Network Working Group S. Thomson Request for Comments: 2462 Bellcore Obsoletes: 1971 T. Narten Category: Standards Track IBM December 1998
Network Working Group S. Thomson Request for Comments: 2462 Bellcore Obsoletes: 1971 T. Narten Category: Standards Track IBM December 1998
IPv6 Stateless Address Autoconfiguration
IPv6无状态地址自动配置
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
Abstract
摘要
This document specifies the steps a host takes in deciding how to autoconfigure its interfaces in IP version 6. The autoconfiguration process includes creating a link-local address and verifying its uniqueness on a link, determining what information should be autoconfigured (addresses, other information, or both), and in the case of addresses, whether they should be obtained through the stateless mechanism, the stateful mechanism, or both. This document defines the process for generating a link-local address, the process for generating site-local and global addresses via stateless address autoconfiguration, and the Duplicate Address Detection procedure. The details of autoconfiguration using the stateful protocol are specified elsewhere.
本文档指定主机在决定如何在IP版本6中自动配置其接口时所采取的步骤。自动配置过程包括创建链接本地地址并验证其在链接上的唯一性,确定应自动配置哪些信息(地址、其他信息或两者),以及在地址的情况下,是否应通过无状态机制、有状态机制或两者来获取这些信息。本文档定义了生成链接本地地址的过程、通过无状态地址自动配置生成站点本地和全局地址的过程以及重复地址检测过程。使用有状态协议的自动配置的详细信息在别处指定。
Table of Contents
目录
1. INTRODUCTION............................................. 2 2. TERMINOLOGY.............................................. 4 2.1. Requirements........................................ 6 3. DESIGN GOALS............................................. 7 4. PROTOCOL OVERVIEW........................................ 8 4.1. Site Renumbering.................................... 10 5. PROTOCOL SPECIFICATION................................... 10 5.1. Node Configuration Variables........................ 11 5.2. Autoconfiguration-Related Variables................. 11 5.3. Creation of Link-Local Addresses.................... 12
1. INTRODUCTION............................................. 2 2. TERMINOLOGY.............................................. 4 2.1. Requirements........................................ 6 3. DESIGN GOALS............................................. 7 4. PROTOCOL OVERVIEW........................................ 8 4.1. Site Renumbering.................................... 10 5. PROTOCOL SPECIFICATION................................... 10 5.1. Node Configuration Variables........................ 11 5.2. Autoconfiguration-Related Variables................. 11 5.3. Creation of Link-Local Addresses.................... 12
5.4. Duplicate Address Detection......................... 13 5.4.1. Message Validation............................. 14 5.4.2. Sending Neighbor Solicitation Messages......... 14 5.4.3. Receiving Neighbor Solicitation Messages....... 15 5.4.4. Receiving Neighbor Advertisement Messages...... 16 5.4.5. When Duplicate Address Detection Fails......... 16 5.5. Creation of Global and Site-Local Addresses......... 16 5.5.1. Soliciting Router Advertisements............... 16 5.5.2. Absence of Router Advertisements............... 17 5.5.3. Router Advertisement Processing................ 17 5.5.4. Address Lifetime Expiry........................ 19 5.6. Configuration Consistency........................... 19 6. SECURITY CONSIDERATIONS.................................. 20 7. References............................................... 20 8. Acknowledgements and Authors' Addresses.................. 21 9. APPENDIX A: LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION.............................................. 22 10. APPENDIX B: CHANGES SINCE RFC 1971....................... 24 11. Full Copyright Statement................................. 25
5.4. Duplicate Address Detection......................... 13 5.4.1. Message Validation............................. 14 5.4.2. Sending Neighbor Solicitation Messages......... 14 5.4.3. Receiving Neighbor Solicitation Messages....... 15 5.4.4. Receiving Neighbor Advertisement Messages...... 16 5.4.5. When Duplicate Address Detection Fails......... 16 5.5. Creation of Global and Site-Local Addresses......... 16 5.5.1. Soliciting Router Advertisements............... 16 5.5.2. Absence of Router Advertisements............... 17 5.5.3. Router Advertisement Processing................ 17 5.5.4. Address Lifetime Expiry........................ 19 5.6. Configuration Consistency........................... 19 6. SECURITY CONSIDERATIONS.................................. 20 7. References............................................... 20 8. Acknowledgements and Authors' Addresses.................. 21 9. APPENDIX A: LOOPBACK SUPPRESSION & DUPLICATE ADDRESS DETECTION.............................................. 22 10. APPENDIX B: CHANGES SINCE RFC 1971....................... 24 11. Full Copyright Statement................................. 25
This document specifies the steps a host takes in deciding how to autoconfigure its interfaces in IP version 6. The autoconfiguration process includes creating a link-local address and verifying its uniqueness on a link, determining what information should be autoconfigured (addresses, other information, or both), and in the case of addresses, whether they should be obtained through the stateless mechanism, the stateful mechanism, or both. This document defines the process for generating a link-local address, the process for generating site-local and global addresses via stateless address autoconfiguration, and the Duplicate Address Detection procedure. The details of autoconfiguration using the stateful protocol are specified elsewhere.
本文档指定主机在决定如何在IP版本6中自动配置其接口时所采取的步骤。自动配置过程包括创建链接本地地址并验证其在链接上的唯一性,确定应自动配置哪些信息(地址、其他信息或两者),以及在地址的情况下,是否应通过无状态机制、有状态机制或两者来获取这些信息。本文档定义了生成链接本地地址的过程、通过无状态地址自动配置生成站点本地和全局地址的过程以及重复地址检测过程。使用有状态协议的自动配置的详细信息在别处指定。
IPv6 defines both a stateful and stateless address autoconfiguration mechanism. Stateless autoconfiguration requires no manual configuration of hosts, minimal (if any) configuration of routers, and no additional servers. The stateless mechanism allows a host to generate its own addresses using a combination of locally available information and information advertised by routers. Routers advertise prefixes that identify the subnet(s) associated with a link, while hosts generate an "interface identifier" that uniquely identifies an interface on a subnet. An address is formed by combining the two. In the absence of routers, a host can only generate link-local addresses. However, link-local addresses are sufficient for allowing communication among nodes attached to the same link.
IPv6定义了有状态和无状态地址自动配置机制。无状态自动配置不需要手动配置主机、最少(如果有)配置路由器,也不需要额外的服务器。无状态机制允许主机使用本地可用信息和路由器公布的信息的组合来生成自己的地址。路由器播发标识与链路关联的子网的前缀,而主机生成唯一标识子网上接口的“接口标识符”。一个地址是由两者结合而成的。在没有路由器的情况下,主机只能生成链路本地地址。然而,链路本地地址足以允许连接到同一链路的节点之间的通信。
In the stateful autoconfiguration model, hosts obtain interface addresses and/or configuration information and parameters from a server. Servers maintain a database that keeps track of which addresses have been assigned to which hosts. The stateful autoconfiguration protocol allows hosts to obtain addresses, other configuration information or both from a server. Stateless and stateful autoconfiguration complement each other. For example, a host can use stateless autoconfiguration to configure its own addresses, but use stateful autoconfiguration to obtain other information. Stateful autoconfiguration for IPv6 is the subject of future work [DHCPv6].
在有状态自动配置模型中,主机从服务器获取接口地址和/或配置信息和参数。服务器维护一个数据库,用于跟踪哪些地址已分配给哪些主机。有状态自动配置协议允许主机从服务器获取地址和/或其他配置信息。无状态和有状态自动配置相辅相成。例如,主机可以使用无状态自动配置来配置自己的地址,但可以使用有状态自动配置来获取其他信息。IPv6的有状态自动配置是未来工作的主题[DHCPv6]。
The stateless approach is used when a site is not particularly concerned with the exact addresses hosts use, so long as they are unique and properly routable. The stateful approach is used when a site requires tighter control over exact address assignments. Both stateful and stateless address autoconfiguration may be used simultaneously. The site administrator specifies which type of autoconfiguration to use through the setting of appropriate fields in Router Advertisement messages [DISCOVERY].
当站点不特别关心主机使用的确切地址时,只要这些地址是唯一的并且可以正确路由,就可以使用无状态方法。当站点需要更严格地控制确切的地址分配时,使用有状态方法。有状态和无状态地址自动配置可以同时使用。站点管理员通过在路由器广告消息[DISCOVERY]中设置适当的字段来指定要使用的自动配置类型。
IPv6 addresses are leased to an interface for a fixed (possibly infinite) length of time. Each address has an associated lifetime that indicates how long the address is bound to an interface. When a lifetime expires, the binding (and address) become invalid and the address may be reassigned to another interface elsewhere in the Internet. To handle the expiration of address bindings gracefully, an address goes through two distinct phases while assigned to an interface. Initially, an address is "preferred", meaning that its use in arbitrary communication is unrestricted. Later, an address becomes "deprecated" in anticipation that its current interface binding will become invalid. While in a deprecated state, the use of an address is discouraged, but not strictly forbidden. New communication (e.g., the opening of a new TCP connection) should use a preferred address when possible. A deprecated address should be used only by applications that have been using it and would have difficulty switching to another address without a service disruption.
IPv6地址租给接口的时间是固定的(可能是无限的)。每个地址都有一个关联的生存期,它指示地址绑定到接口的时间。当生存期到期时,绑定(和地址)将无效,并且该地址可能会重新分配到Internet其他位置的另一个接口。为了优雅地处理地址绑定的过期,地址在分配给接口时会经历两个不同的阶段。最初,地址是“首选”的,这意味着它在任意通信中的使用是不受限制的。稍后,一个地址会被“弃用”,因为它的当前接口绑定将变得无效。在不推荐状态下,不鼓励使用地址,但并非严格禁止。新的通信(例如,打开新的TCP连接)应尽可能使用首选地址。不推荐使用的地址只能由正在使用它的应用程序使用,并且在不中断服务的情况下很难切换到其他地址。
To insure that all configured addresses are likely to be unique on a given link, nodes run a "duplicate address detection" algorithm on addresses before assigning them to an interface. The Duplicate Address Detection algorithm is performed on all addresses, independent of whether they are obtained via stateless or stateful autoconfiguration. This document defines the Duplicate Address Detection algorithm.
为了确保所有配置的地址在给定链路上都可能是唯一的,节点在将地址分配给接口之前对地址运行“重复地址检测”算法。重复地址检测算法对所有地址执行,与它们是通过无状态还是有状态自动配置获得无关。本文档定义了重复地址检测算法。
The autoconfiguration process specified in this document applies only to hosts and not routers. Since host autoconfiguration uses information advertised by routers, routers will need to be configured by some other means. However, it is expected that routers will generate link-local addresses using the mechanism described in this document. In addition, routers are expected to successfully pass the Duplicate Address Detection procedure described in this document on all addresses prior to assigning them to an interface.
本文档中指定的自动配置过程仅适用于主机,而不适用于路由器。由于主机自动配置使用路由器公布的信息,因此需要通过其他方式配置路由器。然而,预计路由器将使用本文档中描述的机制生成链路本地地址。此外,在将路由器分配给接口之前,路由器应成功通过本文档中描述的所有地址的重复地址检测程序。
Section 2 provides definitions for terminology used throughout this document. Section 3 describes the design goals that lead to the current autoconfiguration procedure. Section 4 provides an overview of the protocol, while Section 5 describes the protocol in detail.
第2节提供了本文件中所用术语的定义。第3节描述了导致当前自动配置过程的设计目标。第4节概述了协议,第5节详细介绍了协议。
IP - Internet Protocol Version 6. The terms IPv4 and are used only in contexts where necessary to avoid ambiguity.
IP-互联网协议版本6。术语IPv4和IPv4仅在必要时用于避免歧义。
node - a device that implements IP.
节点-实现IP的设备。
router - a node that forwards IP packets not explicitly addressed to itself.
路由器-转发未明确寻址到自身的IP数据包的节点。
host - any node that is not a router.
主机-不是路由器的任何节点。
upper layer - a protocol layer immediately above IP. Examples are transport protocols such as TCP and UDP, control protocols such as ICMP, routing protocols such as OSPF, and internet or lower-layer protocols being "tunneled" over (i.e., encapsulated in) IP such as IPX, AppleTalk, or IP itself.
上层-IP之上的协议层。例如,传输协议(如TCP和UDP)、控制协议(如ICMP)、路由协议(如OSPF)以及通过(即封装在)IP(如IPX、AppleTalk或IP本身)“隧道”的互联网或较低层协议。
link - a communication facility or medium over which nodes can communicate at the link layer, i.e., the layer immediately below IP. Examples are Ethernets (simple or bridged); PPP links; X.25, Frame Relay, or ATM networks; and internet (or higher) layer "tunnels", such as tunnels over IPv4 or IPv6 itself.
链路-一种通信设施或介质,节点可通过该通信设施或介质在链路层(即IP下的一层)进行通信。例如以太网络(简单或桥接);PPP链接;X.25、帧中继或ATM网络;互联网(或更高)层的“隧道”,如IPv4或IPv6本身上的隧道。
interface - a node's attachment to a link.
接口-节点与链接的附件。
packet - an IP header plus payload.
数据包-IP报头加上有效负载。
address - an IP-layer identifier for an interface or a set of interfaces.
地址-一个接口或一组接口的IP层标识符。
unicast address - an identifier for a single interface. A packet sent to a unicast address is delivered to the interface identified by that address.
单播地址-单个接口的标识符。发送到单播地址的数据包被发送到由该地址标识的接口。
multicast address - an identifier for a set of interfaces (typically belonging to different nodes). A packet sent to a multicast address is delivered to all interfaces identified by that address.
多播地址-一组接口(通常属于不同节点)的标识符。发送到多播地址的数据包被发送到该地址标识的所有接口。
anycast address - an identifier for a set of interfaces (typically belonging to different nodes). A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the "nearest" one, according to the routing protocol's measure of distance). See [ADDR-ARCH].
选播地址-一组接口(通常属于不同节点)的标识符。发送到选播地址的数据包被发送到该地址标识的接口之一(根据路由协议的距离度量,“最近的”接口)。见[ADDR-ARCH]。
solicited-node multicast address - a multicast address to which Neighbor Solicitation messages are sent. The algorithm for computing the address is given in [DISCOVERY].
请求节点多播地址-向其发送邻居请求消息的多播地址。[DISCOVERY]中给出了计算地址的算法。
link-layer address - a link-layer identifier for an interface. Examples include IEEE 802 addresses for Ethernet links and E.164 addresses for ISDN links.
链路层地址-接口的链路层标识符。示例包括以太网链路的IEEE 802地址和ISDN链路的E.164地址。
link-local address - an address having link-only scope that can be used to reach neighboring nodes attached to the same link. All interfaces have a link-local unicast address.
链路本地地址-具有仅链路作用域的地址,可用于到达连接到同一链路的相邻节点。所有接口都有一个链路本地单播地址。
site-local address - an address having scope that is limited to the local site.
站点本地地址-范围仅限于本地站点的地址。
global address - an address with unlimited scope.
全局地址-具有无限范围的地址。
communication - any packet exchange among nodes that requires that the address of each node used in the exchange remain the same for the duration of the packet exchange. Examples are a TCP connection or a UDP request- response.
通信-节点之间的任何数据包交换,要求交换中使用的每个节点的地址在数据包交换期间保持不变。例如TCP连接或UDP请求-响应。
tentative address - an address whose uniqueness on a link is being verified, prior to its assignment to an interface. A tentative address is not considered assigned to an interface in the usual sense. An interface discards received packets addressed to a tentative address, but accepts Neighbor Discovery packets related to Duplicate Address Detection for the tentative address.
暂定地址-在将其分配给接口之前,正在验证其在链接上的唯一性的地址。在通常意义上,临时地址不被视为分配给接口。接口丢弃发送到暂定地址的接收数据包,但接受与暂定地址的重复地址检测相关的邻居发现数据包。
preferred address - an address assigned to an interface whose use by upper layer protocols is unrestricted. Preferred addresses may be used as the source (or destination) address of packets sent from (or to) the interface.
首选地址-分配给上层协议使用不受限制的接口的地址。优选地址可用作从接口发送(或发送到接口)的数据包的源(或目的地)地址。
deprecated address - An address assigned to an interface whose use is discouraged, but not forbidden. A deprecated address should no longer be used as a source address in new communications, but packets sent from or to deprecated addresses are delivered as expected. A deprecated address may continue to be used as a source address in communications where switching to a preferred address causes hardship to a specific upper-layer activity (e.g., an existing TCP connection).
不推荐使用的地址-分配给不鼓励使用但不禁止使用的接口的地址。不推荐使用的地址不应再用作新通信中的源地址,但从不推荐使用的地址发送或发送到不推荐使用的地址的数据包将按预期方式传递。不推荐使用的地址可以继续用作通信中的源地址,其中切换到首选地址会对特定上层活动(例如,现有TCP连接)造成困难。
valid address - a preferred or deprecated address. A valid address may appear as the source or destination address of a packet, and the internet routing system is expected to deliver packets sent to a valid address to their intended recipients.
有效地址-首选或不推荐的地址。有效地址可能显示为数据包的源地址或目的地址,并且期望因特网路由系统将发送到有效地址的数据包传递给其预期的接收者。
invalid address - an address that is not assigned to any interface. A valid address becomes invalid when its valid lifetime expires. Invalid addresses should not appear as the destination or source address of a packet. In the former case, the internet routing system will be unable to deliver the packet, in the later case the recipient of the packet will be unable to respond to it.
无效地址-未分配给任何接口的地址。有效地址在其有效生存期到期时变为无效。无效地址不应显示为数据包的目标或源地址。在前一种情况下,互联网路由系统将无法发送数据包,在后一种情况下,数据包的接收者将无法响应它。
preferred lifetime - the length of time that a valid address is preferred (i.e., the time until deprecation). When the preferred lifetime expires, the address becomes deprecated.
首选生存期-首选有效地址的时间长度(即,直到弃用的时间)。当首选生存期到期时,该地址将被弃用。
valid lifetime - the length of time an address remains in the valid state (i.e., the time until invalidation). The valid lifetime must be greater then or equal to the preferred lifetime. When the valid lifetime expires, the address becomes invalid.
有效生存期-地址保持有效状态的时间长度(即,直到失效的时间)。有效生存期必须大于或等于首选生存期。当有效生存期到期时,地址将无效。
interface identifier - a link-dependent identifier for an interface that is (at least) unique per link [ADDR-ARCH]. Stateless address autoconfiguration combines an interface identifier with a prefix to form an address. From address autoconfiguration's perspective, an interface identifier is a bit string of known length. The exact length of an interface identifier and the way it is created is defined in a separate link-type specific document that covers issues related to the transmission of IP over a particular link type (e.g., [IPv6-ETHER]). In many cases, the identifier will be the same as the interface's link-layer address.
接口标识符-接口的链接相关标识符,每个链接(至少)唯一[ADDR-ARCH]。无状态地址自动配置将接口标识符与前缀组合在一起以形成地址。从地址自动配置的角度来看,接口标识符是一个已知长度的位字符串。接口标识符的确切长度及其创建方式在单独的链路类型特定文档中定义,该文档涵盖了与通过特定链路类型(例如[IPv6以太”)传输IP相关的问题。在许多情况下,标识符将与接口的链路层地址相同。
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in [KEYWORDS].
本文件中出现的关键词必须、不得、要求、应、不应、应、不应、建议、可能和可选时,应按照[关键词]中的说明进行解释。
Stateless autoconfiguration is designed with the following goals in mind:
无状态自动配置的设计目标如下:
o Manual configuration of individual machines before connecting them to the network should not be required. Consequently, a mechanism is needed that allows a host to obtain or create unique addresses for each of its interfaces. Address autoconfiguration assumes that each interface can provide a unique identifier for that interface (i.e., an "interface identifier"). In the simplest case, an interface identifier consists of the interface's link-layer address. An interface identifier can be combined with a prefix to form an address.
o 在将单个机器连接到网络之前,不需要手动配置它们。因此,需要一种机制,允许主机为其每个接口获取或创建唯一地址。地址自动配置假定每个接口都可以为该接口提供唯一的标识符(即“接口标识符”)。在最简单的情况下,接口标识符由接口的链路层地址组成。接口标识符可以与前缀组合以形成地址。
o Small sites consisting of a set of machines attached to a single link should not require the presence of a stateful server or router as a prerequisite for communicating. Plug-and-play communication is achieved through the use of link-local addresses. Link-local addresses have a well-known prefix that identifies the (single) shared link to which a set of nodes attach. A host forms a link-local address by appending its interface identifier to the link-local prefix.
o 由连接到单个链路的一组机器组成的小型站点不应要求存在有状态服务器或路由器作为通信的先决条件。即插即用通信是通过使用链路本地地址实现的。链路本地地址有一个众所周知的前缀,用于标识一组节点所连接的(单个)共享链路。主机通过将其接口标识符附加到链路本地前缀来形成链路本地地址。
o A large site with multiple networks and routers should not require the presence of a stateful address configuration server. In order to generate site-local or global addresses, hosts must determine the prefixes that identify the subnets to which they attach. Routers generate periodic Router Advertisements that include options listing the set of active prefixes on a link.
o 具有多个网络和路由器的大型站点不需要有状态地址配置服务器。为了生成站点本地或全局地址,主机必须确定标识其连接到的子网的前缀。路由器定期生成路由器广告,其中包括列出链路上活动前缀集的选项。
o Address configuration should facilitate the graceful renumbering of a site's machines. For example, a site may wish to renumber all of its nodes when it switches to a new network service provider. Renumbering is achieved through the leasing of addresses to interfaces and the assignment of multiple addresses to the same interface. Lease lifetimes provide the mechanism through which a site phases out old prefixes. The assignment of multiple addresses to an interface provides for a transition period during which both a new address and the one being phased out work simultaneously.
o 地址配置应该有助于站点机器的优雅重新编号。例如,当站点切换到新的网络服务提供商时,可能希望对其所有节点重新编号。重新编号是通过向接口租用地址和向同一接口分配多个地址来实现的。租约生命期提供了一种机制,站点通过该机制逐步淘汰旧前缀。将多个地址分配给一个接口提供了一个过渡期,在此期间,新地址和被淘汰的地址同时工作。
o System administrators need the ability to specify whether stateless autoconfiguration, stateful autoconfiguration, or both should be used. Router Advertisements include flags specifying which mechanisms a host should use.
o 系统管理员需要能够指定是否应使用无状态自动配置、有状态自动配置或两者兼用。路由器广告包括指定主机应使用哪些机制的标志。
This section provides an overview of the typical steps that take place when an interface autoconfigures itself. Autoconfiguration is performed only on multicast-capable links and begins when a multicast-capable interface is enabled, e.g., during system startup. Nodes (both hosts and routers) begin the autoconfiguration process by generating a link-local address for the interface. A link-local address is formed by appending the interface's identifier to the well-known link-local prefix.
本节概述了接口自动配置自身时发生的典型步骤。自动配置仅在支持多播的链路上执行,并在启用支持多播的接口时开始,例如在系统启动期间。节点(主机和路由器)通过为接口生成链路本地地址开始自动配置过程。链路本地地址是通过将接口的标识符附加到众所周知的链路本地前缀而形成的。
Before the link-local address can be assigned to an interface and used, however, a node must attempt to verify that this "tentative" address is not already in use by another node on the link. Specifically, it sends a Neighbor Solicitation message containing the tentative address as the target. If another node is already using that address, it will return a Neighbor Advertisement saying so. If another node is also attempting to use the same address, it will send a Neighbor Solicitation for the target as well. The exact number of times the Neighbor Solicitation is (re)transmitted and the delay time between consecutive solicitations is link-specific and may be set by system management.
然而,在将链路本地地址分配给接口并使用之前,节点必须尝试验证链路上的另一个节点是否已经在使用该“暂定”地址。具体地说,它发送一个邻居请求消息,其中包含作为目标的暂定地址。如果另一个节点已经在使用该地址,它将返回一个邻居公告,这样说。如果另一个节点也试图使用相同的地址,它也将发送目标的邻居请求。邻居请求被(重新)传输的确切次数以及连续请求之间的延迟时间是特定于链路的,并且可以由系统管理设置。
If a node determines that its tentative link-local address is not unique, autoconfiguration stops and manual configuration of the interface is required. To simplify recovery in this case, it should be possible for an administrator to supply an alternate interface identifier that overrides the default identifier in such a way that the autoconfiguration mechanism can then be applied using the new (presumably unique) interface identifier. Alternatively, link-local and other addresses will need to be configured manually.
如果节点确定其临时链路本地地址不唯一,则自动配置将停止,需要手动配置接口。为了简化这种情况下的恢复,管理员应该可以提供一个替代接口标识符,该标识符覆盖默认标识符,从而可以使用新的(可能是唯一的)接口标识符应用自动配置机制。或者,需要手动配置链路本地地址和其他地址。
Once a node ascertains that its tentative link-local address is unique, it assigns it to the interface. At this point, the node has IP-level connectivity with neighboring nodes. The remaining autoconfiguration steps are performed only by hosts; the (auto)configuration of routers is beyond the scope of this document.
一旦节点确定其临时链路本地地址是唯一的,它就会将其分配给接口。此时,节点与相邻节点具有IP级别的连接。其余的自动配置步骤仅由主机执行;路由器的(自动)配置超出了本文档的范围。
The next phase of autoconfiguration involves obtaining a Router Advertisement or determining that no routers are present. If routers are present, they will send Router Advertisements that specify what sort of autoconfiguration a host should do. If no routers are present, stateful autoconfiguration should be invoked.
自动配置的下一阶段涉及获取路由器广告或确定不存在路由器。如果存在路由器,它们将发送路由器广告,指定主机应执行的自动配置类型。如果不存在路由器,则应调用有状态自动配置。
Routers send Router Advertisements periodically, but the delay between successive advertisements will generally be longer than a host performing autoconfiguration will want to wait [DISCOVERY]. To obtain an advertisement quickly, a host sends one or more Router
路由器定期发送路由器播发,但连续播发之间的延迟通常比执行自动配置的主机等待[发现]的时间长。为了快速获取广告,主机发送一个或多个路由器
Solicitations to the all-routers multicast group. Router Advertisements contain two flags indicating what type of stateful autoconfiguration (if any) should be performed. A "managed address configuration" flag indicates whether hosts should use stateful autoconfiguration to obtain addresses. An "other stateful configuration" flag indicates whether hosts should use stateful autoconfiguration to obtain additional information (excluding addresses).
对所有路由器多播组的请求。路由器广告包含两个标志,指示应执行何种类型的有状态自动配置(如果有)。“托管地址配置”标志指示主机是否应使用有状态自动配置来获取地址。“其他有状态配置”标志指示主机是否应使用有状态自动配置来获取附加信息(不包括地址)。
Router Advertisements also contain zero or more Prefix Information options that contain information used by stateless address autoconfiguration to generate site-local and global addresses. It should be noted that the stateless and stateful address autoconfiguration fields in Router Advertisements are processed independently of one another, and a host may use both stateful and stateless address autoconfiguration simultaneously. One Prefix Information option field, the "autonomous address-configuration flag", indicates whether or not the option even applies to stateless autoconfiguration. If it does, additional option fields contain a subnet prefix together with lifetime values indicating how long addresses created from the prefix remain preferred and valid.
路由器广告还包含零个或多个前缀信息选项,这些选项包含无状态地址自动配置用于生成站点本地和全局地址的信息。应当注意的是,路由器广告中的无状态和有状态地址自动配置字段彼此独立地处理,并且主机可以同时使用有状态和无状态地址自动配置。一个前缀信息选项字段“自治地址配置标志”指示该选项是否适用于无状态自动配置。如果是,其他选项字段将包含子网前缀以及生存期值,这些值指示从前缀创建的地址保持首选和有效的时间。
Because routers generate Router Advertisements periodically, hosts will continually receive new advertisements. Hosts process the information contained in each advertisement as described above, adding to and refreshing information received in previous advertisements.
由于路由器定期生成路由器播发,主机将不断接收新的播发。主机如上所述处理每个播发中包含的信息,添加并刷新以前播发中接收到的信息。
For safety, all addresses must be tested for uniqueness prior to their assignment to an interface. In the case of addresses created through stateless autoconfig, however, the uniqueness of an address is determined primarily by the portion of the address formed from an interface identifier. Thus, if a node has already verified the uniqueness of a link-local address, additional addresses created from the same interface identifier need not be tested individually. In contrast, all addresses obtained manually or via stateful address autoconfiguration should be tested for uniqueness individually. To accommodate sites that believe the overhead of performing Duplicate Address Detection outweighs its benefits, the use of Duplicate Address Detection can be disabled through the administrative setting of a per-interface configuration flag.
为了安全起见,在将所有地址分配到接口之前,必须测试其唯一性。但是,对于通过无状态自动配置创建的地址,地址的唯一性主要由接口标识符形成的地址部分决定。因此,如果节点已经验证了链路本地地址的唯一性,则不需要单独测试从相同接口标识符创建的其他地址。相反,手动或通过有状态地址自动配置获得的所有地址都应单独测试其唯一性。为了适应认为执行重复地址检测的开销大于其好处的站点,可以通过管理设置每个接口配置标志来禁用重复地址检测的使用。
To speed the autoconfiguration process, a host may generate its link-local address (and verify its uniqueness) in parallel with waiting for a Router Advertisement. Because a router may delay responding to a Router Solicitation for a few seconds, the total time needed to complete autoconfiguration can be significantly longer if the two steps are done serially.
为了加快自动配置过程,主机可以在等待路由器公告的同时生成其链路本地地址(并验证其唯一性)。由于路由器可能会延迟响应路由器请求几秒钟,因此如果连续完成这两个步骤,则完成自动配置所需的总时间可能会显著延长。
Address leasing facilitates site renumbering by providing a mechanism to time-out addresses assigned to interfaces in hosts. At present, upper layer protocols such as TCP provide no support for changing end-point addresses while a connection is open. If an end-point address becomes invalid, existing connections break and all communication to the invalid address fails. Even when applications use UDP as a transport protocol, addresses must generally remain the same during a packet exchange.
地址租赁通过提供一种机制来超时分配给主机中接口的地址,从而有助于站点重新编号。目前,上层协议(如TCP)不支持在连接打开时更改端点地址。如果端点地址无效,现有连接将中断,与无效地址的所有通信将失败。即使应用程序使用UDP作为传输协议,在数据包交换期间,地址通常也必须保持不变。
Dividing valid addresses into preferred and deprecated categories provides a way of indicating to upper layers that a valid address may become invalid shortly and that future communication using the address will fail, should the address's valid lifetime expire before communication ends. To avoid this scenario, higher layers should use a preferred address (assuming one of sufficient scope exists) to increase the likelihood that an address will remain valid for the duration of the communication. It is up to system administrators to set appropriate prefix lifetimes in order to minimize the impact of failed communication when renumbering takes place. The deprecation period should be long enough that most, if not all, communications are using the new address at the time an address becomes invalid.
将有效地址划分为首选和不推荐的类别,提供了一种向上层指示有效地址可能很快失效的方法,并且如果地址的有效生存期在通信结束之前过期,则使用该地址的未来通信将失败。为了避免这种情况,高层应该使用首选地址(假设存在一个足够的作用域),以增加地址在通信期间保持有效的可能性。由系统管理员设置适当的前缀生存期,以便在重新编号时将通信失败的影响降至最低。弃用期应足够长,以使大多数(如果不是全部)通信在地址无效时使用新地址。
The IP layer is expected to provide a means for upper layers (including applications) to select the most appropriate source address given a particular destination and possibly other constraints. An application may choose to select the source address itself before starting a new communication or may leave the address unspecified, in which case the upper networking layers will use the mechanism provided by the IP layer to choose a suitable address on the application's behalf.
IP层有望为上层(包括应用程序)提供一种方法,以便在给定特定目的地和可能的其他约束条件下选择最合适的源地址。应用程序可以在开始新的通信之前选择源地址本身,或者可以不指定地址,在这种情况下,上层网络层将使用IP层提供的机制代表应用程序选择合适的地址。
Detailed address selection rules are beyond the scope of this document.
详细的地址选择规则超出了本文档的范围。
Autoconfiguration is performed on a per-interface basis on multicast-capable interfaces. For multihomed hosts, autoconfiguration is performed independently on each interface. Autoconfiguration applies primarily to hosts, with two exceptions. Routers are expected to generate a link-local address using the procedure outlined below. In addition, routers perform Duplicate Address Detection on all addresses prior to assigning them to an interface.
自动配置是在支持多播的接口上基于每个接口执行的。对于多宿主主机,自动配置在每个接口上独立执行。自动配置主要适用于主机,但有两个例外。路由器应使用以下程序生成链路本地地址。此外,路由器在将所有地址分配给接口之前,对其执行重复地址检测。
A node MUST allow the following autoconfiguration-related variable to be configured by system management for each multicast interface:
节点必须允许系统管理为每个多播接口配置以下自动配置相关变量:
DupAddrDetectTransmits
DupaddrDetect
The number of consecutive Neighbor Solicitation messages sent while performing Duplicate Address Detection on a tentative address. A value of zero indicates that Duplicate Address Detection is not performed on tentative addresses. A value of one indicates a single transmission with no follow up retransmissions.
对临时地址执行重复地址检测时发送的连续邻居请求消息数。值为零表示不会对临时地址执行重复地址检测。值为1表示没有后续重新传输的单个传输。
Default: 1, but may be overridden by a link-type specific value in the document that covers issues related to the transmission of IP over a particular link type (e.g., [IPv6-ETHER]).
默认值:1,但可能会被文档中特定于链路类型的值覆盖,该值涵盖与通过特定链路类型(例如,[IPv6 ETHER])传输IP相关的问题。
Autoconfiguration also assumes the presence of the variable RetransTimer as defined in [DISCOVERY]. For autoconfiguration purposes, RetransTimer specifies the delay between consecutive Neighbor Solicitation transmissions performed during Duplicate Address Detection (if DupAddrDetectTransmits is greater than 1), as well as the time a node waits after sending the last Neighbor Solicitation before ending the Duplicate Address Detection process.
自动配置还假定存在[DISCOVERY]中定义的变量Renstimer。出于自动配置目的,Renstimer指定重复地址检测期间执行的连续邻居请求传输之间的延迟(如果DupAddrDetectTransmissions大于1),以及节点在发送最后一个邻居请求后在结束重复地址检测过程之前等待的时间。
A host maintains a number of data structures and flags related to autoconfiguration. In the following, we present conceptual variables and show how they are used to perform autoconfiguration. The specific variables are used for demonstration purposes only, and an implementation is not required to have them, so long as its external behavior is consistent with that described in this document.
主机维护许多与自动配置相关的数据结构和标志。在下面,我们将介绍概念变量,并说明如何使用它们执行自动配置。特定变量仅用于演示目的,实现不需要这些变量,只要其外部行为与本文档中描述的一致。
Beyond the formation of a link-local address and using Duplicate Address Detection, how routers (auto)configure their interfaces is beyond the scope of this document.
除了形成链路本地地址和使用重复地址检测之外,路由器(自动)如何配置其接口超出了本文档的范围。
Hosts maintain the following variables on a per-interface basis:
主机根据每个接口维护以下变量:
ManagedFlag Copied from the M flag field (i.e., the "managed address configuration" flag) of the most recently received Router Advertisement message. The flag indicates whether or not addresses are to be configured using the stateful autoconfiguration mechanism. It starts out in a FALSE state.
从最近接收的路由器广告消息的M标志字段(即“托管地址配置”标志)复制的ManagedFlag。该标志指示是否使用有状态自动配置机制配置地址。它从一个错误的状态开始。
OtherConfigFlag Copied from the O flag field (i.e., the "other stateful configuration" flag) of the most recently received Router Advertisement message. The flag indicates whether or not information other than addresses is to be obtained using the stateful autoconfiguration mechanism. It starts out in a FALSE state.
从最近接收的路由器广告消息的O标志字段(即“其他有状态配置”标志)复制的OtherConfigFlag。该标志指示是否使用有状态自动配置机制获取地址以外的信息。它从一个错误的状态开始。
In addition, when the value of the ManagedFlag is TRUE, the value of OtherConfigFlag is implicitely TRUE as well. It is not a valid configuration for a host to use stateful address autoconfiguration to request addresses only, without also accepting other configuration information.
此外,当ManagedFlag的值为TRUE时,OtherConfigFlag的值也隐式为TRUE。主机使用有状态地址自动配置仅请求地址而不接受其他配置信息是无效的配置。
A host also maintains a list of addresses together with their corresponding lifetimes. The address list contains both autoconfigured addresses and those configured manually.
主机还维护一个地址列表及其相应的生存期。地址列表包含自动配置的地址和手动配置的地址。
A node forms a link-local address whenever an interface becomes enabled. An interface may become enabled after any of the following events:
只要启用接口,节点就会形成链接本地地址。在发生以下任何事件后,接口可能会启用:
- The interface is initialized at system startup time.
- 接口在系统启动时初始化。
- The interface is reinitialized after a temporary interface failure or after being temporarily disabled by system management.
- 在临时接口出现故障或被系统管理暂时禁用后,将重新初始化接口。
- The interface attaches to a link for the first time.
- 该接口第一次连接到链接。
- The interface becomes enabled by system management after having been administratively disabled.
- 该接口在被管理禁用后由系统管理启用。
A link-local address is formed by prepending the well-known link-local prefix FE80::0 [ADDR-ARCH] (of appropriate length) to the interface identifier. If the interface identifier has a length of N bits, the interface identifier replaces the right-most N zero bits of the link-local prefix. If the interface identifier is more than 118 bits in length, autoconfiguration fails and manual configuration is required. Note that interface identifiers will typically be 64-bits long and based on EUI-64 identifiers as described in [ADDR-ARCH].
链路本地地址是通过将众所周知的链路本地前缀FE80::0[ADDR-ARCH](具有适当长度)预先添加到接口标识符来形成的。如果接口标识符的长度为N位,则接口标识符将替换链路本地前缀最右边的N个零位。如果接口标识符长度超过118位,则自动配置失败,需要手动配置。请注意,接口标识符通常为64位长,并基于[ADDR-ARCH]中所述的EUI-64标识符。
A link-local address has an infinite preferred and valid lifetime; it is never timed out.
链路本地地址具有无限的首选有效生存期;它从不超时。
Duplicate Address Detection is performed on unicast addresses prior to assigning them to an interface whose DupAddrDetectTransmits variable is greater than zero. Duplicate Address Detection MUST take place on all unicast addresses, regardless of whether they are obtained through stateful, stateless or manual configuration, with the exception of the following cases:
在将单播地址分配给DupAddrDetectTransmissions变量大于零的接口之前,对其执行重复地址检测。重复地址检测必须在所有单播地址上进行,无论它们是通过有状态、无状态还是手动配置获得的,以下情况除外:
- Duplicate Address Detection MUST NOT be performed on anycast addresses.
- 不得对选播地址执行重复地址检测。
- Each individual unicast address SHOULD be tested for uniqueness. However, when stateless address autoconfiguration is used, address uniqueness is determined solely by the interface identifier, assuming that subnet prefixes are assigned correctly (i.e., if all of an interface's addresses are generated from the same identifier, either all addresses or none of them will be duplicates). Thus, for a set of addresses formed from the same interface identifier, it is sufficient to check that the link-local address generated from the identifier is unique on the link. In such cases, the link-local address MUST be tested for uniqueness, and if no duplicate address is detected, an implementation MAY choose to skip Duplicate Address Detection for additional addresses derived from the same interface identifier.
- 应测试每个单播地址的唯一性。但是,当使用无状态地址自动配置时,地址唯一性仅由接口标识符确定,前提是子网前缀分配正确(即,如果接口的所有地址都是由同一标识符生成的,则所有地址或没有地址重复)。因此,对于由相同接口标识符形成的一组地址,检查由标识符生成的链路本地地址在链路上是否唯一就足够了。在这种情况下,必须测试链路本地地址的唯一性,如果未检测到重复地址,则实现可以选择跳过对从相同接口标识符派生的其他地址的重复地址检测。
The procedure for detecting duplicate addresses uses Neighbor Solicitation and Advertisement messages as described below. If a duplicate address is discovered during the procedure, the address cannot be assigned to the interface. If the address is derived from an interface identifier, a new identifier will need to be assigned to the interface, or all IP addresses for the interface will need to be manually configured. Note that the method for detecting duplicates is not completely reliable, and it is possible that duplicate
检测重复地址的过程使用邻居请求和广告消息,如下所述。如果在过程中发现重复地址,则无法将该地址分配给接口。如果地址来自接口标识符,则需要为接口分配新的标识符,或者需要手动配置接口的所有IP地址。请注意,用于检测重复项的方法并不完全可靠,并且可能存在重复项
addresses will still exist (e.g., if the link was partitioned while Duplicate Address Detection was performed).
地址仍将存在(例如,如果在执行重复地址检测时对链接进行了分区)。
An address on which the duplicate Address Detection Procedure is applied is said to be tentative until the procedure has completed successfully. A tentative address is not considered "assigned to an interface" in the traditional sense. That is, the interface must accept Neighbor Solicitation and Advertisement messages containing the tentative address in the Target Address field, but processes such packets differently from those whose Target Address matches an address assigned to the interface. Other packets addressed to the tentative address should be silently discarded.
在重复地址检测过程成功完成之前,对其应用重复地址检测过程的地址称为暂定地址。在传统意义上,临时地址不被视为“分配给接口”。也就是说,接口必须接受邻居请求和广告消息,这些消息包含目标地址字段中的暂定地址,但处理此类数据包的方式不同于其目标地址与分配给接口的地址匹配的数据包。其他发往暂定地址的数据包应该被悄悄地丢弃。
It should also be noted that Duplicate Address Detection must be performed prior to assigning an address to an interface in order to prevent multiple nodes from using the same address simultaneously. If a node begins using an address in parallel with Duplicate Address Detection, and another node is already using the address, the node performing Duplicate Address Detection will erroneously process traffic intended for the other node, resulting in such possible negative consequences as the resetting of open TCP connections.
还应注意,在将地址分配给接口之前,必须执行重复地址检测,以防止多个节点同时使用同一地址。如果一个节点开始使用与重复地址检测并行的地址,而另一个节点已经在使用该地址,则执行重复地址检测的节点将错误地处理用于另一个节点的通信量,从而导致可能的负面后果,如重设打开的TCP连接。
The following subsections describe specific tests a node performs to verify an address's uniqueness. An address is considered unique if none of the tests indicate the presence of a duplicate address within RetransTimer milliseconds after having sent DupAddrDetectTransmits Neighbor Solicitations. Once an address is determined to be unique, it may be assigned to an interface.
以下小节描述节点为验证地址唯一性而执行的特定测试。如果在发送DupAddrDetect邻居请求后的Renstimer毫秒内没有任何测试表明存在重复地址,则认为地址是唯一的。一旦确定地址是唯一的,就可以将其分配给接口。
A node MUST silently discard any Neighbor Solicitation or Advertisement message that does not pass the validity checks specified in [DISCOVERY]. A solicitation that passes these validity checks is called a valid solicitation or valid advertisement.
节点必须以静默方式放弃未通过[发现]中指定的有效性检查的任何邻居请求或播发消息。通过这些有效性检查的邀约称为有效邀约或有效广告。
Before sending a Neighbor Solicitation, an interface MUST join the all-nodes multicast address and the solicited-node multicast address of the tentative address. The former insures that the node receives Neighbor Advertisements from other nodes already using the address; the latter insures that two nodes attempting to use the same address simultaneously detect each other's presence.
在发送邻居请求之前,接口必须加入所有节点多播地址和临时地址的请求节点多播地址。前者确保该节点从已经使用该地址的其他节点接收邻居播发;后者确保两个试图使用相同地址的节点同时检测到对方的存在。
To check an address, a node sends DupAddrDetectTransmits Neighbor Solicitations, each separated by RetransTimer milliseconds. The solicitation's Target Address is set to the address being checked,
为了检查地址,节点发送DupAddrDetect发送邻居请求,每个请求之间用Renstimer毫秒分隔。邀约的目标地址设置为正在检查的地址,
the IP source is set to the unspecified address and the IP destination is set to the solicited-node multicast address of the target address.
IP源设置为未指定的地址,IP目标设置为目标地址的请求节点多播地址。
If the Neighbor Solicitation is the first message to be sent from an interface after interface (re)initialization, the node should delay sending the message by a random delay between 0 and MAX_RTR_SOLICITATION_DELAY as specified in [DISCOVERY]. This serves to alleviate congestion when many nodes start up on the link at the same time, such as after a power failure, and may help to avoid race conditions when more than one node is trying to solicit for the same address at the same time. In order to improve the robustness of the Duplicate Address Detection algorithm, an interface MUST receive and process datagrams sent to the all-nodes multicast address or solicited-node multicast address of the tentative address while delaying transmission of the initial Neighbor Solicitation.
如果邻居请求是接口(重新)初始化后从接口发送的第一条消息,则节点应按照[DISCOVERY]中的规定,以0和MAX_RTR_请求_delay之间的随机延迟延迟发送消息。这有助于在多个节点同时在链路上启动时(例如在电源故障后)缓解拥塞,并有助于避免多个节点同时尝试请求相同地址时出现争用情况。为了提高重复地址检测算法的鲁棒性,接口必须接收和处理发送到临时地址的所有节点多播地址或请求节点多播地址的数据报,同时延迟初始邻居请求的传输。
On receipt of a valid Neighbor Solicitation message on an interface, node behavior depends on whether the target address is tentative or not. If the target address is not tentative (i.e., it is assigned to the receiving interface), the solicitation is processed as described in [DISCOVERY]. If the target address is tentative, and the source address is a unicast address, the solicitation's sender is performing address resolution on the target; the solicitation should be silently ignored. Otherwise, processing takes place as described below. In all cases, a node MUST NOT respond to a Neighbor Solicitation for a tentative address.
在接口上收到有效的邻居请求消息时,节点行为取决于目标地址是否为暂定地址。如果目标地址不是暂定的(即,它被分配给接收接口),则请求将按照[发现]中所述进行处理。如果目标地址是暂定的,而源地址是单播地址,则请求的发送方正在目标上执行地址解析;这种恳求应该被默默地忽略。否则,将按如下所述进行处理。在所有情况下,节点都不得响应邻居请求临时地址。
If the source address of the Neighbor Solicitation is the unspecified address, the solicitation is from a node performing Duplicate Address Detection. If the solicitation is from another node, the tentative address is a duplicate and should not be used (by either node). If the solicitation is from the node itself (because the node loops back multicast packets), the solicitation does not indicate the presence of a duplicate address.
如果邻居请求的源地址是未指定的地址,则请求来自执行重复地址检测的节点。如果请求来自另一个节点,则暂定地址是重复的,不应(由任一节点)使用。如果请求来自节点本身(因为节点循环回多播数据包),则请求不表示存在重复地址。
Implementor's Note: many interfaces provide a way for upper layers to selectively enable and disable the looping back of multicast packets. The details of how such a facility is implemented may prevent Duplicate Address Detection from working correctly. See the Appendix for further discussion.
实现者注意:许多接口为上层提供了一种有选择地启用和禁用多播数据包环回的方法。有关如何实现此类功能的详细信息可能会阻止重复地址检测正常工作。有关进一步讨论,请参见附录。
The following tests identify conditions under which a tentative address is not unique:
以下测试确定了临时地址不唯一的条件:
- If a Neighbor Solicitation for a tentative address is received prior to having sent one, the tentative address is a duplicate. This condition occurs when two nodes run Duplicate Address Detection simultaneously, but transmit initial solicitations at different times (e.g., by selecting different random delay values before transmitting an initial solicitation).
- 如果在发送临时地址之前收到邻居请求,则临时地址是重复的。当两个节点同时运行重复地址检测,但在不同时间发送初始请求(例如,通过在发送初始请求之前选择不同的随机延迟值)时,会出现这种情况。
- If the actual number of Neighbor Solicitations received exceeds the number expected based on the loopback semantics (e.g., the interface does not loopback packet, yet one or more solicitations was received), the tentative address is a duplicate. This condition occurs when two nodes run Duplicate Address Detection simultaneously and transmit solicitations at roughly the same time.
- 如果收到的邻居请求的实际数量超过了基于环回语义的预期数量(例如,接口没有环回数据包,但收到了一个或多个请求),则暂定地址是重复的。当两个节点同时运行重复地址检测并大致同时发送请求时,就会出现这种情况。
On receipt of a valid Neighbor Advertisement message on an interface, node behavior depends on whether the target address is tentative or matches a unicast or anycast address assigned to the interface. If the target address is assigned to the receiving interface, the solicitation is processed as described in [DISCOVERY]. If the target address is tentative, the tentative address is not unique.
在接口上接收到有效的邻居播发消息时,节点行为取决于目标地址是暂定地址还是与分配给接口的单播或选播地址匹配。如果将目标地址分配给接收接口,则按照[发现]中所述处理请求。如果目标地址是暂定地址,则暂定地址不是唯一的。
A tentative address that is determined to be a duplicate as described above, MUST NOT be assigned to an interface and the node SHOULD log a system management error. If the address is a link-local address formed from an interface identifier, the interface SHOULD be disabled.
如上所述,确定为重复的暂定地址不得分配给接口,节点应记录系统管理错误。如果地址是由接口标识符形成的链路本地地址,则应禁用该接口。
Global and site-local addresses are formed by appending an interface identifier to a prefix of appropriate length. Prefixes are obtained from Prefix Information options contained in Router Advertisements. Creation of global and site-local addresses and configuration of other parameters as described in this section SHOULD be locally configurable. However, the processing described below MUST be enabled by default.
全局地址和站点本地地址是通过将接口标识符附加到适当长度的前缀来形成的。前缀是从路由器广告中包含的前缀信息选项中获取的。本节所述的全局和站点本地地址的创建以及其他参数的配置应为本地可配置。但是,默认情况下必须启用下面描述的处理。
Router Advertisements are sent periodically to the all-nodes multicast address. To obtain an advertisement quickly, a host sends out Router Solicitations as described in [DISCOVERY].
路由器广告会定期发送到所有节点的多播地址。为了快速获得广告,主机发送路由器请求,如[DISCOVERY]中所述。
If a link has no routers, a host MUST attempt to use stateful autoconfiguration to obtain addresses and other configuration information. An implementation MAY provide a way to disable the invocation of stateful autoconfiguration in this case, but the default SHOULD be enabled. From the perspective of autoconfiguration, a link has no routers if no Router Advertisements are received after having sent a small number of Router Solicitations as described in [DISCOVERY].
如果链路没有路由器,主机必须尝试使用有状态自动配置来获取地址和其他配置信息。在这种情况下,实现可以提供一种禁用有状态自动配置调用的方法,但是应该启用默认值。从自动配置的角度来看,如果在发送了少量路由器请求(如[发现]中所述)后未收到路由器广告,则链路没有路由器。
On receipt of a valid Router Advertisement (as defined in [DISCOVERY]), a host copies the value of the advertisement's M bit into ManagedFlag. If the value of ManagedFlag changes from FALSE to TRUE, and the host is not already running the stateful address autoconfiguration protocol, the host should invoke the stateful address autoconfiguration protocol, requesting both address information and other information. If the value of the ManagedFlag changes from TRUE to FALSE, the host should continue running the stateful address autoconfiguration, i.e., the change in the value of the ManagedFlag has no effect. If the value of the flag stays unchanged, no special action takes place. In particular, a host MUST NOT reinvoke stateful address configuration if it is already participating in the stateful protocol as a result of an earlier advertisement.
在收到有效的路由器播发(如[DISCOVERY]中所定义)后,主机将播发的M位的值复制到ManagedFlag中。如果ManagedFlag的值从FALSE更改为TRUE,并且主机尚未运行有状态地址自动配置协议,则主机应调用有状态地址自动配置协议,请求地址信息和其他信息。如果ManagedFlag的值从TRUE更改为FALSE,则主机应继续运行有状态地址自动配置,即ManagedFlag值的更改无效。如果标志值保持不变,则不会发生特殊操作。特别是,如果主机由于先前的播发而已经参与有状态协议,则不得重新调用有状态地址配置。
An advertisement's O flag field is processed in an analogous manner. A host copies the value of the O flag into OtherConfigFlag. If the value of OtherConfigFlag changes from FALSE to TRUE, the host should invoke the stateful autoconfiguration protocol, requesting information (excluding addresses if ManagedFlag is set to FALSE). If the value of the OtherConfigFlag changes from TRUE to FALSE, the host should continue running the stateful address autoconfiguration protocol, i.e., the change in the value of OtherConfigFlag has no effect. If the value of the flag stays unchanged, no special action takes place. In particular, a host MUST NOT reinvoke stateful configuration if it is already participating in the stateful protocol as a result of an earlier advertisement.
广告的O标志字段以类似的方式处理。主机将O标志的值复制到OtherConfigFlag中。如果OtherConfigFlag的值从FALSE更改为TRUE,则主机应调用有状态自动配置协议,请求信息(如果ManagedFlag设置为FALSE,则不包括地址)。如果OtherConfigFlag的值从TRUE更改为FALSE,则主机应继续运行有状态地址自动配置协议,即OtherConfigFlag的值更改无效。如果标志值保持不变,则不会发生特殊操作。特别是,如果主机由于先前的播发而已经参与有状态协议,则不得重新调用有状态配置。
For each Prefix-Information option in the Router Advertisement:
对于路由器公告中的每个前缀信息选项:
a) If the Autonomous flag is not set, silently ignore the Prefix Information option.
a) 如果未设置自治标志,则默认忽略前缀信息选项。
b) If the prefix is the link-local prefix, silently ignore the Prefix Information option.
b) 如果前缀是链接本地前缀,则默认忽略前缀信息选项。
c) If the preferred lifetime is greater than the valid lifetime, silently ignore the Prefix Information option. A node MAY wish to log a system management error in this case.
c) 如果首选生存期大于有效生存期,则默认忽略前缀信息选项。在这种情况下,节点可能希望记录系统管理错误。
d) If the prefix advertised does not match the prefix of an address already in the list, and the Valid Lifetime is not 0, form an address (and add it to the list) by combining the advertised prefix with the link's interface identifier as follows:
d) 如果播发的前缀与列表中已存在地址的前缀不匹配,且有效生存期不是0,则通过将播发的前缀与链接的接口标识符组合,形成一个地址(并将其添加到列表中),如下所示:
| 128 - N bits | N bits | +---------------------------------------+------------------------+ | link prefix | interface identifier | +----------------------------------------------------------------+
| 128 - N bits | N bits | +---------------------------------------+------------------------+ | link prefix | interface identifier | +----------------------------------------------------------------+
If the sum of the prefix length and interface identifier length does not equal 128 bits, the Prefix Information option MUST be ignored. An implementation MAY wish to log a system management error in this case. It is the responsibility of the system administrator to insure that the lengths of prefixes contained in Router Advertisements are consistent with the length of interface identifiers for that link type. Note that interface identifiers will typically be 64-bits long and based on EUI-64 identifiers as described in [ADDR-ARCH].
如果前缀长度和接口标识符长度之和不等于128位,则必须忽略前缀信息选项。在这种情况下,实现可能希望记录系统管理错误。系统管理员负责确保路由器播发中包含的前缀长度与该链路类型的接口标识符长度一致。请注意,接口标识符通常为64位长,并基于[ADDR-ARCH]中所述的EUI-64标识符。
If an address is formed successfully, the host adds it to the list of addresses assigned to the interface, initializing its preferred and valid lifetime values from the Prefix Information option.
如果成功形成地址,主机会将其添加到分配给接口的地址列表中,并从前缀信息选项初始化其首选和有效的生存期值。
e) If the advertised prefix matches the prefix of an autoconfigured address (i.e., one obtained via stateless or stateful address autoconfiguration) in the list of addresses associated with the interface, the specific action to perform depends on the Valid Lifetime in the received advertisement and the Lifetime associated with the previously autoconfigured address (which we call StoredLifetime in the discussion that follows):
e) 如果播发的前缀与接口相关地址列表中自动配置地址(即通过无状态或有状态地址自动配置获得的地址)的前缀匹配,要执行的特定操作取决于接收到的播发中的有效生存期以及与先前自动配置的地址(我们在下面的讨论中称之为StoredLifetime)关联的生存期:
1) If the received Lifetime is greater than 2 hours or greater than StoredLifetime, update the stored Lifetime of the corresponding address.
1) 如果收到的生存期大于2小时或大于StoredLifetime,请更新相应地址的存储生存期。
2) If the StoredLifetime is less than or equal to 2 hours and the received Lifetime is less than or equal to StoredLifetime, ignore the prefix, unless the Router Advertisement from which
2) 如果StoredLifetime小于或等于2小时,并且接收的生存期小于或等于StoredLifetime,则忽略前缀,除非路由器播发
this Prefix Information option was obtained has been authenticated (e.g., via IPSec [RFC2402]). If the Router Advertisment was authenticated, the StoredLifetime should be set to the Lifetime in the received option.
该前缀信息选项已通过身份验证(例如,通过IPSec[RFC2402])。如果路由器公告已通过身份验证,则应在received选项中将StoredLifetime设置为生存期。
3) Otherwise, reset the stored Lifetime in the corresponding address to two hours.
3) 否则,将相应地址中存储的生存期重置为两小时。
The above rules address a specific denial of service attack in which a bogus advertisement could contain prefixes with very small Valid Lifetimes. Without the above rules, a single unauthenticated advertisement containing bogus Prefix Information options with short Lifetimes could cause all of a node's addresses to expire prematurely. The above rules insure that legitimate advertisements (which are sent periodically) will "cancel" the short lifetimes before they actually take effect.
上述规则针对一种特定的拒绝服务攻击,其中虚假广告可能包含有效寿命非常短的前缀。如果没有上述规则,一个包含虚假前缀信息选项且存在时间短的未经验证的广告可能会导致节点的所有地址提前过期。上述规则确保合法广告(定期发送)在实际生效前会“取消”短暂的生存期。
A preferred address becomes deprecated when its preferred lifetime expires. A deprecated address SHOULD continue to be used as a source address in existing communications, but SHOULD NOT be used in new communications if an alternate (non-deprecated) address is available and has sufficient scope. IP and higher layers (e.g., TCP, UDP) MUST continue to accept datagrams destined to a deprecated address since a deprecated address is still a valid address for the interface. An implementation MAY prevent any new communication from using a deprecated address, but system management MUST have the ability to disable such a facility, and the facility MUST be disabled by default.
当首选地址的首选生存期到期时,它将被弃用。不推荐使用的地址应继续在现有通信中用作源地址,但如果备用(非不推荐使用的)地址可用且具有足够的作用域,则不应在新通信中使用。IP和更高的层(例如TCP、UDP)必须继续接受发送到不推荐的地址的数据报,因为不推荐的地址仍然是接口的有效地址。实现可能会阻止任何新通信使用不推荐的地址,但系统管理必须能够禁用此类设施,并且默认情况下必须禁用该设施。
An address (and its association with an interface) becomes invalid when its valid lifetime expires. An invalid address MUST NOT be used as a source address in outgoing communications and MUST NOT be recognized as a destination on a receiving interface.
地址(及其与接口的关联)在其有效生存期到期时变为无效。无效地址不得用作传出通信中的源地址,也不得被识别为接收接口上的目标地址。
It is possible for hosts to obtain address information using both stateless and stateful protocols since both may be enabled at the same time. It is also possible that the values of other configuration parameters such as MTU size and hop limit will be learned from both Router Advertisements and the stateful autoconfiguration protocol. If the same configuration information is provided by multiple sources, the value of this information should be consistent. However, it is not considered a fatal error if information received from multiple sources is inconsistent. Hosts accept the union of all information received via the stateless and
主机可以使用无状态和有状态协议获取地址信息,因为这两种协议可以同时启用。还可能从路由器广告和有状态自动配置协议中学习其他配置参数(如MTU大小和跃点限制)的值。如果多个来源提供相同的配置信息,则此信息的值应一致。但是,如果从多个来源收到的信息不一致,则不认为是致命错误。主机接受通过无状态和
stateful protocols. If inconsistent information is learned different sources, the most recently obtained values always have precedence over information learned earlier.
有状态协议。如果不一致的信息是从不同的来源获取的,则最近获取的值始终优先于先前获取的信息。
Stateless address autoconfiguration allows a host to connect to a network, configure an address and start communicating with other nodes without ever registering or authenticating itself with the local site. Although this allows unauthorized users to connect to and use a network, the threat is inherently present in the Internet architecture. Any node with a physical attachment to a network can generate an address (using a variety of ad hoc techniques) that provides connectivity.
无状态地址自动配置允许主机连接到网络、配置地址并开始与其他节点通信,而无需向本地站点注册或验证自身。尽管这允许未经授权的用户连接和使用网络,但这种威胁在互联网体系结构中固有存在。任何与网络有物理连接的节点都可以生成提供连接的地址(使用各种临时技术)。
The use of Duplicate Address Detection opens up the possibility of denial of service attacks. Any node can respond to Neighbor Solicitations for a tentative address, causing the other node to reject the address as a duplicate. This attack is similar to other attacks involving the spoofing of Neighbor Discovery messages and can be addressed by requiring that Neighbor Discovery packets be authenticated [RFC2402].
重复地址检测的使用增加了拒绝服务攻击的可能性。任何节点都可以响应邻居请求临时地址,导致另一个节点拒绝该地址作为重复地址。此攻击类似于涉及欺骗邻居发现消息的其他攻击,可以通过要求对邻居发现数据包进行身份验证来解决[RFC2402]。
[RFC2402] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402, November 1998.
[RFC2402]Kent,S.和R.Atkinson,“IP认证头”,RFC 2402,1998年11月。
[IPv6-ETHER] Crawford, M., "A Method for the Transmission of IPv6 Packets over Ethernet Networks", RFC 2464, December 1998.
[IPv6以太]Crawford,M.,“通过以太网传输IPv6数据包的方法”,RFC 2464,1998年12月。
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[关键词]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC1112] Deering, S., "Host Extensions for IP Multicasting", STD 5, RFC 1112, August 1989.
[RFC1112]Deering,S.,“IP多播的主机扩展”,STD 5,RFC11121989年8月。
[ADDR-ARCH] Hinden, R. and S. Deering, "Internet Protocol Version (IPv6) Addressing Architecture", RFC 2373, July 1998
[ADDR-ARCH]Hinden,R.和S.Deering,“互联网协议版本(IPv6)寻址体系结构”,RFC 23731998年7月
[DHCPv6] Bound, J. and C. Perkins, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", Work in Progress.
[DHCPv6]Bound,J.和C.Perkins,“IPv6的动态主机配置协议(DHCPv6)”,正在进行中。
[DISCOVERY] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery for IP Version 6 (IPv6)", RFC 2461, December 1998.
[DISCOVERY]Narten,T.,Nordmark,E.和W.Simpson,“IP版本6(IPv6)的邻居发现”,RFC 246112998年12月。
The authors would like to thank the members of both the IPNG and ADDRCONF working groups for their input. In particular, thanks to Jim Bound, Steve Deering, Richard Draves, and Erik Nordmark. Thanks also goes to John Gilmore for alerting the WG of the "0 Lifetime Prefix Advertisement" denial of service attack vulnerability; this document incorporates changes that address this vulnerability.
作者要感谢IPNG和ADDRCONF工作组的成员的投入。特别要感谢吉姆·邦德、史蒂夫·迪林、理查德·德拉维斯和埃里克·诺德马克。还感谢John Gilmore提醒工作组注意“0终身前缀广告”拒绝服务攻击漏洞;本文档包含了解决此漏洞的更改。
AUTHORS' ADDRESSES
作者地址
Susan Thomson Bellcore 445 South Street Morristown, NJ 07960 USA
Susan Thomson Bellcore美国新泽西州莫里斯镇南街445号07960
Phone: +1 201-829-4514 EMail: set@thumper.bellcore.com
Phone: +1 201-829-4514 EMail: set@thumper.bellcore.com
Thomas Narten IBM Corporation P.O. Box 12195 Research Triangle Park, NC 27709-2195 USA
美国北卡罗来纳州三角研究园12195号邮政信箱托马斯·纳顿IBM公司,邮编:27709-2195
Phone: +1 919 254 7798 EMail: narten@raleigh.ibm.com
Phone: +1 919 254 7798 EMail: narten@raleigh.ibm.com
Determining whether a received multicast solicitation was looped back to the sender or actually came from another node is implementation-dependent. A problematic case occurs when two interfaces attached to the same link happen to have the same identifier and link-layer address, and they both send out packets with identical contents at roughly the same time (e.g., Neighbor Solicitations for a tentative address as part of Duplicate Address Detection messages). Although a receiver will receive both packets, it cannot determine which packet was looped back and which packet came from the other node by simply comparing packet contents (i.e., the contents are identical). In this particular case, it is not necessary to know precisely which packet was looped back and which was sent by another node; if one receives more solicitations than were sent, the tentative address is a duplicate. However, the situation may not always be this straightforward.
确定接收到的多播请求是循环回发送方还是实际来自另一个节点取决于实现。当连接到同一链路的两个接口恰好具有相同的标识符和链路层地址,并且它们都在大致相同的时间发送具有相同内容的数据包(例如,作为重复地址检测消息的一部分,邻居请求临时地址)时,就会出现问题。尽管接收器将接收这两个数据包,但它不能通过简单地比较数据包内容(即,内容相同)来确定哪个数据包被环回,哪个数据包来自另一个节点。在这种特殊情况下,不需要精确地知道哪个包被循环回,哪个包被另一个节点发送;如果收到的邀请函多于发送的邀请函,则暂定地址为重复地址。然而,情况可能并不总是如此简单。
The IPv4 multicast specification [RFC1112] recommends that the service interface provide a way for an upper-layer protocol to inhibit local delivery of packets sent to a multicast group that the sending host is a member of. Some applications know that there will be no other group members on the same host, and suppressing loopback prevents them from having to receive (and discard) the packets they themselves send out. A straightforward way to implement this facility is to disable loopback at the hardware level (if supported by the hardware), with packets looped back (if requested) by software. On interfaces in which the hardware itself suppresses loopbacks, a node running Duplicate Address Detection simply counts the number of Neighbor Solicitations received for a tentative address and compares them with the number expected. If there is a mismatch, the tentative address is a duplicate.
IPv4多播规范[RFC1112]建议服务接口为上层协议提供一种方式,以禁止发送到发送主机所属的多播组的数据包的本地传递。一些应用程序知道在同一主机上不会有其他组成员,而抑制环回可以防止它们不得不接收(和丢弃)自己发送的数据包。实现此功能的一种简单方法是在硬件级别(如果硬件支持)禁用环回,并通过软件环回数据包(如果请求)。在硬件本身抑制环回的接口上,运行重复地址检测的节点只需计算为暂定地址接收的邻居请求的数量,并将其与预期数量进行比较。如果存在不匹配,则暂定地址为重复地址。
In those cases where the hardware cannot suppress loopbacks, however, one possible software heuristic to filter out unwanted loopbacks is to discard any received packet whose link-layer source address is the same as the receiving interface's. Unfortunately, use of that criteria also results in the discarding of all packets sent by another node using the same link-layer address. Duplicate Address Detection will fail on interfaces that filter received packets in this manner:
然而,在硬件无法抑制环回的情况下,过滤掉不需要的环回的一种可能的软件启发式方法是丢弃链路层源地址与接收接口相同的任何接收数据包。不幸的是,使用该标准还导致丢弃使用相同链路层地址的另一节点发送的所有数据包。重复地址检测将在以这种方式过滤接收数据包的接口上失败:
o If a node performing Duplicate Address Detection discards received packets having the same source link-layer address as the receiving interface, it will also discard packets from other nodes also using the same link-layer address, including Neighbor Advertisement and Neighbor Solicitation messages required to make Duplicate Address Detection work correctly. This
o 如果执行重复地址检测的节点丢弃与接收接口具有相同源链路层地址的接收数据包,则它还将丢弃来自同样使用相同链路层地址的其他节点的数据包,包括使重复地址检测正常工作所需的邻居公告和邻居请求消息。这
particular problem can be avoided by temporarily disabling the software suppression of loopbacks while a node performs Duplicate Address Detection.
当节点执行重复地址检测时,可以通过临时禁用软件抑制环回来避免特定问题。
o If a node that is already using a particular IP address discards received packets having the same link-layer source address as the interface, it will also discard Duplicate Address Detection-related Neighbor Solicitation messages sent by another node also using the same link-layer address. Consequently, Duplicate Address Detection will fail, and the other node will configure a non-unique address. Since it is generally impossible to know when another node is performing Duplicate Address Detection, this scenario can be avoided only if software suppression of loopback is permanently disabled.
o 如果已经使用特定IP地址的节点丢弃接收到的具有与接口相同的链路层源地址的数据包,则它还将丢弃同样使用相同链路层地址的另一节点发送的与重复地址检测相关的邻居请求消息。因此,重复地址检测将失败,而另一个节点将配置非唯一地址。由于通常不可能知道另一个节点何时执行重复地址检测,因此只有在永久禁用环回软件抑制的情况下才能避免这种情况。
Thus, to perform Duplicate Address Detection correctly in the case where two interfaces are using the same link-layer address, an implementation must have a good understanding of the interface's multicast loopback semantics, and the interface cannot discard received packets simply because the source link-layer address is the same as the interfaces.
因此,要在两个接口使用相同链路层地址的情况下正确执行重复地址检测,实现必须很好地理解接口的多播环回语义,接口不能仅仅因为源链路层地址与接口相同而丢弃接收到的数据包。
o Changed document to use term "interface identifier" rather than "interface token" for consistency with other IPv6 documents.
o 将文档更改为使用术语“接口标识符”而不是“接口令牌”,以与其他IPv6文档保持一致。
o Clarified definition of deprecated address to make clear it is OK to continue sending to or from deprecated addresses.
o 澄清了不推荐使用的地址的定义,以明确是否可以继续向不推荐使用的地址发送邮件或从中发送邮件。
o Reworded section 5.4 for clarity (no substantive change).
o 为清晰起见,改写了第5.4节(无实质性变更)。
o Added rules to Section 5.5.3 Router Advertisement processing to address potential denial-of-service attack when prefixes are advertised with very short Lifetimes.
o 在第5.5.3节路由器公告处理中添加了规则,以解决前缀以极短生命周期公告时可能发生的拒绝服务攻击。
o Clarified wording in Section 5.5.4 to make clear that all upper layer protocols must process (i.e., send and receive) packets sent to deprecated addresses.
o 澄清了第5.5.4节中的措辞,以明确所有上层协议必须处理(即发送和接收)发送到不推荐地址的数据包。
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。