Hi James,
James Kempf wrote:
[cut]
Actually, I wonder if what is needed is more of an applicability
statement saying what types of addresses it is appropriate to use this
procedure for, and where not. For example, can optimistic DAD be used
for the LL address? It took me some thinking to decide whether it
could or not. The answer I believe is yes, but that is not immediately
obvious, I would assert.
But this all depends on having the link-layer address of a router in
the cache (as had been discussed already).
Well, this brings up the reason why I asked for clarification.
In the DNA WG, we've been discussing how to handle the address state machine
when a host moves from one wireless AP to another, potentially with both APs
on the same IP link or not (the host doesn't know a priori from L2 info
after movement). There's nothing currently in the DNA DT draft on the topic
because we just got to discussing it when the draft was almost complete but
it is on the list of issues.
[dna context cut]
Do you see any issues with this that I might have missed?
DNA has been considering DAD issues informally for a long time,
even though there's no text in the current proposal (oDAD was once
a potential charter item for the group). I think it is now
believed necessary to use Optimistic DAD with a link-local
address while testing whether reconfiguration is needed.
The main issues with using Optimistic DAD for DNA seem to be as follows:
1 There's a requirement to include the SLLAO into the RA for DNA
routers, otherwise the DNA host incurs full DAD delay before
resolving the router address. It may be able to detect link
change though...
2 Non SEND addresses can be stolen by fake DAD defences upon the
host entering DNA (for example cell change within a link).
This is not a new attack, but an extension of its applicability.
3 RS's cannot contain an SLLAO in Optimistic DAD. This either
causes a multicast response, or an additional address resolution
by the router toward the host.
The first issue cannot be controlled by DNA hosts (since they
may visit networks where compliant 2461 routers don't include the
option. It may be worth describing in one of the documents
(DNA for hosts ??). Including SLLAO in RAs should be mentioned in
DNA for routers (I'll check that it is).
The second issue needs a few words in the DNA for hosts document,
and should probably mention how SEND can be used to defend against it.
(I'll check that this is there).
The third issue remains problematic for DNA hosts in that in
some circumstances there will be 2461 routers which won't unicast
respond to an RS without SLLAO. This will induce (further) delay.
What would really help things along would be a Tentative Source
Link-Layer Address Option, which could be used to create a STALE
NCE on the router, iff there's no existing NCE with a different MAC
address.
The existing DNA DT proposal (not a WG document) in DNA requires use of
such options, but refers to a separate draft (I'm one of the TSLLAO
authors). If the DNA WG needs the option, perhaps it would be better to
look at that option in IPv6 WG though, because of its DAD expertise.
Greg
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
