Hi,
I am looking through the Address Autoconfig (RFC 2462) and Neighbor
Discovery (RFC 2461) drafts, and there seems to be a bit of discrepancy
about deprecating prefixes.
Specifically, let's consider the scenario described in RFC 2461 on page
78-79. A prefix has been advertised with a lifetime of two months, a
machine is turned off on July 31st, then on Aug. 1st, it's decided the
prefix should expire on Sep 1st. The host is turned back during
September, at which point the prefix is deprecated, but the node's last
received advertisement indicates the prefix is valid until the end of
September. 2461 states:
The only way to force a node to stop using a prefix that was
previously advertised
with a long Lifetime is to have that node receive an advertisement
for that prefix
that changes the lifetime downward. The solution in this example is
simple: continue
advertising the prefix with a lifetime of 0 from September 1st until
October 1st.
However, RFC 2462 has stated that unless router advertisements are
authenticated, any router advertisement trying to expire the prefix
(which still has a few days, to most of a month, of validity left), will
just lower it to two hours.
Is it OK with everyone that a node that has been turned off for a while,
could possibly be *unusable* on a network for two hours? We can not say
that an admin will log into this machine and manually remove the prefix,
or that router advertisements after a network renumber will be
authenticated. Both of these make far too many assumptions.
Aside from whether this is "OK," there is inconsistency between these
drafts. 2461 does not seem to account for the DoS attack which 2462 is
trying to avoid.
Comments?
--
T.J. Kniveton
NOKIA Research Center
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
