draft-ietf-6man-enhanced-dad-08.txt   draft-ietf-6man-enhanced-dad-09.txt 
Network Working Group R. Asati Network Working Group R. Asati
Internet-Draft H. Singh Internet-Draft H. Singh
Updates: 4862, 4861, 3971 (if approved) W. Beebee Updates: 4862, 4861, 3971 (if approved) W. Beebee
Intended status: Standards Track C. Pignataro Intended status: Standards Track C. Pignataro
Expires: May 14, 2015 Cisco Systems, Inc. Expires: May 17, 2015 Cisco Systems, Inc.
E. Dart E. Dart
Lawrence Berkeley National Laboratory Lawrence Berkeley National Laboratory
W. George W. George
Time Warner Cable Time Warner Cable
November 10, 2014 November 13, 2014
Enhanced Duplicate Address Detection Enhanced Duplicate Address Detection
draft-ietf-6man-enhanced-dad-08 draft-ietf-6man-enhanced-dad-09
Abstract Abstract
IPv6 Loopback Suppression and Duplicate Address Detection (DAD) are IPv6 Loopback Suppression and Duplicate Address Detection (DAD) are
discussed in Appendix A of [RFC4862]. That specification mentions a discussed in Appendix A of RFC4862. That specification mentions a
hardware-assisted mechanism to detect looped back DAD messages. If hardware-assisted mechanism to detect looped back DAD messages. If
hardware cannot suppress looped back DAD messages, a software hardware cannot suppress looped back DAD messages, a software
solution is required. Several service provider communities have solution is required. Several service provider communities have
expressed a need for automated detection of looped backed Neighbor expressed a need for automated detection of looped backed Neighbor
Discovery (ND) messages used by DAD. This document includes Discovery (ND) messages used by DAD. This document includes
mitigation techniques and outlines the Enhanced DAD algorithm to mitigation techniques and outlines the Enhanced DAD algorithm to
automate the detection of looped back IPv6 ND messages used by DAD. automate the detection of looped back IPv6 ND messages used by DAD.
For network loopback tests, the Enhanced DAD algorithm allows IPv6 to For network loopback tests, the Enhanced DAD algorithm allows IPv6 to
self-heal after a loopback is placed and removed. Further, for self-heal after a loopback is placed and removed. Further, for
certain access networks the document automates resolving a specific certain access networks the document automates resolving a specific
duplicate address conflict. duplicate address conflict. This document updates RFC4861, RFC4862,
and RFC3971.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 14, 2015. This Internet-Draft will expire on May 17, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 11 skipping to change at page 3, line 11
solution is required. One specific DAD message is the Neighbor solution is required. One specific DAD message is the Neighbor
Solicitation (NS), specified in [RFC4861]. The NS is issued by the Solicitation (NS), specified in [RFC4861]. The NS is issued by the
network interface of an IPv6 node for DAD. Another message involved network interface of an IPv6 node for DAD. Another message involved
in DAD is the Neighbor Advertisement (NA). The Enhanced DAD in DAD is the Neighbor Advertisement (NA). The Enhanced DAD
algorithm specified in this document focuses on detecting an NS algorithm specified in this document focuses on detecting an NS
looped back to the transmitting interface during the DAD operation. looped back to the transmitting interface during the DAD operation.
Detecting a looped back NA does not solve the looped back DAD Detecting a looped back NA does not solve the looped back DAD
problem. Detection of any other looped back ND messages during the problem. Detection of any other looped back ND messages during the
DAD operation is outside the scope of this document. This document DAD operation is outside the scope of this document. This document
also includes a section on Mitigation that discusses means already also includes a section on Mitigation that discusses means already
available to mitigate the DAD loopback problem. available to mitigate the DAD loopback problem. This document
updates RFC4861, RFC4862, and RFC3971.
1.1. Two Deployment Problems 1.1. Two Deployment Problems
In each problem articulated below, the IPv6 link-local address DAD In each problem articulated below, the IPv6 link-local address DAD
operation fails due to a looped back DAD probe. However, the looped operation fails due to a looped back DAD probe. However, the looped
back DAD probe exists for any IPv6 address type including global back DAD probe exists for any IPv6 address type including global
addresses. addresses.
Recently, service providers have reported a problem with DAD that is Recently, service providers have reported a problem with DAD that is
caused by looped back NS messages. The following is a description of caused by looped back NS messages. The following is a description of
skipping to change at page 4, line 8 skipping to change at page 4, line 9
two broadband modems is enabled for IPv6 and the interface issues a two broadband modems is enabled for IPv6 and the interface issues a
NS(DAD) message for the IPv6 link-local address. The NS message NS(DAD) message for the IPv6 link-local address. The NS message
reaches one modem first and this modem sends the message to the reaches one modem first and this modem sends the message to the
network hub which sends the message to the second modem which network hub which sends the message to the second modem which
forwards the message back to the access concentrator. The looped forwards the message back to the access concentrator. The looped
back NS message causes the network interface on the access back NS message causes the network interface on the access
concentrator to be in a DAD-failed state. Such a network interface concentrator to be in a DAD-failed state. Such a network interface
typically serves up to a hundred thousand broadband modems causing typically serves up to a hundred thousand broadband modems causing
all the modems (and hosts behind the modems) to fail to get IPv6 all the modems (and hosts behind the modems) to fail to get IPv6
online on the access network. Additionally, it may be tedious for online on the access network. Additionally, it may be tedious for
the access concentrator to find out which of the hundred thousand or the user of the access concentrator to find out which of the hundred
more homes looped back the DAD message. Clearly there is a need for thousand or more homes looped back the DAD message. Clearly there is
automated detection of looped back NS messages during DAD operations a need for automated detection of looped back NS messages during DAD
by a node. operations by a node.
2. Terminology 2. Terminology
o DAD-failed state - Duplication Address Detection failure as o DAD-failed state - Duplication Address Detection failure as
specified in [RFC4862]. Note even Optimistic DAD as specified in specified in [RFC4862]. Note even Optimistic DAD as specified in
[RFC4429] can fail due to a looped back DAD probe. This document [RFC4429] can fail due to a looped back DAD probe. This document
covers looped back detection for Optimistic DAD as well. covers looped back detection for Optimistic DAD as well.
o Looped back message - also referred to as a reflected message. o Looped back message - also referred to as a reflected message.
The message sent by the sender is received by the sender due to The message sent by the sender is received by the sender due to
the network or an Upper Layer Protocol on the sender looping the the network or an Upper Layer Protocol on the sender looping the
message back. message back.
o Loopback - A function in which the router's layer-3 interface (or o Loopback - A function in which the router's layer-3 interface (or
the circuit to which the router's interface is connected) is the circuit to which the router's interface is connected) is
looped back or connected to itself. Loopback causes packets sent looped back or connected to itself. Loopback causes packets sent
by the interface to be received by the interface and results in by the interface to be received by the interface and results in
interface unavailability for regular data traffic forwarding. See interface unavailability for regular data traffic forwarding. See
more details in section 9.1 of [RFC1583]. The Loopback function more details in section 9.1 of [RFC2178]. The Loopback function
is commonly used in an interface context to gain information on is commonly used in an interface context to gain information on
the quality of the interface, by employing mechanisms such as the quality of the interface, by employing mechanisms such as
ICMPv6 pings and bit-error tests. In a circuit context, this ICMPv6 pings and bit-error tests. In a circuit context, this
function is used in wide area environments including optical Dense function is used in wide area environments including optical Dense
Wave Division Multiplexing (DWDM) and SONET/SDH for fault Wave Division Multiplexing (DWDM) and SONET/SDH for fault
isolation (e.g. by placing a loopback at different geographic isolation (e.g. by placing a loopback at different geographic
locations along the path of a wide area circuit to help locate a locations along the path of a wide area circuit to help locate a
circuit fault). The Loopback function may be employed locally or circuit fault). The Loopback function may be employed locally or
remotely. remotely.
skipping to change at page 10, line 44 skipping to change at page 10, line 44
Thanks (in alphabetical order by first name) to Bernie Volz, Dmitry Thanks (in alphabetical order by first name) to Bernie Volz, Dmitry
Anipko, Eric Levy-Abegnoli, Eric Vyncke, Erik Nordmark, Fred Templin, Anipko, Eric Levy-Abegnoli, Eric Vyncke, Erik Nordmark, Fred Templin,
Jouni Korhonen, Michael Sinatra, Ole Troan, Pascal Thubert, Ray Jouni Korhonen, Michael Sinatra, Ole Troan, Pascal Thubert, Ray
Hunter, Suresh Krishnan, and Tassos Chatzithomaoglou for their Hunter, Suresh Krishnan, and Tassos Chatzithomaoglou for their
guidance and review of the document. Thanks to Thomas Narten for guidance and review of the document. Thanks to Thomas Narten for
encouraging this work. Thanks to Steinar Haug and Scott Beuker for encouraging this work. Thanks to Steinar Haug and Scott Beuker for
describing the use cases. describing the use cases.
9. Normative References 9. Normative References
[RFC1583] Moy, J., "OSPF Version 2", RFC 1583, March 1994.
[RFC1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, [RFC1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51,
RFC 1661, July 1994. RFC 1661, July 1994.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2178] Moy, J., "OSPF Version 2", RFC 2178, July 1997.
[RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure
Neighbor Discovery (SEND)", RFC 3971, March 2005. Neighbor Discovery (SEND)", RFC 3971, March 2005.
[RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD) [RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD)
for IPv6", RFC 4429, April 2006. for IPv6", RFC 4429, April 2006.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
September 2007. September 2007.
 End of changes. 11 change blocks. 
14 lines changed or deleted 16 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/