IPv6 Neighbor Discovery Routing Proxy

Introduction Section 5.2 of "IPv6 Neighbor Discovery (ND)" describes a conceptual sending algorithm for the host stack, which operation differs whether a destination is on-link or off-link, affecting the selection of the next hop to which to forward a packet. In the former case, the host lookups the address up over the link, whereas in the latter, the host simply forwards to the default router. While on-link determination is explicitly specified through a variety of criteria, there is no signaling for off-link and a prefix that not known as being on-link may still be on-link or off-link, so the host behavior is not clearly defined. In particular, a router on the link can refrain from announcing that a prefix is on-link, but it has no authoritative way to declare that the prefix is off-link, and whether to adopt an off-link or an on-link behavior by default is left to the host decision and stack implementation. This is problematic in the case of non-broacast multi-access (NBMA) links that was accepted to be left "for further study" at the time of . "Architecture and Framework for IPv6 over Non-Broadcast Access" presents a number of NBMA situations, including wireless access and meshes, Low-Power Lossy Networks, and multi-site overlays, where the physical or logical characteristics of the subnet mandates an off-link behavior by the hosts, even when the destination is in the same subnet as the sender. In these cases, a host that fails to adopt the off-link behavior is likely to attempt link-layer address resolution and fail to forward traffic via a router. provides historical and background information behind the removal of the "on-link assumption" from the conceptual host sending algorithm defined in , in particular in the case whether the host is not aware of a default router. On that basis, clarifies the relationship between subnet and link and update to make off-link behavior the default and mandate on-link behavior to be driven by explicit means. However, legacy or non-complient stack implementations may continue to this day to assume that a prefix is on-link by default, leading to connectivity failures. This document proposes a stateless ND routing-proxy operation (see section 4.1 of ) as a stateless variation of the ND routing-proxy function defined in section 2.2 of . enabling the router to obtain an off-link behavior from such stacks, by forcing hosts that attempt a link-layer address resolution by default to forward all their traffic to their default router. The routing proxy function is co-located with the Router, listens to ND messages sent on the link and, when appropriate, responds with NA announcing self as the owner of the address to attract the traffic.

Acronyms This document uses the following abbreviations:

DAD:: Duplicate address Detection
LLN:: Low-Power and Lossy Network
LLA:: link-local address
MAC:: Medium Access Control
MLSN:: Multi-link Subnet
MLD:: multicast Listener Discovery
NA:: Neighbor Advertisement (message)
NBMA:: Non-Broadcast Multi-Access
NCE:: Neighbor Cache Entry
ND:: Neighbor Discovery (protocol)
NDP:: Neighbor Discovery Protocol
NUD:: Neighbor Unreachability Detection
NS:: Neighbor Solicitation (message)
P2P:: Point-to-Point
P2MP:: Point-to-Multipoint
RA:: Router Advertisement (message)
RS:: Router Solicitation (message)
ULP:: Upper-Layer Protocol
VLAN:: Virtual Local Area Network
VxLAN:: Virtual Extensible LAN
WAN:: Wide Area Network
WLAN:: Wireless Local Area Network
WPAN:: Wireless Personal Area Network

Operations Assuming that two hosts sharing a common prefix can only communicate with each other via the router, due to physical or logical network constrains, as shown in , the first action for the router would be to clear the L-flag for this prefix. However, it has been observed that some hosts implementations will continue to try to resolve destination within that prefix and as a consequence, will be unable to establish connectivity with each other. Note that this document does not cover the use cases where the hosts are not isolated from each other, and continue to run NDP on a prefix announced by the router as not on-link.

Topology There are three types of NS that the proxy can get:

NS lookup: Multicast, sent from the node's LLA to the SNMA
NS NUD: Unicast, sent from the node's LLA to the target
NS DAD: Multicast, sent from the unspecified address to the SNMA

NS DAD are ignored by the Proxy (passed to the router). Assuming the physical or logical topology does not provide layer-2 connectivity between hosts, another type of proxy (DAD-proxy, specified in is required to detect and handle duplications. NS Lookup and NS NUD are responded unconditionally by the proxy. The response always carries the Router MAC in a TLLA option. In case the entry is not in router's ND cache, and upon receiving data packets from the host, the router will initiate address resolution before forwarding. The end result is going to be identical to a host implementing "not on-link" behavior. This flow is illustrated in .

NS flow | | | | | | | | |NA, src=target, TLLA=ROUTER | |<-----------------------+ | | | | | | | |data, dst=target | | +----------------------->| | | | NS lookup (target) | | +----------------------> | | | NA, SLLA=target | | |<-----------------------+ | | | | | data, dst=target | | +----------------------->| | | | ]]> When the proxy sends the NA, the R/S/O flags are set as specified below:

S flag should be on (response to a solicitation)
O flag should be on (to update sender’s cache, in case the MAC has changed)
R flag should be on if and only if the target is the router address, off otherwise.

Security Considerations

IANA Considerations This specification does not require IANA action.

Contributors

Acknowledgments