Related to this topic, long time ago when the choices of
a) DAD only on link local, and not on other addresses derived
from the same id (legal on original RFC)
b) do DAD indivially on each address
were discussed, I preferred (a) (and still do), and proposed an
additional logic on hosts using (a):
- if they see DAD probe on any address using the ID part of the
assigned link local address, the host would reply as if the probed
address was configured ("defend ID patch").
That solves the case where one tries to manually configure global
address to some other host using the same ID part. The attempt will
fail as DAD collision. It does not solve merging of two local links
into one, but nothing solves that mess anyway, if there are multiple
users of same ID and addresses.
I still question the sanity of "do DAD on all addresses" approach:
- when router advertises a list of global prefixes, *each* and *every*
node will now send DAD on each address at same time => instant DAD
storm. And a host can have mulpiple id's in use...
- now, if we talk about rogue hosts, one could do continous stream of
RA's with 40 random prefixes, and see how the hosts behave...
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
