Network Working Group Yu hua bing Internet-Draft Ruijie Networks, China Intended status: Standards Track Expiration: July 11, 2011 January 11, 2011 "Deleted" flag in neighbor advertisement draft-yhb-6man-nd-improvement-00 Abstract This document describes the improvement to neighbor discovery. When an IPv6 address is deleted on a node, the node will send a neighbor advertisement with a "Deleted" flag set to all link-local nodes. If the IPv6 address has been configured on another node, and it is in duplicate state, it will perform DAD(Duplicate Address Detection) again. If DAD succeeds, the IPv6 address will be assigned to the node. If the IPv6 address exists in the neighbor cache on the other nodes, when the neighbor advertisement with deleted flag set arrived, they know the neighbor is unreachable and delete the neighbor cache entry. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. 1. Introduction The defect of neighbor discovery is described in section 1.1, and then the solution is described in section 1.2. 1.1. Problems Scenario 1 Host A and host B are on the same link.IPv6 address A is configured on each host almost at the same time, and each host performs DAD for IPv6 address A. Both hosts discover that IPv6 address A is duplicate. After IPv6 address A on host A is deleted, IPv6 address A on host B is unique on the link, but the reality is that it will remain in duplicate state without manual intervention (such as unplugging and then plugging the network cables, or deleting the IPv6 address A on host B and re-configuring it). Scenario 2 Host A and host B are on the same link, host A is up, and host B is down. Host A occupied IPv6 address A that is assigned to host B. Then host B is up, and host B will find that IPv6 address A is duplicate. After IPv6 address A on host A is deleted, IPv6 address A on host B is unique on the link, but the reality is that it will remain in duplicate state without manual intervention. Scenario 3 IPv6 address A is assigned to node A, and the other nodes on the same link learned IPv6 address A via neighbor discovery. Then IPv6 address A is deleted on node A (deleted manually by the administrator, or valid lifetime expires), but the other nodes don't know, the neighbor cache entry for IPv6 address A still exists, and maybe continue to route the IPv6 packets to node A until it finds out via NUD(Neighbor Unreachability Detection) that IPv6 address A is unreachable. 1.2. Solution Overview When IPv6 address A is deleted on host A, host A sends a neighbor advertisement to tell all other nodes on the link that IPv6 address A is deleted. In scenario 1 or 2, when host B receives the neighbor advertisement, IPv6 address A in duplicate state will enter tentative state, and DAD will be performed. If DAD succeeds, IPv6 address A will be assigned to host B. In scenario 3, when host B receives the neighbor advertisement, delete the neighbor cache entry for IPv6 address A. 2. Modified Neighbor Advertisement Message Format In order to implement the solution, a "Deleted" indication bit is added to the reserved section of the NA message. Figure 1 shows the format of the modified NA, and "D" stands for "Deleted". 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |R|S|O|D| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Target Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options ... +-+-+-+-+-+-+-+-+-+-+-+- Figure 1: Modified Neighbor Advertisement Message Format 3. Host Specification 3.1. Sending NA with "D" flag set When IPv6 address A is deleted on a node, the node SHOULD send an unsolicited neighbor advertisement to tell all other nodes on the link that IPv6 address A is deleted. The neighbor advertisement is as follows: * Source address: If A is a tentative address or duplicate address, the source address MUST be the unspecified address. Otherwise, the source address SHOULD be IPv6 address A. * Destination address: MUST be link-local all-nodes multicast address FF02::1. * Flag S and Flag O are both zero. * Flag D MUST be set. * Target address: MUST be IPv6 address A. * No option is needed. 3.2. Processing Received NA with "D" flag set If IPv6 operation is disabled on the receiving interface because the link-local address formed from an interface identifier based on the hardware address is duplicate, neighbor advertisements with "D" flag set SHOULD be accepted. A valid neighbor advertisement with "D" flag set that does not meet any of the following requirements MUST be silently discarded: (1)Host does not recognize "D" flag. (2)Flag S MUST be zero. (3)The Destination Address MUST be link-local all-nodes multicast address FF02::1. Flag R, flag O and all options are ignored. If the target address is a unicast address in duplicate state on the receiving interface, the node SHOULD set the state of the unicast address to tentative and perform DAD. If DAD succeeds, do: (1) The unicast address will be assigned to the node. (2) If the target address is the link-local address formed from an interface identifier based on the hardware address, IPv6 operation SHOULD be enabled. Why not immediately assign the unicast address to the node when neighbor advertisement is received? It is possible that another node has the unicast address, so DAD is needed. If the source address is not the unspecified address, the neighbor cache will be searched for the target's entry. If appropriate neighbor cache entry has been located, because the neighbor is unreachable, the node SHOULD delete the neighbor cache immediately. 4. Security Considerations Neighbor discovery protocol is vulnerable, and any node can send a neighbor advertisement with flag D set to cheat all other nodes that an IPv6 address assigned to a node is deleted. One available solution is the Secure Neighbor Discovery protocol. 5. References [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP Version 6 (IPv6)", RFC 4861, September 2007. [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, September 2007. Authors' Addresses Yu hua bing Ruijie Networks Fuzhou Fujian China Email: yhb@ruijie.com.cn