idnits 2.17.1 draft-ietf-6man-addr-select-considerations-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC5220], [RFC6724]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (April 01, 2013) is 4040 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'I-D.ietf-mif-dhcpv6-route-option' is defined on line 765, but no explicit reference was found in the text -- Obsolete informational reference (is this intentional?): RFC 3484 (Obsoleted by RFC 6724) -- Obsolete informational reference (is this intentional?): RFC 3315 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 3736 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 4242 (Obsoleted by RFC 8415) == Outdated reference: A later version (-13) exists of draft-ietf-6man-addr-select-opt-08 -- No information found for draft-ietf-mif-dhcpv6 - is the name correct? Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IPv6 Maintenance T.J. Chown, Ed. 3 Internet-Draft University of Southampton 4 Intended status: Informational A.M. Matsumoto, Ed. 5 Expires: October 03, 2013 NTT 6 April 01, 2013 8 Considerations for IPv6 Address Selection Policy Changes 9 draft-ietf-6man-addr-select-considerations-05 11 Abstract 13 This ducument is intended to capture the address selection design 14 team's considerations about the address selection issues mainly 15 raised in [RFC5220]. This considerations led to the revision of RFC 16 3484 [RFC6724], and Address Selection DHCP option. Although it does 17 not perfectly match the current state, this document captures the 18 past discussion and considerations for the historical record. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on October 03, 2013. 37 Copyright Notice 39 Copyright (c) 2013 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 This document may contain material from IETF Documents or IETF 53 Contributions published or made publicly available before November 54 10, 2008. The person(s) controlling the copyright in some of this 55 material may not have granted the IETF Trust the right to allow 56 modifications of such material outside the IETF Standards Process. 57 Without obtaining an adequate license from the person(s) controlling 58 the copyright in such materials, this document may not be modified 59 outside the IETF Standards Process, and derivative works of it may 60 not be created outside the IETF Standards Process, except to format 61 it for publication as an RFC or to translate it into languages other 62 than English. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 67 2. Issues to Consider . . . . . . . . . . . . . . . . . . . . . 3 68 3. Other Related Work . . . . . . . . . . . . . . . . . . . . . 4 69 4. Drivers for Policy Changes . . . . . . . . . . . . . . . . . 4 70 4.1. Internal vs External Triggers . . . . . . . . . . . . . . 6 71 4.2. Administratively Triggered Changes . . . . . . . . . . . 6 72 4.3. Start-up vs Running Changes . . . . . . . . . . . . . . . 7 73 4.4. Nomadic Nodes . . . . . . . . . . . . . . . . . . . . . . 7 74 4.5. Multiple Interface Nodes . . . . . . . . . . . . . . . . 8 75 5. How Dynamic? . . . . . . . . . . . . . . . . . . . . . . . . 9 76 6. Considerations when Obtaining Policy . . . . . . . . . . . . 10 77 6.1. Changes in Available Address(es) . . . . . . . . . . . . 10 78 6.2. Timeliness . . . . . . . . . . . . . . . . . . . . . . . 10 79 7. Solution Space . . . . . . . . . . . . . . . . . . . . . . . 10 80 7.1. Is default policy used? . . . . . . . . . . . . . . . . . 11 81 7.2. Pull model . . . . . . . . . . . . . . . . . . . . . . . 11 82 7.3. Push model . . . . . . . . . . . . . . . . . . . . . . . 11 83 7.4. Routing Hints . . . . . . . . . . . . . . . . . . . . . . 12 84 7.5. Policy Conflicts . . . . . . . . . . . . . . . . . . . . 12 85 7.6. Policy Merging . . . . . . . . . . . . . . . . . . . . . 13 86 8. On RFC3484 Default Policies . . . . . . . . . . . . . . . . . 14 87 9. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 14 88 10. Security Considerations . . . . . . . . . . . . . . . . . . . 16 89 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 90 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16 91 13. Informative References . . . . . . . . . . . . . . . . . . . 16 92 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 94 1. Introduction 95 This ducument is intended to capture the past discussions and 96 considerations about the address selection issues mainly raised in 97 [RFC5220]. This considerations led to the revision of RFC 3484 98 [RFC6724], and Address Selection DHCP option 99 [I-D.ietf-6man-addr-select-opt]. Although it does not necessarily 100 match the current state, this document captures the past discussion 101 and considerations for the historical record. 103 Where the source and/or destination node of an IPv6 communication is 104 multi-addressed, a mechanism is required for the initiating node to 105 select the most appropriate address pair for the communication. RFC 106 3484 (IPv6 Default Address Selection) [RFC3484] defines such a 107 mechanism for nodes to perform source and destination address 108 selection. While RFC 3484 recognised the need for implementations to 109 be able to change the policy table, it did not define how this could 110 be achieved. Requirements have now emerged for administrators to be 111 able to configure and potentially dynamically change RFC 3484 policy 112 from a central control point, and for (nomadic) hosts to be able to 113 obtain the policy for the network that they are currently attached to 114 without manual user intervention. This text discusses considerations 115 for such policy changes, including examples of cases where a change 116 of policy is required, and the likely frequency of such policy 117 changes. This text also includes some discussion on the need to also 118 update RFC 3484, where default policies are currently defined. 120 There have been various operational issues observed with Default 121 Address Selection for IPv6 (RFC 3484) [RFC3484], as described in RFC 122 5220 [RFC5220]. As as a result, there has been some demand for hosts 123 to be able to have their policy tables, and potentially the rules 124 described in RFC 3484, modified dynamically. Such changes may apply 125 to 'static' hosts in a network where policies or topologies change, 126 or different default policy to that described in RFC 3484 is 127 required, or for nomadic hosts within a network for which policies 128 may vary depending on their location within the network. 130 2. Issues to Consider 132 There are a number of aspects to consider in the context of such 133 address selection policy updates. 135 First is the frequency for which such updates are likely to be 136 required; this can be determined largely from identifying the 137 scenarios in which policy changes will be required. This may include 138 overriding default operating system policies on startup, as well as 139 changes while a system is running. We discuss this topic in 140 Section 4. 142 Second, by understanding how dynamic the policy update mechanism 143 needs to be we should be better placed to determine what types of 144 update approaches best meet those needs. There may be other 145 considerations of course, e.g. whether the systems are in managed or 146 unmanaged environments, and whether the solution should be proactive 147 or automated. Section 5 covers these issues. 149 Third, if we assume some policy update mechanism is defined we should 150 consider how hosts and systems may become aware that a policy change 151 has happened, and how policy can be disseminated in a timely fashion. 152 Thus we need to understand what kind of triggers can be identified 153 that can be used for invoking the policy table update mechanism, e.g. 154 address re-obtainment, address lifetime expiration, or perhaps policy 155 lifetime expiration. We also need to consider what other factors may 156 come into play, e.g. potential policy conflicts. This is discussed 157 in Section 6. 159 After analysing these issues, we can make some initial comments 160 regarding the potential solution spaces, and what models may be well 161 suited, e.g. push vs pull models, and what other methods might 162 assist us, e.g. hints from local routing tables. This is covered in 163 Section 7. 165 Finally, we should assess whether these update solutions require or 166 need RFC 3484 to be updated. In some instances, we might envision 167 solutions that simply use RFC 3484 as guidelines and provide 168 sufficient controls to address the current limitations in the RFC. 169 However, as noted in RFC 5220 [RFC5220], not all the operational 170 issues observed to date can be remedied by updating RFC 3484 alone. 172 3. Other Related Work 174 We note that there is some existing work in defining Requirements for 175 Address Selection Mechanisms [RFC5221], and some initial work has 176 been done in the solution space (for a DHCP-based method) 177 [I-D.ietf-6man-addr-select-opt], but these are not discussed here. 178 While RFC 5221 assumes that a dynamic policy update mechanism of some 179 form is available, this draft is primarily aimed at understanding the 180 scenarios and triggers for policy changes, to better inform future 181 detailed solution discussions. 183 A draft discussing methods for multihoming without IPv6 NAT 184 [I-D.ietf-v6ops-multihoming-without-nat66] has been published 185 recently. This draft includes a requirement for a method to 186 distribute address selection policy to support IPv6 multihoming. 188 4. Drivers for Policy Changes 189 If we wish to determine how frequent address selection policy changes 190 are likely to be, we need to understand why such policies might need 191 to be changed, for particular sites or networks. 193 One reference text for potential drivers for policy change is RFC 194 5220, in which operational issues with the existing policies 195 described in RFC 3484 are listed. Each subsection of this document 196 gives a reason why the existing rules or policy tables in RFC 3484 197 may not be sufficient in certain cases. There have been some 198 significant changes to IPv6 since RFC 3484 was drafted which have 199 impacted the RFC, e.g. the introduction of Unique Local Addresses 200 (ULAs), and concerns about the impact of using longest prefix 201 matching on (DNS) round-robin load balancing. 203 In summary, the issues raised in RFC 5220 were: 205 o Multiple Routers on a Single Interface 207 o Ingress Filtering 209 o Half-Closed Network Problem (*) 211 o Combined Use of Global and ULA addresses (*) 213 o Site Renumbering (*) 215 o Multicast Source Address Selection (*) 217 o Temporary Address Selection 219 o IPv4 or IPv6 Prioritization (*) 221 o ULA and IPv4 Dual-Stack Environment (*) 223 o ULA or Global Prioritization (*) 225 The authors of RFC 5220 noted which of these issues can be solved 226 just by changes to the RFC 3484 policy table, marked (*) above, and 227 which cannot. It is interesting to note that issues largely related 228 to internal networking and (administrative) policy decisions can be 229 handled this way. However some issues need changes beyond just 230 policy table updates. 232 4.1. Internal vs External Triggers 234 When considering drivers or triggers that may lead to a requirement 235 for the policy to change, we can divide the problem space into those 236 drivers that are external to a site or network and those internal to 237 it. In the case of the first two examples above, a dynamic policy 238 table update may be required by externally driven routing changes, 239 assuming the site uses a dynamic routing protocol intra-site and the 240 routing protocol is configured to reflect changes of extra-site 241 routing topology. 243 If a site is multihomed using BGP and advertising a single prefix 244 upstream, then no policy table manipulation is required for global 245 address preferences. However where a site is multihomed by receiving 246 a prefix from each upstream provider, each host will have multiple 247 addresses and many need policy table manipulation. In such a case, 248 the policy table of hosts may need to be updated according to the 249 routing policy. 251 It should be noted that we have other mechanisms for dynamic routing 252 topology change, for example deprecating one of the advertised 253 prefixes, e.g. when one of the upstream links has a problem. But 254 such mechanisms may only help in some cases, and do not remove the 255 need for agility in the RFC 3484 policy. 257 Other examples of external factors include a new transition mechanism 258 being defined (e.g. as with the emergence of Teredo using 2001::/32 259 as assigned by IANA) and its inclusion being required in the policy 260 table (at the time of writing Teredo is not included in RFC 3484, 261 though some operating systems have added it), a new address block 262 being defined, or a site renumbering event that could be triggered by 263 an upstream provider's actions. 265 4.2. Administratively Triggered Changes 267 The other examples above are, in the general case, where the site 268 administrator chooses to change a local policy and in doing so 269 triggers the need for policy table updates. Some of these changes 270 one might assume to be set once, and to change rarely, for example: 272 o Setting priority use of IPv6 over IPv4 (or vice versa). 274 o Setting priority use of ULAs over globals (or vice versa). 276 o Setting priority of Teredo over native IPv4 (or vice versa). 278 o Setting priority use of privacy addresses over DNS-published 279 globals (or vice versa). 281 o An internal network renumbering occurs, perhaps due to a site 282 expanding. 284 o The nature of the external connectivity through multiple ISPs 285 requires specific additional information (policy) to be delivered 286 to certain hosts (as discussed in 2.1.3 in RFC 5220). 288 o Disabling longest-prefix match functions to facilitate round-robin 289 load balancing. 291 However it may be the case that different parts of a site have 292 different policies, or policies are changed in a rolling fashion 293 across a site over time as IPv6 and/or ULAs are introduced (for 294 example). This may happen where the administrator prefers a gradual 295 introduction of new policy in a phased operation across a site, 296 rather than changing policy across the whole site in one operation. 298 Other administrative changes may occur more frequently, e.g.: 300 o Routing tables and forwarding tables change dynamically. 302 o A different provider (link) is preferred for a given destination. 304 It's possible that provider links may vary on a daily basis, or by 305 time of day. The frequency of such policy changes will depend on the 306 frequency that the administrator wishes to change the implied traffic 307 engineering policies. 309 4.3. Start-up vs Running Changes 311 When a host starts up it may be configured with the default RFC 3484 312 policies. At this stage a number of addresses may be configured on a 313 number of interfaces on the host. At this time it may be desirable 314 for the host to be able to receive the site-specific policy updates 315 as a start-up override from the RFC 3484 defaults. 317 Other policy changes may later be required while the host is running. 318 Ideally the same protocol should be used for the start-up and running 319 state update mechanism. 321 4.4. Nomadic Nodes 323 A host may be nomadic within a site and as a result it may see the 324 preferred policy change depending on the host's topological location 325 within that site. Such a host should be capable of receiving policy 326 updates in a timely fashion as it migrates within the network. 328 While this may be one case of 'running changes' described above, the 329 policy changes are required due to the host's new point of 330 attachment, not changes of policy to the current point of attachment. 331 The frequency of updates are thus depend ant on the frequency of host 332 mobility to parts of the network that have differing policies. 334 It is worth noting that the point at which a nomadic host configures 335 its network settings would be an appropriate time for it to also 336 receive any specific address selection policy for its point of 337 attachement. 339 4.5. Multiple Interface Nodes 341 In considering scenarios where hosts may be multi-addressed and 342 require policy to assist in address selection, the issue of hosts 343 with multiple interfaces arises. 345 A host may have a variety of reasons to have multiple interfaces. It 346 may for example have WiFi and 3G interfaces, and be capable of 347 sending or receiving data over either interface. In some cases these 348 interfaces may fall within the same administrative domain (ISP) and 349 in some cases they may not. Another example would be the case of a 350 host with a VPN connection established, where address selection may 351 be affected by the choice of whether the VPN connection is used or 352 not. In this case it is interesting to note the choice to use the 353 VPN tunnel for all, or just VPN home site traffic, is often left as a 354 choice for the user via a tickbox selection. In addition, initiating 355 the VPN typically changes several related settings, which is 356 reasonable behaviour given the user chose to initiate the VPN 357 connection. 359 Handling multiple interface nodes, and the possibility of conflicting 360 policy being retrieved via each, is clearly an important problem 361 today, but we note that RFC 3484 is currently defined as a per-node, 362 not per-interface, mechanism (at least in the context of destination 363 address selection). However, for RFC 3484, and its potential update 364 mechanisms, to be applicable to typical 'real world' usage patterns, 365 we should consider the multiple interface scenarios. 367 In the case where a host has multiple interfaces there are two likely 368 scenarios: 370 o Wired and wireless interfaces - in this case the operating system 371 just needs to pick one interface and use it. 373 o Normal and VPN interfaces - here the default should be the normal 374 interface; the VPN interface should only be used for destinations 375 associated with the VPN. 377 It has been suggested that an RFC 3484 policy table is required on a 378 per-interface basis, though the choice of interface may itself be 379 determined by the (destination) address selection process. As stated 380 above, RFC 3484's policy table is currently defined to be node-wide. 381 The node-wide problem is destination address selection when the 382 source address is implied from a selected interface. 384 We note that there are some new, initial drafts published recently on 385 the multiple interface problem [RFC6418], and on a number of possible 386 DHCPv6 extensions, e.g. to inform hosts about routing information to 387 assist the selection process., to inform hosts about DNS server 388 selection policy, [RFC6731]. These drafts fall within the remit of 389 the new IETF mif WG. We note that the mif WG may produce relevant 390 work with respect to the analysis of RFC 3484 policy changes, but at 391 this stage no such output exists for inclusion. 393 5. How Dynamic? 395 The discussion above suggests that many of the potential triggers for 396 policy table changes are 'one-off' in nature, i.e. a site makes a 397 one-time policy change. It is thus unlikely that such administrative 398 changes will be frequent. 400 There are some cases where updates may be required to be more 401 frequent. In the example of a site which is implementing the gradual 402 introduction of new policy across its network, while the frequency of 403 changes may be relatively high, there is still probably only one or a 404 small number of changes per host. 406 There may be a higher rate of policy changes within a site if there 407 are nomadic hosts within the site, and these are roaming frequently 408 to parts of the network where differing policies are in effect. In 409 such cases it may be useful for a host to know whether or not the 410 default RFC 3484 (or soon to be 3484bis) policies are in effect or 411 not, and for there to be a 'cheap' way for the host to discover this. 413 Perhaps the biggest cause of policy change lies where the preferred 414 links or paths for certain destinations change frequently over time 415 as (typically) traffic engineering requirements change. In some 416 networks this may be a daily change, or change between states at 417 different times of day. It is not clear how common these cases are, 418 and thus further input is welcomed here. Our belief is that cases 419 where dynamic changes are used heavily are rare. 421 So, unless a site or network has rapidly changing traffic engineering 422 requirements, or includes a high number of mobile nodes where the 423 nodes are roaming to areas of the network with differing address 424 selection related policies, the frequency of updates is likely to be 425 relatively low. Most update requests will simply occur when a host 426 starts up, and such requests for policy will be little different in 427 frequency to other configuration requests. Other types of network 428 change that may require a host to change its RFC 3484 policy 429 behaviour are probably also likely to have associated changes with 430 other host configuration data. 432 6. Considerations when Obtaining Policy 434 When a policy change is made, or a host migrates to a part of the 435 network with different policies, that change of policy needs to be 436 conveyed to the host. It needs to be made available and applied 437 without restarting every affected host. 439 6.1. Changes in Available Address(es) 441 One might assume at first that when a host observes a change in its 442 addresses, it should re-obtain the selection policy, but this may not 443 always be the case. Not all policy changes are tied to a host 444 changing one or more addresses, though it may be acceptable to query 445 regardless for new policy (if a pull model is used) when address 446 information changes. 448 As described above, it may be sufficient for a host to know when a 449 policy is changed, or that perhaps the default policy is - or is not 450 - in effect in its current locale. 452 6.2. Timeliness 454 In many, but not all, cases a policy change will need to be 455 synchronised across a network. Thus there is a general issue of 456 timely and synchronised dissemination of new policy. If the policy 457 is distributed via the same mechanism that informs a host of a change 458 of address(es), the application of the policy should be synchronised 459 sufficiently with the address change. However, not all hosts may 460 receive the update information at the same time, e.g. where new 461 address assignments may be dependent on DHCP lease timers. 463 Where hosts use DHCPv6 for address information, in the absence of 464 some form of Reconfigure message, a host may see a delay in policy 465 changes being notified. One possible tool to help here is the DHCPv6 466 Lifetime Option (RFC4242) [RFC4242], which was originally introduced 467 to assist with network renumbering events. 469 7. Solution Space 471 In this section we make some initial observations on the possible 472 solution space. 474 7.1. Is default policy used? 476 There could be some mechanism to indicate to a host that the local 477 network has a modified RFC 3484 policy in use, and thus that a 478 revised policy table is available (and should be used). 479 Alternatively a host could simply always attempt to obtain local RFC 480 3484 policy on startup. Regardless, it should also be possible for a 481 host to detect that policy has changed (whether 'around' the host, or 482 due to the host being nomadic). The method to convey this chnage to 483 a host would depend on whether a push or pull configuration method is 484 used. 486 It is assumed by 'default' policy here we refer to the revised/ 487 updated RFC3484 specification, when that is produced. 489 7.2. Pull model 491 One potential solution is that a host uses a similar mechanism for 492 RFC 3484 policy updates as is used for obtaining other configuration 493 data, for example DHCPv6 [RFC3315]. For hosts using stateless 494 autoconfiguration, policy could be made available via stateless 495 DHCPv6 [RFC3736]. 497 There are also already some initial proposals from the IETF mif WG on 498 using DHCPv6 to deliver (mainly routing oriented) information to 499 hosts, e.g. DHCPv6 route option and [RFC6731]. These methods assume 500 entities that have timely knowledge of routing information can 501 provide equally timely hints to hosts on address selection, via 502 DHCPv6. At this stage we believe that distributing RFC 3484 policy, 503 as configured by an administrator, is a more practical use of DHCPv6. 505 The DHCP model allows individual nodes to potentially have differing 506 policy, even when on the same subnet. 508 7.3. Push model 510 For hosts only using stateless autoconfiguration, in environments 511 without stateless DHCPv6, it may be argued that since the network is 512 not managed, there is not likely to be any managed policy to push to 513 the hosts. In such environments hosts may perhaps more usefully use 514 techniques such as router hints to make informed selections, as 515 discussed later in this text. 517 It may of course be possible to piggy back policy information to a 518 host in a Router Advertisement message, though initial consensus 519 seems to be that this is a less attractive approach. 521 7.4. Routing Hints 523 As mentioned above, if a host has routing hints available, it may be 524 able to make more informed selections. For example, a protocol could 525 be specified for a node to query an on-link or remote (e.g. edge) 526 router for 'hints'. For example, a new ICMPv6 message could be 527 defined that queried a site edge router or route server for address 528 pairs to use for a given destination address. 530 However, having hosts themselves participate in routing is generally 531 not desirable. At this stage we can simply note that address 532 selection might be simplified when some hint based on routing state 533 is provided to the end system, but such mechanisms are out of scope 534 for this text. 536 It is noted in [RFC5887] that: 538 "In an environment where a site has more than one upstream link to 539 the outside world, the site might have more than one valid routing 540 prefix. In such cases, typically all valid routing prefixes within a 541 site will have the same prefix length. Also in such cases, it might 542 be desirable for hosts that obtain their addresses using DHCPv6 to 543 learn about the availability of upstream links dynamically, by 544 deducing from periodic IPv6 RA messages which routing prefixes are 545 currently valid. This application seems possible within the IPv6 546 Neighbour Discovery architecture, but does not appear to be clearly 547 specified anywhere." 549 The same thought seems relevant to address selection. There's no 550 point selecting a source address whose prefix is not being advertised 551 in RAs. 553 While routing and prefix hints may help a host make selection 554 decisions, we should consider to what extent we wish to 'burden' a 555 host with holding such information. If a host is to determine and 556 cache routing hints, this may require an update of RFC 3484 policy 557 table syntax to support preference for address pairs. 559 7.5. Policy Conflicts 561 In the case of a host operating in a single administrative domain, 562 consistent policy should be available from whichever policy 563 distribution mechanism provides the information. In such cases the 564 network should not distribute policy sets from multiple entities (or 565 by multiple mechanisms). However, in scenarios where a host is 566 multi-addressed from multiple providers (e.g. a SOHO network with 567 differing DSL and cable providers, or a user in a coffee shop 568 initiating a VPN connection to their home network), multiple RFC 3484 569 policies may be received and there is likely to be some conflicts in 570 the received policy information. 572 There are scenarios where a host may wish to ignore a conveyed 573 policy. For example, the manager of a mobile node may not want to 574 have its preferences changed by a visited network. In such a case 575 one might argue that the mobile node should use MIPv6 with whatever 576 its home network policies are. 578 The question then is whether the policy update mechanism itself needs 579 to handle such potential conflicts, choosing one or ther other or 580 merging by some set of heuristics, or whether the policy update 581 mechansism should be viewed independently of the conflict handling. 582 The view of the design team was that distributing policy is a network 583 problem, while handling conflicts is a host problem. 585 7.6. Policy Merging 587 For whatever mechanism is used to distribute RFC 3484 policy, it is 588 not yet clear whether entire policy tables will be made available, or 589 simply differences to the 'default', and thus whether policies may 590 need to be merged, or overridden. Some policy conflicts will be 591 unresolvable, e.g. one prefers IPv4 over IPv6, the other vice-versa. 592 It may be simpler, though less efficient, for whole policy tables to 593 be distributed, to avoid the merger problem. 595 One option may be to split the policy table into destination address 596 selection and source address selection tables, with the policy 597 distribution only updating the source address selection. Whether 598 this might make merging policies simpler or in fact more complex 599 would require further study. 601 It may also be possible to indicate some priority value for a policy, 602 e.g. the priority of the interface it is received on, or perhaps to 603 convey a unique identifier for the policy provider. Alternatibely, 604 if there are multiple policies in conflict, a host could simply 605 choose to fall back to use the default RFC 3484 policy. 607 A host also needs to know how to decide when to accept a policy. We 608 could simplify the discussion by assuming a host is located in and 609 only nomadic within a single site with one administrative controlling 610 entity. 612 8. On RFC3484 Default Policies 614 RFC 3484 includes text about mechanisms for changing policy, having 615 'policy hooks' and having a configurable policy table. The 616 implication is that defaults can be changed, and the text gives 617 examples of this in Section 10. However, issues with RFC 3484 are 618 broader that just policy table updates - it remains the case that 619 some operational issues with RFC 3484 are not just related to the 620 table, but on rules themselves, e.g. longest prefix match (affecting 621 DNS round robin as described in [RFC5220]). 623 While discussing default policy, we noted that the word 'default' has 624 to be carefully defined, and also what the scope of this 'default' 625 is. The default policy should be whatever RFC 3484, or its -bis 626 version, states. At present some operating systems have already 627 modified their default, based on operational feedback (e.g. on ULAs, 628 on Teredo prefixes, or on the DNS round-robin problem). Currently we 629 assume RFC3484 and changes to it will remain node-specific. 631 It certainly seems the case that the issues raised in RFC 5220, and 632 problems about RFC 3484 revision mean that an update of RFC 3484 is 633 required, if only because some of the issues (as highlighted earlier) 634 cannot be addressed by updating the policy table alone. An update 635 would also give us some hope that all operating systems might have a 636 common 'default'. 638 We do not note any specific comments here on how RFC 3484 should be 639 updated. Other drafts have made suggestions. There are some 640 discussions on ideas however, e.g. on the semantics of labels, and 641 in adding ULAs explicitly to the default policy table. 643 There have also been new issues identified, e.g. on how one 644 differentiates between IPv4+NAT access or IPv6 transitional access 645 (e.g. via Teredo) to a dual-stack destination (the IPv4 private 646 address inside the NAT is implicitly global, although its explicit 647 scope is local) [I-D.denis-v6ops-nat-addrsel]. This illustrates that 648 new issues may continue to be identified through growing IPv6 649 operational experience. 651 It is hard to predict exactly what features people will want to add 652 to address selection algorithms in the future. Ideally we should not 653 preclude future flexibility. It seems clear that any RFC 3484 update 654 has two aspects: one that uses the existing policy table capability, 655 and one that might change associated algorithms. 657 9. Conclusions 658 We believe a key outcome of this text should be progression of a 659 solution to allow an enterprise network manager to configure their 660 hosts with address selection policies that may differ from the RFC 661 3484 default, across all or part of their network, and possibly 662 changing polciy with time. The general scope of this text applies to 663 site and enterprise networks, where an administrator may need to 664 change policies over time. It also includes nomadic nodes within the 665 site, which may migrate to different parts of the site where 666 different policies are required. 668 It is clear there may be environments which might introduce 669 conflicting policies from different administrative domains, e.g. a 670 SOHO network with two ISP links, or an enterprise node running a VPN 671 to a remote network. We conclude that the policy distribution 672 mechanism is a network task, while policy conflict handling is a host 673 task. Within this text, we do not present a solution for policy 674 conflict handling, because at this time there is no perfect or 675 practical solution. We thus recommend that we should progress the 676 policy distribution solution while analysing conflict handling (which 677 is not unique to this domain) in a separate text. 679 The scope of this text includes issues affecting the design of a 680 protocol to allow a host's RFC 3484 policy table to be updated. From 681 discussion of update triggers/scenarios, we believe rapid updates are 682 unlikely to be required unless a node is in a network which has 683 (very) dynamic external traffic engineering, or many nodes are mobile 684 between parts of the network with differing policy. It's thus 685 generally appropriate to use a similar method to obtain RFC 3484 686 policy as to obtain other configuration data. 688 In terms of obtaining policy, a pull-based solution, such as DHCPv6, 689 may be more appropriate in managed environments (where managed non- 690 default policies are most likely to be in effect), which would assure 691 that hosts only gain policy information from a single entity (the 692 DHCPv6 service). Use of DHCPv6 is also preferable if individual 693 hosts on a subnet require different policies. In unmanaged networks, 694 without stateless DHCPv6, use of routing hints may be an approach 695 worth exploring. 697 Finally, there is a clear need to revise RFC 3484, to create a new 698 default policy table for address selection, and to improve non policy 699 table algorithms. This should be expedited. 701 10. Security Considerations 703 There are no extra Security consideration for this document. 705 11. IANA Considerations 707 There are no extra IANA consideration for this document. 709 12. Acknowledgements 711 The design team working on this draft is: Marcelo Bagnulo Braun, Marc 712 Blanchet, Tim Chown, Francis Dupont, Tim Enos, TJ Evans, Brian 713 Haberman, Tony Hain, Ruri Hiromi, Suresh Krishnan, Arifumi Matsumoto, 714 Janos Mohacsi, Sebastien Roy, Teemu Savolainen, Fujisaki Tomohiro, 715 and John Zhao. 717 We also acknowledge comments received from IETF WG mail lists, 718 including those by Brian Carpenter and Dave Thaler. 720 13. Informative References 722 [RFC3484] Draves, R., "Default Address Selection for Internet 723 Protocol version 6 (IPv6)", RFC 3484, February 2003. 725 [RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown, 726 "Default Address Selection for Internet Protocol Version 6 727 (IPv6)", RFC 6724, September 2012. 729 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 730 and M. Carney, "Dynamic Host Configuration Protocol for 731 IPv6 (DHCPv6)", RFC 3315, July 2003. 733 [RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol 734 (DHCP) Service for IPv6", RFC 3736, April 2004. 736 [RFC4242] Venaas, S., Chown, T., and B. Volz, "Information Refresh 737 Time Option for Dynamic Host Configuration Protocol for 738 IPv6 (DHCPv6)", RFC 4242, November 2005. 740 [RFC5220] Matsumoto, A., Fujisaki, T., Hiromi, R., and K. Kanayama, 741 "Problem Statement for Default Address Selection in Multi- 742 Prefix Environments: Operational Issues of RFC 3484 743 Default Rules", RFC 5220, July 2008. 745 [RFC5221] Matsumoto, A., Fujisaki, T., Hiromi, R., and K. Kanayama, 746 "Requirements for Address Selection Mechanisms", RFC 5221, 747 July 2008. 749 [RFC5887] Carpenter, B., Atkinson, R., and H. Flinck, "Renumbering 750 Still Needs Work", RFC 5887, May 2010. 752 [RFC6418] Blanchet, M. and P. Seite, "Multiple Interfaces and 753 Provisioning Domains Problem Statement", RFC 6418, 754 November 2011. 756 [RFC6731] Savolainen, T., Kato, J., and T. Lemon, "Improved 757 Recursive DNS Server Selection for Multi-Interfaced 758 Nodes", RFC 6731, December 2012. 760 [I-D.ietf-6man-addr-select-opt] 761 Matsumoto, A., Fujisaki, T., and T. Chown, "Distributing 762 Address Selection Policy using DHCPv6", draft-ietf-6man- 763 addr-select-opt-08 (work in progress), January 2013. 765 [I-D.ietf-mif-dhcpv6-route-option] 766 Dec, W., Mrugalski, T., Sun, T., Sarikaya, B., and A. 767 Matsumoto, "DHCPv6 Route Options", draft-ietf-mif-dhcpv6 768 -route-option-05 (work in progress), August 2012. 770 [I-D.denis-v6ops-nat-addrsel] 771 Denis-Courmont, R., "Problems with IPv6 source address 772 selection and IPv4 NATs", draft-denis-v6ops-nat-addrsel-00 773 (work in progress), February 2009. 775 [I-D.ietf-v6ops-multihoming-without-nat66] 776 Troan, O., Miles, D., Matsushima, S., Okimoto, T., and D. 777 Wing, "IPv6 Multihoming without Network Address 778 Translation", draft-ietf-v6ops-multihoming-without- 779 nat66-00 (work in progress), December 2010. 781 Authors' Addresses 783 Tim Chown (editor) 784 University of Southampton 785 Southampton , Hampshire SO17 1BJ 786 United Kingdom 788 Email: tjc@ecs.soton.ac.uk 789 Arifumi Matsumoto (editor) 790 NTT NT Lab 791 Midori-Cho 3-9-11 792 Musashino-shi, Tokyo 180-8585 793 Japan 795 Phone: +81 422 59 3334 796 Email: matsumoto.arifumi@lab.ntt.co.jp