At Thu, 5 Jul 2007 18:18:20 -0400,
"Hemant Singh (shemant)" <[EMAIL PROTECTED]> wrote:
> I think Tatuya first leaned towards the silent discard behavior because
> he wanted text in 2462bis to match text in first para of section 7.2.5
> of 2461bis. However, I see that as matching apples with oranges. The NA
> in section 7.2.5 of 2461bis is silently discarded if the target address
> of NA does not exist in ND cache of the receiving interface. The NA in
> section 5.4.4 of 2462bis is being dropped because the target address in
> NA matches an address on the receiving interface - we have already
> asked, why is such a match not deemed as a duplicate and hence an error
> mgmt message raised?
I've been thinking it over again, and I now agree that we should
rather leave a log message in this case (while discarding the NA).
This is an abnormal case anyway, but if it ever happens the most
likely scenario is:
- there is actually duplicate assignment which has not been detected
by DAD due to network fragmentation, packet drop, etc.
- then the conflicting node sends out an unsolicited NA for some
reason such as L2 address change
I also agree that it is overkilling to require the receiving host to
stop using the seemingly duplicate address. We know DAD is not 100%
reliable, so the best thing to do for such undetected duplicates would
be to leave a warning/log message and let the administrator fix the
issue by hand. Requiring to stop using the address is also suboptimal
in that it could be exploited by an attacker for DoS.
In conclusion I'd like to propose to change the paragraph of
Section 5.4.4 from:
On receipt of a valid Neighbor Advertisement message on an interface,
node behavior depends on whether the target address is tentative or
matches a unicast or anycast address assigned to the interface. If
the target address is assigned to the receiving interface, the
solicitation is processed as described in [I-D.ietf-ipv6-2461bis].
If the target address is tentative, the tentative address is not
unique.
to:
On receipt of a valid Neighbor Advertisement message on an interface,
node behavior depends on whether the target address is tentative or
matches a unicast or anycast address assigned to the interface. If
the target address is assigned to the receiving interface, the
advertisement SHOULD be discarded and the node SHOULD log a
system management error; this case would indicate that the address
is a duplicate but it has not been detected by the Duplicate
Address Detection procedure, which should be manually handled by
the system administrator. If the target address is tentative, the
tentative address is not unique.
(the additional note "this case would indicate..." may sound too
verbose. If so, I'm willing to remove it.)
Does this make sense?
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
