idnits 2.17.1 draft-ietf-babel-v4viav6-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (16 January 2022) is 824 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 5549 (Obsoleted by RFC 8950) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Chroboczek 3 Internet-Draft IRIF, University of Paris 4 Updates: 8966 (if approved) 16 January 2022 5 Intended status: Standards Track 6 Expires: 20 July 2022 8 IPv4 routes with an IPv6 next hop in the Babel routing protocol 9 draft-ietf-babel-v4viav6-07 11 Abstract 13 This document defines an extension to the Babel routing protocol that 14 allows annoncing routes to an IPv4 prefix with an IPv6 next-hop, 15 which makes it possible for IPv4 traffic to flow through interfaces 16 that have not been assigned an IPv4 address. This document updates 17 RFC 8966. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at https://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on 20 July 2022. 36 Copyright Notice 38 Copyright (c) 2022 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 43 license-info) in effect on the date of publication of this document. 44 Please review these documents carefully, as they describe your rights 45 and restrictions with respect to this document. Code Components 46 extracted from this document must include Revised BSD License text as 47 described in Section 4.e of the Trust Legal Provisions and are 48 provided without warranty as described in the Revised BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 53 1.1. Specification of Requirements . . . . . . . . . . . . . . 3 54 2. Protocol operation . . . . . . . . . . . . . . . . . . . . . 3 55 2.1. Announcing v4-via-v6 routes . . . . . . . . . . . . . . . 4 56 2.2. Receiving v4-via-v6 routes . . . . . . . . . . . . . . . 4 57 2.3. Prefix and seqno requests . . . . . . . . . . . . . . . . 5 58 2.4. Other TLVs . . . . . . . . . . . . . . . . . . . . . . . 5 59 3. ICMPv4 and PMTU discovery . . . . . . . . . . . . . . . . . . 5 60 4. Protocol encoding . . . . . . . . . . . . . . . . . . . . . . 6 61 4.1. Prefix encoding . . . . . . . . . . . . . . . . . . . . . 6 62 4.2. Changes to existing TLVs . . . . . . . . . . . . . . . . 7 63 5. Backwards compatibility . . . . . . . . . . . . . . . . . . . 7 64 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 65 7. Security Considerations . . . . . . . . . . . . . . . . . . . 8 66 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 67 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 68 9.1. Normative References . . . . . . . . . . . . . . . . . . 9 69 9.2. Informative References . . . . . . . . . . . . . . . . . 9 70 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 10 72 1. Introduction 74 The role of a routing protocol is to build a routing table, a data 75 structure that maps network prefixes in a given family (IPv4 or IPv6) 76 to next hops, pairs of an outgoing interface and a neighbour's 77 network address, for example: 79 destination next hop 80 2001:db8:0:1::/64 eth0, fe80::1234:5678 81 203.0.113.0/24 eth0, 192.0.2.1 83 When a packet is routed according to a given routing table entry, the 84 forwarding plane typically uses a neighbour discovery protocol (the 85 Neighbour Discovery protocol (ND) [RFC4861] in the case of IPv6, the 86 Address Resolution Protocol (ARP) [RFC0826] in the case of IPv4) to 87 map the next-hop address to a link-layer address (a "MAC address"), 88 which is then used to construct the link-layer frames that 89 encapsulate forwarded packets. 91 It is apparent from the description above that there is no 92 fundamental reason why the destination prefix and the next-hop 93 address should be in the same address family: there is nothing 94 preventing an IPv6 packet from being routed through a next hop with 95 an IPv4 address (in which case the next hop's MAC address will be 96 obtained using ARP), or, conversely, an IPv4 packet from being routed 97 through a next hop with an IPv6 address. (In fact, it is even 98 possible to store link-layer addresses directly in the next-hop entry 99 of the routing table, which is commonly done in networks using the 100 OSI protocol suite). 102 The case of routing IPv4 packets through an IPv6 next hop is 103 particularly interesting, since it makes it possible to build 104 networks that have no IPv4 addresses except at the edges and still 105 provide IPv4 connectivity to edge hosts. In addition, since an IPv6 106 next hop can use a link-local address that is autonomously 107 configured, the use of such routes enables a mode of operation where 108 the network core has no statically assigned IP addresses of either 109 family, which significantly reduces the amount of manual 110 configuration required. 112 We call a route towards an IPv4 prefix that uses an IPv6 next hop a 113 "v4-via-v6" route. This document describes an extension that allows 114 the Babel routing protocol [RFC8966] to announce v4-via-v6 routes 115 across interfaces that have no IPv4 addresses assigned. Section 3 116 describes procedures that ensure that all routers can originate 117 ICMPv4 packets, even if they have not been assigned any IPv4 118 addresses. 120 The extension described in this document is inspired by a previously 121 defined extension to the BGP protocol [RFC5549]. This document 122 updates [RFC8966]. 124 1.1. Specification of Requirements 126 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 127 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 128 "OPTIONAL" in this document are to be interpreted as described in BCP 129 14 [RFC2119] [RFC8174] when, and only when, they appear in all 130 capitals, as shown here. 132 2. Protocol operation 134 The Babel protocol fully supports dual-stack operation: all data that 135 represent a neighbour address or a network prefix are tagged by an 136 Address Encoding (AE), a small integer that identifies the address 137 family (IPv4 or IPv6) of the address of prefix, and describes how it 138 is encoded. This extension defines a new AE, called v4-via-v6, which 139 has the same format as the existing AE for IPv4 addresses. This new 140 AE is only allowed in TLVs that carry network prefixes: TLVs that 141 carry a neighbour address use one of the normal encodings for IPv6 142 addresses. 144 2.1. Announcing v4-via-v6 routes 146 A Babel node can use a v4-via-v6 announcement to announce an IPv4 147 route over an interface that has no assigned IPv4 address. In order 148 to do so, it first establishes an IPv6 next-hop address in the usual 149 manner (either by sending the Babel packet over IPv6, or by including 150 a Next Hop TLV containing an IPv6 address and using AE 2 or 3); it 151 then sends an Update, with AE equal to 4 (v4-via-v6) containing the 152 IPv4 prefix being announced. 154 If the outgoing interface has been assigned an IPv4 address, then, in 155 the interest of maximising compatibility with existing routers, the 156 sender SHOULD prefer an ordinary IPv4 announcement; even in that 157 case, however, it MAY send a v4-via-v6 announcement. A node SHOULD 158 NOT send both ordinary IPv4 and v4-via-v6 announcements for the same 159 prefix over a single interface (if the update is sent to a multicast 160 address) or to a single neighbour (if sent to a unicast address), 161 since doing that provides no benefit while doubling the amount of 162 routing traffic. 164 Updates with infinite metric are retractions: they indicate that a 165 previously announced route is no longer available. Retractions do 166 not require a next hop, and there is therefore no difference between 167 v4-via-v6 retractions and ordinary retractions. A node MAY send IPv4 168 retractions only, or it MAY send v4-via-v6 retractions on interfaces 169 that have not been assigned an IPv4 address. 171 2.2. Receiving v4-via-v6 routes 173 Upon reception of an Update TLV with AE equal to 4 (v4-via-v6) and 174 finite metric, a Babel node computes the IPv6 next hop, as described 175 in Section 4.6.9 of [RFC8966]. If no IPv6 next hop exists, then the 176 Update MUST be silently ignored. If an IPv6 next hop exists, then 177 the node MAY acquire the route being announced, as described in 178 Section 3.5.3 of [RFC8966]; the parameters of the route are as 179 follows: 181 * the prefix, plen, router-id, seqno, metric MUST be computed as for 182 an IPv4 route, as described in Section 4.6.9 of [RFC8966]; 184 * the next hop MUST be computed as for an IPv6 route, as described 185 in Section 4.6.9 of [RFC8966]: it is taken from the last preceding 186 Next Hop TLV with an AE field equal to 2 or 3; if no such entry 187 exists, and if the Update TLV has been sent in a Babel packet 188 carried over IPv6, then the next hop is the network-layer source 189 address of the packet. 191 An Update TLV with a v4-via-v6 AE and metric equal to infinity is a 192 retraction: it announces that a previously available route is being 193 retracted. In that case, no next hop is necessary, and the 194 retraction is treated as described in Section 4.6.9 of [RFC8966]. 196 As usual, a node MAY ignore the update, e.g., due to filtering 197 (Appendix C of [RFC8966]). If a node cannot install v4-via-v6 198 routes, e.g., due to hardware or software limitations, then routes to 199 an IPv4 prefix with an IPv6 next hop MUST NOT be selected, as 200 described in Section 3.5.3 of [RFC8966]. 202 2.3. Prefix and seqno requests 204 Prefix and seqno requests are used to request an update for a given 205 prefix. Since they are not related to a specific next hop, there is 206 no semantic difference between IPv4 and v4-via-v6 requests. 207 Therefore, a node SHOULD NOT send requests of either kind with the AE 208 field being set to 4 (v4-via-v6); instead, it SHOULD request IPv4 209 updates by sending requests with the AE field being set to 1 (IPv4). 211 When receiving requests, AEs 1 (IPv4) and 4 (v4-via-v6) MUST be 212 treated in the same manner: the receiver processes the request as 213 described in Section 3.8 of [RFC8966]. If an Update is sent, then it 214 MAY be sent with AE 1 or 4, as described in Section 2.1 above, 215 irrespective of which AE was used in the request. 217 When receiving a request with AE 0 (wildcard), the receiver SHOULD 218 send a full route dump, as described in Section 3.8.1.1 of [RFC8966]. 219 Any IPv4 routes contained in the route dump MAY use either AE 1 220 (IPv4) or AE 4 (v4-via-v6), as described in Section 2.1 above. 222 2.4. Other TLVs 224 The only other TLVs defined by [RFC8966] that carry an AE field are 225 Next Hop and TLV. Next Hop and IHU TLVs MUST NOT carry the AE 4 (v4- 226 via-v6). 228 3. ICMPv4 and PMTU discovery 230 The Internet Control Message Protocol (ICMPv4, or simply ICMP) 231 [RFC0792] is a protocol related to IPv4 that is primarily used to 232 carry diagnostic and debugging information. ICMPv4 packets may be 233 originated by end hosts (e.g., the "destination unreachable, port 234 unreachable" ICMPv4 packet), but they may also be originated by 235 intermediate routers (e.g., most other kinds of "destination 236 unreachable" packets). 238 Some protocols deployed in the Internet rely on ICMPv4 packets sent 239 by intermediate routers. Most notably, path MTU Discovery (PMTUd) 240 [RFC1191] is an algorithm executed by end hosts to discover the 241 maximum packet size that a route is able to carry. While there exist 242 variants of PMTUd that are purely end-to-end [RFC4821], the variant 243 most commonly deployed in the Internet has a hard dependency on 244 ICMPv4 packets originated by intermediate routers: if intermediate 245 routers are unable to send ICMPv4 packets, PMTUd may lead to 246 persistent blackholing of IPv4 traffic. 248 Due to this kind of dependency, every Babel router that is able to 249 forward IPv4 traffic MUST be able originate ICMPv4 traffic. Since 250 the extension described in this document enables routers to forward 251 IPv4 traffic received over an interface that has not been assigned an 252 IPv4 address, a router implementing this extension MUST be able to 253 originate ICMPv4 packets even when the outgoing interface has not 254 been assigned an IPv4 address. 256 In such a situation, if a Babel router has an interface that has been 257 assigned an IPv4 address, or if an IPv4 address has been assigned to 258 the router itself (to the "loopback interface"), then that IPv4 259 address may be used as the source of originated ICMPv4 packets. If 260 no IPv4 address is available, a Babel router could use the 261 experimental mechanism described in Section 22 of [RFC7600], which 262 consists of using the dummy address 192.0.0.8 as the source address 263 of originated ICMPv4 packets. Note however that using the same 264 address on multiple routers may hamper debugging and fault isolation, 265 e.g., when using the "traceroute" utility. 267 4. Protocol encoding 269 This extension defines the v4-via-v6 AE, whose value is 4. This AE 270 is solely used to tag network prefixes, and MUST NOT be used to tag 271 neighbour addresses, e.g. in Next Hop or IHU TLVs. 273 This extension defines no new TLVs or sub-TLVs. 275 4.1. Prefix encoding 277 Network prefixes tagged with AE 4 (v4-via-v6) MUST be encoded and 278 decoded just like prefixes tagged with AE 1 (IPv4), as described in 279 Section 4.3.1 of [RFC8966]. 281 A new compression state for AE 4 (v4-via-v6) distinct from that of AE 282 1 (IPv4) is introduced, and MUST be used for address compression of 283 prefixes tagged with AE 4, as described in Section 4.6.9 of [RFC8966] 285 4.2. Changes to existing TLVs 287 The following TLVs MAY be tagged with AE 4 (v4-via-v6): 289 * Update (Type = 8) 291 * Route Request (Type = 9) 293 * Seqno Request (Type = 10) 295 As AE 4 (v4-via-v6) is suitable only for network prefixes, IHU 296 (Type = 5) and Next-Hop (Type = 7) TLVs MUST NOT be tagged with AE 4. 297 Such (incorrect) TLVs MUST be ignored upon reception. 299 4.2.1. Update 301 An Update (Type = 8) TLV with AE 4 is constructed as described in 302 Section 4.6.9 of [RFC8966] for AE 1 (IPv4), with the following 303 specificities: 305 * Prefix. The Prefix field is constructed according to Section 4.1 306 above. 308 * Next Hop. The next hop is determined as described in Section 2.2 309 above. 311 4.2.2. Other TLVs 313 When tagged with the AE 4, Route Request and Seqno Request updates 314 MUST be constructed and decoded as described in Section 4.6 of 315 [RFC8966], and the network prefixes contained within them decoded as 316 described in Section 4.1 above. 318 5. Backwards compatibility 320 This protocol extension adds no new TLVs or sub-TLVs. 322 This protocol extension uses a new AE. As discussed in Appendix D of 323 [RFC8966] and specified in the same document, implementations that do 324 not understand the present extension will silently ignore the various 325 TLVs that use this new AE. As a result, incompatible versions will 326 ignore v4-via-v6 routes. They will also ignore requests with AE 4, 327 which, as stated in Section 2.3, are NOT RECOMMENDED. 329 Using a new AE introduces a new compression state, used to parse the 330 network prefixes. As this compression state is separate from other 331 AEs' states, it will not interfere with the compression state of 332 unextended nodes. 334 This extension reuses the next-hop state from AEs 2 and 3 (IPv6), but 335 makes no changes to the way in which it is updated, and therefore 336 causes no compatibility issues. 338 As mentioned in Section 2.1, ordinary IPv4 announcements are 339 preferred to v4-via-v6 announcements when the outgoing interface has 340 an assigned IPv4 address; doing otherwise would prevent routers that 341 do not implement this extension from learning the route being 342 announced. 344 6. IANA Considerations 346 IANA has allocated value 4 in the "Babel Address Encodings" registry 347 as follows: 349 +====+===========+=================+ 350 | AE | Name | Reference | 351 +====+===========+=================+ 352 | 4 | v4-via-v6 | (this document) | 353 +----+-----------+-----------------+ 355 Table 1 357 7. Security Considerations 359 The extension defined in this document does not fundamentally change 360 the security properties of the Babel protocol. However, by allowing 361 IPv4 routes to be propagated across routers that have not been 362 assigned IPv4 addresses, it might invalidate the assumptions made by 363 network administrators, which could conceivably lead to security 364 issues. 366 For example, if an island of IPv4-only hosts is separated from the 367 IPv4 Internet by routers that have not been assigned IPv4 addresses, 368 a network administrator might reasonably assume that the IPv4-only 369 hosts are unreachable from the IPv4 Internet. This assumption is 370 broken if the intermediary routers implement the extension described 371 in this document, which might expose the IPv4-only hosts to traffic 372 from the IPv4 Internet. If this is undesirable, the flow of IPv4 373 traffic must be restricted by the use of suitable filtering rules 374 (Appendix C of [RFC8966]) together with matching packet filters in 375 the data plane. 377 8. Acknowledgments 379 This protocol extension was originally designed, described and 380 implemented in collaboration with Theophile Bastian. Margaret Cullen 381 pointed out the issues with ICMP and helped coin the phrase "v4-via- 382 v6". The author is also indebted to Donald Eastlake, Toke Hoiland- 383 Jorgensen, David Schinazi, and Donald Sharp. 385 9. References 387 9.1. Normative References 389 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 390 RFC 792, DOI 10.17487/RFC0792, September 1981, 391 . 393 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 394 Requirement Levels", BCP 14, RFC 2119, 395 DOI 10.17487/RFC2119, March 1997, 396 . 398 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 399 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 400 May 2017, . 402 [RFC8966] Chroboczek, J. and D. Schinazi, "The Babel Routing 403 Protocol", RFC 8966, DOI 10.17487/RFC8966, January 2021, 404 . 406 9.2. Informative References 408 [RFC0826] Plummer, D., "An Ethernet Address Resolution Protocol: Or 409 Converting Network Protocol Addresses to 48.bit Ethernet 410 Address for Transmission on Ethernet Hardware", STD 37, 411 RFC 826, DOI 10.17487/RFC0826, November 1982, 412 . 414 [RFC1191] Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191, 415 DOI 10.17487/RFC1191, November 1990, 416 . 418 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 419 Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, 420 . 422 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 423 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 424 DOI 10.17487/RFC4861, September 2007, 425 . 427 [RFC5549] Le Faucheur, F. and E. Rosen, "Advertising IPv4 Network 428 Layer Reachability Information with an IPv6 Next Hop", 429 RFC 5549, DOI 10.17487/RFC5549, May 2009, 430 . 432 [RFC7600] Despres, R., Jiang, S., Ed., Penno, R., Lee, Y., Chen, G., 433 and M. Chen, "IPv4 Residual Deployment via IPv6 - A 434 Stateless Solution (4rd)", RFC 7600, DOI 10.17487/RFC7600, 435 July 2015, . 437 Author's Address 439 Juliusz Chroboczek 440 IRIF, University of Paris 441 Case 7014 442 75205 Paris Cedex 13 443 France 445 Email: jch@irif.fr