rfc9131.original   rfc9131.txt 
IPv6 Maintenance J. Linkova Internet Engineering Task Force (IETF) J. Linkova
Internet-Draft Google Request for Comments: 9131 Google
Updates: 4861 (if approved) July 5, 2021 Updates: 4861 September 2021
Intended status: Standards Track Category: Standards Track
Expires: January 6, 2022 ISSN: 2070-1721
Gratuitous Neighbor Discovery: Creating Neighbor Cache Entries on First- Gratuitous Neighbor Discovery: Creating Neighbor Cache Entries on
Hop Routers First-Hop Routers
draft-ietf-6man-grand-07
Abstract Abstract
Neighbor Discovery (RFC4861) is used by IPv6 nodes to determine the Neighbor Discovery (RFC 4861) is used by IPv6 nodes to determine the
link-layer addresses of neighboring nodes as well as to discover and link-layer addresses of neighboring nodes as well as to discover and
maintain reachability information. This document updates RFC4861 to maintain reachability information. This document updates RFC 4861 to
allow routers to proactively create a Neighbor Cache entry when a new allow routers to proactively create a Neighbor Cache entry when a new
IPv6 address is assigned to a node. It also updates RFC4861 and IPv6 address is assigned to a node. It also updates RFC 4861 and
recommends nodes to send unsolicited Neighbor Advertisements upon recommends that nodes send unsolicited Neighbor Advertisements upon
assigning a new IPv6 address. The proposed change will minimize the assigning a new IPv6 address. These changes will minimize the delay
delay and packet loss when a node initiates connections to an off- and packet loss when a node initiates connections to an off-link
link destination from a new IPv6 address. destination from a new IPv6 address.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on January 6, 2022. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9131.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.2. Terminology
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 2. Problem Statement
3. Solution Requirements . . . . . . . . . . . . . . . . . . . . 6 3. Solution Requirements
4. Changes to Neighbor Discovery . . . . . . . . . . . . . . . . 6 4. Changes to Neighbor Discovery
4.1. Nodes Sending Gratuitous Neighbor Advertisements . . . . 7 4.1. Nodes Sending Gratuitous Neighbor Advertisements
4.2. Routers Creating Cache Entries Upon Receiving Unsolicited 4.2. Routers Creating Cache Entries upon Receiving Unsolicited
Neighbor Advertisements . . . . . . . . . . . . . . . . . 7 Neighbor Advertisements
5. Avoiding Disruption . . . . . . . . . . . . . . . . . . . . . 8 5. Avoiding Disruption
5.1. Neighbor Cache Entry Exists in Any State Other Than 5.1. Neighbor Cache Entry Exists in Any State Other Than
INCOMPLETE . . . . . . . . . . . . . . . . . . . . . . . 9 INCOMPLETE
5.2. Neighbor Cache Entry is in INCOMPLETE state . . . . . . . 9 5.2. Neighbor Cache Entry Is in INCOMPLETE State
5.3. Neighbor Cache Entry Does Not Exist . . . . . . . . . . . 10 5.3. Neighbor Cache Entry Does Not Exist
5.3.1. The Rightful Owner Is Not Sending Packets From The 5.3.1. The Rightful Owner Is Not Sending Packets from the
Address . . . . . . . . . . . . . . . . . . . . . . . 11 Address
5.3.2. The Rightful Owner Has Started Sending Packets From 5.3.2. The Rightful Owner Has Started Sending Packets from the
The Address . . . . . . . . . . . . . . . . . . . . . 12 Address
6. Modifications to RFC-Mandated Behavior . . . . . . . . . . . 13 6. Modifications to RFC-Mandated Behavior
6.1. Modification to RFC4861 Neighbor Discovery for IP version 6.1. Modification to RFC 4861 (Neighbor Discovery for IP version
6 (IPv6) . . . . . . . . . . . . . . . . . . . . . . . . 13 6 (IPv6))
6.1.1. Modification to the section 7.2.5 . . . . . . . . . . 13 6.1.1. Modification to Section 7.2.5 of RFC 4861
6.1.2. Modification to the section 7.2.6 . . . . . . . . . . 14 6.1.2. Modification to Section 7.2.6 of RFC 4861
7. Solution Limitations . . . . . . . . . . . . . . . . . . . . 15 7. Solution Limitations
8. Solutions Considered but Discarded . . . . . . . . . . . . . 16 8. Solutions Considered but Discarded
8.1. Do Nothing . . . . . . . . . . . . . . . . . . . . . . . 16 8.1. Do Nothing
8.2. Change to the Registration-Based Neighbor Discovery . . . 16 8.2. Change to the Registration-Based Neighbor Discovery
8.3. Host Sending NS to the Router Address from Its GUA . . . 17 8.3. Host Sending NS to the Router Address from Its GUA
8.4. Host Sending Router Solicitation from its GUA . . . . . . 17 8.4. Host Sending Router Solicitation from Its GUA
8.5. Routers Populating Their Caches by Gleaning From Neighbor 8.5. Routers Populating Their Caches by Gleaning from Neighbor
Discovery Packets . . . . . . . . . . . . . . . . . . . . 18 Discovery Packets
8.6. Initiating Hosts-to-Routers Communication . . . . . . . . 18 8.6. Initiating Host-to-Router Communication
8.7. Making the Probing Logic on Hosts More Robust . . . . . . 19 8.7. Making the Probing Logic on Hosts More Robust
8.8. Increasing the Buffer Size on Routers . . . . . . . . . . 20 8.8. Increasing the Buffer Size on Routers
8.9. Transit Dataplane Traffic From a New Address Triggering 8.9. Transit Data Plane Traffic from a New Address to Trigger
Address Resolution . . . . . . . . . . . . . . . . . . . 20 Address Resolution
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 9. IANA Considerations
10. Security Considerations . . . . . . . . . . . . . . . . . . . 21 10. Security Considerations
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22 11. References
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 11.1. Normative References
12.1. Normative References . . . . . . . . . . . . . . . . . . 22 11.2. Informative References
12.2. Informative References . . . . . . . . . . . . . . . . . 23 Acknowledgements
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 24 Author's Address
1. Introduction 1. Introduction
The Neighbor Discovery state machine defined in [RFC4861] assumes The Neighbor Discovery state machine defined in [RFC4861] assumes
that communications between IPv6 nodes are in most cases bi- that communications between IPv6 nodes are, in most cases,
directional and if a node A is trying to communicate to its neighbor, bidirectional and if a node A is trying to communicate to its
node B, the return traffic flows could be expected. So when the node neighbor, node B, the return traffic flows could be expected. So,
A starts the address resolution process, the target node B would also when node A starts the address resolution process, the target node B
create an entry containing A's IPv6 and link-layer addresses in its would also create an entry containing A's IPv6 and link-layer
neighbor cache. That entry will be used for sending the return addresses in its Neighbor Cache. That entry will be used for sending
traffic to A. the return traffic to A.
In particular, section 7.2.5 of [RFC4861] states: "When a valid In particular, Section 7.2.5 of [RFC4861] states:
Neighbor Advertisement is received (either solicited or unsolicited),
the Neighbor Cache is searched for the target's entry. If no entry | When a valid Neighbor Advertisement is received (either solicited
exists, the advertisement SHOULD be silently discarded. There is no | or unsolicited), the Neighbor Cache is searched for the target's
need to create an entry if none exists, since the recipient has | entry. If no entry exists, the advertisement SHOULD be silently
apparently not initiated any communication with the target." | discarded. There is no need to create an entry if none exists,
| since the recipient has apparently not initiated any communication
| with the target.
While this approach is perfectly suitable for host-to-host on-link While this approach is perfectly suitable for host-to-host on-link
communications, it does not work so well when a host sends traffic to communications, it does not work so well when a host sends traffic to
off-link destinations. After joining the network and receiving a off-link destinations. After joining the network and receiving a
Router Advertisement the host populates its neighbor cache with the Router Advertisement, the host populates its Neighbor Cache with the
default router IPv6 and link-layer addresses and is able to send default router IPv6 and link-layer addresses and is able to send
traffic to off-link destinations. At the same time the router does traffic to off-link destinations. At the same time, the router does
not have any cache entries for the host global addresses yet and only not have any cache entries for the host global addresses yet and only
starts address resolution upon receiving the first packet of the starts address resolution upon receiving the first packet of the
return traffic flow. While waiting for the resolution to complete return traffic flow. While waiting for the resolution to complete,
routers only keep a very small number of packets in the queue, as routers only keep a very small number of packets in the queue, as
recommended in Section 7.2.2 [RFC4861]. Any additional packets recommended in Section 7.2.2 of [RFC4861]. Any additional packets
arriving before the resolution > process finishes are likely to arriving before the resolution process finishes are likely to result
result in dropped packets It can cause packet loss and performance in dropped packets. It can cause packet loss and performance
degradation that can be user-visible. degradation that can be visible to users.
This document updates the Neighbor Discovery protocol [RFC4861] to This document updates the Neighbor Discovery protocol [RFC4861] to
avoid packet loss in the scenario described above. Section 4 avoid packet loss in the scenario described above. Section 4
discusses the changes and analyses the potential impact, while discusses the changes and analyzes the potential impact, while
normative changes to [RFC4861] are specified in Section 6. normative changes to [RFC4861] are specified in Section 6.
1.1. Requirements Language 1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
1.2. Terminology 1.2. Terminology
Node: a device that implements IP, [RFC4861]. Node: A device that implements IP [RFC4861].
Host: any node that is not a router, [RFC4861]. Host: Any node that is not a router [RFC4861].
ND: Neighbor Discovery, [RFC4861]. ND: Neighbor Discovery [RFC4861].
NC: Neighbor Cache, [RFC4861]. The Neighbor Cache entry can be in NC: Neighbor Cache [RFC4861]. The Neighbor Cache entry can be in
one of five states, as described in section 7.3.2 of [RFC4861]: one of five states, as described in Section 7.3.2 of [RFC4861]:
INCOMPLETE, REACHABLE, STALE, DELAY, PROBE. INCOMPLETE, REACHABLE, STALE, DELAY, or PROBE.
SLAAC: IPv6 Stateless Address Autoconfiguration, [RFC4862]. SLAAC: IPv6 Stateless Address Autoconfiguration [RFC4862].
NS: Neighbor Solicitation, [RFC4861]. NS: Neighbor Solicitation [RFC4861].
NA: Neighbor Advertisement, [RFC4861]. NA: Neighbor Advertisement [RFC4861].
RS: Router Solicitation, [RFC4861]. RS: Router Solicitation [RFC4861].
RA: Router Advertisement, [RFC4861]. RA: Router Advertisement [RFC4861].
SLLAO: Source link-layer Address Option, an option in the ND packets SLLAO: Source Link-Layer Address Option. An option in the ND
containing the link-layer address of the sender of the packet packets containing the link-layer address of the sender of the
[RFC4861]. packet [RFC4861].
TLLAO: Target link-layer Address Option, an option in the ND packets TLLAO: Target Link-Layer Address Option. An option in the ND
containing the link-layer address of the target [RFC4861]. packets containing the link-layer address of the target [RFC4861].
GUA: Global Unicast Address [RFC4291]. GUA: Global Unicast Address [RFC4291].
DAD: Duplicate Address Detection, [RFC4862]. DAD: Duplicate Address Detection [RFC4862].
Preferred Address: an address assigned to an interface whose Preferred Address: An address assigned to an interface whose
uniqueness has been verified using DAD and whose use by upper-layer uniqueness has been verified using DAD and whose use by upper-
protocols is unrestricted, [RFC4862]. Preferred addresses may be layer protocols is unrestricted [RFC4862]. Preferred addresses
used as the source address of packets sent from the interface. may be used as the source address of packets sent from the
interface.
Optimistic DAD: a modification of DAD, [RFC4429]. Optimistic DAD: A modification of DAD [RFC4429].
2. Problem Statement 2. Problem Statement
The most typical scenario when the problem may arise is a host The most typical scenario when the problem described in this document
joining the network, forming a new address and using that address for may arise is a host joining the network, forming a new address, and
accessing the Internet: using that address for accessing the Internet:
1. A host joins the network and receives a Router Advertisement (RA) 1. A host joins the network and receives a Router Advertisement (RA)
packet from the first-hop router (either a periodic unsolicited packet from the first-hop router (either a periodic unsolicited
RA or a response to a Router Solicitation sent by the host). The RA or a response to a Router Solicitation sent by the host). The
RA contains information the host needs to perform SLAAC and to RA contains information the host needs to perform SLAAC and to
configure its network stack. The RA is sent from the router's configure its network stack. The RA is sent from the router's
link-local address to a link-local destination address and may link-local address to a link-local destination address and may
contain the link-layer address of the router. As a result the contain the link-layer address of the router. As a result, the
host can populate its Neighbor Cache with the router's link-local host can populate its Neighbor Cache with the router's link-local
and link-layer addresses. and link-layer addresses.
2. The host starts opening connections to off-link destinations. A 2. The host starts opening connections to off-link destinations. A
very common use case is a mobile device sending probes to detect very common use case is a mobile device sending probes to detect
the Internet connectivity and/or the presence of a captive portal Internet connectivity and/or the presence of a captive portal on
on the network. To speed up that process many implementations the network. To speed up that process, many implementations use
use Optimistic DAD which allows them to send probes before the Optimistic DAD, which allows them to send probes before the DAD
DAD process is completed. At that moment the device neighbor process is completed. At that moment, the device's Neighbor
cache contains all information required to send those probes Cache contains all information required to send those probes
(such as the default router link-local and link-layer addresses). (such as the default router link-local and link-layer addresses).
The router neighbor cache, however, might contain an entry for The router's Neighbor Cache, however, might contain an entry for
the device link-local address (if the device has been performing the device's link-local address (if the device has been
the address resolution for the router link-local address), but performing address resolution for the router's link-local
there are no entries for any of the device's global addresses. address), but there are no entries for any of the device's global
addresses.
3. Return traffic is received by the first-hop router. As the 3. Return traffic is received by the first-hop router. As the
router does not have any cache entry for the host global address router does not have any cache entry for the host's global
yet, the router starts the neighbor discovery process by creating address yet, the router starts the Neighbor Discovery process by
an INCOMPLETE cache entry and then sending a Neighbor creating an INCOMPLETE cache entry and then sending a Neighbor
Solicitation to the Solicited Node Multicast Address Solicitation to the solicited-node multicast address
(Section 7.3.2 of [RFC4861]). As per Section 7.2.2 of [RFC4861] (Section 7.3.2 of [RFC4861]). As per Section 7.2.2 of [RFC4861],
Routers MUST buffer at least one data packet and MAY buffer more, routers MUST buffer at least one data packet and MAY buffer more,
while resolving the packet destination address. However, most while resolving the packet destination address. However, most
router implementations limit the buffer size to a few packets router implementations limit the buffer size to a few packets
only, and some implementations are known to buffer just one only, and some implementations are known to buffer just one
packet. So any subsequent packets arriving before the address packet. So, any subsequent packets arriving before the address
resolution process is completed are causing packet loss by resolution process is completed cause packet loss by replacing
replacing older packets in the buffer. older packets in the buffer.
4. If the host sends multiple probes in parallel, in the worst case, 4. If the host sends multiple probes in parallel, in the worst case,
it would consider all but one of them failed. That leads to it would consider all but one of them failed. That leads to
user-visible delay in connecting to the network, especially if user-visible delay in connecting to the network, especially if
the host implements some form of backoff mechanism and does not the host implements some form of backoff mechanism and does not
retransmit the probes as soon as possible. retransmit the probes as soon as possible.
This scenario illustrates the problem occurring when the device This scenario illustrates the problem occurring when the device
connects to the network for the first time or after an inactivity connects to the network for the first time or after an inactivity
period long enough for the device address to be removed from the period long enough for the device's address to be removed from the
router's neighbor cache. However, the same sequence of events happen router's Neighbor Cache. However, the same sequence of events
when the host starts using a new global address previously unseen by happens when the host starts using a new global address previously
the router, such as a new privacy address [RFC8981] or if the unseen by the router, such as a new privacy address [RFC8981] or if
router's Neighbor Cache has been flushed. the router's Neighbor Cache has been flushed.
While in dual-stack networks this problem might be hidden by Happy While in dual-stack networks this problem might be hidden by Happy
Eyeballs [RFC8305] it manifests quite clearly in IPv6-only Eyeballs [RFC8305], it manifests quite clearly in IPv6-only
environments, especially wireless ones, leading to poor user environments, especially wireless environments, leading to poor user
experience and contributing to a negative perception of IPv6-only experience and contributing to a negative perception of IPv6-only
solutions as unstable and non-deployable. solutions as unstable and non-deployable.
3. Solution Requirements 3. Solution Requirements
It would be highly desirable to improve the Neighbor Discovery It would be highly desirable to improve the Neighbor Discovery
mechanics so routers have a usable cache entry for a host address by mechanics so routers have a usable cache entry for a host address by
the time the router receives the first packet for that address. In the time the router receives the first packet for that address. In
particular: particular:
o If the router does not have a Neighbor Cache entry for the * If the router does not have a Neighbor Cache entry for the
address, a STALE entry needs to be created proactively, prior to address, a STALE entry needs to be created proactively, prior to
arrival of the first packet intended for that address. arrival of the first packet intended for that address.
o The solution needs to work for Optimistic addresses as well. * The solution needs to work for Optimistic Addresses as well.
Devices implementing the Optimistic DAD usually attempt to Devices implementing Optimistic DAD usually attempt to minimize
minimize the delay in connecting to the network and therefore are the delay in connecting to the network and therefore are more
more likely to be affected by the problem described in this likely to be affected by the problem described in this document.
document.
o In case of duplicate addresses present in the network, the * In the case of duplicate addresses present in the network, the
proposed solution should not override the existing entry. solution should not override the existing entry.
o In topologies with multiple first-hop routers the cache needs to * In topologies with multiple first-hop routers, the cache needs to
be updated on all of them, as traffic might be asymmetric: be updated on all of them, as traffic might be asymmetric:
outgoing flows leaving the network via one router while the return outgoing flows leaving the network via one router while the return
traffic enters the segment via another one. traffic enters the segment via another one.
In addition the solution must not exacerbate issues described in In addition, the solution must not exacerbate issues described in
[RFC6583] and needs to be compatible with the recommendations [RFC6583] and needs to be compatible with the recommendations
provided in [RFC6583]. provided in [RFC6583].
4. Changes to Neighbor Discovery 4. Changes to Neighbor Discovery
The following changes are required to minimize the delay in creating The following changes are required to minimize the delay in creating
new entries in a router neighbor cache new entries in a router's Neighbor Cache:
o A node sends unsolicited NAs upon assigning a new IPv6 address to * A node sends unsolicited NAs upon assigning a new IPv6 address to
its interface. its interface.
o A router creates a new cache entry upon receiving an unsolicited * A router creates a new cache entry upon receiving an unsolicited
NA from a host. NA from a host.
The following sections discuss these changes in more detail. The following sections discuss these changes in more detail.
Normative changes are specified in Section 6. Normative changes are specified in Section 6.
4.1. Nodes Sending Gratuitous Neighbor Advertisements 4.1. Nodes Sending Gratuitous Neighbor Advertisements
The section 7.2.6 of [RFC4861] discusses using unsolicited Neighbor Section 7.2.6 of [RFC4861] discusses using unsolicited Neighbor
Advertisements to inform node neighbors of the new link-layer address Advertisements to inform node neighbors of the new link-layer address
quickly. The same mechanism could be used to notify the node quickly. The same mechanism could be used to notify the node
neighbors about the new network-layer address as well: the node can neighbors about the new network-layer address as well: the node can
send gratuitous unsolicited Neighbor Advertisements upon assigning a send unsolicited Neighbor Advertisements upon assigning a new IPv6
new IPv6 address to its interface. address to its interface.
To minimize the potential disruption in case of duplicate addresses To minimize potential disruption in the case of duplicate addresses,
the node should not set the Override flag for a preferred address and the node should not set the Override flag for a preferred address and
must not set the Override flag if the address is in Optimistic must not set the Override flag if the address is in the Optimistic
[RFC4429] state. state [RFC4429].
As the main purpose of sending unsolicited NAs upon configuring a new As the main purpose of sending unsolicited NAs upon configuring a new
address is to proactively create a Neighbor Cache entry on the first- address is to proactively create a Neighbor Cache entry on the first-
hop routers, the gratuitous NAs are sent to the all-routers multicast hop routers, the gratuitous NAs are sent to the all-routers multicast
address (ff02::2). Limiting the recipients to routers only would address (ff02::2). Limiting the recipients to routers only would
help reduce the multicast noise level. If the link-layer devices are help reduce the multicast noise level. If the link-layer devices are
performing MLD snooping [RFC4541], then those unsolicited NAs will be performing Multicast Listener Discovery (MLD) snooping [RFC4541],
only sent to routers on the given network segment/link, instead of then those unsolicited NAs will only be sent to routers on the given
being flooded to all nodes. network segment/link, instead of being flooded to all nodes.
It should be noted that the proposed mechanism does not cause any It should be noted that the mechanism discussed here does not cause
significant increase in multicast traffic. The additional multicast any significant increase in multicast traffic. The additional
unsolicited NA would proactively create a STALE cache entry on multicast unsolicited NAs would proactively create a STALE cache
routers as discussed below. When the router receives the return entry on the router, as discussed below. When the router receives
traffic flows it does not need to send multicast NSes to the the return traffic flows, it does not need to send multicast NSes to
solicited node multicast address but would be sending unicast NSes the solicited-node multicast address but would send unicast NSes
instead. Therefore this procedure would only produce an increase in instead. Therefore, this procedure would only produce an increase in
the overall amount of multicast traffic if no return traffic arrives the overall amount of multicast traffic if no return traffic arrives
for the address that sent the unsolicited NA or if the router does for the address that sent the unsolicited NA or if the router does
not create a STALE entry upon receiving such NA. The increase would not create a STALE entry upon receiving such an NA. The increase
be negligible as that additional traffic is a few orders of magnitude would be negligible, as that additional traffic is a few orders of
less than the usual level of Neighbor Discovery multicast traffic. magnitude less than the usual level of Neighbor Discovery multicast
traffic.
4.2. Routers Creating Cache Entries Upon Receiving Unsolicited Neighbor 4.2. Routers Creating Cache Entries upon Receiving Unsolicited Neighbor
Advertisements Advertisements
The section 7.2.5 of [RFC4861] states: "When a valid Neighbor Section 7.2.5 of [RFC4861] states:
Advertisement is received (either solicited or unsolicited), the
Neighbor Cache is searched for the target's entry. If no entry | When a valid Neighbor Advertisement is received (either solicited
exists, the advertisement SHOULD be silently discarded. There is no | or unsolicited), the Neighbor Cache is searched for the target's
need to create an entry if none exists, since the recipient has | entry. If no entry exists, the advertisement SHOULD be silently
apparently not initiated any communication with the target". | discarded. There is no need to create an entry if none exists,
| since the recipient has apparently not initiated any communication
| with the target.
The reasoning behind dropping unsolicited Neighbor Advertisements The reasoning behind dropping unsolicited Neighbor Advertisements
("the recipient has apparently not initiated any communication with ("the recipient has apparently not initiated any communication with
the target") is valid for onlink host-to-host communication but, as the target") is valid for on-link host-to-host communication but, as
discussed above, it does not really apply for the scenario when the discussed in Section 1, it does not really apply to the scenario when
host is announcing its address to routers. Therefore, it would be the host is announcing its address to routers. Therefore, it would
beneficial to allow routers to create new entries upon receiving an be beneficial to allow routers to create new entries upon receiving
unsolicited Neighbor Advertisement. an unsolicited Neighbor Advertisement.
This document updates [RFC4861] so that routers create a new Neighbor This document updates [RFC4861] so that routers create a new Neighbor
Cache entry upon receiving an unsolicited Neighbor Advertisement for Cache entry upon receiving an unsolicited Neighbor Advertisement for
an address that does not already have a Neighbor Cache entry. . The an address that does not already have a Neighbor Cache entry. These
proposed changes do not modify routers behaviour specified in changes do not modify the router behavior specified in [RFC4861] for
[RFC4861] for the scenario when the corresponding Neighbor Cache the scenario when the corresponding Neighbor Cache entry already
entry already exists. exists.
The next section analyses various scenarios of duplicated addresses The next section analyzes various scenarios of duplicate addresses
and discusses the potential impact of creating a STALE entry for a and discusses the potential impact of creating a STALE entry for a
duplicated IPv6 address. duplicate IPv6 address.
5. Avoiding Disruption 5. Avoiding Disruption
If nodes following the recommendations in this document are using the If nodes following the recommendations in this document are using the
DAD mechanism defined in [RFC4862], they would send unsolicited NA as DAD mechanism defined in [RFC4862], they would send unsolicited NAs
soon as the address changes the state from tentative to preferred as soon as the address changes state from tentative to preferred
(after its uniqueness has been verified). However, nodes willing to (after its uniqueness has been verified). However, nodes willing to
minimize network stack configuration delays might be using optimistic minimize network stack configuration delays might be using Optimistic
addresses, which means there is a possibility of the address not Addresses, which means there is a possibility of the address not
being unique on the link. Section 2.2 of [RFC4429] discusses being unique on the link. Section 2.2 of [RFC4429] discusses
measures to ensure that ND packets from the optimistic address do not measures to ensure that ND packets from the Optimistic Address do not
override any existing neighbor cache entries as it would cause override any existing Neighbor Cache entries, as it would cause
traffic interruption of the rightful address owner in case of address interruption of the rightful address owner's traffic in the case of
conflict. As nodes willing to speed up their network stack an address conflict. Nodes that are willing to speed up their
configuration are most likely to be affected by the problem outlined network stack configuration are most likely to be affected by the
in this document it seems reasonable for such hosts to advertise problem outlined in this document; therefore, it seems reasonable for
their optimistic addresses by sending unsolicited NAs. The main such hosts to advertise their Optimistic Addresses by sending
question to consider is the potential risk of overriding the cache unsolicited NAs. The main question to consider is the potential risk
entry for the rightful address owner if the optimistic address of overriding the cache entry for the rightful address owner if the
happens to be duplicated. Optimistic Address happens to be a duplicate.
The following sections discuss the address collision scenario when a The following sections discuss the address collision scenario when a
node sends an unsolicited NA for an address in the Optimistic state, node sends an unsolicited NA for an address in the Optimistic state,
while another node (the rightful owner) has the same address assigned while another node (the rightful owner) already has the same address
already. This document uses the term "the rightful owner" as the assigned. This document uses the term "the rightful owner", as the
same terminology is used in [RFC4429]. The analysis assumes that the same terminology is used in [RFC4429]. The analysis assumes that the
host performs Duplicate Address Detection, as section 5.4 of host performs DAD, as Section 5.4 of [RFC4862] requires that DAD MUST
[RFC4862] requires that DAD MUST be performed on all unicast be performed on all unicast addresses prior to assigning them to an
addresses prior to assigning them to an interface. interface.
5.1. Neighbor Cache Entry Exists in Any State Other Than INCOMPLETE 5.1. Neighbor Cache Entry Exists in Any State Other Than INCOMPLETE
If the router Neighbor Cache entry for the target address already If the router's Neighbor Cache entry for the target address already
exists in any state other than INCOMPLETE, then as per section 7.2.5 exists in any state other than INCOMPLETE, then as per Section 7.2.5
of [RFC4861] an unsolicited NA with the Override flag cleared would of [RFC4861], an unsolicited NA with the Override flag cleared would
change the entry state from REACHABLE to STALE but would not update change the entry state from REACHABLE to STALE but would not update
the entry in any other way. Therefore, even if the host sends an the entry in any other way. Therefore, even if the host sends an
unsolicited NA from its Optimistic address the router cache entry unsolicited NA from its Optimistic Address, the router's cache entry
would not be updated with the new Link-Layer address and no impact to would not be updated with the new link-layer address, and no impact
the traffic for the rightful address owner is expected. on the traffic for the rightful address owner is expected.
The return traffic intended for the host with the Optimistic address The return traffic intended for the host with the Optimistic Address
would be sent to the rightful owner. However, this is unavoidable would be sent to the rightful owner. However, this is unavoidable
with or without the unsolicited NA mechanism. with or without the unsolicited NA mechanism.
5.2. Neighbor Cache Entry is in INCOMPLETE state 5.2. Neighbor Cache Entry Is in INCOMPLETE State
Another corner case is the INCOMPLETE cache entry for the address. Another corner case is the INCOMPLETE cache entry for the address.
1. The router receives a packet for the rightful owner of the 1. The router receives a packet for the rightful owner of the
address. address.
2. The router starts the address resolution process by creating an 2. The router starts the address resolution process by creating an
INCOMPLETE entry and sends the multicast NS. INCOMPLETE entry and sends the multicast NS.
3. More packets arrive at the router for the address in question. 3. More packets arrive at the router for the address in question.
4. The host configures an Optimistic address and sends an 4. The host configures an Optimistic Address and sends an
unsolicited NA. unsolicited NA.
5. The router creates a STALE entry and sends the buffered packet(s) 5. The router creates a STALE entry and sends the buffered packet(s)
to the host (while at least some of those packets are actually to the host (while at least some of those packets are actually
intended for the rightful owner). intended for the rightful owner).
6. As the STALE entry was used to send packets, the router changes 6. As the STALE entry was used to send packets, the router changes
the entry state to DELAY and waits up to DELAY_FIRST_PROBE_TIME the entry state to DELAY and waits up to DELAY_FIRST_PROBE_TIME
([RFC4861], 5 secs) before sending unicast NS. (5 seconds) [RFC4861] before sending a unicast NS.
7. The rightful owner responds to the multicast NS sent at Step 2 7. The rightful owner responds to the multicast NS sent at Step 2
with a solicited NA with the Override flag set. with a solicited NA with the Override flag set.
8. The router updates the entry with the TLLAO supplied (the 8. The router updates the entry with the TLLAO supplied (the
rightful owner link-layer address) and sets the entry state to rightful owner's link-layer address) and sets the entry state to
REACHABLE (as the NA has the Solicited flag set). REACHABLE (as the NA has the Solicited flag set).
As a result some packets (ones in the buffer at Step 6 and all As a result, some packets (packets in the buffer at Step 6 and all
packets arriving between Step 6 and Step 8) are delivered to the host packets arriving between Step 6 and Step 8) are delivered to the host
with the Optimisitc address, while some of them, if not all, are with the Optimistic Address, while some of them, if not all, are
intended for the rightful owner. Without the unsolicited NA, packet intended for the rightful owner. Without the unsolicited NA, one or
which are in the buffer at Step 8 (usually just one packet but some more packets that are in the buffer at Step 8 (usually just one
routers may buffer a few) would have been delivered to the rightful packet, but some routers may buffer a few) would have been delivered
owner and the rest of the packets would have been dropped. However, to the rightful owner and the rest of the packets would have been
the probability of such scenario is rather low as it would require dropped. However, the probability of such a scenario is rather low,
the following things to happen almost simultaneously (within tens of as it would require the following things to happen almost
milliseconds in most cases): simultaneously (within tens of milliseconds in most cases):
o One host starts using a new IPv6 address and sending traffic * One host starts using a new IPv6 address and sending traffic
without sending an unsolicited NA first. without sending an unsolicited NA first.
o Another host configures the same IPv6 address in Optimistic mode * Another host configures the same IPv6 address in Optimistic mode
before the router completes the address resolution for the before the router completes the address resolution process for the
rightful owner. rightful owner.
It should be noted that in this scenario the rigthful owner does not It should be noted that in this scenario the rightful owner does not
send any unsolicited NAs before sending packets. If the rightful send any unsolicited NAs before sending packets. If the rightful
owner implements the functionality described in this document and owner implements the functionality described in this document and
sends unsolicited NAs upon configuring its address, then the router sends unsolicited NAs upon configuring its address, then the router
creates a STALE entry for the address, causing all packets are creates a STALE entry for the address, causing all packets to be
delivered to the rightful owner (see Section 5.1). The rightful delivered to the rightful owner (see Section 5.1). The rightful
owner would experience no disruption but might receive some packets owner would experience no disruption but might receive some packets
intended for the host with Optimistic address. intended for the host with an Optimistic Address.
This section focuses on the scenario when the solicited NA from the This section focuses on the scenario when the solicited NA from the
rightful owner arrives after the unsolicited one sent from the rightful owner arrives after the unsolicited one sent from the
Optimistic address (Step 7 and Step 4 respectively). If the Optimistic Address (Step 7 and Step 4, respectively). If the
solicited NA arrives first it changes the NC entry state from solicited NA arrives first, it changes the NC entry state from
INCOMPLETE to REACHABLE. As discussed in Section 5.1, there will be INCOMPLETE to REACHABLE. As discussed in Section 5.1, there will be
no disruption for the rightful owner if the router already has a no disruption for the rightful owner if the router already has a
REACHABLE entry for the address when an unsolicited NA is received. REACHABLE entry for the address when an unsolicited NA is received.
5.3. Neighbor Cache Entry Does Not Exist 5.3. Neighbor Cache Entry Does Not Exist
There are two distinct scenarios which can lead to the situation when There are two distinct scenarios that can lead to the situation when
the router does not have a NC entry for the IPv6 address: the router does not have an NC entry for the IPv6 address:
1. The rightful owner of the address has not been using it for off- 1. The rightful owner of the address has not been using it for off-
link communication recently or has never used it at all. link communication recently or has never used it at all.
2. The rightful owner just started sending packets from that address 2. The rightful owner just started sending packets from that
but the router has not received any return traffic yet. address, but the router has not received any return traffic yet.
The impact on the rightful owner's traffic flows would be different The impact on the rightful owner's traffic flows would be different
in those cases. in those cases.
5.3.1. The Rightful Owner Is Not Sending Packets From The Address 5.3.1. The Rightful Owner Is Not Sending Packets from the Address
In this scenario the following events are expected to happen: In this scenario, the following events are expected to happen:
1. The host configures the address and sets its state to Optimistic. 1. The host configures the address and sets its state to Optimistic.
2. The host sends an unsolicited NA with the Override flag set to 2. The host sends an unsolicited NA with the Override flag set to
zero and starts sending traffic from the Optimistic address. zero and starts sending traffic from the Optimistic Address.
3. The router creates a STALE entry for the address and the host 3. The router creates a STALE entry for the address and the host
link-layer address. link-layer address.
4. The host starts DAD and detects the address duplication. 4. The host starts DAD and detects the address duplication.
5. The router receives the return traffic for the duplicated 5. The router receives the return traffic for the duplicate address.
address. As the NC entry is STALE it sends traffic using that As the NC entry is STALE, it sends traffic using that entry,
entry, changes it to DELAY and waits up to DELAY_FIRST_PROBE_TIME changes it to DELAY, and waits up to DELAY_FIRST_PROBE_TIME
([RFC4861]) seconds. seconds [RFC4861].
6. The router changes the NC entry state to PROBE and sends up to 6. The router changes the NC entry state to PROBE and sends up to
MAX_UNICAST_SOLICIT ([RFC4861]) unicast NSes separated by MAX_UNICAST_SOLICIT unicast NSes [RFC4861] separated by
RetransTimer milliseconds ([RFC4861]) to the host link-layer RetransTimer milliseconds [RFC4861] to the host link-layer
address. address.
7. As the host has detected the address conflict already it does not 7. As the host has already detected the address conflict, it does
respond to the unicast NSes. (It is unlikely that the host has not respond to the unicast NSes. (It is unlikely that the host
not completed the DAD process at this stage, as has not completed the DAD process at this stage, as
DELAY_FIRST_PROBE_TIME (5 seconds) is much higher than the DAD DELAY_FIRST_PROBE_TIME (5 seconds) is much higher than the DAD
duration (DupAddrDetectTransmits*RetransTimer*1000 + duration (DupAddrDetectTransmits*RetransTimer*1000 +
MAX_RTR_SOLICITATION_DELAY secs, section 5.4 of [RFC4862]). The MAX_RTR_SOLICITATION_DELAY seconds) (Section 5.4 of [RFC4862]).)
default value for the DAD process would be 1*1*1000 + 1 = 2 secs, The default value for the DAD process would be 1*1*1000 + 1 = 2
[RFC4861]. If the host has completed DAD but did not detect the seconds [RFC4861]. If the host has completed DAD but did not
address conflict then there are two hosts with the same address detect the address conflict, then there are two hosts with the
in the Preferred state and the disruption is inevitable anyway. same address in the preferred state and disruption is inevitable
anyway.
8. As the router receives no response for the unicast NSes, it 8. As the router receives no response for the unicast NSes, it
deletes the NC entry. deletes the NC entry.
9. If return packets for communication initiated at step 2 are still 9. If return packets for communication initiated at Step 2 are still
arriving, the router buffers a small number of those packets and arriving, the router buffers a small number of those packets and
starts the address resolution again by sending a multicast NS to starts the address resolution process again by sending a
the solicited node multicast address. The rightful owner multicast NS to the solicited-node multicast address. The
responds and the router NC entry is updated with the rightful rightful owner responds, and the router's NC entry is updated
owner link-local address. The buffered packet(s) are sent to with the rightful owner's link-local address. The buffered
that address. Any packets still arriving after the address packet or packets are sent to that address. Any packets still
resolution still completed are sent to the rightful address owner arriving after the address resolution process has completed are
as well. sent to the rightful address owner as well.
The rightful owner is not experiencing any disruption as it does not The rightful owner is not experiencing any disruption, as it does not
send any traffic. It would only start receiving packets intended for send any traffic. It would only start receiving packets intended for
another host after Step 8 is completed and only if return packets for another host after Step 8 is completed and only if return packets for
the communication initiated at step 2 are still arriving. the communication initiated at Step 2 are still arriving.
However, the same behaviour would be observed if changes proposed in However, the same behavior would be observed if the changes specified
this document are not implemented. If the host starts sending in this document are not implemented. If the host starts sending
packets from its Optimistic address but then changes the address packets from its Optimistic Address but then detects that the address
state to Duplicated, the first return packet would trigger the is a duplicate, the first return packet would trigger the address
address resolution process and would be buffered until the resolution resolution process and would be buffered until the resolution is
is completed. The buffered packet(s) and any packets still arriving completed. The buffered packet(s) and any packets still arriving
after the address is resolved would be forwarded to the rightful after the address is resolved would be forwarded to the rightful
owner of the address. So the rightful owner might still receive one owner of the address. So, the rightful owner might still receive one
or more packets from the flows intended for another host. Therefore, or more packets from the flows intended for another host. Therefore,
it's safe to conclude that the proposed changes do introduce any it's safe to conclude that the changes specified in this document do
disruption for the rightful owner of the duplicated address. not introduce any disruption for the rightful owner of the duplicated
address.
5.3.2. The Rightful Owner Has Started Sending Packets From The Address 5.3.2. The Rightful Owner Has Started Sending Packets from the Address
In this scenario the following events are happening: In this scenario, the following events are happening:
1. The rightful owner starts sending traffic from the address (e.g. 1. The rightful owner starts sending traffic from the address
the address has just been configured or has not been recently (e.g., the address has just been configured or has not been
used). recently used).
2. The host configures the address and sets its state to 2. The host configures the address and sets its state to
Optimistic. Optimistic.
3. The host sends an unsolicited NA with the Override flag set to 3. The host sends an unsolicited NA with the Override flag set to
zero and starts sending traffic from the Optimistic address. zero and starts sending traffic from the Optimistic Address.
4. The router creates a STALE entry for the address and the host 4. The router creates a STALE entry for the address and the host
link-layer address. link-layer address.
5. The host starts DAD and detects the address duplication. 5. The host starts DAD and detects the address duplication.
6. The router receives the return traffic for the IPv6 address in 6. The router receives the return traffic for the IPv6 address in
question. Some flows intended for the rightful owner of the question. Some flows are intended for the rightful owner of the
duplicated address, while some are for the new host. As the NC duplicate address, while some are for the new host. As the NC
entry is STALE it sends traffic using that entry, changes it to entry is STALE, it sends traffic using that entry, changes it to
DELAY and waits up to DELAY_FIRST_PROBE_TIME ([RFC4861]) DELAY, and waits up to DELAY_FIRST_PROBE_TIME seconds [RFC4861].
seconds.
7. The router changes the NC entry state to PROBE and sends up to 7. The router changes the NC entry state to PROBE and sends up to
MAX_UNICAST_SOLICIT ([RFC4861]) unicast NSes separated by MAX_UNICAST_SOLICIT unicast NSes [RFC4861] separated by
RetransTimer milliseconds ([RFC4861]) to the host link-layer RetransTimer milliseconds [RFC4861] to the host link-layer
address. address.
8. As the host has detected the address conflict already it does 8. As the host has already detected the address conflict, it does
not respond to the unicast NSes. not respond to the unicast NSes.
9. As the router receives no response for the unicast NSes, it 9. As the router receives no response for the unicast NSes, it
deletes the NC entry. deletes the NC entry.
10. The next packet re-creates the entry and triggers the resolution 10. The next packet recreates the entry and triggers the resolution
process. The router buffers the packet and sends a multicast NS process. The router buffers the packet and sends a multicast NS
to the solicited node multicast address. The rightful owner to the solicited-node multicast address. The rightful owner
responds and the router NC entry is updated with the rightful responds, and the router's NC entry is updated with the rightful
owner link-local address. owner's link-local address.
As a result the traffic for the address rightful owner would be sent As a result, the traffic for the address of the rightful owner would
to the host with the duplicated address instead. The duration of the be sent to the host with the duplicate address instead. The duration
disruption can be estimated as DELAY_FIRST_PROBE_TIME*1000 + of the disruption can be estimated as DELAY_FIRST_PROBE_TIME*1000 +
(MAX_UNICAST_SOLICIT - 1)*RetransTimer milliseconds. As per the (MAX_UNICAST_SOLICIT - 1)*RetransTimer milliseconds. As per the
constants defined in Section 10 of [RFC4861] this interval is equal constants defined in Section 10 of [RFC4861], this interval is equal
to 5*1000 + (3 - 1)*1000 = 7000ms or 7 seconds. to 5*1000 + (3 - 1)*1000 = 7000 milliseconds, or 7 seconds.
However, it should be noted that the probability of such scenario is However, it should be noted that the probability of such a scenario
rather low. Similary to the scenario discussed in Section 5.2, it is rather low. Similar to the scenario discussed in Section 5.2, it
would require the following things to happen almost simultaneously would require the following things to happen almost simultaneously
(within tens of milliseconds in most cases): (within tens of milliseconds in most cases):
o One host starts using a new IPv6 address and sending traffic * One host starts using a new IPv6 address and sending traffic
without sending an unsolicited NA first. without sending an unsolicited NA first.
o Another host configures the same IPv6 address in Optimistic mode * Another host configures the same IPv6 address in Optimistic mode
before the router receives the return traffic for the first host. before the router receives the return traffic for the first host.
As discussed in Section 5.2, the disruption to the rightful owner can As discussed in Section 5.2, the disruption for the rightful owner
easily be prevent if that node implements the mechanism described in can easily be prevented if that node implements the mechanism
the document. Sending unsolicited NAs before initiatining off-link described in this document. Sending unsolicited NAs before
communication would create a STALE entry in the router NC and prevent initiating off-link communication would create a STALE entry in the
any tarffic to that address to be sent to the host with the router's NC and prevent any traffic to that address from being sent
Optimistic address (see Section 5.1). to the host with the Optimistic Address (see Section 5.1).
6. Modifications to RFC-Mandated Behavior 6. Modifications to RFC-Mandated Behavior
All normative text in this memo is contained in this section. All normative text in this memo is contained in this section.
6.1. Modification to RFC4861 Neighbor Discovery for IP version 6 (IPv6) 6.1. Modification to RFC 4861 (Neighbor Discovery for IP version 6
(IPv6))
6.1.1. Modification to the section 7.2.5 6.1.1. Modification to Section 7.2.5 of RFC 4861
This document makes the following changes to the section 7.2.5 of This document makes the following changes to Section 7.2.5 of
[RFC4861]: [RFC4861]:
------------------------------------------------------------------ The text in RFC 4861 is as follows:
OLD TEXT:
------------------------------------------------------------------
When a valid Neighbor Advertisement is received (either solicited or
unsolicited), the Neighbor Cache is searched for the target's entry.
If no entry exists, the advertisement SHOULD be silently discarded.
There is no need to create an entry if none exists, since the
recipient has apparently not initiated any communication with the
target.
------------------------------------------------------------------
NEW TEXT:
------------------------------------------------------------------
When a valid Neighbor Advertisement is received (either solicited or
unsolicited), the Neighbor Cache is searched for the target's entry.
If no entry exists:
o Hosts SHOULD silently discard the advertisement. There is no need | When a valid Neighbor Advertisement is received (either solicited
to create an entry if none exists, since the recipient has | or unsolicited), the Neighbor Cache is searched for the target's
apparently not initiated any communication with the target. | entry. If no entry exists, the advertisement SHOULD be silently
| discarded. There is no need to create an entry if none exists,
| since the recipient has apparently not initiated any communication
| with the target.
o Routers SHOULD create a new entry for the target address with the This document updates the text as follows:
link-layer address set to the Target link-layer address option (if
supplied). The entry's reachability state MUST be set to STALE.
If the received Neighbor Advertisement does not contain the Target
link-layer address option the advertisement SHOULD be silently
discarded.
------------------------------------------------------------------ | When a valid Neighbor Advertisement is received (either solicited
| or unsolicited), the Neighbor Cache is searched for the target's
| entry. If no entry exists:
|
| * Hosts SHOULD silently discard the advertisement. There is no
| need to create an entry if none exists, since the recipient has
| apparently not initiated any communication with the target.
|
| * Routers SHOULD create a new entry for the target address with
| the link-layer address set to the Target Link-Layer Address
| Option (if supplied). The entry's reachability state MUST be
| set to STALE. If the received Neighbor Advertisement does not
| contain the Target Link-Layer Address Option, the advertisement
| SHOULD be silently discarded.
6.1.2. Modification to the section 7.2.6 6.1.2. Modification to Section 7.2.6 of RFC 4861
This document proposes the following changes to the section 7.2.6 of This document makes the following changes to Section 7.2.6 of
[RFC4861]: [RFC4861]:
OLD TEXT: The text in RFC 4861 is as follows:
------------------------------------------------------------------
Also, a node belonging to an anycast address MAY multicast
unsolicited Neighbor Advertisements for the anycast address when the
node's link-layer address changes.
------------------------------------------------------------------
NEW TEXT:
------------------------------------------------------------------
Also, a node belonging to an anycast address MAY multicast
unsolicited Neighbor Advertisements for the anycast address when the
node's link-layer address changes.
A node may also wish to notify its first-hop routers when it
configures a new global IPv6 address so the routers can proactively
populate their neighbor caches with the corresponding entries. In
such cases a node SHOULD send up to MAX_NEIGHBOR_ADVERTISEMENT
Neighbor Advertisement messages. If the address is preferred then
the Override flag SHOULD NOT be set. If the address is in the
Optimistic state then the Override flag MUST NOT be set. The
destination address SHOULD be set to the all-routers multicast
address. These advertisements MUST be separated by at least
RetransTimer seconds. The first advertisement SHOULD be sent as soon
as one of the following events happens:
o if Optimistic DAD [RFC4429] is used: a new Optimistic address is | Also, a node belonging to an anycast address MAY multicast
assigned to the node interface. | unsolicited Neighbor Advertisements for the anycast address when
| the node's link-layer address changes.
o if Optimistic DAD is not used: an address changes the state from This document updates the text as follows:
tentative to preferred.
------------------------------------------------------------------ | Also, a node belonging to an anycast address MAY multicast
| unsolicited Neighbor Advertisements for the anycast address when
| the node's link-layer address changes.
|
| A node may also wish to notify its first-hop routers when it
| configures a new global IPv6 address so the routers can
| proactively populate their Neighbor Caches with the corresponding
| entries. In such cases, a node SHOULD send up to
| MAX_NEIGHBOR_ADVERTISEMENT Neighbor Advertisement messages. If
| the address is preferred, then the Override flag SHOULD NOT be
| set. If the address is in the Optimistic state, then the Override
| flag MUST NOT be set. The destination address SHOULD be set to
| the all-routers multicast address. These advertisements MUST be
| separated by at least RetransTimer seconds. The first
| advertisement SHOULD be sent as soon as one of the following
| events happens:
| If Optimistic DAD [RFC4429] is used: A new Optimistic Address is
| assigned to the node interface.
|
| If Optimistic DAD is not used: An address changes the state from
| tentative to preferred.
7. Solution Limitations 7. Solution Limitations
The solution described in this document provides some improvement for The solution described in this document provides some improvement for
a node configuring a new IPv6 address and starting sending traffic a node configuring a new IPv6 address and starting to send traffic
from it. However, that approach does not completely eliminate the from it. However, that approach does not completely eliminate the
scenario when a router receives some transit traffic for an address scenario when a router receives some transit traffic for an address
without the corresponding Neighbor Cache entry. For example: without the corresponding Neighbor Cache entry. For example:
o If the host starts using an already configured IPv6 address after * If the host starts using an already-configured IPv6 address after
a long period of inactivity, the router might not have the NC a long period of inactivity, the router might not have the NC
entry for that address anymore, as old/expired entries are entry for that address anymore, as old/expired entries are
deleted. deleted.
o Clearing the router Neighbor Cache would trigger the packet loss * Clearing the router's Neighbor Cache would trigger packet loss for
for all actively used addresses removed from the cache. all actively used addresses removed from the cache.
8. Solutions Considered but Discarded 8. Solutions Considered but Discarded
There are other possible approaches to address the problem, for There are other possible approaches to address the problem. For
example: example:
o Just do nothing. * Just do nothing.
o Migrating from the "reactive" Neighbor Discovery ([RFC4861]) to * Migrate from the "reactive" Neighbor Discovery [RFC4861] to the
the registration-based mechanisms ([RFC8505]). registration-based mechanisms [RFC8505].
o Creating new entries in routers Neighbor Cache by gleaning from * Create new entries in the router's Neighbor Cache by gleaning from
Neighbor Discovery DAD messages. Neighbor Discovery DAD messages.
o Initiates bidirectional communication from the host to the router * Initiate bidirectional communication from the host to the router
using the host GUA. using the host GUA.
o Making the probing logic on hosts more robust. * Make the probing logic on hosts more robust.
o Increasing the buffer size on routers. * Increase the buffer size on routers.
o Transit dataplane traffic from an unknown address (an address w/o * Transit data plane traffic from an unknown address (an address
the corresponding neighbor cache entry) triggers an address without the corresponding Neighbor Cache entry) to trigger an
resolution process on the router. address resolution process on the router.
It should be noted that some of those options are already implemented It should be noted that some of those options are already implemented
by some vendors. The following sections discuss those approaches and by some vendors. The following sections discuss those approaches and
the reasons they were discarded. the reasons they were discarded.
8.1. Do Nothing 8.1. Do Nothing
One of the possible approaches might be to declare that everything is One of the possible approaches might be to declare that everything is
working as intended and let the upper-layer protocols deal with working as intended and let the upper-layer protocols deal with
packet loss. The obvious drawbacks include: packet loss. The obvious drawbacks include:
o Unhappy users. * Unhappy users.
o Many support tickets. * Many support tickets.
o More resistance to deploy IPv6 and IPv6-Only networks. * More resistance to deploying IPv6 and IPv6-only networks.
8.2. Change to the Registration-Based Neighbor Discovery 8.2. Change to the Registration-Based Neighbor Discovery
The most radical approach would be to move away from the reactive ND The most radical approach would be to move away from the reactive ND
as defined in [RFC4861] and expand the registration-based ND as defined in [RFC4861] and expand the registration-based ND
([RFC6775], [RFC8505]) used in Low-Power Wireless Personal Area [RFC6775] [RFC8505] used in IPv6 over Low-Power Wireless Personal
Networks (6LoWPANs) to the rest of IPv6 deployments. This option Area Networks (6LoWPANs) to the rest of the IPv6 deployments. This
requires some investigation and discussion. However, significant option requires some investigation and discussion. However,
changes to the existing IPv6 implementations would be needed, so significant changes to the existing IPv6 implementations would be
unclear adoption timeline makes this approach less preferable than needed, so an unclear adoption timeline makes this approach less
one proposed in this document. preferable than the approach specified in this document.
8.3. Host Sending NS to the Router Address from Its GUA 8.3. Host Sending NS to the Router Address from Its GUA
The host could force creating a STALE entry for its GUA in the router The host could force the creation of a STALE entry for its GUA in the
ND cache by sending the following Neighbor Solicitation message: router's Neighbor Cache by sending the following Neighbor
Solicitation message:
o The NS source address is the host GUA. * The NS source address is the host GUA.
o The destination address is the default router IPv6 address. * The destination address is the default router IPv6 address.
o The Source Link-Layer Address option contains the host link-layer * The Source Link-Layer Address Option contains the host link-layer
address. address.
o The target address is the host default router address (the default * The target address is the host's default router address (the
router address the host received in the RA). default router address the host received in the RA).
The main disadvantages of this approach are: The main disadvantages of this approach are as follows:
o Would not work for Optimistic addresses as section 2.2 of * It would not work for Optimistic Addresses, as Section 2.2 of
[RFC4429] explicitly prohibits sending Neighbor Solicitations from [RFC4429] explicitly prohibits sending Neighbor Solicitations from
an Optimistic Address. an Optimistic Address.
o If first-hop redundancy is deployed in the network, the NS would * If first-hop redundancy is deployed in the network, the NS would
reach the active router only, so all backup routers (or all active reach the active router only, so all backup routers (or all active
routers except one) would not get their neighbor cache updated. routers except one) would not get their Neighbor Cache updated.
o Some wireless devices are known to alter ND packets and perform * Some wireless devices are known to alter ND packets and perform
various non-obvious forms of ND proxy actions. In some cases, various nonobvious forms of ND proxy actions. In some cases,
unsolicited NAs might not even reach the routers. unsolicited NAs might not even reach the routers.
8.4. Host Sending Router Solicitation from its GUA 8.4. Host Sending Router Solicitation from Its GUA
The host could send a router solicitation message to 'all routers' The host could send a Router Solicitation message to the all-routers
multicast address, using its GUA as a source. If the host link-layer multicast address, using its GUA as a source. If the host link-layer
address is included in the Source Link-Layer Address option, the address is included in the Source Link-Layer Address Option, the
router would create a STALE entry for the host GUA as per the section router would create a STALE entry for the host GUA as per
6.2.6 of [RFC4861]. However, this approach cannot be used if the GUA Section 6.2.6 of [RFC4861]. However, this approach cannot be used if
is in optimistic state: section 2.2 of [RFC4429] explicitly prohibits the GUA is in the Optimistic state: Section 2.2 of [RFC4429]
using an Optimistic Address as the source address of a Router explicitly prohibits using an Optimistic Address as the source
Solicitation with a SLLAO as it might disrupt the rightful owner of address of a Router Solicitation with a SLLAO, as it might cause
the address in the case of a collision. So for the optimistic disruption for the rightful owner of the address in the case of a
addresses the host can send an RS without SLLAO included. In that collision. So, for the Optimistic Addresses, the host can send an RS
case the router may respond with either a multicast or a unicast RA without a SLLAO included. In that case, the router may respond with
(only the latter would create a cache entry). either a multicast or unicast RA (only the latter would create a
cache entry).
This approach has the following drawbacks: This approach has the following drawbacks:
o If the address is in the Optimistic state the RS cannot contain * If the address is in the Optimistic state, the RS cannot contain a
SLLAO. As a result the router would only create a cache entry if SLLAO. As a result, the router would only create a cache entry if
solicited RAs are sent as unicast. Routers sending solicited RAs solicited RAs are sent as unicast. Routers sending solicited RAs
as multicast would not create a new cache entry as they do not as multicast would not create a new cache entry, as they do not
need to send a unicast packet back to the host. need to send a unicast packet back to the host.
o There might be a random delay between receiving an RS and sending * There might be a random delay between receiving an RS and sending
a unicast RA back (and creating a cache entry) which might a unicast RA back (and creating a cache entry), which might
undermine the idea of creating the cache entry proactively. undermine the idea of creating the cache entry proactively.
o Some wireless devices are known to intercept ND packets and * Some wireless devices are known to intercept ND packets and
perform various non-obvious forms of ND proxy actions. In some perform various nonobvious forms of ND proxy actions. In some
cases the RS might not even reach the routers. cases, the RS might not even reach the routers.
8.5. Routers Populating Their Caches by Gleaning From Neighbor 8.5. Routers Populating Their Caches by Gleaning from Neighbor
Discovery Packets Discovery Packets
Routers may be able to learn about new addresses by gleaning from the Routers may be able to learn about new addresses by gleaning from the
DAD Neighbor Solicitation messages. The router could listen to all DAD Neighbor Solicitation messages. The router could listen to all
solicited node multicast address groups and upon receiving a Neighbor solicited-node multicast address groups and, upon receiving a
Solicitation from the unspecified address search its Neighbor Cache Neighbor Solicitation from the unspecified address, search its
for the solicitation's Target Address. If no entry exists, the Neighbor Cache for the solicitation's target address. If no entry
router may create an entry, set its reachability state to exists, the router may create an entry, set its reachability state to
'INCOMPLETE' and start the address resolution for that entry. INCOMPLETE, and start the address resolution process for that entry.
The same solution was proposed in The same solution was proposed in [ND-ADDR-RES]. Some routing
[I-D.halpern-6man-nd-pre-resolve-addr]. Some routing vendors support vendors already support such optimization. However, this approach
such optimization already. However, this approach has a number of has a number of drawbacks and therefore should not be used as the
drawbacks and therefore should not be used as the only solution: only solution:
o Routers need to receive all multicast Neighbor Discovery packets * Routers need to receive all multicast Neighbor Discovery packets;
which might negatively impact the routers CPU. this might negatively impact a router's CPU.
o If the router starts the address resolution as soon as it receives * If the router starts the address resolution process as soon as it
the DAD Neighbor Solicitation the host might be still performing receives the DAD Neighbor Solicitation, the host might still be
DAD and the target address might be tentative. In that case, the performing DAD and the target address might be tentative. In that
host SHOULD silently ignore the received Neighbor Solicitation case, the host SHOULD silently ignore the received Neighbor
from the router as per the Section 5.4.3 of [RFC4862]. As a Solicitation from the router as per Section 5.4.3 of [RFC4862].
result the router might not be able to complete the address As a result, the router might not be able to complete the address
resolution before the return traffic arrives. resolution process before the return traffic arrives.
8.6. Initiating Hosts-to-Routers Communication 8.6. Initiating Host-to-Router Communication
The host may force the router to start address resolution by sending The host may force the router to start address resolution by sending
a data packet such as ping or traceroute to its default router link- a data packet such as ping or traceroute to its default router link-
local address, using the GUA as a source address. As the RTT to the local address, using the GUA as a source address. As the RTT to the
default router is lower than RTT to any off-link destinations it's default router is lower than the RTT to any off-link destinations,
quite likely that the router would start the neighbor discovery it's quite likely that the router would start the Neighbor Discovery
process for the host GUA before the first packet of the returning process for the host GUA before the first packet of the returning
traffic arrives. traffic arrives.
This approach has the following drawbacks: This approach has the following drawbacks:
o Data packets to the router link-local address could be blocked by * Data packets to the router's link-local address could be blocked
security policy or control plane protection mechanism. by a security policy or control plane protection mechanism.
o It introduces an additional overhead for routers control plane (in * It introduces an additional overhead for the router's control
addition to processing ND packets, the data packet needs to be plane (in addition to processing ND packets, the data packet needs
processed as well). to be processed as well).
o Unless the data packet is sent to 'all routers' ff02::2 multicast * Unless the data packet is sent to the all-routers ff02::2
address, if the network provides a first-hop redundancy then only multicast address, if the network provides a first-hop redundancy,
the active router would create a new cache entry. then only the active router would create a new cache entry.
8.7. Making the Probing Logic on Hosts More Robust 8.7. Making the Probing Logic on Hosts More Robust
Theoretically the probing logic on hosts might be modified to deal Theoretically, the probing logic on hosts might be modified to better
better with initial packet loss. For example, only one probe can be deal with initial packet loss. For example, only one probe can be
sent or probes retransmit intervals can be reduced. However, this sent, or probe retransmit intervals can be reduced. However, this
approach has a number of drawbacks: approach has a number of drawbacks:
o It would require updating all possible applications performing * It would require updating all possible applications that perform
probing, while the proposed solution is implemented on operating probing, while the solution described in this document is
systems level. implemented at the operating-system level.
o Some implementations need to send multiple probes. Examples * Some implementations need to send multiple probes. Examples
include but not limited to: include but are not limited to:
* Sending AAAA and A records DNS probes in parallel. - Sending AAAA and A record DNS probes in parallel.
* Detecting captive portals often require sending multiple - Detecting captive portals, which often requires sending
packets. multiple packets.
o While it would increase the probability of the probing to complete * While it would increase the probability that the probing will
successfully, there are multiple cases when packet loss would complete successfully, there are multiple cases when packet loss
still occur: would still occur:
* The probe response consists of multiple packets, so all but the - The probe response consists of multiple packets, so all but the
first one are dropped. first one are dropped.
* There are multiple applications on the same host sending - There are multiple applications on the same host sending
traffic and return packets arrive simultaneously. traffic, and return packets arrive simultaneously.
* There are multiple first-hop routers in the network. The first - There are multiple first-hop routers in the network. The first
probe packet creates the NC entry on one of them. The probe packet creates the NC entry on one of them. The
subsequent return traffic flows might cross other routers and subsequent return traffic flows might cross other routers and
still experience the issue. still experience the issue.
o Reducing the probe retransmit interval unnecessary increases the * Reducing the probe retransmit interval unnecessarily increases
network utilization and might cause the network congestion. network utilization and might cause network congestion.
8.8. Increasing the Buffer Size on Routers 8.8. Increasing the Buffer Size on Routers
Increasing the buffer size and buffering more packets would Increasing the buffer size and buffering more packets would
exacerbate issues described in [RFC6583] and make the router more exacerbate issues described in [RFC6583] and make the router more
vulnerable to ND-based denial of service attacks. vulnerable to ND-based denial-of-service attacks.
8.9. Transit Dataplane Traffic From a New Address Triggering Address 8.9. Transit Data Plane Traffic from a New Address to Trigger Address
Resolution Resolution
When a router receives a transit packet sourced by a on-link neighbor When a router receives a transit packet sourced by an on-link
node, it might check the presence of the neighbor cache entry for the neighbor node, it might check for the presence of a Neighbor Cache
packet source address and if the entry does not exist, start address entry for the packet source address and, if the entry does not exist,
resolution process. This approach does ensure that a Neighbor Cache start the address resolution process. This approach does ensure that
entry is proactively created every time a new, previously unseen GUA a Neighbor Cache entry is proactively created every time a new,
is used for sending offlink traffic. However, this approach has a previously unseen GUA is used for sending off-link traffic. However,
number of limitations, in particular: this approach has a number of limitations. In particular:
o If traffic flows are asymmetrical the return traffic might not * If traffic flows are asymmetrical, the return traffic might not
transit the same router as the original traffic which triggered transit the same router as the original traffic that triggered the
the address resolution. So the neighbor cache entry is created on address resolution process. So, the Neighbor Cache entry is
the "wrong" router, not the one which actually needs the neighbor created on the "wrong" router, not the one that actually needs the
cache entry for the host address. Neighbor Cache entry for the host address.
o The functionality needs to be limited to explicitly configured * The functionality needs to be limited to explicitly configured
networks/interfaces, as the router needs to distinguish between networks/interfaces, as the router needs to distinguish between
onlink addresses (ones the router needs to have Neighbor Cache on-link addresses (addresses for which the router needs to have
entries for) and the rest of the address space. The proactive Neighbor Cache entries) and the rest of the address space. The
address resolution must only be triggered by packets from the proactive address resolution process must only be triggered by
prefixes known to be on-link. Otherwise, traffic from spoofed packets from the prefixes known to be on-link. Otherwise, traffic
source addresses or any transit traffic could lead to neighbor from spoofed source addresses or any transit traffic could lead to
cache exhaustion. Neighbor Cache exhaustion.
o Implementing such functionality is much more complicated than all * Implementing such functionality is much more complicated than all
other solutions as it would involve complex data-control planes other solutions, as it would involve complex interactions between
interaction. the data plane and the control plane.
9. IANA Considerations 9. IANA Considerations
This memo asks the IANA for no new parameters. This document has no IANA actions.
10. Security Considerations 10. Security Considerations
One of the potential attack vectors to consider is a cache spoofing One of the potential attack vectors to consider is cache spoofing,
when the attacker might try to install a cache entry for the victim's where the attacker might try to install a cache entry for the
IPv6 address and the attacker's Link-Layer address. However, it victim's IPv6 address and the attacker's link-layer address.
should be noted that this document does not propose any changes for However, it should be noted that this document does not propose any
the scenario when the ND cache for the given IPv6 address already changes for the scenario when the Neighbor Cache for a given IPv6
exists. Therefore, there are no new vectors for an attacker to address already exists. Therefore, there are no new vectors for an
override an existing cache entry. attacker to override an existing cache entry.
Section 5 describes some corner cases when a host with the duplicated Section 5 describes some corner cases when a host with a duplicate
Optimistic address might get some packets intended for the rightful Optimistic Address might get some packets intended for the rightful
owner of the address. However such scenarios do not introduce any owner of the address. However, such scenarios do not introduce any
new attack vectors: even without the proposed changes, an attacker new attack vectors: even without the changes discussed in this
can easily override the routers neighbor cache and redirect the document, an attacker can easily override the router's Neighbor Cache
traffic by sending NAs with the Solicited flag set. As discussed in and redirect the traffic by sending NAs with the Solicited flag set.
Section 5.3.2 the worst case scenario might cause a disruption for up As discussed in Section 5.3.2, the worst-case scenario might cause a
to 7 seconds. This risk is considered acceptable due to very low disruption for up to 7 seconds. Because this scenario is highly
probability of that scenario. More importantly, for all cases unlikely, this risk of disruption is considered acceptable. More
described in Section 5 the rightful owner can prevent disruption importantly, for all cases described in Section 5, the rightful owner
caused by an accidental address duplication just by implementing the can prevent disruption caused by an accidental address duplication
mechanism described in this document. If the rightful owner sends just by implementing the mechanism described in this document. If
unsolicited NAs before using the address, the STALE entry would be the rightful owner sends unsolicited NAs before using the address,
created on the router NC and any subsequent unsolicited NAs sent from the STALE entry would be created on the router's NC, and any
the host with an Optimistic address would not override the NC entry. subsequent unsolicited NAs sent from the host with an Optimistic
Address would not override the NC entry.
A malicious host could attempt to exhaust the neighbor cache on the A malicious host could attempt to exhaust the Neighbor Cache on the
router by creating a large number of STALE entries. However, this router by creating a large number of STALE entries. However, this
attack vector is not new and this document does not increase the risk attack vector is not new, and the mechanism specified in this
of such an attack: the attacker could do it, for example, by sending document does not increase the risk of such an attack: the attacker
a NS or RS packet with SLLAO included. All recommendations from could do it, for example, by sending an NS or RS packet with a SLLAO
[RFC6583] still apply. included. All recommendations from [RFC6583] still apply.
Announcing a new address to all-routers multicast address may inform Announcing a new address to the all-routers multicast address may
an on-link attacker about IPv6 addresses assigned to the host. inform an on-link attacker about IPv6 addresses assigned to the host.
However, hiding information about the specific IPv6 address should However, hiding information about the specific IPv6 address should
not be considered a security measure as such information is usually not be considered a security measure, as such information is usually
disclosed via DAD to all nodes anyway if MLD snooping is not enabled. disclosed via DAD to all nodes anyway if MLD snooping is not enabled.
Network administrators can also mitigate this issue by enabling MLD Network administrators can also mitigate this issue by enabling MLD
snooping on the link-layer devices to prevent IPv6 link-local snooping on the link-layer devices to prevent IPv6 link-local
multicast packets being flooded to all onlink nodes. If peer-to-peer multicast packets from being flooded to all on-link nodes. If peer-
onlink communications are not desirable for the given network segment to-peer on-link communications are not desirable for a given network
they should be prevented by proper layer-2 security mechanisms. segment, they should be prevented by proper Layer 2 security
Therefore, the risk of allowing hosts to send unsolicited Neighbor mechanisms. Therefore, the risk of allowing hosts to send
Advertisements to all-routers multicast address is low. unsolicited Neighbor Advertisements to the all-routers multicast
address is low.
It should be noted that the proposed mechanism allows hosts to
proactively inform their routers about global IPv6 addresses existing
on-link. Routers could use that information to distinguish between
used and unused addresses to mitigate ND cache exhaustion DoS attacks
described in Section 4.3.2 [RFC3756] and [RFC6583].
11. Acknowledgements
Thanks to the following people (in alphabetical order) for their It should be noted that the mechanism discussed in this document
comments, review and feedback: Mikael Abrahamsson, Stewart Bryant, allows hosts to proactively inform their routers about global IPv6
Lorenzo Colitti, Roman Danyliw, Owen DeLong, Martin Duke, Igor addresses existing on-link. Routers could use that information to
Gashinsky, Carles Gomez, Fernando Gont, Tatuya Jinmei, Benjamin distinguish between used and unused addresses to mitigate Neighbor
Kaduk, Scott Kelly, Erik Kline, Warren Kumari, Barry Leiba, Jordi Cache exhaustion DoS attacks as described in Section 4.3.2 of
Palet Martinez, Erik Nordmark, Michael Richardson, Dan Romascanu, [RFC3756] and in [RFC6583].
Zaheduzzaman Sarker, Michael Scharf, John Scudder, Mark Smith, Dave
Thaler, Pascal Thubert, Loganaden Velvindron, Eric Vyncke.
12. References 11. References
12.1. Normative References 11.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, DOI 10.17487/RFC4291, February Architecture", RFC 4291, DOI 10.17487/RFC4291, February
2006, <https://www.rfc-editor.org/info/rfc4291>. 2006, <https://www.rfc-editor.org/info/rfc4291>.
skipping to change at page 23, line 5 skipping to change at line 1033
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862, Address Autoconfiguration", RFC 4862,
DOI 10.17487/RFC4862, September 2007, DOI 10.17487/RFC4862, September 2007,
<https://www.rfc-editor.org/info/rfc4862>. <https://www.rfc-editor.org/info/rfc4862>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
12.2. Informative References 11.2. Informative References
[I-D.halpern-6man-nd-pre-resolve-addr] [ND-ADDR-RES]
Chen, I. and J. Halpern, "Triggering ND Address Resolution Chen, I. and J. Halpern, "Triggering ND Address Resolution
on Receiving DAD-NS", draft-halpern-6man-nd-pre-resolve- on Receiving DAD-NS", Work in Progress, Internet-Draft,
addr-00 (work in progress), January 2014. draft-halpern-6man-nd-pre-resolve-addr-00, 10 January
2014, <https://datatracker.ietf.org/doc/html/draft-
halpern-6man-nd-pre-resolve-addr-00>.
[RFC3756] Nikander, P., Ed., Kempf, J., and E. Nordmark, "IPv6 [RFC3756] Nikander, P., Ed., Kempf, J., and E. Nordmark, "IPv6
Neighbor Discovery (ND) Trust Models and Threats", Neighbor Discovery (ND) Trust Models and Threats",
RFC 3756, DOI 10.17487/RFC3756, May 2004, RFC 3756, DOI 10.17487/RFC3756, May 2004,
<https://www.rfc-editor.org/info/rfc3756>. <https://www.rfc-editor.org/info/rfc3756>.
[RFC4541] Christensen, M., Kimball, K., and F. Solensky, [RFC4541] Christensen, M., Kimball, K., and F. Solensky,
"Considerations for Internet Group Management Protocol "Considerations for Internet Group Management Protocol
(IGMP) and Multicast Listener Discovery (MLD) Snooping (IGMP) and Multicast Listener Discovery (MLD) Snooping
Switches", RFC 4541, DOI 10.17487/RFC4541, May 2006, Switches", RFC 4541, DOI 10.17487/RFC4541, May 2006,
skipping to change at page 24, line 5 skipping to change at line 1081
Wireless Personal Area Network (6LoWPAN) Neighbor Wireless Personal Area Network (6LoWPAN) Neighbor
Discovery", RFC 8505, DOI 10.17487/RFC8505, November 2018, Discovery", RFC 8505, DOI 10.17487/RFC8505, November 2018,
<https://www.rfc-editor.org/info/rfc8505>. <https://www.rfc-editor.org/info/rfc8505>.
[RFC8981] Gont, F., Krishnan, S., Narten, T., and R. Draves, [RFC8981] Gont, F., Krishnan, S., Narten, T., and R. Draves,
"Temporary Address Extensions for Stateless Address "Temporary Address Extensions for Stateless Address
Autoconfiguration in IPv6", RFC 8981, Autoconfiguration in IPv6", RFC 8981,
DOI 10.17487/RFC8981, February 2021, DOI 10.17487/RFC8981, February 2021,
<https://www.rfc-editor.org/info/rfc8981>. <https://www.rfc-editor.org/info/rfc8981>.
Acknowledgements
Thanks to the following people (in alphabetical order) for their
comments, review, and feedback: Mikael Abrahamsson, Stewart Bryant,
Lorenzo Colitti, Roman Danyliw, Owen DeLong, Martin Duke, Igor
Gashinsky, Carles Gomez, Fernando Gont, Tatuya Jinmei, Benjamin
Kaduk, Scott Kelly, Erik Kline, Warren Kumari, Barry Leiba, Jordi
Palet Martinez, Erik Nordmark, Michael Richardson, Dan Romascanu,
Zaheduzzaman Sarker, Michael Scharf, John Scudder, Mark Smith, Dave
Thaler, Pascal Thubert, Loganaden Velvindron, and Éric Vyncke.
Author's Address Author's Address
Jen Linkova Jen Linkova
Google Google
1 Darling Island Rd 1 Darling Island Rd
Pyrmont, NSW 2009 Pyrmont NSW 2009
AU Australia
Email: furry@google.com Email: furry@google.com
 End of changes. 201 change blocks. 
576 lines changed or deleted 569 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/