idnits 2.17.1 draft-templin-v6ops-pdhost-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 27, 2017) is 2558 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC0791' is defined on line 333, but no explicit reference was found in the text == Unused Reference: 'RFC2460' is defined on line 342, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 3633 (Obsoleted by RFC 8415) == Outdated reference: A later version (-82) exists of draft-templin-aerolink-74 Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group F. Templin, Ed. 3 Internet-Draft Boeing Research & Technology 4 Intended status: Informational March 27, 2017 5 Expires: September 28, 2017 7 IPv6 Prefix Delegation for Hosts 8 draft-templin-v6ops-pdhost-05.txt 10 Abstract 12 IPv6 prefixes are typically delegated to requesting routers which 13 then use them to number their downstream-attached links and networks. 14 The requesting router then acts as a router between the downstream- 15 attached hosts and the upstream Internetwork, and can also act as a 16 host under the weak end system model. This document considers the 17 case when the "requesting router" is actually a simple host which 18 receives a delegated prefix that it can use solely for its own 19 internal multi-addressing purposes under the strong end system model. 20 This method can be applied in a wide variety of use cases to allow 21 ample address availability without impacting link performance. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on September 28, 2017. 40 Copyright Notice 42 Copyright (c) 2017 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 59 3. Multi-Addressing Considerations . . . . . . . . . . . . . . . 5 60 4. Multi-Addressing Alternatives for Delegated Prefixes . . . . 5 61 5. MLD/DAD Implications . . . . . . . . . . . . . . . . . . . . 6 62 6. IPv6 Neighbor Discovery Implications . . . . . . . . . . . . 7 63 7. "Mixed Mode" Implications . . . . . . . . . . . . . . . . . . 7 64 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 65 9. Security Considerations . . . . . . . . . . . . . . . . . . . 7 66 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 67 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 68 11.1. Normative References . . . . . . . . . . . . . . . . . . 8 69 11.2. Informative References . . . . . . . . . . . . . . . . . 9 70 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9 72 1. Introduction 74 IPv6 Prefix Delegation (PD) entails 1) the communication of a prefix 75 from a delegating authority to a requesting node, 2) a representation 76 of the prefix in the routing system, and 3) a control messaging 77 service to maintain delegated prefix lifetimes. Following 78 delegation, the prefix is available for the requesting node's 79 exclusive use and is not shared with any other nodes. An example 80 IPv6 PD service is DHCPv6 PD [RFC3315][RFC3633]. 82 Using services such as DHCPv6 PD, a Delegating Router 'D' delegates a 83 prefix 'P' to a Requesting Node 'R'' as shown in Figure 1: 85 +---------------------+ 86 |Delegating Router 'D'| 87 | (Delegate 'P') | 88 +----------+----------+ 89 | 90 .-(::::::::) 91 .-(:::: IP ::::)-. 92 (:: Internetwork ::) 93 `-(::::::::::::)-' 94 `-(::::::)-' 95 | WAN Interface 96 +----------+----------+ 97 | (Receive 'P') | 98 | Requesting Node 'R'| 99 +----------+----------+ 100 | LAN Interface 101 X----+-------------+--------+----+---------------+---X 102 | | LAN | | 103 +---++-+--+ +---++-+--+ +---++-+--+ +---++-+--+ 104 | |A1| | | |A2| | | |A3| | | |An| | 105 | +--+ | | +--+ | | +--+ | | +--+ | 106 | Host H1 | | Host H2 | | Host H3 | ... | Host Hn | 107 +---------+ +---------+ +---------+ +---------+ 109 Figure 1: Prefix Delegation Model 111 In this figure, when Delegating Router 'D' delegates prefix 'P', the 112 prefix is injected into the routing system in some fashion to ensure 113 that IPv6 packets with destination addresses covered by 'P' are 114 unconditionally forwarded to Requesting Node 'R'. Meanwhile, 'R' 115 receives 'P' via its "WAN" interface and sub-delegates 'P' to its 116 downstream-attached links via one or more "LAN" interfaces. Hosts 117 'Hn' on a LAN interface subsequently receive addresses 'An' taken 118 from 'P' via an address autoconfiguration service such as IPv6 119 Stateless Address Autoconfiguration (SLAAC) [RFC4862]. 'R' then acts 120 as a router between hosts 'Hn' and correspondents reachable via the 121 WAN interface. 'R' can also (or instead) act as a host under the 122 weak end system model [RFC1122] if it can assign addresses taken from 123 'P' to its own internal virtual interfaces (e.g., a loopback). 125 This document considers the case when 'R' is actually a simple host, 126 and receives a prefix delegation 'P' as if it were a router. The 127 host need not have any LAN interfaces, and can use the prefix solely 128 for its own internal addressing purposes. This could include 129 assigning IPv6 adddresses taken from prefix 'P' to the WAN interface 130 and then functioning as a host under the strong end system model 131 [RFC1122] as shown in Figure 2: 133 +---------------------+ 134 |Delegating Router 'D'| 135 | (Delegate 'P') | 136 +----------+----------+ 137 | 138 .-(::::::::) 139 .-(:::: IP ::::)-. 140 (:: Internetwork ::) 141 `-(::::::::::::)-' 142 `-(::::::)-' 143 | WAN Interface 144 +--+-+--+-++-+-----+--+ 145 |A1| |A2| |A3| ... |An| 146 +--+ +--+ +--+ +--+ 147 | (Receive 'P') | 148 | Requesting Node 'R' | 149 +---------------------+ 151 Figure 2: Strong End System Model 153 In the above diagram, Requesting Node 'R' receives prefix 'P' from 154 Delegating Router 'D' the same as described above. However, when 'R' 155 receives 'P' it assigns addresses 'An' taken from 'P' to the WAN 156 interface instead of sub-delegating 'P' to downstream attached LAN 157 interfaces. The major benefit for a host managing a delegated prefix 158 in this fashion is multi-addressing. With multi-addressing, the host 159 can assign an unlimited supply of addresses to make them available 160 for local applicaitons without requiring coordination with any other 161 nodes. 163 This approach is applicable to a wide variety of use cases. For 164 example, it can be used to coordinate the Virtual Private Network 165 (VPN) interfaces of mobile devices (e.g., cellphones, tablets, laptop 166 computers, etc.) that connect into a home enterprise network via 167 public access networks. In that case, the mobile device can assign 168 addresses taken from prefix 'P' to the VPN interface so that 169 applications would work the same as for a simple host connected to a 170 LAN. The approach can also be applied to aviation applications for 171 both manned and unmanned aircraft where the aircraft is treated as a 172 mobile host that needs to maintain stable IPv6 addresses even as it 173 hands off between available aviation data links across various phases 174 of flight. The approach further applies to any prefix delegation use 175 case where the prefix recipient wishes to act as a simple host, for 176 example a cellular service customer device that receives a prefix 177 delegation from their service provider. 179 The following sections present multi-addressing considerations for 180 hosts that employ prefix delegation mechanisms. 182 2. Terminology 184 The terminology of the normative references apply. The following 185 terms are defined for the purposes of this document: 187 shared prefix 188 an IPv6 prefix that may be advertised to more than one node on the 189 same link, e.g., in a Prefix Information Option (PIO) included in 190 a Router Advertisement (RA) message [RFC4861]. The shared prefix 191 property applies not only on multi-access links (e.g., Ethernet), 192 but also on point-to-point links where the shared prefix is 193 visible to both ends of the link. 195 delegated prefix 196 a prefix that is delegated to a requesting node solely for its own 197 use, and is not delegated to any other nodes on the link. 199 3. Multi-Addressing Considerations 201 IPv6 allows nodes to assign multiple addresses to a single interface. 202 [I-D.ietf-v6ops-host-addr-availability] discusses options for multi- 203 addressing as well as use cases where multi-addressing may be 204 desirable. Address configuration options for multi-addressing 205 include SLAAC [RFC4862], stateful DHCPv6 address configuration 206 [RFC3315] and any other address formation methods (e.g., manual 207 configuration). 209 Nodes that use SLAAC and DHCPv6 address configuration configure 210 addresses from a shared prefix and assign them to the link over which 211 the prefix was received. When this happens, the node is obliged to 212 use Multicast Listener Discovery (MLD) to join the appropriate 213 solicited-node multicast group(s) and to use the Duplicate Address 214 Detection (DAD) algorithm [RFC4862] to ensure that no other node that 215 receives the shared prefix configures a duplicate address. 217 In contrast, a node that uses address configuration from a delegated 218 prefix can assign addresses to the interface over which the prefix is 219 received without invoking MLD/DAD, since the prefix has been 220 delegated to the node for its own exclusive use and is not shared 221 with any other nodes. 223 4. Multi-Addressing Alternatives for Delegated Prefixes 225 When a node receives a prefix delegation, it has many alternatives 226 for the way in which it can provision the prefix. [RFC7278] 227 discusses alternatives for provisioning a prefix obtained by a User 228 Equipment (UE) device under the 3rd Generation Partnership Program 229 (3GPP) service model. This document considers the more general case 230 when the node receives a prefix delegation in which the prefix is 231 delegated for the exclusive use of the prefix recipient. 233 When the node receives the prefix (e.g., a /64), it can sub-delegate 234 the prefix to its LAN interfaces and configure one or more addresses 235 for itself on a LAN interface. The node also configures a default 236 route that points to a router on the WAN link. The node can then act 237 as both a host for its own applications accodring to the weak end 238 system model and a router for any downstream-attached hosts. This 239 approach is often known as the "tethered" configuration. 241 When the node does not have any LAN interfaces, it may still wish to 242 obtain a prefix for multi-addressing purposes. In a first 243 alternative, the node can receive the prefix acting as a requesting 244 node over the WAN interface but then assign the prefix to an internal 245 virtual interface (e.g., a loopback interface) and assign one or more 246 addresses taken from the prefix to the virtual interface. In that 247 case, applications on the node can use the assigned addresses 248 according to the weak end system model. 250 In a second alternative, the node can receive the prefix as a 251 requesting node over the WAN interface but then assign one or more 252 addresses taken from the prefix to the WAN interface. In that case, 253 applications on the node can use the assigned addresses according to 254 the strong end system model as shown in Figure 2. 256 In both of these latter two cases, the node acts as a host internally 257 even though it behaves as a router from the standpoint of prefix 258 delegation and neighbor discovery over the WAN interface. The host 259 can configure as many addresses for itself as it wants. 261 5. MLD/DAD Implications 263 When a node configures addresses for itself using either SLAAC or 264 DHCPv6 from a shared prefix, the node performs MLD/DAD by sending 265 multicast messages to test whether there is another node on the link 266 that configures a duplicate address from the shared prefix. When 267 there are many such addresses and/or many such nodes, this could 268 result in substantial multicast traffic that affects all nodes on the 269 link. 271 When a node configures addresses for itself using a delegated prefix, 272 the node can configure as many addresses as it wants but does not 273 perform MLD/DAD for any of the addresses over the WAN interface. 274 This means that arbitrarily many addresses can be assigned without 275 causing any multicast messaging over the WAN link that could disturb 276 other nodes. Note however that nodes that assign addresses directly 277 to the WAN interface must be capable of disabling MLD/DAD on the WAN 278 interface, i.e., by setting DupAddrDetectTransmits to zero [RFC4862]. 280 6. IPv6 Neighbor Discovery Implications 282 The node acts as a simple host to send Router Solicitation messages 283 over the WAN interface the same as described in Section 4.2 of 284 [RFC7084]. 286 In order to maintain the appearance of a router (i.e., even though it 287 is acting as a simple host), the node sets the "Router" flag to TRUE 288 in any Neighbor Advertisement messages it sends. This ensures that 289 the "isRouter" flag in the neighbor cache entries of any neighbors 290 remains TRUE. 292 The node initially has only a default route pointing to a router on 293 the WAN link. This means that packets sent over the node's WAN 294 interface will initially go through a default router even if there is 295 a better first-hop node on the link. In that case,a Redirect message 296 can update the node's neighbor cache, and future packets can take the 297 more direct route without disturbing the default router. The 298 Redirect can apply either to a singleton destination address, or to 299 an entire destination prefix as described in AERO 300 [I-D.templin-aerolink]. 302 7. "Mixed Mode" Implications 304 In some instances, a node may receive both delegated and shared 305 prefixes. In that case, the node could avoid MLD/DAD for addresses 306 configured from the delegated prefixes and employ MLD/DAD for 307 addresses configured from he shared prefixes. Note however that 308 since DupAddrDetectTransmits applies on a per-interface (and not a 309 per-prefix) basis any such considerations are out of scope since this 310 document does not update any standards-track specifications. 312 8. IANA Considerations 314 This document introduces no IANA considerations. 316 9. Security Considerations 318 Security considerations are the same as specified for DHCPv6 Prefix 319 Delegation in [RFC3633]. 321 10. Acknowledgements 323 This work was motivated by recent discussions on the v6ops list. 324 Mark Smith pointed out the need to consider MLD as well as DAD for 325 the assignment of addresses to interfaces. Ricardo Pelaez-Negro, 326 Edwin Cordeiro, Fred Baker and Naveen Lakshman provided useful 327 comments that have greatly improved the draft. 329 11. References 331 11.1. Normative References 333 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 334 DOI 10.17487/RFC0791, September 1981, 335 . 337 [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - 338 Communication Layers", STD 3, RFC 1122, 339 DOI 10.17487/RFC1122, October 1989, 340 . 342 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 343 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, 344 December 1998, . 346 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 347 C., and M. Carney, "Dynamic Host Configuration Protocol 348 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 349 2003, . 351 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 352 Host Configuration Protocol (DHCP) version 6", RFC 3633, 353 DOI 10.17487/RFC3633, December 2003, 354 . 356 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 357 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 358 DOI 10.17487/RFC4861, September 2007, 359 . 361 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 362 Address Autoconfiguration", RFC 4862, 363 DOI 10.17487/RFC4862, September 2007, 364 . 366 [RFC7084] Singh, H., Beebee, W., Donley, C., and B. Stark, "Basic 367 Requirements for IPv6 Customer Edge Routers", RFC 7084, 368 DOI 10.17487/RFC7084, November 2013, 369 . 371 [RFC7278] Byrne, C., Drown, D., and A. Vizdal, "Extending an IPv6 372 /64 Prefix from a Third Generation Partnership Project 373 (3GPP) Mobile Interface to a LAN Link", RFC 7278, 374 DOI 10.17487/RFC7278, June 2014, 375 . 377 11.2. Informative References 379 [I-D.ietf-v6ops-host-addr-availability] 380 Colitti, L., Cerf, D., Cheshire, S., and d. 381 dschinazi@apple.com, "Host address availability 382 recommendations", draft-ietf-v6ops-host-addr- 383 availability-07 (work in progress), May 2016. 385 [I-D.templin-aerolink] 386 Templin, F., "Asymmetric Extended Route Optimization 387 (AERO)", draft-templin-aerolink-74 (work in progress), 388 November 2016. 390 Author's Address 392 Fred L. Templin (editor) 393 Boeing Research & Technology 394 P.O. Box 3707 395 Seattle, WA 98124 396 USA 398 Email: fltemplin@acm.org