< draft-ietf-ipv6-rfc2462bis   rfc4862.txt 
IETF IPv6 Working Group S. Thomson Network Working Group S. Thomson
Internet-Draft Cisco Request for Comments: 4862 Cisco
Expires: November 13, 2005 T. Narten Obsoletes: 2462 T. Narten
IBM Category: Standards Track IBM
T. Jinmei T. Jinmei
Toshiba Toshiba
May 12, 2005 September 2007
IPv6 Stateless Address Autoconfiguration IPv6 Stateless Address Autoconfiguration
draft-ietf-ipv6-rfc2462bis-08.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at Status of This Memo
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 13, 2005.
Copyright Notice
Copyright (C) The Internet Society (2005). This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract Abstract
This document specifies the steps a host takes in deciding how to This document specifies the steps a host takes in deciding how to
autoconfigure its interfaces in IP version 6. The autoconfiguration autoconfigure its interfaces in IP version 6. The autoconfiguration
process includes generating a link-local address, generating global process includes generating a link-local address, generating global
addresses via stateless address autoconfiguration, and the Duplicate addresses via stateless address autoconfiguration, and the Duplicate
Address Detection procedure to verify the uniqueness of the addresses Address Detection procedure to verify the uniqueness of the addresses
on a link. on a link.
Table of Contents Table of Contents
1. INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. TERMINOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1 Requirements . . . . . . . . . . . . . . . . . . . . . . . 7 2.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 7
3. DESIGN GOALS . . . . . . . . . . . . . . . . . . . . . . . . . 7 3. Design Goals . . . . . . . . . . . . . . . . . . . . . . . . . 7
4. PROTOCOL OVERVIEW . . . . . . . . . . . . . . . . . . . . . . 8 4. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 8
4.1 Site Renumbering . . . . . . . . . . . . . . . . . . . . . 9 4.1. Site Renumbering . . . . . . . . . . . . . . . . . . . . . 9
5. PROTOCOL SPECIFICATION . . . . . . . . . . . . . . . . . . . . 10 5. Protocol Specification . . . . . . . . . . . . . . . . . . . . 10
5.1 Node Configuration Variables . . . . . . . . . . . . . . . 10 5.1. Node Configuration Variables . . . . . . . . . . . . . . . 10
5.2 Autoconfiguration-Related Structures . . . . . . . . . . . 11 5.2. Autoconfiguration-Related Structures . . . . . . . . . . . 11
5.3 Creation of Link-Local Addresses . . . . . . . . . . . . . 11 5.3. Creation of Link-Local Addresses . . . . . . . . . . . . . 11
5.4 Duplicate Address Detection . . . . . . . . . . . . . . . 12 5.4. Duplicate Address Detection . . . . . . . . . . . . . . . 12
5.4.1 Message Validation . . . . . . . . . . . . . . . . . . 14 5.4.1. Message Validation . . . . . . . . . . . . . . . . . . 14
5.4.2 Sending Neighbor Solicitation Messages . . . . . . . . 14 5.4.2. Sending Neighbor Solicitation Messages . . . . . . . . 14
5.4.3 Receiving Neighbor Solicitation Messages . . . . . . . 15 5.4.3. Receiving Neighbor Solicitation Messages . . . . . . . 15
5.4.4 Receiving Neighbor Advertisement Messages . . . . . . 16 5.4.4. Receiving Neighbor Advertisement Messages . . . . . . 16
5.4.5 When Duplicate Address Detection Fails . . . . . . . . 16 5.4.5. When Duplicate Address Detection Fails . . . . . . . . 17
5.5 Creation of Global Addresses . . . . . . . . . . . . . . . 17 5.5. Creation of Global Addresses . . . . . . . . . . . . . . . 17
5.5.1 Soliciting Router Advertisements . . . . . . . . . . . 17 5.5.1. Soliciting Router Advertisements . . . . . . . . . . . 18
5.5.2 Absence of Router Advertisements . . . . . . . . . . . 17 5.5.2. Absence of Router Advertisements . . . . . . . . . . . 18
5.5.3 Router Advertisement Processing . . . . . . . . . . . 18 5.5.3. Router Advertisement Processing . . . . . . . . . . . 18
5.5.4 Address Lifetime Expiry . . . . . . . . . . . . . . . 20 5.5.4. Address Lifetime Expiry . . . . . . . . . . . . . . . 20
5.6 Configuration Consistency . . . . . . . . . . . . . . . . 21 5.6. Configuration Consistency . . . . . . . . . . . . . . . . 21
5.7 Retaining Configured Addresses for Stability . . . . . . . 21 5.7. Retaining Configured Addresses for Stability . . . . . . . 22
6. SECURITY CONSIDERATIONS . . . . . . . . . . . . . . . . . . . 22 6. Security Considerations . . . . . . . . . . . . . . . . . . . 22
7. IANA CONSIDERATIONS . . . . . . . . . . . . . . . . . . . . . 22 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 23
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 22 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 8.1. Normative References . . . . . . . . . . . . . . . . . . . 23
9.1 Normative References . . . . . . . . . . . . . . . . . . . 23 8.2. Informative References . . . . . . . . . . . . . . . . . . 23
9.2 Informative References . . . . . . . . . . . . . . . . . . 23 Appendix A. Loopback Suppression and Duplicate Address
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 24 Detection . . . . . . . . . . . . . . . . . . . . . . 25
A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION . . . . . . 24 Appendix B. Changes since RFC 1971 . . . . . . . . . . . . . . . 26
B. CHANGES SINCE RFC 1971 . . . . . . . . . . . . . . . . . . . . 26 Appendix C. Changes since RFC 2462 . . . . . . . . . . . . . . . 27
C. CHANGES SINCE RFC 2462 . . . . . . . . . . . . . . . . . . . . 26
D. CHANGE HISTORY . . . . . . . . . . . . . . . . . . . . . . . . 27
Intellectual Property and Copyright Statements . . . . . . . . 31
1. INTRODUCTION 1. Introduction
This document specifies the steps a host takes in deciding how to This document specifies the steps a host takes in deciding how to
autoconfigure its interfaces in IP version 6 (IPv6). The autoconfigure its interfaces in IP version 6 (IPv6). The
autoconfiguration process includes generating a link-local address, autoconfiguration process includes generating a link-local address,
generating global addresses via stateless address autoconfiguration, generating global addresses via stateless address autoconfiguration,
and the Duplicate Address Detection procedure to verify the and the Duplicate Address Detection procedure to verify the
uniqueness of the addresses on a link. uniqueness of the addresses on a link.
The IPv6 stateless autoconfiguration mechanism requires no manual The IPv6 stateless autoconfiguration mechanism requires no manual
configuration of hosts, minimal (if any) configuration of routers, configuration of hosts, minimal (if any) configuration of routers,
skipping to change at page 3, line 44 skipping to change at page 3, line 44
IPv6 addresses are leased to an interface for a fixed (possibly IPv6 addresses are leased to an interface for a fixed (possibly
infinite) length of time. Each address has an associated lifetime infinite) length of time. Each address has an associated lifetime
that indicates how long the address is bound to an interface. When a that indicates how long the address is bound to an interface. When a
lifetime expires, the binding (and address) become invalid and the lifetime expires, the binding (and address) become invalid and the
address may be reassigned to another interface elsewhere in the address may be reassigned to another interface elsewhere in the
Internet. To handle the expiration of address bindings gracefully, Internet. To handle the expiration of address bindings gracefully,
an address goes through two distinct phases while assigned to an an address goes through two distinct phases while assigned to an
interface. Initially, an address is "preferred", meaning that its interface. Initially, an address is "preferred", meaning that its
use in arbitrary communication is unrestricted. Later, an address use in arbitrary communication is unrestricted. Later, an address
becomes "deprecated" in anticipation that its current interface becomes "deprecated" in anticipation that its current interface
binding will become invalid. While in a deprecated state, the use of binding will become invalid. While an address is in a deprecated
an address is discouraged, but not strictly forbidden. New state, its use is discouraged, but not strictly forbidden. New
communication (e.g., the opening of a new TCP connection) should use communication (e.g., the opening of a new TCP connection) should use
a preferred address when possible. A deprecated address should be a preferred address when possible. A deprecated address should be
used only by applications that have been using it and would have used only by applications that have been using it and would have
difficulty switching to another address without a service disruption. difficulty switching to another address without a service disruption.
To ensure that all configured addresses are likely to be unique on a To ensure that all configured addresses are likely to be unique on a
given link, nodes run a "duplicate address detection" algorithm on given link, nodes run a "duplicate address detection" algorithm on
addresses before assigning them to an interface. The Duplicate addresses before assigning them to an interface. The Duplicate
Address Detection algorithm is performed on all addresses, Address Detection algorithm is performed on all addresses,
independent of whether they are obtained via stateless independently of whether they are obtained via stateless
autoconfiguration or DHCPv6. This document defines the Duplicate autoconfiguration or DHCPv6. This document defines the Duplicate
Address Detection algorithm. Address Detection algorithm.
The autoconfiguration process specified in this document applies only The autoconfiguration process specified in this document applies only
to hosts and not routers. Since host autoconfiguration uses to hosts and not routers. Since host autoconfiguration uses
information advertised by routers, routers will need to be configured information advertised by routers, routers will need to be configured
by some other means. However, it is expected that routers will by some other means. However, it is expected that routers will
generate link-local addresses using the mechanism described in this generate link-local addresses using the mechanism described in this
document. In addition, routers are expected to successfully pass the document. In addition, routers are expected to successfully pass the
Duplicate Address Detection procedure described in this document on Duplicate Address Detection procedure described in this document on
all addresses prior to assigning them to an interface. all addresses prior to assigning them to an interface.
Section 2 provides definitions for terminology used throughout this Section 2 provides definitions for terminology used throughout this
document. Section 3 describes the design goals that lead to the document. Section 3 describes the design goals that lead to the
current autoconfiguration procedure. Section 4 provides an overview current autoconfiguration procedure. Section 4 provides an overview
of the protocol, while Section 5 describes the protocol in detail. of the protocol, while Section 5 describes the protocol in detail.
2. TERMINOLOGY 2. Terminology
IP - Internet Protocol Version 6. The terms IPv4 and IPv6 are used IP - Internet Protocol Version 6. The terms IPv4 and IPv6 are used
only in contexts where necessary to avoid ambiguity. only in contexts where necessary to avoid ambiguity.
node - a device that implements IP. node - a device that implements IP.
router - a node that forwards IP packets not explicitly addressed to router - a node that forwards IP packets not explicitly addressed to
itself. itself.
host - any node that is not a router. host - any node that is not a router.
upper layer - a protocol layer immediately above IP. Examples are upper layer - a protocol layer immediately above IP. Examples are
transport protocols such as TCP and UDP, control protocols such as transport protocols such as TCP and UDP, control protocols such as
ICMP, routing protocols such as OSPF, and internet or lower-layer ICMP, routing protocols such as OSPF, and Internet or lower-layer
protocols being "tunneled" over (i.e., encapsulated in) IP such as protocols being "tunneled" over (i.e., encapsulated in) IP such as
IPX, AppleTalk, or IP itself. IPX, AppleTalk, or IP itself.
link - a communication facility or medium over which nodes can link - a communication facility or medium over which nodes can
communicate at the link layer, i.e., the layer immediately below communicate at the link layer, i.e., the layer immediately below
IP. Examples are Ethernets (simple or bridged); PPP links; X.25, IP. Examples are Ethernets (simple or bridged); PPP links; X.25,
Frame Relay, or ATM networks; and internet (or higher) layer Frame Relay, or ATM networks; and Internet (or higher) layer
"tunnels", such as tunnels over IPv4 or IPv6 itself. The protocol "tunnels", such as tunnels over IPv4 or IPv6 itself. The protocol
described in this document will be used on all types of links described in this document will be used on all types of links
unless specified otherwise in the link type specific document unless specified otherwise in the link-type-specific document
describing how to operate IP on the link in line with [I-D.ietf- describing how to operate IP on the link in line with [RFC4861].
ipv6-2461bis].
interface - a node's attachment to a link. interface - a node's attachment to a link.
packet - an IP header plus payload. packet - an IP header plus payload.
address - an IP-layer identifier for an interface or a set of address - an IP-layer identifier for an interface or a set of
interfaces. interfaces.
unicast address - an identifier for a single interface. A packet unicast address - an identifier for a single interface. A packet
sent to a unicast address is delivered to the interface identified sent to a unicast address is delivered to the interface identified
by that address. by that address.
multicast address - an identifier for a set of interfaces (typically multicast address - an identifier for a set of interfaces (typically
belonging to different nodes). A packet sent to a multicast belonging to different nodes). A packet sent to a multicast
address is delivered to all interfaces identified by that address. address is delivered to all interfaces identified by that address.
anycast address - an identifier for a set of interfaces (typically anycast address - an identifier for a set of interfaces (typically
belonging to different nodes). A packet sent to an anycast belonging to different nodes). A packet sent to an anycast
address is delivered to one of the interfaces identified by that address is delivered to one of the interfaces identified by that
address (the "nearest" one, according to the routing protocol's address (the "nearest" one, according to the routing protocol's
measure of distance). See [RFC3513]. measure of distance). See [RFC4291].
solicited-node multicast address - a multicast address to which solicited-node multicast address - a multicast address to which
Neighbor Solicitation messages are sent. The algorithm for Neighbor Solicitation messages are sent. The algorithm for
computing the address is given in [RFC3513]. computing the address is given in [RFC4291].
link-layer address - a link-layer identifier for an interface. link-layer address - a link-layer identifier for an interface.
Examples include IEEE 802 addresses for Ethernet links and E.164 Examples include IEEE 802 addresses for Ethernet links and E.164
addresses for ISDN links. addresses for Integrated Services Digital Network (ISDN) links.
link-local address - an address having link-only scope that can be link-local address - an address having link-only scope that can be
used to reach neighboring nodes attached to the same link. All used to reach neighboring nodes attached to the same link. All
interfaces have a link-local unicast address. interfaces have a link-local unicast address.
global address - an address with unlimited scope. global address - an address with unlimited scope.
communication - any packet exchange among nodes that requires that communication - any packet exchange among nodes that requires that
the address of each node used in the exchange remain the same for the address of each node used in the exchange remain the same for
the duration of the packet exchange. Examples are a TCP the duration of the packet exchange. Examples are a TCP
connection or a UDP request-response. connection or a UDP request-response.
tentative address - an address whose uniqueness on a link is being tentative address - an address whose uniqueness on a link is being
verified, prior to its assignment to an interface. A tentative verified, prior to its assignment to an interface. A tentative
address is not considered assigned to an interface in the usual address is not considered assigned to an interface in the usual
sense. An interface discards received packets addressed to a sense. An interface discards received packets addressed to a
tentative address, but accepts Neighbor Discovery packets related tentative address, but accepts Neighbor Discovery packets related
to Duplicate Address Detection for the tentative address. to Duplicate Address Detection for the tentative address.
preferred address - an address assigned to an interface whose use by preferred address - an address assigned to an interface whose use by
upper layer protocols is unrestricted. Preferred addresses may be upper-layer protocols is unrestricted. Preferred addresses may be
used as the source (or destination) address of packets sent from used as the source (or destination) address of packets sent from
(or to) the interface. (or to) the interface.
deprecated address - An address assigned to an interface whose use is deprecated address - An address assigned to an interface whose use
discouraged, but not forbidden. A deprecated address should no is discouraged, but not forbidden. A deprecated address should no
longer be used as a source address in new communications, but longer be used as a source address in new communications, but
packets sent from or to deprecated addresses are delivered as packets sent from or to deprecated addresses are delivered as
expected. A deprecated address may continue to be used as a expected. A deprecated address may continue to be used as a
source address in communications where switching to a preferred source address in communications where switching to a preferred
address causes hardship to a specific upper-layer activity (e.g., address causes hardship to a specific upper-layer activity (e.g.,
an existing TCP connection). an existing TCP connection).
valid address - a preferred or deprecated address. A valid address valid address - a preferred or deprecated address. A valid address
may appear as the source or destination address of a packet, and may appear as the source or destination address of a packet, and
the internet routing system is expected to deliver packets sent to the Internet routing system is expected to deliver packets sent to
a valid address to their intended recipients. a valid address to their intended recipients.
invalid address - an address that is not assigned to any interface. invalid address - an address that is not assigned to any interface.
A valid address becomes invalid when its valid lifetime expires. A valid address becomes invalid when its valid lifetime expires.
Invalid addresses should not appear as the destination or source Invalid addresses should not appear as the destination or source
address of a packet. In the former case, the internet routing address of a packet. In the former case, the Internet routing
system will be unable to deliver the packet, in the latter case system will be unable to deliver the packet; in the latter case,
the recipient of the packet will be unable to respond to it. the recipient of the packet will be unable to respond to it.
preferred lifetime - the length of time that a valid address is preferred lifetime - the length of time that a valid address is
preferred (i.e., the time until deprecation). When the preferred preferred (i.e., the time until deprecation). When the preferred
lifetime expires, the address becomes deprecated. lifetime expires, the address becomes deprecated.
valid lifetime - the length of time an address remains in the valid valid lifetime - the length of time an address remains in the valid
state (i.e., the time until invalidation). The valid lifetime state (i.e., the time until invalidation). The valid lifetime
must be greater than or equal to the preferred lifetime. When the must be greater than or equal to the preferred lifetime. When the
valid lifetime expires, the address becomes invalid. valid lifetime expires, the address becomes invalid.
interface identifier - a link-dependent identifier for an interface interface identifier - a link-dependent identifier for an interface
that is (at least) unique per link [RFC3513]. Stateless address that is (at least) unique per link [RFC4291]. Stateless address
autoconfiguration combines an interface identifier with a prefix autoconfiguration combines an interface identifier with a prefix
to form an address. From address autoconfiguration's perspective, to form an address. From address autoconfiguration's perspective,
an interface identifier is a bit string of known length. The an interface identifier is a bit string of known length. The
exact length of an interface identifier and the way it is created exact length of an interface identifier and the way it is created
is defined in a separate link-type specific document that covers is defined in a separate link-type specific document that covers
issues related to the transmission of IP over a particular link issues related to the transmission of IP over a particular link
type (e.g., [RFC2464]). Note that the address architecture type (e.g., [RFC2464]). Note that the address architecture
[RFC3513] also defines the length of the interface identifiers for [RFC4291] also defines the length of the interface identifiers for
some set of addresses, but the two sets of definitions must be some set of addresses, but the two sets of definitions must be
consistent. In many cases, the identifier will be derived from consistent. In many cases, the identifier will be derived from
the interface's link-layer address. the interface's link-layer address.
2.1 Requirements 2.1. Requirements
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in [RFC2119]. document, are to be interpreted as described in [RFC2119].
Note that this document intentionally limits the use of the keywords Note that this document intentionally limits the use of the keywords
to the protocol specification (Section 5). to the protocol specification (Section 5).
3. DESIGN GOALS 3. Design Goals
Stateless autoconfiguration is designed with the following goals in Stateless autoconfiguration is designed with the following goals in
mind: mind:
o Manual configuration of individual machines before connecting them o Manual configuration of individual machines before connecting them
to the network should not be required. Consequently, a mechanism to the network should not be required. Consequently, a mechanism
is needed that allows a host to obtain or create unique addresses is needed that allows a host to obtain or create unique addresses
for each of its interfaces. Address autoconfiguration assumes for each of its interfaces. Address autoconfiguration assumes
that each interface can provide a unique identifier for that that each interface can provide a unique identifier for that
interface (i.e., an "interface identifier"). In the simplest interface (i.e., an "interface identifier"). In the simplest
case, an interface identifier consists of the interface's link- case, an interface identifier consists of the interface's link-
layer address. An interface identifier can be combined with a layer address. An interface identifier can be combined with a
prefix to form an address. prefix to form an address.
o Small sites consisting of a set of machines attached to a single o Small sites consisting of a set of machines attached to a single
link should not require the presence of a DHCPv6 server or router link should not require the presence of a DHCPv6 server or router
as a prerequisite for communicating. Plug-and-play communication as a prerequisite for communicating. Plug-and-play communication
is achieved through the use of link-local addresses. Link-local is achieved through the use of link-local addresses. Link-local
addresses have a well-known prefix that identifies the (single) addresses have a well-known prefix that identifies the (single)
shared link to which a set of nodes attach. A host forms a link- shared link to which a set of nodes attach. A host forms a link-
local address by appending its interface identifier to the link- local address by appending an interface identifier to the link-
local prefix. local prefix.
o A large site with multiple networks and routers should not require o A large site with multiple networks and routers should not require
the presence of a DHCPv6 server for address configuration. In the presence of a DHCPv6 server for address configuration. In
order to generate global addresses, hosts must determine the order to generate global addresses, hosts must determine the
prefixes that identify the subnets to which they attach. Routers prefixes that identify the subnets to which they attach. Routers
generate periodic Router Advertisements that include options generate periodic Router Advertisements that include options
listing the set of active prefixes on a link. listing the set of active prefixes on a link.
o Address configuration should facilitate the graceful renumbering o Address configuration should facilitate the graceful renumbering
of a site's machines. For example, a site may wish to renumber of a site's machines. For example, a site may wish to renumber
all of its nodes when it switches to a new network service all of its nodes when it switches to a new network service
provider. Renumbering is achieved through the leasing of provider. Renumbering is achieved through the leasing of
addresses to interfaces and the assignment of multiple addresses addresses to interfaces and the assignment of multiple addresses
to the same interface. Lease lifetimes provide the mechanism to the same interface. Lease lifetimes provide the mechanism
through which a site phases out old prefixes. The assignment of through which a site phases out old prefixes. The assignment of
multiple addresses to an interface provides for a transition multiple addresses to an interface provides for a transition
period during which both a new address and the one being phased period during which both a new address and the one being phased
out work simultaneously. out work simultaneously.
4. PROTOCOL OVERVIEW 4. Protocol Overview
This section provides an overview of the typical steps that take This section provides an overview of the typical steps that take
place when an interface autoconfigures itself. Autoconfiguration is place when an interface autoconfigures itself. Autoconfiguration is
performed only on multicast-capable links and begins when a performed only on multicast-capable links and begins when a
multicast-capable interface is enabled, e.g., during system startup. multicast-capable interface is enabled, e.g., during system startup.
Nodes (both hosts and routers) begin the autoconfiguration process by Nodes (both hosts and routers) begin the autoconfiguration process by
generating a link-local address for the interface. A link-local generating a link-local address for the interface. A link-local
address is formed by appending the interface's identifier to the address is formed by appending an identifier of the interface to the
well-known link-local prefix [RFC3513]. well-known link-local prefix [RFC4291].
Before the link-local address can be assigned to an interface and Before the link-local address can be assigned to an interface and
used, however, a node must attempt to verify that this "tentative" used, however, a node must attempt to verify that this "tentative"
address is not already in use by another node on the link. address is not already in use by another node on the link.
Specifically, it sends a Neighbor Solicitation message containing the Specifically, it sends a Neighbor Solicitation message containing the
tentative address as the target. If another node is already using tentative address as the target. If another node is already using
that address, it will return a Neighbor Advertisement saying so. If that address, it will return a Neighbor Advertisement saying so. If
another node is also attempting to use the same address, it will send another node is also attempting to use the same address, it will send
a Neighbor Solicitation for the target as well. The exact number of a Neighbor Solicitation for the target as well. The exact number of
times the Neighbor Solicitation is (re)transmitted and the delay time times the Neighbor Solicitation is (re)transmitted and the delay time
skipping to change at page 9, line 7 skipping to change at page 9, line 7
The next phase of autoconfiguration involves obtaining a Router The next phase of autoconfiguration involves obtaining a Router
Advertisement or determining that no routers are present. If routers Advertisement or determining that no routers are present. If routers
are present, they will send Router Advertisements that specify what are present, they will send Router Advertisements that specify what
sort of autoconfiguration a host can do. Note that the DHCPv6 sort of autoconfiguration a host can do. Note that the DHCPv6
service for address configuration may still be available even if no service for address configuration may still be available even if no
routers are present. routers are present.
Routers send Router Advertisements periodically, but the delay Routers send Router Advertisements periodically, but the delay
between successive advertisements will generally be longer than a between successive advertisements will generally be longer than a
host performing autoconfiguration will want to wait [I-D.ietf-ipv6- host performing autoconfiguration will want to wait [RFC4861]. To
2461bis]. To obtain an advertisement quickly, a host sends one or obtain an advertisement quickly, a host sends one or more Router
more Router Solicitations to the all-routers multicast group. Solicitations to the all-routers multicast group.
Router Advertisements also contain zero or more Prefix Information Router Advertisements also contain zero or more Prefix Information
options that contain information used by stateless address options that contain information used by stateless address
autoconfiguration to generate global addresses. It should be noted autoconfiguration to generate global addresses. It should be noted
that a host may use both stateless address autoconfiguration and that a host may use both stateless address autoconfiguration and
DHCPv6 simultaneously. One Prefix Information option field, the DHCPv6 simultaneously. One Prefix Information option field, the
"autonomous address-configuration flag", indicates whether or not the "autonomous address-configuration flag", indicates whether or not the
option even applies to stateless autoconfiguration. If it does, option even applies to stateless autoconfiguration. If it does,
additional option fields contain a subnet prefix together with additional option fields contain a subnet prefix, together with
lifetime values indicating how long addresses created from the prefix lifetime values, indicating how long addresses created from the
remain preferred and valid. prefix remain preferred and valid.
Because routers generate Router Advertisements periodically, hosts Because routers generate Router Advertisements periodically, hosts
will continually receive new advertisements. Hosts process the will continually receive new advertisements. Hosts process the
information contained in each advertisement as described above, information contained in each advertisement as described above,
adding to and refreshing information received in previous adding to and refreshing information received in previous
advertisements. advertisements.
By default, all addresses should be tested for uniqueness prior to By default, all addresses should be tested for uniqueness prior to
their assignment to an interface for safety. The test should their assignment to an interface for safety. The test should
individually be performed on all addresses obtained manually, via individually be performed on all addresses obtained manually, via
skipping to change at page 9, line 44 skipping to change at page 9, line 44
Detection can be disabled through the administrative setting of a Detection can be disabled through the administrative setting of a
per-interface configuration flag. per-interface configuration flag.
To speed the autoconfiguration process, a host may generate its link- To speed the autoconfiguration process, a host may generate its link-
local address (and verify its uniqueness) in parallel with waiting local address (and verify its uniqueness) in parallel with waiting
for a Router Advertisement. Because a router may delay responding to for a Router Advertisement. Because a router may delay responding to
a Router Solicitation for a few seconds, the total time needed to a Router Solicitation for a few seconds, the total time needed to
complete autoconfiguration can be significantly longer if the two complete autoconfiguration can be significantly longer if the two
steps are done serially. steps are done serially.
4.1 Site Renumbering 4.1. Site Renumbering
Address leasing facilitates site renumbering by providing a mechanism Address leasing facilitates site renumbering by providing a mechanism
to time-out addresses assigned to interfaces in hosts. At present, to time-out addresses assigned to interfaces in hosts. At present,
upper layer protocols such as TCP provide no support for changing upper-layer protocols such as TCP provide no support for changing
end-point addresses while a connection is open. If an end-point end-point addresses while a connection is open. If an end-point
address becomes invalid, existing connections break and all address becomes invalid, existing connections break and all
communication to the invalid address fails. Even when applications communication to the invalid address fails. Even when applications
use UDP as a transport protocol, addresses must generally remain the use UDP as a transport protocol, addresses must generally remain the
same during a packet exchange. same during a packet exchange.
Dividing valid addresses into preferred and deprecated categories Dividing valid addresses into preferred and deprecated categories
provides a way of indicating to upper layers that a valid address may provides a way of indicating to upper layers that a valid address may
become invalid shortly and that future communication using the become invalid shortly and that future communication using the
address will fail, should the address's valid lifetime expire before address will fail, should the address's valid lifetime expire before
skipping to change at page 10, line 24 skipping to change at page 10, line 26
set appropriate prefix lifetimes in order to minimize the impact of set appropriate prefix lifetimes in order to minimize the impact of
failed communication when renumbering takes place. The deprecation failed communication when renumbering takes place. The deprecation
period should be long enough that most, if not all, communications period should be long enough that most, if not all, communications
are using the new address at the time an address becomes invalid. are using the new address at the time an address becomes invalid.
The IP layer is expected to provide a means for upper layers The IP layer is expected to provide a means for upper layers
(including applications) to select the most appropriate source (including applications) to select the most appropriate source
address given a particular destination and possibly other address given a particular destination and possibly other
constraints. An application may choose to select the source address constraints. An application may choose to select the source address
itself before starting a new communication or may leave the address itself before starting a new communication or may leave the address
unspecified, in which case the upper networking layers will use the unspecified, in which case, the upper networking layers will use the
mechanism provided by the IP layer to choose a suitable address on mechanism provided by the IP layer to choose a suitable address on
the application's behalf. the application's behalf.
Detailed address selection rules are beyond the scope of this Detailed address selection rules are beyond the scope of this
document and are described in [RFC3484]. document and are described in [RFC3484].
5. PROTOCOL SPECIFICATION 5. Protocol Specification
Autoconfiguration is performed on a per-interface basis on multicast- Autoconfiguration is performed on a per-interface basis on multicast-
capable interfaces. For multihomed hosts, autoconfiguration is capable interfaces. For multihomed hosts, autoconfiguration is
performed independently on each interface. Autoconfiguration applies performed independently on each interface. Autoconfiguration applies
primarily to hosts, with two exceptions. Routers are expected to primarily to hosts, with two exceptions. Routers are expected to
generate a link-local address using the procedure outlined below. In generate a link-local address using the procedure outlined below. In
addition, routers perform Duplicate Address Detection on all addition, routers perform Duplicate Address Detection on all
addresses prior to assigning them to an interface. addresses prior to assigning them to an interface.
5.1 Node Configuration Variables 5.1. Node Configuration Variables
A node MUST allow the following autoconfiguration-related variable to A node MUST allow the following autoconfiguration-related variable to
be configured by system management for each multicast-capable be configured by system management for each multicast-capable
interface: interface:
DupAddrDetectTransmits DupAddrDetectTransmits The number of consecutive Neighbor
Solicitation messages sent while performing Duplicate Address
The number of consecutive Neighbor Solicitation messages sent Detection on a tentative address. A value of zero indicates that
while performing Duplicate Address Detection on a tentative Duplicate Address Detection is not performed on tentative
address. A value of zero indicates that Duplicate Address addresses. A value of one indicates a single transmission with no
Detection is not performed on tentative addresses. A value of one follow-up retransmissions.
indicates a single transmission with no follow up retransmissions.
Default: 1, but may be overridden by a link-type specific value in Default: 1, but may be overridden by a link-type specific value in
the document that covers issues related to the transmission of IP the document that covers issues related to the transmission of IP
over a particular link type (e.g., [RFC2464]). over a particular link type (e.g., [RFC2464]).
Autoconfiguration also assumes the presence of the variable Autoconfiguration also assumes the presence of the variable
RetransTimer as defined in [I-D.ietf-ipv6-2461bis]. For RetransTimer as defined in [RFC4861]. For autoconfiguration
autoconfiguration purposes, RetransTimer specifies the delay purposes, RetransTimer specifies the delay between consecutive
between consecutive Neighbor Solicitation transmissions performed Neighbor Solicitation transmissions performed during Duplicate
during Duplicate Address Detection (if DupAddrDetectTransmits is Address Detection (if DupAddrDetectTransmits is greater than 1),
greater than 1), as well as the time a node waits after sending as well as the time a node waits after sending the last Neighbor
the last Neighbor Solicitation before ending the Duplicate Address Solicitation before ending the Duplicate Address Detection
Detection process. process.
5.2 Autoconfiguration-Related Structures 5.2. Autoconfiguration-Related Structures
Beyond the formation of a link-local address and using Duplicate Beyond the formation of a link-local address and use of Duplicate
Address Detection, how routers (auto)configure their interfaces is Address Detection, how routers (auto)configure their interfaces is
beyond the scope of this document. beyond the scope of this document.
A host maintains a list of addresses together with their A host maintains a list of addresses together with their
corresponding lifetimes. The address list contains both corresponding lifetimes. The address list contains both
autoconfigured addresses and those configured manually. autoconfigured addresses and those configured manually.
5.3 Creation of Link-Local Addresses 5.3. Creation of Link-Local Addresses
A node forms a link-local address whenever an interface becomes A node forms a link-local address whenever an interface becomes
enabled. An interface may become enabled after any of the following enabled. An interface may become enabled after any of the following
events: events:
- The interface is initialized at system startup time. - The interface is initialized at system startup time.
- The interface is reinitialized after a temporary interface failure - The interface is reinitialized after a temporary interface failure
or after being temporarily disabled by system management. or after being temporarily disabled by system management.
- The interface attaches to a link for the first time. This - The interface attaches to a link for the first time. This
includes the case where the attached link is dynamically changed includes the case where the attached link is dynamically changed
due to a change of the access point of wireless networks. due to a change of the access point of wireless networks.
- The interface becomes enabled by system management after having - The interface becomes enabled by system management after having
been administratively disabled. been administratively disabled.
A link-local address is formed by combining the well-known link-local A link-local address is formed by combining the well-known link-local
prefix FE80::0 [RFC3513] (of appropriate length) with the interface prefix FE80::0 [RFC4291] (of appropriate length) with an interface
identifier as follows: identifier as follows:
1. The left-most 'prefix length' bits of the address are those of 1. The left-most 'prefix length' bits of the address are those of
the link-local prefix. the link-local prefix.
2. The bits in the address to the right of the link-local prefix are 2. The bits in the address to the right of the link-local prefix are
set to all zeroes. set to all zeroes.
3. If the length of the interface identifier is N bits, the right- 3. If the length of the interface identifier is N bits, the right-
most N bits of the address are replaced by the interface most N bits of the address are replaced by the interface
identifier. identifier.
If the sum of the link-local prefix length and N is larger than 128, If the sum of the link-local prefix length and N is larger than 128,
autoconfiguration fails and manual configuration is required. The autoconfiguration fails and manual configuration is required. The
length of the interface identifier is defined in a separate link-type length of the interface identifier is defined in a separate link-
specific document, which should also be consistent with the address type-specific document, which should also be consistent with the
architecture [RFC3513] (see Section 2). These documents will address architecture [RFC4291] (see Section 2). These documents will
carefully define the length so that link-local addresses can be carefully define the length so that link-local addresses can be
autoconfigured on the link. autoconfigured on the link.
A link-local address has an infinite preferred and valid lifetime; it A link-local address has an infinite preferred and valid lifetime; it
is never timed out. is never timed out.
5.4 Duplicate Address Detection 5.4. Duplicate Address Detection
Duplicate Address Detection MUST be performed on all unicast Duplicate Address Detection MUST be performed on all unicast
addresses prior to assigning them to an interface, regardless of addresses prior to assigning them to an interface, regardless of
whether they are obtained through stateless autoconfiguration, whether they are obtained through stateless autoconfiguration,
DHCPv6, or manual configuration, with the following exceptions: DHCPv6, or manual configuration, with the following exceptions:
- An interface whose DupAddrDetectTransmits variable is set to zero - An interface whose DupAddrDetectTransmits variable is set to zero
does not perform Duplicate Address Detection, does not perform Duplicate Address Detection.
- Duplicate Address Detection MUST NOT be performed on anycast - Duplicate Address Detection MUST NOT be performed on anycast
addresses (note that anycast addresses cannot syntactically be addresses (note that anycast addresses cannot syntactically be
distinguished from unicast addresses), and distinguished from unicast addresses).
- Each individual unicast address SHOULD be tested for uniqueness. - Each individual unicast address SHOULD be tested for uniqueness.
Note that there are implementations deployed that only perform Note that there are implementations deployed that only perform
Duplicate Address Detection for the link-local address and skip Duplicate Address Detection for the link-local address and skip
the test for the global address using the same interface the test for the global address that uses the same interface
identifier as that of the link-local address. Whereas this identifier as that of the link-local address. Whereas this
document does not invalidate such implementations, this kind of document does not invalidate such implementations, this kind of
"optimization" is NOT RECOMMENDED, and new implementations MUST "optimization" is NOT RECOMMENDED, and new implementations MUST
NOT do that optimization. This optimization came from the NOT do that optimization. This optimization came from the
assumption that all of an interface's addresses are generated from assumption that all of an interface's addresses are generated from
the same identifier. However, the assumption does actually not the same identifier. However, the assumption does actually not
stand; new types of addresses have been introduced where the stand; new types of addresses have been introduced where the
interface identifiers are not necessarily the same for all unicast interface identifiers are not necessarily the same for all unicast
addresses on a single interface [RFC3041] [RFC3972]. Requiring to addresses on a single interface [RFC4941] [RFC3972]. Requiring
perform Duplicate Address Detection for all unicast addresses will that Duplicate Address Detection be performed for all unicast
make the algorithm robust for the current and future such special addresses will make the algorithm robust for the current and
interface identifiers. future special interface identifiers.
The procedure for detecting duplicate addresses uses Neighbor The procedure for detecting duplicate addresses uses Neighbor
Solicitation and Advertisement messages as described below. If a Solicitation and Advertisement messages as described below. If a
duplicate address is discovered during the procedure, the address duplicate address is discovered during the procedure, the address
cannot be assigned to the interface. If the address is derived from cannot be assigned to the interface. If the address is derived from
an interface identifier, a new identifier will need to be assigned to an interface identifier, a new identifier will need to be assigned to
the interface, or all IP addresses for the interface will need to be the interface, or all IP addresses for the interface will need to be
manually configured. Note that the method for detecting duplicates manually configured. Note that the method for detecting duplicates
is not completely reliable, and it is possible that duplicate is not completely reliable, and it is possible that duplicate
addresses will still exist (e.g., if the link was partitioned while addresses will still exist (e.g., if the link was partitioned while
skipping to change at page 13, line 29 skipping to change at page 13, line 36
An address on which the Duplicate Address Detection procedure is An address on which the Duplicate Address Detection procedure is
applied is said to be tentative until the procedure has completed applied is said to be tentative until the procedure has completed
successfully. A tentative address is not considered "assigned to an successfully. A tentative address is not considered "assigned to an
interface" in the traditional sense. That is, the interface must interface" in the traditional sense. That is, the interface must
accept Neighbor Solicitation and Advertisement messages containing accept Neighbor Solicitation and Advertisement messages containing
the tentative address in the Target Address field, but processes such the tentative address in the Target Address field, but processes such
packets differently from those whose Target Address matches an packets differently from those whose Target Address matches an
address assigned to the interface. Other packets addressed to the address assigned to the interface. Other packets addressed to the
tentative address should be silently discarded. Note that the "other tentative address should be silently discarded. Note that the "other
packets" include Neighbor Solicitation and Advertisement messages packets" include Neighbor Solicitation and Advertisement messages
which have the tentative (i.e., unicast) address as the IP that have the tentative (i.e., unicast) address as the IP destination
destination address and contain the tentative address in the Target address and contain the tentative address in the Target Address
Address field. Such a case should not happen in normal operation, field. Such a case should not happen in normal operation, though,
though, since these messages are multicasted in the Duplicate Address since these messages are multicasted in the Duplicate Address
Detection procedure. Detection procedure.
It should also be noted that Duplicate Address Detection must be It should also be noted that Duplicate Address Detection must be
performed prior to assigning an address to an interface in order to performed prior to assigning an address to an interface in order to
prevent multiple nodes from using the same address simultaneously. prevent multiple nodes from using the same address simultaneously.
If a node begins using an address in parallel with Duplicate Address If a node begins using an address in parallel with Duplicate Address
Detection, and another node is already using the address, the node Detection, and another node is already using the address, the node
performing Duplicate Address Detection will erroneously process performing Duplicate Address Detection will erroneously process
traffic intended for the other node, resulting in such possible traffic intended for the other node, resulting in such possible
negative consequences as the resetting of open TCP connections. negative consequences as the resetting of open TCP connections.
The following subsections describe specific tests a node performs to The following subsections describe specific tests a node performs to
verify an address's uniqueness. An address is considered unique if verify an address's uniqueness. An address is considered unique if
none of the tests indicate the presence of a duplicate address within none of the tests indicate the presence of a duplicate address within
RetransTimer milliseconds after having sent DupAddrDetectTransmits RetransTimer milliseconds after having sent DupAddrDetectTransmits
Neighbor Solicitations. Once an address is determined to be unique, Neighbor Solicitations. Once an address is determined to be unique,
it may be assigned to an interface. it may be assigned to an interface.
5.4.1 Message Validation 5.4.1. Message Validation
A node MUST silently discard any Neighbor Solicitation or A node MUST silently discard any Neighbor Solicitation or
Advertisement message that does not pass the validity checks Advertisement message that does not pass the validity checks
specified in [I-D.ietf-ipv6-2461bis]. A Neighbor Solicitation or specified in [RFC4861]. A Neighbor Solicitation or Advertisement
Advertisement message that passes these validity checks is called a message that passes these validity checks is called a valid
valid solicitation or valid advertisement, respectively. solicitation or valid advertisement, respectively.
5.4.2 Sending Neighbor Solicitation Messages 5.4.2. Sending Neighbor Solicitation Messages
Before sending a Neighbor Solicitation, an interface MUST join the Before sending a Neighbor Solicitation, an interface MUST join the
all-nodes multicast address and the solicited-node multicast address all-nodes multicast address and the solicited-node multicast address
of the tentative address. The former ensures that the node receives of the tentative address. The former ensures that the node receives
Neighbor Advertisements from other nodes already using the address; Neighbor Advertisements from other nodes already using the address;
the latter ensures that two nodes attempting to use the same address the latter ensures that two nodes attempting to use the same address
simultaneously should detect each other's presence. simultaneously should detect each other's presence.
To check an address, a node sends DupAddrDetectTransmits Neighbor To check an address, a node sends DupAddrDetectTransmits Neighbor
Solicitations, each separated by RetransTimer milliseconds. The Solicitations, each separated by RetransTimer milliseconds. The
solicitation's Target Address is set to the address being checked, solicitation's Target Address is set to the address being checked,
the IP source is set to the unspecified address and the IP the IP source is set to the unspecified address, and the IP
destination is set to the solicited-node multicast address of the destination is set to the solicited-node multicast address of the
target address. target address.
If the Neighbor Solicitation is going to be the first message to be If the Neighbor Solicitation is going to be the first message sent
sent from an interface after interface (re)initialization, the node from an interface after interface (re)initialization, the node SHOULD
SHOULD delay joining the solicited-node multicast address by a random delay joining the solicited-node multicast address by a random delay
delay between 0 and MAX_RTR_SOLICITATION_DELAY as specified in between 0 and MAX_RTR_SOLICITATION_DELAY as specified in [RFC4861].
[I-D.ietf-ipv6-2461bis]. This serves to alleviate congestion when This serves to alleviate congestion when many nodes start up on the
many nodes start up on the link at the same time, such as after a link at the same time, such as after a power failure, and may help to
power failure, and may help to avoid race conditions when more than avoid race conditions when more than one node is trying to solicit
one node is trying to solicit for the same address at the same time. for the same address at the same time.
Even if the Neighbor Solicitation is not going to be the first Even if the Neighbor Solicitation is not going to be the first
message to be sent, the node SHOULD delay joining the solicited-node message sent, the node SHOULD delay joining the solicited-node
multicast address by a random delay between 0 and multicast address by a random delay between 0 and
MAX_RTR_SOLICITATION_DELAY if the address being checked is configured MAX_RTR_SOLICITATION_DELAY if the address being checked is configured
by a router advertisement message sent to a multicast address. The by a router advertisement message sent to a multicast address. The
delay will avoid similar congestion when multiple nodes are going to delay will avoid similar congestion when multiple nodes are going to
configure addresses by receiving the same single multicast router configure addresses by receiving the same single multicast router
advertisement. advertisement.
Note that when a node joins a multicast address, it typically sends a Note that when a node joins a multicast address, it typically sends a
Multicast Listener Discovery (MLD) report message [RFC2710] [RFC3810] Multicast Listener Discovery (MLD) report message [RFC2710] [RFC3810]
for the multicast address. In the case of Duplicate Address for the multicast address. In the case of Duplicate Address
Detection, the MLD report message is required in order to inform MLD- Detection, the MLD report message is required in order to inform MLD-
snooping switches, rather than routers, to forward multicast packets. snooping switches, rather than routers, to forward multicast packets.
In the above description, the delay for joining the multicast address In the above description, the delay for joining the multicast address
thus means delaying transmission of the corresponding MLD report thus means delaying transmission of the corresponding MLD report
message. Since the MLD specifications do not request a random delay message. Since the MLD specifications do not request a random delay
to avoid race conditions, just delaying Neighbor Solicitation would to avoid race conditions, just delaying Neighbor Solicitation would
cause congestion by the MLD report messages. The congestion would cause congestion by the MLD report messages. The congestion would
then prevent the MLD-snooping switches from working correctly, and, then prevent the MLD-snooping switches from working correctly and, as
as a result, prevent Duplicate Address Detection from working. The a result, prevent Duplicate Address Detection from working. The
requirement to include the delay for the MLD report in this case requirement to include the delay for the MLD report in this case
avoids this scenario. [RFC3590] also talks about some interaction avoids this scenario. [RFC3590] also talks about some interaction
issues between Duplicate Address Detection and MLD, and specifies issues between Duplicate Address Detection and MLD, and specifies
which source address should be used for the MLD report in this case. which source address should be used for the MLD report in this case.
In order to improve the robustness of the Duplicate Address Detection In order to improve the robustness of the Duplicate Address Detection
algorithm, an interface MUST receive and process datagrams sent to algorithm, an interface MUST receive and process datagrams sent to
the all-nodes multicast address or solicited-node multicast address the all-nodes multicast address or solicited-node multicast address
of the tentative address during the delay period. This does not of the tentative address during the delay period. This does not
necessarily conflict with the requirement that joining the multicast necessarily conflict with the requirement that joining the multicast
group be delayed. In fact, in some cases it is possible for a node group be delayed. In fact, in some cases it is possible for a node
to start listening to the group during the delay period before MLD to start listening to the group during the delay period before MLD
report transmission. It should be noted, however, that in some link- report transmission. It should be noted, however, that in some link-
layer environments, particularly with MLD-snooping switches, no layer environments, particularly with MLD-snooping switches, no
multicast reception will be available until the MLD report is sent. multicast reception will be available until the MLD report is sent.
5.4.3 Receiving Neighbor Solicitation Messages 5.4.3. Receiving Neighbor Solicitation Messages
On receipt of a valid Neighbor Solicitation message on an interface, On receipt of a valid Neighbor Solicitation message on an interface,
node behavior depends on whether the target address is tentative or node behavior depends on whether or not the target address is
not. If the target address is not tentative (i.e., it is assigned to tentative. If the target address is not tentative (i.e., it is
the receiving interface), the solicitation is processed as described assigned to the receiving interface), the solicitation is processed
in [I-D.ietf-ipv6-2461bis]. If the target address is tentative, and as described in [RFC4861]. If the target address is tentative, and
the source address is a unicast address, the solicitation's sender is the source address is a unicast address, the solicitation's sender is
performing address resolution on the target; the solicitation should performing address resolution on the target; the solicitation should
be silently ignored. Otherwise, processing takes place as described be silently ignored. Otherwise, processing takes place as described
below. In all cases, a node MUST NOT respond to a Neighbor below. In all cases, a node MUST NOT respond to a Neighbor
Solicitation for a tentative address. Solicitation for a tentative address.
If the source address of the Neighbor Solicitation is the unspecified If the source address of the Neighbor Solicitation is the unspecified
address, the solicitation is from a node performing Duplicate Address address, the solicitation is from a node performing Duplicate Address
Detection. If the solicitation is from another node, the tentative Detection. If the solicitation is from another node, the tentative
address is a duplicate and should not be used (by either node). If address is a duplicate and should not be used (by either node). If
the solicitation is from the node itself (because the node loops back the solicitation is from the node itself (because the node loops back
multicast packets), the solicitation does not indicate the presence multicast packets), the solicitation does not indicate the presence
of a duplicate address. of a duplicate address.
Implementor's Note: many interfaces provide a way for upper layers to Implementer's Note: many interfaces provide a way for upper layers to
selectively enable and disable the looping back of multicast packets. selectively enable and disable the looping back of multicast packets.
The details of how such a facility is implemented may prevent The details of how such a facility is implemented may prevent
Duplicate Address Detection from working correctly. See the Duplicate Address Detection from working correctly. See Appendix A
Appendix A for further discussion. for further discussion.
The following tests identify conditions under which a tentative The following tests identify conditions under which a tentative
address is not unique: address is not unique:
- If a Neighbor Solicitation for a tentative address is received - If a Neighbor Solicitation for a tentative address is received
prior to having sent one, the tentative address is a duplicate. before one is sent, the tentative address is a duplicate. This
This condition occurs when two nodes run Duplicate Address condition occurs when two nodes run Duplicate Address Detection
Detection simultaneously, but transmit initial solicitations at simultaneously, but transmit initial solicitations at different
different times (e.g., by selecting different random delay values times (e.g., by selecting different random delay values before
before joining the solicited-node multicast address and joining the solicited-node multicast address and transmitting an
transmitting an initial solicitation). initial solicitation).
- If the actual number of Neighbor Solicitations received exceeds - If the actual number of Neighbor Solicitations received exceeds
the number expected based on the loopback semantics (e.g., the the number expected based on the loopback semantics (e.g., the
interface does not loopback packet, yet one or more solicitations interface does not loop back the packet, yet one or more
was received), the tentative address is a duplicate. This solicitations was received), the tentative address is a duplicate.
condition occurs when two nodes run Duplicate Address Detection This condition occurs when two nodes run Duplicate Address
simultaneously and transmit solicitations at roughly the same Detection simultaneously and transmit solicitations at roughly the
time. same time.
5.4.4 Receiving Neighbor Advertisement Messages 5.4.4. Receiving Neighbor Advertisement Messages
On receipt of a valid Neighbor Advertisement message on an interface, On receipt of a valid Neighbor Advertisement message on an interface,
node behavior depends on whether the target address is tentative or node behavior depends on whether the target address is tentative or
matches a unicast or anycast address assigned to the interface. If matches a unicast or anycast address assigned to the interface:
the target address is assigned to the receiving interface, the
solicitation is processed as described in [I-D.ietf-ipv6-2461bis].
If the target address is tentative, the tentative address is not
unique.
5.4.5 When Duplicate Address Detection Fails 1. If the target address is tentative, the tentative address is not
unique.
2. If the target address matches a unicast address assigned to the
receiving interface, it would possibly indicate that the address
is a duplicate but it has not been detected by the Duplicate
Address Detection procedure (recall that Duplicate Address
Detection is not completely reliable). How to handle such a case
is beyond the scope of this document.
3. Otherwise, the advertisement is processed as described in
[RFC4861].
5.4.5. When Duplicate Address Detection Fails
A tentative address that is determined to be a duplicate as described A tentative address that is determined to be a duplicate as described
above MUST NOT be assigned to an interface and the node SHOULD log a above MUST NOT be assigned to an interface, and the node SHOULD log a
system management error. system management error.
If the address is a link-local address formed from an interface If the address is a link-local address formed from an interface
identifier based on the hardware address which is supposed to be identifier based on the hardware address, which is supposed to be
uniquely assigned (e.g., EUI-64 for an Ethernet interface), IP uniquely assigned (e.g., EUI-64 for an Ethernet interface), IP
operation on the interface SHOULD be disabled. By disabling IP operation on the interface SHOULD be disabled. By disabling IP
operation, the node will then operation, the node will then:
- not send any IP packets from the interface,
- silently drop any IP packets received on the interface, and
- not send any IP packets from the interface
- silently drop any IP packets received on the interface
- not forward any IP packets to the interface (when acting as a - not forward any IP packets to the interface (when acting as a
router or processing a packet with a Routing header) router or processing a packet with a Routing header).
In this case, the IP address duplication probably means duplicate In this case, the IP address duplication probably means duplicate
hardware addresses are in use, and trying to recover from it by hardware addresses are in use, and trying to recover from it by
configuring another IP address will not result in a usable network. configuring another IP address will not result in a usable network.
In fact, it probably makes things worse by creating problems that are In fact, it probably makes things worse by creating problems that are
harder to diagnose than just disabling network operation on the harder to diagnose than just disabling network operation on the
interface; the user will see a partially working network where some interface; the user will see a partially working network where some
things work, and other things will not. things work, and other things do not.
On the other hand, if the duplicate link-local address is not formed On the other hand, if the duplicate link-local address is not formed
from an interface identifier based on the hardware address which is from an interface identifier based on the hardware address, which is
supposed to be uniquely assigned, IP operation on the interface MAY supposed to be uniquely assigned, IP operation on the interface MAY
be continued. be continued.
Note: as specified in Section 2, "IP" means "IPv6" in the above Note: as specified in Section 2, "IP" means "IPv6" in the above
description. While the background rationale about hardware address description. While the background rationale about hardware address
is independent of particular network protocols, its effect on other is independent of particular network protocols, its effect on other
protocols is beyond the scope of this document. protocols is beyond the scope of this document.
5.5 Creation of Global Addresses 5.5. Creation of Global Addresses
Global addresses are formed by appending an interface identifier to a Global addresses are formed by appending an interface identifier to a
prefix of appropriate length. Prefixes are obtained from Prefix prefix of appropriate length. Prefixes are obtained from Prefix
Information options contained in Router Advertisements. Creation of Information options contained in Router Advertisements. Creation of
global addresses as described in this section SHOULD be locally global addresses as described in this section SHOULD be locally
configurable. However, the processing described below MUST be configurable. However, the processing described below MUST be
enabled by default. enabled by default.
5.5.1 Soliciting Router Advertisements 5.5.1. Soliciting Router Advertisements
Router Advertisements are sent periodically to the all-nodes Router Advertisements are sent periodically to the all-nodes
multicast address. To obtain an advertisement quickly, a host sends multicast address. To obtain an advertisement quickly, a host sends
out Router Solicitations as described in [I-D.ietf-ipv6-2461bis]. out Router Solicitations as described in [RFC4861].
5.5.2 Absence of Router Advertisements 5.5.2. Absence of Router Advertisements
Even if a link has no routers, the DHCPv6 service to obtain addresses Even if a link has no routers, the DHCPv6 service to obtain addresses
may still be available, and hosts may want to use the service. From may still be available, and hosts may want to use the service. From
the perspective of autoconfiguration, a link has no routers if no the perspective of autoconfiguration, a link has no routers if no
Router Advertisements are received after having sent a small number Router Advertisements are received after having sent a small number
of Router Solicitations as described in [I-D.ietf-ipv6-2461bis]. of Router Solicitations as described in [RFC4861].
Note that it is possible that there is no router on the link in this Note that it is possible that there is no router on the link in this
sense but there is a node that has the ability to forward packets. sense, but there is a node that has the ability to forward packets.
In this case, the forwarding node's address must be manually In this case, the forwarding node's address must be manually
configured in hosts to be able to send packets off-link, since the configured in hosts to be able to send packets off-link, since the
only mechanism to configure the default router's address only mechanism to configure the default router's address
automatically is the one using Router Advertisements. automatically is the one using Router Advertisements.
5.5.3 Router Advertisement Processing 5.5.3. Router Advertisement Processing
For each Prefix-Information option in the Router Advertisement: For each Prefix-Information option in the Router Advertisement:
a) If the Autonomous flag is not set, silently ignore the Prefix a) If the Autonomous flag is not set, silently ignore the Prefix
Information option. Information option.
b) If the prefix is the link-local prefix, silently ignore the b) If the prefix is the link-local prefix, silently ignore the
Prefix Information option. Prefix Information option.
c) If the preferred lifetime is greater than the valid lifetime, c) If the preferred lifetime is greater than the valid lifetime,
silently ignore the Prefix Information option. A node MAY wish to silently ignore the Prefix Information option. A node MAY wish to
log a system management error in this case. log a system management error in this case.
d) If the prefix advertised is not equal to the prefix of an address d) If the prefix advertised is not equal to the prefix of an
configured by stateless autoconfiguration already in the list of address configured by stateless autoconfiguration already in the
addresses associated with the interface (where "equal" means the list of addresses associated with the interface (where "equal"
two prefix lengths are the same and the first prefix-length bits means the two prefix lengths are the same and the first prefix-
of the prefixes are identical), and the Valid Lifetime is not 0, length bits of the prefixes are identical), and if the Valid
form an address (and add it to the list) by combining the Lifetime is not 0, form an address (and add it to the list) by
advertised prefix with the link's interface identifier as follows: combining the advertised prefix with an interface identifier of
the link as follows:
| 128 - N bits | N bits | | 128 - N bits | N bits |
+---------------------------------------+------------------------+ +---------------------------------------+------------------------+
| link prefix | interface identifier | | link prefix | interface identifier |
+----------------------------------------------------------------+ +----------------------------------------------------------------+
If the sum of the prefix length and interface identifier length If the sum of the prefix length and interface identifier length
does not equal 128 bits, the Prefix Information option MUST be does not equal 128 bits, the Prefix Information option MUST be
ignored. An implementation MAY wish to log a system management ignored. An implementation MAY wish to log a system management
error in this case. The length of the interface identifier is error in this case. The length of the interface identifier is
defined in a separate link-type specific document, which should defined in a separate link-type specific document, which should
also be consistent with the address architecture [RFC3513] (see also be consistent with the address architecture [RFC4291] (see
Section 2). Section 2).
It is the responsibility of the system administrator to insure It is the responsibility of the system administrator to ensure
that the lengths of prefixes contained in Router Advertisements that the lengths of prefixes contained in Router Advertisements
are consistent with the length of interface identifiers for that are consistent with the length of interface identifiers for that
link type. It should be noted, however, that this does not mean link type. It should be noted, however, that this does not mean
the advertised prefix length is meaningless. In fact, the the advertised prefix length is meaningless. In fact, the
advertised length has non trivial meaning for on-link advertised length has non-trivial meaning for on-link
determination in [I-D.ietf-ipv6-2461bis] where the sum of the determination in [RFC4861] where the sum of the prefix length and
prefix length and the interface identifier length may not be equal the interface identifier length may not be equal to 128. Thus, it
to 128. Thus, it should be safe to validate the advertised prefix should be safe to validate the advertised prefix length here, in
length here, in order to detect and avoid a configuration error order to detect and avoid a configuration error specifying an
specifying an invalid prefix length in the context of address invalid prefix length in the context of address autoconfiguration.
autoconfiguration.
Note that a future revision of the address architecture [RFC3513] Note that a future revision of the address architecture [RFC4291]
and a future link-type specific document, which will still be and a future link-type-specific document, which will still be
consistent with each other, could potentially allow for an consistent with each other, could potentially allow for an
interface identifier of length other than the value defined in the interface identifier of length other than the value defined in the
current documents. Thus, an implementation should not assume a current documents. Thus, an implementation should not assume a
particular constant. Rather, it should expect any lengths of particular constant. Rather, it should expect any lengths of
interface identifiers. interface identifiers.
If an address is formed successfully and the address is not yet in If an address is formed successfully and the address is not yet in
the list, the host adds it to the list of addresses assigned to the list, the host adds it to the list of addresses assigned to
the interface, initializing its preferred and valid lifetime the interface, initializing its preferred and valid lifetime
values from the Prefix Information option. Note that the check values from the Prefix Information option. Note that the check
against the prefix performed at the beginning of this step cannot against the prefix performed at the beginning of this step cannot
always detect the address conflict in the list. It could be always detect the address conflict in the list. It could be
possible that an address already in the list, configured either possible that an address already in the list, configured either
manually or by DHCPv6, happens to be identical to the newly manually or by DHCPv6, happens to be identical to the newly
created address whereas such a case should be atypical. created address, whereas such a case should be atypical.
e) If the advertised prefix is equal to the prefix of an address e) If the advertised prefix is equal to the prefix of an address
configured by stateless autoconfiguration in the list, the configured by stateless autoconfiguration in the list, the
preferred lifetime of the address is reset to the Preferred preferred lifetime of the address is reset to the Preferred
Lifetime in the received advertisement. The specific action to Lifetime in the received advertisement. The specific action to
perform for the valid lifetime of the address depends on the Valid perform for the valid lifetime of the address depends on the Valid
Lifetime in the received advertisement and the remaining time to Lifetime in the received advertisement and the remaining time to
the valid lifetime expiration of the previously autoconfigured the valid lifetime expiration of the previously autoconfigured
address. We call the remaining time "RemainingLifetime" in the address. We call the remaining time "RemainingLifetime" in the
following discussion: following discussion:
1. If the received Valid Lifetime is greater than 2 hours or 1. If the received Valid Lifetime is greater than 2 hours or
skipping to change at page 19, line 47 skipping to change at page 20, line 19
2. If RemainingLifetime is less than or equal to 2 hours, ignore 2. If RemainingLifetime is less than or equal to 2 hours, ignore
the Prefix Information option with regards to the valid the Prefix Information option with regards to the valid
lifetime, unless the Router Advertisement from which this lifetime, unless the Router Advertisement from which this
option was obtained has been authenticated (e.g., via Secure option was obtained has been authenticated (e.g., via Secure
Neighbor Discovery [RFC3971]). If the Router Advertisement Neighbor Discovery [RFC3971]). If the Router Advertisement
was authenticated, the valid lifetime of the corresponding was authenticated, the valid lifetime of the corresponding
address should be set to the Valid Lifetime in the received address should be set to the Valid Lifetime in the received
option. option.
3. Otherwise, reset the valid lifetime of the corresponding 3. Otherwise, reset the valid lifetime of the corresponding
address to two hours. address to 2 hours.
The above rules address a specific denial of service attack in The above rules address a specific denial-of-service attack in
which a bogus advertisement could contain prefixes with very small which a bogus advertisement could contain prefixes with very small
Valid Lifetimes. Without the above rules, a single Valid Lifetimes. Without the above rules, a single
unauthenticated advertisement containing bogus Prefix Information unauthenticated advertisement containing bogus Prefix Information
options with short Valid Lifetimes could cause all of a node's options with short Valid Lifetimes could cause all of a node's
addresses to expire prematurely. The above rules ensure that addresses to expire prematurely. The above rules ensure that
legitimate advertisements (which are sent periodically) will legitimate advertisements (which are sent periodically) will
"cancel" the short Valid Lifetimes before they actually take "cancel" the short Valid Lifetimes before they actually take
effect. effect.
Note that the preferred lifetime of the corresponding address is Note that the preferred lifetime of the corresponding address is
always reset to the Preferred Lifetime in the received Prefix always reset to the Preferred Lifetime in the received Prefix
Information option, regardless of whether the valid lifetime is Information option, regardless of whether the valid lifetime is
also reset or ignored. The difference comes from the fact that also reset or ignored. The difference comes from the fact that
the possible attack for the preferred lifetime is relatively the possible attack for the preferred lifetime is relatively
minor. Additionally, it is even undesirable to ignore the minor. Additionally, it is even undesirable to ignore the
preferred lifetime when a valid administrator wants to deprecate a preferred lifetime when a valid administrator wants to deprecate a
particular address by sending a short preferred lifetime (and the particular address by sending a short preferred lifetime (and the
valid lifetime is ignored by accident). valid lifetime is ignored by accident).
5.5.4 Address Lifetime Expiry 5.5.4. Address Lifetime Expiry
A preferred address becomes deprecated when its preferred lifetime A preferred address becomes deprecated when its preferred lifetime
expires. A deprecated address SHOULD continue to be used as a source expires. A deprecated address SHOULD continue to be used as a source
address in existing communications, but SHOULD NOT be used to address in existing communications, but SHOULD NOT be used to
initiate new communications if an alternate (non-deprecated) address initiate new communications if an alternate (non-deprecated) address
of sufficient scope can easily be used instead. of sufficient scope can easily be used instead.
Note that the feasibility of initiating new communication using a Note that the feasibility of initiating new communication using a
non-deprecated address may be an application-specific decision, as non-deprecated address may be an application-specific decision, as
only the application may have knowledge about whether the (now) only the application may have knowledge about whether the (now)
deprecated address was (or still is) in use by the application. For deprecated address was (or still is) in use by the application. For
example, if an application explicitly specifies the protocol stack to example, if an application explicitly specifies that the protocol
use a deprecated address as a source address, the protocol stack must stack use a deprecated address as a source address, the protocol
accept that; the application might request it because that IP address stack must accept that; the application might request it because that
is used for in higher-level communication and there might be a IP address is used in higher-level communication and there might be a
requirement that the multiple connections in such a grouping use the requirement that the multiple connections in such a grouping use the
same pair of IP addresses. same pair of IP addresses.
IP and higher layers (e.g., TCP, UDP) MUST continue to accept and IP and higher layers (e.g., TCP, UDP) MUST continue to accept and
process datagrams destined to a deprecated address as normal since a process datagrams destined to a deprecated address as normal since a
deprecated address is still a valid address for the interface. In deprecated address is still a valid address for the interface. In
the case of TCP, this means TCP SYN segments sent to a deprecated the case of TCP, this means TCP SYN segments sent to a deprecated
address are responded to using the deprecated address as a source address are responded to using the deprecated address as a source
address in the corresponding SYN-ACK (if the connection would address in the corresponding SYN-ACK (if the connection would
otherwise be allowed). otherwise be allowed).
An implementation MAY prevent any new communication from using a An implementation MAY prevent any new communication from using a
deprecated address, but system management MUST have the ability to deprecated address, but system management MUST have the ability to
disable such a facility, and the facility MUST be disabled by disable such a facility, and the facility MUST be disabled by
default. default.
Other subtle cases should also be noted about source address Other subtle cases should also be noted about source address
selection. For example, the above description does not clarify which selection. For example, the above description does not clarify which
address should be used between a deprecated, smaller-scope address address should be used between a deprecated, smaller-scope address
and a non-deprecated, enough scope address. The details of the and a non-deprecated, sufficient scope address. The details of the
address selection including this case are described in [RFC3484] and address selection including this case are described in [RFC3484] and
beyond the scope of this document. are beyond the scope of this document.
An address (and its association with an interface) becomes invalid An address (and its association with an interface) becomes invalid
when its valid lifetime expires. An invalid address MUST NOT be used when its valid lifetime expires. An invalid address MUST NOT be used
as a source address in outgoing communications and MUST NOT be as a source address in outgoing communications and MUST NOT be
recognized as a destination on a receiving interface. recognized as a destination on a receiving interface.
5.6 Configuration Consistency 5.6. Configuration Consistency
It is possible for hosts to obtain address information using both It is possible for hosts to obtain address information using both
stateless autoconfiguration and DHCPv6 since both may be enabled at stateless autoconfiguration and DHCPv6 since both may be enabled at
the same time. It is also possible that the values of other the same time. It is also possible that the values of other
configuration parameters such as MTU size and hop limit will be configuration parameters, such as MTU size and hop limit, will be
learned from both Router Advertisements and DHCPv6. If the same learned from both Router Advertisements and DHCPv6. If the same
configuration information is provided by multiple sources, the value configuration information is provided by multiple sources, the value
of this information should be consistent. However, it is not of this information should be consistent. However, it is not
considered a fatal error if information received from multiple considered a fatal error if information received from multiple
sources is inconsistent. Hosts accept the union of all information sources is inconsistent. Hosts accept the union of all information
received via Neighbor Discovery and DHCPv6. received via Neighbor Discovery and DHCPv6.
If inconsistent information is learned from different sources, an If inconsistent information is learned from different sources, an
implementation may want to give information learned securely higher implementation may want to give information learned securely
precedence over information learned without protection. For precedence over information learned without protection. For
instance, Section 8 of [RFC3971] discusses how to deal with instance, Section 8 of [RFC3971] discusses how to deal with
information learned through Secure Neighbor Discovery conflicting information learned through Secure Neighbor Discovery conflicting
with information learned through plain Neighbor Discovery. The same with information learned through plain Neighbor Discovery. The same
discussion can apply to the preference between information learned discussion can apply to the preference between information learned
through plain Neighbor Discovery and information learned via secured through plain Neighbor Discovery and information learned via secured
DHCPv6, and so on. DHCPv6, and so on.
In any case, if there is no security difference, the most recently In any case, if there is no security difference, the most recently
obtained values SHOULD have precedence over information learned obtained values SHOULD have precedence over information learned
earlier. earlier.
5.7 Retaining Configured Addresses for Stability 5.7. Retaining Configured Addresses for Stability
An implementation that has stable storage may want to retain An implementation that has stable storage may want to retain
addresses in the storage when the addresses were acquired using addresses in the storage when the addresses were acquired using
stateless address autoconfiguration. Assuming the lifetimes used are stateless address autoconfiguration. Assuming the lifetimes used are
reasonable, this technique implies that a temporary outage (less than reasonable, this technique implies that a temporary outage (less than
the valid lifetime) of a router will never result in the node losing the valid lifetime) of a router will never result in losing a global
its global address even if the node were to reboot. When this address of the node even if the node were to reboot. When this
technique is used, it should also be noted that the expiration times technique is used, it should also be noted that the expiration times
of the preferred and valid lifetimes must be retained, in order to of the preferred and valid lifetimes must be retained, in order to
prevent the use of an address after it has become deprecated or prevent the use of an address after it has become deprecated or
invalid. invalid.
Further details on this kind of extension are beyond the scope of Further details on this kind of extension are beyond the scope of
this document. this document.
6. SECURITY CONSIDERATIONS 6. Security Considerations
Stateless address autoconfiguration allows a host to connect to a Stateless address autoconfiguration allows a host to connect to a
network, configure an address and start communicating with other network, configure an address, and start communicating with other
nodes without ever registering or authenticating itself with the nodes without ever registering or authenticating itself with the
local site. Although this allows unauthorized users to connect to local site. Although this allows unauthorized users to connect to
and use a network, the threat is inherently present in the Internet and use a network, the threat is inherently present in the Internet
architecture. Any node with a physical attachment to a network can architecture. Any node with a physical attachment to a network can
generate an address (using a variety of ad hoc techniques) that generate an address (using a variety of ad hoc techniques) that
provides connectivity. provides connectivity.
The use of stateless address autoconfiguration and Duplicate Address The use of stateless address autoconfiguration and Duplicate Address
Detection opens up the possibility of several denial of service Detection opens up the possibility of several denial-of-service
attacks. For example, any node can respond to Neighbor Solicitations attacks. For example, any node can respond to Neighbor Solicitations
for a tentative address, causing the other node to reject the address for a tentative address, causing the other node to reject the address
as a duplicate. A separate document [RFC3756] discusses details as a duplicate. A separate document [RFC3756] discusses details
about these attacks, which can be addressed with the Secure Neighbor about these attacks, which can be addressed with the Secure Neighbor
Discovery protocol [RFC3971]. It should also be noted that [RFC3756] Discovery protocol [RFC3971]. It should also be noted that [RFC3756]
points out the use of IP security is not always feasible depending on points out that the use of IP security is not always feasible
network environments. depending on network environments.
7. IANA CONSIDERATIONS
This document has no actions for IANA. 7. Acknowledgements
8. Acknowledgements Thomas Narten and Susan Thompson were the authors of RFCs 1971 and
2462. For this revision of the RFC, Tatuya Jinmei was the sole
editor.
The authors would like to thank the members of both the IPNG (which The authors of RFC 2461 would like to thank the members of both the
is now IPV6) and ADDRCONF working groups for their input. In IPNG (which is now IPV6) and ADDRCONF working groups for their input.
particular, thanks to Jim Bound, Steve Deering, Richard Draves, and In particular, thanks to Jim Bound, Steve Deering, Richard Draves,
Erik Nordmark. Thanks also goes to John Gilmore for alerting the WG and Erik Nordmark. Thanks also goes to John Gilmore for alerting the
of the "0 Lifetime Prefix Advertisement" denial of service attack WG of the "0 Lifetime Prefix Advertisement" denial-of-service attack
vulnerability; this document incorporates changes that address this vulnerability; this document incorporates changes that address this
vulnerability. vulnerability.
A number of people have contributed to identifying issues on a A number of people have contributed to identifying issues with RFC
previous version of this document and to proposing resolutions to the 2461 and to proposing resolutions to the issues as reflected in this
issues, on which this version is based. In addition to those listed version of the document. In addition to those listed above, the
above, the contributors include Jari Arkko, Brian E Carpenter, contributors include Jari Arkko, James Carlson, Brian E. Carpenter,
Gregory Daley, Elwyn Davies, Ralph Droms, Jun-ichiro itojun Hagino, Gregory Daley, Elwyn Davies, Ralph Droms, Jun-ichiro Itojun Hagino,
Christian Huitema, Suresh Krishnan, Soohong Daniel Park, Markku Christian Huitema, Suresh Krishnan, Soohong Daniel Park, Markku
Savela, Pekka Savola, and Margaret Wasserman. Savela, Pekka Savola, Hemant Singh, Bernie Volz, Margaret Wasserman,
and Vlad Yasevich.
9. References
9.1 Normative References
[RFC2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet
Networks", RFC 2464, December 1998.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6
(IPv6) Addressing Architecture", RFC 3513, April 2003.
[I-D.ietf-ipv6-2461bis]
Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)",
draft-ietf-ipv6-2461bis-02 (work in progress),
February 2005.
Note: this reference is expected to be published in
parallel with the referring document, both of which will
be recycled as a draft standard. Upon publication the
reference will be updated and this note will be removed.
9.2 Informative References
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 8. References
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3484] Draves, R., "Default Address Selection for Internet 8.1. Normative References
Protocol version 6 (IPv6)", RFC 3484, February 2003.
[RFC3041] Narten, T. and R. Draves, "Privacy Extensions for [RFC2464] Crawford, M., "Transmission of IPv6 Packets over
Stateless Address Autoconfiguration in IPv6", RFC 3041, Ethernet Networks", RFC 2464, December 1998.
January 2001.
[RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
RFC 3972, March 2005. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2710] Deering, S., Fenner, W., and B. Haberman, "Multicast [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Listener Discovery (MLD) for IPv6", RFC 2710, Architecture", RFC 4291, February 2006.
October 1999.
[RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
Version 2 (MLDv2) for IPv6", RFC 3810, June 2004. "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
September 2007.
[RFC3590] Haberman, B., "Source Address Selection for the Multicast 8.2. Informative References
Listener Discovery (MLD) Protocol", RFC 3590,
September 2003.
[RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
Neighbor Discovery (SEND)", RFC 3971, March 2005. and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3756] Nikander, P., Kempf, J., and E. Nordmark, "IPv6 Neighbor [RFC3484] Draves, R., "Default Address Selection for Internet
Discovery (ND) Trust Models and Threats", RFC 3756, Protocol version 6 (IPv6)", RFC 3484, February 2003.
May 2004.
[RFC1112] Deering, S., "Host extensions for IP multicasting", STD 5, [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
RFC 1112, August 1989. Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, September 2007.
[IEEE802.11] [RFC3972] Aura, T., "Cryptographically Generated Addresses
IEEE, "Wireless LAN Medium Access Control (MAC) and (CGA)", RFC 3972, March 2005.
Physical Layer (PHY) Specifications", ANSI/IEEE
STd 802.11, August 1999.
Authors' Addresses [RFC2710] Deering, S., Fenner, W., and B. Haberman, "Multicast
Listener Discovery (MLD) for IPv6", RFC 2710,
October 1999.
Susan Thomson [RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery
Cisco Systems Version 2 (MLDv2) for IPv6", RFC 3810, June 2004.
Email: [email protected] [RFC3590] Haberman, B., "Source Address Selection for the
Multicast Listener Discovery (MLD) Protocol", RFC 3590,
September 2003.
Thomas Narten [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander,
IBM Corporation "SEcure Neighbor Discovery (SEND)", RFC 3971,
P.O. Box 12195 March 2005.
Research Triangle Park, NC 27709-2195
USA
Phone: +1 919-254-7798 [RFC3756] Nikander, P., Kempf, J., and E. Nordmark, "IPv6
Email: [email protected] Neighbor Discovery (ND) Trust Models and Threats",
RFC 3756, May 2004.
Tatuya Jinmei [RFC1112] Deering, S., "Host extensions for IP multicasting",
Corporate Research & Development Center, Toshiba Corporation STD 5, RFC 1112, August 1989.
1 Komukai Toshiba-cho, Saiwai-ku
Kawasaki-shi, Kanagawa 212-8582
Japan
Phone: +81 44-549-2230 [IEEE802.11] IEEE, "Wireless LAN Medium Access Control (MAC) and
Email: [email protected] Physical Layer (PHY) Specifications", ANSI/IEEE
STd 802.11, August 1999.
Appendix A. LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION Appendix A. Loopback Suppression and Duplicate Address Detection
Determining whether a received multicast solicitation was looped back Determining whether a received multicast solicitation was looped back
to the sender or actually came from another node is implementation- to the sender or actually came from another node is implementation-
dependent. A problematic case occurs when two interfaces attached to dependent. A problematic case occurs when two interfaces attached to
the same link happen to have the same identifier and link-layer the same link happen to have the same identifier and link-layer
address, and they both send out packets with identical contents at address, and they both send out packets with identical contents at
roughly the same time (e.g., Neighbor Solicitations for a tentative roughly the same time (e.g., Neighbor Solicitations for a tentative
address as part of Duplicate Address Detection messages). Although a address as part of Duplicate Address Detection messages). Although a
receiver will receive both packets, it cannot determine which packet receiver will receive both packets, it cannot determine which packet
was looped back and which packet came from the other node by simply was looped back and which packet came from the other node simply by
comparing packet contents (i.e., the contents are identical). In comparing packet contents (i.e., the contents are identical). In
this particular case, it is not necessary to know precisely which this particular case, it is not necessary to know precisely which
packet was looped back and which was sent by another node; if one packet was looped back and which was sent by another node; if one
receives more solicitations than were sent, the tentative address is receives more solicitations than were sent, the tentative address is
a duplicate. However, the situation may not always be this a duplicate. However, the situation may not always be this
straightforward. straightforward.
The IPv4 multicast specification [RFC1112] recommends that the The IPv4 multicast specification [RFC1112] recommends that the
service interface provide a way for an upper-layer protocol to service interface provide a way for an upper-layer protocol to
inhibit local delivery of packets sent to a multicast group that the inhibit local delivery of packets sent to a multicast group that the
skipping to change at page 25, line 42 skipping to change at page 25, line 42
software. On interfaces in which the hardware itself suppresses software. On interfaces in which the hardware itself suppresses
loopbacks, a node running Duplicate Address Detection simply counts loopbacks, a node running Duplicate Address Detection simply counts
the number of Neighbor Solicitations received for a tentative address the number of Neighbor Solicitations received for a tentative address
and compares them with the number expected. If there is a mismatch, and compares them with the number expected. If there is a mismatch,
the tentative address is a duplicate. the tentative address is a duplicate.
In those cases where the hardware cannot suppress loopbacks, however, In those cases where the hardware cannot suppress loopbacks, however,
one possible software heuristic to filter out unwanted loopbacks is one possible software heuristic to filter out unwanted loopbacks is
to discard any received packet whose link-layer source address is the to discard any received packet whose link-layer source address is the
same as the receiving interface's. There is even a link-layer same as the receiving interface's. There is even a link-layer
specification that requires to discard any such packets [IEEE802.11]. specification that requires that any such packets be discarded
Unfortunately, use of that criteria also results in the discarding of [IEEE802.11]. Unfortunately, use of that criteria also results in
all packets sent by another node using the same link-layer address. the discarding of all packets sent by another node using the same
Duplicate Address Detection will fail on interfaces that filter link-layer address. Duplicate Address Detection will fail on
received packets in this manner: interfaces that filter received packets in this manner:
o If a node performing Duplicate Address Detection discards received o If a node performing Duplicate Address Detection discards received
packets having the same source link-layer address as the receiving packets that have the same source link-layer address as the
interface, it will also discard packets from other nodes also receiving interface, it will also discard packets from other nodes
using the same link-layer address, including Neighbor that also use the same link-layer address, including Neighbor
Advertisement and Neighbor Solicitation messages required to make Advertisement and Neighbor Solicitation messages required to make
Duplicate Address Detection work correctly. This particular Duplicate Address Detection work correctly. This particular
problem can be avoided by temporarily disabling the software problem can be avoided by temporarily disabling the software
suppression of loopbacks while a node performs Duplicate Address suppression of loopbacks while a node performs Duplicate Address
Detection, if it is possible to disable the suppression. Detection, if it is possible to disable the suppression.
o If a node that is already using a particular IP address discards o If a node that is already using a particular IP address discards
received packets having the same link-layer source address as the received packets that have the same link-layer source address as
interface, it will also discard Duplicate Address Detection- the interface, it will also discard Duplicate Address Detection-
related Neighbor Solicitation messages sent by another node also related Neighbor Solicitation messages sent by another node that
using the same link-layer address. Consequently, Duplicate also use the same link-layer address. Consequently, Duplicate
Address Detection will fail, and the other node will configure a Address Detection will fail, and the other node will configure a
non-unique address. Since it is generally impossible to know when non-unique address. Since it is generally impossible to know when
another node is performing Duplicate Address Detection, this another node is performing Duplicate Address Detection, this
scenario can be avoided only if software suppression of loopback scenario can be avoided only if software suppression of loopback
is permanently disabled. is permanently disabled.
Thus, to perform Duplicate Address Detection correctly in the case Thus, to perform Duplicate Address Detection correctly in the case
where two interfaces are using the same link-layer address, an where two interfaces are using the same link-layer address, an
implementation must have a good understanding of the interface's implementation must have a good understanding of the interface's
multicast loopback semantics, and the interface cannot discard multicast loopback semantics, and the interface cannot discard
received packets simply because the source link-layer address is the received packets simply because the source link-layer address is the
same as the interface's. It should also be noted that a link-layer same as the interface's. It should also be noted that a link-layer
specification can conflict with the condition necessary to make specification can conflict with the condition necessary to make
Duplicate Address Detection work. Duplicate Address Detection work.
Appendix B. CHANGES SINCE RFC 1971 Appendix B. Changes since RFC 1971
o Changed document to use term "interface identifier" rather than o Changed document to use term "interface identifier" rather than
"interface token" for consistency with other IPv6 documents. "interface token" for consistency with other IPv6 documents.
o Clarified definition of deprecated address to make clear it is OK o Clarified definition of deprecated address to make clear it is OK
to continue sending to or from deprecated addresses. to continue sending to or from deprecated addresses.
o Added rules to Section 5.5.3 Router Advertisement processing to o Added rules to Section 5.5.3 Router Advertisement processing to
address potential denial-of-service attack when prefixes are address potential denial-of-service attack when prefixes are
advertised with very short Lifetimes. advertised with very short Lifetimes.
o Clarified wording in Section 5.5.4 to make clear that all upper o Clarified wording in Section 5.5.4 to make clear that all upper
layer protocols must process (i.e., send and receive) packets sent layer protocols must process (i.e., send and receive) packets sent
to deprecated addresses. to deprecated addresses.
Appendix C. CHANGES SINCE RFC 2462 Appendix C. Changes since RFC 2462
Major changes that can affect existing implementations: Major changes that can affect existing implementations:
o Specified that a node performing Duplicate Address Detection delay o Specified that a node performing Duplicate Address Detection delay
joining the solicited-node multicast group, not just delay sending joining the solicited-node multicast group, not just delay sending
Neighbor Solicitations, explaining the detailed reason. Neighbor Solicitations, explaining the detailed reason.
o Added a requirement for a random delay before sending Neighbor o Added a requirement for a random delay before sending Neighbor
Solicitations for Duplicate Address Detection if the address being Solicitations for Duplicate Address Detection if the address being
checked is configured by a multicasted Router Advertisements. checked is configured by a multicasted Router Advertisements.
o Clarified that on failure of Duplicate Address Detection, IP o Clarified that on failure of Duplicate Address Detection, IP
network operation should be disabled and that the rule should network operation should be disabled and that the rule should
apply when the hardware address is supposed to be unique. apply when the hardware address is supposed to be unique.
Major clarifications: Major clarifications:
skipping to change at page 27, line 15 skipping to change at page 27, line 27
o Clarified that on failure of Duplicate Address Detection, IP o Clarified that on failure of Duplicate Address Detection, IP
network operation should be disabled and that the rule should network operation should be disabled and that the rule should
apply when the hardware address is supposed to be unique. apply when the hardware address is supposed to be unique.
Major clarifications: Major clarifications:
o Clarified how the length of interface identifiers should be o Clarified how the length of interface identifiers should be
determined, described the relationship with the prefix length determined, described the relationship with the prefix length
advertised in Router Advertisements, and avoided using a advertised in Router Advertisements, and avoided using a
particular length hard-coded in this document. particular length hard-coded in this document.
o Clarified the processing of received neighbor advertisements while
performing Duplicate Address Detection.
o Removed the text regarding the M and O flags, considering the o Removed the text regarding the M and O flags, considering the
maturity of implementations and operational experiences. maturity of implementations and operational experiences.
ManagedFlag and OtherConfigFlag were removed accordingly. (Note ManagedFlag and OtherConfigFlag were removed accordingly. (Note
that this change does not mean the use of these flags is that this change does not mean the use of these flags is
deprecated.) deprecated.)
o Avoided the wording of "stateful configuration", which is known to o Avoided the wording of "stateful configuration", which is known to
be quite confusing, and simply used "DHCPv6" wherever appropriate. be quite confusing, and simply used "DHCPv6" wherever appropriate.
o Recommended to perform Duplicate Address Detection for all unicast o Recommended to perform Duplicate Address Detection for all unicast
addresses more strongly, considering a variety of different addresses more strongly, considering a variety of different
interface identifiers, while keeping care of existing interface identifiers, while keeping care of existing
implementations. implementations.
o Clarified wording in Section 5.5.4 to make clear that a deprecated o Clarified wording in Section 5.5.4 to make clear that a deprecated
address specified by an application should be used for any address specified by an application can be used for any
communication. communication.
o Clarified the prefix check described in Section 5.5.3 using more o Clarified the prefix check described in Section 5.5.3 using more
appropriate terms and that the check is done against the prefixes appropriate terms and that the check is done against the prefixes
of addresses configured by stateless autoconfiguration. of addresses configured by stateless autoconfiguration.
o Changed the references to the IP security Authentication Header to o Changed the references to the IP security Authentication Header to
references to RFC 3971 (Secure Neighbor Discovery). Also revised references to RFC 3971 (Secure Neighbor Discovery). Also revised
the Security Considerations section with a reference to RFC 3756. the Security Considerations section with a reference to RFC 3756.
o Added a note when an implementation uses stable storage for o Added a note when an implementation uses stable storage for
autoconfigured addresses. autoconfigured addresses.
o Added consideration about preference between inconsistent o Added consideration about preference between inconsistent
information sets, one from a secured source and the other learned information sets, one from a secured source and the other learned
without protection. without protection.
Other miscellaneous clarifications: Other miscellaneous clarifications:
o Removed references to site-local and revised wording around the o Removed references to site-local and revised wording around the
keyword. keyword.
o Removed redundant code in denial of service protection in
o Removed redundant code in denial-of-service protection in
Section 5.5.3. Section 5.5.3.
o Clarified that a unicasted Neighbor Solicitation or Advertisement o Clarified that a unicasted Neighbor Solicitation or Advertisement
should be discarded while performing Duplicate Address Detection. should be discarded while performing Duplicate Address Detection.
o Noted in Section 5.3 that an interface can be considered as o Noted in Section 5.3 that an interface can be considered as
becoming enabled when a wireless access point changes. becoming enabled when a wireless access point changes.
Appendix D. CHANGE HISTORY Authors' Addresses
[NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION UPON PUBLICATION.]
Changes in draft-ietf-ipv6-rfc2462bis-00.txt since RFC 2462 are:
o Fixed a typo in Section 2.
o Updated references and categorized them into normative and
informative ones.
o Removed redundant code in denial of service protection in Section
5.5.3.
o Clarified that a unicasted NS or NA should be discarded while
performing Duplicate Address Detection.
o Replaced the word "StoredLifetime" with "RemainingLifetime" with a
precise definition to avoid confusion.
o Removed references to site-local and revised wording around the
keyword.
o Added a note about source address selection with regards to
deprecated vs insufficient-scope addresses, etc. Added a
reference to RFC 3484 for further details.
o Clarified what "new communication" means in Section 5.5.4.
o Added a new subsection (5.7) to mention the possibility to use
stable storage to retain configured addresses for stability.
o Revised the Security Considerations section with a reference to
RFC 3756 and a note that the use of IP security is not always
feasible.
o Added a note with a reference in Appendix A about the case where a
link-layer filtering conflicts with a condition to make Duplicate
Address Detection work correctly.
o Specified that a node performing Duplicate Address Detection delay
joining the solicited-node multicast group, not just delay sending
Neighbor Solicitations, explaining the detailed reason.
o Clarified the reason why the interface should be disabled after an
address duplicate is detected. Also clarified that the interface
may continue to be used if the interface identifier is not based
on the hardware address.
o Clarified that the preferred lifetime for an existing configured
address is always reset to the advertised value by Router
Advertisement.
o Updated the description of interface identifier considering the
latest format.
Changes since draft-ietf-ipv6-rfc2462bis-00.txt are:
o Clarified how the length of interface identifiers should be
determined, described the relationship with the prefix length
advertised in Router Advertisements, and avoided using a
particular length hard-coded in this document.
o Added a note when an implementation uses stable storage for
autoconfigured addresses.
o Resolved conflict with the Multicast Listener Discovery
specification about random delay for the first packet from the
host.
o Clarified the semantics of the M and O flags based on the latest
standard and operational status. In particular, clarified that
these flags show the availability of the stateful protocol instead
of a trigger to invoke the stateful protocol. ManagedFlag and
OtherConfigFlag, which were implementation-internal variables,
were removed accordingly.
o Recommended to perform Duplicate Address Detection for all unicast
addresses more strongly, considering a variety of different
interface identifiers, while keeping care of existing
implementations.
o Added a requirement for a random delay before sending Neighbor
Solicitations for Duplicate Address Detection if the address being
checked is configured by a multicasted Router Advertisement.
o Clarified that the prefix comparison in Section 5.5.3 is based on
exact match. Also clarified the comparison described in this
document concentrates on addresses configured by the stateless
mechanism.
o Revisited the author list.
o Added IANA Considerations Section.
Changes since draft-ietf-ipv6-rfc2462bis-02.txt are:
o Updated the I-D / IPR boilerplate to the latest ones. Applied Susan Thomson
other editorial changes to conform to I-D nits. Cisco Systems
o Clarified that it is IP network operation that should be disabled
on failure of Duplicate Address Detection, and that the rule
should apply when the hardware address is supposed to be unique.
o Changed the reference on the algorithm of computing solicited-node
multicast addresses to [RFC3513].
o Made the intent clearer in the clarification that unicasted NS or
NA should be discarded during Duplicate Address Detection.
Changes since draft-ietf-ipv6-rfc2462bis-03.txt are: EMail: [email protected]
o Added an informative reference to [RFC3590]. Thomas Narten
o Summarized major changes since RFC 2462 to prepare for IBM Corporation
publication. P.O. Box 12195
Research Triangle Park, NC 27709-2195
USA
Changes since draft-ietf-ipv6-rfc2462bis-05.txt are: Phone: +1 919-254-7798
EMail: [email protected]
o Clarified the role of RFC 3736 in the abstract. Tatuya Jinmei
Corporate Research & Development Center, Toshiba Corporation
1 Komukai Toshiba-cho, Saiwai-ku
Kawasaki-shi, Kanagawa 212-8582
Japan
o Clarified that the default configuration method is the one Phone: +81 44-549-2230
described in this document. EMail: [email protected]
o Changed the reference for the Neighbor Discovery protocol to
[I-D.ietf-ipv6-2461bis].
o Reorganized the conditions at the beginning of Section 5.4 with an
additional note to avoid confusion.
o Clarified the role of the link-local prefix in Section 5.3.
o Added a reference to RFC 3810 as well as to RFC 2710.
o Clarified the MLD issues a bit more.
o Replaced "multicast interface" with "multicast-capable interface".
o Clarified that the autoconfiguration protocol would basically be
used on all types of links in line with the Neighbor Discovery
protocol.
Changes since draft-ietf-ipv6-rfc2462bis-06.txt are: Full Copyright Statement
o Removed text mentioning the M and O flags to avoid having a stale Copyright (C) The IETF Trust (2007).
reference.
o Noted that the host should make sure that an autoconfigured global
address is not yet in the address list before adding it to the
list.
o Replaced "stateful configuration" with "DHCPv6".
o Added a reference to [RFC3513] from Section 4.
o Changed wording about Duplicate Address Detection in Section 4 to
avoid confusion on the requirement level.
o Clarified that the use of the RFC2119 keywords is intentionally
limited to the protocol specification (Section 5).
Changes since draft-ietf-ipv6-rfc2462bis-07.txt are: This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
o Noted in Section 5.3 that an interface can be considered as This document and the information contained herein are provided on an
becoming enabled when a wireless access point changes. "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
o Changed the references to IPsec Authentication Header to OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
references to SEND [RFC3971], and categorized the new reference as THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
informative. OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
o Added consideration about preference between inconsistent THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
information sets, one from a secured source and the other learned WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
without protection.
Intellectual Property Statement Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
skipping to change at page 31, line 28 skipping to change at line 1318
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
[email protected]. [email protected].
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
 End of changes. 184 change blocks. 
496 lines changed or deleted 372 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/