RE: 6MAN WG Last Call:draft-ietf-6man-ipv6-subnet-model-00.txt

"MILES DAVID" <> Mon, 14 July 2008 03:16 UTC

Return-Path: <>
Received: from [] (localhost []) by (Postfix) with ESMTP id E6D4E28C14C; Sun, 13 Jul 2008 20:16:08 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id F24F228C13E for <>; Sun, 13 Jul 2008 20:16:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.547
X-Spam-Status: No, score=0.547 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, ROUND_THE_WORLD_LOCAL=2.696]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fYsCLADTtm-g for <>; Sun, 13 Jul 2008 20:16:07 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 1C6F23A693D for <>; Sun, 13 Jul 2008 20:16:06 -0700 (PDT)
Received: from ( []) by (8.13.8/IER-o) with ESMTP id m6E3GUIH004375; Sun, 13 Jul 2008 22:16:30 -0500 (CDT)
Received: from ( []) by (8.13.8/emsr) with ESMTP id m6E3GSGs000162; Sun, 13 Jul 2008 22:16:29 -0500 (CDT)
Received: from ( []) by (8.13.7/8.13.7/Alcanet1.0) with ESMTP id m6E33MjH003038; Mon, 14 Jul 2008 11:03:22 +0800
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.1830); Mon, 14 Jul 2008 11:16:26 +0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: 6MAN WG Last Call:draft-ietf-6man-ipv6-subnet-model-00.txt
Date: Mon, 14 Jul 2008 11:15:02 +0800
Message-ID: <>
In-Reply-To: <>
Thread-Topic: 6MAN WG Last Call:draft-ietf-6man-ipv6-subnet-model-00.txt
Thread-Index: AcjjiL2JL7mumBJPQYigdSKP+J0ZSQBzTEQg
References: <>
From: "MILES DAVID" <>
To: <>, "Hemant Singh \(shemant\)" <>, <>, "Wes Beebee \(wbeebee\)" <>
X-OriginalArrivalTime: 14 Jul 2008 03:16:26.0309 (UTC) FILETIME=[00340750:01C8E560]
X-Scanned-By: MIMEDefang 2.57 on
X-Scanned-By: MIMEDefang 2.64 on
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit


There are implementations that update their routing table on the receipt
of a Neighbour Advertisement which we should consider. One example is
the code developed in the KAME project, which can be found in many
BSD-based distros. On receipt of a valid NS, the neighbour cache is
updated with a stale entry and if a route does not exist for the
destination a host route is created (with flags UHL). 
This behaviour makes sense if we consider the old on-link assumption -
but it opens the security concern I expressed in v6ops. It is quite
possible for an on-link node to create route entries in that may affect
other links (say the target of this were an ISP router). I do not think
this behaviour is desirable in a router.

I would prefer to avoid behaviours that create bogus entries. It seems
that we defiantly need clarification around correct node behaviour, and
if we are clarifying (to be explicit that the receipt of a ND has no
affect on forwarding) then should we go so far as to avoid the bogus

For interest; in the KAME example will drop a received NA when the
target-address is not in its Neighbour Cache (the NA is discarded).


Sorry to reopen this, but do you think that the following clarification
could be added to the IPv6 Subnet Models draft to address bullets three
and four of the on-link definition in the Terminology section of RFC

"Since only the Neighbor Cache is updated with the source address of a
received ND packet or the target of an NA packet, and the Destination
Cache and Prefix List are not updated, an ND packet cannot indicate that
a destination is on-link in the absence of corresponding on-link prefix

What does the WG think?

- Wes

IETF IPv6 working group mailing list
Administrative Requests: