RE: [NDP] Router autoconfiguration with RS/RA
"Hemant Singh (shemant)" <shemant@cisco.com> Fri, 06 June 2008 13:27 UTC
Return-Path: <ipv6-bounces@ietf.org>
X-Original-To: ipv6-archive@megatron.ietf.org
Delivered-To: ietfarch-ipv6-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D55A3A6891; Fri, 6 Jun 2008 06:27:46 -0700 (PDT)
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 272333A6891 for <ipv6@core3.amsl.com>; Fri, 6 Jun 2008 06:27:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dSwfqnj98mz1 for <ipv6@core3.amsl.com>; Fri, 6 Jun 2008 06:27:43 -0700 (PDT)
Received: from rtp-iport-2.cisco.com (rtp-iport-2.cisco.com [64.102.122.149]) by core3.amsl.com (Postfix) with ESMTP id 8F7593A6834 for <ipv6@ietf.org>; Fri, 6 Jun 2008 06:27:43 -0700 (PDT)
X-IronPort-AV: E=Sophos; i="4.27,600,1204520400"; d="scan'208,217"; a="10323844"
Received: from rtp-dkim-1.cisco.com ([64.102.121.158]) by rtp-iport-2.cisco.com with ESMTP; 06 Jun 2008 09:27:52 -0400
Received: from rtp-core-2.cisco.com (rtp-core-2.cisco.com [64.102.124.13]) by rtp-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m56DRq4n026560; Fri, 6 Jun 2008 09:27:52 -0400
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by rtp-core-2.cisco.com (8.13.8/8.13.8) with ESMTP id m56DRqiI011885; Fri, 6 Jun 2008 13:27:52 GMT
Received: from xmb-rtp-20e.amer.cisco.com ([64.102.31.40]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 6 Jun 2008 09:27:52 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: [NDP] Router autoconfiguration with RS/RA
Date: Fri, 06 Jun 2008 09:27:51 -0400
Message-ID: <B00EDD615E3C5344B0FFCBA910CF7E1D04E41CDA@xmb-rtp-20e.amer.cisco.com>
In-Reply-To: <3a44f430806060528o3ab46c73k863537e53e62275b@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [NDP] Router autoconfiguration with RS/RA
Thread-Index: AcjH0OmurtYwvKMiQqCtIxZbNHtHMgAAYIKA
References: <3a44f430806060528o3ab46c73k863537e53e62275b@mail.gmail.com>
From: "Hemant Singh (shemant)" <shemant@cisco.com>
To: Silviu VLASCEANU <silviu.vlasceanu@gmail.com>, ipv6@ietf.org
X-OriginalArrivalTime: 06 Jun 2008 13:27:52.0257 (UTC) FILETIME=[1F08F310:01C8C7D9]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=8688; t=1212758872; x=1213622872; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=shemant@cisco.com; z=From:=20=22Hemant=20Singh=20(shemant)=22=20<shemant@cisco. com> |Subject:=20RE=3A=20[NDP]=20Router=20autoconfiguration=20wi th=20RS/RA |Sender:=20 |To:=20=22Silviu=20VLASCEANU=22=20<silviu.vlasceanu@gmail.c om>,=20<ipv6@ietf.org>; bh=NwTJ9Vr+lGeLRddVShXu81dw49ZF9Y141zzLc0REd8A=; b=k4JegpyNy1DIdLQcLme41naawNWJQCFnekq9K0zhgbSR0Wb9+renm0oSRe +gk4EXfZIn/mA+zu4/4j59HhHMcrtze7bME/4QN/esuOmQNrEIauDxer3CKI oJZyzjcjtf;
Authentication-Results: rtp-dkim-1; header.From=shemant@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1511886890=="
Sender: ipv6-bounces@ietf.org
Errors-To: ipv6-bounces@ietf.org
Silviu, A router can receive an RA on the router's upstream and use this RA to autoconfigure the ipv6 address on interface(s) of the router. Such a router interface configuration is no different from how a host interface statelessly autoconfigures as per ND RFC 4861 and 4862. However, ND RFC's do not mandate what does a router implementation do for sending RA, configuring network prefixes in the router downstream direction - these are conceptual variables that a router vendor is left to do what they want to do. As to answering your question which was: "Why wouldn't a router be authorized to send Router Sollicitation messages?" here is my reply. As far as the interface on the router has no RA configured, and the interface is configuring an IPv6 address using stateless autoconfiguration or even manual configuration, this interface is OK to send an RS in the router downstream. However, soon as any RA configuration for router downstream is configured on the network interface, then ND prohibits a router to send any RS. Furthermore, I totally agree with Remi on his reply to this question of yours: "The same question for autoconfiguring the prefix it advertises on its subnets." You cannot mix router upstream and downstream operations in random fashion. IPv6 stateless autoconfiguration does not support prefix and router configuration of an upstream router. One should be careful discussing router downstream vs. router upstream directions for address configuration, routing configuration, and IPv6 ND RA configuration. Hemant ________________________________ From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf Of Silviu VLASCEANU Sent: Friday, June 06, 2008 8:29 AM To: ipv6@ietf.org Subject: [NDP] Router autoconfiguration with RS/RA Hello, I have been trying to figure out a response for the following questions, but I have only suppositions and I haven't found (yet) a document that accurately talks about. So I am asking here. Why wouldn't a router be authorized to send Router Sollicitation messages? Moreover, why couldn't a router autoconfigure its egress interface based on Router Advertisements received on this interface? The same question for autoconfiguring the prefix it advertises on its subnets. The only answer that comes in my mind is because an attack over these messages could render not only a host unreachable, but maybe a whole subnet. But apart this, is there really any other reason for not allowing this? Thank you in advance for the answers. Best regards, -- Silviu
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- [NDP] Router autoconfiguration with RS/RA Silviu VLASCEANU
- Re: [NDP] Router autoconfiguration with RS/RA Remi Denis-Courmont
- Re: [NDP] Router autoconfiguration with RS/RA Remi Denis-Courmont
- RE: [NDP] Router autoconfiguration with RS/RA Hemant Singh (shemant)
- Re: [NDP] Router autoconfiguration with RS/RA Silviu VLASCEANU
- Re: [NDP] Router autoconfiguration with RS/RA Alexandru Petrescu
- Re: [NDP] Router autoconfiguration with RS/RA Alexandru Petrescu
- Re: [NDP] Router autoconfiguration with RS/RA Ole Troan
- Re: [NDP] Router autoconfiguration with RS/RA Alexandru Petrescu
- Re: [NDP] Router autoconfiguration with RS/RA Shin Miyakawa
- RE: [NDP] Router autoconfiguration with RS/RA Hemant Singh (shemant)