📄 draft-jou-duplicate-ip-address-02.txt
字号:
A gratuitous ARP packet on an Ethernet is defined as 48.bit Destination Address = 0xffffffffffff (broadcast) 48.bit Source Address = Hardware address of interface 16.bit Frame type = 0x806 (ARP) ---------------------- 16.bit Hardware type = 0x1 (Ethernet) 16.bit Protocol Type = 0x800 (IP) 8.bit Hardware Address size = 6 8.bit Protocol Address size = 4 16.bit Opcode = 1 (Request) 48.bit Sender Ethernet Address = Hardware address of interface 32.bit Sender IP Address = Configured IP address 48.bit Target Ethernet Address = Don't care 32.bit Target IP Address = Configured IP Address (2) If a host receives an ARP request packet in which the target IP address and the sender IP address fields are the same and it matches the address of the receiving interface, it implies IP address duplication happens. The host MUST send a link-layer broadcast ARP reply as defined below. The host SHOULD report, log, and/or display warning messages to indicate the detection of IP address duplication.Jou [Page 4]
INTERNET_DRAFT Duplicate IP Address Detection February, 1999 48.bit Destination Address = 0xffffffffffff (broadcast) 48.bit Source Address = Hardware address of interface 16.bit Frame type = 0x806 (ARP) ---------------------- 16.bit Hardware type = 0x1 (Ethernet) 16.bit Protocol Type = 0x800 (IP) 8.bit Hardware Address size = 6 8.bit Protocol Address size = 4 16.bit Opcode = 2 (Reply) 48.bit Sender Ethernet Address = Hardware address of interface 32.bit Sender IP Address = Local IP address 48.bit Target Ethernet Address = Sender Addr in Request packet 32.bit Target IP Address = Local IP Address (3) Within a small time period after a host sends a gratuitous ARP packet, if the host receives an ARP reply with both sender IP address and the target IP address fields match the address of the receiving interface, it MUST stop using this address. If this is the only address of the interface, the interface MUST be turned down. If there are multiple IP addresses assigned to the interface, the implementation can choose to only remove the affected address and keep the interface operating with other assigned addresses. The host SHOULD report, log, and/or display messages to indicate the error. If such a reply packet is received outside the time period, the host SHOULD only report, log, and/or display messages, but keep operating with the address.4. Backwards Compatibility The hosts with this solution implemented can coexist with other hosts that do not have it implemented. The implementation is trivial and the overhead is very limited. Since one of the primary functions to fully solve the problem is that the second host stops using the duplicate IP address, the problem addressed here cannot be completely avoided unless all hosts on the network follow this document. However, because many existing TCP/IP implementations generate gratuitous ARP packet, as well as error reporting when duplication occurs, running hosts with this solution implemented can increase the chance of catching the error at earlier stage and reduce the possible damage made by an error.5. Security Considerations The proposed solution can decrease the impact when a user, either fraudulently or simply by mistake, configures a host with an existing IP address on the LAN. Nevertheless, the proposed solution is mainly designed to prevent configuration errors, not for malicious attacks. If a hacker can fabricate and transmit ARP packets on a LAN, these packets can easily confuse all hosts on the LAN and to sabotage anyJou [Page 5]
INTERNET_DRAFT Duplicate IP Address Detection February, 1999 network operations. Preventing malicious attacks within a LAN is sophisticated, and is out of the scope of this document. A new security concern introduced by the proposed scheme is by having a requirement to disable an interface when a suitable ARP reply is seen. To limit the vulnerability from attacks and network errors, as described in Step (3) of the solution, this disabling SHOULD only happen if the reply is received within some time period of sending out a gratuitous ARP request. A RECOMMENDED default period is 3 seconds, which is long enough to cover normal operations. 6. Reference [1] Plummer, D., "An Ethernet Address Resolution Protocol", STD 37, RFC 826, MIT, November 1982.7. Author's Address Tyan-Shu Jou Torrent Networking Technologies Corporation 3000 Aerial Center Parkway Suite 140 Morrisville, NC 27560 U.S.A. Phone: (919) 468-8466 x233 Email: tsjou@torrentnet.com8. Full Copyright Statement Copyright (C) The Internet Society (1999). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.Jou [Page 6]
INTERNET_DRAFT Duplicate IP Address Detection February, 1999 This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."Jou [Page 7]⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -