Re: on-link and off-link addresses, side discussion

Alexandre Petrescu <> Thu, 08 July 2021 10:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id ACBA93A1D08 for <>; Thu, 8 Jul 2021 03:20:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.334
X-Spam-Status: No, score=0.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.338, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OKdjBYHy-kRt for <>; Thu, 8 Jul 2021 03:19:59 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 33B063A1D00 for <>; Thu, 8 Jul 2021 03:19:58 -0700 (PDT)
Received: from ( []) by (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 168AJs5b018519 for <>; Thu, 8 Jul 2021 12:19:54 +0200
Received: from (localhost []) by localhost (Postfix) with SMTP id C7A3F2072FF for <>; Thu, 8 Jul 2021 12:19:54 +0200 (CEST)
Received: from ( []) by (Postfix) with ESMTP id BDD0E200D2D for <>; Thu, 8 Jul 2021 12:19:54 +0200 (CEST)
Received: from [] ([]) by (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 168AJsNK007748 for <>; Thu, 8 Jul 2021 12:19:54 +0200
Subject: Re: on-link and off-link addresses, side discussion
References: <> <> <> <> <> <>
From: Alexandre Petrescu <>
Message-ID: <>
Date: Thu, 08 Jul 2021 12:19:54 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 08 Jul 2021 10:20:02 -0000

Le 06/07/2021 à 18:32, Simon Hobson a écrit :
> Alexandre Petrescu <> wrote:
>>> I suggest you look at it from a different angle. "on-link address" is
>>> defined as an address that is assigned to an interface on a specified
>>> link.
>> But, each address is on a link.
>> On-link means the address is on this link that we are assuming commonly.
>> The term off-link means that the address is not on this link we assume
>> commonly, but is on-link on another link.
> Isn't it simpler than that ?
> On link == hosts can directly contact other hosts in the prefix via this link
> Not on link == hosts can only contact other hosts in the prefix via one or more intermediaries
> Intermediary in this case is quite flexible and could include routing packets or mechanisms like proxy ND

I think it is a good informal explanation, that fits.

However, the formal definition of 'on-link' in RFC 4861 says that 
'on-link' is an address on a specified link.  But in RAs there is no 
means to specify a link.

There are indeed prefixes that are valid on a particular link, but links 
are not identified by particular prefixes.

Further, the definition says that "a node considers an address to be 
on-link it is covered by a particular prefix".  That operation, 'being 
covered by', is not specified.

One might think of the use of a longest prefiix match algorithm.

A longest prefix match algorithm is defined in that RFC to be used to 
determine which prefix (from a set of prefixes) 'covers' an address.

On another hand, the definition of 'on-link' says it wants to identify 
whether a _particular_ prefix 'covers' an address (not to try to 
identify whether an address matches better one prefix or another).  That 
is a distinct algorithm from the longest prefix match algorithm.

To give an example: by using a longest-prefix-match algorithm in a 
normal way (identify which prefix out of a set of prefixes matches 
better one particular address) one will always 'cover' an address with 
almost any prefix.  All allocated prefixes start with this '000' triple 
bits.  So they all cover any address; but in that 'cover' operation one 
specifically adds that it covers up to 3 bits.  The 'cover' operation is 
successful, but just up to 3.

If, on the other hand, we silently assume that a longest-prefix-match 
algorithm is always used with a prefix length of precisely 64 bits, then 
indeed the longest prefix match algorithm can be used to say it 'covers' 
(or not covers) an address.

But it is no longer a longest-prefix-match but rather a mix-in of exact 
match on 64.

The problem with this assumption is that the RFC 4861 does not say this 
'64', but everyone else seems to assume it.

At that point, if this is agreed, I would like to suggest RFC4861 to 
explicitely say that all the definitions of 'on-link' and of 'cover by' 
rely on a silent yet fundamental assumptions that all IPv6 addresses 
have a boundary at 64.  And no longer be silent about it.

After that, I would like to suggest to remove that barrier.


> I think any more is just making things complicated. If the link is of a type (e.g. unfiltered ethernet) where neighbours can find each other (e.g. using ND), then a prefix can be on-link. Otherwise (non-broadcast link technology, security filtering, etc), prefixes will need to be off-link.
> OK, so what have I missed here ?
> Simon
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> Administrative Requests:
> --------------------------------------------------------------------