In your letter dated Tue, 20 Jul 2010 12:26:22 -0400 you wrote: >For a p2p link, I think we all agree that Address Resolution is not >necessary. But what about the other parts?
I think that is where it goes wrong. Yes, it is true that on a p2p link you don't need the neighbors MAC address because there isn't any. But the protocol works only if you execute it completely, just leaving out the linklayer address options. What address resolution does is not just to provide a MAC address, but also an indication that the other side is alive. What is called NUD in only part of the complete protocol, so it doesn't work on its own. >That was the intention. In practice, folk seem to want to make >optimizations to not send packets if they are not strictly required, >resulting in the current situation where running ND over a p2p link >would work just fine, but is actually disabled. Exactly. >However, that does not mean that the only time one can send an ICMP >unreachable is after ND fails. It would be perfectly OK to send an >ICMP unreachable upon discovering that one is sending to a destination >covered by the on-link prefix, but does not correspond to addresses at >the other end of the of the p2p link. The problem here is that in general, you don't know what addresses your peer may respond to. So need a protocol for that. The current ND protocol works, but has the problem you may have to deal with a DoS issue when attacker enumerates all addresses covered by a /64 (which may not be a big issue on router to router links). -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
