idnits 2.17.1 draft-templin-v6ops-pdhost-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 338: '... According to [RFC4443], routers SHOULD return DU messages (subject to...' RFC 2119 keyword, line 344: '... According to [RFC4443], hosts SHOULD return DU messages (subject to...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 22, 2017) is 2405 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC0791' is defined on line 390, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 3633 (Obsoleted by RFC 8415) == Outdated reference: A later version (-08) exists of draft-templin-6man-rio-redirect-04 Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group F. Templin, Ed. 3 Internet-Draft Boeing Research & Technology 4 Intended status: Informational September 22, 2017 5 Expires: March 26, 2018 7 IPv6 Prefix Delegation for End Systems 8 draft-templin-v6ops-pdhost-10.txt 10 Abstract 12 IPv6 prefixes are typically delegated to requesting routers which 13 then use them to number their downstream-attached links and networks. 14 This document considers the case when the requesting router is an end 15 system which receives a delegated prefix that it can use for its own 16 sub-delegation and/or multi-addressing purposes. 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at https://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on March 26, 2018. 35 Copyright Notice 37 Copyright (c) 2017 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (https://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 53 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 54 3. Multi-Addressing Considerations . . . . . . . . . . . . . . . 6 55 4. Multi-Addressing Alternatives for Delegated Prefixes . . . . 6 56 5. MLD/DAD Implications . . . . . . . . . . . . . . . . . . . . 7 57 6. Dynamic Routing Protocol Implications . . . . . . . . . . . . 7 58 7. IPv6 Neighbor Discovery Implications . . . . . . . . . . . . 8 59 8. ICMPv6 Implications . . . . . . . . . . . . . . . . . . . . . 8 60 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 61 10. Security Considerations . . . . . . . . . . . . . . . . . . . 9 62 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 63 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 64 12.1. Normative References . . . . . . . . . . . . . . . . . . 9 65 12.2. Informative References . . . . . . . . . . . . . . . . . 10 66 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11 68 1. Introduction 70 IPv6 Prefix Delegation (PD) entails 1) the communication of a prefix 71 from a delegating router to a requesting router, 2) a representation 72 of the prefix in the delegating router's routing table, and 3) a 73 control messaging service between the delegating and requesting 74 routers to maintain prefix lifetimes. Following delegation, the 75 prefix is available for the requesting router's exclusive use and is 76 not shared with any other nodes. An example IPv6 PD service is the 77 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) 78 [RFC3315][RFC3633]. 80 This document considers the case when the requesting router is 81 actually an end system (ES) that can act as a router on behalf of its 82 downstream networks and as a host on behalf of its local 83 applications. The following paragraphs present possibilities for ES 84 behavior upon receipt of a delegated prefix. 86 For ESes that connect downstream-attached (aka "tethered") networks, 87 a Delegating Router 'D' delegates a prefix 'P' to a Requesting ES 'R' 88 as shown in Figure 1: 90 +---------------------+ 91 |Delegating Router 'D'| 92 | (Delegate 'P') | 93 +----------+----------+ 94 | 95 | Upstream link 96 | 97 +----------+----------+ 98 | Upstream Interface | 99 +---------------------+ 100 | | 101 | Requesting ES 'R' | 102 | (Receive 'P') | 103 | | 104 +---------------------+ 105 | Downstream Interface| 106 +--+-+--+-+--+-----+--+ 107 |A1| |A2| |A3| ... |An| 108 +--+-+--+-++-+-----+--+ 109 | 110 | Downstream link 111 | 112 X----+-------------+--------+----+---------------+---X 113 | | | | 114 +---++-+--+ +---++-+--+ +---++-+--+ +---++-+--+ 115 | |X1| | | |X2| | | |X3| | | |Xn| | 116 | +--+ | | +--+ | | +--+ | | +--+ | 117 | Host H1 | | Host H2 | | Host H3 | ... | Host Hn | 118 +---------+ +---------+ +---------+ +---------+ 120 <-------------- Tethered Network -------------> 122 Figure 1: Classic Routing End System Model 124 In this figure, when Delegating Router 'D' delegates prefix 'P', it 125 inserts 'P' into its routing table with Requesting ES 'R' as the next 126 hop. Meanwhile, 'R' receives 'P' via an upstream interface and sub- 127 delegates 'P' to its downstream external (physical) and/or internal 128 (virtual) networks. R assigns addresses 'A(i)' taken from 'P' to 129 downstream interfaces, and Hosts 'H(i)' on downstream networks assign 130 addresses 'X(i)' taken from 'P' to their interface connections to the 131 downstream link. 'R' then acts as a router between hosts 'H(i)' on 132 downstream links and correspondents reachable via other interfaces. 134 This document also considers the case when 'R' does not have any 135 physical downstream interfaces, and can use 'P' solely for its own 136 internal addressing purposes. In that case, 'R' assigns 'P' to a 137 virtual interface (e.g., a loopback), and acts as a router that 138 forwards packets between the upstream and virtual interfaces. 140 'R' can then function under the weak end system model 141 [RFC1122][RFC8028] by assigning addresses taken from 'P' to a virtual 142 interface as shown in Figure 2: 144 +---------------------+ 145 |Delegating Router 'D'| 146 | (Delegate 'P') | 147 +----------+----------+ 148 | 149 | Upstream link 150 | 151 +----------+----------+ 152 | Upstream Interface | 153 +---------------------+ 154 | | 155 | Requesting ES 'R' | 156 | (Receive 'P') | 157 | | 158 +---------------------+ 159 | Virtual Interface | 160 +--+-+--+-+--+-----+--+ 161 |A1| |A2| |A3| ... |An| 162 +--+-+--+-+--+-----+--+ 164 Figure 2: Weak End System Model 166 'R' could instead function under the strong end system model 167 [RFC1122][RFC8028] by assigning IPv6 addresses taken from 'P' to an 168 upstream interface as shown in Figure 3: 170 +---------------------+ 171 |Delegating Router 'D'| 172 | (Delegate 'P') | 173 +----------+----------+ 174 | 175 | Upstream link 176 | 177 +----------+----------+ 178 | Upstream Interface | 179 +--+-+--+-+--+-----+--+ 180 |A1| |A2| |A3| ... |An| 181 +--+-+--+-+--+-----+--+ 182 | | 183 | Requesting ES 'R' | 184 | (Receive 'P') | 185 | | 186 +---------------------+ 187 | Virtual Interface | 188 +---------------------+ 190 Figure 3: Strong End System Model 192 The major benefit for an ES managing a delegated prefix in either the 193 weak or strong end system models is multi-addressing. With multi- 194 addressing, the ES can configure an unlimited supply of addresses to 195 make them available for local applications without requiring 196 coordination with any other nodes on upstream interfaces. 198 The following sections present considerations for ESes that employ 199 prefix delegation mechanisms. 201 2. Terminology 203 The terminology of the normative references apply. The following 204 terms are defined for the purposes of this document: 206 node, host, router 207 the same as defined in [RFC8200]. 209 End System (ES) 210 a node that acts as a host on behalf of its local applications and 211 as a router on behalf of its downstream interface(s), but does not 212 forward packets received on an upstream interface via the same or 213 a different upstream interface (see: Security Considerations). 215 shared prefix 216 an IPv6 prefix that may be advertised to more than one node on the 217 link, e.g., in a Router Advertisement (RA) message Prefix 218 Information Option (PIO) [RFC4861]. 220 individual prefix 221 an IPv6 prefix that is advertised to exactly one node on the link 222 (e.g., in an RA PIO), where the node is a passive recipient of the 223 prefix. 225 delegated prefix 226 an IPv6 prefix that is conveyed to an ES for its own exclusive 227 use, where the ES is an active participant in the prefix 228 delegation and maintenance procedures. 230 3. Multi-Addressing Considerations 232 IPv6 allows nodes to assign multiple addresses to a single interface. 233 [RFC7934] discusses options for multi-addressing as well as use cases 234 where multi-addressing may be desirable. Address configuration 235 options for multi-addressing include StateLess Address 236 AutoConfiguration (SLAAC) [RFC4862], stateful DHCPv6 address 237 configuration [RFC3315], manual configuration, etc. 239 ESes configure addresses from a shared or individual prefix and 240 assign them to the upstream interface over which the prefix was 241 received. When it assigns the addresses, the ES is required to use 242 Multicast Listener Discovery (MLD) [RFC3810] to join the appropriate 243 solicited-node multicast group(s) and to use the Duplicate Address 244 Detection (DAD) algorithm [RFC4862] to ensure that no other node 245 configures a duplicate address. 247 In contrast, an ES that uses address configuration from a delegated 248 prefix can assign addresses without invoking MLD/DAD on an upstream 249 interface, since the prefix has been delegated to the ES for its own 250 exclusive use and is not shared with any other nodes. 252 4. Multi-Addressing Alternatives for Delegated Prefixes 254 When an ES receives a prefix delegation, it has many alternatives for 255 provisioning the prefix. [RFC7278] discusses alternatives for 256 provisioning a prefix obtained by a User Equipment (UE) device under 257 the 3rd Generation Partnership Program (3GPP) service model. This 258 document considers the more general case when the ES receives a 259 prefix delegation in which the prefix is explicitly delegated for its 260 own exclusive use. 262 When the ES receives the prefix, it can distribute the prefix to 263 downstream interfaces and configure one or more addresses for itself 264 on downstream interfaces. The ES then acts as a router on behalf of 265 its downstream-attached networks and configures a default route via a 266 neighbor on an upstream interface. 268 The ES could instead (or in addition) use portions of the delegated 269 prefix for its own multi-addressing purposes. In a first 270 alternative, the ES can assign the prefix to a virtual interface and 271 assign one or more addresses taken from the prefix to virtual 272 interfaces. In that case, ES applications can use the assigned 273 addresses according to the weak end system model. 275 In a second alternative, the ES can assign the prefix to a virtual 276 interface and assign one or more addresses taken from the prefix to 277 the upstream interface over which the prefix was received. In that 278 case, ES applications can use the assigned addresses according to the 279 strong end system model. 281 In both of these latter two cases, the ES acts as a host on behalf of 282 its local applications and as a router from the standpoint of packet 283 forwarding, prefix delegation and neighbor discovery over upstream 284 interfaces. The ES can configure as many addresses for itself as it 285 wants. 287 5. MLD/DAD Implications 289 When an ES configures addresses for itself from a shared or 290 individual prefix, the ES performs MLD/DAD by sending multicast 291 messages over upstream interfaces to test whether there is another 292 node on the link that configures a duplicate address. When there are 293 many such addresses and/or many such nodes, this could result in 294 substantial multicast traffic that affects all nodes on the link. 296 When an ES configures addresses for itself from a delegated prefix, 297 the ES can configure as many addresses as it wants but does not 298 perform MLD/DAD for any of the addresses over upstream interfaces. 299 This means that the ES can configure arbitrarily many addresses 300 without causing any multicast messaging over the upstream interface 301 that could disturb other nodes. 303 6. Dynamic Routing Protocol Implications 305 The ES can be configured to either participate or not participate in 306 a dynamic routing protocol over the upstream interface, according to 307 the deployment model. When there are many ESes on the upstream link, 308 dynamic routing protocol participation might be impractical due to 309 scaling limitations, and may also be exacerbated by factors such as 310 ES mobility. 312 Unless it participates in a dynamic routing protocol, the ES 313 initially has only a default route pointing to a neighbor via an 314 upstream interface. This means that packets sent by the ES over an 315 upstream interface will initially go through a default router even if 316 there is a better first-hop node on the link. 318 7. IPv6 Neighbor Discovery Implications 320 The ES acts as a simple host to send Router Solicitation (RS) 321 messages over upstream interfaces (i.e., the same as described in 322 Section 4.2 of [RFC7084]) but also sets the "Router" flag to TRUE in 323 any Neighbor Advertisement messages it sends. The ES does not send 324 RA messages over upstream interfaces. 326 The current first-hop router may send a Redirect message that updates 327 the ES's neighbor cache so that future packets can use a better 328 first-hop node on the link. The Redirect can apply either to a 329 singleton destination address, or to an entire destination prefix as 330 described in [I-D.templin-6man-rio-redirect]. 332 8. ICMPv6 Implications 334 The Internet Control Message Protocol for IPv6 (ICMPv6) includes a 335 set of control message types [RFC4443] including Destination 336 Unreachable (DU). 338 According to [RFC4443], routers SHOULD return DU messages (subject to 339 rate limiting) with code 0 ("No route to destination") when a packet 340 arrives for which there is no matching entry in the routing table, 341 and with code 3 ("Address unreachable") when the IPv6 destination 342 address cannot be resolved. 344 According to [RFC4443], hosts SHOULD return DU messages (subject to 345 rate limiting) with code 3 to internal applications when the IPv6 346 destination address cannot be resolved, and with code 4 ("Port 347 unreachable") if the IPv6 destination address is one of its own 348 addresses but the transport protocol has no listener. 350 An ES that obtains and manages a prefix delegation per this document 351 observes the same procedures as described for both routers and hosts 352 above. 354 9. IANA Considerations 356 This document introduces no IANA considerations. 358 10. Security Considerations 360 Security considerations for IPv6 Neighbor Discovery [RFC4861] and any 361 applicable prefix delegation mechanisms apply to this document. 363 Additionally, the ES may receive unwanted IPv6 packets via an 364 upstream interface that match a delegated prefix but do not match a 365 configured IPv6 address. In that case, the ES drops the packets and 366 observes the "Destination Unreachable - Address unreachable" 367 procedures in Section 8. 369 The ES may also receive IPv6 packets via an upstream interface that 370 do not match any of the ES's delegated prefixes. In that case, the 371 ES drops the packets and observes the "Destination Unreachable - No 372 route to destination" procedures in Section 8. This is necessary to 373 avoid reflection attacks that would cause the ES to forward packets 374 received from an upstream interface via the same or a different 375 upstream interface. 377 11. Acknowledgements 379 This work was motivated by recent discussions on the v6ops list. 380 Mark Smith pointed out the need to consider MLD as well as DAD for 381 the assignment of addresses to interfaces. Ricardo Pelaez-Negro, 382 Edwin Cordeiro, Fred Baker, Naveen Lakshman, Ole Troan, Bob Hinden, 383 Brian Carpenter, Joel Halpern and Albert Manfredi provided useful 384 comments that have greatly improved the document. 386 12. References 388 12.1. Normative References 390 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 391 DOI 10.17487/RFC0791, September 1981, 392 . 394 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 395 C., and M. Carney, "Dynamic Host Configuration Protocol 396 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 397 2003, . 399 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 400 Host Configuration Protocol (DHCP) version 6", RFC 3633, 401 DOI 10.17487/RFC3633, December 2003, 402 . 404 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 405 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 406 DOI 10.17487/RFC3810, June 2004, 407 . 409 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 410 Control Message Protocol (ICMPv6) for the Internet 411 Protocol Version 6 (IPv6) Specification", STD 89, 412 RFC 4443, DOI 10.17487/RFC4443, March 2006, 413 . 415 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 416 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 417 DOI 10.17487/RFC4861, September 2007, 418 . 420 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 421 Address Autoconfiguration", RFC 4862, 422 DOI 10.17487/RFC4862, September 2007, 423 . 425 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 426 (IPv6) Specification", STD 86, RFC 8200, 427 DOI 10.17487/RFC8200, July 2017, 428 . 430 12.2. Informative References 432 [I-D.templin-6man-rio-redirect] 433 Templin, F. and j. woodyatt, "Route Information Options in 434 IPv6 Neighbor Discovery", draft-templin-6man-rio- 435 redirect-04 (work in progress), August 2017. 437 [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - 438 Communication Layers", STD 3, RFC 1122, 439 DOI 10.17487/RFC1122, October 1989, 440 . 442 [RFC7084] Singh, H., Beebee, W., Donley, C., and B. Stark, "Basic 443 Requirements for IPv6 Customer Edge Routers", RFC 7084, 444 DOI 10.17487/RFC7084, November 2013, 445 . 447 [RFC7278] Byrne, C., Drown, D., and A. Vizdal, "Extending an IPv6 448 /64 Prefix from a Third Generation Partnership Project 449 (3GPP) Mobile Interface to a LAN Link", RFC 7278, 450 DOI 10.17487/RFC7278, June 2014, 451 . 453 [RFC7934] Colitti, L., Cerf, V., Cheshire, S., and D. Schinazi, 454 "Host Address Availability Recommendations", BCP 204, 455 RFC 7934, DOI 10.17487/RFC7934, July 2016, 456 . 458 [RFC8028] Baker, F. and B. Carpenter, "First-Hop Router Selection by 459 Hosts in a Multi-Prefix Network", RFC 8028, 460 DOI 10.17487/RFC8028, November 2016, 461 . 463 Author's Address 465 Fred L. Templin (editor) 466 Boeing Research & Technology 467 P.O. Box 3707 468 Seattle, WA 98124 469 USA 471 Email: fltemplin@acm.org