idnits 2.17.1 draft-hinden-ipv6-global-local-addr-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 4 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC 2119' is mentioned on line 69, but not defined == Missing Reference: 'ADDRARCH' is mentioned on line 261, but not defined == Unused Reference: 'RFC2026' is defined on line 528, but no explicit reference was found in the text == Unused Reference: 'RFC2119' is defined on line 531, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'GLOBAL' ** Obsolete normative reference: RFC 2460 (ref. 'IPV6') (Obsoleted by RFC 8200) ** Downref: Normative reference to an Informational RFC: RFC 1321 (ref. 'MD5DIG') ** Obsolete normative reference: RFC 1305 (ref. 'NTP') (Obsoleted by RFC 5905) -- Possible downref: Non-RFC (?) normative reference: ref. 'POPUL' ** Obsolete normative reference: RFC 1750 (ref. 'RANDOM') (Obsoleted by RFC 4086) ** Obsolete normative reference: RFC 2462 (ref. 'ADDAUTO') (Obsoleted by RFC 4862) -- Possible downref: Non-RFC (?) normative reference: ref. 'DHCP6' ** Obsolete normative reference: RFC 3484 (ref. 'ADDSEL') (Obsoleted by RFC 6724) Summary: 12 errors (**), 0 flaws (~~), 5 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT R. Hinden, Nokia 2 June 29, 2003 Brian Haberman, Caspian 4 Unique Local IPv6 Unicast Addresses 6 8 Status of this Memo 10 This document is an Internet-Draft and is in full conformance with 11 all provisions of Section 10 of RFC2026. Internet-Drafts are working 12 documents of the Internet Engineering Task Force (IETF), its areas, 13 and its working groups. Note that other groups may also distribute 14 working documents as Internet-Drafts. 16 Internet-Drafts are draft documents valid for a maximum of six months 17 and may be updated, replaced, or obsoleted by other documents at any 18 time. It is inappropriate to use Internet- Drafts as reference 19 material or to cite them other than as "work in progress." 21 To view the list Internet-Draft Shadow Directories, see 22 http://www.ietf.org/shadow.html. 24 This internet draft expires on January 5, 2004. 26 Abstract 28 This document defines an unicast address format that is globally 29 unique and is intended for local communications, usually inside of a 30 site. They are not expected to be routable on the global Internet 31 given current routing technology. 33 1.0 Introduction 35 This document defines an IPv6 unicast address format that is globally 36 unique and is intended for local communications [IPV6]. These 37 addresses are called Unique Local IPv6 Unicast Addresses and are 38 abbreviated in this document as Local IPv6 addresses. They are not 39 expected to be routable on the global Internet given current routing 40 technology. They are routable inside of a more limited area such as 41 a site. They may also be routed between a limited set of sites. 43 Local IPv6 unicast addresses have the following characteristics: 45 - Globally unique prefix. 46 - Well known prefix to allow for easy filtering at site 47 boundaries. 48 - Allows sites to be combined or privately interconnected without 49 creating any address conflicts or require renumbering of 50 interfaces using these prefixes. 51 - Internet Service Provider independent and can be used for 52 communications inside of a site without having any permanent or 53 intermittent Internet connectivity. 54 - If accidentally leaked outside of a site via routing or DNS, 55 there is no conflict with any other addresses. 56 - In practice, applications may treat these address like global 57 scoped addresses. 58 - These addresses are also candidates for end-to-end use in some 59 classes of multihoming solutions. 61 This document defines the format of Local IPv6 addresses, how to 62 allocate them, and usage considerations including routing, site 63 border routers, DNS, application support, VPN usage, and guidelines 64 for how to use for local communication inside a site. 66 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 67 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 68 document are to be interpreted as described in [RFC 2119]. 70 2.0 Acknowledgments 72 The underlying idea of creating Local IPv6 addresses describe in this 73 document been proposed a number of times by a variety of people. The 74 authors of this draft do not claim exclusive credit. Credit goes to 75 Brian Carpenter, Christian Huitema, Aidan Williams, Andrew White, 76 Michel Py, Charlie Perkins, and many others. The authors would also 77 like to thank Brian Carpenter, Charlie Perkins, Harald Alvestrand, 78 Keith Moore, Margaret Wasserman, Michel Py, and Shannon Behrens for 79 their comments and suggestions on this draft. 81 3.0 Local IPv6 Unicast Addresses 83 3.1 Format 85 The Local IPv6 addresses are created using a centrally allocated 86 global ID. They have the following format: 88 | n | 89 | bits | m bits | 16 bits | 64 bits | 90 +--------+------------+-----------+-----------------------------+ 91 | prefix | global ID | subnet ID | interface ID | 92 +--------+------------+-----------+-----------------------------+ 94 Where: 96 prefix prefix to identify Local IPv6 unicast addresses. 98 global ID global identifier used to create a globally 99 unique prefix. See section 3.2 for additional 100 information. 102 subnet ID 16-bit subnet ID is an identifier of a subnet 103 within the site. 105 interface ID 64-bit IID as defined in [ADDARCH]. 107 There are a range of choices available when choosing the size of the 108 prefix and Global ID field length. There is a direct tradeoff 109 between having a Global ID field large enough to support foreseeable 110 future growth and not using too much of the IPv6 address space 111 needlessly. A reasonable way of evaluating a specific field length 112 is to compare it to a projected 2050 world population of 9.3 billion 113 [POPUL] to compare the number of resulting /48 prefixes per person. 114 A range of prefix choices is shown in the following table: 116 Prefix Global ID Number /48 Prefixes % of IPv6 117 Length Prefixes per Person Address Space 119 /11 37 137,438,953,472 15 0.049% 120 /10 38 274,877,906,944 30 0.098% 121 /9 39 549,755,813,888 59 0.195% 122 /8 40 1,099,511,627,776 118 0.391% 123 /7 41 2,199,023,255,552 236 0.781% 124 /6 42 4,398,046,511,104 473 1.563% 126 A very high utilization ratio of these allocations can be assumed 127 because no internal structure is required in the field nor is there 128 any reason to be able to aggregate the prefixes. 130 The authors believes that a /7 prefix resulting in a 41 bit Global ID 131 is a good choice. It provides for a large number of assignments 132 (i.e., 2.2 trillion) and at the same time uses less than .8% of the 133 total IPv6 address space. It is unlikely that this space will be 134 exhausted. If more than this was needed, then additional IPv6 135 address space could be allocated for this purpose. 137 For the rest of this document the FC00::/7 prefix and a 41-bit Global 138 ID is used. 140 3.2 Global ID 142 The allocation of global IDs should be pseudo-random [RANDOM]. They 143 should not be assigned sequentially or with well known numbers. This 144 to ensure that there is not any relationship between allocations and 145 to help clarify that these prefixes are not intended to be routed 146 globally. Specifically, these prefixes are designed to not 147 aggregate. 149 There are two ways to allocate Global IDs. These are centrally by a 150 allocation authority and locally by the site. The Global ID is split 151 into two parts for each type of allocation. The prefixes for each 152 type are: 154 FC00::/8 Centrally assigned 155 FD00::/8 Locally assigned 157 Each results in a 40-bit space to allocate. 159 Two assignment methods are included because they have different 160 properties. The centrally assigned global IDs have a much higher 161 probability that they are unique and the assignments can be escrowed 162 to resolve any disputes regarding duplicate assignments. The local 163 assignments are free and do not need any central coordination or 164 assignment, but have a lower (but still adequate) probability of 165 being unique. It is expected that large managed sites will prefer 166 central assignments and small or disconnected sites will prefer local 167 assignments. Sites are free to choice either approach. 169 3.2.1 Centrally Assigned Global IDs 171 Centrally assigned global IDs MUST be generated with a pseudo-random 172 algorithm consistent with [RANDOM]. They should not be assigned 173 sequentially or by locality. This to ensure that there is not any 174 relationship between allocations and to help clarify that these 175 prefixes are not intended to be routed globally. Specifically, these 176 prefixes are designed to not aggregate. 178 Global IDs should be assigned centrally by a single allocation 179 authority because they are pseudo-random and without any structure. 180 This is easiest to accomplish if there is a single source of the 181 assignments. 183 The requirements for centrally assigned global ID allocations are: 185 - Available to anyone in an unbiased manner. 186 - Permanent with no periodic fees. 187 - One time non-refundable allocation fee in the order of 10 Euros 188 per allocation. 189 - The ownership of each individual allocation should be private, 190 but should be escrowed. 192 The allocation authority should permit allocations to be obtained 193 without having any sort of internet connectivity. For example in 194 addition to web based registration they should support some methods 195 like telephone, postal mail, fax, telex, etc. They should also 196 accept a variety of payment methods and currencies. 198 The reason for the one time 10 Euro charge for each prefix is to 199 provide a barrier to any hoarding of the these allocations but at the 200 same time keep the cost low enough to not create a barrier to anyone 201 needing one. The charge is non-refundable in order to keep overhead 202 low. 204 The ownership of the allocations is not needed to be public since the 205 resulting addresses are intended to be used for local communication. 206 It is escrowed to insure there are no duplicate allocations and in 207 case it is needed in the future (e.g., to resolve duplicate 208 allocation disputes). 210 An example of a allocation authority is a non-profit organization 211 such as the Public Internet Registry (PIR) that the Internet Society 212 has created to manage the .org domain. They already know how to 213 collect small sums efficiently and there are safeguards in place for 214 the appropriate use of any excess revenue generated. 216 Note, there are many possible ways of of creating an allocation 217 authority. It is important to keep in mind when reviewing 218 alternatives that the goal is to pick one that can do the job. It 219 doesn't have to be perfect, only good enough to do the job at hand. 220 The authors believe that PIR shows that this requirement can be 221 satisfied, but this draft does not specifically recommend the PIR. 223 3.2.2 Locally Assigned Global IDs 225 Global IDs can also be generated locally by an individual site. This 226 makes it easy to get a prefix with out the need to contact an 227 assignment authority or internet service provider. There is not as 228 high a degree of assurance that the prefix will not conflict with 229 another locally generated prefix, but the likelihood of conflict is 230 small. Sites that are not comfortable with this degree of 231 uncertainty should use a centrally assigned global ID. 233 Locally assigned global IDs MUST be generated with a pseudo-random 234 algorithm consistent with [RANDOM]. Section 3.2.3 describes a 235 suggested algorithm. It is important to insure a reasonable 236 likelihood uniqueness that all sites generating a Global IDs use a 237 functionally similar algorithm. 239 3.2.3 Sample Code for Pseudo-Random Global ID Algorithm 241 The algorithm described below is intended to be used for centrally 242 and locally assigned Global IDs. In each case the resulting global 243 ID will be used in the appropriate prefix as defined in section 3.2. 245 1) Obtain the current time of day in 64-bit NTP format [NTP]. 246 2) Obtain the birth date of the person running the algorithm (or 247 one of his/her descendants or ancestors) in 64-bit NTP format. 248 3) Concatenate the time of day with the birth date resulting in a 249 128-bit value (i.e., TOD, Birthday). 250 4) Compute an MD5 digest on the 128-bit value as specified in 251 [MD5DIG]. 252 5) Use the least significant 40 bits as the Global ID. 254 This algorithm will result in a global ID that is reasonably unique 255 and can be used as a Global ID. 257 3.3 Scope Definition 259 By default, the scope of these addresses is global. That is, they 260 are not limited by ambiguity like the site-local addresses defined in 261 [ADDRARCH]. Rather, these prefixes are globally unique, and as such, 262 their applicability exceeds the current site-local addresses. Their 263 limitation is in the routability of the prefixes, which is limited to 264 a site and any explicit routing agreements with other sites to 265 propagate them. Also, unlike site-locals, these prefixes can overlap 267 4.0 Routing 269 Local IPv6 addresses are designed to be routed inside of a site in 270 the same manner as other types of unicast addresses. They can be 271 carried in any IPv6 routing protocol without any change. 273 It is expected that they would share the same subnet IDs with 274 provider based global unicast addresses if they were being used 275 concurrently [GLOBAL]. 277 Any routing protocol that is used between sites is required to filter 278 out any incoming or outgoing Local IPv6 unicast routes. The 279 exception to this is if specific /48 IPv6 local unicast routes have 280 been configured to allow for inter-site communication. 282 If BGP is being used at the site border with an ISP, by default 283 filters MUST be installed in the BGP configuration to keep any Local 284 IPv6 address prefixes from being advertised outside of the site or 285 for these prefixes to be learned from another site. The exception to 286 this is if there are specific /48 routes created for one or more 287 Local IPv6 prefixes. 289 5.0 Renumbering and Site Merging 291 The use of Local IPv6 addresses in a site results in making 292 communication using these addresses independent of renumbering a 293 site's provider based global addresses. 295 When merging multiple sites none of the addresses created with these 296 prefixes need to be renumbered because all of the addresses are 297 unique. Routes for each specific prefix would have to be configured 298 to allow routing to work correctly between the formerly separate 299 sites. 301 6.0 Site Border Router and Firewall Filtering 303 While no serious harm will be done if packets with these addresses 304 are sent outside of a site via a default route, it is recommended 305 that they be filtered to keep any packets with Local IPv6 destination 306 addresses from leaking outside of the site and to keep any site 307 prefixes from being advertised outside of their site. 309 Site border routers SHOULD install a black hole route for the Local 310 IPv6 prefix FC00::/7. This will insure that packets with Local IPv6 311 destination addresses will not be forwarded outside of the site via a 312 default route. 314 Site border routers and firewalls SHOULD NOT forward any packets with 315 Local IPv6 source or destination addresses outside of the site unless 316 they have been explicitly configured with routing information about 317 other Local IPv6 prefixes. The default behavior of these devices 318 SHOULD be to filter them. 320 7.0 DNS Issues 322 Local IPv6 addresses SHOULD NOT be installed in the global DNS. They 323 may be installed in a naming system local to the site or kept 324 separate from the global DNS using techniques such as "two-faced" 325 DNS. 327 If Local IPv6 address are configured in the global DNS, no harm is 328 done because they are unique and will not create any confusion. The 329 may not be reachable, but this is a property that is common to all 330 types of global IPv6 unicast addresses. 332 For future study names with Local IPv6 addresses may be resolved 333 inside of the site using dynamic naming systems such as Multicast 334 DNS. 336 8.0 Application and Higher Level Protocol Issues 338 Application and other higher level protocols can treat Local IPv6 339 addresses in the same manner as other types of global unicast 340 addresses. No special handling is required. This type of addresses 341 may not be reachable, but that is no different from other types of 342 IPv6 global unicast addresses. Applications need to be able to 343 handle multiple addresses that may or may not be reachable any point 344 in time. In most cases this complexity should be hidden in APIs. 346 From a host's perspective this difference shows up as different 347 reachability than global unicast and could be handled by default that 348 way. In some cases it is better for nodes and applications to treat 349 them differently from global unicast addresses. A starting point 350 might be to give them preference over global unicast, but fall back 351 to global unicast if a particular destination is found to be 352 unreachable. Much of this behavior can be controlled by how they are 353 allocated to nodes and put into the DNS. However it is useful if a 354 host can have both types of addresses and use them appropriately. 356 Note that the address selection mechanisms of [ADDSEL], and in 357 particular the policy override mechanism replacing default address 358 selection, are expected to be used on a site where Local IPv6 359 addresses are configured. 361 9.0 Use of Local IPv6 Addresses for Local Communications 363 Local IPv6 addresses, like global scope unicast addresses, are only 364 assigned to nodes if their use has been enabled (via IPv6 address 365 autoconfiguration [ADDAUTO], DHCPv6 [DHCP6], or manually) and 366 configured in the DNS. They are not created automatically the way 367 that IPv6 link-local addresses are and will not appear or be used 368 unless they are purposely configured. 370 In order for hosts to autoconfigure Local IPv6 addresses, routers 371 have to be configured to advertise Local IPv6 /64 prefixes in router 372 advertisements. Likewise, a DHCPv6 server must have been configured 373 to assign them. In order for a node to learn the Local IPv6 address 374 of another node, the Local IPv6 address must have been installed in 375 the DNS. For these reasons, it is straight forward to control their 376 usage in a site. 378 To limit the use of Local IPv6 addresses the following guidelines 379 apply: 381 - Nodes that are to only be reachable inside of a site: The local 382 DNS should be configured to only include the Local IPv6 383 addresses of these nodes. Nodes with only Local IPv6 addresses 384 must not be installed in the global DNS. 386 - Nodes that are to be limited to only communicate with other 387 nodes in the site: These nodes should be set to only 388 autoconfigure Local IPv6 addresses via [ADDAUTO] or to only 389 receive Local IPv6 addresses via [DHCP6]. Note: For the case 390 where both global and Local IPv6 prefixes are being advertised 391 on a subnet, this will require a switch in the devices to only 392 autoconfigure Local IPv6 addresses. 394 - Nodes that are to be reachable from inside of the site and from 395 outside of the site: The DNS should be configured to include 396 the global addresses of these nodes. The local DNS may be 397 configured to also include the Local IPv6 addresses of these 398 nodes. 400 - Nodes that can communicate with other nodes inside of the site 401 and outside of the site: These nodes should autoconfigure global 402 addresses via [ADDAUTO] or receive global address via [DHCP6]. 403 They may also obtain Local IPv6 addresses via the same 404 mechanisms. 406 10.0 Use of Local IPv6 Addresses with VPNs 408 Local IPv6 addresses can be used for inter-site Virtual Private 409 Networks (VPN) if appropriate routes are set up. Because the 410 addresses are unique these VPNs will work reliably and without the 411 need for translation. They have the additional property that they 412 will continue to work if the individual sites are renumbered or 413 merged. 415 11.0 Advantages and Disadvantages 417 11.1 Advantages 419 This approach has the following advantages: 421 - Provides Local IPv6 prefixes that can be used independently of 422 any provider based IPv6 unicast address allocations. This is 423 useful for sites not always connected to the Internet or sites 424 that wish to have a distinct prefix that can be used to localize 425 traffic inside of the site. 426 - Applications can treat these addresses in an identical manner as 427 any other type of global IPv6 unicast addresses. 428 - Sites can be merged without any renumbering of the Local IPv6 429 addresses. 430 - Sites can change their provider based IPv6 unicast address 431 without disrupting any communication using Local IPv6 addresses. 432 - Well known prefix that allows for easy filtering at site 433 boundary. 434 - Can be used for inter-site VPNs. 435 - If accidently leaked outside of a site via routing or DNS, there 436 is no conflict with any other addresses. 438 11.2 Disadvantages 440 This approach has the following disadvantages: 442 - Not possible to route Local IPv6 prefixes on the global Internet 443 with current routing technology. Consequentially, it is 444 necessary to have the default behavior of site border routers to 445 filter these addresses. 446 - There is a very low probability of non-unique locally assigned 447 global IDs being generated by the algorithm in section 3.2.3. 448 This risk can be ignored for all practical purposes, but it 449 leads to a theoretical risk of clashing address prefixes. 451 12.0 Security Considerations 453 Local IPv6 addresses do not provide any inherent security to the 454 nodes that use them. They may be used with filters at site 455 boundaries to keep Local IPv6 traffic inside of the site, but this is 456 no more or less secure than filtering any other type of global IPv6 457 unicast addresses. 459 Local IPv6 addresses do allow for address-based security mechanisms, 460 including IPSEC, across end to end VPN connections. 462 13.0 IANA Considerations 464 The IANA is instructed to allocate the FC00::/7 prefix for Unique 465 Local IPv6 unicast addresses. 467 The IANA is instructed to delegate, within a reasonable time, the 468 prefix FC00::/8 to an allocation authority for Unique Local IPv6 469 Unicast prefixes of length /48. This allocation authority shall 470 comply with the requirements described in section 3.2 of this 471 document, including in particular the charging of a modest one-time 472 fee, with any profit being used for the public good in connection 473 with the Internet. 475 14.0 Change Log 477 Draft 479 o Changed title and name of addresses defined in this document to 480 "Unique Local IPv6 Unicast Addresses" with abbreviation of 481 "Local IPv6 addresses". 482 o Several editorial changes. 484 Draft 486 o Added section on scope definition and updated application 487 requirement section. 488 o Clarified that, by default, the scope of these addresses is 489 global. 490 o Renumbered sections and general text improvements 491 o Removed reserved global ID values 492 o Added pseudo code for local allocation submitted by Brian 493 Haberman and added him as an author. 494 o Split Global ID values into centrally assigned and local 495 assignments and added text to describe local assignments 497 Draft 499 o Initial Draft 501 REFERENCES 503 Normative 505 [ADDARCH] Hinden, R., S. Deering, S., "IP Version 6 Addressing 506 Architecture", RFC3515, April 2003. 508 [GLOBAL] Hinden, R., S. Deering, E. Nordmark, "IPv6 Global Unicast 509 Address Format", Internet Draft, , June 2003. 512 [IPV6] Deering, S., R. Hinden, "Internet Protocol, Version 6 513 (IPv6) Specification", RFC2460, December 1998. 515 [MD5DIG] Rivest, R., "The MD5 Message-Digest Algorithm", RFC1321, 516 April 1992. 518 [NTP] Mills, David L., "Network Time Protocol (Version 3) 519 Specification, Implementation and Analysis", RFC1305, March 520 1992. 522 [POPUL] Population Reference Bureau, "World Population Data Sheet 523 of the Population Reference Bureau 2002", August 2002. 525 [RANDOM] Eastlake, D. 3rd, S. Crocker, J. Schiller, "Randomness 526 Recommendations for Security", RFC1750, December 1994. 528 [RFC2026] Bradner, S., "The Internet Standards Process -- Revision 529 3", RFC2026, BCP00009, October 1996. 531 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 532 Requirement Levels", RFC2119, BCP14, March 1997. 534 Non-Normative 536 [ADDAUTO] Thomson, S., T. Narten, "IPv6 Stateless Address 537 Autoconfiguration", RFC2462, December 1998. 539 [DHCP6] Droms, R., et. al., "Dynamic Host Configuration Protocol 540 for IPv6 (DHCPv6)", Internet Draft, , November 2002. 543 [ADDSEL] Draves, R., "Default Address Selection for Internet 544 Protocol version 6 (IPv6)", RFC3484, February 2003. 546 AUTHOR'S ADDRESSES 548 Robert M. Hinden 549 Nokia 550 313 Fairchild Drive 551 Mountain View, CA 94043 552 US 554 phone: +1 650 625-2004 555 email: bob.hinden@nokia.com 557 Brian Haberman 558 Caspian Networks 559 1 Park Drive, Suite 300 560 Research Triangle Park, NC 27709 561 US 563 phone: +1-929-949-4828 564 email: brian@innovationslab.net