idnits 2.17.1 draft-irtf-rrg-ilnp-arp-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (April 16, 2012) is 4392 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Draft RJ Atkinson 3 draft-irtf-rrg-ilnp-arp-02.txt Consultant 4 Expires: 16 OCT 2012 SN Bhatti 5 Category: Experimental U. St Andrews 6 April 16, 2012 8 ARP Extension for ILNPv4 9 draft-irtf-rrg-ilnp-arp-02.txt 11 Status of this Memo 13 Distribution of this memo is unlimited. 15 Copyright (c) 2012 IETF Trust and the persons identified as the 16 document authors. All rights reserved. 18 This document is subject to BCP 78 and the IETF Trust's Legal 19 Provisions Relating to IETF Documents 20 (http://trustee.ietf.org/license-info) in effect on the date of 21 publication of this document. Please review these documents 22 carefully, as they describe your rights and restrictions with 23 respect to this document. Code Components extracted from this 24 document must include Simplified BSD License text as described in 25 Section 4.e of the Trust Legal Provisions and are provided without 26 warranty as described in the Simplified BSD License. 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 This document may contain material from IETF Documents or 32 IETF Contributions published or made publicly available 33 before November 10, 2008. The person(s) controlling the copyright 34 in some of this material may not have granted the IETF Trust the 35 right to allow modifications of such material outside the IETF 36 Standards Process. Without obtaining an adequate license from 37 the person(s) controlling the copyright in such materials, this 38 document may not be modified outside the IETF Standards Process, 39 and derivative works of it may not be created outside the IETF 40 Standards Process, except to format it for publication as an RFC 41 or to translate it into languages other than English. 43 Internet-Drafts are working documents of the Internet Engineering 44 Task Force (IETF), its areas, and its working groups. Note that 45 other groups may also distribute working documents as 46 Internet-Drafts. 48 Internet-Drafts are draft documents valid for a maximum of six 49 months and may be updated, replaced, or obsoleted by other 50 documents at any time. It is inappropriate to use Internet-Drafts 51 as reference material or to cite them other than as "work in 52 progress." 54 The list of current Internet-Drafts can be accessed at 55 http://www.ietf.org/1id-abstracts.html 57 The list of Internet-Draft Shadow Directories can be accessed at 58 http://www.ietf.org/shadow.html 60 This document is not on the IETF standards-track and does not 61 specify any level of standard. This document merely provides 62 information for the Internet community. 64 This document is part of the ILNP document set, and has had 65 extensive review within the IRTF Routing Research Group. ILNP is 66 one of the recommendations made by the RG Chairs. Separately, 67 various refereed research papers on ILNP have also been published 68 during this decade. So the ideas contained herein have had much 69 broader review than the IRTF Routing RG. The views in this 70 document were considered controversial by the Routing RG, but the 71 RG reached a consensus that the document still should be 72 published. The Routing RG has had remarkably little consensus on 73 anything, so virtually all Routing RG outputs are considered 74 controversial. 76 Abstract 78 This document defines an Address Resolution Protocol (ARP) 79 extension to support ILNP for IPv4 (ILNPv4). ILNP is is an 80 experimental, evolutionary enhancement to IP. This document is a 81 product of the IRTF Routing RG. 83 Table of Contents 85 1. Introduction............................. 86 2. ARP Extension for ILNPv4................. 87 3. Security Considerations.................. 88 4. IANA Considerations...................... 89 5. References............................... 91 1. INTRODUCTION 93 The Identifier Locator Network Protocol (ILNP) is an proposal for 94 evolving the Internet Architecture. It differs from the current 95 Internet Architecture primarily by deprecating the concept of an 96 IP Address, and instead defining two new objects, each having 97 crisp syntax and semantics. The first new object is the Locator, a 98 topology-dependent name for a subnetwork. The other new object is 99 the Identifier, which provides a topology-independent name for a 100 node. 102 1.1 ILNP Document Roadmap 104 The ILNP Architecture document [ILNP-ARCH] is the best place to 105 start reading about ILNP. ILNP has multiple instantiations. 106 [ILNP-ENG] discusses engineering and implementation aspects common 107 to all instances of ILNP. This document discusses engineering and 108 implementation details that are specific to ILNP for IPv4 109 (ILNPv4). [ILNP-DNS] describes new Domain Name System (DNS) 110 resource records used with ILNP. [ILNP-ICMPv4] defines the ICMP 111 Locator Update message used with ILNPv4. [ILNP-v4opts] defines new 112 IPv4 options for use with ILNPv4. Other documents describe ILNP 113 for IPv6 (ILNPv6) [ILNP-ICMPv6] [ILNP-NONCE6]. 115 1.2 Terminology 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL 118 NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and 119 "OPTIONAL" in this document are to be interpreted as described 120 in RFC 2119. [RFC-2119] 122 2. ARP Extensions for ILNPv4 124 ILNP for IPv4 (ILNPv4) is merely a different instantiation of the 125 ILNP architecture, so it retains the crisp distinction between the 126 Locator and the Identifier. As with ILNPv6, only the Locator 127 values are used for routing and forwarding ILNPv4 packets 128 [ILNP-ARCH]. As with ILNP for IPv6 (ILNPv6), when ILNPv4 is used 129 for a network-layer session, the upper-layer protocols (e.g. 130 TCP/UDP pseudo-header checksum, IPsec Security Association) bind 131 only to the Identifiers, never to the Locators [ILNP-ENG]. 133 However, just as the packet format for IPv4 is different to IPv6, 134 so the engineering details for ILNPv4 are different also. While 135 ILNPv6 is carefully engineered to be fully backwards-compatible 136 with IPv6 Neighbor Discovery, ILNPv4 relies upon an extended 137 version of the Address Resolution Protocol (ARP) which is defined 138 here. While ILNPv4 could have been engineered to avoid changes in 139 ARP, that would have required that the ILNPv4 Locator (i.e. L32) 140 have slightly different semantics, which was architecturally 141 undesirable. 143 The packet formats used are direct extensions of the existing 144 widely deployed ARP Request (Opcode 1) and ARP Reply (Opcode 2) 145 packet formats. This design was chosen for practical engineering 146 reasons (i.e. to maximise code reuse), rather than for maximum 147 protocol design purity. 149 We anticipate that ILNPv6 is much more likely to be widely 150 implemented and deployed than ILNPv4. However, having a clear 151 definition of ILNPv4 helps demonstrate the difference between 152 architecture and engineering, and also demonstrates that the 153 common ILNP architecture can be instantiated in different ways 154 with different existing network-layer protocols. 156 2.1 ILNPv4 ARP Request Packet Format 158 The ILNPv4 ARP Request (OP code XXX) is an extended version of the 159 widely deployed ARP Request (Opcode 1). This extension permits the 160 node's Identifier (I) values to be carried in the ARP message, in 161 addition to the node's 32-bit Locator (L32) values [ILNP-DNS]. 163 0 7 15 23 31 164 +--------+--------+--------+--------+ 165 | HT | PT | 166 +--------+--------+--------+--------+ 167 | HAL | PAL | OP | 168 +--------+--------+--------+--------+ 169 | S_HA (bytes 0-3) | 170 +--------+--------+--------+--------+ 171 | S_HA (bytes 4-5)|S_L32 (bytes 0-1)| 172 +--------+--------+--------+--------+ 173 |S_L32 (bytes 2-3)|S_I64 (bytes 0-1)| 174 +--------+--------+--------+--------+ 175 | S_I64 (bytes 2-5) | 176 +--------+--------+--------+--------+ 177 |S_ID (bytes 6-7) | T_HA (bytes 0-1)| 178 +--------+--------+--------+--------+ 179 | T_HA (bytes 3-5) | 180 +--------+--------+--------+--------+ 181 | T_L32 (bytes 0-3) | 182 +--------+--------+--------+--------+ 183 | T_I64 (bytes 0-3) | 184 +--------+--------+--------+--------+ 185 | T_I64 (bytes 4-7) | 186 +--------+--------+--------+--------+ 188 Figure 2.1: ILNPv4 ARP Request packet format 190 In the diagram of Fig 2.1, the fields are as follows: 192 HT Hardware Type (same as for ARP; unchanged) 193 PT Protocol Type (same as for ARP; unchanged) 194 HAL Hardware Address Length (same as for ARP; unchanged) 195 PAL Protocol Address Length (uses new value 12) 196 OP Operation Code (uses new value XXX) 197 S_HA Sender Hardware Address (same as for ARP; unchanged) 198 S_L32 Sender L32 (same as Sender IPv4 address for ARP) 199 S_I64 Sender Identifier (8 bytes) 200 T_HA Target Hardware Address (same as for ARP; unchanged) 201 T_L32 Target L32 (same as Target IPv4 address for ARP) 202 T_I64 Target Identifier (8 bytes) 204 The changed OP code indicates that this is ILNPv4 and not IPv4. 205 The semantics and usage of the ILNPv4 ARP Request are identical to 206 the existing ARP Request (Opcode 2), except that the ILNPv4 ARP 207 Request is sent only by nodes that support ILNPv4. 209 2.2 ILNPv4 ARP Reply Packet Format 211 The ILNPv4 ARP Reply (OP code YYY) is an extended version of the 212 widely deployed ARP Reply (OP code 2). This extension permits the 213 node's Identifier (I) values to be carried in the ARP message, in 214 addition to the node's 32-bit Locator (L32) values [ILNP-DNS]. 216 0 7 15 23 31 217 +--------+--------+--------+--------+ 218 | HT | PT | 219 +--------+--------+--------+--------+ 220 | HAL | PAL | OP | 221 +--------+--------+--------+--------+ 222 | S_HA (bytes 0-3) | 223 +--------+--------+--------+--------+ 224 | S_HA (bytes 4-5)|S_L32 (bytes 0-1)| 225 +--------+--------+--------+--------+ 226 |S_L32 (bytes 2-3)|S_I64 (bytes 0-1)| 227 +--------+--------+--------+--------+ 228 | S_I64 (bytes 2-5) | 229 +--------+--------+--------+--------+ 230 |S_ID (bytes 6-7) | T_HA (bytes 0-1)| 231 +--------+--------+--------+--------+ 232 | T_HA (bytes 3-5) | 233 +--------+--------+--------+--------+ 234 | T_L32 (bytes 0-3) | 235 +--------+--------+--------+--------+ 236 | T_I64 (bytes 0-3) | 237 +--------+--------+--------+--------+ 238 | T_I64 (bytes 4-7) | 239 +--------+--------+--------+--------+ 241 Figure 2.2: ILNPv4 ARP Reply packet format 243 In the diagram of Fig 2.2, the fields are as follows: 245 HT Hardware Type (same as for ARP; unchanged) 246 PT Protocol Type (same as for ARP; unchanged) 247 HAL Hardware Address Length (same as for ARP; unchanged) 248 PAL Protocol Address Length (uses new value 12) 249 OP Operation Code (uses new value YYY) 250 S_HA Sender Hardware Address (same as for ARP; unchanged) 251 S_L32 Sender L32 (same as Sender IPv4 address for ARP) 252 S_I64 Sender Identifier (8 bytes) 253 T_HA Target Hardware Address (same as for ARP; unchanged) 254 T_L32 Target L32 (same as Target IPv4 address for ARP) 255 T_I64 Target Identifier (8 bytes) 257 The changed OP code indicates that this is ILNPv4 and not IPv4. 258 The semantics and usage of the ILNPv4 ARP Reply are identical to 259 the existing ARP Reply (Opcode 2), except that the ILNPv4 ARP 260 Reply is sent only by nodes that support ILNPv4. 262 2.3 Operation and Implementation of ARP for ILNPv4 264 The operation of ARP for ILNPv4 is almost identical to that for 265 IPv4. Essentially, the key difference is: 267 a) where an IPv4 ARP Request would use IPv4 addresses, an 268 ILNPv4 ARP Request MUST use: 269 1. a 32-bit L value (_L32 suffixes in Figs 2.1 & 2.2) 270 2. a 64-bit I value (_I64 suffixes in Figs 2.1 & Fig 2.2) 272 b) where an IPv4 ARP Reply would use IPv4 addresses, an 273 ILNPv4 ARP Reply MUST use: 274 1. a 32-bit L value (_L32 suffixes in Figs 2.1 & 2.2) 275 2. a 64-bit I value (_I64 suffixes in Figs 2.1 & Fig 2.2) 277 As the OP codes XXX and YYY are distinct from ARP for IPv4, but 278 the packet formats are Figs 2.1 and 2.2 are, effectively, extended 279 versions of the corresponding ARP packets, it should be possible 280 to implement this extension of ARP by extending existing ARP 281 implementations rather than having to write an entirely new 282 implementation for ILNPv4. 284 3. SECURITY CONSIDERATIONS 285 Security considerations for the overall ILNP Architecture are 286 described in [ILNP-ARCH]. Additional common security 287 considerations applicable to ILNP are described in [ILNP-ENG]. 288 This section describes security considerations specific to the 289 specific ILNPv4 topics discussed in this document. 291 The existing widely deployed Address Resolution Protocol (ARP) for 292 IP version 4 (IPv4) is a link-layer protocol, so it is not 293 vulnerable to off-link attackers. In this way, it is a bit 294 different than IPv6 Neighbor Discovery; IPv6 ND is a subset of the 295 Internet Control Message Protocol (ICMP), which runs over the 296 Internet Protocol version 6 (IPv6). 298 However, ARP does not include any form of authentication, so 299 current ARP deployments are vulnerable to a range of attacks from 300 on-link nodes. For example, it is possible for one node on a link 301 to forge an ARP packet claiming to be from another node, thereby 302 "stealing" the other node's IPv4 address. [RFC-5227] both 303 describes several of these risks and also describes some measures 304 that an ARP implementation can use to reduce the chance of 305 accidental IPv4 address misconfiguration and also to detect such 306 misconfiguration if it should occur. 308 This extension does not change the security risks that are 309 inherent in using ARP. 311 In situations where additional protection against on-link 312 attackers is needed, for example within high-risk operational 313 environments, the IEEE standards for link-layer security 314 [IEEE-802.1-AE] SHOULD be implemented and deployed. 316 4. IANA CONSIDERATIONS 318 Subject to IESG Approval, consistent with the procedures of 319 [RFC-5494], IANA is requested to assign new Operation Codes in 320 the Address Resolution Protocol Parameters registry to the 321 "ILNPv4 ARP Request" message (with value XXX above) and to the 322 "ILNPv4 ARP Reply" message (with value YYY) above. 324 5. REFERENCES 326 This document has both Normative and Informational References. 328 5.1 Normative References 330 [ILNP-ARCH] R. Atkinson and S. Bhatti, "ILNP Architecture", 331 draft-irtf-rrg-ilnp-arch, March 2012. 333 [ILNP-ENG] R. Atkinson and S. Bhatti, "ILNP Engineering 334 Considerations", draft-irtf-rrg-ilnp-eng, March 2012. 336 [ILNP-DNS] R. Atkinson and S. Bhatti, "DNS Resource Records 337 for ILNP", draft-irtf-rrg-ilnp-dns, March 2012. 339 [ILNP-ICMPv4] R. Atkinson and S. Bhatti, "ICMP Locator Update 340 message for ILNPv4", draft-irtf-rrg-ilnp-icmpv4, 341 March 2012. 343 [ILNP-v4opts] R. Atkinson and S. Bhatti, "IPv4 Options for 344 ILNPv4", draft-irtf-rrg-ilnp-v4opts, March 2012. 346 [RFC-2119] Bradner, S., "Key words for use in RFCs to 347 Indicate Requirement Levels", BCP 14, RFC 2119, 348 March 1997. 350 [RFC-5227] S. Cheshire, "IPv4 Address Conflict Detection", 351 RFC-5227, July 2008. 353 [RFC-5494] J. Arkko & C. Pignataro, "IANA Allocation Guidelines 354 for the Address Resolution Protocol", RFC-5494, 355 April 2009. 357 [IEEE-802.1-AE] IEEE, "Media Access Control (MAC) Security", 358 IEEE Standard 802.1 AE, 18 August 2006, IEEE, 359 New York, NY, 10016, USA. 361 5.2 Informative References 363 [ILNP-NONCE6] R. Atkinson and S. Bhatti, "ILNPv6 Nonce 364 Destination Option", draft-irtf-rrg-ilnp-noncev6, 365 March 2012. 367 [ILNP-ICMPv6] R. Atkinson and S. Bhatti, "ICMPv6 Locator 368 Update Message for ILNPv6", 369 draft-irtf-rrg-ilnp-icmpv6, March 2012. 371 ACKNOWLEDGEMENTS 373 Steve Blake, Stephane Bortzmeyer, Mohamed Boucadair, Noel 374 Chiappa, Wes George, Steve Hailes, Joel Halpern, Mark Handley, 375 Volker Hilt, Paul Jakma, Dae-Young Kim, Tony Li, Yakov Rehkter, 376 Bruce Simpson, Robin Whittle and John Wroclawski (in alphabetical 377 order) provided review and feedback on earlier versions of this 378 document. Steve Blake provided an especially thorough review of 379 an early version of the entire ILNP document set, which was 380 extremely helpful. We also wish to thank the anonymous reviewers 381 of the various ILNP papers for their feedback. 383 RFC EDITOR NOTE 385 This section is to be removed prior to publication. 387 This document is written in English, not American. So English 388 spelling is used throughout, rather than American spelling. 389 This is consistent with existing practice in several other RFCs, 390 for example RFC-5887. 392 This document tries to be very careful with history, in the 393 interest of correctly crediting ideas to their earliest 394 identifiable author(s). So in several places the first published 395 RFC about a topic is cited rather than the most recent published 396 RFC about that topic. 398 AUTHOR'S ADDRESS 400 RJ Atkinson 401 Consultant 402 San Jose, CA, 403 95125 USA 405 Email: rja.lists@gmail.com 407 SN Bhatti 408 School of Computer Science 409 University of St Andrews 410 North Haugh, St Andrews 411 Fife, Scotland 412 KY16 9SX, UK 414 Email: saleem@cs.st-andrews.ac.uk 416 Expires: 16 OCT 2012