idnits 2.17.1 draft-irtf-rrg-ilnp-arp-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (29 May 2012) is 4348 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Draft RJ Atkinson 3 draft-irtf-rrg-ilnp-arp-06.txt Consultant 4 Expires: 29 NOV 2012 SN Bhatti 5 Category: Experimental U. St Andrews 6 29 May 2012 8 ARP Extension for ILNPv4 9 draft-irtf-rrg-ilnp-arp-06.txt 11 Status of this Memo 13 Distribution of this memo is unlimited. 15 Copyright (c) 2012 IETF Trust and the persons identified as the 16 document authors. All rights reserved. 18 This document is subject to BCP 78 and the IETF Trust's Legal 19 Provisions Relating to IETF Documents 20 (http://trustee.ietf.org/license-info) in effect on the date of 21 publication of this document. Please review these documents 22 carefully, as they describe your rights and restrictions with 23 respect to this document. Code Components extracted from this 24 document must include Simplified BSD License text as described in 25 Section 4.e of the Trust Legal Provisions and are provided without 26 warranty as described in the Simplified BSD License. 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 This document may contain material from IETF Documents or 32 IETF Contributions published or made publicly available 33 before November 10, 2008. The person(s) controlling the copyright 34 in some of this material may not have granted the IETF Trust the 35 right to allow modifications of such material outside the IETF 36 Standards Process. Without obtaining an adequate license from 37 the person(s) controlling the copyright in such materials, this 38 document may not be modified outside the IETF Standards Process, 39 and derivative works of it may not be created outside the IETF 40 Standards Process, except to format it for publication as an RFC 41 or to translate it into languages other than English. 43 Internet-Drafts are working documents of the Internet Engineering 44 Task Force (IETF), its areas, and its working groups. Note that 45 other groups may also distribute working documents as 46 Internet-Drafts. 48 Internet-Drafts are draft documents valid for a maximum of six 49 months and may be updated, replaced, or obsoleted by other 50 documents at any time. It is inappropriate to use Internet-Drafts 51 as reference material or to cite them other than as "work in 52 progress." 54 The list of current Internet-Drafts can be accessed at 55 http://www.ietf.org/1id-abstracts.html 57 The list of Internet-Draft Shadow Directories can be accessed at 58 http://www.ietf.org/shadow.html 60 This document is not on the IETF standards-track and does not 61 specify any level of standard. This document merely provides 62 information for the Internet community. 64 This document is part of the ILNP document set, and has had 65 extensive review within the IRTF Routing Research Group. ILNP is 66 one of the recommendations made by the RG Chairs. Separately, 67 various refereed research papers on ILNP have also been published 68 during this decade. So the ideas contained herein have had much 69 broader review than the IRTF Routing RG. The views in this 70 document were considered controversial by the Routing RG, but the 71 RG reached a consensus that the document still should be 72 published. The Routing RG has had remarkably little consensus on 73 anything, so virtually all Routing RG outputs are considered 74 controversial. 76 Abstract 78 This document defines an Address Resolution Protocol (ARP) 79 extension to support ILNP for IPv4 (ILNPv4). ILNP is is an 80 experimental, evolutionary enhancement to IP. This document is a 81 product of the IRTF Routing RG. 83 Table of Contents 85 1. Introduction............................. 86 2. ARP Extension for ILNPv4................. 87 3. Security Considerations.................. 88 4. IANA Considerations...................... 89 5. References............................... 91 1. INTRODUCTION 93 The Identifier Locator Network Protocol (ILNP) is a proposal for 94 evolving the Internet Architecture. It differs from the current 95 Internet Architecture primarily by deprecating the concept of an 96 IP Address, and instead defining two new objects, each having 97 crisp syntax and semantics. The first new object is the Locator, a 98 topology-dependent name for a subnetwork. The other new object is 99 the Identifier, which provides a topology-independent name for a 100 node. 102 1.1 ILNP Document Roadmap 104 The ILNP Architecture document [ILNP-ARCH] is the best place to 105 start reading about ILNP. ILNP has multiple instantiations. 106 [ILNP-ENG] discusses engineering and implementation aspects common 107 to all instances of ILNP. This document discusses engineering and 108 implementation details that are specific to ILNP for IPv4 109 (ILNPv4). [ILNP-DNS] describes new Domain Name System (DNS) 110 resource records used with ILNP. [ILNP-ICMPv4] defines the ICMP 111 Locator Update message used with ILNPv4. [ILNP-v4opts] defines new 112 IPv4 options for use with ILNPv4. Other documents describe ILNP 113 for IPv6 (ILNPv6) [ILNP-ICMPv6] [ILNP-NONCE6]. 115 1.2 Terminology 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL 118 NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and 119 "OPTIONAL" in this document are to be interpreted as described 120 in RFC 2119 [RFC2119]. 122 2. ARP Extensions for ILNPv4 124 ILNP for IPv4 (ILNPv4) is merely a different instantiation of the 125 ILNP architecture, so it retains the crisp distinction between the 126 Locator and the Identifier. As with ILNPv6, only the Locator 127 values are used for routing and forwarding ILNPv4 packets 128 [ILNP-ARCH]. As with ILNP for IPv6 (ILNPv6), when ILNPv4 is used 129 for a network-layer session, the upper-layer protocols (e.g. 130 TCP/UDP pseudo-header checksum, IPsec Security Association) bind 131 only to the Identifiers, never to the Locators [ILNP-ENG]. 133 However, just as the packet format for IPv4 is different to IPv6, 134 so the engineering details for ILNPv4 are different also. While 135 ILNPv6 is carefully engineered to be fully backwards-compatible 136 with IPv6 Neighbor Discovery, ILNPv4 relies upon an extended 137 version of the Address Resolution Protocol (ARP) [RFC826] which 138 is defined here. While ILNPv4 could have been engineered to avoid 139 changes in ARP, that would have required that the ILNPv4 Locator 140 (i.e. L32) have slightly different semantics, which was 141 architecturally undesirable. 143 The packet formats used are direct extensions of the existing 144 widely deployed ARP Request (OP code 1) and ARP Reply (OP code 2) 145 packet formats. This design was chosen for practical engineering 146 reasons (i.e. to maximise code reuse), rather than for maximum 147 protocol design purity. 149 We anticipate that ILNPv6 is much more likely to be widely 150 implemented and deployed than ILNPv4. However, having a clear 151 definition of ILNPv4 helps demonstrate the difference between 152 architecture and engineering, and also demonstrates that the 153 common ILNP architecture can be instantiated in different ways 154 with different existing network-layer protocols. 156 2.1 ILNPv4 ARP Request Packet Format 158 The ILNPv4 ARP Request is an extended version of the widely 159 deployed ARP Request (OP code 1). For experimentation purposes, 160 the ILNPv4 ARP Request OP code uses decimal value 24. It is 161 important to note that decimal value 24 is a pre-defined, 162 shared-use experimental OP code for ARP [RFC5494], and is not 163 uniquely assigned to ILNPv4 ARP Requests. The ILNPv4 ARP Request 164 extension permits the Node's Identifier (NID) values to be carried 165 in the ARP message, in addition to the node's 32-bit Locator 166 (L32) values [ILNP-DNS]. 168 0 7 15 23 31 169 +--------+--------+--------+--------+ 170 | HT | PT | 171 +--------+--------+--------+--------+ 172 | HAL | PAL | OP | 173 +--------+--------+--------+--------+ 174 | S_HA (bytes 0-3) | 175 +--------+--------+--------+--------+ 176 | S_HA (bytes 4-5)|S_L32 (bytes 0-1)| 177 +--------+--------+--------+--------+ 178 |S_L32 (bytes 2-3)|S_NID (bytes 0-1)| 179 +--------+--------+--------+--------+ 180 | S_NID (bytes 2-5) | 181 +--------+--------+--------+--------+ 182 |S_ID (bytes 6-7) | T_HA (bytes 0-1)| 183 +--------+--------+--------+--------+ 184 | T_HA (bytes 3-5) | 185 +--------+--------+--------+--------+ 186 | T_L32 (bytes 0-3) | 187 +--------+--------+--------+--------+ 188 | T_NID (bytes 0-3) | 189 +--------+--------+--------+--------+ 190 | T_NID (bytes 4-7) | 191 +--------+--------+--------+--------+ 193 Figure 2.1: ILNPv4 ARP Request packet format 195 In the diagram of Fig 2.1, the fields are as follows: 197 HT Hardware Type (*) 198 PT Protocol Type (*) 199 HAL Hardware Address Length (*) 200 PAL Protocol Address Length (uses new value 12) 201 OP Operation Code (uses experimental value OP_EXP1=24) 202 S_HA Sender Hardware Address (*) 203 S_L32 Sender L32 (* same as Sender IPv4 address for ARP) 204 S_NID Sender Node Identifier (8 bytes) 205 T_HA Target Hardware Address (*) 206 T_L32 Target L32 (* same as Target IPv4 address for ARP) 207 T_NID Target Node Identifier (8 bytes) 209 The changed OP code indicates that this is ILNPv4 and not IPv4. 210 The semantics and usage of the ILNPv4 ARP Request are identical 211 to the existing ARP Request (OP code 2), except that the ILNPv4 212 ARP Request is sent only by nodes that support ILNPv4. 214 The field descriptions marked with "*" should have the same 215 values as for ARP as used for IPv4. 217 2.2 ILNPv4 ARP Reply Packet Format 219 The ILNPv4 ARP Reply is an extended version of the widely 220 deployed ARP Reply (OP code 2). For experimentation purposes, 221 the ILNPv4 ARP Request OP code uses decimal value 25. It is 222 important to note that decimal value 25 is a pre-defined, 223 shared-use experimental OP code for ARP [RFC5494], and is not 224 uniquely assigned to ILNPv4 ARP Requests. Th ILNPv4 ARP Reply 225 extension permits the Node's Identifier (NID) values to be carried 226 in the ARP message, in addition to the node's 32-bit Locator 227 (L32) values [ILNP-DNS]. 229 0 7 15 23 31 230 +--------+--------+--------+--------+ 231 | HT | PT | 232 +--------+--------+--------+--------+ 233 | HAL | PAL | OP | 234 +--------+--------+--------+--------+ 235 | S_HA (bytes 0-3) | 236 +--------+--------+--------+--------+ 237 | S_HA (bytes 4-5)|S_L32 (bytes 0-1)| 238 +--------+--------+--------+--------+ 239 |S_L32 (bytes 2-3)|S_NID (bytes 0-1)| 240 +--------+--------+--------+--------+ 241 | S_NID (bytes 2-5) | 242 +--------+--------+--------+--------+ 243 |S_ID (bytes 6-7) | T_HA (bytes 0-1)| 244 +--------+--------+--------+--------+ 245 | T_HA (bytes 3-5) | 246 +--------+--------+--------+--------+ 247 | T_L32 (bytes 0-3) | 248 +--------+--------+--------+--------+ 249 | T_NID (bytes 0-3) | 250 +--------+--------+--------+--------+ 251 | T_NID (bytes 4-7) | 252 +--------+--------+--------+--------+ 254 Figure 2.2: ILNPv4 ARP Reply packet format 256 In the diagram of Fig 2.2, the fields are as follows: 258 HT Hardware Type (*) 259 PT Protocol Type (*) 260 HAL Hardware Address Length (*) 261 PAL Protocol Address Length (uses new value 12) 262 OP Operation Code (uses experimental value OP_EXP2=25) 263 S_HA Sender Hardware Address (*) 264 S_L32 Sender L32 (* same as Sender IPv4 address for ARP) 265 S_NID Sender Node Identifier (8 bytes) 266 T_HA Target Hardware Address (*) 267 T_L32 Target L32 (* same as Target IPv4 address for ARP) 268 T_NID Target Node Identifier (8 bytes) 270 The changed OP code indicates that this is ILNPv4 and not IPv4. 271 The semantics and usage of the ILNPv4 ARP Reply are identical to 272 the existing ARP Reply (OP code 2), except that the ILNPv4 ARP 273 Reply is sent only by nodes that support ILNPv4. 275 The field descriptions marked with "*" should have the same 276 values as for ARP as used for IPv4. 278 2.3 Operation and Implementation of ARP for ILNPv4 280 The operation of ARP for ILNPv4 is almost identical to that for 281 IPv4. Essentially, the key difference is: 283 a) where an IPv4 ARP Request would use IPv4 addresses, an 284 ILNPv4 ARP Request MUST use: 285 1. a 32-bit L32 value (_L32 suffixes in Figs 2.1 & 2.2) 286 2. a 64-bit NID value (_NID suffixes in Figs 2.1 & Fig 2.2) 288 b) where an IPv4 ARP Reply would use IPv4 addresses, an 289 ILNPv4 ARP Reply MUST use: 290 1. a 32-bit L32 value (_L32 suffixes in Figs 2.1 & 2.2) 291 2. a 64-bit NID value (_NID suffixes in Figs 2.1 & Fig 2.2) 293 As the OP codes 24 and 25 are distinct from ARP for IPv4, but 294 the packet formats are Figs 2.1 and 2.2 are, effectively, extended 295 versions of the corresponding ARP packets, it should be possible 296 to implement this extension of ARP by extending existing ARP 297 implementations rather than having to write an entirely new 298 implementation for ILNPv4. It should be emphasised, however, that 299 OP codes 24 and 25 are for experimental use as defined in [RFC5494], 300 and so it is possible that other experimental protocols could be 301 using these OP codes concurrently. 303 3. SECURITY CONSIDERATIONS 305 Security considerations for the overall ILNP Architecture are 306 described in [ILNP-ARCH]. Additional common security 307 considerations applicable to ILNP are described in [ILNP-ENG]. 308 This section describes security considerations specific to the 309 specific ILNPv4 topics discussed in this document. 311 The existing widely deployed Address Resolution Protocol (ARP) 312 for IP version 4 (IPv4) is a link-layer protocol, so it is not 313 vulnerable to off-link attackers. In this way, it is a bit 314 different than IPv6 Neighbor Discovery (ND); IPv6 ND is a subset 315 of the Internet Control Message Protocol (ICMP), which runs over 316 the Internet Protocol version 6 (IPv6). 318 However, ARP does not include any form of authentication, so 319 current ARP deployments are vulnerable to a range of attacks from 320 on-link nodes. For example, it is possible for one node on a link 321 to forge an ARP packet claiming to be from another node, thereby 322 "stealing" the other node's IPv4 address. [RFC5227] both 323 describes several of these risks and also describes some measures 324 that an ARP implementation can use to reduce the chance of 325 accidental IPv4 address misconfiguration and also to detect such 326 misconfiguration if it should occur. 328 This extension does not change the security risks that are 329 inherent in using ARP. 331 In situations where additional protection against on-link 332 attackers is needed, for example within high-risk operational 333 environments, the IEEE standards for link-layer security 334 [IEEE-802.1-AE] SHOULD be implemented and deployed. 336 Implementers of this specification need to understand that the 2 337 OP code values used for these 2 extensions are not uniquely 338 assigned to ILNPv4. Other experimenters might be using the same 339 2 OP code values at the same time for different ARP-related 340 experiments. Absent prior coordination among all users of a 341 particular IP subnetwork, different experiments might be 342 occurring on the same IP subnetwork. So implementations of these 343 2 ARP extensions ought to be especially defensively coded. 345 4. IANA CONSIDERATIONS 347 This document makes no request of IANA. 349 If in future the IETF decided to standardise ILNPv4, then 350 allocation of unique ARP OP codes for the two extensions above 351 as part of the IETF standardisation process would be sensible. 353 5. REFERENCES 355 This document has both Normative and Informational References. 357 5.1 Normative References 359 [ILNP-ARCH] R.J. Atkinson and S. Bhatti, "ILNP Architecture", 360 draft-irtf-rrg-ilnp-arch, May 2012. 362 [ILNP-ENG] R.J. Atkinson and S. Bhatti, "ILNP Engineering 363 Considerations", draft-irtf-rrg-ilnp-eng, May 2012. 365 [ILNP-DNS] R.J. Atkinson and S. Bhatti, "DNS Resource Records 366 for ILNP", draft-irtf-rrg-ilnp-dns, May 2012. 368 [ILNP-ICMPv4] R.J. Atkinson and S. Bhatti, "ICMP Locator Update 369 message for ILNPv4", draft-irtf-rrg-ilnp-icmpv4, 370 May 2012. 372 [ILNP-v4opts] R.J. Atkinson and S. Bhatti, "IPv4 Options for 373 ILNPv4", draft-irtf-rrg-ilnp-v4opts, May 2012. 375 [RFC826] D. Plummer, "An Ethernet Address Resolution Protocol", 376 RFC-826, Nov 1982. 378 [RFC2119] Bradner, S., "Key words for use in RFCs to 379 Indicate Requirement Levels", BCP 14, RFC-2119, 380 March 1997. 382 [RFC5227] S. Cheshire, "IPv4 Address Conflict Detection", 383 RFC-5227, July 2008. 385 [RFC5494] J. Arkko & C. Pignataro, "IANA Allocation Guidelines 386 for the Address Resolution Protocol", RFC-5494, 387 April 2009. 389 [IEEE-802.1-AE] IEEE, "Media Access Control (MAC) Security", 390 IEEE Standard 802.1 AE, 18 August 2006, IEEE, 391 New York, NY, 10016, USA. 393 5.2 Informative References 395 [ILNP-NONCE6] R.J. Atkinson and S.N. Bhatti, "ILNPv6 Nonce 396 Destination Option", draft-irtf-rrg-ilnp-noncev6, 397 May 2012. 399 [ILNP-ICMPv6] R.J. Atkinson and S.N. Bhatti, "ICMPv6 Locator 400 Update Message for ILNPv6", 401 draft-irtf-rrg-ilnp-icmpv6, May 2012. 403 ACKNOWLEDGEMENTS 405 Steve Blake, Stephane Bortzmeyer, Mohamed Boucadair, Noel 406 Chiappa, Wes George, Steve Hailes, Joel Halpern, Mark Handley, 407 Volker Hilt, Paul Jakma, Dae-Young Kim, Tony Li, Yakov Rehkter, 408 Bruce Simpson, Robin Whittle and John Wroclawski (in alphabetical 409 order) provided review and feedback on earlier versions of this 410 document. Steve Blake provided an especially thorough review of 411 an early version of the entire ILNP document set, which was 412 extremely helpful. We also wish to thank the anonymous reviewers 413 of the various ILNP papers for their feedback. 415 Roy Arends provided expert guidance on technical and procedural 416 aspects of DNS issues. 418 RFC EDITOR NOTE 420 This section is to be removed prior to publication. 422 Please note that this document is written in British English, so 423 British English spelling is used throughout. This is consistent 424 with existing practice in several other RFCs, for example 425 RFC-5887. 427 This document tries to be very careful with history, in the 428 interest of correctly crediting ideas to their earliest 429 identifiable author(s). So in several places the first published 430 RFC about a topic is cited rather than the most recent published 431 RFC about that topic. 433 AUTHOR'S ADDRESS 435 RJ Atkinson 436 Consultant 437 San Jose, CA, 438 95125 USA 440 Email: rja.lists@gmail.com 442 SN Bhatti 443 School of Computer Science 444 University of St Andrews 445 North Haugh, St Andrews 446 Fife, Scotland 447 KY16 9SX, UK 449 Email: saleem@cs.st-andrews.ac.uk 451 Expires: 29 NOV 2012