Appendix C. State Machine for the Reachability State
This appendix provides a state machine diagram and detailed explanation of the Neighbor Cache reachability states defined in this specification.
C.1. Overview
The Neighbor Cache entry for a neighbor transitions through several states as the node learns about and verifies the neighbor's reachability. These states are:
- INCOMPLETE: Address resolution is in progress
- REACHABLE: Forward and return paths are working
- STALE: Information is outdated but usable
- DELAY: Waiting to verify reachability
- PROBE: Actively probing for reachability
C.2. State Transition Diagram
INCOMPLETE
|
| Address resolved
v
REACHABLE
|
| Reachability timeout
v
STALE
|
| Traffic sent
v
DELAY
|
| Probe timer expires
v
PROBE
|
+------------+------------+
| |
Reachability confirmed Max retries reached
| |
v v
REACHABLE (deleted)
C.3. State Descriptions
C.3.1. INCOMPLETE State
Entry Conditions:
- A Neighbor Cache entry is created when address resolution is needed
- No link-layer address is known yet
Actions:
- Send multicast Neighbor Solicitation
- Start retransmit timer
- Queue packets pending address resolution
Exit Conditions:
- To REACHABLE: Neighbor Advertisement received with link-layer address
- To (deleted): Max retransmissions reached without response
Timers:
- Retransmit timer: RETRANS_TIMER (typically 1000ms)
- Max retries: MAX_MULTICAST_SOLICIT (typically 3)
C.3.2. REACHABLE State
Entry Conditions:
- Address resolution successfully completed, OR
- Reachability confirmation received (solicited Neighbor Advertisement, upper-layer confirmation)
Actions:
- Normal packet forwarding
- No probing needed
- Traffic flows normally
Exit Conditions:
- To STALE: ReachableTime expires without reachability confirmation
Timers:
- ReachableTime: Randomized value based on BaseReachableTime (typically 15-45 seconds)
C.3.3. STALE State
Entry Conditions:
- ReachableTime expired in REACHABLE state, OR
- Unsolicited Neighbor Advertisement received updating link-layer address, OR
- Entry created by received Neighbor Discovery message (not solicited NA)
Actions:
- Use cached link-layer address
- Do not send probes
- Consider information as potentially out-of-date
Exit Conditions:
- To DELAY: Upper-layer protocols send traffic to this neighbor
- To REACHABLE: Solicited Neighbor Advertisement received confirming reachability
Timers:
- None (can remain in STALE indefinitely)
C.3.4. DELAY State
Entry Conditions:
- Traffic sent to a neighbor in STALE state
Actions:
- Wait for upper-layer reachability confirmation
- Do not send probes yet (give upper layers time to confirm)
- Continue using cached link-layer address
Exit Conditions:
- To REACHABLE: Reachability confirmed by upper-layer protocol
- To PROBE: Delay timer expires without reachability confirmation
Timers:
- Delay timer: DELAY_FIRST_PROBE_TIME (typically 5 seconds)
C.3.5. PROBE State
Entry Conditions:
- Delay timer expired in DELAY state without reachability confirmation
Actions:
- Send unicast Neighbor Solicitation probes
- Continue using cached link-layer address
- Retransmit probes if no response
Exit Conditions:
- To REACHABLE: Solicited Neighbor Advertisement received
- To (deleted): Max unicast solicitations sent without response
Timers:
- Retransmit timer: RETRANS_TIMER (typically 1000ms)
- Max retries: MAX_UNICAST_SOLICIT (typically 3)
C.4. Events and Triggers
C.4.1. Reachability Confirmations
Reachability is confirmed by:
- Receipt of a solicited Neighbor Advertisement
- Upper-layer protocol indication (e.g., TCP ACK)
- Receipt of an Neighbor Discovery message with the Solicited flag set
C.4.2. Link-Layer Address Changes
When a Neighbor Advertisement updates the link-layer address:
- If Override flag is set: Update address, move to STALE
- If Override flag is clear and addresses differ: Move to STALE, do not update
- If Override flag is clear and addresses match: No state change
C.4.3. Timeout Events
- ReachableTime expiry in REACHABLE: Move to STALE
- DELAY_FIRST_PROBE_TIME expiry in DELAY: Move to PROBE
- Retransmit timer in INCOMPLETE/PROBE: Retransmit or delete
C.5. Implementation Considerations
C.5.1. State Tracking
Implementations SHOULD track:
- Current state
- Link-layer address (if known)
- IsRouter flag
- Pending packets queue (for INCOMPLETE)
- Retransmission count
- Applicable timers
C.5.2. Upper-Layer Hints
Upper-layer protocols can provide hints about reachability:
- Positive hints: Connection establishment, data acknowledgment
- Negative hints: Connection failures, timeouts
These hints can trigger state transitions or expedite probing.
C.5.3. Performance Optimizations
Optimistic DAD (RFC 4429):
- Allow address use before DAD completes
- Transition to REACHABLE faster in some scenarios
Fast Recovery:
- Prioritize reachability checks for actively used neighbors
- Use parallel probing for critical neighbors
C.5.4. Security Considerations
State transitions should be protected:
- Validate source addresses of Neighbor Discovery messages
- Use SEND (RFC 3971) for cryptographic protection
- Rate-limit state transitions to prevent DoS attacks
C.6. Example Scenarios
C.6.1. Successful Address Resolution
- Create entry in INCOMPLETE state
- Send Neighbor Solicitation
- Receive Neighbor Advertisement → REACHABLE
- After ReachableTime → STALE
- Send traffic → DELAY
- Upper-layer confirms reachability → REACHABLE
C.6.2. Neighbor Becomes Unreachable
- Entry in REACHABLE state
- ReachableTime expires → STALE
- Send traffic → DELAY
- No reachability confirmation → PROBE
- Send unicast probes (×3)
- No response → Delete entry
C.6.3. Link-Layer Address Changes
- Entry in REACHABLE/STALE state
- Receive unsolicited NA with new address, Override=1
- Update address → STALE
- Future traffic triggers verification
Note: This state machine is designed to balance prompt detection of unreachable neighbors with minimal overhead for stable, reachable neighbors.