idnits 2.17.1 draft-irtf-rrg-ilnp-arp-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (13 January 2012) is 4486 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Draft RJ Atkinson 3 draft-irtf-rrg-ilnp-arp-00.txt Consultant 4 Expires: 13 JUL 2012 SN Bhatti 5 Category: Experimental U. St Andrews 6 13 January 2012 8 ARP Extension for ILNPv4 9 draft-irtf-rrg-ilnp-arp-00.txt 11 Status of this Memo 13 Distribution of this memo is unlimited. 15 Copyright (c) 2012 IETF Trust and the persons identified as the 16 document authors. All rights reserved. 18 This document is subject to BCP 78 and the IETF Trust's Legal 19 Provisions Relating to IETF Documents 20 (http://trustee.ietf.org/license-info) in effect on the date of 21 publication of this document. Please review these documents 22 carefully, as they describe your rights and restrictions with 23 respect to this document. Code Components extracted from this 24 document must include Simplified BSD License text as described in 25 Section 4.e of the Trust Legal Provisions and are provided without 26 warranty as described in the Simplified BSD License. 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 This document may contain material from IETF Documents or IETF 32 Contributions published or made publicly available before November 33 10, 2008. The person(s) controlling the copyright in some of this 34 material may not have granted the IETF Trust the right to allow 35 modifications of such material outside the IETF Standards Process. 36 Without obtaining an adequate license from the person(s) 37 controlling the copyright in such materials, this document may not 38 be modified outside the IETF Standards Process, and derivative 39 works of it may not be created outside the IETF Standards Process, 40 except to format it for publication as an RFC or to translate it 41 into languages other than English. 43 Internet-Drafts are working documents of the Internet Engineering 44 Task Force (IETF), its areas, and its working groups. Note that 45 other groups may also distribute working documents as 46 Internet-Drafts. 48 Internet-Drafts are draft documents valid for a maximum of six 49 months and may be updated, replaced, or obsoleted by other 50 documents at any time. It is inappropriate to use Internet-Drafts 51 as reference material or to cite them other than as "work in 52 progress." 54 The list of current Internet-Drafts can be accessed at 55 http://www.ietf.org/1id-abstracts.html 57 The list of Internet-Draft Shadow Directories can be accessed at 58 http://www.ietf.org/shadow.html 60 This document is not on the IETF standards-track and does not 61 specify any level of standard. This document merely provides 62 information for the Internet community. 64 This document is part of the ILNP document set, and has had 65 extensive review within the IRTF Routing Research Group. ILNP is 66 one of the recommendations made by the RG Chairs. Separately, 67 various refereed research papers on ILNP have also been published 68 during this decade. So the ideas contained herein have had much 69 broader review than the IRTF Routing RG. The views in this 70 document were considered controversial by the Routing RG, but the 71 RG reached a consensus that the document still should be 72 published. The Routing RG has had remarkably little consensus on 73 anything, so virtually all Routing RG outputs are considered 74 controversial. 76 Abstract 78 This document defines an Address Resolution Protocol (ARP) 79 extension to support ILNP for IPv4 (ILNPv4). ILNP is is an 80 experimental, evolutionary enhancement to IP. This document is a 81 product of the IRTF Routing RG. 83 Table of Contents 85 1. Introduction............................. 86 2. ARP Extension for ILNPv4................. 87 3. Security Considerations.................. 88 4. IANA Considerations...................... 89 5. References............................... 91 1. INTRODUCTION 93 The Identifier Locator Network Protocol (ILNP) is an proposal for 94 evolving the Internet Architecture. It differs from the current 95 Internet Architecture primarily by deprecating the concept of an 96 IP Address, and instead defining two new objects, each having 97 crisp syntax and semantics. The first new object is the Locator, a 98 topology-dependent name for a subnetwork. The other new object is 99 the Identifier, which provides a topology-independent name for a 100 node. 102 1.1 ILNP Document Roadmap 104 The ILNP Architecture document [ILNP-ARCH] is the best place to 105 start reading about ILNP. ILNP has multiple instantiations. 106 [ILNP-ENG] discusses engineering and implementation aspects common 107 to all instances of ILNP. This document discusses engineering and 108 implementation details that are specific to ILNP for IPv4 109 (ILNPv4). [ILNP-DNS] describes new Domain Name System (DNS) 110 resource records used with ILNP. [ILNP-ICMPv4] defines the ICMP 111 Locator Update message used with ILNPv4. [ILNP-v4opts] defines new 112 IPv4 options for use with ILNPv4. Other documents describe ILNP 113 for IPv6 (ILNPv6) [ILNP-ICMPv6] [ILNP-NONCE6]. 115 1.2 Terminology 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL 118 NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and 119 "OPTIONAL" in this document are to be interpreted as described 120 in RFC 2119. [RFC-2119] 122 2. ARP Extensions for ILNPv4 124 ILNP for IPv4 (ILNPv4) is merely a different instantiation of the 125 ILNP architecture, so it retains the crisp distinction between the 126 Locator and the Identifier. As with ILNPv6, only the Locator 127 values are used for routing and forwarding ILNPv4 packets 128 [ILNP-ARCH]. As with ILNP for IPv6 (ILNPv6), when ILNPv4 is used 129 for a network-layer session, the upper-layer protocols (e.g. 130 TCP/UDP pseudo-header checksum, IPsec Security Association) bind 131 only to the Identifiers, never to the Locators [ILNP-ENG]. 133 However, just as the packet format for IPv4 is different to IPv6, 134 so the engineering details for ILNPv4 are different also. While 135 ILNPv6 is carefully engineered to be fully backwards-compatible 136 with IPv6 Neighbor Discovery, ILNPv4 relies upon an extended 137 version of the Address Resolution Protocol (ARP) which is defined 138 here. While ILNPv4 could have been engineered to avoid changes in 139 ARP, that would have required that the ILNPv4 Locator (i.e. L32) 140 have slightly different semantics, which was architecturally 141 undesirable. 143 The packet formats used are direct extensions of the existing 144 widely deployed ARP Request (Opcode 1) and ARP Reply (Opcode 2) 145 packet formats. This design was chosen for practical engineering 146 reasons (i.e. to maximise code reuse), rather than for maximum 147 protocol design purity. 149 We anticipate that ILNPv6 is much more likely to be widely 150 implemented and deployed than ILNPv4. However, having a clear 151 definition of ILNPv4 helps demonstrate the difference between 152 architecture and engineering, and also demonstrates that the 153 common ILNP architecture can be instantiated in different ways 154 with different existing network-layer protocols. 156 2.1 ILNPv4 ARP Request Packet Format 158 The ILNPv4 ARP Request (OP code XXX) is an extended version of the 159 widely deployed ARP Request (Opcode 1). This extension permits the 160 node's Identifier (I) values to be carried in the ARP message, in 161 addition to the node's 32-bit Locator (L32) values [ILNP-DNS]. 163 0 7 15 23 31 164 +--------+--------+--------+--------+ 165 | HT | PT | 166 +--------+--------+--------+--------+ 167 | HAL | PAL | OP | 168 +--------+--------+--------+--------+ 169 | S_HA (bytes 0-3) | 170 +--------+--------+--------+--------+ 171 | S_HA (bytes 4-5)|S_L32 (bytes 0-1)| 172 +--------+--------+--------+--------+ 173 |S_L32 (bytes 2-3)|S_I64 (bytes 0-1)| 174 +--------+--------+--------+--------+ 175 | S_I64 (bytes 2-5) | 176 +--------+--------+--------+--------+ 177 |S_ID (bytes 6-7) | T_HA (bytes 0-1)| 178 +--------+--------+--------+--------+ 179 | T_HA (bytes 3-5) | 180 +--------+--------+--------+--------+ 181 | T_L32 (bytes 0-3) | 182 +--------+--------+--------+--------+ 183 | T_I64 (bytes 0-3) | 184 +--------+--------+--------+--------+ 185 | T_I64 (bytes 4-7) | 186 +--------+--------+--------+--------+ 188 Figure 2.1: ILNPv4 ARP Request packet format 190 In the diagram of Fig 2.1, the fields are as follows: 192 HT Hardware Type (same as for ARP; unchanged) 193 PT Protocol Type (same as for ARP; unchanged) 194 HAL Hardware Address Length (same as for ARP; unchanged) 195 PAL Protocol Address Length (uses new value 12) 196 OP Operation Code (uses new value XXX) 197 S_HA Sender Hardware Address (same as for ARP; unchanged) 198 S_L32 Sender L32 (same as Sender IPv4 address for ARP) 199 S_I64 Sender Identifier (8 bytes) 200 T_HA Target Hardware Address (same as for ARP; unchanged) 201 T_L32 Target L32 (same as Target IPv4 address for ARP) 202 T_I64 Target Identifier (8 bytes) 204 The changed OP code indicates that this is ILNPv4 and not IPv4. 205 The semantics and usage of the ILNPv4 ARP Request are identical to 206 the existing ARP Request (Opcode 2), except that the ILNPv4 ARP 207 Request is sent only by nodes that support ILNPv4. 209 2.2 ILNPv4 ARP Reply Packet Format 211 The ILNPv4 ARP Reply (OP code YYY) is an extended version of the 212 widely deployed ARP Reply (OP code 2). This extension permits the 213 node's Identifier (I) values to be carried in the ARP message, in 214 addition to the node's 32-bit Locator (L32) values [ILNP-DNS]. 216 0 7 15 23 31 217 +--------+--------+--------+--------+ 218 | HT | PT | 219 +--------+--------+--------+--------+ 220 | HAL | PAL | OP | 221 +--------+--------+--------+--------+ 222 | S_HA (bytes 0-3) | 223 +--------+--------+--------+--------+ 224 | S_HA (bytes 4-5)|S_L32 (bytes 0-1)| 225 +--------+--------+--------+--------+ 226 |S_L32 (bytes 2-3)|S_I64 (bytes 0-1)| 227 +--------+--------+--------+--------+ 228 | S_I64 (bytes 2-5) | 229 +--------+--------+--------+--------+ 230 |S_ID (bytes 6-7) | T_HA (bytes 0-1)| 231 +--------+--------+--------+--------+ 232 | T_HA (bytes 3-5) | 233 +--------+--------+--------+--------+ 234 | T_L32 (bytes 0-3) | 235 +--------+--------+--------+--------+ 236 | T_I64 (bytes 0-3) | 237 +--------+--------+--------+--------+ 238 | T_I64 (bytes 4-7) | 239 +--------+--------+--------+--------+ 241 Figure 2.2: ILNPv4 ARP Reply packet format 243 In the diagram of Fig 2.2, the fields are as follows: 245 HT Hardware Type (same as for ARP; unchanged) 246 PT Protocol Type (same as for ARP; unchanged) 247 HAL Hardware Address Length (same as for ARP; unchanged) 248 PAL Protocol Address Length (uses new value 12) 249 OP Operation Code (uses new value YYY) 250 S_HA Sender Hardware Address (same as for ARP; unchanged) 251 S_L32 Sender L32 (same as Sender IPv4 address for ARP) 252 S_I64 Sender Identifier (8 bytes) 253 T_HA Target Hardware Address (same as for ARP; unchanged) 254 T_L32 Target L32 (same as Target IPv4 address for ARP) 255 T_I64 Target Identifier (8 bytes) 257 The changed OP code indicates that this is ILNPv4 and not IPv4. 258 The semantics and usage of the ILNPv4 ARP Reply are identical to 259 the existing ARP Reply (Opcode 2), except that the ILNPv4 ARP 260 Reply is sent only by nodes that support ILNPv4. 262 2.3 Operation and Implementation of ARP for ILNPv4 264 The operation of ARP for ILNPv4 is almost identical to that for 265 IPv4. Essentially, the key difference is: 267 a) where an IPv4 ARP Request would use IPv4 addresses, an 268 ILNPv4 ARP Request would use: 269 1. a 32-bit L value (_L32 suffixes in Figs 2.1 & 2.2) 270 2. a 64-bit I value (_I64 suffixes in Figs 2.1 & Fig 2.2) 272 b) where an IPv4 ARP Reply would use IPv4 addresses, an 273 ILNPv4 ARP Reply would use: 274 1. a 32-bit L value (_L32 suffixes in Figs 2.1 & 2.2) 275 2. a 64-bit I value (_I64 suffixes in Figs 2.1 & Fig 2.2) 277 As the OP codes XXX and YYY are distinct from ARP for IPv4, but 278 the packet formats are Figs 2.1 and 2.2 are, effectively, extended 279 versions of the corresponding ARP packets, it should be possible 280 to implement this extension of ARP by extending additional ARP 281 code rather than having to write new code. 283 3. SECURITY CONSIDERATIONS 285 Security considerations for the overall ILNP Architecture are 286 described in [ILNP-ARCH]. Additional common security 287 considerations applicable to ILNP are described in [ILNP-ENG]. 288 This section describes security considerations specific to the 289 specific ILNPv4 topics discussed in this document. 291 The existing widely deployed Address Resolution Protocol (ARP) for 292 IP version 4 (IPv4) is a link-layer protocol, so it is not 293 vulnerable to off-link attackers. In this way, it is a bit 294 different than IPv6 Neighbor Discovery; IPv6 ND is a subset of the 295 Internet Control Message Protocol (ICMP), which runs over the 296 Internet Protocol version 6 (IPv6). 298 However, ARP does not include any form of authentication, so 299 current ARP deployments are vulnerable to a range of attacks from 300 on-link nodes. For example, it is possible for one node on a link 301 to forge an ARP packet claiming to be from another node, thereby 302 "stealing" the other node's IPv4 address. [RFC-5227] both 303 describes several of these risks and also describes some measures 304 that an ARP implementation can use to reduce the chance of 305 accidental IPv4 address misconfiguration and also to detect such 306 misconfiguration if it should occur. 308 This extension does not change the security risks that are 309 inherent in using ARP. 311 For additional protection against on-link attackers, especially in 312 high-risk operational environments, implementation and use of the 313 IEEE standards for link-layer security [IEEE-802.1-AE] are 314 recommended. 316 4. IANA CONSIDERATIONS 318 In accordance with [RFC-5494], IANA is requested to assign new 319 Operation Codes in the Address Resolution Protocol Parameters 320 registry to the "ILNPv4 ARP Request" message (with value XXX 321 above) and to the "ILNPv4 ARP Reply" message (with value YYY) 322 above. 324 5. REFERENCES 326 This document has both Normative and Informational References. 328 5.1 Normative References 330 [ILNP-ARCH] R. Atkinson and S. Bhatti, "ILNP Architecture", 331 draft-irtf-rrg-ilnp-arch, January 2012. 333 [ILNP-ENG] R. Atkinson and S. Bhatti, "ILNP Engineering 334 Considerations", draft-irtf-rrg-ilnp-eng, January 2012. 336 [ILNP-DNS] R. Atkinson and S. Bhatti, "DNS Resource Records 337 for ILNP", draft-irtf-rrg-ilnp-dns, January 2012. 339 [ILNP-ICMPv4] R. Atkinson and S. Bhatti, "ICMP Locator Update 340 message for ILNPv4", draft-irtf-rrg-ilnp-icmpv4, 341 January 2012. 343 [ILNP-v4opts] R. Atkinson and S. Bhatti, "IPv4 Options for 344 ILNPv4", draft-irtf-rrg-ilnp-v4opts, January 2012. 346 [RFC-2119] Bradner, S., "Key words for use in RFCs to 347 Indicate Requirement Levels", BCP 14, RFC 2119, 348 March 1997. 350 [RFC-5227] S. Cheshire, "IPv4 Address Conflict Detection", 351 RFC-5227, July 2008. 353 [RFC-5494] J. Arkko & C. Pignataro, "IANA Allocation Guidelines 354 for the Address Resolution Protocol", RFC-5494, 355 April 2009. 357 [IEEE-802.1-AE] IEEE, "Media Access Control (MAC) Security", 358 IEEE Standard 802.1 AE, 18 August 2006, IEEE, 359 New York, NY, 10016, USA. 361 5.2 Informative References 363 [ILNP-NONCE6] R. Atkinson and S. Bhatti, "ILNPv6 Nonce 364 Destination Option", draft-irtf-rrg-ilnp-noncev6, 365 January 2012. 367 [ILNP-ICMPv6] R. Atkinson and S. Bhatti, "ICMPv6 Locator 368 Update Message for ILNPv6", 369 draft-irtf-rrg-ilnp-icmpv6, January 2012. 371 ACKNOWLEDGEMENTS 373 Steve Blake, Mohamed Boucadair, Noel Chiappa, Steve Hailes, Joel 374 Halpern, Mark Handley, Volker Hilt, Paul Jakma, Dae-Young Kim, 375 Tony Li, Yakov Rehkter and Robin Whittle (in alphabetical order) 376 provided review and feedback on earlier versions of the ILNP 377 document set. Steve Blake provided an especially thorough review 378 of an earlier version of the entire ILNP document set, which was 379 extremely helpful. We also wish to thank the anonymous reviewers 380 for their feedback. 382 AUTHOR'S ADDRESS 384 RJ Atkinson 385 Consultant 386 San Jose, CA, 387 95125 USA 389 Email: rja.lists@gmail.com 391 SN Bhatti 392 School of Computer Science 393 University of St Andrews 394 North Haugh, St Andrews 395 Fife, Scotland 396 KY16 9SX, UK 398 Email: saleem@cs.st-andrews.ac.uk 400 Expires: 13 JUL 2012