idnits 2.17.1 draft-ietf-softwire-map-dhcp-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 09, 2015) is 3329 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) == Outdated reference: A later version (-21) exists of draft-ietf-dhc-sedhcpv6-03 == Outdated reference: A later version (-13) exists of draft-ietf-softwire-lw4over6-03 == Outdated reference: A later version (-08) exists of draft-ietf-softwire-map-t-04 == Outdated reference: A later version (-13) exists of draft-ietf-softwire-map-08 == Outdated reference: A later version (-08) exists of draft-ietf-softwire-unified-cpe-01 -- Obsolete informational reference (is this intentional?): RFC 6145 (Obsoleted by RFC 7915) Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire WG T. Mrugalski 3 Internet-Draft ISC 4 Intended status: Standards Track O. Troan 5 Expires: September 10, 2015 Cisco 6 I. Farrer 7 Deutsche Telekom AG 8 S. Perreault 9 Viagenie 10 W. Dec 11 Cisco 12 C. Bao 13 Tsinghua University 14 L. Yeh 15 CNNIC 16 X. Deng 18 March 09, 2015 20 DHCPv6 Options for configuration of Softwire Address and Port Mapped 21 Clients 22 draft-ietf-softwire-map-dhcp-12 24 Abstract 26 This document specifies DHCPv6 options, termed Softwire46 options, 27 for the provisioning of Softwire46 Customer Edge (CE) devices. 28 Softwire46 is a collective term used to refer to architectures based 29 on the notion of IPv4 Address+Port (A+P) for providing IPv4 30 connectivity across an IPv6 network. 32 Status of This Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at http://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on September 10, 2015. 49 Copyright Notice 51 Copyright (c) 2015 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 67 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 68 3. Softwire46 Overview . . . . . . . . . . . . . . . . . . . . . 3 69 4. Common Softwire46 DHCPv6 Options . . . . . . . . . . . . . . 4 70 4.1. S46 Rule Option . . . . . . . . . . . . . . . . . . . . . 5 71 4.2. S46 BR Option . . . . . . . . . . . . . . . . . . . . . . 7 72 4.3. S46 DMR Option . . . . . . . . . . . . . . . . . . . . . 7 73 4.4. S46 IPv4/IPv6 Address Binding Option . . . . . . . . . . 8 74 4.5. S46 Port Parameters Option . . . . . . . . . . . . . . . 9 75 5. Softwire46 Containers . . . . . . . . . . . . . . . . . . . . 10 76 5.1. Softwire46 MAP-E Container Option . . . . . . . . . . . . 10 77 5.2. Softwire46 MAP-T Container Option . . . . . . . . . . . . 11 78 5.3. Softwire46 LightWeight 46 Container Option . . . . . . . 11 79 6. Softwire46 Options Formatting . . . . . . . . . . . . . . . . 12 80 7. DHCPv6 Server Behavior . . . . . . . . . . . . . . . . . . . 13 81 8. DHCPv6 Client Behavior . . . . . . . . . . . . . . . . . . . 13 82 9. Security Considerations . . . . . . . . . . . . . . . . . . . 14 83 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 84 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 85 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 86 12.1. Normative References . . . . . . . . . . . . . . . . . . 15 87 12.2. Informative References . . . . . . . . . . . . . . . . . 15 88 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 90 1. Introduction 92 A number of architectural solution proposals discussed in the IETF 93 Softwire Working Group use Address and Port (A+P) as their technology 94 base for providing IPv4 connectivity to end users using CE devices 95 across a Service Provider's IPv6 network, while allowing for shared 96 or dedicated IPv4 addressing of CEs. 98 An example is Mapping of Address and Port (MAP) defined in 99 [I-D.ietf-softwire-map]. The MAP solution consists of one or more 100 MAP Border Relay (BR) routers, responsible for stateless forwarding 101 between a MAP IPv6 domain and an IPv4 network, and one or more MAP 102 Customer Edge (CE) routers, responsible for forwarding between a 103 user's IPv4 network and the MAP IPv6 network domain. Collectively, 104 the MAP CE and BR form a domain when configured with common service 105 parameters. This characteristic is common to all of the Softwire46 106 mechanisms. 108 To function in such a domain, a CE needs to be provisioned with the 109 appropriate A+P service parameters for that domain. These consist 110 primarily of the CE's IPv4 address and transport layer port-range(s). 111 Furthermore, the IPv6 transport mode (i.e. encapsulation or 112 translation) needs to be specified. Provisioning of other IPv4 113 configuration information not derived directly from the A+P service 114 parameters is not covered in this document. It is expected that 115 provisioning of other IPv4 configuration will continue to use DHCPv4 116 [RFC2131]. 118 This memo specifies a set of DHCPv6 [RFC3315] options to provision 119 Softwire46 information to CE routers. Although the focus is to 120 deliver IPv4 service to an end-user network (such as a residential 121 home network), it can equally be applied to an individual host acting 122 as a CE. Configuration of the BR is out of scope of this document. 124 2. Conventions 126 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 127 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 128 document are to be interpreted as described in RFC 2119 [RFC2119]. 130 3. Softwire46 Overview 132 This document describes a set of common DHCPv6 options for 133 configuring the MAP-E [I-D.ietf-softwire-map], MAP-T 134 [I-D.ietf-softwire-map-t] and Lightweight 4over6 135 [I-D.ietf-softwire-lw4over6] mechanisms. For definition of the 136 terminology used in this document please see the relevant terminology 137 sections in the above references. 139 MAP-E, MAP-T and Lightweight 4over6 are essentially providing the 140 same functionality: IPv4 service to a CE router over an IPv6 only 141 access network. MAP-E and MAP-T may embed parts of the IPv4 address 142 in IPv6 prefixes, thereby supporting many clients with a fixed set of 143 mapping rules and mesh mode (direct CE to CE communication). MAP-E 144 and MAP-T CEs may also be provisioned in hub and spoke mode, and in 145 1:1 mode (with no embedded address bits). The difference between 146 MAP-E and MAP-T is that they use different means to connect to the 147 IPv6 domain. MAP-E uses [RFC2473] IPv4 over IPv6 tunnelling, while 148 MAP-T uses NAT64 [RFC6145] based translation. Lightweight 4over6 is 149 a hub and spoke IPv4 over IPv6 tunneling mechanism, with complete 150 independence of IPv4 and IPv6 addressing (zero embedded address 151 bits). 153 The DHCP options described here tie the provisioning parameters, and 154 hence the IPv4 service itself, to the End-user IPv6 prefix lifetime. 155 The validity of a Softwire46's IPv4 address, prefix or shared IPv4 156 address, port set and any authorization and accounting are tied to 157 the lifetime of its associated End-user IPv6 prefix. 159 To support more than one mechanism at a time and to allow for a 160 possibility of transition between them, the DHCPv6 Option Request 161 Option [RFC3315] is used. Each mechanism has a corresponding DHCPv6 162 container option. A DHCPv6 client can request a particular mechanism 163 by including the option code for a particular container option in its 164 ORO option. The provisioning parameters for that mechanism are 165 expressed by embedding the common format options within the 166 respective container option. 168 This approach implies that all of the provisioning options MUST 169 appear only within the container options. The client MUST NOT 170 request any of the provisioning options directly within an ORO. MAP- 171 DHCP clients that receive provisioning options that are not 172 encapsulated in container options MUST silently ignore these options. 173 DHCP server administrators are advised to ensure that DHCP servers 174 are configured to send these options in the proper encapsulation. 176 The document is organized with the common sub-options described 177 first, followed by the three container options. Some sub-options are 178 mandatory in some containers, some are optional and some are not 179 permitted at all. This is shown in Table 1. 181 4. Common Softwire46 DHCPv6 Options 183 The DHCPv6 protocol is used for Softwire46 CE provisioning following 184 regular DHCPv6 notions, with the CE assuming the role of a DHCPv6 185 client, and the DHCPv6 server providing options following DHCPv6 186 server side policies. The format and usage of the options are 187 defined in the following sub-sections. 189 Each CE needs to be provisioned with enough information to calculate 190 its IPv4 address, IPv4 prefix or shared IPv4 address. MAP-E and 191 MAP-T use the OPTION_S46_RULE, while Lightweight 4over6 uses the 192 OPTION_S46_V4V6BIND option. A CE that needs to communicate outside 193 of the A+P domain also needs the address or prefix of the BR. MAP-E 194 and Lightweight 4over6 use the OPTION_S46_BR option to communicate 195 the IPv6 address of the BR. MAP-T forms an IPv6 destination address 196 by embedding an IPv4 destination address into the BR's IPv6 prefix 197 conveyed via the OPTION_S46_DMR option. Optionally, all mechanisms 198 can include OPTION_S46_PORTPARAMS to specify parameters and port sets 199 for the port range algorithm. 201 Softwire46 options use addresses rather than FQDNs. For rationale 202 behind this design choice, see Section 8 of [RFC7227]. 204 4.1. S46 Rule Option 206 Figure 1 shows the format of the S46 Rule option (OPTION_S46_RULE) 207 used for conveying the Basic Mapping Rule (BMR) and Forwarding 208 Mapping Rule (FMR). 210 This option follows behavior described in Sections 17.1.1 and 18.1.1 211 of [RFC3315]. Clients can insert those options with specific values 212 as hints for the server. Depending on the server configuration and 213 policy, it may accept or ignore the hints. Client MUST be able to 214 process received values that are different than the hints it sent 215 earlier. 217 0 1 2 3 218 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 219 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 | OPTION_S46_RULE | option-length | 221 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 | flags | ea-len | prefix4-len | ipv4-prefix | 223 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 224 | (continued) | prefix6-len | 225 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 226 | ipv6-prefix | 227 | (variable length) | 228 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 229 | | 230 . S46_RULE-options . 231 . . 232 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 234 Figure 1: S46 Rule Option 236 o option-code: OPTION_S46_RULE (TBD1) 238 o option-length: length of the option, excluding option-code and 239 option-length fields, including length of all encapsulated 240 options, expressed in bytes. 242 o flags: 8 bits long field carrying flags applicable to the rule. 243 The meaning of specific bits are explained in Figure 2. 245 o ea-len: 8 bits long field that specifies the Embedded-Address (EA) 246 bit length. Allowed values range from 0 to 48. 248 o prefix4-len: 8 bits long field expressing the prefix length of the 249 IPv4 prefix specified in the rule-ipv4-prefix field. Valid values 250 0 to 32. 252 o ipv4-prefix: a fixed length 32 bit field that specifies the IPv4 253 prefix for the S46 rule. The bits in the prefix after prefix4-len 254 number of bits are reserved and MUST be initialized to zero by the 255 sender and ignored by the receiver. 257 o prefix6-len: 8 bits long field expressing the length of the IPv6 258 prefix specified in the rule-ipv6-prefix field. 260 o ipv6-prefix: a variable length field that specifies the IPv6 261 domain prefix for the S46 rule. The field is padded on the right 262 with zero bits up to the nearest octet boundary when prefix6-len 263 is not evenly divisible by 8. 265 o S46_RULE-options: a variable field that may contain zero or more 266 options that specify additional parameters for this S46 rule. 267 This document specifies one such option, OPTION_S46_PORTPARAMS. 269 The Format of the S46 Rule Flags field is: 271 0 1 2 3 4 5 6 7 272 +-+-+-+-+-+-+-+-+ 273 |Reserved |F| 274 +-+-+-+-+-+-+-+-+ 276 Figure 2: S46 Rule Flags 278 o Reserved: 7-bits reserved for future use as flags. 280 o F-Flag: 1 bit field that specifies whether the rule is to be used 281 for forwarding (FMR). If set, this rule is used as a FMR, if not 282 set this rule is a BMR only and MUST NOT be used for forwarding. 283 Note: A BMR can also be used as an FMR for forwarding if the 284 F-flag is set. The BMR rule is determined by a longest-prefix 285 match of the Rule-IPv6-prefix against the End-User IPv6 286 prefix(es). 288 It is expected that in a typical mesh deployment scenario, there will 289 be a single BMR, which could also be designated as an FMR using the 290 F-Flag. 292 4.2. S46 BR Option 294 The S46 BR Option (OPTION_S46_BR) is used to convey the IPv6 address 295 of the Border Relay. Figure 4 shows the format of the OPTION_S46_BR 296 option. 298 0 1 2 3 299 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 300 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 301 | OPTION_S46_BR | option-length | 302 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 303 | br-ipv6-address | 304 | | 305 | | 306 | | 307 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 309 Figure 3: S46 BR Option 311 o option-code: OPTION_S46_BR (TBD2) 313 o option-length: 16 315 o br-ipv6-address: a fixed length field of 16 octets that specifies 316 the IPv6 address for the S46 BR. 318 BR redundancy can be implemented by using an anycast address for the 319 BR IPv6 address. Multiple OPTION_S46_BR options MAY be included in 320 the container; this document does not further explore the use of 321 multiple BR IPv6 addresses. 323 4.3. S46 DMR Option 325 The S46 DMR Option (OPTION_S46_DMR) is used to convey values for the 326 Default Mapping Rule (DMR). Figure 4 shows the format of the 327 OPTION_S46_DMR option used for conveying a DMR. 329 0 1 2 3 330 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 331 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 332 | OPTION_S46_DMR | option-length | 333 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 334 |dmr-prefix6-len| dmr-ipv6-prefix | 335 +-+-+-+-+-+-+-+-+ (variable length) | 336 . . 337 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 339 Figure 4: S46 DMR Option 341 o option-code: OPTION_S46_DMR (TBD3) 343 o option-length: 1 + length of dmr-ipv6-prefix specified in bytes. 345 o dmr-prefix6-len: 8 bits long field expressing the bit mask length 346 of the IPv6 prefix specified in the dmr-ipv6-prefix field. 348 o dmr-ipv6-prefix: a variable length field specifying the IPv6 349 prefix or address for the BR. This field is right padded with 350 zeros to the nearest octet boundary when dmr-prefix6-len is not 351 divisible by 8. 353 4.4. S46 IPv4/IPv6 Address Binding Option 355 The IPv4 address Option (OPTION_S46_V4V6BIND) MAY be used to specify 356 the full or shared IPv4 address of the CE. The IPv6 prefix field is 357 used by the CE to identify the correct prefix to use for the tunnel 358 source. 360 0 1 2 3 361 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 362 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 363 | OPTION_S46_V4V6BIND | option-length | 364 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 365 | ipv4-address | 366 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 367 |bindprefix6-len| bind-ipv6-prefix | 368 +-+-+-+-+-+-+-+-+ (variable length) | 369 . . 370 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 371 | | 372 . S46_V4V6BIND-options . 373 . . 374 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 376 Figure 5: S46 IPv4/IPv6 Address Binding Option 378 o option-code: OPTION_S46_V4V6BIND (TBD4) 380 o option-length: length of the option, excluding option-code and 381 option-length fields, including length of all encapsulated 382 options, expressed in bytes. 384 o ipv4-address: A fixed field of 4 octets specifying an IPv4 385 address. 387 o bindprefix6-len: 8 bits long field expressing the bit mask length 388 of the IPv6 prefix specified in the bind-ipv6-prefix field. 390 o bind-ipv6-prefix: a variable length field specifying the IPv6 391 prefix or address for the S46 CE. This field is right padded with 392 zeros to the nearest octet boundary when bindprefix6-len is not 393 divisible by 8. 395 o S46_V4V6BIND-options: a variable field that may contain zero or 396 more options that specify additional parameters. This document 397 specifies one such option, OPTION_S46_PORTPARAMS. 399 4.5. S46 Port Parameters Option 401 The Port Parameters Option (OPTION_S46_PORTPARAMS) specifies optional 402 Port Set information that MAY be provided to CEs. 404 See [I-D.ietf-softwire-map], Section 5.1 for a description of MAP 405 algorithm, explaining all of the parameters in detail. 407 0 1 2 3 408 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 409 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 410 | OPTION_S46_PORTPARAMS | option-length | 411 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 412 | offset | PSID-len | PSID | 413 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 415 Figure 6: S46 Port Parameters Option 417 o option-code: OPTION_S46_PORTPARAMS (TBD5) 419 o option-length: 4 421 o offset: (PSID offset) 8 bits long field that specifies the numeric 422 value for the S46 algorithm's excluded port range/offset bits 423 (a-bits), as per section 5.1.1 of [I-D.ietf-softwire-map]. 424 Allowed values are between 0 and 15. Default values for this 425 field are specific to the softwire mechanism being implemented and 426 are defined in the relevant specification document. 428 o PSID-len: Bit length value of the number of significant bits in 429 the PSID field. (also known as 'k'). When set to 0, the PSID 430 field is to be ignored. After the first 'a' bits, there are k 431 bits in the port number representing the value of the Port Set 432 Identifier (PSID). Consequently, the address sharing ratio would 433 be 2^k. 435 o PSID: Explicit 16-bit (unsigned word) PSID value. The PSID value 436 algorithmically identifies a set of ports assigned to a CE. The 437 first k bits on the left of this field contain the PSID value. 438 The remaining (16-k) bits on the right are padding zeros. 440 When receiving the OPTION_S46_PORTPARAMS option with an explicit 441 PSID, the client MUST use this explicit PSID in configuring its 442 softwire interface. The OPTION_S46_PORTPARAMS option with an 443 explicit PSID MUST be discarded if the S46 CE isn't configured with a 444 full IPv4 address (e.g. IPv4 prefix). 446 The OPTION_S46_PORTPARAMS option with an explicit PSID MUST be 447 discarded if the S46 CE isn't configured with a full IPv4 address 448 (e.g. IPv4 prefix). 450 The OPTION_S46_PORTPARAMS option is contained within an 451 OPTION_S46_RULE option or an OPTION_S46_V4V6BIND option. 453 5. Softwire46 Containers 455 5.1. Softwire46 MAP-E Container Option 457 The MAP-E Container Option (OPTION_S46_CONT_MAPE) specifies the 458 container used to group all rules and optional port parameters for a 459 specified domain. 461 0 1 2 3 462 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 463 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 464 | OPTION_S46_CONT_MAPE | option-length | 465 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 466 | | 467 . encapsulated-options (variable length) . 468 . . 469 +---------------------------------------------------------------+ 471 Figure 7: MAP-E Container Option 473 o option-code: OPTION_S46_CONT_MAPE (TBD6) 475 o option-length: Length of encapsulated options 477 o encapsulated-options: options associated with this Softwire46 478 MAP-E domain. 480 The encapsulated options field conveys options specific to the 481 OPTION_S46_CONT_MAPE. Currently there are two sub-options specified, 482 OPTION_S46_RULE and OPTION_S46_BR. There MUST be at least one 483 OPTION_S46_RULE option and at least one OPTION_S46_BR option. 485 Other options applicable to a domain may be defined in the future. A 486 DHCP message MAY include multiple OPTION_S46_CONT_MAPE options 487 (representing multiple domains). 489 5.2. Softwire46 MAP-T Container Option 491 The MAP-T Container option (OPTION_S46_CONT_MAPT) specifies the 492 container used to group all rules and optional port parameters for a 493 specified domain. 495 0 1 2 3 496 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 497 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 498 | OPTION_S46_CONT_MAPT | option-length | 499 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 500 | | 501 . encapsulated-options (variable length) . 502 . . 503 +---------------------------------------------------------------+ 505 Figure 8: MAP-E Container Option 507 o option-code: OPTION_S46_CONT_MAPT (TBD7) 509 o option-length: Length of encapsulated options 511 o encapsulated-options: options associated with this Softwire46 512 MAP-T domain. 514 The encapsulated options field conveys options specific to the 515 OPTION_S46_CONT_MAPT option. Currently there are two options 516 specified, the OPTION_S46_RULE and OPTION_S46_DMR options. There 517 MUST be at least one OPTION_S46_RULE option and exactly one 518 OPTION_S46_DMR option. 520 5.3. Softwire46 LightWeight 46 Container Option 522 The LW46 Container option (OPTION_S46_CONT_LW) specifies the 523 container used to group all rules and optional port parameters for a 524 specified domain. 526 0 1 2 3 527 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 529 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 530 | OPTION_S46_CONT_LW | option-length | 531 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 532 | | 533 + encapsulated-options (variable length) . 534 . . 535 +---------------------------------------------------------------+ 537 Figure 9: LW46 Container Option 539 o option-code: OPTION_S46_CONT_LW (TBD8) 541 o option-length: Length of encapsulated options 543 o encapsulated-options: options associated with this Softwire46 544 domain. 546 The encapsulated options field conveys options specific to the 547 OPTION_S46_CONT_LW option. Currently there are two options 548 specified, OPTION_S46_V4V6BIND and OPTION_S46_BR. There MUST be at 549 most one OPTION_S46_V4V6BIND option and at least one OPTION_S46_BR 550 option. 552 6. Softwire46 Options Formatting 554 The below table shows which sub-options are mandatory, optional or 555 not permitted for each defined container option. 557 +-----------------------+-------+-------+--------------------+ 558 | Option | MAP-E | MAP-T | Lightweight 4over6 | 559 +-----------------------+-------+-------+--------------------+ 560 | OPTION_S46_RULE | M | M | N/A | 561 | | | | | 562 | OPTION_S46_BR | M | N/A | M | 563 | | | | | 564 | OPTION_S46_PORTPARAMS | O | O | O | 565 | | | | | 566 | OPTION_S46_DMR | N/A | M | N/A | 567 | | | | | 568 | OPTION_S46_V4V6BIND | N/A | N/A | O | 569 +-----------------------+-------+-------+--------------------+ 571 M - Mandatory, O - Optional, N/A - Not Applicable 573 Table 1: Option to Container Mappings 575 MAP-DHCP clients that receive container options that violate any of 576 the above rules MUST silently ignore such container options. 578 7. DHCPv6 Server Behavior 580 [RFC3315] Section 17.2.2 describes how a DHCPv6 client and server 581 negotiate configuration values using the ORO. As a convenience to 582 the reader, we mention here that by default, a server will not reply 583 with a Softwire46 Container Option if the client has not explicitly 584 enumerated one in its Option Request Option. 586 A CE router may support several (or all) of the mechanisms mentioned 587 here. In the case where a client requests multiple mechanisms in its 588 ORO option, the server will reply with the corresponding Softwire46 589 Container options for which it has configuration information. 591 8. DHCPv6 Client Behavior 593 An S46 CE acting as DHCPv6 client will request S46 configuration 594 parameters from the DHCPv6 server located in the IPv6 network. Such 595 a client MUST request the S46 Container option(s) that it is 596 configured for in its ORO in SOLICIT, REQUEST, RENEW, REBIND and 597 INFORMATION-REQUEST messages. 599 When processing received S46 container options the following 600 behaviour is expected: 602 o A client MUST support processing multiple received OPTION_S46_RULE 603 options in a container OPTION_S46_CONT_MAPE or 604 OPTION_S46_CONT_MAPT option 606 o A client receiving an unsupported S46 option, or an invalid 607 parameter value SHOULD discard that S46 Container option and log 608 the event. 610 The behavior of a client supporting multiple Softwire46 mechanisms, 611 is out of scope of this document. [I-D.ietf-softwire-unified-cpe] 612 describes client behaviour for the prioritization and handling of 613 multiple mechanisms simultaneously. 615 Note that system implementing CE functionality may have multiple 616 network interfaces, and these interfaces may be configured 617 differently; some may be connected to networks using a Softwire46 618 mechanism, and some may be connected to networks that are using 619 normal dual stack or other means. The CE should approach this 620 specification on an interface-by-interface basis. For example, if 621 the CE system is MAP-E capable and is attached to multiple networks 622 that provide the OPTION_S46_CONT_MAPE option, then the CE MUST 623 configure MAP-E for each interface separately. 625 Failure modes are out of scope for this document. Failure recovery 626 mechanisms may be defined in the future. See Section 5 of 627 [I-D.ietf-softwire-map] for discussion on valid MAP rule 628 combinations. See Section 11 of [RFC7227], Sections 18.1.3, 18.1.4 629 and 19.1 of [RFC3315] for parameters update mechanisms in DHCPv6 that 630 can be leveraged to update configuration after a failure. 632 9. Security Considerations 634 Section 23 of [RFC3315] discusses DHCPv6-related security issues. 636 As with all DHCPv6-derived configuration state, it is possible that 637 configuration is actually being delivered by a third party (Man In 638 The Middle). As such, there is no basis on which access over MAP or 639 lw4o6 can be trusted. Therefore, softwires should not bypass any 640 security mechanisms such as IP firewalls. 642 In IPv6-only networks that lack any IPv4 firewalls, a device 643 supporting MAP could be tricked into enabling its IPv4 stack and 644 direct IPv4 traffic to the attacker, thus exposing itself to 645 previously infeasible IPv4 attack vectors. 647 Section 11 of [I-D.ietf-softwire-map] discusses security issues of 648 the MAP mechanism. 650 Readers concerned with security of MAP provisioning over DHCPv6 are 651 encouraged to read [I-D.ietf-dhc-sedhcpv6]. 653 10. IANA Considerations 655 IANA is kindly requested to allocate the following DHCPv6 option 656 codes: 658 TBD1 for OPTION_S46_RULE 660 TBD2 for OPTION_S46_BR 662 TBD3 for OPTION_S46_DMR 664 TBD4 for OPTION_S46_V4V6BIND 666 TBD5 for OPTION_S46_PORTPARAMS 668 TBD6 for OPTION_S46_CONT_MAPE 670 TBD7 for OPTION_S46_CONT_MAPT 672 TBD8 for OPTION_S46_CONT_LW 674 All values should be added to the DHCPv6 option code space defined in 675 Section 24.3 of [RFC3315]. 677 11. Acknowledgements 679 This document was created as a product of a MAP design team. 680 Following people were members of that team: Congxiao Bao, Mohamed 681 Boucadair, Gang Chen, Maoke Chen, Wojciech Dec, Xiaohong Deng, Jouni 682 Korhonen, Xing Li, Satoru Matsushima, Tomasz Mrugalski, Tetsuya 683 Murakami, Jacni Qin, Necj Scoberne, Qiong Sun, Tina Tsou, Dan Wing, 684 Leaf Yeh and Jan Zorz. 686 The authors would like to thank Bernie Volz and Tom Taylor for their 687 insightful comments and suggestions. 689 12. References 691 12.1. Normative References 693 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 694 Requirement Levels", BCP 14, RFC 2119, March 1997. 696 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 697 and M. Carney, "Dynamic Host Configuration Protocol for 698 IPv6 (DHCPv6)", RFC 3315, July 2003. 700 12.2. Informative References 702 [I-D.ietf-dhc-sedhcpv6] 703 Jiang, S., Shen, S., Zhang, D., and T. Jinmei, "Secure 704 DHCPv6 with Public Key", draft-ietf-dhc-sedhcpv6-03 (work 705 in progress), June 2014. 707 [I-D.ietf-softwire-lw4over6] 708 Cui, Y., Qiong, Q., Boucadair, M., Tsou, T., Lee, Y., and 709 I. Farrer, "Lightweight 4over6: An Extension to the DS- 710 Lite Architecture", draft-ietf-softwire-lw4over6-03 (work 711 in progress), November 2013. 713 [I-D.ietf-softwire-map-t] 714 Li, X., Bao, C., Dec, W., Troan, O., Matsushima, S., and 715 T. Murakami, "Mapping of Address and Port using 716 Translation (MAP-T)", draft-ietf-softwire-map-t-04 (work 717 in progress), September 2013. 719 [I-D.ietf-softwire-map] 720 Troan, O., Dec, W., Li, X., Bao, C., Matsushima, S., 721 Murakami, T., and T. Taylor, "Mapping of Address and Port 722 with Encapsulation (MAP)", draft-ietf-softwire-map-08 723 (work in progress), August 2013. 725 [I-D.ietf-softwire-unified-cpe] 726 Boucadair, M., Farrer, I., Perreault, S., and S. 727 Sivakumar, "Unified IPv4-in-IPv6 Softwire CPE", draft- 728 ietf-softwire-unified-cpe-01 (work in progress), May 2013. 730 [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 731 2131, March 1997. 733 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 734 IPv6 Specification", RFC 2473, December 1998. 736 [RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation 737 Algorithm", RFC 6145, April 2011. 739 [RFC7227] Hankins, D., Mrugalski, T., Siodelski, M., Jiang, S., and 740 S. Krishnan, "Guidelines for Creating New DHCPv6 Options", 741 BCP 187, RFC 7227, May 2014. 743 Authors' Addresses 745 Tomasz Mrugalski 746 Internet Systems Consortium, Inc. 747 950 Charter Street 748 Redwood City, CA 94063 749 USA 751 Phone: +1 650 423 1345 752 Email: tomasz.mrugalski@gmail.com 753 URI: http://www.isc.org/ 755 Ole Troan 756 Cisco Systems, Inc. 757 Philip Pedersens vei 1 758 Lysaker 1366 759 Norway 761 Email: ot@cisco.com 762 Ian Farrer 763 Deutsche Telekom AG 764 CTO-ATI, Landgrabenweg 151 765 Bonn, NRW 53227 766 Germany 768 Email: ian.farrer@telekom.de 770 Simon Perreault 771 Viagenie 772 246 Aberdeen 773 Quebec, QC G1R 2E1 774 Canada 776 Phone: +1 418 656 9254 777 Email: simon.perreault@viagenie.ca 779 Wojciech Dec 780 Cisco Systems, Inc. 781 The Netherlands 783 Email: wdec@cisco.com 784 URI: http://cisco.com 786 Congxiao Bao 787 CERNET Center/Tsinghua University 788 Room 225, Main Building, Tsinghua University 789 Beijing 100084 790 CN 792 Phone: +86 10-62785983 793 Email: congxiao@cernet.edu.cn 795 Leaf Y. Yeh 796 CNNIC 797 4, South 4th Street, Zhong_Guan_Cun 798 Beijing 100190 799 P. R. China 801 Email: leaf.yeh.sdo@gmail.com 802 Xiaohong Deng 803 6 Floor, C Block, DaCheng International Center Chaoyang District 804 Beijing 100124 805 China 807 Phone: +61 3858 3128 808 Email: dxhbupt@gmail.com