RE: Sending traffic to default router when RA has no PIO
"Hemant Singh (shemant)" <shemant@cisco.com> Mon, 09 July 2007 15:22 UTC
Return-path: <ipv6-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I7v4R-00063H-R9; Mon, 09 Jul 2007 11:22:39 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I7v4O-00062h-Kk for ipv6@ietf.org; Mon, 09 Jul 2007 11:22:36 -0400
Received: from rtp-iport-1.cisco.com ([64.102.122.148]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I7v4K-0002es-3z for ipv6@ietf.org; Mon, 09 Jul 2007 11:22:36 -0400
Received: from rtp-dkim-2.cisco.com ([64.102.121.159]) by rtp-iport-1.cisco.com with ESMTP; 09 Jul 2007 11:22:31 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao8CAO/vkUZAZnmf/2dsb2JhbAA
X-IronPort-AV: i="4.16,517,1175486400"; d="scan'208"; a="64693558:sNHT58260118"
Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id l69FMVFC010596; Mon, 9 Jul 2007 11:22:31 -0400
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by rtp-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id l69FMF76017006; Mon, 9 Jul 2007 15:22:31 GMT
Received: from xmb-rtp-20e.amer.cisco.com ([64.102.31.40]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 9 Jul 2007 11:22:17 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 09 Jul 2007 11:22:16 -0400
Message-ID: <B00EDD615E3C5344B0FFCBA910CF7E1D0358A935@xmb-rtp-20e.amer.cisco.com>
In-Reply-To: <46924A07.4030504@hp.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Sending traffic to default router when RA has no PIO
Thread-Index: AcfCN9VO7sMxzzcWRgqYpW4U8u/6JwAAdlAA
References: <B00EDD615E3C5344B0FFCBA910CF7E1D03589CE5@xmb-rtp-20e.amer.cisco.com> <11836607373870-git-send-email-vladislav.yasevich@hp.com> <B00EDD615E3C5344B0FFCBA910CF7E1D0358A5C1@xmb-rtp-20e.amer.cisco.com> <468E98D7.5060109@hp.com> <B00EDD615E3C5344B0FFCBA910CF7E1D0358A8AB@xmb-rtp-20e.amer.cisco.com> <46924A07.4030504@hp.com>
From: "Hemant Singh (shemant)" <shemant@cisco.com>
To: Vlad Yasevich <vladislav.yasevich@hp.com>
X-OriginalArrivalTime: 09 Jul 2007 15:22:17.0449 (UTC) FILETIME=[EF735D90:01C7C23C]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=8540; t=1183994551; x=1184858551; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=shemant@cisco.com; z=From:=20=22Hemant=20Singh=20(shemant)=22=20<shemant@cisco.com> |Subject:=20RE=3A=20Sending=20traffic=20to=20default=20router=20when=20RA =20has=20no=20PIO |Sender:=20 |To:=20=22Vlad=20Yasevich=22=20<vladislav.yasevich@hp.com>; bh=9UAmIs6MiLSVdOTFEotbtbwkBwfFybocSpe/J0z1bHw=; b=vSymt2JQUKy0UCIH9mLXgoU1ZFe2d1Bb/verSZl1Xo0mNVODLMbYHrAMGeLEZPoVjB/C/Ya/ uYqCMm2uPsRJwQNiWZxKbzLcG4KIDciAgxj5mWAdwz0dri7x28ExyS5R;
Authentication-Results: rtp-dkim-2; header.From=shemant@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b8f3559805f7873076212d6f63ee803e
Cc: ipv6@ietf.org, JINMEI Tatuya / ???? <jinmei@isl.rdc.toshiba.co.jp>
Subject: RE: Sending traffic to default router when RA has no PIO
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "IP Version 6 Working Group \(ipv6\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Errors-To: ipv6-bounces@ietf.org
Vlad & Tatuya, Please see in line below with "<hs>". Tatuya, please note another proposed change by Vlad to 2462bis and also Vlad agrees that a change regarding skipping DAD should be made to 2462bis as per this statement from Vlad: "I would agree to adding the rationale for why skipping DAD is not recommended." -----Original Message----- From: Vlad Yasevich [mailto:vladislav.yasevich@hp.com] Sent: Monday, July 09, 2007 10:45 AM To: Hemant Singh (shemant) Cc: ipv6@ietf.org Subject: Re: Sending traffic to default router when RA has no PIO Hi Hemnat Hemant Singh (shemant) wrote: > <hs> We also told the modem vendor their behavior is compliant with ND > RFC but since bandwidth is limited in a broadband deployment in the > upsteam direction (modem to the aggregation router), having each modem > issue 9 DAD's before the modem got online was a waste of valuable > bandwidth resource. As 2462bis says, it's up to a link-type document > to modify this value. Aggregation router standards will have to take > care of specifying such a value for broadband deployments IF they > choose to use a different value than the default value of 1. > > So the new text you are introducing would be completely nullified. > > <hs> True. Our aim with this bullet is to only raise an awareness that > default value is 1. Many new IPv6 host developers just read 2461bis > and miss the default value of this variable that is not specified in > 2461bis, but is specified in 2462bis. IMO this is already fairly well spelled out in 2461bis. There was talk earlier on the list of adding something along the list of: This document RECOMMENDS that implementations use default values specified here. <hs> Since we are working on how to fold in text from our I-D as changes to 2461bis, this bullet 5 from section 2 of our I-D will also fall into that work of where to specify this recommendation in 2461bis. I don't remember what happened to that, but that should do what you want. > > <hs> Yes, we are putting together such a section. > OK. I'll wait for the new text. > > Yes, and 2462bis weasel words around this issue at the top of page 19. > Maybe a "should" there needs to be changed to a "SHOULD"? > > <hs> Which words are you talking about? Quick look at 2462bis and even > 2461bis on page 19 did not show us any relevant words. Note that a future revision of the address architecture [RFC3513] and a future link-type specific document, which will still be consistent with each other, could potentially allow for an interface identifier of length other than the value defined in the current documents. Thus, an implementation should not assume a particular constant. Rather, it should expect any lengths of interface identifiers. I suggest the 'should' in the last sentence be replaced by SHOULD. <hs> Ah, this is text on page 17 of 2462bis -08. Good catch. We agree that the "should" be replaced with SHOULD. So does Tatuya want to make such a change to 2462bis before sending it off? >> 6. Changes to draft-ietf-ipv6-rfc2462bis-08 >> >> [... old text snipped ...] >> >> to read as follows: >> >> Each individual unicast address SHOULD be tested for uniqueness. >> Note that some deployed implementations perform Duplicate > Address >> Detection (DAD) only for the link-local address and skip the > test >> for the global address using the same interface identifier. >> Whereas this document does not invalidate such implementations, >> this kind of 'optimization' is NOT RECOMMENDED, and new >> implementations MUST NOT do that optimization. This > optimization >> came from the assumption that all of an interface's addresses > are >> generated from the same interface identifier (see RFC 2462 >> [ADDRCONF]). However, even with this assumption, skipping DAD > for >> non-link-local addresses with manual configuration creates an >> additional problem. This optimization allows an interface to >> claim a duplicate address in a way that would not be detected. >> For a more detailed description of this problem, see the Host >> Models section of >> draft-wbeebee-nd-implementation-pitfalls-01. Further, new >> types of addresses have been introduced where the interface >> identifiers are not necessarily the same for all unicast > addresses >> on a single interface [RFC3041] [RFC3972]. Requiring an > interface >> to perform DAD for all unicast addresses will make the algorithm >> more robust. >> >> <vy> >> Two issues: >> 1. This text is not any stronger then the existing text in 2461bis > and >> doesn't add anything significant. >> >> <hs> Yes it is. We have been told by a number of people that whether >> to skip DAD or not was discussed at length in the IETF IPv6 WG and > mailer. >> If so much discussion happened and RFC 2462 changed in 2462bis I-D to >> remove the skipping DAD requirement for newer hosts, we'd like to see >> the reasons for the change. The only reason we found in 2462bis for >> the change was: >> >> "new types of addresses have been introduced where the >> interface identifiers are not necessarily the same for all > unicast >> addresses on a single interface [RFC3041] [RFC3972]." >> >> Well, we provided an example scenario in our I-D (section 2, bullet >> 4) > >> that highlights that fact the skipping DAD combined with manual >> configuration can result in duplicate addresses on the same link >> which > >> are not detected. > > The example you provide has been documented in the Neighbor Discover > Threats spec (rfc 3756). So that's documented fairly well. The > Security Consideration section also references it and points out > issues with DAD. > > <hs> No, we disagree that the problem we have highlighted in bullet 4 > of our I-D is mentioned anywhere in RFC 3756 - you will have to point > it out to us. Our problem is saying mixing "skipping DAD" and manual > configuration is a bad idea and also shows that even if Link-local > address and Global Unique Address (GUA) of the host are created from > the same identifier (Host2 in our example), one will have duplicate > addresses on the link that would not be detectable. Further, this > problem is detectable if DAD is not skipped for the GUA by Host2. The > duplicate will be detected because even Host1 is a compliant host in > our model, not a rogue host. Please see an earlier email discussion > between ourselves and Tataya on this one. You are right. I just re-read 3756 and this item is not there. I would agree to adding the rationale for why skipping DAD is not recommended. Any additional text can be safely removed. <hs> OK, so we have reached consensus between us for changing the text of 2462bis. We like our original paragraph because it clearly mentions manual configuration, which is not mentioned in your suggested paragraph. Thanks. - Hemant & Wes Something like: - Each individual unicast address SHOULD be tested for uniqueness. Note that there are implementations deployed that only perform Duplicate Address Detection for the link-local address and skip the test for the global address using the same interface identifier as that of the link-local address. Whereas this document does not invalidate such implementations, this kind of "optimization" is NOT RECOMMENDED, and new implementations MUST NOT do that optimization. This optimization came from the assumption that all of an interface's addresses are generated from the same identifier. However, the assumption does not actually stand; new types of addresses have been introduced where the interface identifiers are not necessarily the same for all unicast addresses on a single interface [RFC3041] [RFC3972]. Additionally, hosts that implement the "optimization" may end up configuring duplicate addresses and causing network disruptions. Requiring to perform Duplicate Address Detection for all unicast addresses will make the algorithm robust for the current and future such special interface identifiers. -vlad -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- Sending traffic to default router when RA has no … Wes Beebee (wbeebee)
- RE: Sending traffic to default router when RA has… Hemant Singh (shemant)
- Re: Sending traffic to default router when RA has… Vlad Yasevich
- RE: Sending traffic to default router when RA has… Hemant Singh (shemant)
- Re: Sending traffic to default router when RA has… Ole Troan
- RE: Sending traffic to default router when RA has… Hemant Singh (shemant)
- Re: Sending traffic to default router when RA has… Ole Troan
- RE: Sending traffic to default router when RA has… Hemant Singh (shemant)
- Re: Sending traffic to default router when RA has… Vlad Yasevich
- Re: Sending traffic to default router when RA has… Markku Savela
- RE: Sending traffic to default router when RA has… Hemant Singh (shemant)
- RE: Sending traffic to default router when RA has… Hemant Singh (shemant)
- Re: Sending traffic to default router when RA has… JINMEI Tatuya / 神明達哉
- RE: Sending traffic to default router when RA has… Hemant Singh (shemant)
- Re: Sending traffic to default router when RA has… Vlad Yasevich
- Re: Sending traffic to default router when RA has… JINMEI Tatuya / 神明達哉
- Re: Sending traffic to default router when RA has… Julien Laganier
- FW: Sending traffic to default router when RA has… Hemant Singh (shemant)
- RE: Sending traffic to default router when RA has… Hemant Singh (shemant)
- Re: Sending traffic to default router when RA has… Vlad Yasevich
- RE: Sending traffic to default router when RA has… Hemant Singh (shemant)
- Re: Sending traffic to default router when RA has… Vlad Yasevich
- RE: Sending traffic to default router when RA has… Hemant Singh (shemant)
- Re: Sending traffic to default router when RA has… Vlad Yasevich
- Re: Sending traffic to default router when RA has… JINMEI Tatuya / 神明達哉
- RE: Sending traffic to default router when RA has… Hemant Singh (shemant)
- Re: Sending traffic to default router when RA has… Vlad Yasevich
- RE: Sending traffic to default router when RA has… Hemant Singh (shemant)