errata logo graphic

Found 2 records.

Status: Verified (1)

RFC6620, "FCFS SAVI: First-Come, First-Served Source Address Validation Improvement for Locally Assigned IPv6 Addresses", May 2012

Source of RFC: savi (int)

Errata ID: 3926

Status: Verified
Type: Technical

Reported By: Leaf Yeh
Date Reported: 2014-03-21
Verifier Name: Ted Lemon
Date Verified: 2014-04-05

Section 3.2.3 says:

   +---------+  VP_NS, VP_DATA/2xNS                    +-----------+
   |         |---------------------------------------->|           |
   | NO_BIND |                                         | TENTATIVE |
   |         |<----------------------------------------|           |
   +---------+                    TP_NA, TP_NS/-       +-----------+
          ^                                                |
          |                                                | TimeOut
   Timeout|                                                |
          |                                                v
   +---------+  VP_NA/-                                +-----------+
   |         |---------------------------------------->|           |
   | TESTING |                                TP_NS/-  |           |
   |  TP-LT  |<----------------------------------------|   VALID   |
   |         |                           TimeOut/2xNS  |           |
   |         |<----------------------------------------|           |
   +---------+                                         +-----------+
     ^   |                                                ^    |
     |   |                                                |    |
     |   +---------------------      ---------------------+    |
     |       VP_NS/-          |     |  NP_NA, TimeOut/-        |
     |                        v     |                          |
     |                     +-----------+                       |
     |                     |           |                       |
     +---------------------|  TESTING  |<----------------------+
          VP_NS, VP_DATA/- |    VP     |  VP_DATA, VP_NS,
                           +-----------+  VP_NA/2xNS

                    Figure 2: Simplified State Machine

It should say:

   +---------+  VP_NS, VP_DATA/2xNS                    +-----------+
   |         |---------------------------------------->|           |
   | NO_BIND |                                         | TENTATIVE |
   |         |<----------------------------------------|           |
   +---------+                    TP_NA, TP_NS/-       +-----------+
          ^                                                |
          |                                                | TimeOut
   Timeout|                                                |
          |                                                v
   +---------+  VP_NA/-                                +-----------+
   |         |---------------------------------------->|           |
   | TESTING |                                TP_NS/-  |           |
   |  TP-LT  |<----------------------------------------|   VALID   |
   |         |                           TimeOut/2xNS  |           |
   |         |<----------------------------------------|           |
   +---------+                                         +-----------+
     ^   |                                                ^    |
     |   |                                                |    |
     |   +---------------------      ---------------------+    |
     |       VP_NS/-          |     |  VP_NA, TimeOut/-        |
     |                        v     |                          |
     |                     +-----------+                       |
     |                     |           |                       |
     +---------------------|  TESTING  |<----------------------+
          TP_NS, TP_DATA/- |    VP     |  VP_DATA, VP_NS,
                           +-----------+  VP_NA/2xNS

                    Figure 2: Simplified State Machine

Notes:

a. According to the description on the state machine at page 19,

<quote>
o If an NA message containing the IPAddr as the Target Address is
received through the Validating Port P as a reply to the DAD_NS
message, then the NA is forwarded as usual and the state is
changed to VALID. The LIFETIME is set to DEFAULT_LT.
</quote>

the state change from TESTING_VP to VALID should be triggered by the VP_NA (NA message containing the IPAddr as the Target Address is received through the Validating Port).


b. According to the description on the state machine at page 19,

<quote>
o If a data packet containing IPAddr as the source address is
received through a Trusted Port (i.e., other than port P), the
state is moved to TESTING_TP-LT, and the packet MAY be discarded.

o If a DAD_NS is received through a Trusted Port, the packet is
forwarded as usual, and the state is moved to TESTING_TP-LT.
</quote>

the state change from TESTING_VP to TESTING_TP-LT should be triggered by the TP_DATA (data packet containing IPAddr as the source address received through a Trusted Port), or by the TP_NS (DAD_NS is received through a Trusted Port).


Status: Rejected (1)

RFC6620, "FCFS SAVI: First-Come, First-Served Source Address Validation Improvement for Locally Assigned IPv6 Addresses", May 2012

Source of RFC: savi (int)

Errata ID: 3927

Status: Rejected
Type: Editorial

Reported By: Leaf Yeh
Date Reported: 2014-03-21
Rejected by: Ted Lemon
Date Rejected: 2014-03-21

Section 2.5 says:

   In order to provide proper
   source address validation, it is critical that the information
   distributed among the different FCFS SAVI devices be coherent.

It should say:

   In order to provide proper
   source address validation, it is critical that the information
   distributed among the different FCFS SAVI devices be not coherent.

Notes:

The above revision then complies with the other statements in the same paragraph:

<quote>
In particular, it is important to avoid having the same source address bound to different binding anchors in different FCFS SAVI devices. Should that occur, then it would mean that two hosts are allowed to send packets with the same source address, which is what FCFS SAVI is trying to prevent. In order to preserve the coherency of the FCFS SAVI bindings distributed among the FCFS SAVI devices within a realm, the Neighbor Discovery (ND) protocol [RFC4861] is used, in particular the Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages.
</quote>
--VERIFIER NOTES--
The proposed change is incorrect. I think you have misunderstood what the word "coherent" means, and this led to confusion.


Report New Errata