RE: 6MAN WG Last Call:draft-ietf-6man-ipv6-subnet-model-00.txt

"Hemant Singh (shemant)" <shemant@cisco.com> Thu, 03 July 2008 15:51 UTC

Return-Path: <ipv6-bounces@ietf.org>
X-Original-To: ipv6-archive@megatron.ietf.org
Delivered-To: ietfarch-ipv6-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 53B983A6A35; Thu, 3 Jul 2008 08:51:20 -0700 (PDT)
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 576323A6A35 for <ipv6@core3.amsl.com>; Thu, 3 Jul 2008 08:51:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.868
X-Spam-Level:
X-Spam-Status: No, score=-5.868 tagged_above=-999 required=5 tests=[AWL=0.131, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hfL8nCut8GHw for <ipv6@core3.amsl.com>; Thu, 3 Jul 2008 08:51:18 -0700 (PDT)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id DE2BB3A6A17 for <ipv6@ietf.org>; Thu, 3 Jul 2008 08:51:17 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.27,742,1204502400"; d="scan'208";a="13118249"
Received: from rtp-dkim-2.cisco.com ([64.102.121.159]) by rtp-iport-1.cisco.com with ESMTP; 03 Jul 2008 15:51:26 +0000
Received: from rtp-core-2.cisco.com (rtp-core-2.cisco.com [64.102.124.13]) by rtp-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m63FpQLi011422; Thu, 3 Jul 2008 11:51:26 -0400
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by rtp-core-2.cisco.com (8.13.8/8.13.8) with ESMTP id m63FpQA6004588; Thu, 3 Jul 2008 15:51:26 GMT
Received: from xmb-rtp-20e.amer.cisco.com ([64.102.31.40]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 3 Jul 2008 11:51:25 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: 6MAN WG Last Call:draft-ietf-6man-ipv6-subnet-model-00.txt
Date: Thu, 3 Jul 2008 11:51:25 -0400
Message-ID: <B00EDD615E3C5344B0FFCBA910CF7E1D04E41EAD@xmb-rtp-20e.amer.cisco.com>
In-Reply-To: <200807031533.m63FXZdM030742@cichlid.raleigh.ibm.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: 6MAN WG Last Call:draft-ietf-6man-ipv6-subnet-model-00.txt
Thread-Index: AcjdIjgdcfReUv01QTWjm5pwZKIkSwAAU7SA
References: <D9872168DBD43A41BD71FFC4713274D405429068@xmb-ams-33b.emea.cisco .com><BB56240F3A190F469C52A57138047A03A2C459@xmb-rtp-211.amer.cisco.com> <986DCE2E44129444B6435ABE8C9E424D0170C2BD@SGSINSMBS02.ad4.ad.alcatel.com> <B00EDD615E3C5344B0FFCBA910CF7E1D04E41E2B@xmb-rtp-20e.amer.cisco.com> <986DCE2E44129444B6435ABE8C9E424D01762084@SGSINSMBS02.ad4.ad.alcatel.com> <B00EDD615E3C5344B0FFCBA910CF7E1D04E41E52@xmb-rtp-20e.amer.cisco.com> <986DCE2E44129444B6435ABE8C9E424D01762C38@SGSINSMBS02.ad4.ad.alcatel.com> <200807031533.m63FXZdM030742@cichlid.raleigh.ibm.com>
From: "Hemant Singh (shemant)" <shemant@cisco.com>
To: "Thomas Narten" <narten@us.ibm.com>, "MILES DAVID" <David.Miles@alcatel-lucent.com.au>
X-OriginalArrivalTime: 03 Jul 2008 15:51:25.0997 (UTC) FILETIME=[A6609DD0:01C8DD24]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=5158; t=1215100286; x=1215964286; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=shemant@cisco.com; z=From:=20=22Hemant=20Singh=20(shemant)=22=20<shemant@cisco. com> |Subject:=20RE=3A=206MAN=20WG=20Last=20Call=3Adraft-ietf-6m an-ipv6-subnet-model-00.txt |Sender:=20 |To:=20=22Thomas=20Narten=22=20<narten@us.ibm.com>,=0A=20=2 0=20=20=20=20=20=20=22MILES=20DAVID=22=20<David.Miles@alcate l-lucent.com.au>; bh=CNAFOBtBBJ45OkMl6iIDCE47oj5ULADnt2XAGzIxIgU=; b=pzcu4PtobKfnmIVnKdUs5EBxuH2U7ZX9ejy/fSkJ7abzYmByYM5nLjcdoC IDkB6hnfCDrDMxiTTkIWTpiAHRe4Z4/H5xMhAtOqyE9zwwVTEeP+PWzbBip2 ONKwIzF/ab;
Authentication-Results: rtp-dkim-2; header.From=shemant@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; );
Cc: erik.nordmark@sun.com, ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ipv6-bounces@ietf.org
Errors-To: ipv6-bounces@ietf.org

Thomas,

BTW, Erik sent this email to v6ops on June 25th, 2006 that the receiver
should drop such an ND Message - it's snipped between quotes below.

"David Miles wrote:


I'd also suggest that in the Message Validation section we include the
checks you mention (is the source of the ND or target of the NA an
on-link prefix per Prefix List) 

If you do that, how would communication work in your example?

The NS would be dropped since its source isn't covered by an on-link
prefix on the receiver, right? 

   Erik"


Anyhow, we already sent an email to Erik suggesting the following
changes to our subnet-model draft. The gist of our changes are indeed to
say that the 4th bullet of on-link definition is not a valid means to
determine on-link. 

For reference, here is the URL to our draft.

http://www.ietf.org/internet-drafts/draft-ietf-6man-ipv6-subnet-model-00
.txt


Here are the two changes we have proposed to our draft.

1. In Introduction section, here is new text:

[In addition to the Prefix List, individual addresses are on-link if
they are the target of a Redirect Message indicating on-link.]

2. In section 2, we reworded bullet 2 as follows:

                  The configuration of an IPv6 address, whether through
                  IPv6 stateless address autoconfiguration [RFC4862],
                  DHCPv6[RFC3315], or manual configuration MUST NOT
imply 
                  that any prefix is on-link. A host is explicitly told
that prefixes or addresses 
                  are on-link through the means specified in the
definition of on-link in the 
                  Terminology section of [RFC4861].  The source of an ND
message 
                  is no longer used for on-link determination, which is
a change from [RFC4861].  
                  Note that the requirement for manually configured
addresses is not explicitly mentioned 
                  in [RFC4861]. 

Do the changes look OK to you and everyone else?

Thanks.

Hemant 

-----Original Message-----
From: Thomas Narten [mailto:narten@us.ibm.com] 
Sent: Thursday, July 03, 2008 11:34 AM
To: MILES DAVID
Cc: Hemant Singh (shemant); Wes Beebee (wbeebee); ipv6@ietf.org;
erik.nordmark@sun.com
Subject: Re: 6MAN WG Last Call:draft-ietf-6man-ipv6-subnet-model-00.txt

"MILES DAVID" <David.Miles@alcatel-lucent.com.au>; writes:

> Hemant,

> Thanks for your patience.

> Given we are now very clear that a receiver should drop any ND message

> from a source that it is not in its prefix list,

No, I would not go that far. There is no harm in responding to an NS for
a target address that is assigned to your interface. Indeed, it is
necessary to make communication work in some situtations. What should
not happen, however, is to use reciept of an ND message as an indication
that the sender of that message is on-link. (i.e., overriding or
supplementing information learned from other means).

Likewise, receipt of an NA should not be taken as an indication that the
sender of that NA is on-link (i.e, anyone could just send out a
broadcast NA with bogus info in it). One should NOT create a Neighbor
Cache Entry upon receipt of a random (unsolicited) NA. (Luckily, the
spec already says you shouldn't do this, though for different
reasons.)

But if one has issued an NS for a particular address (because one
already believes the target is on-link), receipt of an NA should (of
course) update the neighbor cache for that entry.

> might I suggest the
> paragraph in question be amended to say:
> In addition to the Prefix List, individual addresses are on-link if
>    they are the target of a Redirect Message indicating on-link.

> Removing the text: 
> or the
>    source of a valid Neighbor Solicitation or Neighbor Advertisement
>    message.

> The clarification would be a step in the right direction.

IMO, removing that line is the right thing to do.

It is clear to me that bullet four in RFC 4861:

>    on-link     - an address that is assigned to an interface on a
>                  specified link.  A node considers an address to be
on-
>                  link if:
> 
>                     - it is covered by one of the link's prefixes
(e.g.,
>                       as indicated by the on-link flag in the Prefix
>                       Information option), or
> 
>                     - a neighboring router specifies the address as
the
>                       target of a Redirect message, or
> 
>                     - a Neighbor Advertisement message is received for
>                       the (target) address, or
> 
>                     - any Neighbor Discovery message is received from
>                       the address.

Is wrong and needs tweaking. We should fix that on the next update of
the ND spec. :-)

That said, we are clearly talking about an edge case situation here that
hasn't come up in practice very often. So the urgency of fixing this is
not terribly great, IMO. But going forward (i.e, in any new documents),
we should do the right thing.

Thomas
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------