Dear all:
At the 6lo meeting, Dave pointed that the limitation of number of address to
protect the 6LR / 6LBR was a 6lo local problem to be handled by us.
We discussed what an arch minimum number of addresses could be. Turned out that
it would range between 3 of a hard core 6LN to 10 for a more capable device.
I reworded the relevant paragraph in the Security Considerations as follows:
The router (6LR or 6LBR) SHOULD be configurable so as to limit the
number of addresses that can be registered by a single node, but as a
protective measure only. In any case, a router MUST be able to keep a
minimum number of addresses per node. That minimum depends on the type
of device and ranges between 3 for a very constrained LLN and 10 for a
larger device. A node may be identified by its MAC address, as long as
it is not obfuscated by privacy measures. A stronger identification
(e.g., by security credentials) is RECOMMENDED.
When the maximum is reached, the router should use a
Least-Recently-Used (LRU) algorithm to clean up the addresses,
keeping at least one Link-Local Address. The router
SHOULD attempt to keep one or more stable addresses if stability
can be determined, e.g., because they are used over a much longer time
span than other (privacy, shorter-lived) addresses. Address lifetimes
SHOULD be individually configurable.
Does that work?
Pascal
_______________________________________________
6lo mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lo
