Re: [dna] [DNA] RE: DNA and DHCPv6

"Bernard Aboba" <> Fri, 20 November 2009 18:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 90B573A694A; Fri, 20 Nov 2009 10:36:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.592
X-Spam-Status: No, score=-1.592 tagged_above=-999 required=5 tests=[AWL=1.007, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id leLFlvhv8Gu9; Fri, 20 Nov 2009 10:36:00 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id AF42E3A6927; Fri, 20 Nov 2009 10:36:00 -0800 (PST)
Received: from BLU137-DS4 ([]) by with Microsoft SMTPSVC(6.0.3790.3959); Fri, 20 Nov 2009 10:35:58 -0800
X-Originating-IP: []
X-Originating-Email: []
Message-ID: <BLU137-DS4C7DE5A88C342B71FFF7193A10@phx.gbl>
From: "Bernard Aboba" <>
To: "'Bernard Aboba'" <>, "'Ralph Droms'" <>
References: <> <BLU137-DS32F4D6442FA52382BD73893A10@phx.gbl> <> <BLU137-DS1D82CF3CD90846438826393A10@phx.gbl> <> <25152_1258740954_4B06DCDA_25152_2200991_1_BLU137-DS54781303180257DD0D9B193A10@phx.gbl>
In-Reply-To: <25152_1258740954_4B06DCDA_25152_2200991_1_BLU137-DS54781303180257DD0D9B193A10@phx.gbl>
Date: Fri, 20 Nov 2009 10:35:57 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcpqBNnNVd3CGmG9QOq/2sdEBHweEQACBh2AAAC75EA=
Content-Language: en-us
X-OriginalArrivalTime: 20 Nov 2009 18:35:58.0132 (UTC) FILETIME=[4D3C9F40:01CA6A10]
Cc: 'DNA' <>,,, 'IESG IESG' <>, 'dhc WG' <>
Subject: Re: [dna] [DNA] RE: DNA and DHCPv6
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNA working group mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 20 Nov 2009 18:36:01 -0000

One potential wrinkle occurs in the case where the NS/NA, RS/RA and DHCPv6
exchanges have unequal levels of security.  For example, Section 4.7.1
states that if the NS/NA is secured with SEND and the DHCPv6 exchange is
not, then DNA takes priority.  However, where there are equal levels of
security (or insecurity), then I believe DNA should work as per below. 

-----Original Message-----
[] On Behalf Of Bernard Aboba
Sent: Friday, November 20, 2009 10:15 AM
To: 'Ralph Droms'
Cc: 'DNA';; 'Suresh Krishnan (QB/EMC)';; 'Jari Arkko'; 'IESG IESG'; 'dhc WG'
Subject: [DNA] RE: DNA and DHCPv6

"So, would this be an accurate description of Simple DNA:

* Send NS for each candidate link to the default router for that link
* Initiate RS/RA exchange as specified in RFC 4861
* Initiate DHCPv6 exchange as specified in RFC 3315

* If an NA is received, used cached info for corresponding link from  
* Process any received RAs as specified in RFC 4861
* Use info from DHCPv6 exchange as specified in RFC 3315
* Info from RA and/or DHCPv6 overrides any reused cached info based on NA"

[BA] I believe so, yes.  Aside from the DHCPv6 issues, there were a few
deviations with respect to RS/RA that were raised in the IESG review. 
I think we need to look at those carefully as well.