idnits 2.17.1 

draft-vandevelde-v6ops-addcon-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1 on line 17.

  -- Found old boilerplate from RFC 3978, Section 5.5 on line 848.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 825.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 832.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 838.

  ** This document has an original RFC 3978 Section 5.4 Copyright Line,
     instead of the newer IETF Trust Copyright according to RFC 4748.

  ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead
     of the newer disclaimer which includes the IETF Trust according to RFC
     4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an IANA Considerations section.  (See Section
     2.2 of https://www.ietf.org/id-info/checklist for how to handle the case
     when there are no actions for IANA.)

  ** There are 9 instances of too long lines in the document, the longest one
     being 1 character in excess of 72.

  == There are 1 instance of lines with non-RFC3849-compliant IPv6 addresses
     in the document.  If these are example addresses, they should be changed.

  ** The document seems to lack a both a reference to RFC 2119 and the
     recommended RFC 2119 boilerplate, even if it appears to use RFC 2119
     keywords. 

     RFC 2119 keyword, line 523: '... key and a new CGA SHOULD be generated...'


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (February 11, 2006) is 6648 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Looks like a reference, but probably isn't: 'RIID' on line 415

  == Unused Reference: '23' is defined on line 769, but no explicit reference
     was found in the text

  -- Obsolete informational reference (is this intentional?): RFC 2462 (ref.
     '2') (Obsoleted by RFC 4862)

  -- Obsolete informational reference (is this intentional?): RFC 2471 (ref.
     '3') (Obsoleted by RFC 3701)

  -- Obsolete informational reference (is this intentional?): RFC 3041 (ref.
     '5') (Obsoleted by RFC 4941)

  -- Obsolete informational reference (is this intentional?): RFC 3177 (ref.
     '6') (Obsoleted by RFC 6177)

  -- Obsolete informational reference (is this intentional?): RFC 3315 (ref.
     '8') (Obsoleted by RFC 8415)

  -- Obsolete informational reference (is this intentional?): RFC 3484 (ref.
     '9') (Obsoleted by RFC 6724)

  -- Obsolete informational reference (is this intentional?): RFC 3513 (ref.
     '10') (Obsoleted by RFC 4291)

  -- Obsolete informational reference (is this intentional?): RFC 3627 (ref.
     '13') (Obsoleted by RFC 6547)

  -- Obsolete informational reference (is this intentional?): RFC 3633 (ref.
     '14') (Obsoleted by RFC 8415)

  -- Obsolete informational reference (is this intentional?): RFC 3736 (ref.
     '16') (Obsoleted by RFC 8415)

  -- Duplicate reference: draft-ietf-ngtrans-isatap, mentioned in '24', was
     also mentioned in '23'.

  == Outdated reference: A later version (-05) exists of
     draft-chown-v6ops-renumber-thinkabout-03


     Summary: 6 errors (**), 0 flaws (~~), 5 warnings (==), 19 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                    G. Van de Velde
3	Internet-Draft                                              C. Popoviciu
4	Expires: August 15, 2006                                   Cisco Systems
5	                                                                T. Chown
6	                                               University of Southampton
7	                                                       February 11, 2006

9	             IPv6 Unicast Address Assignment Considerations
10	                 <draft-vandevelde-v6ops-addcon-00.txt>

12	Status of this Memo

14	   By submitting this Internet-Draft, each author represents that any
15	   applicable patent or other IPR claims of which he or she is aware
16	   have been or will be disclosed, and any of which he or she becomes
17	   aware will be disclosed, in accordance with Section 6 of BCP 79.

19	   Internet-Drafts are working documents of the Internet Engineering
20	   Task Force (IETF), its areas, and its working groups.  Note that
21	   other groups may also distribute working documents as Internet-
22	   Drafts.

24	   Internet-Drafts are draft documents valid for a maximum of six months
25	   and may be updated, replaced, or obsoleted by other documents at any
26	   time.  It is inappropriate to use Internet-Drafts as reference
27	   material or to cite them other than as "work in progress."

29	   The list of current Internet-Drafts can be accessed at
30	   http://www.ietf.org/ietf/1id-abstracts.txt.

32	   The list of Internet-Draft Shadow Directories can be accessed at
33	   http://www.ietf.org/shadow.html.

35	   This Internet-Draft will expire on August 15, 2006.

37	Copyright Notice

39	   Copyright (C) The Internet Society (2006).

41	Abstract

43	   One fundamental aspect of any IP communications infrastructure is its
44	   addressing plan.  With its new address architecture and allocation
45	   policies, the introduction of IPv6 into a network means that network
46	   designers and operators need to reconsider their existing approaches
47	   to network addressing.  Lack of guideliness on handling this aspect
48	   of network design could slow down the integration of IPv6.  This
49	   draft aims to provide the information and recommendations relevant to
50	   planning the addressing aspects of IPv6 deployments.  The draft also
51	   provides IPv6 addressing case studies for both an enterprise and an
52	   ISP network.  In this first version of the draft we aim to provoke
53	   discussion on this important topic; more detailed case study texts
54	   will follow.

56	Table of Contents

58	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
59	   2.  Network Level Addressing Design Considerations . . . . . . . .  4
60	     2.1.  Global Unique Addresses  . . . . . . . . . . . . . . . . .  4
61	     2.2.  Unique Local IPv6 Addresses  . . . . . . . . . . . . . . .  4
62	     2.3.  6Bone Address Space  . . . . . . . . . . . . . . . . . . .  5
63	     2.4.  Network Level Design Considerations  . . . . . . . . . . .  5
64	       2.4.1.  Sizing the Network Allocation  . . . . . . . . . . . .  6
65	       2.4.2.  Address Space Conservation . . . . . . . . . . . . . .  6
66	   3.  Subnet Prefix Considerations . . . . . . . . . . . . . . . . .  7
67	     3.1.  Considerations for subnet prefixes shorter then /64  . . .  7
68	     3.2.  Considerations for /64 prefixes  . . . . . . . . . . . . .  7
69	     3.3.  Considerations for subnet prefixes longer then /64 . . . .  8
70	       3.3.1.  Subnet Router Anycast address  . . . . . . . . . . . .  8
71	       3.3.2.  Addresses used by Embedded-RP (RFC3956)  . . . . . . .  9
72	       3.3.3.  ISATAP addresses . . . . . . . . . . . . . . . . . . .  9
73	       3.3.4.  /126 addresses . . . . . . . . . . . . . . . . . . . . 10
74	       3.3.5.  /127 addresses . . . . . . . . . . . . . . . . . . . . 10
75	       3.3.6.  /128 addresses . . . . . . . . . . . . . . . . . . . . 10
76	   4.  Allocation of the IID of an IPv6 Address . . . . . . . . . . . 10
77	     4.1.  Automatic EUI-64 Format Option . . . . . . . . . . . . . . 11
78	     4.2.  Using Privacy Extensions . . . . . . . . . . . . . . . . . 11
79	     4.3.  Cryptographically Generated IPv6 Addresses . . . . . . . . 11
80	     4.4.  Manual/Dynamic Assignment Option . . . . . . . . . . . . . 12
81	   5.  Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . 12
82	     5.1.  Enterprise Considerations  . . . . . . . . . . . . . . . . 12
83	       5.1.1.  Obtaining general IPv6 network prefixes  . . . . . . . 13
84	       5.1.2.  Forming an address (subnet) allocation plan  . . . . . 13
85	       5.1.3.  Other considerations . . . . . . . . . . . . . . . . . 14
86	       5.1.4.  Node configuration considerations  . . . . . . . . . . 14
87	       5.1.5.  Observations . . . . . . . . . . . . . . . . . . . . . 15
88	     5.2.  Service Provider Considerations  . . . . . . . . . . . . . 15
89	   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 15
90	   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
91	     7.1.  Normative References . . . . . . . . . . . . . . . . . . . 15
92	     7.2.  Informative References . . . . . . . . . . . . . . . . . . 15
93	   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18
94	   Intellectual Property and Copyright Statements . . . . . . . . . . 19

96	1.  Introduction

98	   The Internet Protocol Version 6 (IPv6) Addressing Architecture [10]
99	   defines three main types of addresses: unicast, anycast and
100	   multicast.  This document focuses on unicast addresses, for which
101	   there are currently three principal allocated types: Global Unique
102	   Addresses [12] ('globals'), Unique Local IPv6 Addresses [22] (ULAs)
103	   and 6bone address space [3].

105	   The document covers aspects that should be considered during IPv6
106	   deployment for the design and planning of an addressing scheme for an
107	   IPv6 network.  The network's IPv6 addressing plan may be for an IPv6-
108	   only network, or for a dual-stack infrastructure where some or all
109	   devices have addresses in both protocols.  These considerations will
110	   help an IPv6 network designer to efficiently and prudently assign the
111	   IPv6 address space that has been allocated to its organization.

113	   The address assignment considerations are analyzed separately for the
114	   two major components of the IPv6 unicast addresses, namely 'Network
115	   Level Addressing' (the allocation of subnets) and the 'Subnet Prefix'
116	   (address usage within a subnet).  Thus the document includes a
117	   discussion of aspects of address assignment to nodes and interfaces
118	   in an IPv6 network.  Finally the document will provide two examples
119	   of a successfully deployed address plan in a service provider (ISP)
120	   and an enterprise network.

122	   Parts of this document highlight the differences that an experienced
123	   IPv4 network designer should consider when planning an IPv6
124	   deployment, for example:

126	   o  IPv6 devices will more likely be multi-addressed in comparison
127	      with their IPv4 counterparts.
128	   o  The practically unlimited size of an IPv6 subnet (2^64 bits)
129	      reduces the requirement to size subnets to device counts for the
130	      purposes of (IPv4) address conservation.
131	   o  The implications of the reduced threat of address-based host
132	      scanning, as discussed in [25].

134	   We do not discuss here how a site or ISP should proceed with
135	   acquiring its globally routable IPv6 address prefix.  However, one
136	   should note that IPv6 networks receive their global unicast address
137	   allocation from their 'upstream' provider, which may be another ISP,
138	   a Local Internet Registry (LIR) or a Regional Internet Registry
139	   (RIR).  In each case the prefix received is provider assigned (PA);
140	   there is currently no provider independent (PI) address space for
141	   IPv6.  Thus an IPv6 network which changes provider will need to
142	   undergo a renumbering process, as described in [21].  A separate
143	   document [27] makes recommendations to ease the IPv6 renumbering
144	   process.

146	2.  Network Level Addressing Design Considerations

148	   This section discusses the kind of IPv6 addresses used at the network
149	   level for the IPv6 infrastructure.  The kind of addresses that can be
150	   considered are Global Unique Addresses, ULAs and 6bone address space.

152	2.1.  Global Unique Addresses

154	   The most commonly used unicast addresses will be Global Unique
155	   Addresses ('globals').  No significant considerations are neccesary
156	   if the organization has an address space allocation and a single
157	   prefix is deployed through a single upstream provider.

159	   However, a multihomed site may deploy addresses from two or more
160	   Service Provider assigned IPv6 address ranges.  Here, the network
161	   Administrator must have awareness on where and how these ranges are
162	   used on the multihomed infrastructure environment.  The nature of the
163	   usage of multiple prefixes may depend on the reason for multihoming
164	   (e.g. resilience failover, load balancing, policy-based routing, or
165	   multihoming during an IPv6 renumbering event).  IPv6 introduces
166	   improved support for multi-addressed hosts through the IPv6 default
167	   address selection methods described in RFC3484 [9].  A multihomed
168	   host may thus have two addresses, one per prefix (provider), and
169	   select source and destination addresses to use as described in that
170	   RFC.

172	2.2.  Unique Local IPv6 Addresses

174	   ULAs have replaced the originally conceived Site Local addresses in
175	   the IPv6 addressing architecture, for reasons described in [17].
176	   ULAs improve on site locals by offering a high probability of the
177	   global uniqueness of the prefix used, which can be beneficial in the
178	   case of (deliberate or accidental) leakage, or where networks are
179	   merged.  ULAs are akin to the private address space [1] assigned for
180	   IPv4 networks.

182	   The ULA address range allows a network administrator to deploy IPv6
183	   addresses on their network without asking for a globally unique
184	   registered IPv6 address range.  A ULA prefix is 48 bits, i.e. a /48,
185	   the same as the currently recommended allocation for a site from the
186	   globally routable IPv6 address space [6].

188	   ULAs provide the means to deploy a fixed addressing scheme that is
189	   not affected by a change in service provider and the corresponding PA
190	   global addresses.  Internal operation of the network is thus
191	   unaffected during renumbering events.  Nevertheless, this type of
192	   address must be used with caution.

194	   A site using ULAs may or may not also deploy globals.  In an isolated
195	   network ULAs may be deployed on their own.  In a connected network,
196	   that also deploys global addresses, both may be deployed, such that
197	   hosts become multiaddressed (one global and one ULA address) and the
198	   IPv6 default address selection algorithm will pick the appropriate
199	   source and destination addresses to use, e.g.  ULAs will be selected
200	   where both the source and destination hosts have ULA addresses.
201	   Because a ULA and a global site prefix are both /48 length, an
202	   administrator can chgoose to use the same subnetting (and host
203	   addressing) plan for both prefixes.

205	   As an example of the problems ULAs may cause, when using IPv6
206	   multicast within the network, the IPv6 default address selection
207	   algorithm prefers the ULA address as the source address for the IPv6
208	   multicast streams.  This is NOT a valid option when sending an IPv6
209	   multicast stream to the IPv6 Internet for two reasons.  For one,
210	   these addresses are not globally routable so RPF checks for such
211	   traffic will fail outside the internal network.  The other reason is
212	   that the traffic will likely not cross the network boundary due to
213	   multicast domain control and perimeter security policies.

215	   In principal ULAs allow easier network mergers than RFC1918 addresses
216	   do for IPv4 because ULA prefixes have a high probability of
217	   uniqueness, if the prefix is chosen as described in the RFC.

219	   The usage of ULAs should be carefully considered even when not
220	   attached to the IPv6 Internet due to the potential for added
221	   complexity when connecting to the Internet at some point in the
222	   future.

224	2.3.  6Bone Address Space

226	   The 6Bone address space was used before the RIRs started to
227	   distribute 'production' IPv6 prefixes.  The 6Bone prefixes have a
228	   common first 16 bits in the IPv6 Prefix of 3FFE::/16.  This address
229	   range is deprecated as of 6th June 2006 [15] and should be avoided on
230	   any new IPv6 network deployments.  Sites using 6bone address space
231	   should renumber to production address space using procedures as
232	   defined in [21].

234	2.4.  Network Level Design Considerations

236	   IPv6 provides network administrators with a significantly larger
237	   address space, enabling them to be very creative in how they can
238	   define logical and practical address plans.  The subneting of
239	   assigned prefixes can be done based on various logical schemes that
240	   involve factors such as:
241	   o  Geographical Boundaries - by assigning a common prefix to all
242	      subnets within a geographical area.
243	   o  Organizational Boundaries - by assigning a common prefix to an
244	      entire organization or group within a corporate infrastructure.
245	   o  Service Type - by reserving certain prefixes for predefined
246	      services such as: VoIP, Content Distribution, Internet Access,
247	      etc.
248	   Such logical addressing plans have the potential to simplify network
249	   operations and service offerings, and to simplify network management
250	   and troubleshooting.  A very large network would also have no need to
251	   consider using private address space for its infrastructure devices,
252	   simplifying network management.

254	   The network designer must however keep in mind several factors when
255	   developing these new addressing schemes:
256	   o  Prefix Aggregation - The larger IPv6 addresses can lead to larger
257	      routing tables unless network designers are actively pursuing
258	      aggregation.  While prefix aggregation will be enforced by the
259	      service provider, it is beneficial for the individual
260	      organizations to observe the same principles in their network
261	      design process.
262	   o  Network growth - The allocation mechanism for flexible growth of a
263	      network prefix, documented in RFC3531 [11] can be used to allow
264	      the network infrastructure to grow and be numbered in a way that
265	      is likely to preserve aggregation (the plan leaves 'holes' for
266	      growth).
267	   o  ULA usage in large networks - Networks which have a large number
268	      of 'sites' that each deploy a ULA prefix which will by default be
269	      a 'random' /48 under fc00::/7 will have no aggregation of those
270	      prefixes.  Thus the end result may be cumbersome because the
271	      network will have large amounts of non-aggregated ULA prefixes.

273	2.4.1.  Sizing the Network Allocation

275	   We do not discuss here how a network designer sizes their application
276	   for address space.  By default a site will receive a /48 prefix [6].
277	   The default provider allocation via the RIRs is currently a /32 [26].
278	   These allocations are indicators for a first allocation for a
279	   network.  Different sizes may be obtained based on the anticipated
280	   address usage [26].  There are examples of allocations as large as
281	   /19 having been made from RIRs to providers at the time of writing.

283	2.4.2.  Address Space Conservation

285	   Despite the large IPv6 address space which enables easier subneting,
286	   it still is important to ensure an efficient use of this resource.

288	   Some addressing schemes, while facilitating aggregation and
289	   management, could lead to significant numbers of addresses being
290	   unused.  Address conservation requirements are less stringent in IPv6
291	   but they should still be observed.

293	   The proposed HD [7] value for IPv6 is 0.94 compared to the current
294	   value of 0.96 for IPv4.

296	3.  Subnet Prefix Considerations

298	   This section analyzes the considerations applied to define the subnet
299	   prefix of the IPv6 addresses.  The boundaries of the subnet prefix
300	   allocation are specified in RFC3513 [10].  In this document we
301	   analyze their practical implications.  Based on RFC3513 [10] it is
302	   legal for any IPv6 unicast address starting with binary address '000'
303	   to have a subnet prefix larger than, smaller than or of equal to 64
304	   bits.  Each of these three options are discussed in this document.

306	3.1.  Considerations for subnet prefixes shorter then /64

308	   An allocation of a prefix shorter then 64 bits to a node or interface
309	   is bad practice.  The shortest subnet prefix that could theoretically
310	   be assigned to an interface or node is limited by the size of the
311	   network prefix allocated to the organization.

313	   A possible reason for choosing the subnet prefix for an interface
314	   shorter then /64 is that it would allow more nodes to be attached to
315	   that interface compared to a prescribed length of 64 bits.  This
316	   however is unnecessary considering that 2^64 provides plenty of node
317	   addresses for a well designed IPv6 network.  Layer two technologies
318	   are unlikely to support such large numbers of nodes within a single
319	   link (e.g.  Ethernet limited to 48-bits of hosts)

321	   The subnet prefix assignments can be made either by manual
322	   configuration, by a stateful Host Configuration Protocol [8] or by a
323	   stateful prefix delegation mechanism [14].

325	3.2.  Considerations for /64 prefixes

327	   Based on RFC3177 [6], 64 bits is the prescribed subnet prefix length
328	   to allocate to interfaces and nodes.

330	   When using a /64 subnet length, the address assignment for these
331	   addresses can be made either by manual configuration, by a stateful
332	   Host Configuration Protocol [8] [16] or by stateless
333	   autoconfiguration [2].

335	   Note that RFC3177 strongly prescribes 64 bit subnets for general
336	   usage, and that stateless autoconfiguration option is only defined
337	   for 64 bit subnets.

339	3.3.  Considerations for subnet prefixes longer then /64

341	   Address space conservation is the main motivation for using a subnet
342	   prefix length longer than 64 bits.

344	   The address assignment can be made either by manual configuration or
345	   by a stateful Host Configuration Protocol [8].

347	   When assigning a subnet prefix of more then 80 bits, according to
348	   RFC3513 [10] "u" and "g" bits (respectively the 81st and 82nd bit)
349	   need to be taken into consideration and should be set correctly.  In
350	   currently implemented IPv6 protocol stacks, the relevance of the "u"
351	   (universal/local) bit and "g" (the individual/group) bit are marginal
352	   and typically will not show an issue when configured wrongly, however
353	   future implementations may turn out differently.

355	   When using subnet lengths longer then 64 bits, it is important to
356	   avoid selecting addresses that may have a predefined use and could
357	   confuse IPv6 protocol stacks.  The alternate usage may not be a
358	   simple unicast address in all cases.  The following points should be
359	   considerated when selecting a subnet length longer then 64 bits
360	   subnet prefix length.

362	3.3.1.  Subnet Router Anycast address

364	   RFC3513 [10] stated that within each subnet, the highest 128
365	   interface identifier values are reserved for assignment as subnet
366	   anycast addresses.

368	   The construction of a reserved subnet anycast address depends on the
369	   type of IPv6 addresses used within the subnet, as indicated by the
370	   format prefix in the addresses.

372	   The first type of Subnet Router Anycast addresses have been defined
373	   as follows for EUI-64 format:

375	      |              64 bits            |      57 bits     |   7 bits   |
376	      +---------------------------------+------------------+------------+
377	      |           subnet prefix         | 1111110111...111 | anycast ID |
378	      +---------------------------------+------------------+------------+

380	   The anycast address structure implies that it is important to avoid
381	   creating a subnet prefix where the bits 65 to 121 are defined as
382	   "1111110111...111" (57 bits in total) so that confusion can be
383	   avoided.

385	   For other IPv6 address types (that is, with format prefixes other
386	   than those listed above), the interface identifier is not in EUI-64
387	   format and may be other than 64 bits in length; these reserved subnet
388	   anycast addresses for such address types are constructed as follows:

390	      |              n bits             |    121-n bits    |   7 bits   |
391	      +---------------------------------+------------------+------------+
392	      |           subnet prefix         | 1111111...111111 | anycast ID |
393	      +---------------------------------+------------------+------------+
394	                                        |   interface identifier field  |

396	   In the case discussed above there is no additional dependancy for the
397	   subnet prefix with the exception of the EUI-64 and an IID dependency.
398	   These will be discussed later in this document.

400	3.3.2.  Addresses used by Embedded-RP (RFC3956)

402	   Embedded-RP [18] reflects the concept of integrating the Rendezvous
403	   Point (RP) IPv6 address into the IPv6 multicast group address.  Due
404	   to this embedding and the fact that the length of the IPv6 address
405	   AND the IPv6 multicast address are 128 bits, it is not possible to
406	   have the complete IPv6 address of the multicast RP embedded as such.

408	   This limitation resulted in a restriction of 15 possible multicast
409	   addresses per subnet prefix.  The space assigned for the embedded-RP
410	   is based on the 4 low order bits, while the remainder of the
411	   Interface ID is set to all '0'.

413	               [IPv6-prefix (64 bits)][60 bits all '0'][RIID]

415	                   Where: [RIID] = 4 bit.

417	   This leads to the constraint that when creating subnet lengths longer
418	   than 64 bits, the bits between bit 65 and the subnet boundary should
419	   not be set to be all "0".

421	3.3.3.  ISATAP addresses

423	   ISATAP [24] is an automatic tunneling protocol used to provide IPv6
424	   connectivity over an IPv4 campus or enterprise environment.  In order
425	   to leverage the underlying IPv4 infrastructure, the IPv6 addresses
426	   are constructed in a special format.

428	   An IPv6 ISATAP [24] address has the IPv4 address embedded, based on a
429	   predefined structure policy that identifies them as an ISATAP [24]
430	   address.

432	                [IPv6 Prefix (64 bits)][0000:5EFE][IPv4 address]

434	   When using subnet prefix length longer then 64 bits it is recommended
435	   that that the portion of the IPv6 prefix from bit 65 to the end of
436	   the subnet prefix does not match with the welknown ISATAP [0000:5EFE]
437	   address portion.

439	3.3.4.  /126 addresses

441	   The 126 bit subnet prefixes are typically used for point-to-point
442	   links similar to the RFC3021 [4] recommendations for IPv4.  The usage
443	   of this subnet address length does not lead to any additional
444	   considerations other than the ones discussed earlier in this section,
445	   particularly those related to the "u" and "g" bits.

447	3.3.5.  /127 addresses

449	   The usage of the /127 addresses is not valid and should be strongly
450	   discouraged as documented in RFC3627 [13].

452	3.3.6.  /128 addresses

454	   The 128 bit address prefix may be used in those situations where we
455	   know that one, and only one address is sufficient.  Example usage
456	   would be the offlink loopback address of a network device.

458	   When choosing a 128 bit prefix, it is recommended to take the "u" and
459	   "g" bits into consideration and to make sure that there is no overlap
460	   with either the following well known addresses:
461	   o  Subnet Router Anycast Address
462	   o  Reserved Subnet Anycast Address
463	   o  Addresses used by Embedded-RP
464	   o  ISATAP Addresses

466	4.  Allocation of the IID of an IPv6 Address

468	   In order to have a complete IPv6 address, an interface must be
469	   associated a prefix and an Interface Identifier (IID).  Section 3 of
470	   this document analyzed the prefix selection considerations.  This
471	   section discusses the elements that should be considered when
472	   assigning the IID portion of the IPv6 address.

474	   There are various ways to allocate an IPv6 address to a device or
475	   interface.  The option with the least amount of caveats for the
476	   network administrator is that of EUI-64 [2] based addresses.  For the
477	   manual or dynamic options, the overlap with well known IPv6 addresses
478	   should be avoided.

480	4.1.  Automatic EUI-64 Format Option

482	   When using this method the network administrator has to allocate a
483	   valid 64 bit subnet prefix.  The EUI-64 [2] allocation procedure can
484	   from that moment onwards assign the remaining 64 IID bits in a
485	   stateless manner.  All the considerations for selecting a valid IID
486	   have been incorporated in the EUI-64 methodology.

488	4.2.  Using Privacy Extensions

490	   The main purpose of IIDs generated based on RFC3041 [5] is to provide
491	   privacy to the entity using this address.  While there is no
492	   particular restraints in the usage of these addresses as defined in
493	   [5] there are some implications to be aware of when using privacy
494	   addresses as documented in section 4 of RFC3041 [5]:
495	   o  The privacy extension algoritm may complicate flexibility in
496	      future transport protocols
497	   o  These addresses may add complexity to the operational management
498	      and troubleshooting of the infrastructure (i.e. which address
499	      belongs to which real host)
500	   o  A reverse DNS lookup check may be broken when using privacy
501	      extensions

503	4.3.   Cryptographically Generated IPv6 Addresses

505	   Cryptographically Generated Addresses (CGAs) are based upon RFC3972
506	   [20] and provide a method for binding a public signature key to an
507	   IPv6 address in the Secure Neighbor Discovery (SEND) protocol [19].

509	   The basic idea is to generate the interface identifier (i.e. the
510	   rightmost 64 bits) of the IPv6 address by computing a cryptographic
511	   hash of the public key.  The resulting IPv6 address is called a
512	   cryptographically generated address (CGA).  The corresponding private
513	   key can then be used to sign messages sent from that address.

515	   Implications to be aware of when using CGA addresses are found in
516	   section 7 of RFC3972 [20]:

518	   o  When using CGA addresses the values of the "u" and "g" bits are
519	      ignored however it does not add any security or implementation
520	      implications
521	   o  There is no mechanism for proving that an address is not a CGA
522	   o  When it is discovered that a node has been compromised, a new
523	      signature key and a new CGA SHOULD be generated

525	   Due to the fact that CGA generated addresses are indistinguishable
526	   from a privacy address the same considerations as with privacy
527	   addresses are also valid for CGA generated addresses.

529	4.4.  Manual/Dynamic Assignment Option

531	   This section discusses those IID allocations that are not implemented
532	   through stateless address configuration (Section 4.1).  They are
533	   applicable regardless of the prefix length used on the link.  It is
534	   out of scope for this section to discuss the various assignment
535	   methods (e.g. manual configuration, DHCPv6, etc).

537	   In this situation the actual allocation is done by human intervention
538	   and consideration needs to be given to the complete IPv6 address so
539	   that it does not result in overlaps with any of the well known IPv6
540	   addresses:
541	   o  Subnet Router Anycast Address
542	   o  Reserved Subnet Anycast Address
543	   o  Addresses used by Embedded-RP
544	   o  ISATAP Addresses

546	   When using an address assigned by human intervention it is
547	   recommended to choose IPv6 addresses which are not abvious to guess
548	   and/or avoid any IPv6 addresses that embed IPv4 addresses used in the
549	   current infrastructure.  Following these two recommendations will
550	   make it more difficult for malicious third parties to guess targets
551	   for attack, and thus reduce security threats to a certain extent.

553	5.  Case Studies

555	   tbc.

557	5.1.  Enterprise Considerations

559	   In this section we consider a case study of a campus network that is
560	   deploying IPv6 in parallel with existing IPv4 protocols in a dual-
561	   stack environment.  The specific example is the University of
562	   Southampton (UK).  The case study is a 'work in progress' as the
563	   deployment is an evolving one, currently covering around 1,500 hosts.

565	5.1.1.  Obtaining general IPv6 network prefixes

567	   In the case of a campus network, the site will typically take its
568	   connectivity from its National Research and Education Network (NREN).
569	   Southampton connects to JANET, the UK academic network.  JANET
570	   currently has a /32 allocation from RIPE of 2001:630::/32.  The
571	   current recommended practice is for sites to receive a /48
572	   allocation, and on this basis Southampton has received such a prefix
573	   for its own use, specifically 2001:630:d0::/48.

575	   No ULA addressing is used on site.  The campus does not expect to
576	   change service provider, and thus does not plan to use ULAs for the
577	   (perceived) benefit of easing network renumbering.  Indeed, the
578	   campus has renumbered following the aforementioned renumbering
579	   procedure [21] on two occassions, and this has proven adequate (with
580	   provisos documented in [27].  We also do not see any need to deploy
581	   ULAs for in or out of band network management; there are enough IPv6
582	   prefixes available in the site allocation for the infrastructure.

584	   No 6bone addressing is used on site.  This was phased out some time
585	   ago.  We note that as of 6th June 2006 transit ISPs will likely
586	   filter any attempted use of such prefixes.

588	   Southampton does participate in global and organisation scope IPv6
589	   multicast networks.  Multicast address allocations are not discussed
590	   here as they are not in scope for the document.  Embedded RP is in
591	   use, and has been tested successfully across providers between sites.

593	5.1.2.  Forming an address (subnet) allocation plan

595	   The campus has a /16 prefix for IPv4 use; in principle 256 subnets of
596	   256 addresses.  In reality the subnetting is muddier, because of
597	   concerns of IPv4 address conservation; subnets are sized to the hosts
598	   within them, e.g. a /26 IPv4 prefix is used if a subnet has 35 hosts
599	   in it.  While this is efficient, it increases management burden when
600	   physical deployments change, and IPv4 subnets require resizing (up or
601	   down), even with DHCP in use.

603	   The /48 IPv6 prefix is considerably larger than the IPv4 allocation
604	   already in place at the site.  It is loosely equivalent to a 'Class
605	   A' IPv4 prefix in that it has 2^16 (over 65,000) subnets, but has an
606	   effectively unlimited subnet address size (2^64) compared to 256 in
607	   the IPv4 equivalent.  The increased subnet size means that /64 IPv6
608	   prefixes can be used on all subnets, without any requirement to
609	   resize them at a later date.  The increased subnet volume allows
610	   subnets to be allocated more generously to schools and departments in
611	   the campus.  While address conservation is still important, it is no
612	   longer an impediment on network management.  Rather, address (subnet)
613	   allocation is more about planning for future expansion.

615	   In a dual-stack network, we chose to deploy our IP subnets
616	   congruently for IPv4 and IPv6.  This is because the systems are still
617	   in the same administrative domains and the same geography.  We do not
618	   expect to have IPv6-only subnets in production use for a while yet,
619	   outside testbeds and our early Mobile IPv6 trials.  The firewall
620	   would ideally be a single dual-stack device with consistent policies
621	   (by host rather than IP version), however this is currently
622	   implemented as a firewall per IP protocol due to vendor limitations
623	   (Nokia/Checkpoint for IPv4, BSD pf tool for IPv6).

625	   The subnet allocation plan required a division of the address space
626	   per school or department.  Here a /56 was allocated to the school
627	   level of the university; there are around 30 schools currently.
628	   Further allocations were made for central IT infrastructure, for the
629	   network infrastructure and the server side systems.

631	5.1.3.  Other considerations

633	   The network uses a Demilitarized Zone (DMZ) topology for some level
634	   of protection of 'public' systems.  Again, this topology is congruent
635	   with the IPv4 network.

637	   There are no specific transition methods deployed internally to the
638	   campus; everything is using the conventional dual-stack approach.
639	   There is no use of tools such as ISATAP for example.

641	   For the Mobile IPv6 early trails, we have allocated one prefix for
642	   Home Agent (HA) use.  We have not yet considered how Mobile IPv6
643	   usage may grow, and whether more or even every subnet will require HA
644	   support.

646	   The university operates a tunnel broker service on behalf of UKERNA.
647	   This uses separate address space from JANET, not the main university
648	   allocation.

650	5.1.4.  Node configuration considerations

652	   We currently use stateless autoconfiguration on most subnets for IPv6
653	   hosts.  There is no DHCPv6 service deployed yet, beyond tests of
654	   early code releases.  We do seek a common integrated DHCP/DNS
655	   management platform, even if the servers themselves are not
656	   colocated.  Currently we add client statelessly autoconfigured
657	   addresses to the DNS manually.  Our administrators would prefer the
658	   use of DHCP because they believe it gives them some management
659	   control.

661	   Regarding the [25] implications, we note that all our hosts are dual-
662	   stack, and thus are potentially exposed over both protocols anyway.
663	   We publish all addresses in DNS, and do not operate a two faced DNS.

665	   We have internal usage of RFC3041 privacy addresses currently, but
666	   may wish to administratibely disable this (perhaps via DHCP), but we
667	   need to determine the feasibility of this on all systems, e.g. for
668	   WLAN guests or other user-maintained systems.  Network management
669	   should be simpler without RFC3041 in opeation.  Note RFC3041 is only
670	   an issue for outbound connections.

672	   We manually configure server addresses to avoid address changes on a
673	   change of network adaptor.  With IPv6 you can choose to pick ::53 for
674	   a DNS server, or can pick 'random' addresses for obfuscation, though
675	   that's not an issue for publicly advertised addresses (dns, mx, web,
676	   etc).

678	5.1.5.  Observations

680	   The site is not (yet) using prefix delegation tools for IPv6.

682	5.2.  Service Provider Considerations

684	   tbc.

686	6.  Security Considerations

688	   This IPv6 addressing documents does not have any direct impact on
689	   Internet infrastructure security.

691	7.  References

693	7.1.  Normative References

695	7.2.  Informative References

697	   [1]   Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and E.
698	         Lear, "Address Allocation for Private Internets", BCP 5,
699	         RFC 1918, February 1996.

701	   [2]   Thomson, S. and T. Narten, "IPv6 Stateless Address
702	         Autoconfiguration", RFC 2462, December 1998.

704	   [3]   Hinden, R., Fink, R., and J. Postel, "IPv6 Testing Address
705	         Allocation", RFC 2471, December 1998.

707	   [4]   Retana, A., White, R., Fuller, V., and D. McPherson, "Using 31-
708	         Bit Prefixes on IPv4 Point-to-Point Links", RFC 3021,
709	         December 2000.

711	   [5]   Narten, T. and R. Draves, "Privacy Extensions for Stateless
712	         Address Autoconfiguration in IPv6", RFC 3041, January 2001.

714	   [6]   IAB and IESG, "IAB/IESG Recommendations on IPv6 Address
715	         Allocations to Sites", RFC 3177, September 2001.

717	   [7]   Durand, A. and C. Huitema, "The H-Density Ratio for Address
718	         Assignment Efficiency An Update on the H ratio", RFC 3194,
719	         November 2001.

721	   [8]   Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M.
722	         Carney, "Dynamic Host Configuration Protocol for IPv6
723	         (DHCPv6)", RFC 3315, July 2003.

725	   [9]   Draves, R., "Default Address Selection for Internet Protocol
726	         version 6 (IPv6)", RFC 3484, February 2003.

728	   [10]  Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6)
729	         Addressing Architecture", RFC 3513, April 2003.

731	   [11]  Blanchet, M., "A Flexible Method for Managing the Assignment of
732	         Bits of an IPv6 Address Block", RFC 3531, April 2003.

734	   [12]  Hinden, R., Deering, S., and E. Nordmark, "IPv6 Global Unicast
735	         Address Format", RFC 3587, August 2003.

737	   [13]  Savola, P., "Use of /127 Prefix Length Between Routers
738	         Considered Harmful", RFC 3627, September 2003.

740	   [14]  Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host
741	         Configuration Protocol (DHCP) version 6", RFC 3633,
742	         December 2003.

744	   [15]  Fink, R. and R. Hinden, "6bone (IPv6 Testing Address
745	         Allocation) Phaseout", RFC 3701, March 2004.

747	   [16]  Droms, R., "Stateless Dynamic Host Configuration Protocol
748	         (DHCP) Service for IPv6", RFC 3736, April 2004.

750	   [17]  Huitema, C. and B. Carpenter, "Deprecating Site Local
751	         Addresses", RFC 3879, September 2004.

753	   [18]  Savola, P. and B. Haberman, "Embedding the Rendezvous Point
754	         (RP) Address in an IPv6 Multicast Address", RFC 3956,
755	         November 2004.

757	   [19]  Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure
758	         Neighbor Discovery (SEND)", RFC 3971, March 2005.

760	   [20]  Aura, T., "Cryptographically Generated Addresses (CGA)",
761	         RFC 3972, March 2005.

763	   [21]  Baker, F., Lear, E., and R. Droms, "Procedures for Renumbering
764	         an IPv6 Network without a Flag Day", RFC 4192, September 2005.

766	   [22]  Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
767	         Addresses", RFC 4193, October 2005.

769	   [23]  Templin, F., Gleeson, T., Talwar, M., and D. Thaler, "Intra-
770	         Site Automatic Tunnel Addressing Protocol (ISATAP)",
771	         draft-ietf-ngtrans-isatap-24 (work in progress), January 2005.

773	   [24]  Templin, F., Gleeson, T., Talwar, M., and D. Thaler, "Intra-
774	         Site Automatic Tunnel Addressing Protocol
775	         (draft-ietf-ngtrans-isatap-24.txt)", July 2005.

777	   [25]  Chown, T., "IPv6 Implications for TCP/UDP Port Scanning (chown-
778	         v6ops- port-scanning-implications-02.txt)", October 2005.

780	   [26]  APNIC, ARIN, RIPE NCC, "IPv6 Address Allocation and Assignment
781	         Policy (www.ripe.net/ripe/docs/ipv6policy.html)", January 2003.

783	   [27]  Chown, T., Thompson, M., Ford, A., and S. Venaas, "Things to
784	         think about when Renumbering an IPv6 network
785	         (draft-chown-v6ops-renumber-thinkabout-03.txt)", July 2005.

787	Authors' Addresses

789	   Gunter Van de Velde
790	   Cisco Systems
791	   De Kleetlaan 6a
792	   Diegem  1831
793	   Belgium

795	   Phone: +32 2704 5473
796	   Email: gunter@cisco.com

798	   Ciprian Popoviciu
799	   Cisco Systems
800	   7025-6 Kit Creek Road
801	   Research Triangle Park, North Carolina  PO Box 14987
802	   USA

804	   Phone: +1 919 392-3723
805	   Email: cpopovic@cisco.com

807	   Tim Chown
808	   University of Southampton
809	   Highfield
810	   Southampton,   SO17 1BJ
811	   United Kingdom

813	   Phone: +44 23 8059 3257
814	   Email: tjc@ecs.soton.ac.uk

816	Intellectual Property Statement

818	   The IETF takes no position regarding the validity or scope of any
819	   Intellectual Property Rights or other rights that might be claimed to
820	   pertain to the implementation or use of the technology described in
821	   this document or the extent to which any license under such rights
822	   might or might not be available; nor does it represent that it has
823	   made any independent effort to identify any such rights.  Information
824	   on the procedures with respect to rights in RFC documents can be
825	   found in BCP 78 and BCP 79.

827	   Copies of IPR disclosures made to the IETF Secretariat and any
828	   assurances of licenses to be made available, or the result of an
829	   attempt made to obtain a general license or permission for the use of
830	   such proprietary rights by implementers or users of this
831	   specification can be obtained from the IETF on-line IPR repository at
832	   http://www.ietf.org/ipr.

834	   The IETF invites any interested party to bring to its attention any
835	   copyrights, patents or patent applications, or other proprietary
836	   rights that may cover technology that may be required to implement
837	   this standard.  Please address the information to the IETF at
838	   ietf-ipr@ietf.org.

840	Disclaimer of Validity

842	   This document and the information contained herein are provided on an
843	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
844	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
845	   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
846	   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
847	   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
848	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

850	Copyright Statement

852	   Copyright (C) The Internet Society (2006).  This document is subject
853	   to the rights, licenses and restrictions contained in BCP 78, and
854	   except as set forth therein, the authors retain all their rights.

856	Acknowledgment

858	   Funding for the RFC Editor function is currently provided by the
859	   Internet Society.