--- 1/draft-ietf-6man-enhanced-dad-08.txt 2014-11-13 04:16:02.144878897 -0800 +++ 2/draft-ietf-6man-enhanced-dad-09.txt 2014-11-13 04:16:02.172879574 -0800 @@ -1,57 +1,58 @@ Network Working Group R. Asati Internet-Draft H. Singh Updates: 4862, 4861, 3971 (if approved) W. Beebee Intended status: Standards Track C. Pignataro -Expires: May 14, 2015 Cisco Systems, Inc. +Expires: May 17, 2015 Cisco Systems, Inc. E. Dart Lawrence Berkeley National Laboratory W. George Time Warner Cable - November 10, 2014 + November 13, 2014 Enhanced Duplicate Address Detection - draft-ietf-6man-enhanced-dad-08 + draft-ietf-6man-enhanced-dad-09 Abstract IPv6 Loopback Suppression and Duplicate Address Detection (DAD) are - discussed in Appendix A of [RFC4862]. That specification mentions a + discussed in Appendix A of RFC4862. That specification mentions a hardware-assisted mechanism to detect looped back DAD messages. If hardware cannot suppress looped back DAD messages, a software solution is required. Several service provider communities have expressed a need for automated detection of looped backed Neighbor Discovery (ND) messages used by DAD. This document includes mitigation techniques and outlines the Enhanced DAD algorithm to automate the detection of looped back IPv6 ND messages used by DAD. For network loopback tests, the Enhanced DAD algorithm allows IPv6 to self-heal after a loopback is placed and removed. Further, for certain access networks the document automates resolving a specific - duplicate address conflict. + duplicate address conflict. This document updates RFC4861, RFC4862, + and RFC3971. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on May 14, 2015. + This Internet-Draft will expire on May 17, 2015. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -94,21 +95,22 @@ solution is required. One specific DAD message is the Neighbor Solicitation (NS), specified in [RFC4861]. The NS is issued by the network interface of an IPv6 node for DAD. Another message involved in DAD is the Neighbor Advertisement (NA). The Enhanced DAD algorithm specified in this document focuses on detecting an NS looped back to the transmitting interface during the DAD operation. Detecting a looped back NA does not solve the looped back DAD problem. Detection of any other looped back ND messages during the DAD operation is outside the scope of this document. This document also includes a section on Mitigation that discusses means already - available to mitigate the DAD loopback problem. + available to mitigate the DAD loopback problem. This document + updates RFC4861, RFC4862, and RFC3971. 1.1. Two Deployment Problems In each problem articulated below, the IPv6 link-local address DAD operation fails due to a looped back DAD probe. However, the looped back DAD probe exists for any IPv6 address type including global addresses. Recently, service providers have reported a problem with DAD that is caused by looped back NS messages. The following is a description of @@ -139,43 +141,43 @@ two broadband modems is enabled for IPv6 and the interface issues a NS(DAD) message for the IPv6 link-local address. The NS message reaches one modem first and this modem sends the message to the network hub which sends the message to the second modem which forwards the message back to the access concentrator. The looped back NS message causes the network interface on the access concentrator to be in a DAD-failed state. Such a network interface typically serves up to a hundred thousand broadband modems causing all the modems (and hosts behind the modems) to fail to get IPv6 online on the access network. Additionally, it may be tedious for - the access concentrator to find out which of the hundred thousand or - more homes looped back the DAD message. Clearly there is a need for - automated detection of looped back NS messages during DAD operations - by a node. + the user of the access concentrator to find out which of the hundred + thousand or more homes looped back the DAD message. Clearly there is + a need for automated detection of looped back NS messages during DAD + operations by a node. 2. Terminology o DAD-failed state - Duplication Address Detection failure as specified in [RFC4862]. Note even Optimistic DAD as specified in [RFC4429] can fail due to a looped back DAD probe. This document covers looped back detection for Optimistic DAD as well. o Looped back message - also referred to as a reflected message. The message sent by the sender is received by the sender due to the network or an Upper Layer Protocol on the sender looping the message back. o Loopback - A function in which the router's layer-3 interface (or the circuit to which the router's interface is connected) is looped back or connected to itself. Loopback causes packets sent by the interface to be received by the interface and results in interface unavailability for regular data traffic forwarding. See - more details in section 9.1 of [RFC1583]. The Loopback function + more details in section 9.1 of [RFC2178]. The Loopback function is commonly used in an interface context to gain information on the quality of the interface, by employing mechanisms such as ICMPv6 pings and bit-error tests. In a circuit context, this function is used in wide area environments including optical Dense Wave Division Multiplexing (DWDM) and SONET/SDH for fault isolation (e.g. by placing a loopback at different geographic locations along the path of a wide area circuit to help locate a circuit fault). The Loopback function may be employed locally or remotely. @@ -460,28 +462,28 @@ Thanks (in alphabetical order by first name) to Bernie Volz, Dmitry Anipko, Eric Levy-Abegnoli, Eric Vyncke, Erik Nordmark, Fred Templin, Jouni Korhonen, Michael Sinatra, Ole Troan, Pascal Thubert, Ray Hunter, Suresh Krishnan, and Tassos Chatzithomaoglou for their guidance and review of the document. Thanks to Thomas Narten for encouraging this work. Thanks to Steinar Haug and Scott Beuker for describing the use cases. 9. Normative References - [RFC1583] Moy, J., "OSPF Version 2", RFC 1583, March 1994. - [RFC1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, RFC 1661, July 1994. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. + [RFC2178] Moy, J., "OSPF Version 2", RFC 2178, July 1997. + [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure Neighbor Discovery (SEND)", RFC 3971, March 2005. [RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD) for IPv6", RFC 4429, April 2006. [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, September 2007.