) packets sent
1189	      to deprecated addresses.

1191	Appendix C. CHANGE HISTORY

1193	   Changes since RFC 2462 are:

1195	   o  Fixed a typo in Section 2.

1197	   o  Updated references and categorized them into normative and
1198	      informative ones.

1200	   o  Removed redundant code in denial of service protection in Section
1201	      5.5.3.

1203	   o  Clarified that a unicasted NS or NA should be discarded while
1204	      performing Duplicate Address Detection.

1206	   o  Replaced the word "StoredLifetime" with "RemainingLifetime" with a
1207	      precise definition to avoid confusion.

1209	   o  Removed references to site-local and revise wording around the
1210	      keyword.

1212	   o  Added a note about source address selection with regards to
1213	      deprecated vs insufficient-scope addresses, etc. Added a reference
1214	      to RFC 3484 for further details.

1216	   o  Clarified what "new communication" means in Section 5.5.4.

1218	   o  Added a new subsection (5.7) to mention the possibility to use
1219	      stable storage to retain configured addresses for stability.

1221	   o  Revised the Security Considerations section with a reference to
1222	      RFC 3756 and a note that the use of IP security is not always
1223	      feasible.

1225	   o  Added a note with a reference in Appendix A about the case where a
1226	      link-layer filtering conflicts with a condition to make DAD work
1227	      correctly.

1229	   o  Specified that a node performing Duplicate Address Detection delay
1230	      joining the solicited-node multicast group, not just delay sending
1231	      Neighbor Solicitations, explaining the detailed reason.

1233	   o  Clarified the reason why the interface should be disabled after an
1234	      address duplicate is detected. Also clarified that the interface
1235	      may continue to be used if the interface identifier is not based
1236	      on the hardware address.

1238	   o  Clarified that the preferred lifetime for an existing configured
1239	      address is always reset to the advertised value by Router
1240	      Advertisement.

1242	   o  Updated the description of interface identifier considering the
1243	      latest format.

1245	   Changes since draft-ietf-ipv6-rfc2462bis-00.txt are:

1247	   o  Clarified how the length of interface identifiers should be
1248	      determined, described the relationship with the prefix length
1249	      advertised in Router Advertisements, and avoided using a
1250	      particular length hard-coded in this document.

1252	   o  Added a note when an implementation uses stable storage for
1253	      autoconfigured addresses.

1255	   o  Resolved conflict with the Multicast Listener Discovery
1256	      specification about random delay for the first packet from the
1257	      host.

1259	   o  Clarified the semantics of the M and O flags based on the latest
1260	      standard and operational status. In particular, clarified that
1261	      these flags show the availability of the stateful protocol instead
1262	      of a trigger to invoke the stateful protocol. ManagedFlag and
1263	      OtherConfigFlag, which were implementation-internal variables,
1264	      were removed accordingly.

1266	   o  Recommended to perform Duplicate Address Detection for all unicast
1267	      addresses more strongly, considering a variety of different
1268	      interface identifiers, while keeping care of existing
1269	      implementations.

1271	   o  Added a requirement for a random delay befor sending Neighbor
1272	      Solicitations for Duplicate Address Detection if the address being
1273	      checked is configured by a multicasted Router Advertisements.

1275	   o  Clarified that the prefix comparison in Section 5.5.3 is based on
1276	      exact match. Also clarified the comparison described in this
1277	      document concentrates on addresses configured by the stateless
1278	      mechanism.

1280	   o  Revisited the author list.

1282	   o  Added IANA Considerations Section.

1284	Intellectual Property Statement

1286	   The IETF takes no position regarding the validity or scope of any
1287	   intellectual property or other rights that might be claimed to
1288	   pertain to the implementation or use of the technology described in
1289	   this document or the extent to which any license under such rights
1290	   might or might not be available; neither does it represent that it
1291	   has made any effort to identify any such rights. Information on the
1292	   IETF's procedures with respect to rights in standards-track and
1293	   standards-related documentation can be found in BCP-11. Copies of
1294	   claims of rights made available for publication and any assurances of
1295	   licenses to be made available, or the result of an attempt made to
1296	   obtain a general license or permission for the use of such
1297	   proprietary rights by implementors or users of this specification can
1298	   be obtained from the IETF Secretariat.

1300	   The IETF invites any interested party to bring to its attention any
1301	   copyrights, patents or patent applications, or other proprietary
1302	   rights which may cover technology that may be required to practice
1303	   this standard. Please address the information to the IETF Executive
1304	   Director.

1306	Full Copyright Statement

1308	   Copyright (C) The Internet Society (2004). All Rights Reserved.

1310	   This document and translations of it may be copied and furnished to
1311	   others, and derivative works that comment on or otherwise explain it
1312	   or assist in its implementation may be prepared, copied, published
1313	   and distributed, in whole or in part, without restriction of any
1314	   kind, provided that the above copyright notice and this paragraph are
1315	   included on all such copies and derivative works. However, this
1316	   document itself may not be modified in any way, such as by removing
1317	   the copyright notice or references to the Internet Society or other
1318	   Internet organizations, except as needed for the purpose of
1319	   developing Internet standards in which case the procedures for
1320	   copyrights defined in the Internet Standards process must be
1321	   followed, or as required to translate it into languages other than
1322	   English.

1324	   The limited permissions granted above are perpetual and will not be
1325	   revoked by the Internet Society or its successors or assignees.

1327	   This document and the information contained herein is provided on an
1328	   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
1329	   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
1330	   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
1331	   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
1332	   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

1334	Acknowledgement

1336	   Funding for the RFC Editor function is currently provided by the
1337	   Internet Society.