--- 1/draft-ietf-6man-ipv6-subnet-model-07.txt 2010-03-05 14:11:01.000000000 +0100 +++ 2/draft-ietf-6man-ipv6-subnet-model-08.txt 2010-03-05 14:11:01.000000000 +0100 @@ -1,20 +1,20 @@ Network Working Group H. Singh Internet-Draft W. Beebee Updates: 4861 (if approved) Cisco Systems, Inc. Intended status: Standards Track E. Nordmark -Expires: June 26, 2010 Sun Microsystems - December 23, 2009 +Expires: September 6, 2010 Sun Microsystems + March 5, 2010 IPv6 Subnet Model: the Relationship between Links and Subnet Prefixes - draft-ietf-6man-ipv6-subnet-model-07 + draft-ietf-6man-ipv6-subnet-model-08 Abstract IPv6 specifies a model of a subnet that is different than the IPv4 subnet model. The subtlety of the differences has resulted in incorrect implementations that do not interoperate. This document spells out the most important difference; that an IPv6 address isn't automatically associated with an IPv6 on-link prefix. This document also updates (partially due to security concerns caused by incorrect implementations) a part of the definition of on-link from [RFC4861]. @@ -33,25 +33,25 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on June 26, 2010. + This Internet-Draft will expire on September 6, 2010. Copyright Notice - Copyright (c) 2009 IETF Trust and the persons identified as the + Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as @@ -64,33 +64,33 @@ modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Table of Contents - 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 - 2. Host Behavior . . . . . . . . . . . . . . . . . . . . . . . . 4 - 3. Host Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 7 - 4. Observed Incorrect Implementation Behavior . . . . . . . . . . 9 - 5. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 9 - 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 - 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 - 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 10 - 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 - 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 - 10.1. Normative References . . . . . . . . . . . . . . . . . . 10 - 10.2. Informative References . . . . . . . . . . . . . . . . . 10 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 + 2. Host Behavior . . . . . . . . . . . . . . . . . . . . . . . . 5 + 3. Host Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 8 + 4. Observed Incorrect Implementation Behavior . . . . . . . . . . 10 + 5. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 10 + 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 + 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 + 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 11 + 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 + 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 + 10.1. Normative References . . . . . . . . . . . . . . . . . . 11 + 10.2. Informative References . . . . . . . . . . . . . . . . . 12 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 1. Introduction IPv4 implementations typically associate a netmask with an address when an IPv4 address is assigned to an interface. That netmask together with the IPv4 address designates an on-link prefix. Nodes consider addresses covered by an on-link prefix to be directly attached to the same link as the sending node, i.e., they send traffic for such addresses directly rather than to a router. See section 3.3.1 in [RFC1122]. Prior to the development of subnetting @@ -353,54 +353,57 @@ error message) as specified in the Terminology section of [RFC4861]. On-link information concerning particular addresses and prefixes can make those specific addresses and prefixes on-link, but does not change the default behavior mentioned above for addresses and prefixes not specified. [RFC4943] provides justification for these rules. 5. Hosts MUST verify that on-link information is still valid after - IPv6 interface re-initialization before using cached on-link - determination information. Failure to do so may lead to lack of - IPv6 network connectivity. For example, a host receives an RA - from a router with on-link prefix A. The host powers down. + IPv6 interface re-initialization. Failure to do so may lead to + lack of IPv6 network connectivity. For example, a host receives + an RA from a router with on-link prefix A. The host powers down. During the power off, the router sends out prefix A with on-link bit set and a zero lifetime to indicate a renumbering. The host misses the renumbering. The host powers on and comes online. Then, the router sends an RA with no PIO. The host uses cached on-link prefix A and issues NS's instead of sending traffic to a default router. The "Observed Incorrect Implementation Behavior" section below describes how this can result in lack of IPv6 connectivity. 4. Observed Incorrect Implementation Behavior One incorrect implementation behavior illustrates the severe consequences when the IPv6 subnet model is not understood by the implementers of several popular host operating systems. In an access concentrator network ([RFC4388]), a host receives a Router Advertisement Message with no on-link prefix advertised. The host - incorrectly assumes an invented prefix is on-link and performs - address resolution when the host should send all non-link-local - traffic to a default router. Neither the router nor any other host - will respond to the address resolution, preventing this host from - sending IPv6 traffic. + incorrectly assumes an invented prefix is on-link. This invented + prefix typically is a /64 that was written by the developer of the + API as a "default" prefix length when a length isn't specified. This + may cause the API to seem to work in the case of a network interface + initiating SLAAC, however it can cause connectivity problems in NBMA + networks. Having incorrectly assumed an invented prefix, the host + performs address resolution when the host should send all non-link- + local traffic to a default router. Neither the router nor any other + host will respond to the address resolution, preventing this host + from sending IPv6 traffic. 5. Conclusion This document clarifies and summarizes the relationship between links and subnet prefixes described in [RFC4861]. Configuration of an IPv6 address does not imply the existence of corresponding on-link prefixes. One should also look at API considerations for prefix length as described in last paragraph of section 4.2 of [RFC4903]. - This document also updates the definition of on-link from [RFC4861] by retracting the last two bullets. 6. Security Considerations This document addresses a security concern present in [RFC4861]. As a result, the last two bullets of the on-link definition in [RFC4861] have been retracted. US-CERT Vulnerability Note VU#472363 lists the implementations affected.