idnits 2.17.1 draft-templin-v6ops-pdhost-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 28, 2017) is 2331 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC0791' is defined on line 448, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 3633 (Obsoleted by RFC 8415) == Outdated reference: A later version (-08) exists of draft-templin-6man-rio-redirect-05 Summary: 2 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group F. Templin, Ed. 3 Internet-Draft Boeing Research & Technology 4 Intended status: Informational November 28, 2017 5 Expires: June 1, 2018 7 IPv6 Prefix Delegation Models 8 draft-templin-v6ops-pdhost-16.txt 10 Abstract 12 IPv6 prefixes are typically delegated to requesting routers which 13 then use them to number their downstream-attached links and networks. 14 This document considers prefix delegation models according to whether 15 the requesting router acts as a router on behalf of any downstream 16 networks, as host on behalf of its local applications or as both. 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at https://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on June 1, 2018. 35 Copyright Notice 37 Copyright (c) 2017 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (https://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 53 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 54 3. Multi-Addressing Considerations . . . . . . . . . . . . . . . 6 55 4. Multi-Addressing Alternatives for Delegated Prefixes . . . . 7 56 5. MLD/DAD Implications . . . . . . . . . . . . . . . . . . . . 7 57 6. Dynamic Routing Protocol Implications . . . . . . . . . . . . 8 58 7. IPv6 Neighbor Discovery Implications . . . . . . . . . . . . 8 59 8. ICMPv6 Implications . . . . . . . . . . . . . . . . . . . . . 9 60 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 61 10. Security Considerations . . . . . . . . . . . . . . . . . . . 9 62 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 63 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 64 12.1. Normative References . . . . . . . . . . . . . . . . . . 10 65 12.2. Informative References . . . . . . . . . . . . . . . . . 11 66 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 12 68 1. Introduction 70 IPv6 Prefix Delegation (PD) entails 1) the communication of a prefix 71 from a delegating router to a requesting router, 2) a representation 72 of the prefix in the delegating router's routing table, and 3) a 73 control messaging service between the delegating and requesting 74 routers to maintain prefix lifetimes. Following delegation, the 75 prefix is available for the requesting router's exclusive use and is 76 not shared with any other nodes. This document considers prefix 77 delegation models where the requesting router is a node that acts as 78 a router on behalf of any downstream networks, as host on behalf of 79 its local applications or as both. The following paragraphs present 80 possibilities for node behavior upon receipt of a delegated prefix. 82 For nodes that connect downstream-attached networks (e.g., a 83 cellphone that connects a "tethered" Internet of Things (IoT) 84 network, a server that hosts a complex internal network of virtual 85 machines, etc.), a Delegating Router 'D' delegates a prefix 'P' to a 86 Requesting Router 'R' as shown in Figure 1: 88 +---------------------+ 89 |Delegating Router 'D'| 90 | (Delegate 'P') | 91 +----------+----------+ 92 | 93 | Upstream link 94 | 95 +----------+----------+ 96 | Upstream Interface | 97 +---------------------+ 98 | | 99 |Requesting Router 'R'| 100 | (Receive 'P') | 101 | | 102 +--+-+--+-+--+-----+--+ 103 |A1| |A2| |A3| ... |Aj| 104 +--+-+--+-+--+-----+--+ 105 | Downstream Interface| 106 +----------+----------+ 107 | 108 | Downstream link 109 | 110 X----+-------------+--------+----+---------------+---X 111 | | | | 112 +---++-+--+ +---++-+--+ +---++-+--+ +---++-+--+ 113 | |Ak| | | |Al| | | |Am| | | |A*| | 114 | +--+ | | +--+ | | +--+ | | +--+ | 115 | Host H1 | | Host H2 | | Host H3 | ... | Host Hn | 116 +---------+ +---------+ +---------+ +---------+ 118 <-------------- Downstream Network -------------> 120 Figure 1: Classic Routing Model 122 In this figure, when Delegating Router 'D' delegates prefix 'P', it 123 inserts 'P' into its routing table with Requesting Router ''R' as the 124 next hop. Meanwhile, 'R' receives 'P' via an upstream interface and 125 sub-delegates 'P' to its downstream external (physical) and/or 126 internal (virtual) networks. 'R' assigns addresses 'A(*)' taken from 127 'P' to downstream interfaces, and Hosts 'H(i)' on downstream networks 128 assign addresses 'A(*)' taken from 'P' to their interface attachments 129 to the downstream link. 'R' then acts as a router between hosts 130 'H(i)' on downstream networks and correspondents reachable via other 131 interfaces. 'R' can also act as a host on behalf of its local 132 applications. This behavior is per normal router behaviors. 134 This document also considers the case when 'R' does not have any 135 downstream interfaces, and can use 'P' solely for its own internal 136 addressing purposes. In that case, Requesting node 'R' assigns 'P' 137 to a virtual interface (e.g., a loopback) that fills the role of a 138 downstream interface. 140 'R' can then function under the weak end system (aka "weak host") 141 model [RFC1122][RFC8028] by assigning addresses taken from 'P' to a 142 virtual interface as shown in Figure 2: 144 +---------------------+ 145 |Delegating Router 'D'| 146 | (Delegate 'P') | 147 +----------+----------+ 148 | 149 | Upstream link 150 | 151 +----------+----------+ 152 | Upstream Interface | 153 +---------------------+ 154 | | 155 | Requesting node 'R' | 156 | (Receive 'P') | 157 | | 158 +--+-+--+-+--+-----+--+ 159 |A1| |A2| |A3| ... |An| 160 +--+-+--+-+--+-----+--+ 161 | Virtual Interface | 162 +---------------------+ 164 Figure 2: Weak End System Model 166 'R' could instead function under the strong end system (aka "strong 167 host") model [RFC1122][RFC8028] by assigning IPv6 addresses taken 168 from 'P' to an upstream interface as shown in Figure 3: 170 +---------------------+ 171 |Delegating Router 'D'| 172 | (Delegate 'P') | 173 +----------+----------+ 174 | 175 | Upstream link 176 | 177 +----------+----------+ 178 | Upstream Interface | 179 +--+-+--+-+--+-----+--+ 180 |A1| |A2| |A3| ... |An| 181 +--+-+--+-+--+-----+--+ 182 | | 183 | Requesting node 'R' | 184 | (Receive 'P') | 185 | | 186 +---------------------+ 187 | Virtual Interface | 188 +---------------------+ 190 Figure 3: Strong End System Model 192 The major benefit for a node managing a delegated prefix in either 193 the weak or strong end system models is multi-addressing. With IPv6 194 PD-based multi-addressing, the node can configure an unlimited supply 195 of addresses to make them available for local applications without 196 requiring coordination with other nodes on upstream interfaces. 198 The following sections present considerations for nodes that employ 199 IPv6 PD mechanisms. 201 2. Terminology 203 The terminology of the normative references apply, and the terms 204 "node", "host" and "router" are the same as defined in [RFC8200]. 206 The following terms are defined for the purposes of this document: 208 shared prefix 209 an IPv6 prefix that may be advertised to more than one node on the 210 link, e.g., in a Router Advertisement (RA) message Prefix 211 Information Option (PIO) [RFC4861]. The router that advertises 212 the prefix must consider the prefix as on-link so that the IPv6 213 Neighbor Discovery (ND) address resolution function will identify 214 the correct neighbor for each packet. 216 individual prefix 217 an IPv6 prefix that is advertised to exactly one node on the link, 218 where the node may be unaware that the prefix is individual and 219 may not participate in prefix maintenance procedures. The router 220 that advertises the prefix can consider the prefix as on-link or 221 not on-link. In the former case, the router performs address 222 resolution and only forwards those packets that match one of the 223 node's configured addresses so that the node will not receive 224 unwanted packets. In the latter case, the router can simply 225 forward all packets matching the prefix to the node which must 226 then drop any packets that do not match one of its configured 227 addresses. An example individual prefix service is documented in 228 [I-D.ietf-v6ops-unique-ipv6-prefix-per-host]. 230 delegated prefix 231 an IPv6 prefix that is explicitly conveyed to a node for its own 232 exclusive use, where the node is an active participant in prefix 233 delegation and maintenance procedures. The delegating router 234 simply forwards all packets matching the prefix to the requesting 235 node. The requesting node associates the prefix with downstream 236 and/or internal virtual interfaces (i.e., and not the upstream 237 interface). An example IPv6 PD service is the Dynamic Host 238 Configuration Protocol for IPv6 (DHCPv6) [RFC3315][RFC3633]. An 239 alternative service based solely on IPv6 ND messaging has also 240 been proposed [I-D.pioxfolks-6man-pio-exclusive-bit]. 242 3. Multi-Addressing Considerations 244 IPv6 allows nodes to assign multiple addresses to a single interface. 245 [RFC7934] discusses options for multi-addressing as well as use cases 246 where multi-addressing may be desirable. Address configuration 247 options for multi-addressing include StateLess Address 248 AutoConfiguration (SLAAC) [RFC4862], DHCPv6 address configuration 249 [RFC3315], manual configuration, etc. 251 Nodes configure addresses from a shared or individual prefix and 252 assign them to the upstream interface over which the prefix was 253 received. When the node assigns the addresses, it is required to use 254 Multicast Listener Discovery (MLD) [RFC3810] to join the appropriate 255 solicited-node multicast group(s) and to use the Duplicate Address 256 Detection (DAD) algorithm [RFC4862] to ensure that no other node 257 configures a duplicate address. 259 In contrast, a node that configures addresses from a delegated prefix 260 can assign them without invoking MLD/DAD on an upstream interface, 261 since the prefix has been delegated to the node for its own exclusive 262 use and is not shared with any other nodes. 264 4. Multi-Addressing Alternatives for Delegated Prefixes 266 When a node receives a delegated prefix, it has many alternatives for 267 provisioning the prefix to its local interfaces and/or downstream 268 networks. [RFC7278] discusses alternatives for provisioning a prefix 269 obtained by a User Equipment (UE) device under the 3rd Generation 270 Partnership Program (3GPP) service model. This document considers 271 the more general case when the node receives a delegated prefix 272 explicitly provided for its own exclusive use. 274 When the node receives the prefix, it can distribute the prefix to 275 downstream networks and configure zero or more addresses for itself 276 on downstream interfaces. The node then acts as a router on behalf 277 of its downstream networks and configures a default route via a 278 neighbor on an upstream interface. 280 The node could instead (or in addition) use portions of the delegated 281 prefix for its own multi-addressing purposes. In a first 282 alternative, the node can assign as many addresses as it wants from 283 the prefix to virtual interfaces. In that case, applications running 284 on the node can use the addresses according to the weak end system 285 model. 287 In a second alternative, the node can assign as many addresses as it 288 wants from the prefix to the upstream interface over which the prefix 289 was received. In that case, applications running on the node can use 290 the addresses according to the strong end system model. 292 In both of these latter two cases, the node assigns the prefix itself 293 to a virtual interface so that unused portions of the prefix are 294 correctly identified as unreachable. The node then acts as a host on 295 behalf of its local applications even though neighbors on the 296 upstream link see it as a router. 298 5. MLD/DAD Implications 300 When a node configures addresses for itself from a shared or 301 individual prefix, it performs MLD/DAD by sending multicast messages 302 over upstream interfaces to test whether there is another node on the 303 link that configures a duplicate address. When there are many such 304 addresses and/or many such nodes, this could result in substantial 305 multicast traffic that affects all nodes on the link. 307 When a node configures addresses for itself from a delegated prefix, 308 it can configure as many addresses as it wants but does not perform 309 MLD/DAD for any of the addresses over upstream interfaces. This 310 means that the node can configure arbitrarily many addresses without 311 causing any multicast messaging over the upstream interface that 312 could disturb other nodes. 314 6. Dynamic Routing Protocol Implications 316 Nodes that receive delegated prefixes can be configured to either 317 participate or not participate in a dynamic routing protocol over the 318 upstream interface, according to the deployment model. When there 319 are many nodes on the upstream link, dynamic routing protocol 320 participation might be impractical due to scaling limitations, and 321 may also be exacerbated by factors such as node mobility. 323 Unless it participates in a dynamic routing protocol, the node 324 initially has only a default route pointing to a neighbor via an 325 upstream interface. This means that packets sent by the node over an 326 upstream interface will initially go through a default router even if 327 there is a better first-hop node on the link. 329 7. IPv6 Neighbor Discovery Implications 331 When a node receives a shared or individual prefix with "L=1" and has 332 a packet to send to an IPv6 destination within the prefix, it is 333 required to use the IPv6 ND address resolution function over the 334 upstream interface to resolve the link-layer address of a neighbor 335 that configures the address. When a node receives a shared or 336 individual prefix with "L=0" and has a packet to send to an IPv6 337 destination within the prefix, if the address is not one of the 338 node's own addresses it sends the packet to a default router since 339 "L=0" makes no statement about on-link or off-link properties of the 340 prefix [RFC4861]. 342 When a node receives a delegated prefix, it acts as a simple host to 343 send Router Solicitation (RS) messages over upstream interfaces 344 (i.e., the same as described in Section 4.2 of [RFC7084]) but also 345 sets the "Router" flag to TRUE in its Neighbor Advertisement 346 messages. The node considers the upstream interfaces as non- 347 advertising interfaces [RFC4861], i.e., it does not send RA messages 348 over the upstream interfaces. The node further does not perform the 349 IPv6 ND address resolution function over upstream interfaces, since 350 the delegated prefix is by definition not to be associated with an 351 upstream interface. 353 In all cases, the current first-hop router may send a Redirect 354 message that updates the node's neighbor cache so that future packets 355 can use a better first-hop node on the link. The Redirect can apply 356 either to a singleton destination address, or to an entire 357 destination prefix as described in [I-D.templin-6man-rio-redirect]. 359 8. ICMPv6 Implications 361 The Internet Control Message Protocol for IPv6 (ICMPv6) includes a 362 set of control message types [RFC4443] including Destination 363 Unreachable (DU). 365 According to [RFC4443], routers should return DU messages (subject to 366 rate limiting) with code 0 ("No route to destination") when a packet 367 arrives for which there is no matching entry in the routing table, 368 and with code 3 ("Address unreachable") when the IPv6 destination 369 address cannot be resolved. 371 According to [RFC4443], hosts should return DU messages (subject to 372 rate limiting) with code 3 to internal applications when the IPv6 373 destination address cannot be resolved, and with code 4 ("Port 374 unreachable") if the IPv6 destination address is one of its own 375 addresses but the transport protocol has no listener. 377 Nodes that obtain and manage delegated prefixes per this document 378 observe the same procedures as described for both routers and hosts 379 above. 381 9. IANA Considerations 383 This document introduces no IANA considerations. 385 10. Security Considerations 387 Security considerations for IPv6 Neighbor Discovery [RFC4861] and any 388 applicable PD mechanisms apply to this document. Nodes that receive 389 delegated prefixes do not perform MLD/DAD procedures on their 390 upstream interfaces, meaning that they cannot contribute to multicast 391 messaging congestion on the upstream link. Also, routers that 392 delegate prefixes keep only a single neighbor cache entry for each 393 prefix delegation recipient, meaning that the router's neighbor cache 394 cannot be subject to resource exhaustion attacks. 396 For shared and individual prefixes, if the router that advertises the 397 prefix considers the prefix as on-link the IPv6 ND address resolution 398 function will prevent unwanted IPv6 packets from reaching the node. 399 For delegated prefixes and individual prefixes that are not 400 considered on-link, the router delivers all packets that match the 401 prefix to the unicast link-layer address of the node (i.e., as 402 determined by resolution of the node's link-local address) even if 403 they do not match one of the node's configured addresses. In the 404 latter case, the node may receive unwanted IPv6 packets via an 405 upstream interface that do not match either a configured IPv6 address 406 or a transport listener. The node then drops the packets and 407 observes the "Destination Unreachable - Address/Port unreachable" 408 procedures discussed in Section 8. 410 The node may also receive IPv6 packets via an upstream interface that 411 do not match any of the node's delegated prefixes. In that case, the 412 node drops the packets and observes the "Destination Unreachable - No 413 route to destination" procedures discussed in Section 8. Dropping 414 the packets is necessary to avoid a reflection attack that would 415 cause the node to forward packets received from an upstream interface 416 via the same or a different upstream interface. 418 In all cases, the node must decide whether or not to send DUs 419 according to the specific operational scenario. In trusted networks, 420 the node should send DU messages to provide useful information to 421 potential correspondents. In untrusted networks, the node can 422 refrain from sending DU messages to avoid providing sensitive 423 information to potential attackers. 425 11. Acknowledgements 427 This work was motivated by discussions on the v6ops list. Mark Smith 428 pointed out the need to consider MLD as well as DAD for the 429 assignment of addresses to interfaces. Ricardo Pelaez-Negro, Edwin 430 Cordeiro, Fred Baker, Naveen Lakshman, Ole Troan, Bob Hinden, Brian 431 Carpenter, Joel Halpern, Albert Manfredi and Dusan Mudric provided 432 useful comments that have greatly improved the document. 434 This work is aligned with the NASA Safe Autonomous Systems Operation 435 (SASO) program under NASA contract number NNA16BD84C. 437 This work is aligned with the FAA as per the SE2025 contract number 438 DTFAWA-15-D-00030. 440 This work is aligned with the Boeing Information Technology (BIT) 441 MobileNet program and the Boeing Research & Technology (BR&T) 442 enterprise autonomy program. 444 12. References 446 12.1. Normative References 448 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 449 DOI 10.17487/RFC0791, September 1981, 450 . 452 [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, 453 C., and M. Carney, "Dynamic Host Configuration Protocol 454 for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July 455 2003, . 457 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 458 Host Configuration Protocol (DHCP) version 6", RFC 3633, 459 DOI 10.17487/RFC3633, December 2003, 460 . 462 [RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener 463 Discovery Version 2 (MLDv2) for IPv6", RFC 3810, 464 DOI 10.17487/RFC3810, June 2004, 465 . 467 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 468 Control Message Protocol (ICMPv6) for the Internet 469 Protocol Version 6 (IPv6) Specification", STD 89, 470 RFC 4443, DOI 10.17487/RFC4443, March 2006, 471 . 473 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 474 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 475 DOI 10.17487/RFC4861, September 2007, 476 . 478 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 479 Address Autoconfiguration", RFC 4862, 480 DOI 10.17487/RFC4862, September 2007, 481 . 483 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 484 (IPv6) Specification", STD 86, RFC 8200, 485 DOI 10.17487/RFC8200, July 2017, 486 . 488 12.2. Informative References 490 [I-D.ietf-v6ops-unique-ipv6-prefix-per-host] 491 Brzozowski, J. and G. Velde, "Unique IPv6 Prefix Per 492 Host", draft-ietf-v6ops-unique-ipv6-prefix-per-host-13 493 (work in progress), October 2017. 495 [I-D.pioxfolks-6man-pio-exclusive-bit] 496 Kline, E. and M. Abrahamsson, "IPv6 Router Advertisement 497 Prefix Information Option eXclusive Flag", draft- 498 pioxfolks-6man-pio-exclusive-bit-02 (work in progress), 499 March 2017. 501 [I-D.templin-6man-rio-redirect] 502 Templin, F. and j. woodyatt, "Route Information Options in 503 IPv6 Neighbor Discovery", draft-templin-6man-rio- 504 redirect-05 (work in progress), October 2017. 506 [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - 507 Communication Layers", STD 3, RFC 1122, 508 DOI 10.17487/RFC1122, October 1989, 509 . 511 [RFC7084] Singh, H., Beebee, W., Donley, C., and B. Stark, "Basic 512 Requirements for IPv6 Customer Edge Routers", RFC 7084, 513 DOI 10.17487/RFC7084, November 2013, 514 . 516 [RFC7278] Byrne, C., Drown, D., and A. Vizdal, "Extending an IPv6 517 /64 Prefix from a Third Generation Partnership Project 518 (3GPP) Mobile Interface to a LAN Link", RFC 7278, 519 DOI 10.17487/RFC7278, June 2014, 520 . 522 [RFC7934] Colitti, L., Cerf, V., Cheshire, S., and D. Schinazi, 523 "Host Address Availability Recommendations", BCP 204, 524 RFC 7934, DOI 10.17487/RFC7934, July 2016, 525 . 527 [RFC8028] Baker, F. and B. Carpenter, "First-Hop Router Selection by 528 Hosts in a Multi-Prefix Network", RFC 8028, 529 DOI 10.17487/RFC8028, November 2016, 530 . 532 Author's Address 534 Fred L. Templin (editor) 535 Boeing Research & Technology 536 P.O. Box 3707 537 Seattle, WA 98124 538 USA 540 Email: fltemplin@acm.org