idnits 2.17.1 draft-ietf-ipngwg-router-renum-01.txt: ** The Abstract section seems to be numbered Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-25) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([AA], [ND]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 29, 1997) is 9767 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'AA' is mentioned on line 33, but not defined == Missing Reference: 'ICMPV6' is mentioned on line 248, but not defined ** Obsolete normative reference: RFC 1884 (ref. 'AARCH') (Obsoleted by RFC 2373) ** Downref: Normative reference to an Informational RFC: RFC 2104 (ref. 'HMAC') ** Obsolete normative reference: RFC 1970 (ref. 'ND') (Obsoleted by RFC 2461) ** Obsolete normative reference: RFC 1971 (ref. 'SAA') (Obsoleted by RFC 2462) Summary: 15 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 IPng Working Group Matt Crawford 2 Internet Draft Fermilab 3 Robert Hinden 4 Ipsilon Networks 5 July 29, 1997 7 Router Renumbering for IPv6 8 10 Status of this Memo 12 This document is an Internet Draft. Internet Drafts are working 13 documents of the Internet Engineering Task Force (IETF), its Areas, 14 and its Working Groups. Note that other groups may also distribute 15 working documents as Internet Drafts. 17 Internet Drafts are draft documents valid for a maximum of six 18 months. Internet Drafts may be updated, replaced, or obsoleted by 19 other documents at any time. It is not appropriate to use Internet 20 Drafts as reference material or to cite them other than as a 21 "working draft" or "work in progress." 23 To learn the current status of any Internet-Draft, please check the 24 "1id-abstracts.txt" listing contained in the Internet Drafts Shadow 25 Directories on ds.internic.net (US East Coast), nic.nordu.net 26 (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific 27 Rim). 29 Distribution of this memo is unlimited. 31 1. Abstract 33 IPv6 Neighbor Discovery [ND] and Address Autoconfiguration [AA] 34 conveniently make initial assignments of address prefixes to hosts. 35 Aside from the problem of connection survival across a renumbering 36 event, these two mechanisms also simplify the reconfiguration of 37 hosts when the set of valid prefixes changes. 39 This document defines a mechanism called Router Renumbering ("RR") 40 which allows address prefixes on routers to be configured and 41 reconfigured almost as easily as the combination of Neighbor 42 Discovery and Address Autoconfiguration works for hosts. It 43 provides a means for a network manager to make updates to the 44 prefixes used by and advertised by IPv6 routers throughout a site. 46 2. Functional Overview 48 Router Renumbering packets contain a sequence of Prefix Control 49 Operations (PCOs). Each PCO specifies an operation, a Match-Prefix, 50 and zero or more Use-Prefixes. A router processes each PCO in 51 sequence, checking each of its interfaces for an address or prefix 52 which matches the match-prefix. For every interface on which a 53 match is found, the operation is applied. The operation is one of 54 ADD, CHANGE, or SET-GLOBAL to instruct the router to respectively 55 add the Use-Prefixes to the set of configured prefixes, remove the 56 prefix which matched the Match-Prefix and replace it with the Use- 57 Prefixes, or replace all global-scope prefixes with the Use- 58 Prefixes. If the set of Use-Prefixes in the PCO is empty, the ADD 59 operation does nothing and the other two reduce to deletions. 61 Additional information for each use-prefix is included in the Prefix 62 Control Operation: the valid and preferred lifetimes to be included 63 in Router Advertisement Prefix Information Options [ND], and either 64 the L and A flags for the same option, or an indication that they 65 are to be copied from the prefix that matched the match-prefix. 67 It is possible to instruct routers to create new prefixes by 68 combining the use-prefixes in a PCO with some portion of the 69 existing prefix which matched the match-prefix. This simplifies 70 certain operations which are expected to be among the most common. 71 For every use-prefix, the PCO specifies a number of bits which 72 should be copied from the address or prefix which matched the 73 match-prefix and appended to the use-prefix prior to configuring the 74 new prefix on the interface. The copied bits are zero or more bits 75 from the positions immediately beyond the length of the use-prefix. 76 If subnetting information is in the same portion of of the old and 77 new prefixes, this synthesis allows a single Prefix Control 78 Operation to define a new global prefix on every router in a site, 79 while preserving the subnetting structure. 81 Because of the power of the Router Renumbering mechanism, each RR 82 message includes a sequence number and an authenticator to guard 83 against replays. Each elementary RR operation is idempotent and so 84 could be retransmitted for improved reliability, as long as the 85 sequence number is current, without concern about multiple 86 processing. However, non-idempotent combinations of elementary RR 87 operations can easily be constructed and messages containing such 88 combinations could not be safely reprocessed. Therefore, all 89 routers are required guard against processing an RR message more 90 than once. 92 Possibly a network manager will want to perform more renumbering, or 93 exercise more detailed control, than can be expressed in a single 94 Router Renumbering packet on the available media. The RR mechanism 95 is most powerful when RR packets are multicast, so IP fragmentation 96 is undesirable. For these reasons, each RR packet contains a 97 "Segment Number". All RR packets which have a Sequence Number equal 98 to the highest value seen (for each valid key), and which pass the 99 authentication check, are equally valid and must be processed. 100 However, a router must keep track of the Segment Numbers of RR 101 messages already processed and avoid reprocessing a message whose 102 Sequence Number and Segment Number match a previously processed 103 message. 105 There is a "Dry Run" indicator which indicates that all routers 106 should simulate processing of the RR message and not perform any 107 reconfiguration. A separate "Report" flags instruct routers to send 108 a Router Renumbering Result message back to the source of the RR 109 message indicating the actual or simulated result of the operations 110 in the RR message. 112 The effect of an RR message, or the simulated effect of a Dry Run RR 113 message, may also reported to network management by means outside 114 the scope of this document, regardless of the value of the "Report" 115 flag. 117 3. Definitions 119 3.1. Requirements 121 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 122 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 123 document are to be interpreted as described in [KWORD]. 125 3.2. Terminology 127 Address 128 This term always refers to a 128-bit IPv6 address [AARCH]. When 129 referring to bits within an address, they are numbered from 0 to 130 127, with bit 0 being the first bit of the Format Prefix. 132 Prefix 133 A prefix can be understood as an address plus a length, the 134 latter being an integer in the range 0 to 128 indicating how many 135 leading bits are significant. When referring to bits within a 136 prefix, they are numbered in the same way as the bits of an 137 address. For example, the significant bits of a prefix whose 138 length is L are the bits numbered 0 through L-1, inclusive. 140 Match 141 An address A "matches" a prefix P whose length is L, if the first 142 L bits of A are identical with the first L bits of P. (Every 143 address matches a prefix of length 0.) A prefix P1 with length 144 L1 matches a prefix P2 of length L2 if L1 >= L2 and the first L2 145 bits of P1 and P2 are identical. 147 Prefix Control Operation, Match-Prefix, Use-Prefix 148 These are defined section 2. 150 Matched Prefix 151 The existing prefix or address which matched a Match-Prefix. 153 New Prefix 154 A prefix constructed from a Use-Prefix, possibly including some 155 of the Matched-Prefix. 157 Recorded Sequence Number 158 The highest sequence number found in a valid, authenticated 159 message with a given key MUST be recorded in non-volatile storage 160 along with that key. 162 3.3. Authentication Algorithms 164 All implementations MUST support HMAC-MD5 [HMAC] for authentication. 165 Additional algorithms MAY be supported. 167 4. Message Format 169 There are two types of Router Renumbering messages: Commands, which 170 are sent to routers, and Results, which are sent by routers. The 171 two types of messages are distinguished by a flag in the header, and 172 differ in the contents of the "Message Body" field. 174 / / 175 | IPv6 header, extension headers | 176 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 177 / / 178 | ICMPv6 & RR Header (16 octets) | 179 / / 180 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 181 / / 182 | RR Message Body | 183 / / 184 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 185 / / 186 | Authentication Data (16 octets for HMAC-MD5) | 187 / / 188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 190 Router Renumbering messages are carried in ICMP packets with Type = 191 TBA. The RR message consists of 193 An RR header, containing the sequence and segment numbers and 194 information about the authentication key and the location and 195 length of the authentication data within the packet. 197 The RR Message Body, of variable length; 199 The authentication data, with length dependent on the 200 authentication type. For HMAC-MD5, 16 octets. 202 All fields marked "unused" MUST be set to zero on generation of an 203 RR message. During processing of the message they MUST be included 204 in the authentication check, but otherwise ignored. 206 All implementations which generate Router Renumbering messages MUST 207 support sending them to the All Routers multicast address with Link 208 Local and Site Local scopes, and to unicast addresses of link local 209 and site local formats. All routers MUST be capable of receiving RR 210 messages sent to those multicast addresses and to any of their link 211 local and site local unicast addresses. Implementations MAY support 212 sending and receiving RR messages addressed to other unicast 213 addresses. 215 4.1. Router Renumbering Header 217 0 1 2 3 218 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 219 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 220 | Type | Code | Checksum | 221 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 | SegmentNumber | KeyID | 223 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 224 | AuthLen | AuthOffset | 225 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 226 | SequenceNumber | 227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 229 Fields: 231 Type TBA, the ICMP type code assigned to Router Renumbering 233 Code A combination of three flag bits 235 +-+-+-+-+-+-+-+-+ 236 | unused |C|R|D| 237 +-+-+-+-+-+-+-+-+ 239 C=1 for an RR Command message; C=0 for an RR Result 240 message. 241 R=1 in an RR Command indicates that the router must send 242 an RR Result message upon completion of processing the 243 message; if R=0, no Result must be sent (but other forms 244 of logging are not precluded). 245 D=1 to indicate a "Dry Run" message; D=0 indicates that 246 the router configuration is to be modified. 248 Checksum The ICMPv6 checksum, as specified in [ICMPV6]. The 249 checksum covers the IPv6 pseudo-header and all fields of 250 the RR message from the Type field through the 251 Authentication Data. (For purposes of calculating and 252 verifying the Authentication Data, the ICMPv6 checksum 253 field is considered to be zero.) 255 SegmentNumber 256 An unsigned 16-bit field which enumerates different 257 valid RR messages having the same SequenceNumber and 258 KeyID. 260 KeyID An unsigned 16-bit field that identifies the key used to 261 create and verify the Authentication Data for this RR 262 message. If multiple authentication algorithms are 263 supported by the implementation, the choice of algorithm 264 is implicit in the KeyID. 266 AuthLen An unsigned 16-bit field giving the length in octets of 267 the Authentication Data. 269 AuthOffset An unsigned 16-bit offset, measured in octets, from the 270 beginning of the RR message to the beginning of the 271 Authentication Data. 273 SequenceNumber 274 An unsigned 32-bit sequence number. The sequence number 275 MUST be non-decreasing for all messages sent with the 276 same KeyID. 278 4.2. Message Body -- Command Message 280 The body of an RR Command message is a sequence of zero or more 281 Prefix Control Operations, each of variable length. The end of the 282 sequence MAY be located by the AuthOffset field in the RR header. 284 4.2.1. Prefix Control Operation 286 A Prefix Control Operation has one Match-Prefix Part of 24 octets, 287 followed by zero or more Use-Prefix Parts of 32 octets each. 289 4.2.1.1. Match-Prefix Part 291 0 1 2 3 292 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 293 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 294 | OpCode | OpLength | unused | MatchLen | 295 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 296 | unused | 297 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 298 | | 299 +- -+ 300 | | 301 +- MatchPrefix -+ 302 | | 303 +- -+ 304 | | 305 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 307 Fields: 309 OpCode An unsigned 8-bit field specifying the operation to be 310 performed when the associated MatchPrefix matches an 311 interface's prefix or address. Values are: 313 1 the ADD operation 315 2 the CHANGE operation 317 3 the SET-GLOBAL operation 319 OpLength The total length of this Prefix Control Operation, in 320 units of 8 octets. A valid OpLength will always be of 321 the form 4N+3, with N equal to the number of UsePrefix 322 parts (possibly zero). 324 MatchLen An 8-bit unsigned integer between 0 and 128 inclusive 325 specifying the number of initial bits of MatchPrefix 326 which are significant in matching. 328 MatchPrefix The 128-bit prefix to be compared with each interface's 329 prefix or address. 331 4.2.1.2. Use-Prefix Part 333 0 1 2 3 334 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 335 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 336 | UseLen | KeepLen | Mask | Flags | 337 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 338 | Valid Lifetime | 339 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 340 | Preferred Lifetime | 341 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 342 |V|P| unused | 343 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 344 | | 345 +- -+ 346 | | 347 +- UsePrefix -+ 348 | | 349 +- -+ 350 | | 351 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 353 Fields: 355 UseLen An 8-bit unsigned integer less than or equal to 128 356 specifying the number of initial bits of UsePrefix to 357 use in creating a new prefix for an interface. 359 KeepLen An 8-bit unsigned integer less than or equal to (128- 360 UseLen) specifying the number of bits of the prefix or 361 address which matched the associated Match-Prefix which 362 should be retained in the new prefix. The retained bits 363 are those at positions UseLen through (UseLen+KeepLen-1) 364 in the matched address or prefix, and they are copied to 365 the same positions in the New Prefix. 367 Mask An 8-bit mask. A 1 bit in any position means that the 368 corresponding flag bit in a Router Advertisement (RA) 369 Prefix Information Option should be set from the Flags 370 field in this Use-Prefix Part. A 0 bit in the Mask 371 means that the RA flag bit should be unchanged by this 372 operation. 374 Flags An 8 bit field which, under control of the Mask field, 375 may be used to initialize the flags in Router 376 Advertisement Prefix Information Options which advertise 377 the New Prefix. Note that only two flags have defined 378 meanings to date: the L (on-link) and A (autonomous 379 configuration) flags. 381 Valid Lifetime 382 A 32-bit unsigned integer which is the number of seconds 383 for which the New Prefix will be valid [ND, SAA]. 385 Preferred Lifetime 386 A 32-bit unsigned integer which is the number of seconds 387 for which the New Prefix will be preferred [ND, SAA]. 389 V A 1-bit flag indicating that the valid lifetime of the 390 New Prefix MUST be effectively decremented in real time. 392 P A 1-bit flag indicating that the preferred lifetime of 393 the New Prefix MUST be effectively decremented in real 394 time. 396 UsePrefix The 128-bit Use-prefix which either becomes or is used 397 in forming (if KeepLen is nonzero) the New Prefix. It 398 MUST NOT have the form of a multicast or link-local 399 address [AARCH]. 401 4.3. Message Body -- Result Message 403 The body of an RR Result message is a sequence of one or more Prefix 404 Result's, each of variable length. The end of the sequence MAY be 405 located by the AuthOffset field in the RR header. 407 4.3.1. Prefix Result 409 A Prefix Result has one Result-Request Part of 8 octets, followed by 410 zero or more Result-Data parts of 72 octets each. 412 4.3.1.1. Result-Request Part 414 0 1 2 3 415 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 416 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 417 | OpCode | OpLength | unused | 418 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 420 Fields: 422 OpCode An unsigned 8-bit field specifying the operation that 423 generated this result. Values are: 425 1 the ADD operation 427 2 the CHANGE operation 429 3 the SET-GLOBAL operation 431 OpLength The total length of this Prefix Results Return, in units 432 of 8 octets. A valid OpLength will always be of the 433 form 9N+1, with N equal to the number of Result-Data 434 Parts (possibly zero). 436 4.3.1.2. Result-Data Part 437 0 1 2 3 438 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 439 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 440 | Interface Index | 441 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 442 | | 443 +- -+ 444 | | 445 +- Original Prefix -+ 446 | | 447 +- -+ 448 | | 449 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 450 | | 451 +- -+ 452 | | 453 +- New Prefix -+ 454 | | 455 +- -+ 456 | | 457 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 459 Fields: 461 Interface Index 462 A 32-bit unsigned integer specifying the interface index 463 that the return applies to. 465 Original Prefix 466 The 128-bit prefix that matched the operation in the 467 Result Request part. This is the prefix before the 468 operation was performed. 470 New Prefix The 128-bit new prefix that resulted from the operation. 471 If the operation resulted in deleting the prefix from 472 the interface all zeros should be returned. 474 4.4. Authentication -- HMAC-MD5 476 When the key and algorithm associated with the KeyID indicate that 477 HMAC-MD5 authentication is to be used, the authentication data is 478 generated in accordance with RFC 2104 [HMAC]. 480 Before generating the AuthData, all fields of the RR header and all 481 the PCOs are filled in, except that the ICMPv6 checksum field is set 482 to zero. AuthLen will be 16 and AuthOffset will be equal to the 483 length in octets of the RR packet, not including the IPv6 header or 484 any extension headers. 486 When checking the AuthData, the ICMPv6 checksum must be set to zero. 488 5. Message Processing 490 Processing of received Router Renumbering messages consists of three 491 parts: header check, authentication check, and execution. 493 5.1. Header Check 495 First, the existence and validity of the key indicated by the KeyID 496 are checked. If there is no such valid key, or if the value of 497 AuthLen is not correct for that key, the message MUST be discarded, 498 and SHOULD be logged to network management. 500 Next, the SequenceNumber is compared to the Recorded Sequence Number 501 for the specified key. (If no messages have been received using 502 this key, the recorded number is zero.) This comparison is done 503 with the two numbers considered as simple non-negative integers, not 504 as DNS-style serial numbers. If the SequenceNumber is less than the 505 Recorded Sequence Number for the key, the message MUST be discarded 506 and SHOULD be logged to network management. 508 Finally, if the SequenceNumber in the message is equal to the 509 Recorded Sequence Number, the SegmentNumber MUST be checked. If a 510 correctly authenticated message with the same KeyID, SequenceNumber 511 and SegmentNumber has already been processed, the current message 512 MUST be discarded. If it is discarded, it SHOULD NOT be logged to 513 network management. 515 5.2. Authentication Check 517 The authentication check is performed over the RR message, without 518 any IPv6 or extension headers. In the case of Keyed MD5 it proceeds 519 as follows. First, the authentication data octets are saved, then 520 that portion of the packet is replaced with the MD5 secret. The 521 padding and length fields are appended just as during message 522 generation, and the MD5 digest is computed and compared to the saved 523 value. If the computed digest is not equal to the saved 524 authentication data, the authentication check fails. 526 If the authentication check fails, the message MUST be discarded and 527 SHOULD be logged to network management. 529 If the authentication check passes, and the SequenceNumber is 530 greater than the Recorded Sequence Number for the key, then the list 531 of processed SegmentNumbers, if any, MUST be cleared and the 532 Recorded Sequence Number MUST be updated to the value used in the 533 current message, regardless of subsequent processing errors. 535 5.3. Execution 537 THIS SECTION IS NOT YET COMPLETED. 539 After succesful processing of all the Prefix Control Operations, an 540 implementation MUST record the SegmentNumber of the packet in a list 541 associated with the KeyID and SequenceNumber. 543 6. Key Management 545 As with all security methods using keys, it is necessary to change 546 the RR Authentication Key on a regular basis. To provide RR 547 functionality during key changes, implementations MUST be able to 548 store and use more than one Authentication Key at the same time. 550 The Authentication Keys SHOULD NOT be stored or transmitted using 551 algorithms or protocols that have known flaws. Implementations MUST 552 support the storage of more than one key at the same time, MUST 553 associate a specific lifetime (start and end times) and a key 554 identifier with each key, and MUST support manual key distribution 555 (e.g., manual entry of the key, key lifetime, and key identifier on 556 the router console). 558 An infinite key lifetime SHOULD NOT be allowed. If infinite 559 lifetimes are allowed, manual deletion of valid keys MUST be 560 supported; otherwise manual deletion SHOULD be supported. The 561 implementation MAY automatically delete expired keys. 563 7. Usage Guidelines 565 7.1. Updating Global-Scope Prefixes 567 A simple use of the Router Renumbering mechanism, and one which is 568 expected to to be common, is the maintenance of a set of global 569 prefixes with a subnet structure that matches that of the site's 570 site-local address assignments. 572 7.2. Key Changes 574 Using a new authentication key while a previously used key is still 575 valid can open the possibility of a replay attack. The processing 576 rules as given in section 5. specify that routers keep track of the 577 highest sequence number seen for each key, and that messages with 578 that key and seuence number remain valid until either a higher 579 sequence number is seen or the key expires. The difficulty arises 580 when a new key is used to send a message which supersedes the last 581 message sent with another still-valid key. That older message can 582 still be replayed. 584 This vulnerability can be avoided in practice by sending a "NO-OP" 585 message with the old key and a valid new sequence number before 586 using a newer key. This mesage will then become the only one which 587 can be replayed with the old key. An example of a NO-OP message 588 would be one which contains no Prefix Control Operations. 590 Cearly a management station must keep track of the highest sequence 591 number it has used for each authentication key, at least to the 592 extent of being able to generate a larger value when needed. A 593 timestamp may make a good sequence number. 595 8. Points for Discussion 597 Does the site-local all-routers multicast address exist? 598 RFC1884 sort of glosses over that. If it doesn't, we need 599 a new multicast address to be assigned. 601 The "unusued" fields of the MatchPart could be used to 602 specify another condition in addition to matching a 603 prefix. For example, one of the prefix lifetime timers 604 could be tested against a value. 606 If the messages of several different protocols use the 607 same authentication mechanism, as this draft tries to 608 emulate the Keyed-MD5 authentication proposed for RIPv2, 609 then it's possible for one authenticated message body to 610 be grafted onto a different set of headers and cause at 611 least some confusion, and possibly worse. This can be 612 prevented by placing magic numbers or other fixed data in 613 the packets so that a packet for one protocol is never 614 valid for another. 616 Since RR messages will presumably be generated only by a 617 set network management stations which is disjoint from the 618 set of routers to which they are directed, an asymmetric 619 authentication scheme would be desirable. 621 9. Security Considerations 623 The Router Renumbering mechanism proposed here is very powerful and 624 prevention of spoofing it is important. Replay of old messages must 625 be prevented, except in the narrow case of idempotent messages which 626 are still valid at the time of replay. We believe the 627 authentication mechanisms included in this specification achieve the 628 necessary protections, so long as authentication keys are not 629 compromised. 631 Authentication keys must be as well protected as is any other access 632 method that allows reconfiguration of a site's routers. 633 Distribution of keys must not expose them or permit alteration, and 634 key lifetimes must be limited. 636 10. Acknowledgments 638 Some of the key management text was borrowed from "RIP-II MD5 639 Authentication." (And the loan was repaid in kind.) 641 11. References 643 [AARCH] R. Hinden, S. Deering, "IP Version 6 Addressing 644 Architecture", RFC 1884. 646 [HMAC] H. Krawczyk, M. Bellare, R. Canetti, "HMAC: Keyed-Hashing 647 for Message Authentication", RFC 2104. 649 [ICMPV6]A. Conta, S. Deering, "Internet Control Message Protocol 650 (ICMPv6) for the Internet Protocol Version 6 (IPv6)", RFC 651 1885. 653 [KWORD] S. Bradner, "Key words for use in RFCs to Indicate 654 Requirement Levels," RFC 2119. 656 [ND] T. Narten, E. Nordmark, W. Simpson, "Neighbor Discovery for 657 IP Version 6 (IPv6)", RFC 1970. 659 [SAA] S. Thomson, T. Narten, "IPv6 Stateless Address 660 Autoconfiguration", RFC 1971. 662 12. Authors' Addresses 664 Matt Crawford Robert M. Hinden 665 Fermilab MS 368 Ipsilon Networks, Inc. 666 PO Box 500 232 Java Drive 667 Batavia, IL 60510 Sunnyvale, CA 94089 668 USA USA 670 Phone: +1 630 840 3461 Phone: +1 408 990 2004 672 Email: crawdad@fnal.gov Email: hinden@ipsilon.com