| < draft-vegoda-no-more-unallocated-slash8s-00.txt | draft-vegoda-no-more-unallocated-slash8s-01.txt > | |||
|---|---|---|---|---|
| Network Working Group L. Vegoda | Network Working Group L. Vegoda | |||
| Internet-Draft ICANN | Internet-Draft ICANN | |||
| Intended status: BCP February 3, 2011 | Intended status: BCP February 18, 2011 | |||
| Expires: August 7, 2011 | Expires: August 22, 2011 | |||
| Time to Remove Filters for Previously Unallocated IPv4 /8s | Time to Remove Filters for Previously Unallocated IPv4 /8s | |||
| draft-vegoda-no-more-unallocated-slash8s-00 | draft-vegoda-no-more-unallocated-slash8s-01 | |||
| Abstract | Abstract | |||
| It has been common for network administrators to filter IP traffic | It has been common for network administrators to filter IP traffic | |||
| from unallocated IPv4 address space. Now that there are no longer | coming from unallocated IPv4 address space. Now that there are no | |||
| any unallocated IPv4 /8s, this practise is more complicated, fragile | longer any unallocated IPv4 /8s, this practise is more complicated, | |||
| and expensive. Network administrators are advised to remove filters | fragile and expensive. Network administrators are advised to remove | |||
| based on the registration status of the address space. | filters based on the registration status of the address space. | |||
| This document explains why any remaining filters for unallocated IPv4 | This document explains why any remaining filters for unallocated IPv4 | |||
| /8s should now be removed and documents those IPv4 unicast prefixes | /8s should now be removed on border routers and documents those IPv4 | |||
| that should not be routed across the public Internet. | unicast prefixes that should not be routed across the public | |||
| Internet. | ||||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 6, 2011. | This Internet-Draft will expire on August 22, 2011. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2011 IETF Trust and the persons identified as the | Copyright (c) 2011 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 8 ¶ | skipping to change at page 3, line 8 ¶ | |||
| 4. Prefixes That Should Not be Routed Across the Internet . . . . 4 | 4. Prefixes That Should Not be Routed Across the Internet . . . . 4 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 7. Normative References . . . . . . . . . . . . . . . . . . . . . 5 | 7. Normative References . . . . . . . . . . . . . . . . . . . . . 5 | |||
| Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 5 | Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 5 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 5 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 1. Introduction | 1. Introduction | |||
| It has been common for network administrators to filter IP traffic | It has been common for network administrators to filter IP traffic | |||
| from unallocated IPv4 address space. Now that there are no longer | coming from unallocated IPv4 address space. Now that there are no | |||
| any unallocated IPv4 /8s, this practise is more complicated, fragile | longer any unallocated IPv4 /8s, this practise is more complicated, | |||
| and expensive. Network administrators are advised to remove filters | fragile and expensive. Network administrators are advised to remove | |||
| based on the registration status of the address space. | filters based on the registration status of the address space. | |||
| This document explains why any remaining filters for unallocated IPv4 | This document explains why any remaining filters for unallocated IPv4 | |||
| /8s should now be removed and documents those IPv4 unicast prefixes | /8s should now be removed on border routers and documents those IPv4 | |||
| that should not be routed across the public Internet. | unicast prefixes that should not be routed across the public | |||
| Internet. | ||||
| 2. Terminology | 2. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in BCP 14, RFC 2119 | document are to be interpreted as described in BCP 14, RFC 2119 | |||
| [RFC2119]. | [RFC2119]. | |||
| 3. Traffic Filtering Options | 3. Traffic Filtering Options | |||
| 3.1. No Longer Filtering Based on Address Registration Status | 3.1. No Longer Filtering Based on Address Registration Status | |||
| Network administrators who implemented filters for unallocated IPv4 | Network administrators who implemented filters for unallocated IPv4 | |||
| /8s did so in the knowledge that those /8s were not a legitimate | /8s did so in the knowledge that those /8s were not a legitimate | |||
| source of traffic on the Internet and that there was a small number | source of traffic on the Internet and that there was a small number | |||
| of filters to implement. Now that there are no longer any | of filters to implement. Now that there are no longer any | |||
| unallocated unicast IPv4 /8s, there will be legitimate Internet | unallocated unicast IPv4 /8s, there will be legitimate Internet | |||
| traffic from all unicast /8s that are not reserved for special | traffic coming from all unicast /8s that are not reserved for special | |||
| purposes in an RFC. | purposes in an RFC. | |||
| Removing filters based on the registration status of the IPv4 address | Removing ingress filters based on the registration status of the IPv4 | |||
| is a simple approach that will avoid blocking legitimate Internet | address is a simple approach that will avoid blocking legitimate | |||
| traffic. | Internet traffic. | |||
| 3.2. Continuing to Filter Traffic from Unallocated IPv4 Space | 3.2. Continuing to Filter Traffic from Unallocated IPv4 Space | |||
| Some network administrators might want to continue filtering | Some network administrators might want to continue filtering | |||
| unallocated IPv4 addresses managed by the Regional Internet | unallocated IPv4 addresses managed by the Regional Internet | |||
| Registries. This requires significantly more granular filters and | Registries (RIRs). This requires significantly more granular ingress | |||
| those filters need to be updated on a daily basis to avoid blocking | filters and the highly dynamic nature of the RIRs' address pools | |||
| legitimate traffic. | means that filters need to be updated on a daily basis to avoid | |||
| blocking legitimate incoming traffic. | ||||
| 4. Prefixes That Should Not be Routed Across the Internet | 4. Prefixes That Should Not be Routed Across the Internet | |||
| Network operators who only wish to filter traffic originating from | Network operators who only wish to filter traffic originating from | |||
| addresses that should never be routed across the Internet can deploy | addresses that should never be routed across the Internet can deploy | |||
| a set of filters designed to block traffic from address blocks | a set of ingress filters designed to block traffic from address | |||
| reserved for special purposes. These are: | blocks reserved for special purposes. These are: | |||
| - 0.0.0.0/8 (Local identification) [RFC1122]; | - 0.0.0.0/8 (Local identification) [RFC1122]; | |||
| - 10.0.0.0/8 (Private use) [RFC1918]; | - 10.0.0.0/8 (Private use) [RFC1918]; | |||
| - 127.0.0.0/8 (Loopback) [RFC1122]; | - 127.0.0.0/8 (Loopback) [RFC1122]; | |||
| - 169.254.0.0/16 (Link local) [RFC3927]; | - 169.254.0.0/16 (Link local) [RFC3927]; | |||
| - 172.16.0.0/12 (Private use) [RFC1918]; | - 172.16.0.0/12 (Private use) [RFC1918]; | |||
| skipping to change at page 5, line 42 ¶ | skipping to change at page 5, line 42 ¶ | |||
| [RFC5771] Cotton, M., Vegoda, L., and D. Meyer, "IANA Guidelines for | [RFC5771] Cotton, M., Vegoda, L., and D. Meyer, "IANA Guidelines for | |||
| IPv4 Multicast Address Assignments", BCP 51, RFC 5771, | IPv4 Multicast Address Assignments", BCP 51, RFC 5771, | |||
| March 2010. | March 2010. | |||
| Appendix A. Acknowledgments | Appendix A. Acknowledgments | |||
| Thanks are owed to Kim Davies, Terry Manderson, Dave Piscitello and | Thanks are owed to Kim Davies, Terry Manderson, Dave Piscitello and | |||
| Joe Abley for helpful advice on how to focus this document. Thanks | Joe Abley for helpful advice on how to focus this document. Thanks | |||
| also go to Andy Davidson, Philip Smith and Rob Thomas for early | also go to Andy Davidson, Philip Smith and Rob Thomas for early | |||
| reviews and suggestions for improvements to the text. | reviews and suggestions for improvements to the text and Carlos | |||
| Pignataro for his support and comments. | ||||
| Author's Address | Author's Address | |||
| Leo Vegoda | Leo Vegoda | |||
| Internet Corporation for Assigned Names and Numbers | Internet Corporation for Assigned Names and Numbers | |||
| 4676 Admiralty Way, Suite 330 | 4676 Admiralty Way, Suite 330 | |||
| Marina del Rey, CA 90292 | Marina del Rey, CA 90292 | |||
| United States of America | United States of America | |||
| Phone: +1-310-823-9358 | Phone: +1-310-823-9358 | |||
| End of changes. 12 change blocks. | ||||
| 26 lines changed or deleted | 30 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||