Related to this topic, long time ago when the choices of a) DAD only on link local, and not on other addresses derived from the same id (legal on original RFC)
b) do DAD indivially on each address were discussed, I preferred (a) (and still do), and proposed an additional logic on hosts using (a): - if they see DAD probe on any address using the ID part of the assigned link local address, the host would reply as if the probed address was configured ("defend ID patch"). That solves the case where one tries to manually configure global address to some other host using the same ID part. The attempt will fail as DAD collision. It does not solve merging of two local links into one, but nothing solves that mess anyway, if there are multiple users of same ID and addresses. I still question the sanity of "do DAD on all addresses" approach: - when router advertises a list of global prefixes, *each* and *every* node will now send DAD on each address at same time => instant DAD storm. And a host can have mulpiple id's in use... - now, if we talk about rogue hosts, one could do continous stream of RA's with 40 random prefixes, and see how the hosts behave... -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------