> I have a question about a corner case of IPv6 Neighbor Discovery; what > should a host do if a received RA contains a prefix whose preferred > lifetime is larger than valid lifetime?
> In terms stateless address autoconfiguration, the specification > clearly says that such a prefix must be ignored: > c) If the preferred lifetime is greater than the valid lifetime, > silently ignore the Prefix Information option. A node MAY wish to > log a system management error in this case. > (RFC 2462 Section 5.5.3) > However, there seems to be no description about the case in RFC 2461. > This is perhaps intentional, because the preferred lifetime does not > affect on-link prefix configuration. So my question is: > - is RFC 2461 intentionally silent about the case of preferred > lifetime > valid lifetime? > - if so, what should a host do when, for example, it receives a prefix > with the L bit being set, the A bit being set, and preferred LT > > valid LT? Should it just regard the prefix as on-link and not > configure a corresponding address? > - or, do I miss something in RFC 2461? I don't know that it really matters that much whether one ignores the on-link determiniation or not in this case. Neither seems particularly catastrophic. Note the follow words in 2461: Stateless address autoconfiguration [ADDRCONF] may in some circumstances increase the Valid Lifetime of a prefix or ignore it completely in order to prevent a particular denial of service attack. However, since the effect of the same denial of service targeted at the on-link prefix list is not catastrophic (hosts would send packets to a default router and receive a redirect rather than sending packets directly to a neighbor) the Neighbor Discovery protocol does not impose such a check on the prefix lifetime values. I think similar logic applies to the case you describe. Thomas -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
