Operational Neighbor Discovery Problems
RFC 6583

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    v6ops mailing list <v6ops@ietf.org>,
    v6ops chair <v6ops-chairs@tools.ietf.org>
Subject: Document Action: 'Operational Neighbor Discovery Problems' to Informational RFC (draft-ietf-v6ops-v6nd-problems-04.txt)

The IESG has approved the following document:
- 'Operational Neighbor Discovery Problems'
  (draft-ietf-v6ops-v6nd-problems-04.txt) as an Informational RFC

This document is the product of the IPv6 Operations Working Group.

The IESG contact persons are Ronald Bonica and Dan Romascanu.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-v6ops-v6nd-problems/


    Technical Summary 

   In IPv4, subnets are generally small, made just large enough to cover
   the actual number of machines on the subnet.  In contrast, the
   default IPv6 subnet size is a /64, a number so large it covers
   trillions of addresses, the overwhelming number of which will be
   unassigned.  Consequently, simplistic implementations of Neighbor
   Discovery can be vulnerable to deliberate or accidental denial of
   service, whereby they attempt to perform address resolution for large
   numbers of unassigned addresses.  Such denial of attacks can be
   launched intentionally (by an attacker), or result from legitimate
   operational tools or accident conditions.  As a result of these
   vulnerabilities, new devices may not be able to "join" a network, it
   may be impossible to establish new IPv6 flows, and existing IPv6
   transported flows may be interrupted.

   This document describes the potential for DOS in detail and suggests
   possible implementation improvements as well as operational
   mitigation techniques that can in some cases be used to protect
   against or at least alleviate the impact of such attacks.
 
    Working Group Summary 

The topic was discussed in v6ops, with essentially smooth consensus supporting the document.

    Document Quality 

This is a problem statement. As such, one doesn't expect an implementation...


Personnel

 Fred Baker is shepherd.