IPv6 maintenance Working Group (6man) F. Gont Internet-Draft SI6 Networks Updates: 4291, 4193, 8190 (if approved) January 5, 2021 Intended status: Standards Track Expires: July 9, 2021 Scope of Unique Local IPv6 Unicast Addresses draft-gont-6man-ipv6-ula-scope-00 Abstract Unique Local IPv6 Unicast Addresses (ULAs) are formally part of the IPv6 Global Unicast address space. However, the semantics of ULAs clearly contradict the definition of "global scope". This document discusses the why the terminology employed for the specification of ULAs is problematic, along with some practical consequences of the current specification of ULAs. Finally, it formally updates RFC4291 and RFC4193 such that the scope of ULAs is defined as "local". Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on July 9, 2021. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must Gont Expires July 9, 2021 [Page 1] Internet-Draft ULA Scope January 2021 include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. What Does 'Global Scope' mean? . . . . . . . . . . . . . . . 2 3. Scope of Unique Local IPv6 Unicast Addresses . . . . . . . . 3 4. Problems with the Definition of the ULA Scope . . . . . . . . 4 5. Practical Consequences . . . . . . . . . . . . . . . . . . . 4 5.1. Address Attributes in Programming Languages . . . . . . . 5 6. Specification Updates . . . . . . . . . . . . . . . . . . . . 5 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 8. Security Considerations . . . . . . . . . . . . . . . . . . . 7 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 10.1. Normative References . . . . . . . . . . . . . . . . . . 7 10.2. Informative References . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction Unique Local IPv6 Unicast Addresses (commonly referred to as "ULAs") [RFC4193] are formally part of the IPv6 Global Unicast address space. However, the semantics of ULAs clearly contradict the definition of "global scope" [RFC4007]. This document discussed the specification of ULAs and, in particular, of their associated scope. Additionally, it discusses how the semantics of ULAs contradicts their formal address scope along with some and practical consequences of this problematic definition. Finally, this document formally updates RFC4193 and RFC4291, such that ULAs are defined to have "local scope" (larger than link-local, and smaller than "global"). The problematic definition of ULAs was initially encountered when analyzing IPv6 address properties while working on [I-D.gont-v6ops-ipv6-addressing-considerations]. The issue became fully-evident from discussions with Brian Carpenter, both off-list and on-list [v6ops-thread]. 2. What Does 'Global Scope' mean? [RFC4007] defines the scope of an address as: "[the] topological span within which the address may be used as a unique identifier for an interface or set of interfaces" Gont Expires July 9, 2021 [Page 2] Internet-Draft ULA Scope January 2021 And defines the "global scope" to be used for: "uniquely identifying interfaces anywhere in the Internet" 3. Scope of Unique Local IPv6 Unicast Addresses [RFC4193] formally specifies Unique Local IPv6 Unicast Addresses. [RFC4193] did not formally update [RFC3513], the current IPv6 Addressing Architecture at the time [RFC4193] was published. Therefore, ULAs were specified as a different address type, but rather as part of the Global Unicast address space. [RFC3513] was eventually obsoleted by [RFC4291] (current revision of the IPv6 Addressing Architecture), but still did not formally accommodate ULAs into the IPv6 Addressing Architecture. For instance, Section 2.4 of [RFC4291] notes that the type of an IPv6 address is identified by the high-order bits of the address, as follows: Address type Binary prefix IPv6 notation Section ------------ ------------- ------------- ------- Unspecified 00...0 (128 bits) ::/128 2.5.2 Loopback 00...1 (128 bits) ::1/128 2.5.3 Multicast 11111111 FF00::/8 2.7 Link-Local unicast 1111111010 FE80::/10 2.5.6 Global Unicast (everything else) and subsequently notes that: "Future specifications may redefine one or more sub-ranges of the Global Unicast space for other purposes, but unless and until that happens, implementations must treat all addresses that do not start with any of the above-listed prefixes as Global Unicast addresses." Therefore, ULAs still formally belong to the Global Unicast address space. Additionally, Section 3.3 of [RFC4193] (the specification of Unique Local IPv6 Unicast Addresses) defines the scope of ULAs as: "By default, the scope of these addresses is global. That is, they are not limited by ambiguity like the site-local addresses defined in [ADDARCH]. Rather, these prefixes are globally unique, and as such, their applicability is greater than site-local addresses." Gont Expires July 9, 2021 [Page 3] Internet-Draft ULA Scope January 2021 4. Problems with the Definition of the ULA Scope Section 3.3 of [RFC4193] (the specification of Unique Local IPv6 Unicast Addresses) defines the scope of ULAs as: "By default, the scope of these addresses is global. That is, they are not limited by ambiguity like the site-local addresses defined in [ADDARCH]. Rather, these prefixes are globally unique, and as such, their applicability is greater than site-local addresses. Their limitation is in the routability of the prefixes, which is limited to a site and any explicit routing agreements with other sites to propagate them (also see Section 4.1). Also, unlike site-locals, a site may have more than one of these prefixes and use them at the same time." However, there is a problem in this analysis: ULA prefixes have a finite probability of being globally unique. For instance, Section 3.2.3 of [RFC4193] computes the probability of collisions *when inter-connecting a limited number of networks employing ULAs*. As such, based on the definition of "scope" and "global scope" (see Section 2), ULAs cannot possibly have a "global scope" -- their scope is certainly smaller than "global". And this non-global scope does limit the global routability of ULAs since, in principle, an address cannot be routed outside of its associated zone. The only ULAs that could possibly have "global scope" are the so- called ULA-C [I-D.ietf-ipv6-ula-central], that have so far *not* been formally specified. It should be noted that the non-global scope of ULAs does not preclude their usage for e.g. inter-site Virtual Private Networks (VPN), as discussed in Section 4.7 of [RFC4193]. For example, the private address space specified in [RFC1918] for IPv4 networks has non-global scope, but still is regularly used for inter-site VPNs. ULAs having a non-global scope simply means that while allocating "Global IDs" from a Pseudo-Random Number Generator (PRNG) reduces the probability of collisions of Global IDs *when a limited number of networks employing ULAs are interconnected*, ULA prefixes cannot be expected to be globally unique. "Global scope" would imply that all ULA prefixes in use by any networks, whether interconnected or not, are unique. 5. Practical Consequences Gont Expires July 9, 2021 [Page 4] Internet-Draft ULA Scope January 2021 5.1. Address Attributes in Programming Languages Python's ipaddress library [Python-ipaddr] defines 'IPv6Address' objects that have a number of attributes, including: o 'True' if the address is allocated for private networks. o 'True' if the address is allocated for public networks. For ULAs, the is_private attribute is 'True', while the is_global attribute is 'False'. This contradicts the definition of ULAs as having "global scope" [RFC4291] [RFC4193], but is in line with the specification update performed by this document (see Section 6). 6. Specification Updates The ultimate goal is to employ coherent terminology and definitions throughout the relevant protocol specifications. Probably the only option to achieve this goal is update the definition of ULAs as having "local scope", with "local scope" defined as "larger than link-local, and smaller than global" (based on ULAs being defined as "local addresses"). o [TBD: Analyze possible implications on Default Address Selection for Internet Protocol Version 6 (IPv6) [RFC6724].] The following table from Section 2.4 of [RFC4291]: ---- cut here ---- Address type Binary prefix IPv6 notation Section ------------ ------------- ------------- ------- Unspecified 00...0 (128 bits) ::/128 2.5.2 Loopback 00...1 (128 bits) ::1/128 2.5.3 Multicast 11111111 FF00::/8 2.7 Link-Local unicast 1111111010 FE80::/10 2.5.6 Global Unicast (everything else) ---- cut here ---- is replaced with: Gont Expires July 9, 2021 [Page 5] Internet-Draft ULA Scope January 2021 ---- cut here ---- Address type Binary prefix IPv6 notation Reference ------------ ------------- ------------- --------- Unspecified 00...0 (128 bits) ::/128 Sec. 2.5.2 Loopback 00...1 (128 bits) ::1/128 Sec. 2.5.3 Unique Local unicast 1111110 FC00::/7 [RFC4193] Multicast 11111111 FF00::/8 Sec. 2.7 Link-Local unicast 1111111010 FE80::/10 Sec. 2.5.6 Global Unicast (everything else) ---- cut here ---- The following text from Section 3.3 of [RFC4193]: ---- cut here ---- By default, the scope of these addresses is global. That is, they are not limited by ambiguity like the site-local addresses defined in [ADDARCH]. Rather, these prefixes are globally unique, and as such, their applicability is greater than site-local addresses. Their limitation is in the routability of the prefixes, which is limited to a site and any explicit routing agreements with other sites to propagate them (also see Section 4.1). Also, unlike site-locals, a site may have more than one of these prefixes and use them at the same time. ---- cut here ---- is replaced with: ---- cut here ---- The scope of these addresses is 'local', defined to be 'larger than link-local, but smaller than global'. Their limitation is in the routability of the prefixes, generally limited by any explicit routing agreements with other autonomous systems (ASes) to propagate them, and normally limited by the Default-Free Zone (DFZ) (also see Section 4.1). ---- cut here ---- 7. IANA Considerations The IANA is instructed to update the "IANA IPv6 Special-Purpose Address Registry" [IANA-ADDR-REG] by adding a "[RFCXXXX]" to the "RFC" column corresponding to the "fc00::/7" address block. Additionally, the following footnote: [4] See [RFC4193] for more details on the routability of Unique- Local addresses. The Unique-Local prefix is drawn from the IPv6 Global Unicast Address range, but is specified as not globally routed. Gont Expires July 9, 2021 [Page 6] Internet-Draft ULA Scope January 2021 must be replaced with: [4] See [RFC4193] for more details on the routability of Unique- Local addresses, and [RFCXXXX] for details on the scope of Unique- Local addresses. NOTE: [RFCXXXX] represents the RFC number assigned by the RFC Editor upon publication of this document as an RFC. 8. Security Considerations This document does not introduce any new security considerations. 9. Acknowledgements Fernando Gont would like to thank Brian Carpenter and Bob Hinden, for providing valuable comments on earlier versions of this document. Fernando Gont would like to thank Brian Carpenter for his end-less help, and for the discussion that eventually led to this document. 10. References 10.1. Normative References [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., and E. Lear, "Address Allocation for Private Internets", BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996, . [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and B. Zill, "IPv6 Scoped Address Architecture", RFC 4007, DOI 10.17487/RFC4007, March 2005, . [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast Addresses", RFC 4193, DOI 10.17487/RFC4193, October 2005, . [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, DOI 10.17487/RFC4291, February 2006, . [RFC8190] Bonica, R., Cotton, M., Haberman, B., and L. Vegoda, "Updates to the Special-Purpose IP Address Registries", BCP 153, RFC 8190, DOI 10.17487/RFC8190, June 2017, . Gont Expires July 9, 2021 [Page 7] Internet-Draft ULA Scope January 2021 10.2. Informative References [I-D.gont-v6ops-ipv6-addressing-considerations] Gont, F. and G. Gont, "IPv6 Addressing Considerations", draft-gont-v6ops-ipv6-addressing-considerations-00 (work in progress), December 2020. [I-D.ietf-ipv6-ula-central] Hinden, R., "Centrally Assigned Unique Local IPv6 Unicast Addresses", draft-ietf-ipv6-ula-central-02 (work in progress), June 2007. [IANA-ADDR-REG] IANA, "IANA IPv6 Special-Purpose Address Registry", . [Python-ipaddr] Python 3.3, "ipaddress -- IPv4/IPv6 manipulation library", . [RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6) Addressing Architecture", RFC 3513, DOI 10.17487/RFC3513, April 2003, . [RFC6724] Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown, "Default Address Selection for Internet Protocol Version 6 (IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012, . [v6ops-thread] v6ops wg, "[v6ops] I-D Action: draft-gont-v6ops-ipv6- addressing-considerations-00.txt", email thread on the v6ops wg mailing-list, 2020, . Author's Address Fernando Gont SI6 Networks Segurola y Habana 4310, 7mo Piso Villa Devoto, Ciudad Autonoma de Buenos Aires Argentina Email: fgont@si6networks.com URI: https://www.si6networks.com Gont Expires July 9, 2021 [Page 8]