idnits 2.17.1 draft-templin-v6ops-pdhost-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 330: '... According to [RFC4443], routers SHOULD return DU messages (subject to...' RFC 2119 keyword, line 336: '... According to [RFC4443], hosts SHOULD return DU messages (subject to...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 27, 2017) is 2400 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC0791' is defined on line 392, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 3633 (Obsoleted by RFC 8415) == Outdated reference: A later version (-08) exists of draft-templin-6man-rio-redirect-04 Summary: 3 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group F. Templin, Ed. 3 Internet-Draft Boeing Research & Technology 4 Intended status: Informational September 27, 2017 5 Expires: March 31, 2018 7 IPv6 Prefix Delegation for Hosts That Act Like Routers 8 draft-templin-v6ops-pdhost-11.txt 10 Abstract 12 IPv6 prefixes are typically delegated to requesting routers which 13 then use them to number their downstream-attached links and networks. 14 This document considers the case of hosts that act like routers to 15 receive delegated prefixes that they can use for their own sub- 16 delegation and/or multi-addressing purposes. 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at https://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on March 31, 2018. 35 Copyright Notice 37 Copyright (c) 2017 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (https://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 53 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 54 3. Multi-Addressing Considerations . . . . . . . . . . . . . . . 6 55 4. Multi-Addressing Alternatives for Delegated Prefixes . . . . 6 56 5. MLD/DAD Implications . . . . . . . . . . . . . . . . . . . . 7 57 6. Dynamic Routing Protocol Implications . . . . . . . . . . . . 7 58 7. IPv6 Neighbor Discovery Implications . . . . . . . . . . . . 7 59 8. ICMPv6 Implications . . . . . . . . . . . . . . . . . . . . . 8 60 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 61 10. Security Considerations . . . . . . . . . . . . . . . . . . . 8 62 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 63 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 64 12.1. Normative References . . . . . . . . . . . . . . . . . . 9 65 12.2. Informative References . . . . . . . . . . . . . . . . . 10 66 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11 68 1. Introduction 70 IPv6 Prefix Delegation (PD) entails 1) the communication of a prefix 71 from a delegating router to a requesting router, 2) a representation 72 of the prefix in the delegating router's routing table, and 3) a 73 control messaging service between the delegating and requesting 74 routers to maintain prefix lifetimes. Following delegation, the 75 prefix is available for the requesting router's exclusive use and is 76 not shared with any other nodes. An example IPv6 PD service is the 77 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) 78 [RFC3315][RFC3633]. 80 This document considers the case when the requesting router is a node 81 that acts as a host on behalf of its local applications and as a 82 router on behalf of its downstream networks. The following 83 paragraphs present possibilities for node behavior upon receipt of a 84 delegated prefix. 86 For nodes that connect downstream-attached (aka "tethered") networks, 87 a Delegating Router 'D' delegates a prefix 'P' to a Requesting node 88 'R' as shown in Figure 1: 90 +---------------------+ 91 |Delegating Router 'D'| 92 | (Delegate 'P') | 93 +----------+----------+ 94 | 95 | Upstream link 96 | 97 +----------+----------+ 98 | Upstream Interface | 99 +---------------------+ 100 | | 101 | Requesting node 'R' | 102 | (Receive 'P') | 103 | | 104 +---------------------+ 105 | Downstream Interface| 106 +--+-+--+-+--+-----+--+ 107 |A1| |A2| |A3| ... |An| 108 +--+-+--+-++-+-----+--+ 109 | 110 | Downstream link 111 | 112 X----+-------------+--------+----+---------------+---X 113 | | | | 114 +---++-+--+ +---++-+--+ +---++-+--+ +---++-+--+ 115 | |X1| | | |X2| | | |X3| | | |Xn| | 116 | +--+ | | +--+ | | +--+ | | +--+ | 117 | Host H1 | | Host H2 | | Host H3 | ... | Host Hn | 118 +---------+ +---------+ +---------+ +---------+ 120 <-------------- Tethered Network -------------> 122 Figure 1: Classic Routing Model 124 In this figure, when Delegating Router 'D' delegates prefix 'P', it 125 inserts 'P' into its routing table with Requesting node 'R' as the 126 next hop. Meanwhile, 'R' receives 'P' via an upstream interface and 127 sub-delegates 'P' to its downstream external (physical) and/or 128 internal (virtual) networks. 'R' assigns addresses 'A(i)' taken from 129 'P' to downstream interfaces, and Hosts 'H(i)' on downstream networks 130 assign addresses 'X(i)' taken from 'P' to their interfaces. 'R' then 131 acts as a router between hosts 'H(i)' on downstream links and 132 correspondents reachable via other interfaces. 'R' can also act as a 133 host on behalf of its local applications. 135 This document also considers the case when 'R' does not have any 136 physical downstream interfaces, and can use 'P' solely for its own 137 internal addressing purposes. In that case, 'R' assigns 'P' to a 138 virtual interface (e.g., a loopback) that is seen as a downstream 139 interface. 141 'R' can then function under the weak end system model 142 [RFC1122][RFC8028] by assigning addresses taken from 'P' to a virtual 143 interface as shown in Figure 2: 145 +---------------------+ 146 |Delegating Router 'D'| 147 | (Delegate 'P') | 148 +----------+----------+ 149 | 150 | Upstream link 151 | 152 +----------+----------+ 153 | Upstream Interface | 154 +---------------------+ 155 | | 156 | Requesting node 'R' | 157 | (Receive 'P') | 158 | | 159 +---------------------+ 160 | Virtual Interface | 161 +--+-+--+-+--+-----+--+ 162 |A1| |A2| |A3| ... |An| 163 +--+-+--+-+--+-----+--+ 165 Figure 2: Weak End System Model 167 'R' could instead function under the strong end system model 168 [RFC1122][RFC8028] by assigning IPv6 addresses taken from 'P' to an 169 upstream interface as shown in Figure 3: 171 +---------------------+ 172 |Delegating Router 'D'| 173 | (Delegate 'P') | 174 +----------+----------+ 175 | 176 | Upstream link 177 | 178 +----------+----------+ 179 | Upstream Interface | 180 +--+-+--+-+--+-----+--+ 181 |A1| |A2| |A3| ... |An| 182 +--+-+--+-+--+-----+--+ 183 | | 184 | Requesting node 'R' | 185 | (Receive 'P') | 186 | | 187 +---------------------+ 188 | Virtual Interface | 189 +---------------------+ 191 Figure 3: Strong End System Model 193 The major benefit for a node managing a delegated prefix in either 194 the weak or strong end system models is multi-addressing. With 195 multi-addressing, the node can configure an unlimited supply of 196 addresses to make them available for local applications without 197 requiring coordination with other nodes on upstream interfaces. 199 The following sections present considerations for nodes that employ 200 prefix delegation mechanisms. 202 2. Terminology 204 The terminology of the normative references apply, and the terms 205 "node", "host" and "router" are the same as defined in [RFC8200]. 207 The following terms are defined for the purposes of this document: 209 shared prefix 210 an IPv6 prefix that may be advertised to more than one node on the 211 link, e.g., in a Router Advertisement (RA) message Prefix 212 Information Option (PIO) [RFC4861]. 214 individual prefix 215 an IPv6 prefix that is advertised to exactly one node on the link, 216 where the node may be unaware that the prefix is individual and 217 may not participate in prefix maintenance procedures. 219 delegated prefix 220 an IPv6 prefix that is explicitly delegated to a node for its own 221 exclusive use, where the node is an active participant in prefix 222 delegation and maintenance procedures. 224 3. Multi-Addressing Considerations 226 IPv6 allows nodes to assign multiple addresses to a single interface. 227 [RFC7934] discusses options for multi-addressing as well as use cases 228 where multi-addressing may be desirable. Address configuration 229 options for multi-addressing include StateLess Address 230 AutoConfiguration (SLAAC) [RFC4862], DHCPv6 address configuration 231 [RFC3315], manual configuration, etc. 233 Nodes configure addresses from a shared or individual prefix and 234 assign them to the upstream interface over which the prefix was 235 received. When the node assigns the addresses, it is required to use 236 Multicast Listener Discovery (MLD) [RFC3810] to join the appropriate 237 solicited-node multicast group(s) and to use the Duplicate Address 238 Detection (DAD) algorithm [RFC4862] to ensure that no other node 239 configures a duplicate address. 241 In contrast, a node that configures addresses from a delegated prefix 242 can assign them without invoking MLD/DAD on an upstream interface, 243 since the prefix has been delegated to the node for its own exclusive 244 use and is not shared with any other nodes. 246 4. Multi-Addressing Alternatives for Delegated Prefixes 248 When a node receives a prefix delegation, it has many alternatives 249 for provisioning the prefix. [RFC7278] discusses alternatives for 250 provisioning a prefix obtained by a User Equipment (UE) device under 251 the 3rd Generation Partnership Program (3GPP) service model. This 252 document considers the more general case when the node receives a 253 delegated prefix explicitly provided for its own exclusive use. 255 When the node receives the prefix, it can distribute the prefix to 256 downstream networks and configure one or more addresses for itself on 257 downstream interfaces. The node then acts as a router on behalf of 258 its downstream networks and configures a default route via a neighbor 259 on an upstream interface. 261 The node could instead (or in addition) use portions of the delegated 262 prefix for its own multi-addressing purposes. In a first 263 alternative, the node can assign as many addresses as it wants from 264 the prefix to virtual interfaces. In that case, applications running 265 on the node can use the addresses according to the weak end system 266 model. 268 In a second alternative, the node can assign as many addresses as it 269 wants from the prefix to the upstream interface over which the prefix 270 was received. In that case, applications running on the node can use 271 the addresses according to the strong end system model. 273 In both of these latter two cases, the node assigns the prefix itself 274 to a virtual interface so that unused addresses from the prefix are 275 correctly identified as unreachable. The node then acts as a host on 276 behalf of its local applications even though neighbors on the 277 upstream link see it as a router. 279 5. MLD/DAD Implications 281 When a node configures addresses for itself from a shared or 282 individual prefix, it performs MLD/DAD by sending multicast messages 283 over upstream interfaces to test whether there is another node on the 284 link that configures a duplicate address. When there are many such 285 addresses and/or many such nodes, this could result in substantial 286 multicast traffic that affects all nodes on the link. 288 When a node configures addresses for itself from a delegated prefix, 289 it can configure as many addresses as it wants but does not perform 290 MLD/DAD for any of the addresses over upstream interfaces. This 291 means that the node can configure arbitrarily many addresses without 292 causing any multicast messaging over the upstream interface that 293 could disturb other nodes. 295 6. Dynamic Routing Protocol Implications 297 The node can be configured to either participate or not participate 298 in a dynamic routing protocol over the upstream interface, according 299 to the deployment model. When there are many nodes on the upstream 300 link, dynamic routing protocol participation might be impractical due 301 to scaling limitations, and may also be exacerbated by factors such 302 as node mobility. 304 Unless it participates in a dynamic routing protocol, the node 305 initially has only a default route pointing to a neighbor via an 306 upstream interface. This means that packets sent by the node over an 307 upstream interface will initially go through a default router even if 308 there is a better first-hop node on the link. 310 7. IPv6 Neighbor Discovery Implications 312 The node acts as a simple host to send Router Solicitation (RS) 313 messages over upstream interfaces (i.e., the same as described in 314 Section 4.2 of [RFC7084]) but also sets the "Router" flag to TRUE in 315 any Neighbor Advertisement messages it sends. The node does not send 316 RA messages over upstream interfaces. 318 The current first-hop router may send a Redirect message that updates 319 the node's neighbor cache so that future packets can use a better 320 first-hop node on the link. The Redirect can apply either to a 321 singleton destination address, or to an entire destination prefix as 322 described in [I-D.templin-6man-rio-redirect]. 324 8. ICMPv6 Implications 326 The Internet Control Message Protocol for IPv6 (ICMPv6) includes a 327 set of control message types [RFC4443] including Destination 328 Unreachable (DU). 330 According to [RFC4443], routers SHOULD return DU messages (subject to 331 rate limiting) with code 0 ("No route to destination") when a packet 332 arrives for which there is no matching entry in the routing table, 333 and with code 3 ("Address unreachable") when the IPv6 destination 334 address cannot be resolved. 336 According to [RFC4443], hosts SHOULD return DU messages (subject to 337 rate limiting) with code 3 to internal applications when the IPv6 338 destination address cannot be resolved, and with code 4 ("Port 339 unreachable") if the IPv6 destination address is one of its own 340 addresses but the transport protocol has no listener. 342 Nodes that obtain and manage prefix delegations per this document 343 observe the same procedures as described for both routers and hosts 344 above. 346 9. IANA Considerations 348 This document introduces no IANA considerations. 350 10. Security Considerations 352 Security considerations for IPv6 Neighbor Discovery [RFC4861] and any 353 applicable prefix delegation mechanisms apply to this document. 355 Additionally, the node may receive unwanted IPv6 packets via an 356 upstream interface that match a delegated prefix but do not match a 357 configured IPv6 address. In that case, the node drops the packets 358 and observes the "Destination Unreachable - Address unreachable" 359 procedures discussed in Section 8. 361 The node may also receive IPv6 packets via an upstream interface that 362 do not match any of the node's delegated prefixes. In that case, the 363 node drops the packets and observes the "Destination Unreachable - No 364 route to destination" procedures discussed in Section 8. Dropping 365 the packets is necessary to avoid a reflection attack that would 366 cause the node to forward packets received from an upstream interface 367 via the same or a different upstream interface. 369 11. Acknowledgements 371 This work was motivated by discussions on the v6ops list. Mark Smith 372 pointed out the need to consider MLD as well as DAD for the 373 assignment of addresses to interfaces. Ricardo Pelaez-Negro, Edwin 374 Cordeiro, Fred Baker, Naveen Lakshman, Ole Troan, Bob Hinden, Brian 375 Carpenter, Joel Halpern and Albert Manfredi provided useful comments 376 that have greatly improved the document. 378 This work is aligned with the NASA Safe Autonomous Systems Operation 379 (SASO) program under NASA contract number NNA16BD84C. 381 This work is aligned with the FAA as per the SE2025 contract number 382 DTFAWA-15-D-00030. 384 This work is aligned with the Boeing Information Technology (BIT) 385 MobileNet program and the Boeing Research & Technology (BR&T) 386 enterprise autonomy program. 388 12. References 390 12.1. Normative References 392 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 393 DOI 10.17487/RFC0791, September 1981, 394 . 396 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 397 C., and M. Carney, "Dynamic Host Configuration Protocol 398 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 399 2003, . 401 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 402 Host Configuration Protocol (DHCP) version 6", RFC 3633, 403 DOI 10.17487/RFC3633, December 2003, 404 . 406 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 407 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 408 DOI 10.17487/RFC3810, June 2004, 409 . 411 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 412 Control Message Protocol (ICMPv6) for the Internet 413 Protocol Version 6 (IPv6) Specification", STD 89, 414 RFC 4443, DOI 10.17487/RFC4443, March 2006, 415 . 417 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 418 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 419 DOI 10.17487/RFC4861, September 2007, 420 . 422 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 423 Address Autoconfiguration", RFC 4862, 424 DOI 10.17487/RFC4862, September 2007, 425 . 427 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 428 (IPv6) Specification", STD 86, RFC 8200, 429 DOI 10.17487/RFC8200, July 2017, 430 . 432 12.2. Informative References 434 [I-D.templin-6man-rio-redirect] 435 Templin, F. and j. woodyatt, "Route Information Options in 436 IPv6 Neighbor Discovery", draft-templin-6man-rio- 437 redirect-04 (work in progress), August 2017. 439 [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - 440 Communication Layers", STD 3, RFC 1122, 441 DOI 10.17487/RFC1122, October 1989, 442 . 444 [RFC7084] Singh, H., Beebee, W., Donley, C., and B. Stark, "Basic 445 Requirements for IPv6 Customer Edge Routers", RFC 7084, 446 DOI 10.17487/RFC7084, November 2013, 447 . 449 [RFC7278] Byrne, C., Drown, D., and A. Vizdal, "Extending an IPv6 450 /64 Prefix from a Third Generation Partnership Project 451 (3GPP) Mobile Interface to a LAN Link", RFC 7278, 452 DOI 10.17487/RFC7278, June 2014, 453 . 455 [RFC7934] Colitti, L., Cerf, V., Cheshire, S., and D. Schinazi, 456 "Host Address Availability Recommendations", BCP 204, 457 RFC 7934, DOI 10.17487/RFC7934, July 2016, 458 . 460 [RFC8028] Baker, F. and B. Carpenter, "First-Hop Router Selection by 461 Hosts in a Multi-Prefix Network", RFC 8028, 462 DOI 10.17487/RFC8028, November 2016, 463 . 465 Author's Address 467 Fred L. Templin (editor) 468 Boeing Research & Technology 469 P.O. Box 3707 470 Seattle, WA 98124 471 USA 473 Email: fltemplin@acm.org