On Mon, 29 Apr 2002 [EMAIL PROTECTED] wrote:
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>
>
> Title : IPv6 Fast Router Advertisement
> Author(s) : J. Kempf, M. Khalil, B. Pentland
> Filename : draft-mkhalil-ipv6-fastra-00.txt
> Pages : 3
> Date : 26-Apr-02
>
> This document specifies an amendment to the router solicitation
> handling procedures in RFC 2461 that allow for improved default
> router aquisition performance when an active IP host moves from
> one subnet to another.
>
> A URL for this Internet-Draft is:
> http://www.ietf.org/internet-drafts/draft-mkhalil-ipv6-fastra-00.txt
I'm not sure how this ended up Cc:'ed to ipng but anyway..
A few comments:
3.0 Processing Router Solicitations
A router that is configured to provide fast RAs MUST maintain a
counter, FastRACounter, of the fast RAs sent since the last
unsolicited multicast RA was sent. when an RS is received, an
RA MUST be sent immediately if:
FastRACounter <= MAX_FAST_RAS
==> I think the wording should be much more clear on what exactly is a
router configured to provide fast RAs, especially if it _MUST_ send fast
RA's in contradiction to the current specification.
A router SHOULD choose to unicast the response directly to the
soliciting host's address (if the solicitation's source address
is not the unspecified address), otherwise the router MUST schedule
a multicast Router Advertisement in accordance with RFC 2461.
==> Clarification: if the router would not schedule an RA by RFC 2461
(e.g. skip the scheduling to prevent DoS)
==> Using unicast was a MAY. I think there should be some discussion why
this should be changed.
When the multicast RA has been sent, FastRACounter
MUST be reset to zero and processing for fast RAs recommences.
[and]
4.0 Security Considerations
This draft specifies a minor modification to RFC 2461. There are no
considerations for this draft.
==> please have a look at:
http://search.ietf.org/internet-drafts/draft-rescorla-sec-cons-05.txt
At the very least, 100 Fast RA's per multicast unsolicited interval,
the minimum decreased by MIPv6 to 0.05 seconds: potentially about 2,000
RA's from a router a second. Potential DoS?
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
