6.3. Host Specification
6.3.1. Host Configuration Variables
None.
6.3.2. Host Variables
A host maintains certain Neighbor Discovery related variables in
addition to the data structures defined in Section 5.1. The specific
variable names are used for demonstration purposes only, and an
implementation is not required to have them, so long as its external
behavior is consistent with that described in this document.
一个主机获得特定ND报文相关的变量作为在5.1章节定义的数据结构的补充。某些特定
的变量只用来作为验证的目的,在实现中并不一定要求定义,只要主机的行为与本文档
描述一致即可。
These variables have default values that are overridden by
information received in Router Advertisement messages. The default
values are used when there is no router on the link or when all
received Router Advertisements have left a particular value
unspecified.
这些变量都有默认值,可以被RA报文的相关字段的值覆盖。这些默认值只用在链路上没有路由器
或者所有接收到的RA报文都没有确定该变量的值。
The default values in this specification may be overridden by
specific documents that describe how IP operates over different link
layers. This rule allows Neighbor Discovery to operate over links
with widely varying performance characteristics.
这些默认值可能被其他描述IP如何工作在不同链路上的文档所修改。
For each interface:
LinkMTU The MTU of the link.
Default: The valued defined in the specific
document that describes how IPv6 operates over
the particular link layer (e.g., [IPv6-ETHER]).
CurHopLimit The default hop limit to be used when sending
(unicast) IP packets.
Default: The value specified in the "Assigned
Numbers" RFC [ASSIGNED] that was in effect at the
time of implementation.
BaseReachableTime
A base value used for computing the random
ReachableTime value.
Default: REACHABLE_TIME milliseconds.
ReachableTime The time a neighbor is considered reachable after
receiving a reachability confirmation.
Narten, et. al. Standards Track [Page 50]
RFC 2461 Neighbor Discovery for IPv6 December 1998
This value should be a uniformly-distributed
random value between MIN_RANDOM_FACTOR and
MAX_RANDOM_FACTOR times BaseReachableTime
milliseconds. A new random value should be
calculated when BaseReachableTime changes (due to
Router Advertisements) or at least every few
hours even if no Router Advertisements are
received.
RetransTimer The time between retransmissions of Neighbor
Solicitation messages to a neighbor when
resolving the address or when probing the
reachability of a neighbor.
Default: RETRANS_TIMER milliseconds
6.3.3. Interface Initialization
The host joins the all-nodes multicast address on all multicast-
capable interfaces.
主机的支持多播的所有接口必须加入all-nodes多播组地址。
6.3.4. Processing Received Router Advertisements
When multiple routers are present, the information advertised
collectively by all routers may be a superset of the information
contained in a single Router Advertisement. Moreover, information
may also be obtained through other dynamic means, such as stateful
autoconfiguration. Hosts accept the union of all received
information; the receipt of a Router Advertisement MUST NOT
invalidate all information received in a previous advertisement or
from another source. 主机接收到某一个RA报文,但一定不能使以前接收到的
广播等所包含的所有信息失效。 However, when received information for a
specific parameter (e.g., Link MTU) or option (e.g., Lifetime on a
specific Prefix) differs from information received earlier, and the
parameter/option can only have one value, the most recently-received
information is considered authoritative.但是,当接收到的某一个参数(例如link mtu)
或者选项(如某一个前缀的有效时间)与之前接收到的值不同,并且这个参数或选项
只能有一个值,则最近接收到的值优先级更高。
Some Router Advertisement fields (e.g., Cur Hop Limit, Reachable Time
and Retrans Timer) may contain a value denoting unspecified. In such
cases, the parameter should be ignored and the host should continue
using whatever value it is already using. In particular, a host MUST
NOT interpret the unspecified value as meaning change back to the
default value that was in use before the first Router Advertisement
was received. This rule prevents hosts from continually changing an
internal variable when one router advertises a specific value, but
other routers advertise the unspecified value.某些RA报文的字段(例如cur hop limit,
reachable time 和retrans timer等)可能包含了无法确定的值。在这种情形下,这个字段
应该被忽略,并继续保留以前的值。特别的,主机一定不能把这些无法确定的值解释成
把这个字段所对应的变量的值恢复成收到第一个RA之前的默认值。这个规则阻止了在某一个路由器
广播了一个包含确定值的报文,而其他路由器确广播不确定的值的条件下,主机频繁的
修改某一个变量,
当接收到一个有效的RA后,主机取出数据报的源地址,然后做以下处理:
On receipt of a valid Router Advertisement, a host extracts the
source address of the packet and does the following:
Narten, et. al. Standards Track [Page 51]
RFC 2461 Neighbor Discovery for IPv6 December 1998
- If the address is not already present in the host's Default
Router List, and the advertisement's Router Lifetime is non-
zero, create a new entry in the list, and initialize its
invalidation timer value from the advertisement's Router
Lifetime field.如果这个地址不在该主机的默认路由列表中,并且该RA报文
的router lifetime字段的值非0,则要在默认路由列表中添加一个新的条目。
并根据RA中的router lifetime字段值来初始化该条目的失效计时器。
- If the address is already present in the host's Default Router
List as a result of a previously-received advertisement, reset
its invalidation timer to the Router Lifetime value in the
newly-received advertisement.如果该地址已经在该主机的默认路由列表中
存在,则重新设置这个条目的失效时间。
- If the address is already present in the host's Default Router
List and the received Router Lifetime value is zero, immediately
time-out the entry as specified in Section 6.3.5.如果该地址在主机的
默认路由列表中,并且接收到的RA的router lifetime字段的值为0,则马上
使这个条目失效。
To limit the storage needed for the Default Router List, a host MAY
choose not to store all of the router addresses discovered via
advertisements. However, a host MUST retain at least two router
addresses and SHOULD retain more. Default router selections are made
whenever communication to a destination appears to be failing. Thus,
the more routers on the list, the more likely an alternative working
router can be found quickly (e.g., without having to wait for the
next advertisement to arrive).为了节省存储默认路由列表的空间,主机可能选择
不存储所有通过广播所获得路由器地址。但是,主机必须获得至少两个路由器地址,而且
应该尽可能保存更多。当到达某一个目的失败时,就要进行默认路由选择了。因此,保留越多的
路由器地址,则能越快的找到能替代工作的路由器(可以避免等待下一个广播报文)
If the received Cur Hop Limit value is non-zero the host SHOULD set
its CurHopLimit variable to the received value.如果接收到的cur hop limit的值不为0,则
主机应该把它的curhoplimit变量值修改成接收到的值。
If the received Reachable Time value is non-zero the host SHOULD set
its BaseReachableTime variable to the received value. If the new
value differs from the previous value, the host SHOULD recompute a
new random ReachableTime value. ReachableTime is computed as a
uniformly-distributed random value between MIN_RANDOM_FACTOR and
MAX_RANDOM_FACTOR times the BaseReachableTime. Using a random
component eliminates the possibility Neighbor Unreachability
Detection messages synchronize with each other.如果接收到的reachable time的值不为0,则主机
应该把basereachabletime变量的值修改为接收到的值。如果新接收到的值与之前的值不同,则主机应该
重新计算一个新的随机reachabletime变量的值。reachabletime应该是一个均匀分布的随机值,它是
basereachabletime的某一个倍数值,这个倍数是介于MIN_RANDOM_FACTOR和MAX_RANDOM_FACTOR之间的一个
随机值。
In most cases, the advertised Reachable Time value will be the same
in consecutive Router Advertisements and a host's BaseReachableTime
rarely changes. In such cases, an implementation SHOULD insure that
a new random value gets recomputed at least once every few hours.
在大多数情况下,连续接收到RA中的reachable time字段的值是相同的,所以主机
的basereachabletime变量的值很少变化。在这种情况下,应该能保证每隔几个小时
重新计算一个新的随机值。
The RetransTimer variable SHOULD be copied from the Retrans Timer
field, if the received value is non-zero.如果接收到的RA的retrans time字段的值不为0,则主机的Retranstimer
变量的值应该从对应字段进行复制。
After extracting information from the fixed part of the Router
Advertisement message, the advertisement is scanned for valid
options. If the advertisement contains a Source Link-Layer Address
option the link-layer address SHOULD be recorded in the Neighbor
Narten, et. al. Standards Track [Page 52]
RFC 2461 Neighbor Discovery for IPv6 December 1998
Cache entry for the router (creating an entry if necessary) and the
IsRouter flag in the Neighbor Cache entry MUST be set to TRUE. If no
Source Link-Layer Address is included, but a corresponding Neighbor
Cache entry exists, its IsRouter flag MUST be set to TRUE. The
IsRouter flag is used by Neighbor Unreachability Detection to
determine when a router changes to being a host (i.e., no longer
capable of forwarding packets). If a Neighbor Cache entry is created
for the router its reachability state MUST be set to STALE as
specified in Section 7.3.3. If a cache entry already exists and is
updated with a different link-layer address the reachability state
MUST also be set to STALE.在取出RA报文的固定部分(就是非选项部分)的信息之后,
就要开始对选项进行处理了。如果广播包含了source link-layer 地址选项,则主机的
邻居缓存应该记录这个链路地址(如果必要,应该新建一个条目),并且必须把IsRouter标志
设置为True。如果不包含源链路地址选项,但是存在对应邻居缓存条目,则它的Isrouter标志
一样必须设置为True。当路由器从路由器变为主机的时候(不再有转发数据报的能力),IsRouter
标志可以被邻居不可达检测用来进行相关处理。如果新创建了一个路由器的邻居缓存条目,则条目
的reachablility状态必须被设置为stale。如果条目已经存在,但是链路地址改变了,则reachablity
状态也必须改为stale。
If the MTU option is present, hosts SHOULD copy the option's value
into LinkMTU so long as the value is greater than or equal to the
minimum link MTU [IPv6] and does not exceed the default LinkMTU value
specified in the link type specific document (e.g., [IPv6-ETHER]).
如果mtu选项存在,主机应该把选项的值复制到linkMTU变量,只要选项的值不小于
最小链路MTU,并且不超过特定链路类型的默认链路MTU。
Prefix Information options that have the "on-link" (L) flag set
indicate a prefix identifying a range of addresses that should be
considered on-link. Note, however, that a Prefix Information option
with the on-link flag set to zero conveys no information concerning
on-link determination and MUST NOT be interpreted to mean that
addresses covered by the prefix are off-link. The only way to cancel
a previous on-link indication is to advertise that prefix with the
L-bit set and the Lifetime set to zero. The default behavior (see
Section 5.2) when sending a packet to an address for which no
information is known about the on-link status of the address is to
forward the packet to a default router; the reception of a Prefix
Information option with the "on-link " (L) flag set to zero does not
change this behavior. The reasons for an address being treated as
on-link is specified in the definition of "on-link" in Section 2.1.
Prefixes with the on-link flag set to zero would normally have the
autonomous flag set and be used by [ADDRCONF].前缀信息选项的on-link标志被设置为1
表明这个前缀所对应的地址应该被视为on-link。需要注意的是,当前缀信息选项的on-link
标志为0与on-link状态并没有联系,而且一定不能被解释成这个前缀对应的地址处于off-link
状态。取消以前的on-link状态指示的唯一途径是广播一个RA,其L位被设置,并且lifetime字段
的值被设置为0。当要发送报文到一个不知道是否处于on-link状态的目的时,默认的行为是,把这
个报文发送道默认路由器,接收到on-link标志被设为0的前缀选项不会改变这个行为。on-link标志
被设置为0的前缀通常设置了自治标志。
For each Prefix Information option with the on-link flag set, a host
does the following:对于每一个on-link标志已经设置的前缀信息选项,主机会进行以下处理:
- If the prefix is the link-local prefix, silently ignore the
Prefix Information option.如果前缀是link-local前缀,直接忽略这个前缀选项。
- If the prefix is not already present in the Prefix List, and the
Prefix Information option's Valid Lifetime field is non-zero,
create a new entry for the prefix and initialize its
invalidation timer to the Valid Lifetime value in the Prefix
Information option.如果选项中的前缀不在该主机的前缀列表中,并且前缀选项中的valid
lifetime 字段的值不为0,则为这个前缀创建一个新的条目,并把条目的失效计时器设置为选项
中的valid lifetime的值。
- If the prefix is already present in the host's Prefix List as
the result of a previously-received advertisement, reset its
Narten, et. al. Standards Track [Page 53]
RFC 2461 Neighbor Discovery for IPv6 December 1998
invalidation timer to the Valid Lifetime value in the Prefix
Information option. If the new Lifetime value is zero, time-out
the prefix immediately (see Section 6.3.5).如果选项中的前缀已经存在主机的前缀列表
中,则把该条目的失效计时器修改为选项中对应的前缀信息选项的valid lifetime字段值。
如果新值为0,则马上使该前缀失效。
- If the Prefix Information option's Valid Lifetime field is zero,
and the prefix is not present in the host's Prefix List,
silently ignore the option.如果选项的valid lifetime 字段值为0,并且选项的前缀不在
主机的前缀列表中,直接忽略这个选项。
Stateless address autoconfiguration [ADDRCONF] may in some
circumstances increase the Valid Lifetime of a prefix or ignore it
completely in order to prevent a particular denial of service attack.
However, since the effect of the same denial of service targeted at
the on-link prefix list is not catastrophic (hosts would send packets
to a default router and receive a redirect rather than sending
packets directly to a neighbor) the Neighbor Discovery protocol does
not impose such a check on the prefix lifetime values.无状态地址配置(rfc2462??saa)可能在某些
环境下会增加前缀的valid lifetime 的值,或者直接完全忽略它,以便阻止特定的拒绝服务攻击。
但是,对on-link前缀列表的类似拒绝服务攻击并不是灾难性的(主机可以通过把数据报发送到默认路由器,然后
收到重定向,而不是直接把数据报发送到目的地)。ND协议并没有强制对前缀的lifetime的值进行检测。
Note: Implementations can choose to process the on-link aspects of
the prefixes separately from the address autoconfiguration aspects
of the prefixes by, e.g., passing a copy of each valid Router
Advertisement message to both an "on-link" and an "addrconf"
function. Each function can then operate independently on the
prefixes that have the appropriate flag set.
6.3.5. Timing out Prefixes and Default Routers
Whenever the invalidation timer expires for a Prefix List entry, that
entry is discarded. No existing Destination Cache entries need be
updated, however. Should a reachability problem arise with an
existing Neighbor Cache entry, Neighbor Unreachability Detection will
perform any needed recovery.只要前缀条目的失效时间一到,这个条目就被丢弃。
对于目的缓存条目,并不需要做对应的更新。当一个可达性问题出现在某个已有的
邻居缓存条目的时候,调用邻居不可达检测进行相应的处理。
Whenever the Lifetime of an entry in the Default Router List expires,
that entry is discarded. When removing a router from the Default
Router list, the node MUST update the Destination Cache in such a way
that all entries using the router perform next-hop determination
again rather than continue sending traffic to the (deleted) router.
只要默认路由器列表的某个条目的失效时间一到,这个条目就被丢弃。当从默认路由器列表
中删除某个路由器条目的时候,主机必须更新目的缓存中所有使用这个路由器作为下一跳的条目。
总结:前缀列表的更新和默认路由器列表的更新的处理是不一样的。
6.3.6. Default Router Selection
The algorithm for selecting a router depends in part on whether or
not a router is known to be reachable. The exact details of how a
node keeps track of a neighbor's reachability state are covered in
Section 7.3. The algorithm for selecting a default router is invoked
during next-hop determination when no Destination Cache entry exists
for an off-link destination or when communication through an existing
router appears to be failing. Under normal conditions, a router
would be selected the first time traffic is sent to a destination,
Narten, et. al. Standards Track [Page 54]
RFC 2461 Neighbor Discovery for IPv6 December 1998
with subsequent traffic for that destination using the same router as
indicated in the Destination Cache modulo any changes to the
Destination Cache caused by Redirect messages.选择路由器的规则部分依赖于路由器是否已知可达。
当一个off-link目的地址不存在目的缓存中或者通过已有的路由器通信失败,选择默认路由器就会被调用来
决定下一跳路由。
The policy for selecting routers from the Default Router List is as
follows:从默认路由器列表中选择路由的规则如下:
1) Routers that are reachable or probably reachable (i.e., in any
state other than INCOMPLETE) SHOULD be preferred over routers
whose reachability is unknown or suspect (i.e., in the
INCOMPLETE state, or for which no Neighbor Cache entry exists).
An implementation may choose to always return the same router or
cycle through the router list in a round-robin fashion as long
as it always returns a reachable or a probably reachable router
when one is available.处于可达状态或者可能处于可达状态(如除了INCOMPLETE的其他状态)的路由器应该
比哪些可达性处于未知或怀疑(如INCOMPLETE状态或不存在对应的邻居缓存条目)的路由器优先。某种实现可能
总是选择同一个路由器,或者循环的选择路由器列表中的路由器,只要这种实现能总是返回处于可达或可能可达
状态的路由器。
2) When no routers on the list are known to be reachable or
probably reachable, routers SHOULD be selected in a round-robin
fashion, so that subsequent requests for a default router do not
return the same router until all other routers have been
selected.当路由器列表中的没有路由器处于可达或者可能可达状态的时候,应该循环的选择路由器,这样可以防止
后续的默认路由请求都始终使用同一个路由。
Cycling through the router list in this case ensures that all
available routers are actively probed by the Neighbor
Unreachability Detection algorithm. A request for a default
router is made in conjunction with the sending of a packet to a
router, and the selected router will be probed for reachability
as a side effect.循环选择可以保证所有可达的路由器都能被邻居不可达检测探测到。对默认路由的请求和向该路由器
发送数据报是同时进行的。
3) If the Default Router List is empty, assume that all
destinations are on-link as specified in Section 5.2.
如果默认路由器列表是空的,则认为所有目的地址都是处于on-link状态的。
6.3.7. Sending Router Solicitations
When an interface becomes enabled, a host may be unwilling to wait
for the next unsolicited Router Advertisement to locate default
routers or learn prefixes. To obtain Router Advertisements quickly,
a host SHOULD transmit up to MAX_RTR_SOLICITATIONS(3) Router
Solicitation messages each separated by at least
RTR_SOLICITATION_INTERVAL(4) seconds. Router Solicitations may be sent
after any of the following events:当主机的一个接口变为有效的时候,主机可能不希望等待下一个非请求RA
报文来配置默认路由和前缀学习。它应该每隔RTR_SOLICITATION_INTERVAL所指定的时间,发送MAX_RTR_SOLICITATIONS
所指定的RS数据报。RS可能被发送只要发生以下任何一种情况之一:
- The interface is initialized at system startup time.
系统初始化时,接口也初始化了。
- The interface is reinitialized after a temporary interface
failure or after being temporarily disabled by system
management.在短暂的接口失效或者被系统指定为失效后,接口重新初始化。
Narten, et. al. Standards Track [Page 55]
RFC 2461 Neighbor Discovery for IPv6 December 1998
- The system changes from being a router to being a host, by
having its IP forwarding capability turned off by system
management.系统由路由器变为主机,失去了转发数据报的能力。
- The host attaches to a link for the first time.主机第一次接入链路。
- The host re-attaches to a link after being detached for some
time.在断开链路联接后又重新接入链路。
A host sends Router Solicitations to the All-Routers multicast
address. The IP source address is set to either one of the
interface's unicast addresses or the unspecified address. The Source
Link-Layer Address option SHOULD be set to the host's link-layer
address, if the IP source address is not the unspecified address.
主机向all-routers多播组发送RS报文。数据报的源ip地址要么被设置为接口的单播地址,要么是不确定
地址。当源ip地址不是不确定地址的时候,源链路地址选项应该被设置为主机的链路地址。
Before a host sends an initial solicitation, it SHOULD delay the
transmission for a random amount of time between 0 and
MAX_RTR_SOLICITATION_DELAY(1). This serves to alleviate congestion when
many hosts start up on a link at the same time, such as might happen
after recovery from a power failure. If a host has already performed
a random delay since the interface became (re)enabled (e.g., as part
of Duplicate Address Detection [ADDRCONF]) there is no need to delay
again before sending the first Router Solicitation message.主机发送初始化的RS之前,应该延迟
一个随机时间,这个随机时间介于0到MAX_RTR_SOLICITATION_DELAY之间。这可以缓解冲突,因为有可能
在链路上,大量主机同时启动,例如在突然停电后又恢复。如果主机已经延迟了一段时间,就没有必要再
延迟了。
Once the host sends a Router Solicitation, and receives a valid
Router Advertisement with a non-zero Router Lifetime, the host MUST
desist from sending additional solicitations on that interface, until
the next time one of the above events occurs. Moreover, a host
SHOULD send at least one solicitation in the case where an
advertisement is received prior to having sent a solicitation.
Unsolicited Router Advertisements may be incomplete (see Section
6.2.3); solicited advertisements are expected to contain complete
information.当主机发送了RS后,并收到了一个有效的RA报文,该RA的Router lifetime字段的值不为0,则主机
必须在同样的接口停止发送额外的RS,直到下一次上面那些触发事件再次发生。进一步地,主机应该发送至少一个
RS,如果在发送RS之前,已经收到了一个RA。因为非请求RA可能不完整(不包括所有选项);而请求式RA则必须包含
所有选项。
If a host sends MAX_RTR_SOLICITATIONS(3) solicitations, and receives no
Router Advertisements after having waited MAX_RTR_SOLICITATION_DELAY(1)
seconds after sending the last solicitation, the host concludes that
there are no routers on the link for the purpose of [ADDRCONF].
However, the host continues to receive and process Router
Advertisements messages in the event that routers appear on the link.
如果主机已经发送了MAX_RTR_SOLICITATIONS个RS后,并且发送完最后一个RS后,等待了MAX_RTR_SOLICITATION_DELAY的时间后,
仍然没有接收到RA,则主机认为在链路上没有路由器。但是主机会继续接收并处理RA报文,只要链路上出现路由器。
7. ADDRESS RESOLUTION AND NEIGHBOR UNREACHABILITY DETECTION
This section describes the functions related to Neighbor Solicitation
and Neighbor Advertisement messages and includes descriptions of
address resolution and the Neighbor Unreachability Detection
algorithm.这一部分描述了与NS和NA相关的内容,并包括了地址解析和邻居不可达检测的内容。
Narten, et. al. Standards Track [Page 56]
RFC 2461 Neighbor Discovery for IPv6 December 1998
Neighbor Solicitation and Advertisement messages are also used for
Duplicate Address Detection as specified by [ADDRCONF]. In
particular, Duplicate Address Detection sends Neighbor Solicitation
messages with an unspecified source address targeting its own
"tentative" address. Such messages trigger nodes already using the
address to respond with a multicast Neighbor Advertisement indicating
that the address is in use. NS和NA都可以用来进行重复地址检测。特别的,重复地址检测通过
发送携带不确定源ip地址,目标地址为自己临时地址的NS信息来进行。这个NS信息会触发已经使用这个
地址的节点用这个地址来回复一个多播NA来表明所请求的地址已经在使用。
7.1. Message Validation
7.1.1. Validation of Neighbor Solicitations
A node MUST silently discard any received Neighbor Solicitation
messages that do not satisfy all of the following validity checks:
如果收到的NS不满足所有以下的有效性检测,节点必须丢弃这个NS.
- The IP Hop Limit field has a value of 255, i.e., the packet
could not possibly have been forwarded by a router.
IP的hop limit字段的值为255。数据报不能被中间路由器转发。
- If the message includes an IP Authentication Header, the message
authenticates correctly.
如果NS包括了authentication扩展头,而且数据报检测正确。
- ICMP Checksum is valid.
ICMP校验和正确有效
- ICMP Code is 0.
ICMP的code字段值为0
- ICMP length (derived from the IP length) is 24 or more octets.
ICMP的长度至少有24字节。
- Target Address is not a multicast address.
目标IP地址不是多播地址
- All included options have a length that is greater than zero.
所有选项的长度都大于0
- If the IP source address is the unspecified address, the IP
destination address is a solicited-node multicast address.
如果IP源地址是不确定地址(即全0地址),则IP目的地址是请求多播地址。
- If the IP source address is the unspecified address, there is no
source link-layer address option in the message.
如果IP源地址是不确定地址,则数据报中不包括源链路地址选项。(切忌切记)
The contents of the Reserved field, and of any unrecognized options,
MUST be ignored. Future, backward-compatible changes to the protocol
may specify the contents of the Reserved field or add new options;
backward-incompatible changes may use different Code values.
必须忽略保留字段的值,以及无法识别的选项。
The contents of any defined options that are not specified to be used
with Neighbor Solicitation messages MUST be ignored and the packet
processed as normal. The only defined option that may appear is the
Source Link-Layer Address option.当前已经定义的选项只有源链路地址选项。
Narten, et. al. Standards Track [Page 57]
RFC 2461 Neighbor Discovery for IPv6 December 1998
A Neighbor Solicitation that passes the validity checks is called a
"valid solicitation".
7.1.2. Validation of Neighbor Advertisements
A node MUST silently discard any received Neighbor Advertisement
messages that do not satisfy all of the following validity checks:
如果NA数据报不满足以下所有条件,主机必须丢弃收到的数据报。
- The IP Hop Limit field has a value of 255, i.e., the packet
could not possibly have been forwarded by a router.
IP数据报的hop limit字段的值为255。
- If the message includes an IP Authentication Header, the message
authenticates correctly.
- ICMP Checksum is valid.
- ICMP Code is 0.
- ICMP length (derived from the IP length) is 24 or more octets.
- Target Address is not a multicast address.
- If the IP Destination Address is a multicast address the
Solicited flag is zero.
- All included options have a length that is greater than zero.
The contents of the Reserved field, and of any unrecognized options,
MUST be ignored. Future, backward-compatible changes to the protocol
may specify the contents of the Reserved field or add new options;
backward-incompatible changes may use different Code values.
The contents of any defined options that are not specified to be used
with Neighbor Advertisement messages MUST be ignored and the packet
processed as normal. The only defined option that may appear is the
Target Link-Layer Address option.当前NA只定义了目标链路地址这一个选项
A Neighbor Advertisements that passes the validity checks is called a
"valid advertisement".
7.2. Address Resolution
Address resolution is the process through which a node determines the
link-layer address of a neighbor given only its IP address. Address
resolution is performed only on addresses that are determined to be
on-link and for which the sender does not know the corresponding
link-layer address. Address resolution is never performed on
multicast addresses.当节点只知道邻居的IP地址的时候,可以通过地址解析来获得该邻居
的链路地址。地址解析只能用在解析on-link地址,并且发送信息者不知道目的的链路地址。
地址解析永远不能用于解析多播地址。
Narten, et. al. Standards Track [Page 58]
RFC 2461 Neighbor Discovery for IPv6 December 1998
7.2.1. Interface Initialization
When a multicast-capable interface becomes enabled the node MUST join
the all-nodes multicast address on that interface, as well as the
solicited-node multicast address corresponding to each of the IP
addresses assigned to the interface.
当一个支持多播的接口处于活动状态的时候,节点必须为该接口配置all-nodes多播地址,
以及所有匹配接口上地址的请求多播地址。
The set of addresses assigned to an interface may change over time.
New addresses might be added and old addresses might be removed
[ADDRCONF]. In such cases the node MUST join and leave the
solicited-node multicast address corresponding to the new and old
addresses, respectively. Note that multiple unicast addresses may
map into the same solicited-node multicast address; a node MUST NOT
leave the solicited-node multicast group until all assigned addresses
corresponding to that multicast address have been removed.
接口地址的设置可能在过了一段时间后改变。新地址可能配置,旧地址可能被删掉。在这种情况下,节点必须
对接口上的请求多播地址进行相应的变化。需要注意的是,可能多个单播地址会映射到同一个请求多播地址。
只有在删除了接口地址之后,才能删除对应的请求多播地址。
7.2.2. Sending Neighbor Solicitations
When a node has a unicast packet to send to a neighbor, but does not
know the neighbor's link-layer address, it performs address
resolution. For multicast-capable interfaces this entails creating a
Neighbor Cache entry in the INCOMPLETE state and transmitting a
Neighbor Solicitation message targeted at the neighbor. The
solicitation is sent to the solicited-node multicast address
corresponding to the target address.
当节点发送一个单播数据报到一个邻居的时候,如果不知道该邻居的链路地址,则它会进行
地址解析。对于支持多播的接口,需要创建一个邻居缓存条目,该条目的状态为INCOMPLETE,
然后发送目标为该邻居的NS报文。该NS的目标IP地址为与目标IP对应的请求多播地址。
If the source address of the packet prompting the solicitation is the
same as one of the addresses assigned to the outgoing interface, that
address SHOULD be placed in the IP Source Address of the outgoing
solicitation. Otherwise, any one of the addresses assigned to the
interface should be used. Using the prompting packet's source
address when possible insures that the recipient of the Neighbor
Solicitation installs in its Neighbor Cache the IP address that is
highly likely to be used in subsequent return traffic belonging to
the prompting packet's "connection".如果发出NS的源地址与发出该报文的接口的某一个地址
相同,则这个地址应该放入IP数据报的源地址处。否则,可以使用该接口的任意一个地址。
使用源地址能保证接收者在接收到NS后,能在其邻居缓存中创建一个新的条目,然后在接下来的通信中使用它。
If the solicitation is being sent to a solicited-node multicast
address, the sender MUST include its link-layer address (if it has
one) as a Source Link-Layer Address option. Otherwise, the sender
SHOULD include its link-layer address (if it has one) as a Source
Link-Layer Address option. Including the source link-layer address
in a multicast solicitation is required to give the target an address
to which it can send the Neighbor Advertisement. On unicast
solicitations, an implementation MAY omit the Source Link-Layer
Address option. The assumption here is that if the sender has a
peer's link-layer address in its cache, there is a high probability
that the peer will also have an entry in its cache for the sender.
Consequently, it need not be sent.
如果NS被发送到请求多播地址,则发送该NS的主机必须在NS中放入自己链路地址作为源链路地址选项。在其他情况下,
发送者应该(没有强制必须)包含源链路选项。
在多播式请求中包含源链路地址选项可以让目标主机能够利用该地址来回复NA。对于单播请求,可以忽略掉源链路地址
选项。有一种假定就是,如果发送者的缓存中存放有目的节点的链路地址,则该目标节点的缓存中也应该存放有发送者
的链路地址。
Narten, et. al. Standards Track [Page 59]
RFC 2461 Neighbor Discovery for IPv6 December 1998
While waiting for address resolution to complete, the sender MUST,
for each neighbor, retain a small queue of packets waiting for
address resolution to complete. The queue MUST hold at least one
packet, and MAY contain more. However, the number of queued packets
per neighbor SHOULD be limited to some small value. When a queue
overflows, the new arrival SHOULD replace the oldest entry. Once
address resolution completes, the node transmits any queued packets.
在等待地址解析结束的过程中,发送者必须为每一个邻居保留一个小的数据报队列,队列必须至少有一个
报文。但是,每隔队列的数据报的数目应该有一个比较小的最大值。当队列满的时候,新到来的数据报应该
覆盖掉旧的数据。当地址解析结束后,节点发送所有在队列中的数据报。
While awaiting a response, the sender SHOULD retransmit Neighbor
Solicitation messages approximately every RetransTimer milliseconds,
even in the absence of additional traffic to the neighbor.
Retransmissions MUST be rate-limited to at most one solicitation per
neighbor every RetransTimer milliseconds.
在等待回应的过程中,发送者应该重传NS数据报,周期大约为RetransTimer规定的时间,即使发送者和目的之间并没有额外
的通信。重传的频率必须被限制,最多在RetransTimer的时间内,每个邻居一个NS。
If no Neighbor Advertisement is received after MAX_MULTICAST_SOLICIT
solicitations, address resolution has failed. The sender MUST return
ICMP destination unreachable indications with code 3 (Address
Unreachable) for each packet queued awaiting address resolution.
如果在发送了MAX_MULTICAST_SOLICIT指定的NS后,还没有收到NA,则地址解析失败。
发送者必须返回一个ICMP目的不可达错误信息给每一个等待该地址解析的排队数据报。
7.2.3. Receipt of Neighbor Solicitations
A valid Neighbor Solicitation that does not meet any the following
requirements MUST be silently discarded:
一个有效的NS报文如果不满足以下条件的任何一个,则应该被丢弃:
- The Target Address is a "valid" unicast or anycast address
assigned to the receiving interface [ADDRCONF],
目标地址是一个与接收接口相关的有效的单播或任意播地址
- The Target Address is a unicast address for which the node is
offering proxy service, or
目标地址是一个提供代理服务的节点的单播地址
- The Target Address is a "tentative" address on which Duplicate
Address Detection is being performed [ADDRCONF].
目标地址是一个正在进行重复地址检测的临时地址。
If the Target Address is tentative, the Neighbor Solicitation should
be processed as described in [ADDRCONF]. Otherwise, the following
description applies. If the Source Address is not the unspecified
address and, on link layers that have addresses, the solicitation
includes a Source Link-Layer Address option, then the recipient
SHOULD create or update the Neighbor Cache entry for the IP Source
Address of the solicitation. If an entry does not already exist, the
node SHOULD create a new one and set its reachability state to STALE
as specified in Section 7.3.3. If an entry already exists, and the
cached link-layer address differs from the one in the received Source
Link-Layer option, the cached address should be replaced by the
received address and the entry's reachability state MUST be set to
STALE.如果源地址不是不确定地址(全0地址),而且选项中包含源链路地址选项,则接收者应该创建或者更新
邻居缓存中与NS源IP地址对应的条目。如果该条目不存在,则应该创建一个新的条目,并把他的可达状态设置为
STALE。如果该条目已经存在,而且对应的链路地址改变了,则应该把原来的链路地址修改为收到的源链路选项中
的地址,并且可达状态必须被设置为STALE。
Narten, et. al. Standards Track [Page 60]
RFC 2461 Neighbor Discovery for IPv6 December 1998
If a Neighbor Cache entry is created the IsRouter flag SHOULD be set
to FALSE. This will be the case even if the Neighbor Solicitation is
sent by a router since the Neighbor Solicitation messages do not
contain an indication of whether or not the sender is a router. In
the event that the sender is a router, subsequent Neighbor
Advertisement or Router Advertisement messages will set the correct
IsRouter value. If a Neighbor Cache entry already exists its
IsRouter flag MUST NOT be modified.如果创建了一个新的邻居缓存条目,则对应的IsRouter标志应该被设置为FALSE。
如果NS的发送者是路由器,但在NS中没有任何显示该发送者是路由器的信息,则也应该遵守上面的做法。如果发送者是
路由器,那么,接下来的NA或者RA将会修正IsRouter的值。如果已经存在了邻居缓存条目,则它的IsRouter标志一定不能
被修改(这个需要理解)。
If the Source Address is the unspecified address the node MUST NOT
create or update the Neighbor Cache entry.
如果接收到的NS的源地址为不确定地址,则节点一定不能创建或更新邻居缓存条目。
After any updates to the Neighbor Cache, the node sends a Neighbor
Advertisement response as described in the next section.
在更新了邻居缓存之后,节点按照下一章的规定回复NA。
7.2.4. Sending Solicited Neighbor Advertisements
A node sends a Neighbor Advertisement in response to a valid Neighbor
Solicitation targeting one of the node's assigned addresses. The
Target Address of the advertisement is copied from the Target Address
of the solicitation. If the solicitation's IP Destination Address is
not a multicast address, the Target Link-Layer Address option MAY be
omitted; the neighboring node's cached value must already be current
in order for the solicitation to have been received. If the
solicitation's IP Destination Address is a multicast address, the
Target Link-Layer option MUST be included in the advertisement.
Furthermore, if the node is a router, it MUST set the Router flag to
one; otherwise it MUST set the flag to zero.
节点发送NA以回复一个有效的以该节点的地址为目标的NS。NA中的目标地址是从NS中的目标地址复制过来的。
如果NS的目的IP地址不是一个多播地址,则目标链路地址选项可能被忽略;the neighboring node's cached
value must already be current in order for the solicitation address is a multicast address。如果NS
的目的IP地址是一个多播地址,则NA中必须包含目标链路地址选项,更进一步如果该节点为路由器,则必须设置
路由器标志,否则把路由器标志置0。
If the Target Address is either an anycast address or a unicast
address for which the node is providing proxy service, or the Target
Link-Layer Address option is not included, the Override flag SHOULD
be set to zero. Otherwise, the Override flag SHOULD be set to one.
Proper setting of the Override flag ensures that nodes give
preference to non-proxy advertisements, even when received after
proxy advertisements, and also ensures that the first advertisement
for an anycast address "wins".
如果目标地址是任意播地址或者提供代理服务节点的单播地址,或者没有目标链路地址选项,则Override 标志应该
被置为0。否则,Override标志应该被置为1。正确的设置Override标志保证节点能够优先使用非代理的NA报文数据,
即使非代理RA数据报在代理数据报之后被接收,而且能够保证第一个任意播地址的NA能够有优先权。
If the source of the solicitation is the unspecified address, the
node MUST set the Solicited flag to zero and multicast the
advertisement to the all-nodes address. Otherwise, the node MUST set
the Solicited flag to one and unicast the advertisement to the Source
Address of the solicitation.
如果NS的源地址为不确定地址,则节点必须设置Solicited标志为0,并且广播NA到all-nodes地址。否则,节点必须设置
Solicited标志为1,并单播NA到对应NS的源地址。
If the Target Address is an anycast address the sender SHOULD delay
sending a response for a random time between 0 and
MAX_ANYCAST_DELAY_TIME seconds.如果目标地址为任意播地址,则发送者应该延迟发送回应NA,延迟时间是介于0和
MAX_ANYCAST_DELAY_TIME的一个随机值。
Narten, et. al. Standards Track [Page 61]
RFC 2461 Neighbor Discovery for IPv6 December 1998
Because unicast Neighbor Solicitations are not required to include a
Source Link-Layer Address, it is possible that a node sending a
solicited Neighbor Advertisement does not have a corresponding link-
layer address for its neighbor in its Neighbor Cache. In such
situations, a node will first have to use Neighbor Discovery to
determine the link-layer address of its neighbor (i.e, send out a
multicast Neighbor Solicitation).因为单播NS并不要求携带源链路地址,则有可能出现一种情况,就是节点在发送
回应的NA的时候,在它的邻居缓存种并没有一个正确的目的链路地址。在这种情况下,该节点就会首先利用邻居发现来获得
NS发送者的链路地址。(例如发送一个多播NS)
7.2.5. Receipt of Neighbor Advertisements
When a valid Neighbor Advertisement is received (either solicited or
unsolicited), the Neighbor Cache is searched for the target's entry.
If no entry exists, the advertisement SHOULD be silently discarded.
There is no need to create an entry if none exists, since the
recipient has apparently not initiated any communication with the
target.当接收到一个有效的NA(无论是请求式的还是非请求式的),都要查询目标地址对应的条目是否在邻居缓存中。如果对应
的条目不存在,则这个NA应该被丢弃。因为没有必要创建一个没有任何通信要求的条目(权衡空间与效率的结果)。
Once the appropriate Neighbor Cache entry has been located, the
specific actions taken depend on the state of the Neighbor Cache
entry, the flags in the advertisement and the actual link-layer
address supplied.
当找到了对应的邻居缓存条目的时候,需要采取的措施取决于邻居缓存条目的状态,NA中的标志,以及所提供的链路地址。
If the target's Neighbor Cache entry is in the INCOMPLETE state when
the advertisement is received, one of two things happens. If the
link layer has addresses and no Target Link-Layer address option is
included, the receiving node SHOULD silently discard the received
advertisement. Otherwise, the receiving node performs the following
steps:如果在接收到NA的时候,目标所对应的邻居缓存条目的状态是INCOMPLETE,会发生两个事件中的某一个。如果链路地址存在
并且没有目标链路地址选项,则接收者应该丢弃接收到的NA。否则,接收者应该按以下步骤:
- It records the link-layer address in the Neighbor Cache entry.
在邻居缓存条目中记录链路地址。
- If the advertisement's Solicited flag is set, the state of the
entry is set to REACHABLE, otherwise it is set to STALE.
如果NA的Solicited标志为1,则对应的条目状态应该设置为REACHABLE,否则应该被设置为STALE。
- It sets the IsRouter flag in the cache entry based on the Router
flag in the received advertisement.
按照接收到的NA中的Router标志来设置缓存中的IsRouter的值。
- It sends any packets queued for the neighbor awaiting address
resolution.
发送所有等待该地址解析的数据报。
Note that the Override flag is ignored if the entry is in the
INCOMPLETE state.
需要注意的是:当邻居缓存条目的状态为INCOMPLETE时,应该忽略掉NA中的Override标志。
If the target's Neighbor Cache entry is in any state other than
INCOMPLETE when the advertisement is received, processing becomes
quite a bit more complex. If the Override flag is clear and the
supplied link-layer address differs from that in the cache, then one
of two actions takes place: if the state of the entry is REACHABLE,
Narten, et. al. Standards Track [Page 62]
RFC 2461 Neighbor Discovery for IPv6 December 1998
set it to STALE, but do not update the entry in any other way;
otherwise, the received advertisement should be ignored and MUST NOT
update the cache. If the Override flag is set, both the Override
flag is clear and the supplied link-layer address is the same as that
in the cache, or no Target Link-layer address option was supplied,
the received advertisement MUST update the Neighbor Cache entry as
follows:当接收到NA的时候,目标对应的邻居缓存条目处在除了INCOMPLETE的其他状态,处理就变得复杂了。
如果NA的Override标志没有设置,并且选项中的链路地址与缓存中的地址不同,则会有两种情况:(1)如果
缓存条目的状态为REACHABLE,则设置其状态为STALE;(2)在其他情况下,应该忽略接收到的NA。如果NA中设置了
Override标志,而且在缓存中没有设置override标志,而且链路地址一致,或者没有链路地址选项,则必须使用
接收到的RA来更新邻居缓存条目,按照以下规则进行:
- The link-layer address in the Target Link-Layer Address option
MUST be inserted in the cache (if one is supplied and is different
than the already recorded address).如果目标链路地址选项存在,并且该地址值与缓存中对应值不相同,则
必须更新缓存中的值。
- If the Solicited flag is set, the state of the entry MUST be set
to REACHABLE. If the Solicited flag is zero and the link-layer
address was updated with a different address the state MUST be set
to STALE. Otherwise, the entry's state remains unchanged.
如果设置了Solicited标志,则对应的缓存条目的状态必须设置为Reachable。如果Solicited标志为0,并且链路地址
被不同的地址更新,则该缓存条目的状态必须被设置为STALE。否则,该条目的状态不变。
An advertisement's Solicited flag should only be set if the
advertisement is a response to a Neighbor Solicitation. Because
Neighbor Unreachability Detection Solicitations are sent to the
cached link-layer address, receipt of a solicited advertisement
indicates that the forward path is working. Receipt of an
unsolicited advertisement, however, suggests that a neighbor has
urgent information to announce (e.g., a changed link-layer
address). If the urgent information indicates a change from what
a node is currently using, the node should verify the reachability
of the (new) path when it sends the next packet. There is no need
to update the state for unsolicited advertisements that do not
change the contents of the cache.
只有在回应NS的时候,NA中的Solicited标志才应该被设置。这是因为邻居不可达检测的NS都被发送到存在缓存条目的地址,
接收到请求式的NA就表明路径能正常连通。而接收到非请求式的NA候,仅仅是一个邻居在宣告紧急信息(如链路地址变化)。
如果该紧急信息与某个节点通信相关,则这个节点在发送下一个数据报之前,应该确认新路径的可达性。没有必要根据不改变
缓存信息的非请求式NA来更新缓存条目的状态。
- The IsRouter flag in the cache entry MUST be set based on the
Router flag in the received advertisement. In those cases where
the IsRouter flag changes from TRUE to FALSE as a result of this
update, the node MUST remove that router from the Default Router
List and update the Destination Cache entries for all destinations
using that neighbor as a router as specified in Section 7.3.3.
This is needed to detect when a node that is used as a router
stops forwarding packets due to being configured as a host.
缓存中的IsRouter标志必须根据接收到的NA中的Router标志来设置。如果缓存中的IsRouter标志由True变为False,则节点必须从
默认缓存列表中删除掉对应的路由器条目,并且更新目的缓存中所有使用该路由器作为下一跳的条目。这发生在路由器停止转发
功能,并被配置为主机。
The above rules ensure that the cache is updated either when the
Neighbor Advertisement takes precedence (i.e., the Override flag is
set) or when the Neighbor Advertisement refers to the same link-layer
address that is currently recorded in the cache. If none of the
above apply, the advertisement prompts future Neighbor Unreachability
Detection (if it is not already in progress) by changing the state in
the cache entry.无论是在NA拥有优先权(如Override标志被设置了),或者NA中的链路地址已经在
缓存中存在的前提下,以上的规则保证缓存能够被更新。如果以上规则没有一项被采用,则NA会通过修改缓存条目状态来
触发邻居不可达检测。
Narten, et. al. Standards Track [Page 63]
RFC 2461 Neighbor Discovery for IPv6 December 1998
7.2.6. Sending Unsolicited Neighbor Advertisements
In some cases a node may be able to determine that its link-layer
address has changed (e.g., hot-swap of an interface card) and may
wish to inform its neighbors of the new link-layer address quickly.
In such cases a node MAY send up to MAX_NEIGHBOR_ADVERTISEMENT
unsolicited Neighbor Advertisement messages to the all-nodes
multicast address. These advertisements MUST be separated by at
least RetransTimer seconds.
在某些情况下,节点可能检测到自己的链路地址变化了(如接口的热插拔),
并且希望马上把新的链路地址告诉它的邻居。在这种情况下,节点可能会
发送 最多不超过MAX_NEIGHBOR_ADVERTISEMENT个非请求式NA给all-nodes多播组地址。
这些NA必须每隔至少RetransTimer的时间发送。
The Target Address field in the unsolicited advertisement is set to
an IP address of the interface, and the Target Link-Layer Address
option is filled with the new link-layer address. The Solicited flag
MUST be set to zero, in order to avoid confusing the Neighbor
Unreachability Detection algorithm. If the node is a router, it MUST
set the Router flag to one; otherwise it MUST set it to zero. The
Override flag MAY be set to either zero or one. In either case,
neighboring nodes will immediately change the state of their Neighbor
Cache entries for the Target Address to STALE, prompting them to
verify the path for reachability. If the Override flag is set to
one, neighboring nodes will install the new link-layer address in
their caches. Otherwise, they will ignore the new link-layer
address, choosing instead to probe the cached address.
在非请求式的NA中的目标地址就是接口的IP地址,而目标链路地址选项的值为新的链路地址。
为了防止与邻居不可达检测混淆,Solicited标志必须被设置为0。如果该节点为路由器,则
必须设置Router标志为1,否则,必须被设置为0。Override标志可能被设置为0或1,无论在哪种
情况下,收到NA的邻居都会马上改变目标地址对应的邻居缓存条目的状态为STALE,触发它们确认路径
的可达性。如果Override标志为1,则邻居节点会更新缓存中的链路地址,否则忽略新的链路地址。
A node that has multiple IP addresses assigned to an interface MAY
multicast a separate Neighbor Advertisement for each address. In
such a case the node SHOULD introduce a small delay between the
sending of each advertisement to reduce the probability of the
advertisements being lost due to congestion.
如果一个节点的某个接口有多个IP地址,则它可能为每个地址发送NA。在这种情况下,节点应该在每个NA
发送之间进行一些延迟,以便减少NA因为冲突而丢失的概率。
A proxy MAY multicast Neighbor Advertisements when its link-layer
address changes or when it is configured (by system management or
other mechanisms) to proxy for an address. If there are multiple
nodes that are providing proxy services for the same set of addresses
the proxies SHOULD provide a mechanism that prevents multiple proxies
from multicasting advertisements for any one address, in order to
reduce the risk of excessive multicast traffic.
当节点的链路地址改变的时候,或者它被配置成作为某个地址的代理的时候,它可能会进行多播NA。如果有多个
节点代理了同样的地址,这些代理应该提供一种防止多个代理为同一个地址多播NA,以便降低多播的消耗。
Also, a node belonging to an anycast address MAY multicast
unsolicited Neighbor Advertisements for the anycast address when the
node's link-layer address changes.
如果一个节点属于某个任意播组地址,当它的链路地址改变候,它可能降该任意播组地址多播非请求式的NA。
Note that because unsolicited Neighbor Advertisements do not reliably
update caches in all nodes (the advertisements might not be received
by all nodes), they should only be viewed as a performance
optimization to quickly update the caches in most neighbors. The
Neighbor Unreachability Detection algorithm ensures that all nodes
obtain a reachable link-layer address, though the delay may be
Narten, et. al. Standards Track [Page 64]
RFC 2461 Neighbor Discovery for IPv6 December 1998
slightly longer.
需要注意的是,非请求式的NA并不会可靠的更新所有节点的缓存(可能有的节点没有收到NA),所以非请求式的NA
应该仅仅被作为一种加快更新大多数邻居缓存的优化手段。而邻居不可达检测则保证所有节点获得一个可靠可达的
链路地址,即使它的延迟可能稍微长一点。
7.2.7. Anycast Neighbor Advertisements
From the perspective of Neighbor Discovery, anycast addresses are
treated just like unicast addresses in most cases. Because an
anycast address is syntactically the same as a unicast address, nodes
performing address resolution or Neighbor Unreachability Detection on
an anycast address treat it as if it were a unicast address. No
special processing takes place.
从ND的角度来看,任意播地址和单播地址在大多数情况下式作同样的对待。因为任意播地址
在语法上与单播地址是一致的,节点对任意播地址进行地址解析或者邻居不可达检测时把它看
成单播地址,没有特别的处理。
Nodes that have an anycast address assigned to an interface treat
them exactly the same as if they were unicast addresses with two
exceptions. First, Neighbor Advertisements sent in response to a
Neighbor Solicitation SHOULD be delayed by a random time between 0
and MAX_ANYCAST_DELAY_TIME to reduce the probability of network
congestion. Second, the Override flag in Neighbor Advertisements
SHOULD be set to 0, so that when multiple advertisements are
received, the first received advertisement is used rather than the
most recently received advertisement.
节点的某个接口有一个任意播地址地时候,它把这个地址看作单播地址。但有两种例外情况。
首先,NA回复NS应该延迟一段时间,这段时间是介于0到MAX_ANYCAST_DELAY_TIME的一个随机值。
第二,NA中的Override标志应该被置为0,这样在接收到多播NA后,的一个接收到的NA比最近收到的一个
NA有更大的优先权。
As with unicast addresses, Neighbor Unreachability Detection ensures
that a node quickly detects when the current binding for an anycast
address becomes invalid.至于单播地址,邻居不可达检测保证节点能很快的检测到任意播地址的失效。
7.2.8. Proxy Neighbor Advertisements
Under limited circumstances, a router MAY proxy for one or more other
nodes, that is, through Neighbor Advertisements indicate that it is
willing to accept packets not explicitly addressed to itself. For
example, a router might accept packets on behalf of a mobile node
that has moved off-link. The mechanisms used by proxy are identical
to the mechanisms used with anycast addresses.
在条件有限的环境中,路由器可能作为一个或多个节点的代理,这就是说,它可能接收目的不是它
本身的NA。例如,路由器可能为一个已经off-link的移动节点接收数据报。代理的这种机制与任意播
地址的机制是一样的。
A proxy MUST join the solicited-node multicast address(es) that
correspond to the IP address(es) assigned to the node for which it is
proxying.代理必须加入被代理节点所属的请求节点多播组。
All solicited proxy Neighbor Advertisement messages MUST have the
Override flag set to zero. This ensures that if the node itself is
present on the link its Neighbor Advertisement (with the Override
flag set to one) will take precedence of any advertisement received
from a proxy. A proxy MAY send unsolicited advertisements with the
Override flag set to one as specified in Section 7.2.6, but doing so
may cause the proxy advertisement to override a valid entry created
by the node itself.所有请求式的代理NA都必须把Override标志设置为0。这能保证在被代理节点在on-link
状态的时候,它所发出的NA(Override标志为1)的优先权大于代理发出的NA。代理可能发出Override标志置
为1的非请求式NA,但这样做的话,可能导致代理的NA会覆盖掉被代理节点自己的一个有效的缓存条目。
Narten, et. al. Standards Track [Page 65]
RFC 2461 Neighbor Discovery for IPv6 December 1998
Finally, when sending a proxy advertisement in response to a Neighbor
Solicitation, the sender should delay its response by a random time
between 0 and MAX_ANYCAST_DELAY_TIME seconds.
最后,当发送代理NA回复NS的时候,发送者应该延迟它的回复,延迟时间是0到
MAX_ANYCAST_DELAY_TIME之间的一个随机值。
7.3. Neighbor Unreachability Detection
Communication to or through a neighbor may fail for numerous reasons
at any time, including hardware failure, hot-swap of an interface
card, etc. If the destination has failed, no recovery is possible
and communication fails. On the other hand, if it is the path that
has failed, recovery may be possible. Thus, a node actively tracks
the reachability "state" for the neighbors to which it is sending
packets.
在任何时间可能因为无数种原因,两个主机间的通信都可能失败。
Neighbor Unreachability Detection is used for all paths between hosts
and neighboring nodes, including host-to-host, host-to-router, and
router-to-host communication. Neighbor Unreachability Detection may
also be used between routers, but is not required if an equivalent
mechanism is available, for example, as part of the routing
protocols.
邻居不可达检测可以用来检测主机(路由器)之间的路径是否通畅。邻居不可达检测也可能用在
路由器之间,但如果有类似的路由器协议来提供这样的功能,则不要求邻居不可达对路由器之间的
通路进行检测。
When a path to a neighbor appears to be failing, the specific
recovery procedure depends on how the neighbor is being used. If the
neighbor is the ultimate destination, for example, address resolution
should be performed again. If the neighbor is a router, however,
attempting to switch to another router would be appropriate. The
specific recovery that takes place is covered under next-hop
determination; Neighbor Unreachability Detection signals the need for
next-hop determination by deleting a Neighbor Cache entry.
当到达一个邻居的路径失败的时候,特定的恢复处理依赖邻居如何被使用。如果邻居是最终的目的地,
则还应该再进行地址解析。如果邻居是路由器,则应该试图寻找另外一个路由器更合适。这种特定的
恢复机制发生在确定下一跳之后。邻居不可达删除邻居缓存条目来触发决定下一跳处理。
Neighbor Unreachability Detection is performed only for neighbors to
which unicast packets are sent; it is not used when sending to
multicast addresses.
邻居不可达检测仅用在发送单播数据报到邻居的时候;不能用在发送多播数据报的情况下。
7.3.1. Reachability Confirmation
A neighbor is considered reachable if the node has recently received
a confirmation that packets sent recently to the neighbor were
received by its IP layer. Positive confirmation can be gathered in
two ways: hints from upper layer protocols that indicate a connection
is making "forward progress", or receipt of a Neighbor Advertisement
message that is a response to a Neighbor Solicitation message.
如果一个节点最近接收到一个确认,这个确认是节点发送数据到邻居后,该邻居用自己的IP地址
进行回复的,则这个邻居被认为可达。有效的确认能通过两种方式得到:通过上层协议的线索来
指示某个连接正在进行数据传输;或者收到一个回复NS的NA。
A connection makes "forward progress" if the packets received from a
remote peer can only be arriving if recent packets sent to that peer
are actually reaching it. In TCP, for example, receipt of a (new)
acknowledgement indicates that previously sent data reached the peer.
Likewise, the arrival of new (non-duplicate) data indicates that
Narten, et. al. Standards Track [Page 66]
RFC 2461 Neighbor Discovery for IPv6 December 1998
earlier acknowledgements are being delivered to the remote peer. If
packets are reaching the peer, they must also be reaching the
sender's next-hop neighbor; thus "forward progress" is a confirmation
that the next-hop neighbor is reachable. For off-link destinations,
forward progress implies that the first-hop router is reachable.
When available, this upper-layer information SHOULD be used.
只有在最近发往某个远程节点的报文到达目的地后,才能接收到该远程节点发回的数据报,表明这两个节点
之间的连接处于forward progress。例如,在TCP中,接收到了一个新的确认指示之前发送的数据已经正确到
达目的地。同样地,新数据的到达也指示之前发送的确认已经正确到达了目的地。如果报文能正确到达目的地,
则它肯定 能正确到达发送者的下一跳邻居;因此,forward progress是一种确认手段,表明下一跳邻居是可达的。
对于off-link目的地,forward progress暗示第一跳路由器是可达的。当可靠的时候,上层协议的信息应该被使用。
In some cases (e.g., UDP-based protocols and routers forwarding
packets to hosts) such reachability information may not be readily
available from upper-layer protocols. When no hints are available
and a node is sending packets to a neighbor, the node actively probes
the neighbor using unicast Neighbor Solicitation messages to verify
that the forward path is still working.
在很多情况下(如基于UDP的协议、路由器向主机转发报文),这样的上层协议的可达性信息可能不是很充分。当没有可靠性
暗示的时候,节点向邻居发送报文,则它首先会使用单播邻居不可达检测来确认转发路径的可达性。
The receipt of a solicited Neighbor Advertisement serves as
reachability confirmation, since advertisements with the Solicited
flag set to one are sent only in response to a Neighbor Solicitation.
Receipt of other Neighbor Discovery messages such as Router
Advertisements and Neighbor Advertisement with the Solicited flag set
to zero MUST NOT be treated as a reachability confirmation. Receipt
of unsolicited messages only confirm the one-way path from the sender
to the recipient node. In contrast, Neighbor Unreachability
Detection requires that a node keep track of the reachability of the
forward path to a neighbor from the its perspective, not the
neighbor's perspective. Note that receipt of a solicited
advertisement indicates that a path is working in both directions.
The solicitation must have reached the neighbor, prompting it to
generate an advertisement. Likewise, receipt of an advertisement
indicates that the path from the sender to the recipient is working.
However, the latter fact is known only to the recipient; the
advertisement's sender has no direct way of knowing that the
advertisement it sent actually reached a neighbor. From the
perspective of Neighbor Unreachability Detection, only the
reachability of the forward path is of interest.
接收到请求式的NA可以作为可达性的确认,只要NA的Solicited标志被置为1。接收到其他的ND信息,比如RA和Solicited标志被置
为0的NA一定不能被认为是一种可达性的确认。接收到非请求式的信息只能够确认从发送者到接受者的单向路径是可达的。相对而言,
主机不可达检测要求一个节点保持跟踪从它自己到邻居的单向路径的可达性。需要注意的是,接收到请求式的宣告指示双向的路径都是
可达的。因为与该宣告对应的请求肯定到达了目的地,然后才能触发该目的主机发出对应的宣告。同样的,接收到宣告表明从发送者到
接收者的路径是可达的,但是,这种可达性只有接收到宣告的主机知道,而发送该宣告的主机无从得知该宣告是否正确到达目的地。
从邻居不可达检测的角度看,主机只关心自己到目的地的路径是否可达。
7.3.2. Neighbor Cache Entry States
A Neighbor Cache entry can be in one of five states:
INCOMPLETE Address resolution is being performed on the entry.
Specifically, a Neighbor Solicitation has been sent to
the solicited-node multicast address of the target,
but the corresponding Neighbor Advertisement has not
yet been received.
REACHABLE Positive confirmation was received within the last
ReachableTime milliseconds that the forward path to
the neighbor was functioning properly. While
Narten, et. al. Standards Track [Page 67]
RFC 2461 Neighbor Discovery for IPv6 December 1998
REACHABLE, no special action takes place as packets
are sent.
STALE More than ReachableTime milliseconds have elapsed
since the last positive confirmation was received that
the forward path was functioning properly. While
stale, no action takes place until a packet is sent.
The STALE state is entered upon receiving an
unsolicited Neighbor Discovery message that updates
the cached link-layer address. Receipt of such a
message does not confirm reachability, and entering
the STALE state insures reachability is verified
quickly if the entry is actually being used. However,
reachability is not actually verified until the entry
is actually used.
DELAY More than ReachableTime milliseconds have elapsed
since the last positive confirmation was received that
the forward path was functioning properly, and a
packet was sent within the last DELAY_FIRST_PROBE_TIME
seconds. If no reachability confirmation is received
within DELAY_FIRST_PROBE_TIME seconds of entering the
DELAY state, send a Neighbor Solicitation and change
the state to PROBE.可以发送数据?
The DELAY state is an optimization that gives upper-
layer protocols additional time to provide
reachability confirmation in those cases where
ReachableTime milliseconds have passed since the last
confirmation due to lack of recent traffic. Without
this optimization the opening of a TCP connection
after a traffic lull would initiate probes even though
the subsequent three-way handshake would provide a
reachability confirmation almost immediately.
PROBE A reachability confirmation is actively sought by
retransmitting Neighbor Solicitations every
RetransTimer milliseconds until a reachability
confirmation is received.
7.3.3. Node Behavior
Neighbor Unreachability Detection operates in parallel with the
sending of packets to a neighbor. While reasserting a neighbor's
reachability, a node continues sending packets to that neighbor using
the cached link-layer address. If no traffic is sent to a neighbor,
no probes are sent.
邻居不可达检测和发送数据报到目的节点是同步进行的。当需要重新确认某个邻居是否可达的时候,
节点使用缓存中的链路地址来连续的发送数据报到这个邻居。
Narten, et. al. Standards Track [Page 68]
RFC 2461 Neighbor Discovery for IPv6 December 1998
When a node needs to perform address resolution on a neighboring
address, it creates an entry in the INCOMPLETE state and initiates
address resolution as specified in Section 7.2. If address
resolution fails, the entry SHOULD be deleted, so that subsequent
traffic to that neighbor invokes the next-hop determination procedure
again. Invoking next-hop determination at this point insures that
alternate default routers are tried.
当一个节点需要对某个邻居进行地址解析的时候,它首先会创建一个缓存条目,设置该条目的状态为
INCOMPLETE,然后开始地址解析。如果地址解析失败,则应该删除这个条目,然后如果再向该邻居发送
数据报,则触发下一跳选择的处理过程。调用下一跳选择的处理过程应确保冗余默认路由器能够被尝试。
When a reachability confirmation is received (either through upper-
layer advice or a solicited Neighbor Advertisement) an entry's state
changes to REACHABLE. The one exception is that upper-layer advice
has no effect on entries in the INCOMPLETE state (e.g., for which no
link-layer address is cached).当接收到一个可达性确认后(通过上层协议的信息,或者收到请求式的宣告),
对应的缓存条目的状态改变为REACHABLE。有一个例外,就是上层协议的信息不会对处于INCOMPLETE状态的缓存条目
有任何影响(例如链路地址不在缓存中)。
When ReachableTime milliseconds have passed since receipt of the last
reachability confirmation for a neighbor, the Neighbor Cache entry's
state changes from REACHABLE to STALE.
当接收到最后一个到某邻居的可达性确认时,计时器已经超过了ReachableTime所指定的时间后,该邻居所对应的缓存条目
的状态由REACHABLE变为STALE。
Note: An implementation may actually defer changing the state from
REACHABLE to STALE until a packet is sent to the neighbor, i.e.,
there need not be an explicit timeout event associated with the
expiration of ReachableTime.
注意:可能有种实现就是,不将该邻居缓存的状态由REACHABLE改为STALE,直到发送数据报到这个邻居。
The first time a node sends a packet to a neighbor whose entry is
STALE, the sender changes the state to DELAY and a sets a timer to
expire in DELAY_FIRST_PROBE_TIME seconds. If the entry is still in
the DELAY state when the timer expires, the entry's state changes to
PROBE. If reachability confirmation is received, the entry's state
changes to REACHABLE.
当节点第一次向一个邻居发送数据报,并且该邻居对应的缓存条目的状态为STALE的时候,发送者将其状态改变为DELAY。然后
创建一个超时时间为DELAY_FIRST_PROBE_TIME的计时器。如果计时器已经超时,而该条目仍处于DELAY状态,则将该状态改变为
PROBE。如果收到可达性确认,则状态改变为REACHABLE。
Upon entering the PROBE state, a node sends a unicast Neighbor
Solicitation message to the neighbor using the cached link-layer
address. While in the PROBE state, a node retransmits Neighbor
Solicitation messages every RetransTimer milliseconds until
reachability confirmation is obtained. Probes are retransmitted even
if no additional packets are sent to the neighbor. If no response is
received after waiting RetransTimer milliseconds after sending the
MAX_UNICAST_SOLICIT solicitations, retransmissions cease and the
entry SHOULD be deleted. Subsequent traffic to that neighbor will
recreate the entry and performs address resolution again.
在进入PROBE状态的时候,节点使用缓存中的链路地址发送单播NS信息到该邻居。在PROBE状态,节点每隔RetransTimer发送一个NS,
直到收到可达性确认。探测信息会被重传,即使已经没有发送到该邻居的数据报。如果在发送完MAX_UNICAST_SOLICT个NS后,再等待了
RetransTimer指定的时间,仍然没有收到确认,重传停止,并且对应的缓存条目应该被删除。接下来如果再和该邻居通信,则会重新创建
对应的条目,并开始地址解析。
Note that all Neighbor Solicitations are rate-limited on a per-
neighbor basis. A node MUST NOT send Neighbor Solicitations to the
same neighbor more frequently than once every RetransTimer
milliseconds.
注意所有的NS发送的频率限制都是对于每一个邻居而言的。节点一定不能向某个邻居发送NS的频率超过每RetransTimer发一个。
Narten, et. al. Standards Track [Page 69]
RFC 2461 Neighbor Discovery for IPv6 December 1998
A Neighbor Cache entry enters the STALE state when created as a
result of receiving packets other than solicited Neighbor
Advertisements (i.e., Router Solicitations, Router Advertisements,
Redirects, and Neighbor Solicitations). These packets contain the
link-layer address of either the sender or, in the case of Redirect,
the redirection target. However, receipt of these link-layer
addresses does not confirm reachability of the forward-direction path
to that node. Placing a newly created Neighbor Cache entry for which
the link-layer address is known in the STALE state provides assurance
that path failures are detected quickly. In addition, should a
cached link-layer address be modified due to receiving one of the
above messages the state SHOULD also be set to STALE to provide
prompt verification that the path to the new link-layer address is
working.
当接收到一个报文,而不是请求式的NA的时候(如RS,RA,NS,Redirect),创建邻居缓存条目并进入STALE状态。
这些数据报包含了链路地址,要么是发送者,要么是重定向的目标(重定向报文)的地址。但是,接收到这些
链路地址并不能确认可达性。为已知的链路地址创建一个新的处于STALE状态的邻居缓存条目,能够保证路径失败
能够被快速的检测到。另外,
To properly detect the case where a router switches from being a
router to being a host (e.g., if its IP forwarding capability is
turned off by system management), a node MUST compare the Router flag
field in all received Neighbor Advertisement messages with the
IsRouter flag recorded in the Neighbor Cache entry. When a node
detects that a neighbor has changed from being a router to being a
host, the node MUST remove that router from the Default Router List
and update the Destination Cache as described in Section 6.3.5. Note
that a router may not be listed in the Default Router List, even
though a Destination Cache entry is using it (e.g., a host was
redirected to it). In such cases, all Destination Cache entries that
reference the (former) router must perform next-hop determination
again before using the entry.
为了正确检测到路由器变成主机的这种情况,节点一定要比较所有接收到的NA中的Router标志和邻居缓存中的IsRouter
标志的值。当节点检测到邻居由路由器变为主机的时候,该节点一定要从默认路由器列表中删除该路由器,并更新目的缓存中
所有以该路由器为下一跳的条目。需要注意的是,路由器有可能不会出现再默认路由器列表中,即使目的缓存列表正在使用它
(如主机被重定向到它)。在这种情况下,所有与该路由器关联的目的缓存条目都一定在使用这些条目之前进行下一跳的重新确认。
In some cases, link-specific information may indicate that a path to
a neighbor has failed (e.g., the resetting of a virtual circuit). In
such cases, link-specific information may be used to purge Neighbor
Cache entries before the Neighbor Unreachability Detection would do
so. However, link-specific information MUST NOT be used to confirm
the reachability of a neighbor; such information does not provide
end-to-end confirmation between neighboring IP layers.
在很多情况下,链路层上的信息可能指示到某一个邻居的路径失败(如虚电路的重设)。这个时候,可以在进行邻居不可达检测之前,
利用link-specific信息可能被用来更新邻居缓存条目。但是,link-specific信息一定不能被用来确认邻居的可达性。link-specific
信息不能提供end-to-end的IP层确认。
2613
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
