idnits 2.17.1 draft-ietf-ipv6-unique-local-addr-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC 2119' is mentioned on line 96, but not defined == Unused Reference: 'RFC2119' is defined on line 591, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 3587 (ref. 'GLOBAL') ** Obsolete normative reference: RFC 2463 (ref. 'ICMPV6') (Obsoleted by RFC 4443) ** Obsolete normative reference: RFC 2460 (ref. 'IPV6') (Obsoleted by RFC 8200) ** Downref: Normative reference to an Informational RFC: RFC 1321 (ref. 'MD5DIG') ** Obsolete normative reference: RFC 1305 (ref. 'NTP') (Obsoleted by RFC 5905) -- Possible downref: Non-RFC (?) normative reference: ref. 'POPUL' ** Obsolete normative reference: RFC 1750 (ref. 'RANDOM') (Obsoleted by RFC 4086) -- Obsolete informational reference (is this intentional?): RFC 2462 (ref. 'ADDAUTO') (Obsoleted by RFC 4862) -- Obsolete informational reference (is this intentional?): RFC 3484 (ref. 'ADDSEL') (Obsoleted by RFC 6724) -- Obsolete informational reference (is this intentional?): RFC 3315 (ref. 'DHCP6') (Obsoleted by RFC 8415) Summary: 10 errors (**), 0 flaws (~~), 3 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT R. Hinden, Nokia 3 May 14, 2004 B. Haberman, Caspian 5 Unique Local IPv6 Unicast Addresses 7 9 Status of this Memo 11 This document is an Internet-Draft and is in full conformance with 12 all provisions of Section 10 of RFC2026. Internet-Drafts are working 13 documents of the Internet Engineering Task Force (IETF), its areas, 14 and its working groups. Note that other groups may also distribute 15 working documents as Internet-Drafts. 17 Internet-Drafts are draft documents valid for a maximum of six months 18 and may be updated, replaced, or obsoleted by other documents at any 19 time. It is inappropriate to use Internet-Drafts as reference 20 material or to cite them other than as "work in progress." 22 To view the list Internet-Draft Shadow Directories, see 23 http://www.ietf.org/shadow.html. 25 This internet draft expires on October 19, 2004. 27 Abstract 29 This document defines an IPv6 unicast address format that is globally 30 unique and is intended for local communications, usually inside of a 31 site. They are not expected to be routable on the global Internet. 33 Table of Contents 35 1.0 Introduction....................................................2 36 2.0 Acknowledgments.................................................3 37 3.0 Local IPv6 Unicast Addresses....................................3 38 3.1 Format..........................................................3 39 3.1.1 Background....................................................4 40 3.2 Global ID.......................................................4 41 3.2.1 Centrally Assigned Global IDs.................................5 42 3.2.2 Locally Assigned Global IDs...................................6 43 3.2.3 Sample Code for Pseudo-Random Global ID Algorithm.............6 44 3.2.4 Analysis of the Uniqueness of Global IDs......................7 45 3.3 Scope Definition................................................8 46 4.0 Routing.........................................................8 47 5.0 Renumbering and Site Merging....................................8 48 6.0 Site Border Router and Firewall Packet Filtering................9 49 7.0 DNS Issues......................................................9 50 8.0 Application and Higher Level Protocol Issues...................10 51 9.0 Use of Local IPv6 Addresses for Local Communications...........10 52 10.0 Use of Local IPv6 Addresses with VPNs.........................11 53 11.0 Advantages and Disadvantages..................................12 54 12.0 Security Considerations.......................................12 55 13.0 IANA Considerations...........................................12 56 14.0 References....................................................13 57 14.1 Normative References..........................................13 58 14.2 Informative References........................................13 59 15.0 Authors' Addresses............................................14 60 16.0 Change Log....................................................15 62 1.0 Introduction 64 This document defines an IPv6 unicast address format that is globally 65 unique and is intended for local communications [IPV6]. These 66 addresses are called Unique Local IPv6 Unicast Addresses and are 67 abbreviated in this document as Local IPv6 addresses. They are not 68 expected to be routable on the global Internet. They are routable 69 inside of a more limited area such as a site. They may also be 70 routed between a limited set of sites. 72 Local IPv6 unicast addresses have the following characteristics: 74 - Globally unique prefix. 75 - Well known prefix to allow for easy filtering at site 76 boundaries. 77 - Allows sites to be combined or privately interconnected without 78 creating any address conflicts or requiring renumbering of 79 interfaces using these prefixes. 80 - Internet Service Provider independent and can be used for 81 communications inside of a site without having any permanent or 82 intermittent Internet connectivity. 83 - If accidentally leaked outside of a site via routing or DNS, 84 there is no conflict with any other addresses. 85 - In practice, applications may treat these addresses like global 86 scoped addresses. 88 This document defines the format of Local IPv6 addresses, how to 89 allocate them, and usage considerations including routing, site 90 border routers, DNS, application support, VPN usage, and guidelines 91 for how to use for local communication inside a site. 93 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 94 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 95 document are to be interpreted as described in [RFC 2119]. 97 2.0 Acknowledgments 99 The underlying idea of creating Local IPv6 addresses described in 100 this document been proposed a number of times by a variety of people. 101 The authors of this draft do not claim exclusive credit. Credit goes 102 to Brian Carpenter, Christian Huitema, Aidan Williams, Andrew White, 103 Charlie Perkins, and many others. The authors would also like to 104 thank Brian Carpenter, Charlie Perkins, Harald Alvestrand, Keith 105 Moore, Margaret Wasserman, Shannon Behrens, Alan Beard, Hans Kruse, 106 Geoff Huston, Pekka Savola, Christian Huitema, and Tim Chown for 107 their comments and suggestions on this document. 109 3.0 Local IPv6 Unicast Addresses 111 3.1 Format 113 The Local IPv6 addresses are created using a centrally allocated 114 global ID. They have the following format: 116 | 7 bits | 41 bits | 16 bits | 64 bits | 117 +--------+------------+-----------+-----------------------------+ 118 | prefix | global ID | subnet ID | interface ID | 119 +--------+------------+-----------+-----------------------------+ 121 Where: 123 prefix FC00::/7 prefix to identify Local IPv6 unicast 124 addresses. 126 global ID 41-bit global identifier used to create a 127 globally unique prefix. See section 3.2 for 128 additional information. 130 subnet ID 16-bit subnet ID is an identifier of a subnet 131 within the site. 133 interface ID 64-bit interface ID as defined in [ADDARCH]. 135 3.1.1 Background 137 There were a range of choices available when choosing the size of the 138 prefix and global ID field length. There is a direct tradeoff 139 between having a global ID field large enough to support foreseeable 140 future growth and not using too much of the IPv6 address space 141 needlessly. A reasonable way of evaluating a specific field length 142 is to compare it to a projected 2050 world population of 9.3 billion 143 [POPUL] and the number of resulting /48 prefixes per person. A range 144 of prefix choices is shown in the following table: 146 Prefix Global ID Number of Prefixes % of IPv6 147 Length /48 Prefixes per Person Address Space 149 /11 37 137,438,953,472 15 0.049% 150 /10 38 274,877,906,944 30 0.098% 151 /9 39 549,755,813,888 59 0.195% 152 /8 40 1,099,511,627,776 118 0.391% 153 /7 41 2,199,023,255,552 236 0.781% 154 /6 42 4,398,046,511,104 473 1.563% 156 A very high utilization ratio of these allocations can be assumed 157 because the global ID field does not require internal structure, and 158 there is no reason to be able to aggregate the prefixes. 160 The authors believe that a /7 prefix resulting in a 41 bit global ID 161 is a good choice. It provides for a large number of assignments 162 (i.e., 2.2 trillion) and at the same time uses less than .8% of the 163 total IPv6 address space. It is unlikely that this space will be 164 exhausted. If more than this were to be needed, then additional IPv6 165 address space could be allocated for this purpose. 167 3.2 Global ID 169 The allocation of global IDs should be pseudo-random [RANDOM]. They 170 should not be assigned sequentially or with well known numbers. This 171 is to ensure that there is not any relationship between allocations 172 and to help clarify that these prefixes are not intended to be routed 173 globally. Specifically, these prefixes are designed to not 174 aggregate. 176 There are two ways to allocate Global IDs. These are centrally by a 177 allocation authority and locally by the site. The Global ID is split 178 into two parts for each type of allocation. The prefixes for each 179 type are: 181 FC00::/8 Centrally assigned 182 FD00::/8 Locally assigned 184 Each results in a 40-bit space to allocate. 186 Two assignment methods are included because they have different 187 properties. The centrally assigned global IDs are uniquely assigned 188 and the assignments can be escrowed to resolve any disputes regarding 189 duplicate assignments. The local assignments are self generated and 190 do not need any central coordination or assignment, but have a lower 191 (but still adequate) probability of being unique. It is expected 192 that large managed sites will prefer central assignments and small or 193 disconnected sites will prefer local assignments. It is recommended 194 that sites planning to use Local IPv6 addresses for extensive inter- 195 site communication, initially or as a future possibility, use a 196 centrally assigned prefix as there is no possibility of assignment 197 conflicts. Sites are free to choose either approach. 199 3.2.1 Centrally Assigned Global IDs 201 Centrally assigned global IDs MUST be generated with a pseudo-random 202 algorithm consistent with [RANDOM]. They should not be assigned 203 sequentially or by locality. This is to ensure that there is no 204 relationship between allocations and to help clarify that these 205 prefixes are not intended to be routed globally by eliminating the 206 possibility of aggregation. Specifically, these prefixes are 207 designed to not aggregate. 209 Global IDs should be assigned under the authority of a single 210 allocation organization because they are pseudo-random and without 211 any structure. This is easiest to accomplish if there is a single 212 authority for the assignments. 214 The requirements for centrally assigned global ID allocations are: 216 - Available to anyone in an unbiased manner. 217 - Permanent with no periodic fees. 218 - Allocation on a permanent basis, without any need for renewal 219 and without any procedure for de-allocation. 220 - Provide mechanisms that prevent hoarding of these allocations. 221 - The ownership of each individual allocation should be private, 222 but should be escrowed. 224 The allocation authority should permit allocations to be obtained 225 without having any sort of Internet connectivity. For example in 226 addition to web based registration they should support some methods 227 like telephone, postal mail, fax, etc. 229 The allocation service should include sufficient provisions to avoid 230 hoarding of numbers. This can be accomplished by various ways, for 231 example, requiring an exchange of documents, a verbal contact, or a 232 proof that the request is on behalf of a human rather than a machine. 233 The service may charge a small fee in order to cover its costs, but 234 the fee should be low enough to not create a barrier to anyone 235 needing one. The precise mechanisms should be decided by the 236 registration authority. 238 The ownership of the allocations is not needed to be public since the 239 resulting addresses are intended to be used for local communication. 240 It is escrowed to ensure there are no duplicate allocations and in 241 case it is needed in the future (e.g., to resolve duplicate 242 allocation disputes, or to support a change of the central allocation 243 authority). 245 Note, there are many possible ways of of creating an allocation 246 authority. It is important to keep in mind when reviewing 247 alternatives that the goal is to pick one that can do the job. It 248 doesn't have to be perfect, only good enough to do the job at hand. 250 This document directs the IANA, in section 13.0, to delegate the 251 FC00::/8 prefix to an allocation authority to allocate centrally 252 assigned /48 prefixes consistent with the requirements defined in 253 this section. 255 3.2.2 Locally Assigned Global IDs 257 Global IDs can also be generated locally by an individual site. This 258 makes it easy to get a prefix without the need to contact an 259 assignment authority or internet service provider. There is not as 260 high a degree of assurance that the prefix will not conflict with 261 another locally generated prefix, but the likelihood of conflict is 262 small. Sites that are not comfortable with this degree of 263 uncertainty should use a centrally assigned global ID. 265 Locally assigned global IDs MUST be generated with a pseudo-random 266 algorithm consistent with [RANDOM]. Section 3.2.3 describes a 267 suggested algorithm. It is important to ensure a reasonable 268 likelihood uniqueness that all sites generating a Global IDs use a 269 functionally similar algorithm. 271 The use of a pseudo-random algorithm to generate global IDs in the 272 locally assigned prefix gives an assurance that any network numbered 273 using such a prefix is highly unlikely to have that address space 274 clash with any other network that has another locally assigned prefix 275 allocated to it. This is a particularly useful property when 276 considering a number of scenarios including networks that merge, 277 overlapping VPN address space, or hosts mobile between such networks. 279 3.2.3 Sample Code for Pseudo-Random Global ID Algorithm 281 The algorithm described below is intended to be used for centrally 282 and locally assigned Global IDs. In each case the resulting global 283 ID will be used in the appropriate prefix as defined in section 3.2. 285 1) Obtain the current time of day in 64-bit NTP format [NTP]. 286 2) Obtain an EUI-64 identifier from the system running this 287 algorithm. If an EUI-64 does not exist, one can be created from 288 a 48-bit MAC address as specified in [ADDARCH]. If an EUI-64 289 cannot be obtained or created, a suitably unique identifier, 290 local to the node, should be used (e.g. system serial number). 291 3) Concatenate the time of day with the system-specific identifier 292 creating a key. 293 4) Compute an MD5 digest on the key as specified in [MD5DIG]. 294 5) Use the least significant 40 bits as the Global ID. 295 6) In the case of the centrally assigned global IDs, verify that 296 the computed global ID is not in the escrow. If it is, discard 297 the value and rerun the algorithm. 299 This algorithm will result in a global ID that is reasonably unique 300 and can be used as a Global ID. 302 3.2.4 Analysis of the Uniqueness of Global IDs 304 The selection of a pseudo random global ID is similar to the 305 selection of an SSRC identifier in RTP/RTCP defined in section 8.1 of 306 [RTP]. This analysis is adapted from that document. 308 Since the global ID is chosen randomly, it is possible that two or 309 more networks that have an inter-network connection using globally- 310 unique local addresses will chose the same global ID. The 311 probability of collision can be approximated based on the number of 312 connections between networks using globally-unique local addresses 313 and the length of the ID (40 bits). The formula 315 P = 1 - exp(-N**2 / 2**(L+1)) 317 approximates the probability of collision (where N is the number 318 connections and L is the length of the global ID). 320 The following table shows the probability of a collision for a range 321 of connections using a 40 bit global ID field. 323 Connections Probability of Collision 325 2 1.81*10^-12 326 10 4.54*10^-11 327 100 4.54*10^-09 328 1000 4.54*10^-07 329 10000 4.54*10^-05 331 Based on this analysis the uniqueness of locally generated global IDs 332 is adequate for sites planning a small to moderate amount of inter- 333 site communication using locally generated global IDs. Sites 334 planning more extensive inter-site communication should consider 335 using the centrally assigned global ID. 337 3.3 Scope Definition 339 By default, the scope of these addresses is global. That is, they 340 are not limited by ambiguity like the site-local addresses defined in 341 [ADDARCH]. Rather, these prefixes are globally unique, and as such, 342 their applicability is greater than site-local addresses. Their 343 limitation is in the routability of the prefixes, which is limited to 344 a site and any explicit routing agreements with other sites to 345 propagate them. Also, unlike site-locals, a site may have more than 346 one of these prefixes and use them at the same time. 348 4.0 Routing 350 Local IPv6 addresses are designed to be routed inside of a site in 351 the same manner as other types of unicast addresses. They can be 352 carried in any IPv6 routing protocol without any change. 354 It is expected that they would share the same subnet IDs with 355 provider based global unicast addresses if they were being used 356 concurrently [GLOBAL]. 358 Any router that is used between sites must be configured to filter 359 out any incoming or outgoing Local IPv6 unicast routes. The 360 exception to this is if specific /48 IPv6 local unicast routes have 361 been configured to allow for inter-site communication. 363 If BGP is being used at the site border with an ISP, the default BGP 364 configuration must be set to to keep any Local IPv6 address prefixes 365 from being advertised outside of the site or for these prefixes to be 366 learned from another site. The exception to this is if there are 367 specific /48 routes created for one or more Local IPv6 prefixes. 369 5.0 Renumbering and Site Merging 371 The use of Local IPv6 addresses in a site results in making 372 communication using these addresses independent of renumbering a 373 site's provider based global addresses. 375 When merging multiple sites none of the addresses created with these 376 prefixes need to be renumbered because all of the addresses are 377 unique. Routes for each specific prefix would have to be configured 378 to allow routing to work correctly between the formerly separate 379 sites. 381 6.0 Site Border Router and Firewall Packet Filtering 383 While no serious harm will be done if packets with these addresses 384 are sent outside of a site via a default route, it is recommended 385 that routers be configured by default to keep any packets with Local 386 IPv6 destination addresses from leaking outside of the site and to 387 keep any site prefixes from being advertised outside of their site. 389 Site border routers should install a "reject" route for the Local 390 IPv6 prefix FC00::/7. This will ensure that packets with Local IPv6 391 destination addresses will not be forwarded outside of the site via a 392 default route. Site border routers should respond with the 393 appropriate ICMPv6 Destination Unreachable message to inform the 394 source that the packet was not forwarded [ICMPV6]. This feedback is 395 important to avoid transport protocol timeouts. 397 Site border routers and firewalls should not forward any packets with 398 Local IPv6 source or destination addresses outside of the site unless 399 they have been explicitly configured with routing information about 400 specific /48 Local IPv6 prefixes. The default behavior of these 401 devices should be to install a "reject" route for these prefixes. 402 Site border routers should respond with the appropriate ICMPv6 403 Destination Unreachable message to inform the source that the packet 404 was not forwarded. 406 Routers that maintain peering arrangements between Autonomous Systems 407 throughout the Internet should obey the recommendations for site 408 border routers unless configured otherwise. 410 7.0 DNS Issues 412 AAAA and PTR records for Local IPv6 addresses may be installed in the 413 global DNS at the option of the site to which they are assigned. It 414 is expected that most sites will not make use of this option, but 415 some sites may find benefits in doing so. 417 If Local IPv6 address are configured in the global DNS, no harm is 418 done because they are unique and will not create any confusion. They 419 may not be reachable, but this is a property that is common to all 420 types of global IPv6 unicast addresses. 422 8.0 Application and Higher Level Protocol Issues 424 Application and other higher level protocols can treat Local IPv6 425 addresses in the same manner as other types of global unicast 426 addresses. No special handling is required. This type of addresses 427 may not be reachable, but that is no different from other types of 428 IPv6 global unicast addresses. Applications need to be able to 429 handle multiple addresses that may or may not be reachable any point 430 in time. In most cases this complexity should be hidden in APIs. 432 From a host's perspective this difference shows up as different 433 reachability than global unicast and could be handled by default that 434 way. In some cases it is better for nodes and applications to treat 435 them differently from global unicast addresses. A starting point 436 might be to give them preference over global unicast, but fall back 437 to global unicast if a particular destination is found to be 438 unreachable. Much of this behavior can be controlled by how they are 439 allocated to nodes and put into the DNS. However it is useful if a 440 host can have both types of addresses and use them appropriately. 442 Note that the address selection mechanisms of [ADDSEL], and in 443 particular the policy override mechanism replacing default address 444 selection, are expected to be used on a site where Local IPv6 445 addresses are configured. 447 9.0 Use of Local IPv6 Addresses for Local Communications 449 Local IPv6 addresses, like global scope unicast addresses, are only 450 assigned to nodes if their use has been enabled (via IPv6 address 451 autoconfiguration [ADDAUTO], DHCPv6 [DHCP6], or manually). They are 452 not created automatically the way that IPv6 link-local addresses are 453 and will not appear or be used unless they are purposely configured. 455 In order for hosts to autoconfigure Local IPv6 addresses, routers 456 have to be configured to advertise Local IPv6 /64 prefixes in router 457 advertisements, or a DHCPv6 server must have been configured to 458 assign them. In order for a node to learn the Local IPv6 address of 459 another node, the Local IPv6 address must have been installed in the 460 DNS or another naming system. For these reasons, it is straight 461 forward to control their usage in a site. 463 To limit the use of Local IPv6 addresses the following guidelines 464 apply: 466 - Nodes that are to only be reachable inside of a site: The local 467 DNS should be configured to only include the Local IPv6 468 addresses of these nodes. Nodes with only Local IPv6 addresses 469 must not be installed in the global DNS. 471 - Nodes that are to be limited to only communicate with other 472 nodes in the site: These nodes should be set to only 473 autoconfigure Local IPv6 addresses via [ADDAUTO] or to only 474 receive Local IPv6 addresses via [DHCP6]. Note: For the case 475 where both global and Local IPv6 prefixes are being advertised 476 on a subnet, this will require a switch in the devices to only 477 autoconfigure Local IPv6 addresses. 479 - Nodes that are to be reachable from inside of the site and from 480 outside of the site: The DNS should be configured to include 481 the global addresses of these nodes. The local DNS may be 482 configured to also include the Local IPv6 addresses of these 483 nodes. 485 - Nodes that can communicate with other nodes inside of the site 486 and outside of the site: These nodes should autoconfigure global 487 addresses via [ADDAUTO] or receive global address via [DHCP6]. 488 They may also obtain Local IPv6 addresses via the same 489 mechanisms. 491 10.0 Use of Local IPv6 Addresses with VPNs 493 Local IPv6 addresses can be used for inter-site Virtual Private 494 Networks (VPN) if appropriate routes are set up. Because the 495 addresses are unique these VPNs will work reliably and without the 496 need for translation. They have the additional property that they 497 will continue to work if the individual sites are renumbered or 498 merged. 500 11.0 Advantages and Disadvantages 502 11.1 Advantages 504 This approach has the following advantages: 506 - Provides Local IPv6 prefixes that can be used independently of 507 any provider based IPv6 unicast address allocations. This is 508 useful for sites not always connected to the Internet or sites 509 that wish to have a distinct prefix that can be used to localize 510 traffic inside of the site. 511 - Applications can treat these addresses in an identical manner as 512 any other type of global IPv6 unicast addresses. 513 - Sites can be merged without any renumbering of the Local IPv6 514 addresses. 515 - Sites can change their provider based IPv6 unicast address 516 without disrupting any communication using Local IPv6 addresses. 517 - Well known prefix that allows for easy filtering at site 518 boundary. 519 - Can be used for inter-site VPNs. 520 - If accidently leaked outside of a site via routing or DNS, there 521 is no conflict with any other addresses. 523 11.2 Disadvantages 525 This approach has the following disadvantages: 527 - Not possible to route Local IPv6 prefixes on the global Internet 528 with current routing technology. Consequentially, it is 529 necessary to have the default behavior of site border routers to 530 filter these addresses. 531 - There is a very low probability of non-unique locally assigned 532 global IDs being generated by the algorithm in section 3.2.3. 533 This risk can be ignored for all practical purposes, but it 534 leads to a theoretical risk of clashing address prefixes. 536 12.0 Security Considerations 538 Local IPv6 addresses do not provide any inherent security to the 539 nodes that use them. They may be used with filters at site 540 boundaries to keep Local IPv6 traffic inside of the site, but this is 541 no more or less secure than filtering any other type of global IPv6 542 unicast addresses. 544 Local IPv6 addresses do allow for address-based security mechanisms, 545 including IPSEC, across end to end VPN connections. 547 13.0 IANA Considerations 549 The IANA is instructed to allocate the FC00::/7 prefix for Unique 550 Local IPv6 unicast addresses. 552 The IANA is instructed to delegate, within a reasonable time, the 553 prefix FC00::/8 to an allocation authority for Unique Local IPv6 554 Unicast prefixes of length /48. This allocation authority shall 555 comply with the requirements described in section 3.2 of this 556 document, including in particular allocation on a permanent basis and 557 with sufficient provisions to avoid hoarding of numbers. If deemed 558 appropriate, the authority may also consist of multiple organizations 559 performing the authority duties. 561 14.0 References 563 14.1 Normative References 565 [ADDARCH] Hinden, R., S. Deering, S., "IP Version 6 Addressing 566 Architecture", RFC 3515, April 2003. 568 [GLOBAL] Hinden, R., S. Deering, E. Nordmark, "IPv6 Global Unicast 569 Address Format", RFC 3587, August 2003. 571 [ICMPV6] Conta, A., S. Deering, "Internet Control Message Protocol 572 (ICMPv6) for the Internet Protocol Version 6 (IPv6) 573 Specification", RFC2463, December 1998. 575 [IPV6] Deering, S., R. Hinden, "Internet Protocol, Version 6 576 (IPv6) Specification", RFC 2460, December 1998. 578 [MD5DIG] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 579 April 1992. 581 [NTP] Mills, David L., "Network Time Protocol (Version 3) 582 Specification, Implementation and Analysis", RFC 1305, 583 March 1992. 585 [POPUL] Population Reference Bureau, "World Population Data Sheet 586 of the Population Reference Bureau 2002", August 2002. 588 [RANDOM] Eastlake, D. 3rd, S. Crocker, J. Schiller, "Randomness 589 Recommendations for Security", RFC 1750, December 1994. 591 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 592 Requirement Levels", RFC 2119, BCP14, March 1997. 594 14.2 Informative References 596 [ADDAUTO] Thomson, S., T. Narten, "IPv6 Stateless Address 597 Autoconfiguration", RFC 2462, December 1998. 599 [ADDSEL] Draves, R., "Default Address Selection for Internet 600 Protocol version 6 (IPv6)", RFC 3484, February 2003. 602 [DHCP6] Droms, R., et. al., "Dynamic Host Configuration Protocol 603 for IPv6 (DHCPv6)", RFC3315, July 2003. 605 [RTP] Schulzrinne, H., S. Casner, R. Frederick, V. Jacobson, 606 "RTP: A Transport Protocol for Real-Time Applications" 607 RFC3550, July 2003. 609 15.0 Authors' Addresses 611 Robert M. Hinden 612 Nokia 613 313 Fairchild Drive 614 Mountain View, CA 94043 615 USA 617 phone: +1 650 625-2004 618 email: bob.hinden@nokia.com 620 Brian Haberman 621 Caspian Networks 622 1 Park Drive, Suite 300 623 Research Triangle Park, NC 27709 624 USA 626 phone: +1-929-949-4828 627 email: brian@innovationslab.net 629 16.0 Change Log 631 Draft 633 o Clarified text in section 3.2.1 that central assigned prefixes 634 should be assigned under the authority of a single allocation 635 organization. 636 o Added step to suggested pseudo-random algorithm that in the case 637 of centrally assigned prefixes the computed global IDs should be 638 verified against the escrow. 639 o Added new text to section 3.2.2 that explains in more detail the 640 need for pseudo-random global IDs (i.e., avoid duplicate 641 allocations). 642 o Rewrote section 7.0 to describe DNS AAAA and PTR records, and 643 clarify when they might be installed in the global DNS. 644 o Various editorial changes. 646 Draft 648 o Removed requirement of a fee per central allocation and updated 649 IANA considerations to reflect this. Rewrote text to focus on 650 the requirement to avoid hoarding of allocations. 651 o Changed "filtering" and "black hole routes" to "reject" routes. 652 o Changed uppers case requirements (i.e., MUST, SHOULD, etc.) to 653 lower case in sections giving operational advice. 654 o Removed paragraph mentioning "Multicast DNS". 655 o Various editorial changes. 657 Draft 659 o Removed mention of 10 euro charge and changed text in section 660 3.2.1 and IANA considerations to restate the requirement for low 661 cost allocations and added specific requirement to prevent 662 hording. 663 o Added need to send ICMPv6 destination unreachable messages if 664 packets are filtered or dropped at site boundaries. 665 o Changed format section to list prefix sizes and definition, and 666 changed discussion of prefix sizes to new background section. 667 o Various editorial changes. 669 Draft 671 o Removed example of PIR as an example of an allocation authority 672 and clarified the text that the IANA should delegate the 673 centrally assigned prefix to an allocation authority. 674 o Changed sample code for generating pseudo random Global IDs to 675 not require any human input. Changes from using birthday to 676 unique token (e.g., EUI-64, serial number, etc.) available on 677 machine running the algorithm. 678 o Added a new section analyzing the uniqueness properties of the 679 pseudo random number algorithm. 680 o Added text to recommend that centrally assigned local addresses 681 be used for site planning extensive inter-site communication. 682 o Clarified that domain border routers should follow site border 683 router recommendations. 684 o Clarified that AAAA DNS records should not be installed in the 685 global DNS. 686 o Several editorial changes. 688 Draft 690 o Changed file name to become an IPv6 w.g. group document. 691 o Clarified language in Routing and Firewall sections. 692 o Several editorial changes. 694 Draft 696 o Changed title and name of addresses defined in this document to 697 "Unique Local IPv6 Unicast Addresses" with abbreviation of 698 "Local IPv6 addresses". 699 o Several editorial changes. 701 Draft 703 o Added section on scope definition and updated application 704 requirement section. 705 o Clarified that, by default, the scope of these addresses is 706 global. 707 o Renumbered sections and general text improvements 708 o Removed reserved global ID values 709 o Added pseudo code for local allocation submitted by Brian 710 Haberman and added him as an author. 711 o Split Global ID values into centrally assigned and local 712 assignments and added text to describe local assignments 714 Draft 716 o Initial Draft