sun microsystems Systems Architecture Committee _________________________________________________________________ Subject: IP Duplicate Address Detection Submitted by: James D. Carlson File: PSARC/2005/314/opinion.ms Date: August 8th, 2006 Committee: Bill Sommerfeld, James D. Carlson, Ed Gould, Glenn Skinner, Gary Winiger, Shudong Zhou. Product Approval Committee: Solaris PAC solaris-pac-opinion@sun.com 1. Summary This project proposes to make several infrastructural improvements to how Solaris's IPv4 ARP and IPv6 Neighbor Discovery implementations detect and handle situations where two nodes on a network claim the same IP address. This work will enable several follow-on projects in the general area of dynamic network autoconfiguration. 2. Decision & Precedence Information This project is approved as specified in reference [1]. The project may be delivered in a Patch/Micro release of Solaris PSARC/2005/314 Copyright 2006 Sun Microsystems, Inc. - 2 - 3. Interfaces The project exports the following interfaces. ___________________________________________________________ | Interfaces Exported | |________________________|_________________|______________| |Interface | Classification | Comments | |________________________|_________________|______________| |IPv6 DAD probing | Committed | RFC 2462 | |IPv4 DAD probing | Committed | RFC 3927 [1]| | | | | |Ongoing address defense| Committed | | |behavior | | | | | | | |UnARP (listen-only) | Committed | RFC 1868 | | | | | |kernel warning messages | Uncommitted | arp(7P) | | | | | |new ndd parameters | Project Private| | | | | | |arp(1M) "permanent" flag| Committed | | |arp(1M) output | Uncommited | [4] | |ATF_AUTHORITY | Committed | | | | | | |ifconfig up/down | Committed | | |IFF_DUPLICATE | Committed | [2] | |IFF_UP behavior | Committed | | |IFF_NOLOCAL behavior | Committed | | |rtsock DAD delay | Committed | | |AR_* STREAMS messages | Consolidation | | | | Private | | |DHCP PRE_BOUND state | Project Private| [3] | |________________________|_________________|______________| 1 As revised to add ongoing address defense in the event of a collision; see below. 2 New output-only flag; also visible in ifconfig output 3 New state; visible in ifconfig dhcp status output 4 Flag output changed to match command line keywords PSARC/2005/314 Copyright 2006 Sun Microsystems, Inc. - 3 - The project imports the following interfaces. ______________________________________________________ | Interfaces Imported | |________________|_________________|_________________| |Interface | Classification | Comments | |________________|_________________|_________________| |ire_cache_lookup| Consolidation | kernel function| | | Private | | |ire_refrele | Consolidation | kernel function| | | Private | | |________________|_________________|_________________| 4. Opinion 4.1. Never give up, never surrender! The Duplicate Address Detection algorithm described in RFC 3927 is designed for the allocation of a randomized link- local IPv4 addresses, and thus will back off (and pick a new address) in the event of a collision. This algorithm is inappropriate when applied to authoritatively assigned addresses (i.e., manual assignment or DHCP) as it renders the host subject to a difficult-to-diagnose "drive by" denial-of-service attack. If a duplicate is detected, rather than giving up on a particular address forever, we instead back off for a time and try again later. 4.2. Logging on both parties in the event of a conflict In the event that a conflict is detected between two systems with this project installed, warning messages logged on each system will contain the layer-2 addresses of the other sys- tem, permitting any conflict to be diagnosed starting from either system. 4.3. Need efficient PRNG for protocol use. Most protocols involving periodic broadcast messages will self-synchronize unless timers have substantial random jitter added. The Solaris kernel contains several common random number generator functions; however, they are designed for cryptographic use and are thus computationally expensive per bit generated. A lighter weight function would be useful both for this protocol and several other projects; see the Advisory information below. 5. Minority Opinion(s) None PSARC/2005/314 Copyright 2006 Sun Microsystems, Inc. - 4 - 6. Advisory Information 1. The Solaris PAC should prioritize the establish- ment of a project to provide a high-efficiency common random number generator for non- cryptographic use (for instance, for adding random variability to protocol timers to avoid self- synchronization). 2. Once this project integrates and begins to be used on Sun's internal network, the project team should make the operators of the network aware of the new behavior in the event that there is unexpected adverse behavior. 7. Appendices 7.1. Appendix A: Technical Changes Required None. 7.2. Appendix B: Technical Changes Advised None. 7.3. Appendix C: Reference Material Unless stated otherwise, path names are relative to the case directory PSARC/2005/314. 1. Solaris IP Duplicate Address Detection, version 1.6 File: final.materials/dad-design.pdf 2. RFC 1868 UnARP http://www.ietf.org/rfc/rfc1868.txt 3. RFC 2462 IPv6 Duplicate Address Detection http://www.ietf.org/rfc/rfc2462.txt 4. RFC 3927 Dynamic Configuration of IPv4 Link-Local Addresses http://www.ietf.org/rfc/rfc3927.txt PSARC/2005/314 Copyright 2006 Sun Microsystems, Inc.