| draft-ietf-6man-enhanced-dad-08.txt | draft-ietf-6man-enhanced-dad-09.txt | |||
|---|---|---|---|---|
| Network Working Group R. Asati | Network Working Group R. Asati | |||
| Internet-Draft H. Singh | Internet-Draft H. Singh | |||
| Updates: 4862, 4861, 3971 (if approved) W. Beebee | Updates: 4862, 4861, 3971 (if approved) W. Beebee | |||
| Intended status: Standards Track C. Pignataro | Intended status: Standards Track C. Pignataro | |||
| Expires: May 14, 2015 Cisco Systems, Inc. | Expires: May 17, 2015 Cisco Systems, Inc. | |||
| E. Dart | E. Dart | |||
| Lawrence Berkeley National Laboratory | Lawrence Berkeley National Laboratory | |||
| W. George | W. George | |||
| Time Warner Cable | Time Warner Cable | |||
| November 10, 2014 | November 13, 2014 | |||
| Enhanced Duplicate Address Detection | Enhanced Duplicate Address Detection | |||
| draft-ietf-6man-enhanced-dad-08 | draft-ietf-6man-enhanced-dad-09 | |||
| Abstract | Abstract | |||
| IPv6 Loopback Suppression and Duplicate Address Detection (DAD) are | IPv6 Loopback Suppression and Duplicate Address Detection (DAD) are | |||
| discussed in Appendix A of [RFC4862]. That specification mentions a | discussed in Appendix A of RFC4862. That specification mentions a | |||
| hardware-assisted mechanism to detect looped back DAD messages. If | hardware-assisted mechanism to detect looped back DAD messages. If | |||
| hardware cannot suppress looped back DAD messages, a software | hardware cannot suppress looped back DAD messages, a software | |||
| solution is required. Several service provider communities have | solution is required. Several service provider communities have | |||
| expressed a need for automated detection of looped backed Neighbor | expressed a need for automated detection of looped backed Neighbor | |||
| Discovery (ND) messages used by DAD. This document includes | Discovery (ND) messages used by DAD. This document includes | |||
| mitigation techniques and outlines the Enhanced DAD algorithm to | mitigation techniques and outlines the Enhanced DAD algorithm to | |||
| automate the detection of looped back IPv6 ND messages used by DAD. | automate the detection of looped back IPv6 ND messages used by DAD. | |||
| For network loopback tests, the Enhanced DAD algorithm allows IPv6 to | For network loopback tests, the Enhanced DAD algorithm allows IPv6 to | |||
| self-heal after a loopback is placed and removed. Further, for | self-heal after a loopback is placed and removed. Further, for | |||
| certain access networks the document automates resolving a specific | certain access networks the document automates resolving a specific | |||
| duplicate address conflict. | duplicate address conflict. This document updates RFC4861, RFC4862, | |||
| and RFC3971. | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 14, 2015. | This Internet-Draft will expire on May 17, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 11 | skipping to change at page 3, line 11 | |||
| solution is required. One specific DAD message is the Neighbor | solution is required. One specific DAD message is the Neighbor | |||
| Solicitation (NS), specified in [RFC4861]. The NS is issued by the | Solicitation (NS), specified in [RFC4861]. The NS is issued by the | |||
| network interface of an IPv6 node for DAD. Another message involved | network interface of an IPv6 node for DAD. Another message involved | |||
| in DAD is the Neighbor Advertisement (NA). The Enhanced DAD | in DAD is the Neighbor Advertisement (NA). The Enhanced DAD | |||
| algorithm specified in this document focuses on detecting an NS | algorithm specified in this document focuses on detecting an NS | |||
| looped back to the transmitting interface during the DAD operation. | looped back to the transmitting interface during the DAD operation. | |||
| Detecting a looped back NA does not solve the looped back DAD | Detecting a looped back NA does not solve the looped back DAD | |||
| problem. Detection of any other looped back ND messages during the | problem. Detection of any other looped back ND messages during the | |||
| DAD operation is outside the scope of this document. This document | DAD operation is outside the scope of this document. This document | |||
| also includes a section on Mitigation that discusses means already | also includes a section on Mitigation that discusses means already | |||
| available to mitigate the DAD loopback problem. | available to mitigate the DAD loopback problem. This document | |||
| updates RFC4861, RFC4862, and RFC3971. | ||||
| 1.1. Two Deployment Problems | 1.1. Two Deployment Problems | |||
| In each problem articulated below, the IPv6 link-local address DAD | In each problem articulated below, the IPv6 link-local address DAD | |||
| operation fails due to a looped back DAD probe. However, the looped | operation fails due to a looped back DAD probe. However, the looped | |||
| back DAD probe exists for any IPv6 address type including global | back DAD probe exists for any IPv6 address type including global | |||
| addresses. | addresses. | |||
| Recently, service providers have reported a problem with DAD that is | Recently, service providers have reported a problem with DAD that is | |||
| caused by looped back NS messages. The following is a description of | caused by looped back NS messages. The following is a description of | |||
| skipping to change at page 4, line 8 | skipping to change at page 4, line 9 | |||
| two broadband modems is enabled for IPv6 and the interface issues a | two broadband modems is enabled for IPv6 and the interface issues a | |||
| NS(DAD) message for the IPv6 link-local address. The NS message | NS(DAD) message for the IPv6 link-local address. The NS message | |||
| reaches one modem first and this modem sends the message to the | reaches one modem first and this modem sends the message to the | |||
| network hub which sends the message to the second modem which | network hub which sends the message to the second modem which | |||
| forwards the message back to the access concentrator. The looped | forwards the message back to the access concentrator. The looped | |||
| back NS message causes the network interface on the access | back NS message causes the network interface on the access | |||
| concentrator to be in a DAD-failed state. Such a network interface | concentrator to be in a DAD-failed state. Such a network interface | |||
| typically serves up to a hundred thousand broadband modems causing | typically serves up to a hundred thousand broadband modems causing | |||
| all the modems (and hosts behind the modems) to fail to get IPv6 | all the modems (and hosts behind the modems) to fail to get IPv6 | |||
| online on the access network. Additionally, it may be tedious for | online on the access network. Additionally, it may be tedious for | |||
| the access concentrator to find out which of the hundred thousand or | the user of the access concentrator to find out which of the hundred | |||
| more homes looped back the DAD message. Clearly there is a need for | thousand or more homes looped back the DAD message. Clearly there is | |||
| automated detection of looped back NS messages during DAD operations | a need for automated detection of looped back NS messages during DAD | |||
| by a node. | operations by a node. | |||
| 2. Terminology | 2. Terminology | |||
| o DAD-failed state - Duplication Address Detection failure as | o DAD-failed state - Duplication Address Detection failure as | |||
| specified in [RFC4862]. Note even Optimistic DAD as specified in | specified in [RFC4862]. Note even Optimistic DAD as specified in | |||
| [RFC4429] can fail due to a looped back DAD probe. This document | [RFC4429] can fail due to a looped back DAD probe. This document | |||
| covers looped back detection for Optimistic DAD as well. | covers looped back detection for Optimistic DAD as well. | |||
| o Looped back message - also referred to as a reflected message. | o Looped back message - also referred to as a reflected message. | |||
| The message sent by the sender is received by the sender due to | The message sent by the sender is received by the sender due to | |||
| the network or an Upper Layer Protocol on the sender looping the | the network or an Upper Layer Protocol on the sender looping the | |||
| message back. | message back. | |||
| o Loopback - A function in which the router's layer-3 interface (or | o Loopback - A function in which the router's layer-3 interface (or | |||
| the circuit to which the router's interface is connected) is | the circuit to which the router's interface is connected) is | |||
| looped back or connected to itself. Loopback causes packets sent | looped back or connected to itself. Loopback causes packets sent | |||
| by the interface to be received by the interface and results in | by the interface to be received by the interface and results in | |||
| interface unavailability for regular data traffic forwarding. See | interface unavailability for regular data traffic forwarding. See | |||
| more details in section 9.1 of [RFC1583]. The Loopback function | more details in section 9.1 of [RFC2178]. The Loopback function | |||
| is commonly used in an interface context to gain information on | is commonly used in an interface context to gain information on | |||
| the quality of the interface, by employing mechanisms such as | the quality of the interface, by employing mechanisms such as | |||
| ICMPv6 pings and bit-error tests. In a circuit context, this | ICMPv6 pings and bit-error tests. In a circuit context, this | |||
| function is used in wide area environments including optical Dense | function is used in wide area environments including optical Dense | |||
| Wave Division Multiplexing (DWDM) and SONET/SDH for fault | Wave Division Multiplexing (DWDM) and SONET/SDH for fault | |||
| isolation (e.g. by placing a loopback at different geographic | isolation (e.g. by placing a loopback at different geographic | |||
| locations along the path of a wide area circuit to help locate a | locations along the path of a wide area circuit to help locate a | |||
| circuit fault). The Loopback function may be employed locally or | circuit fault). The Loopback function may be employed locally or | |||
| remotely. | remotely. | |||
| skipping to change at page 10, line 44 | skipping to change at page 10, line 44 | |||
| Thanks (in alphabetical order by first name) to Bernie Volz, Dmitry | Thanks (in alphabetical order by first name) to Bernie Volz, Dmitry | |||
| Anipko, Eric Levy-Abegnoli, Eric Vyncke, Erik Nordmark, Fred Templin, | Anipko, Eric Levy-Abegnoli, Eric Vyncke, Erik Nordmark, Fred Templin, | |||
| Jouni Korhonen, Michael Sinatra, Ole Troan, Pascal Thubert, Ray | Jouni Korhonen, Michael Sinatra, Ole Troan, Pascal Thubert, Ray | |||
| Hunter, Suresh Krishnan, and Tassos Chatzithomaoglou for their | Hunter, Suresh Krishnan, and Tassos Chatzithomaoglou for their | |||
| guidance and review of the document. Thanks to Thomas Narten for | guidance and review of the document. Thanks to Thomas Narten for | |||
| encouraging this work. Thanks to Steinar Haug and Scott Beuker for | encouraging this work. Thanks to Steinar Haug and Scott Beuker for | |||
| describing the use cases. | describing the use cases. | |||
| 9. Normative References | 9. Normative References | |||
| [RFC1583] Moy, J., "OSPF Version 2", RFC 1583, March 1994. | ||||
| [RFC1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, | [RFC1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, | |||
| RFC 1661, July 1994. | RFC 1661, July 1994. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC2178] Moy, J., "OSPF Version 2", RFC 2178, July 1997. | ||||
| [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure | [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure | |||
| Neighbor Discovery (SEND)", RFC 3971, March 2005. | Neighbor Discovery (SEND)", RFC 3971, March 2005. | |||
| [RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD) | [RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD) | |||
| for IPv6", RFC 4429, April 2006. | for IPv6", RFC 4429, April 2006. | |||
| [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, | [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, | |||
| "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, | "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, | |||
| September 2007. | September 2007. | |||
| End of changes. 11 change blocks. | ||||
| 14 lines changed or deleted | 16 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||