draft-ietf-6man-ipv6-subnet-model-02.txt   draft-ietf-6man-ipv6-subnet-model-03.txt 
Network Working Group H. Singh Network Working Group H. Singh
Internet-Draft W. Beebee Internet-Draft W. Beebee
Intended status: Standards Track Cisco Systems, Inc. Intended status: Standards Track Cisco Systems, Inc.
Expires: April 9, 2009 E. Nordmark Expires: September 7, 2009 E. Nordmark
Sun Microsystems Sun Microsystems
October 6, 2008 March 6, 2009
IPv6 Subnet Model: the Relationship between Links and Subnet Prefixes IPv6 Subnet Model: the Relationship between Links and Subnet Prefixes
draft-ietf-6man-ipv6-subnet-model-02 draft-ietf-6man-ipv6-subnet-model-03
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any This Internet-Draft is submitted to IETF in full conformance with the
applicable patent or other IPR claims of which he or she is aware provisions of BCP 78 and BCP 79. This document may contain material
have been or will be disclosed, and any of which he or she becomes from IETF Documents or IETF Contributions published or made publicly
aware will be disclosed, in accordance with Section 6 of BCP 79. available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to
translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 9, 2009. This Internet-Draft will expire on September 7, 2009.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract Abstract
IPv6 specifies a model of a subnet that is different than the IPv4 IPv6 specifies a model of a subnet that is different than the IPv4
subnet model. The subtlety of the differences has resulted in subnet model. The subtlety of the differences has resulted in
incorrect implementations that do not interoperate. This document incorrect implementations that do not interoperate. This document
spells out the most important difference; that an IPv6 address isn't spells out the most important difference; that an IPv6 address isn't
automatically associated with an IPv6 on-link prefix. This document automatically associated with an IPv6 on-link prefix. This document
also invalidates (partially due to security concerns) a part of the also updates (partially due to security concerns caused by incorrect
definition of on-link from [RFC4861]. implementations) a part of the definition of on-link from [RFC4861].
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Host Behavior and Rules . . . . . . . . . . . . . . . . . . . 4 2. Host Behavior . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Observed Incorrect Implementation Behavior . . . . . . . . . . 6 3. Host Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Observed Incorrect Implementation Behavior . . . . . . . . . . 9
5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 5. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 9
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 9
8.1. Normative References . . . . . . . . . . . . . . . . . . . 7 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
8.2. Informative References . . . . . . . . . . . . . . . . . . 7 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Appendix A. CHANGE HISTORY . . . . . . . . . . . . . . . . . . . 8 10.1. Normative References . . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 10.2. Informative References . . . . . . . . . . . . . . . . . 10
Intellectual Property and Copyright Statements . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction 1. Introduction
IPv4 implementations typically associate a netmask with an address IPv4 implementations typically associate a netmask with an address
when an IPv4 address is assigned to an interface. That netmask when an IPv4 address is assigned to an interface. That netmask
together with the IPv4 address designates an on-link prefix. together with the IPv4 address designates an on-link prefix.
Addresses that are covered by this prefix are viewed as on-link i.e., Addresses that are covered by this prefix are viewed as on-link i.e.,
traffic to these addresses is not sent to a router. See section traffic to these addresses is not sent to a router. See section
3.3.1 in [RFC1122]. Prior to the deployment of Classless Intern- 3.3.1 in [RFC1122]. Prior to the deployment of Classless Inter-
Domain Routing (CIDR), an address's netmask could be derived directly Domain Routing (CIDR), an address's netmask could be derived directly
from the address. In the absence of specifying a specific netmask from the address. In the absence of specifying a specific netmask
when assigning a address, some implementations would fall back to when assigning a address, some implementations would fall back to
deriving the netmask from the class of the address. deriving the netmask from the class of the address.
The behavior of IPv6 as specified in Neighbor Discovery [RFC4861] is The behavior of IPv6 as specified in Neighbor Discovery [RFC4861] is
quite different. The on-link determination is separate from the quite different. The on-link determination is separate from the
address assignment. A host can have IPv6 addresses without any address assignment. A host can have IPv6 addresses without any
related on-link prefixes or have on-link prefixes that are not related on-link prefixes or have on-link prefixes that are not
related to any IPv6 addresses that are assigned to the host. Any related to any IPv6 addresses that are assigned to the host. Any
assigned address on an interface should initially be considered as assigned address on an interface should initially be considered as
having no internal structure as shown in [RFC4291]. having no internal structure as shown in [RFC4291].
In IPv6, by default, a host treats only the link-local prefix as on- In IPv6, by default, a host treats only the link-local prefix as on-
link. link.
The reception of a Prefix Information Option (PIO) with the L-bit set The reception of a Prefix Information Option (PIO) with the L-bit set
[RFC4861] and a non-zero valid lifetime creates an entry (or updates [RFC4861] and a non-zero valid lifetime creates (or updates) an entry
the valid lifetime for an existing entry) in the Prefix List. All in the Prefix List. All the prefixes that are on the Prefix List,
the prefixes that are on the Prefix List, i.e., have not yet timed i.e., have not yet timed out, are considered to be on-link.
out, are on-link.
The on-link definition in the Terminology section of [RFC4861], as The on-link definition in the Terminology section of [RFC4861], as
modified by this document, defines the complete list of cases where modified by this document, defines the complete list of cases where
an address is considered on-link. Note, in particular, that Redirect an address is considered on-link. Individual address entries can be
Messages can also indicate an address is off-link. Individual expired by the Neighbor Unreachability Detection mechanism.
address entries can be expired by the Neighbor Unreachability
Detection mechanism.
A host only performs address resolution for IPv6 addresses that are A host only performs address resolution for IPv6 addresses that are
on-link. Packets to any other address are sent to a default router. on-link. Packets to any other address are sent to a default router.
If there is no default router, then the node should send an ICMPv6 If there is no default router, then the node should send an ICMPv6
Destination Unreachable indication as specified in [RFC4861] - more Destination Unreachable indication as specified in [RFC4861] - more
details are provided in the Host Behavior and Rules section. (Note details are provided in the Host Behavior and Rules section. (Note
that [RFC4861] changed the behavior when the Default Router List is that [RFC4861] changed the behavior when the Default Router List is
empty. The behavior in the old version of Neighbor Discovery empty. The behavior in the old version of Neighbor Discovery
[RFC2461] was different when there were no default routers.) [RFC2461] was different when there were no default routers.)
Failure of host implementations to correctly implement the IPv6 Failure of host implementations to correctly implement the IPv6
subnet model can result in lack of IPv6 connectivity. See the subnet model can result in lack of IPv6 connectivity. See the
Observed Incorrect Implementation Behavior section for details. Observed Incorrect Implementation Behavior section for details.
Host behavior is clarified in the Host Behavior and Rules section. Host behavior is clarified in the Host Behavior and Rules section.
2. Host Behavior and Rules 2. Host Behavior
A correctly implemented IPv6 host MUST adhere to the following rules: 1. The original ND specification [RFC4861] was unclear in its usage
of the term on-link in a few places. In IPv6, an address is
considered to be on-link (with respect to a specific link), if
the address has been assigned to an interface attached to that
link. Any node attached to the link can send a datagram directly
to an on-link address without forwarding the datagram through a
router. In IPv6, there are two ways to indicate an address is
on-link. First, a host maintains a Prefix List that identifies
ranges of addresses that are to be considered on-link. Second,
Redirects can identify individual destinations that are on-link;
such Redirects update the Destination Cache.
1. By default only the link-local prefix is on-link. The Prefix List is populated via the following means:
2. The configuration of an IPv6 address, whether through IPv6 * Receipt of a Valid RA that specifies a prefix with the L-bit
stateless address autoconfiguration [RFC4862], DHCPv6 [RFC3315], set. Such a prefix is considered on-link for a period
or manual configuration MUST NOT implicitly cause a prefix specified in the Valid Lifetime and is added to the Prefix
derived from that address to be treated as on-link. A host List. (The link-local prefix is effectively considered a
considers a prefix to be on-link only through explicit means, permanent entry on the Prefix List.)
such as those specified in the on-link definition in the
Terminology section of [RFC4861], as modified by this document,
or via manual configuration. Note that the requirement for
manually configured addresses is not explicitly mentioned in
[RFC4861].
3. Note that the following items (from the definition of on-link in * Indication of an on-link prefix (which may be a /128) via
[RFC4861]): manual configuration, or some other yet-to-be specified
configuration mechanism.
A Redirect can also signal whether an address is on-link. If a
host originates a packet, but the first-hop router routes the
received packet back out onto the same link, the router also
sends the host a Redirect. If the Target and Destination Address
of the Redirect are the same, the Target Address is to be treated
as on-link as specified in Section 8 of [RFC4861]. That is, the
host updates its Destination Cache (but not its Prefix List --
though the impact is similar).
2. Note that Redirects cannot signal that an address is off-link.
In section 8.1 of [RFC4861], a Redirect message is silently
discarded if it does not have an IP source address that is the
same as the current first-hop router for the specified ICMP
Destination Address. An ICMP Destination Address on the same
link would have no current first-hop router. Any Redirect
message received could not have an IP source address that is the
same as the current (null) first-hop router, so the Redirect MUST
be dropped.
3. IPv6 also defines the term "neighbor" and "link" to refer to
nodes attached to the same link and that can send packets
directly to each other. Received ND packets that pass the
required validation tests can only come from a neighbor attached
to the link on which the ND packet was received. Unfortunately,
[RFC4861] is imprecise in its definition of on-link and states
that a node considers an address to be on-link if:
- a Neighbor Advertisement message is received for the - a Neighbor Advertisement message is received for the
(target) address, or (target) address, or
- any Neighbor Discovery message is received from the address. - any Neighbor Discovery message is received from the address.
are not sufficient to consider an address to be on-link and will Neither of these tests are acceptable definitions for an address
be removed in a future update to [RFC4861]. A literal reading of to be considered as on-link as defined above, and this document
the second test would allow a neighboring intruder to generate deprecates and removes both of them from the formal definition of
bogus ND messages that result in a spoofed address being on-link. Neither of these tests should be used as justification
improperly treated as on-link. This vulnerability is a specific for modifying the Prefix List or Destination Cache for an
instance of the broad set of attacks that are possible by an on- address.
link neighbor [RFC3756]. The threat is particularly problematic
in the case of routers which allow such a spoofed message to
update their forwarding tables (which can happen if a neighbor
cache entry can update the forwarding table). Only addresses
that are covered by the modified on-link definition should be
treated as on-link from a sending or forwarding perspective, and
it should be noted that routers should generally obtain on-link
information from sources other than RAs and Redirects.
4. To maintain consistency with the invalidation of the last two The conceptual sending algorithm of [RFC4861] defines a Prefix
bullets of the on-link definition in [RFC4861], the following List and Neighbor Cache. The combination of Prefix List and
text from section 7.2.3 of [RFC4861] will also be augmented: Neighbor Cache form what many implementations consider to be the
"IP routing table" for a host. Note that the Neighbor Cache is a
separate data structure referenced by the Destination Cache, but
entries in the Neighbor Cache are not necessarily in the
Destination Cache. It is quite possible (and intentional) that
entries be added to the Neighbor Cache for addresses that would
not be considered on-link as-defined above. For example, upon
receipt of a valid NS, Section 7.2.3 of [RFC4861] states:
If the Source Address is not the unspecified address and, on If an entry does not already exist, the node SHOULD create a
new one and set its reachability state to STALE as specified
in Section 7.3.3. If an entry already exists, and the cached
link-layer address differs from the one in the received Source
Link-Layer option, the cached address should be replaced by
the received address, and the entry's reachability state MUST
be set to STALE.
The intention of the above feature is to add an address to the
Neighbor Cache, even though it might not be considered on- link
per the Prefix List. The benefit of such a step is to have the
receiver populate the Neighbor Cache with an address it will
almost certainly be sending packets to shortly, thus avoiding the
need for an additional round of ND to perform address resolution.
But because there is no validation of the address being added to
the Neighbor Cache, an intruder could spoof the address and cause
a receiver to add an address for a remote site to its Neighbor
Cache. This vulnerability is a specific instance of the broad
set of attacks that are possible by an on-link neighbor
[RFC3756].This causes no problems in practice, so long as the
entry only exists in the Neighbor Cache and the address is not
considered to be on-link by the IP forwarding code (i.e., the
address is not added to the Prefix List and is not marked as on-
link in the Destination Cache).
4. After the update to the on-link definition in [RFC4861], certain
text from section 7.2.3 of [RFC4861] may appear, upon a cursory
examination, to be inconsistent with the updated definition of
on-link because the text does not ensure that the source address
is already deemed on-link through other methods:
If the Source Address is not the unspecified address and, on-
link layers that have addresses, the solicitation includes a link layers that have addresses, the solicitation includes a
Source Link-Layer Address option, then the recipient SHOULD Source Link-Layer Address option, then the recipient SHOULD
create or update the Neighbor Cache entry for the IP Source create or update the Neighbor Cache entry for the IP Source
Address of the solicitation. Address of the solicitation.
changes to: Similarly, the following text from section 6.2.5 of [RFC4861]
may also seem inconsistent: If there is no existing Neighbor
Cache entry for the solicitation's sender, the router creates
one, installs the link- layer address and sets its
reachability state to STALE as specified in Section 7.3.3.
If the Source Address is not the unspecified address and, on However, the text in the aforementioned sections of [RFC4861],
link layers that have addresses, the solicitation includes a upon closer inspection, is actually consistent with the
Source Link-Layer Address option, then the recipient SHOULD deprecation of the last two bullets of the on-link definition
create or update the Neighbor Cache entry for the IP Source because there are two different ways in which on-link
Address of the solicitation provided that the source address determination can affect the state of ND: through updating the
of the NS is deemed on-link through other indications. Prefix List or the Neighbor Cache. Through deprecating the last
two bullets of the on-link definition, the Prefix List is
explicitly not to be changed when a node receives an NS, NA, or
RS. The Neighbor Cache can still be updated through receipt of
an NS, NA, or RS.
5. In the absence of other sources of on-link information, including 5. [RFC4861] is written from the perspective of a host with a single
interface on which Neighbor Discovery is run. All ND traffic
(whether sent or received) traverses the single interface. On
hosts with multiple interfaces, care must be taken to ensure that
the scope of ND processing from one link stays local to that
link. That is, when responding to a NS, the NA would be sent out
on the same link on which it was received. Likewise, a host
would not respond to a received NS for an an address assigned to
an interface on a different link. Although implementions may
choose to implement Neighbor Discovery using a single data
structure that merges the Neighbor Caches of all interfaces, an
implementation's behavior must be consistent with the above
model.
6. Note that the receipt of a link-local IPv6 multicast packet which
is not an ND packet indicates direct reachability on a link, but
is not specifically treated by [RFC4861].
7. Note that the receipt of a packet with the Hop Limit field
unchanged (the Hop Limit could be specified in a packet-type
specific document) which is not an ND packet indicates direct
reachability on a link, but is not specifically treated by
[RFC4861].
3. Host Rules
A correctly implemented IPv6 host MUST adhere to the following rules:
1. The assignment of an IPv6 address, whether through IPv6 stateless
address autoconfiguration [RFC4862], DHCPv6 [RFC3315], or manual
configuration MUST NOT implicitly cause a prefix derived from
that address to be treated as on-link and added to the Prefix
List. A host considers a prefix to be on-link only through
explicit means, such as those specified in the on-link definition
in the Terminology section of [RFC4861], as modified by this
document, or via manual configuration. Note that the requirement
for manually configured addresses is not explicitly mentioned in
[RFC4861].
2. In the absence of other sources of on-link information, including
Redirects, if the RA advertises a prefix with the on-link(L) bit Redirects, if the RA advertises a prefix with the on-link(L) bit
set and later the Valid Lifetime expires, the host MUST then set and later the Valid Lifetime expires, the host MUST then
consider addresses of the prefix to be off-link, as specified by consider addresses of the prefix to be off-link, as specified by
the PIO paragraph of section 6.3.4 of [RFC4861]. the PIO paragraph of section 6.3.4 of [RFC4861].
6. Newer implementations, which are compliant with [RFC4861] MUST 3. Newer implementations, which are compliant with [RFC4861] MUST
adhere to the following rules. Older implementations, which are adhere to the following rules. Older implementations, which are
compliant with [RFC2461] but not [RFC4861] may remain as is. If compliant with [RFC2461] but not [RFC4861] may remain as is. If
the Default Router List is empty and there is no other source of the Default Router List is empty and there is no other source of
on-link information about any address or prefix: on-link information about any address or prefix:
1. The host MUST NOT assume that all destinations are on-link. 1. The host MUST NOT assume that all destinations are on-link.
2. The host MUST NOT perform address resolution for non-link- 2. The host MUST NOT perform address resolution for non-link-
local addresses. local addresses.
skipping to change at page 6, line 9 skipping to change at page 8, line 42
On-link information concerning particular addresses and prefixes On-link information concerning particular addresses and prefixes
can make those specific addresses and prefixes on-link, but does can make those specific addresses and prefixes on-link, but does
not change the default behavior mentioned above for addresses and not change the default behavior mentioned above for addresses and
prefixes not specified. [RFC4943] provides justification for prefixes not specified. [RFC4943] provides justification for
these rules. these rules.
Using cached on-link determination information without first Using cached on-link determination information without first
verifying that the information is still valid after IPv6 interface verifying that the information is still valid after IPv6 interface
re-initialization may lead to lack of IPv6 network connectivity. For re-initialization may lead to lack of IPv6 network connectivity. For
example, a host receives an RA from a router with on-link prefix A. example, a host receives an RA from a router with on-link prefix A.
The host reboots. During the reboot, the router sends out prefix A The host powers down. During the power off, the router sends out
with on-link bit set and a zero lifetime to indicate a renumbering. prefix A with on-link bit set and a zero lifetime to indicate a
The host misses the renumbering. The host comes online. Then, the renumbering. The host misses the renumbering. The host powers on
router sends an RA with no PIO. The host uses cached on-link prefix and comes online. Then, the router sends an RA with no PIO. The
A and issues NS's instead of sending traffic to a default router. host uses cached on-link prefix A and issues NS's instead of sending
The "Observed Incorrect Implementation Behavior" section below traffic to a default router. The "Observed Incorrect Implementation
describes how this can result in lack of IPv6 connectivity. Behavior" section below describes how this can result in lack of IPv6
connectivity.
3. Observed Incorrect Implementation Behavior 4. Observed Incorrect Implementation Behavior
One incorrect implementation behavior illustrates the severe One incorrect implementation behavior illustrates the severe
consequences when the IPv6 subnet model is not understood by the consequences when the IPv6 subnet model is not understood by the
implementers of several popular host operating systems. In an access implementers of several popular host operating systems. In an access
concentrator network ([RFC4388]), a host receives a Router concentrator network ([RFC4388]), a host receives a Router
Advertisement Message with no on-link prefix advertised. The host Advertisement Message with no on-link prefix advertised. The host
incorrectly assumes an invented prefix is on-link and performs incorrectly assumes an invented prefix is on-link and performs
address resolution when the host should send all non-link-local address resolution when the host should send all non-link-local
traffic to a default router. Neither the router nor any other host traffic to a default router. Neither the router nor any other host
will respond to the address resolution, preventing this host from will respond to the address resolution, preventing this host from
sending IPv6 traffic. sending IPv6 traffic.
4. Conclusion 5. Conclusion
This document clarifies and summarizes the relationship between links This document clarifies and summarizes the relationship between links
and subnet prefixes described in [RFC4861]. Configuration of an IPv6 and subnet prefixes described in [RFC4861]. Configuration of an IPv6
address does not imply the existence of corresponding on-link address does not imply the existence of corresponding on-link
prefixes. One should also look at API considerations for prefix prefixes. One should also look at API considerations for prefix
length as described in last paragraph of section 4.2 of [RFC4903]. length as described in last paragraph of section 4.2 of [RFC4903].
This document also invalidates a part of the definition of on-link This document also updates the definition of on-link from [RFC4861]
from [RFC4861]. by retracting the last two bullets.
5. Security Considerations 6. Security Considerations
This document addresses a security concern present in [RFC4861]. As This document addresses a security concern present in [RFC4861]. As
a result, the last two bullets of the on-link definition in [RFC4861] a result, the last bullet of the on-link definition in [RFC4861] has
have been invalidated. been retracted.
6. IANA Considerations 7. IANA Considerations
None. None.
7. Acknowledgements 8. Contributors
Thomas Narten contributed significant text and provided substantial
guidance to the production of this document.
9. Acknowledgements
Thanks (in alphabetical order) to Adeel Ahmed, Jari Arkko, Ralph Thanks (in alphabetical order) to Adeel Ahmed, Jari Arkko, Ralph
Droms, Alun Evans, Dave Forster, Prashanth Krishnamurthy, Suresh Droms, Alun Evans, Dave Forster, Prashanth Krishnamurthy, Suresh
Krishnan, Josh Littlefield, David Miles, Thomas Narten, Madhu Sudan, Krishnan, Josh Littlefield, David Miles, Madhu Sudan, Jinmei Tatuya,
Jinmei Tatuya, Dave Thaler, Bernie Volz, and Vlad Yasevich for their Dave Thaler, Bernie Volz, and Vlad Yasevich for their consistent
consistent input, ideas and review during the production of this input, ideas and review during the production of this document. The
document. The security problem that provides one reason for security problem related to an NS message that provides one reason
invalidating a part of the on-link definition was found by David for invalidating a part of the on-link definition was found by David
Miles. Thomas Narten has provided substantial guidance to the Miles. Jinmei Tatuya found the security problem to also exist with
production of this document. an RS message.
8. References 10. References
8.1. Normative References 10.1. Normative References
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
September 2007. September 2007.
8.2. Informative References 10.2. Informative References
[RFC1122] Braden, R., "Requirements for Internet Hosts - [RFC1122] Braden, R., "Requirements for Internet Hosts -
Communication Layers", STD 3, RFC 1122, October 1989. Communication Layers", STD 3, RFC 1122, October 1989.
[RFC2461] Narten, T., Nordmark, E., and W. Simpson, "Neighbor [RFC2461] Narten, T., Nordmark, E., and W. Simpson, "Neighbor
Discovery for IP Version 6 (IPv6)", RFC 2461, Discovery for IP Version 6 (IPv6)", RFC 2461,
December 1998. December 1998.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
skipping to change at page 8, line 10 skipping to change at page 11, line 10
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862, September 2007. Address Autoconfiguration", RFC 4862, September 2007.
[RFC4903] Thaler, D., "Multi-Link Subnet Issues", RFC 4903, [RFC4903] Thaler, D., "Multi-Link Subnet Issues", RFC 4903,
June 2007. June 2007.
[RFC4943] Roy, S., Durand, A., and J. Paugh, "IPv6 Neighbor [RFC4943] Roy, S., Durand, A., and J. Paugh, "IPv6 Neighbor
Discovery On-Link Assumption Considered Harmful", Discovery On-Link Assumption Considered Harmful",
RFC 4943, September 2007. RFC 4943, September 2007.
Appendix A. CHANGE HISTORY
[NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION UPON PUBLICATION.]
Changes in draft-ietf-6man-ipv6-subnet-model-02.txt since -01.txt
are:
o Augmented Abstract to say an important change to [RFC4861] is
being made by this document.
o Removed the following sentence at the end of the Introduction
section: "Finally, this document mainly restates and clarifies
[RFC4861]."
o Added new bullet three to the "Host Behavior and Rules" section
where the bullet invalidates bullets three and four from the on-
link definition from [RFC4861].
o Added new bullet four to the "Host Behavior and Rules" section
where the bullet proposes changes to text in section 7.2.3 of
[RFC4861].
o The security section has been modified to reflect the important
invalidation proposed by this document.
o Modified minor text in the "Observed Incorrect Implementation
Behavior" section to explain what the prefix is in the second
sentence.
o Changed bullet 3 from a new rule with normative language to just a
paragraph of text describing behavior for a host blindly caching
on-link determination and a possible severe consequence of that.
The text also includes a solution for the problem. The new text
lies at the end of section 2 as a new paragraph.
o The title of section 2 has been changed to Host Behavior and
Rules. Also changed Host Behavior Rules to Host Behavior and
Rules in two places in the Introduction section.
Changes in draft-ietf-6man-ipv6-subnet-model-01.txt since -00.txt
are:
o Changed Introduction section to remove any mention of src address
of ND message as a means for on-link determination. Also reworded
first paragraph of Introduction section.
o Reworded bullet 2 of section 2 and added text to clarify on-link
definition.
o Added text to bullet 3 of section 2 to make explicit that this is
a new rule.
o Reworded bullet 5 of section 2 to clearly explain where ICMPv6
Destination Unreachable is sent to.
Authors' Addresses Authors' Addresses
Hemant Singh Hemant Singh
Cisco Systems, Inc. Cisco Systems, Inc.
1414 Massachusetts Ave. 1414 Massachusetts Ave.
Boxborough, MA 01719 Boxborough, MA 01719
USA USA
Phone: +1 978 936 1622 Phone: +1 978 936 1622
Email: shemant@cisco.com Email: shemant@cisco.com
skipping to change at page 10, line 4 skipping to change at line 467
URI: http://www.cisco.com/ URI: http://www.cisco.com/
Erik Nordmark Erik Nordmark
Sun Microsystems Sun Microsystems
17 Network Circle 17 Network Circle
Menlo Park, CA 94025 Menlo Park, CA 94025
USA USA
Phone: +1 650 786 2921 Phone: +1 650 786 2921
Email: erik.nordmark@sun.com Email: erik.nordmark@sun.com
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
 End of changes. 36 change blocks. 
154 lines changed or deleted 231 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/