Re: Neighbor Discovery and on-link determination

[David Miles <davidm@thetiger.com>]

Hi Erik,

I'll put both answers into one email:


If routerA sent a ND to routerB and the source address of the ND if  
off-link, populating the Neighbour Cache will not achieve any real  
functionality. Yes, I'd propose it is ignored by the router. Possibly  
we could trigger a unsolicited Neighbour Advertisement from RouterB?
I cannot see any impact on redirect or proxy service functionality and  
I really see this as a misconfiguration.
With respect to your other email and my security concerns:  if  the  
receipt of a ND or NA on any interface, irrespective of prefix list,  
were able to both populate the Neighbour Cache and update/affect the  
forwarding behaviour then I would be worried. Seeing you have both  
clarified this was not the intent I do not have an issue, but it does  
seem of little benefit to populate a Neighbour Cache entry if it is  
never consulted.
I know the scenario is contrived however it was brought to my  
attention from another source, so the clarifications are appreciated.
Best Regards,

-David


On 25/06/2008, at 8:38 PM, Erik Nordmark wrote:

> David Miles wrote:
>
> > I'd also suggest that in the Message Validation section we include  
> > the checks you mention (is the source of the ND or target of the NA  
> > an on-link prefix per Prefix List)
> If you do that, how would communication work in your example?
> The NS would be dropped since its source isn't covered by an on-link  
> prefix on the receiver, right?
>   Erik