idnits 2.17.1 draft-carpenter-6man-ug-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC4291, updated by this document, for RFC5378 checks: 2003-10-10) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 21, 2013) is 4081 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5342 (Obsoleted by RFC 7042) == Outdated reference: A later version (-17) exists of draft-ietf-6man-stable-privacy-addresses-03 == Outdated reference: A later version (-10) exists of draft-ietf-softwire-4rd-04 -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) -- Obsolete informational reference (is this intentional?): RFC 4941 (Obsoleted by RFC 8981) Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6MAN B. Carpenter 3 Internet-Draft Univ. of Auckland 4 Updates: 4291 (if approved) S. Jiang 5 Intended status: Standards Track Huawei Technologies Co., Ltd 6 Expires: August 25, 2013 February 21, 2013 8 The U and G bits in IPv6 Interface Identifiers 9 draft-carpenter-6man-ug-01 11 Abstract 13 The IPv6 addressing architecture defines a method by which the 14 Universal and Group bits of an IEEE link-layer address are mapped 15 into an IPv6 unicast interface identifier. This document clarifies 16 the status of those bits for interface identifiers that are not 17 derived from an IEEE link-layer address, and updates RFC 4291 18 accordingly. 20 Status of this Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on August 25, 2013. 37 Copyright Notice 39 Copyright (c) 2013 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 55 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Problem statement . . . . . . . . . . . . . . . . . . . . . . . 3 57 3. Usefulness of the U and G Bits . . . . . . . . . . . . . . . . 5 58 4. Clarification of Specifications . . . . . . . . . . . . . . . . 6 59 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 60 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 61 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 62 8. Change log [RFC Editor: Please remove] . . . . . . . . . . . . 7 63 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 64 9.1. Normative References . . . . . . . . . . . . . . . . . . . 7 65 9.2. Informative References . . . . . . . . . . . . . . . . . . 8 66 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 68 1. Introduction 70 According to the IPv6 addressing architecture [RFC4291], when a 64- 71 bit IPv6 unicast Interface Identifier (IID) is formed on the basis of 72 an IEEE EUI-64 address, usually itself expanded from a 48-bit MAC 73 address, a particular format must be used: 75 "For all unicast addresses, except those that start with the binary 76 value 000, Interface IDs are required to be 64 bits long and to be 77 constructed in Modified EUI-64 format." 79 The specification assumes that that the normal case is to transform 80 an Ethernet-style address into an IID, preserving the information 81 provided by two bits in particular: 83 o The "u" bit in an IEEE address is set to 0 to indicate universal 84 scope (implying uniqueness) or to 1 to indicate local scope 85 (without implying uniqueness). In an IID this bit is inverted, 86 i.e., 1 for universal scope and 0 for local scope. According to 87 [RFC5342], the reason for this was "to make it easier for network 88 operators to type in local-scope identifiers". 89 o The "g" bit in an IEEE address is set to 1 to indicate group 90 addressing (link-layer multicast). The value of this bit is 91 preserved in an IID. 93 This document discusses problems observed with the "u" and "g" bits 94 as a result of the above requirements. It then discusses the 95 usefulness of the two bits, and updates RFC 4291 accordingly. 97 1.1. Terminology 99 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 100 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 101 document are to be interpreted as described in [RFC2119]. 103 2. Problem statement 105 In addition to IIDs formed from IEEE EUI-64 addresses, various new 106 forms of IID have been defined or proposed, such as temporary 107 addresses [RFC4941], Cryptographically Generated Addresses (CGAs) 108 [RFC3972], Hash-Based Addresses (HBAs) [RFC5535], stable privacy 109 addresses [I-D.ietf-6man-stable-privacy-addresses], or mapped 110 addresses for 4rd [I-D.ietf-softwire-4rd]. In each case, the 111 question of how to set the "u" and "g" bits has to be decided. For 112 example, RFC 3972 specifies that they are both zero in CGAs, and the 113 same applies to HBAs. On the other hand, RFC 4941 specifies that "u" 114 must be zero but leaves "g" variable. 116 Another case where the "u" and "g" bits are specified is in the 117 Reserved IPv6 Subnet Anycast Address format [RFC2526], which states 118 that "for interface identifiers in EUI-64 format, the universal/local 119 bit in the interface identifier MUST be set to 0" (i.e., local) and 120 requires that "g" bit to be set to 1. However, the text neither 121 states nor implies any semantics for these bits in anycast addresses. 123 These cases illustrate that the statement quoted above from RFC 4291 124 requiring "Modified EUI-64 format" is rather meaningless when applied 125 to forms of IID that are not in fact based on an underlying EUI-64 126 address. In practice, the IETF has chosen to assign some 64-bit IIDs 127 that have nothing to do with EUI-64. 129 A particular case is that of /127 prefixes for point-to-point links 130 between routers, as standardised by [RFC6164]. The addresses on 131 these links are undoubtedly global unicast addresses, but they do not 132 have a 64-bit IID. The bits in the positions named "u" and "g" in 133 such an IID have no special significance and their values are not 134 specified. 136 Each time a new IID format is proposed, the question arises whether 137 these bits have any meaning. Section 2.2.1 of RFC 5342 discusses the 138 mechanics of the bit allocations but does not explain the purpose or 139 usefulness of these bits in an IID. There is an IANA registry for 140 reserved IID values [RFC5453] but again there is no explanation of 141 the purpose of the "u" and "g" bits. 143 There was a presumption when IPv6 was designed and the IID format was 144 first specified that a universally unique IID might prove to be very 145 useful, for example to contribute to solving the multihoming problem. 146 Indeed, the addressing architecture [RFC4291] states this explicitly: 148 "The use of the universal/local bit in the Modified EUI-64 format 149 identifier is to allow development of future technology that can take 150 advantage of interface identifiers with universal scope." 152 However, this has not so far proved to be the case. Also, there is 153 evidence from the field that IEEE MAC addresses with "u" = 0 are 154 sometime incorrectly assigned to multiple MAC interfaces. Firstly, 155 there are recurrent reports of manufacturers assigning the same MAC 156 address to multiple devices. Secondly, significant re-use of the 157 same virtual MAC address is reported in virtual machine environments. 158 Once transformed into IID format (with "u" = 1) these identifiers 159 would purport to be universally unique but would in fact be 160 ambiguous. This has no known harmful effect as long as the 161 replicated MAC addresses and IIDs are used on different layer 2 162 links. If they are used on the same link, of course there will be a 163 problem, to be detected by duplicate address detection [RFC4862], but 164 such a problem can usually only be resolved by human intervention. 166 The conclusion from this is that the "u" bit is not a reliable 167 indicator of universal uniqueness. 169 We note that Identifier-Locator Network Protocol (ILNP), a 170 multihoming solution that might be expected to benefit from 171 universally unique IIDs in modified EUI-64 format, does not in fact 172 rely on them. ILNP uses its own format, defined as a Node Identifier 173 [RFC6741]. ILNP does have the constraint that Node Identifiers must 174 be unique within a given site, but as we have just shown, the state 175 of the "u" bit does not in any way guarantee this. 177 Thus, we can conclude that the value of the "u" bit in IIDs has no 178 particular meaning. In the case of an IID created from a MAC address 179 according to RFC 4291, its value is determined by the MAC address, 180 but that is all. 182 An IPv6 IID should not be created from a MAC group address, so the 183 "g" bit will normally be zero, but this value also has no particular 184 meaning. Additionally, the "u" and the "g" bits are both meaningless 185 in the format of an IPv6 multicast group ID [RFC3306], [RFC3307]. 187 None of the above implies that there is a problem with using the "u" 188 and "g" bits in MAC addresses as part of the process of generating 189 IIDs from MAC addresses, or with specifying their values in other 190 methods of generating IIDs. What it does imply is that, after an IID 191 is generated by any method, no reliable deductions can be made from 192 the state of the "u" and "g" bits; in other words, these bits have no 193 useful semantics in an IID. 195 Once this is recognised, we can avoid the problematic confusion 196 caused by these bits each time that a new form of IID is proposed. 198 3. Usefulness of the U and G Bits 200 Given that the "u" and "g" bits do not have a reliable meaning in an 201 IID, it is relevant to consider what usefulness they do have. 203 If an IID is known or guessed to have been created according to RFC 204 4291, it could be transformed back into a MAC address. This can be 205 very helpful during operational fault diagnosis. For that reason, 206 mapping the IEEE "u" and "g" bits into the IID has operational 207 usefulness. However, it should be stressed that "u" = "g" = 0 does 208 not prove that an IID was formed from a MAC address; on the contrary, 209 it might equally result from another method. With other methods, 210 there is no reverse transformation available. 212 To the extent that each method of IID creation specifies the values 213 of the "u" and "g" bits, and that each new method is carefully 214 designed in the light of its predecessors, these bits tend to reduce 215 the chances of duplicate IIDs. 217 4. Clarification of Specifications 219 This section describes clarifications to the IPv6 specifications that 220 result from the above discussion. Their aim is to reduce confusion 221 while retaining the useful aspects of the "u" and "g" bits in IIDs. 223 The EUI-64 to IID transformation defined in the IPv6 addressing 224 architecture [RFC4291] MUST be used for all cases where an IPv6 IID 225 is derived from an IEEE MAC or EUI-64 address. With any other form 226 of link layer address, an equivalent transformation SHOULD be used. 227 However, the resulting "u" and "g" bits in an IID have no semantics; 228 in other words, they have opaque values. In fact, the whole IID 229 should be viewed as opaque by third parties. 231 Specifications of other forms of 64-bit IID will either specify 232 explicitly how the "u" and "g" bits are set, or will simply include 233 them as part of a field within the IID. In either case, a semantic 234 meaning for these bits MUST NOT be defined. 236 In the following statement in section 2.5.1 of the IPv6 addressing 237 architecture [RFC4291], the reference to "Modified EUI-64 format" 238 applies only to cases where there is an underlying IEEE address: 240 "For all unicast addresses, except those that start with the binary 241 value 000, Interface IDs are required to be 64 bits long and to be 242 constructed in Modified EUI-64 format." 244 The following statement in section 2.5.1 of the IPv6 addressing 245 architecture [RFC4291] is hereby obsoleted: 247 "The use of the universal/local bit in the Modified EUI-64 format 248 identifier is to allow development of future technology that can take 249 advantage of interface identifiers with universal scope." 251 As far as is known, no existing implementation will be affected by 252 these changes. The benefit is that future design discussions are 253 simplified. 255 5. Security Considerations 257 No new security exposures or issues are raised by this document. 259 6. IANA Considerations 261 This document requests no immediate action by IANA. However, the 262 following should be noted when considering future proposed additions 263 to the registry of reserved IID values, which requires Standards 264 Action according to [RFC5453]. A reserved IID, or a range of 265 reserved IIDs, will most likely specify values for both "u" and "g", 266 since they are among the high-order bits. At the present time, none 267 of the known methods of generating IIDs will generate "u" = "g" = 1. 268 Reserved IIDs with "u" = "g" = 1 are therefore unlikely to collide 269 with automatically generated IIDs. 271 7. Acknowledgements 273 Valuable comments were received from Remi Despres, Fernando Gont, 274 Brian Haberman, Joel Halpern, Ray Hunter, Mark Smith, and other 275 participants in the 6MAN working group. 277 Brian Carpenter was a visitor at the Computer Laboratory, Cambridge 278 University during part of this work. 280 This document was produced using the xml2rfc tool [RFC2629]. 282 8. Change log [RFC Editor: Please remove] 284 draft-carpenter-6man-ug-01: numerous clarifications following WG 285 comments, discussed DAD, added new section on the usefulness of the 286 u/g bits, expanded IANA considerations, set intended status, 287 2013-02-21. 289 draft-carpenter-6man-ug-00: original version, 2013-01-31. 291 9. References 293 9.1. Normative References 295 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 296 Requirement Levels", BCP 14, RFC 2119, March 1997. 298 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 299 Architecture", RFC 4291, February 2006. 301 [RFC5342] Eastlake, D., "IANA Considerations and IETF Protocol Usage 302 for IEEE 802 Parameters", BCP 141, RFC 5342, 303 September 2008. 305 [RFC5453] Krishnan, S., "Reserved IPv6 Interface Identifiers", 306 RFC 5453, February 2009. 308 9.2. Informative References 310 [I-D.ietf-6man-stable-privacy-addresses] 311 Gont, F., "A method for Generating Stable Privacy-Enhanced 312 Addresses with IPv6 Stateless Address Autoconfiguration 313 (SLAAC)", draft-ietf-6man-stable-privacy-addresses-03 314 (work in progress), January 2013. 316 [I-D.ietf-softwire-4rd] 317 Jiang, S., Despres, R., Penno, R., Lee, Y., Chen, G., and 318 M. Chen, "IPv4 Residual Deployment via IPv6 - a Stateless 319 Solution (4rd)", draft-ietf-softwire-4rd-04 (work in 320 progress), October 2012. 322 [RFC2526] Johnson, D. and S. Deering, "Reserved IPv6 Subnet Anycast 323 Addresses", RFC 2526, March 1999. 325 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 326 June 1999. 328 [RFC3306] Haberman, B. and D. Thaler, "Unicast-Prefix-based IPv6 329 Multicast Addresses", RFC 3306, August 2002. 331 [RFC3307] Haberman, B., "Allocation Guidelines for IPv6 Multicast 332 Addresses", RFC 3307, August 2002. 334 [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", 335 RFC 3972, March 2005. 337 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 338 Address Autoconfiguration", RFC 4862, September 2007. 340 [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy 341 Extensions for Stateless Address Autoconfiguration in 342 IPv6", RFC 4941, September 2007. 344 [RFC5535] Bagnulo, M., "Hash-Based Addresses (HBA)", RFC 5535, 345 June 2009. 347 [RFC6164] Kohno, M., Nitzan, B., Bush, R., Matsuzaki, Y., Colitti, 348 L., and T. Narten, "Using 127-Bit IPv6 Prefixes on Inter- 349 Router Links", RFC 6164, April 2011. 351 [RFC6741] Atkinson,, RJ., "Identifier-Locator Network Protocol 352 (ILNP) Engineering Considerations", RFC 6741, 353 November 2012. 355 Authors' Addresses 357 Brian Carpenter 358 Department of Computer Science 359 University of Auckland 360 PB 92019 361 Auckland, 1142 362 New Zealand 364 Email: brian.e.carpenter@gmail.com 366 Sheng Jiang 367 Huawei Technologies Co., Ltd 368 Q14, Huawei Campus 369 No.156 Beiqing Road 370 Hai-Dian District, Beijing 100095 371 P.R. China 373 Email: jiangsheng@huawei.com