draft-ietf-v6ops-addr-select-ps-00.txt   draft-ietf-v6ops-addr-select-ps-01.txt 
IPv6 Operations Working Group A. Matsumoto IPv6 Operations Working Group A. Matsumoto
Internet-Draft T. Fujisaki Internet-Draft T. Fujisaki
Intended status: Standards Track NTT Intended status: Informational NTT
Expires: May 14, 2007 R. Hiromi Expires: October 7, 2007 R. Hiromi
K. Kanayama K. Kanayama
Intec Netcore Intec Netcore
November 10, 2006 April 5, 2007
Problem Statement of Default Address Selection in Multi-prefix Problem Statement of Default Address Selection in Multi-prefix
Environment: Operational Issues of RFC3484 Default Rules Environment: Operational Issues of RFC3484 Default Rules
draft-ietf-v6ops-addr-select-ps-00.txt draft-ietf-v6ops-addr-select-ps-01.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 38 skipping to change at page 1, line 38
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 14, 2007. This Internet-Draft will expire on October 7, 2007.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The IETF Trust (2007).
Abstract Abstract
One physical network can carry multiple logical networks. Moreover, One physical network can carry multiple logical networks. Moreover,
we can use multiple physical networks at the same time in a host. In we can use multiple physical networks at the same time in a host. In
that environment, end-hosts might have multiple IP addresses and be that environment, end-hosts might have multiple IP addresses and be
required to use them selectively. Without an appropriate source/ required to use them selectively. Without an appropriate source/
destination address selection mechanism, the host will experience destination address selection mechanism, the host will experience
some trouble in the communication. RFC 3484 defines both the source some trouble in the communication. RFC 3484 defines both the source
and destination address selection algorithms, but the multi-prefix and destination address selection algorithms, but the multi-prefix
skipping to change at page 2, line 20 skipping to change at page 2, line 20
networks. networks.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Scope of this document . . . . . . . . . . . . . . . . . . 3 1.1. Scope of this document . . . . . . . . . . . . . . . . . . 3
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Source Address Selection . . . . . . . . . . . . . . . . . 3 2.1. Source Address Selection . . . . . . . . . . . . . . . . . 3
2.1.1. Multiple Routers on Single Interface . . . . . . . . . 4 2.1.1. Multiple Routers on Single Interface . . . . . . . . . 4
2.1.2. Ingress Filtering Problem . . . . . . . . . . . . . . 5 2.1.2. Ingress Filtering Problem . . . . . . . . . . . . . . 5
2.1.3. Half-Closed Network Problem . . . . . . . . . . . . . 6 2.1.3. Half-Closed Network Problem . . . . . . . . . . . . . 5
2.1.4. Combined Use of Global and ULA . . . . . . . . . . . . 7 2.1.4. Combined Use of Global and ULA . . . . . . . . . . . . 7
2.1.5. Site Renumbering . . . . . . . . . . . . . . . . . . . 8 2.1.5. Site Renumbering . . . . . . . . . . . . . . . . . . . 7
2.1.6. Multicast Source Address Selection . . . . . . . . . . 8 2.1.6. Multicast Source Address Selection . . . . . . . . . . 8
2.1.7. Temporary Address Selection . . . . . . . . . . . . . 8 2.1.7. Temporary Address Selection . . . . . . . . . . . . . 8
2.2. Destination Address Selection . . . . . . . . . . . . . . 9 2.2. Destination Address Selection . . . . . . . . . . . . . . 8
2.2.1. IPv4 or IPv6 prioritization . . . . . . . . . . . . . 9 2.2.1. IPv4 or IPv6 prioritization . . . . . . . . . . . . . 8
2.2.2. ULA and IPv4 dual-stack environment . . . . . . . . . 10 2.2.2. ULA and IPv4 dual-stack environment . . . . . . . . . 9
2.2.3. ULA or Global Prioritization . . . . . . . . . . . . . 10 2.2.3. ULA or Global Prioritization . . . . . . . . . . . . . 10
3. Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.1. More Specific Routes (RFC 4191) . . . . . . . . . . . . . 11 4. Security Considerations . . . . . . . . . . . . . . . . . . . 11
3.2. Policy Table Manipulation . . . . . . . . . . . . . . . . 11 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
3.3. Revising RFC 3484 . . . . . . . . . . . . . . . . . . . . 12 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 12 6.1. Normative References . . . . . . . . . . . . . . . . . . . 12
5. Security Considerations . . . . . . . . . . . . . . . . . . . 12 6.2. Informative References . . . . . . . . . . . . . . . . . . 12
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 Appendix A. Appendix. Revision History . . . . . . . . . . . . . 12
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12
7.1. Normative References . . . . . . . . . . . . . . . . . . . 12 Intellectual Property and Copyright Statements . . . . . . . . . . 14
7.2. Informative References . . . . . . . . . . . . . . . . . . 13
Appendix A. Appendix. Revision History . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
Intellectual Property and Copyright Statements . . . . . . . . . . 15
1. Introduction 1. Introduction
One physical network can carry multiple logical networks. In that One physical network can carry multiple logical networks. In that
case, an end-host has multiple IP addresses. In the IPv4-IPv6 dual case, an end-host has multiple IP addresses. In the IPv4-IPv6 dual
stack environment or in a site connected to both ULA [RFC4193] and stack environment or in a site connected to both ULA [RFC4193] and
Global scope networks, an end-host has multiple IP addresses. These Global scope networks, an end-host has multiple IP addresses. These
are examples of the networks that we focus on in this document. In are examples of the networks that we focus on in this document. In
such an environment, an end-host will encounter some communication such an environment, an end-host will encounter some communication
trouble. trouble.
skipping to change at page 4, line 11 skipping to change at page 4, line 11
2. Problem Statement 2. Problem Statement
2.1. Source Address Selection 2.1. Source Address Selection
2.1.1. Multiple Routers on Single Interface 2.1.1. Multiple Routers on Single Interface
================== ==================
| Internet | | Internet |
================== ==================
| | | |
2001:db8::/32 | | 3ffe:1800::/32 2001:db8:1000::/36 | | 2001:db8:8000::/36
+----+-+ +-+----+ +----+-+ +-+----+
| ISP1 | | ISP2 | | ISP1 | | ISP2 |
+----+-+ +-+----+ +----+-+ +-+----+
| | | |
2001:db8:a::/48 | | 3ffe:1800:a::/48 2001:db8:1000:::/48 | | 2001:db8:8000::/48
+------+---+ +----+-----+ +------+---+ +----+-----+
| Gateway1 | | Gateway2 | | Gateway1 | | Gateway2 |
+--------+-+ +-+--------+ +--------+-+ +-+--------+
| | | |
2001:db8:a:1::/64 | | 3ffe:1800:a:1::/64 2001:db8:1000:1::/64 | | 2001:db8:8000:1::/64
| | | |
-----+-+-----+------ -----+-+-----+------
| |
+-+----+ 2001:db8:a:1:EUI64 +-+----+ 2001:db8:1000:1::EUI64
| Host | 3ffe:1800:a:1:EUI64 | Host | 2001:db8:8000:1::EUI64
+------+ +------+
[Fig. 1] [Fig. 1]
Generally speaking, there is no interaction between next-hop Generally speaking, there is no interaction between next-hop
determination and address selection. In this example, when Host determination and address selection. In this example, when Host
sends a packet via Gateway1, the Host does not necessarily choose the sends a packet via Gateway1, the Host does not necessarily choose the
address 2001:db8:a:1::EUI64 given by Gateway1 as the source address. address 2001:db8:1000:1::EUI64 given by Gateway1 as the source
This causes the same problem as described in the next section address. This causes the same problem as described in the next
'Ingress Filtering Problem'. section 'Ingress Filtering Problem'.
To solve this case, one approach is to configure correctly both the
routing configuration and address selection policy at Host. You can
use RFC 4191 [RFC4191] to deliver routing information to hosts.
Another approach is to configure the gateways to make use of packet
redirection between the gateways.
2.1.2. Ingress Filtering Problem 2.1.2. Ingress Filtering Problem
================== ==================
| Internet | | Internet |
================== ==================
| | | |
2001:db8::/32 | | 3ffe:1800::/32 2001:db8:1000::/36 | | 2001:db8:8000::/36
+----+-+ +-+----+ +----+-+ +-+----+
| ISP1 | | ISP2 | | ISP1 | | ISP2 |
+----+-+ +-+----+ +----+-+ +-+----+
| | | |
2001:db8:a::/48 | | 3ffe:1800:a::/48 2001:db8:1000:::/48 | | 2001:db8:8000::/48
++-------++ ++-------++
| Gateway | | Gateway |
+----+----+ +----+----+
| 2001:db8:a:1::/64 | 2001:db8:1000:1::/64
| 3ffe:1800:a:1::/64 | 2001:db8:8000:1::/64
------+---+---------- ------+---+----------
| |
+-+----+ 2001:db8:a:1:EUI64 +-+----+ 2001:db8:1000:1::EUI64
| Host | 3ffe:1800:a:1:EUI64 | Host | 2001:db8:8000:1::EUI64
+------+ +------+
[Fig. 2] [Fig. 2]
When a relatively small site, which we call a "customer network", is When a relatively small site, which we call a "customer network", is
attached to two upstream ISPs, each ISP delegates a network address attached to two upstream ISPs, each ISP delegates a network address
block, which is usually /48, and a host has multiple IPv6 addresses. block, which is usually /48, and a host has multiple IPv6 addresses.
When the source address of an outgoing packet is not the one that is When the source address of an outgoing packet is not the one that is
delegated by an upstream ISP, there is a possibility that the packet delegated by an upstream ISP, there is a possibility that the packet
will be dropped at the ISP by its Ingress Filter. Ingress will be dropped at the ISP by its Ingress Filter. Ingress
filtering(uRPF: unicast Reverse Path Forwarding) is becoming more and filtering(uRPF: unicast Reverse Path Forwarding) is becoming more and
more popular among ISPs in order to mitigate the damage of DoS more popular among ISPs in order to mitigate the damage of DoS
attacks. attacks.
In this example, when the Gateway chooses the default route to ISP2 In this example, when the Gateway chooses the default route to ISP2
and the Host chooses 2001:db8:a:1::EUI64 as the source address for and the Host chooses 2001:db8:1000:1::EUI64 as the source address for
packets sent to a host(2001:fa8::1) somewhere in the Internet, the packets sent to a host(2001:db8:2000::1) somewhere in the Internet,
packets may be dropped at ISP2 because of Ingress Filtering. the packets may be dropped at ISP2 because of Ingress Filtering.
One possible solution for this problem is to adopt source-address-
based routing at the customer site's gateway, but this manner of
routing is not very popular at the moment.
2.1.3. Half-Closed Network Problem 2.1.3. Half-Closed Network Problem
You can see a second typical source address selection problem in a You can see a second typical source address selection problem in a
multihome site with global-closed mixed connectivity like the figure multihome site with global-closed mixed connectivity like the figure
below. In this case, Host-A is in a multihomed network and has two below. In this case, Host-A is in a multihomed network and has two
IPv6 addresses, one delegated from each of the upstream ISPs. Note IPv6 addresses, one delegated from each of the upstream ISPs. Note
that ISP2 is a closed network and does not have connectivity to the that ISP2 is a closed network and does not have connectivity to the
Internet. Internet.
+--------+ +--------+
| Host-C | 3ffe:503:c:1:EUI64 | Host-C | 2001:db8:a000::1
+-----+--+ +-----+--+
| |
============== +--------+ ============== +--------+
| Internet | | Host-B | 3ffe:1800::EUI64 | Internet | | Host-B | 2001:db8:8000::1
============== +--------+ ============== +--------+
| | | |
2001:db8::/32 | | 3ffe:1800::/32 2001:db8:1000:/36 | | 2001:db8:8000::/36
+----+-+ +-+---++ +----+-+ +-+---++
| ISP1 | | ISP2 | (Closed Network/VPN tunnel) | ISP1 | | ISP2 | (Closed Network/VPN tunnel)
+----+-+ +-+----+ +----+-+ +-+----+
| | | |
2001:db8:a::/48 | | 3ffe:1800:a::/48 2001:db8:1000:/48 | | 2001:db8:8000::/48
++-------++ ++-------++
| Gateway | | Gateway |
+----+----+ +----+----+
| 2001:db8:a:1::/64 | 2001:db8:1000:1::/64
| 3ffe:1800:a:1::/64 | 2001:db8:8000:1::/64
------+---+---------- ------+---+----------
| |
+--+-----+ 2001:db8:a:1:EUI64 +--+-----+ 2001:db8:1000:1::EUI64
| Host-A | 3ffe:1800:a:1:EUI64 | Host-A | 2001:db8:8000:1::EUI64
+--------+ +--------+
[Fig. 3] [Fig. 3]
You don't need two physical network connection here. The connection You don't need two physical network connection here. The connection
from Gateway to ISP2 can be a logical link over ISP1 and the from Gateway to ISP2 can be a logical link over ISP1 and the
Internet. Internet.
When Host-A starts the connection to Host-B in ISP2, the source When Host-A starts the connection to Host-B in ISP2, the source
address of a sending packet will be the one delegated from ISP2, that address of a sending packet will be the one delegated from ISP2, that
is 3ffe:1800:a:1:EUI64, because of rule 8 (longest matching prefix) is 2001:db8:8000:1::EUI64, because of rule 8 (longest matching
in RFC 3484. prefix) in RFC 3484.
Host-C is located somewhere in the Internet and has an IPv6 address Host-C is located somewhere in the Internet and has an IPv6 address
3ffe:503:c:1:EUI64. When Host-A sends a packet to Host-C, the 2001:db8:a000::1. When Host-A sends a packet to Host-C, the longest
longest matching algorithm chooses 3ffe:1800:a:1:EUI64 for the source matching algorithm chooses 2001:db8:8000:1::EUI64 for the source
address. In this case, the packet goes through ISP1 and may be address. In this case, the packet goes through ISP1 and may be
filtered by ISP1's ingress filter. Even if the packet is fortunately filtered by ISP1's ingress filter. Even if the packet is fortunately
not filtered by ISP1, a return packet from Host-C cannot possibly be not filtered by ISP1, a return packet from Host-C cannot possibly be
delivered to Host-A because the return packet is destined for 3ffe: delivered to Host-A because the return packet is destined for 2001:
1800:a:1:EUI64, which is closed from the Internet. db8:8000:1::EUI64, which is closed from the Internet.
In this case, source-address-based routing alone described in the What is important is that each host chooses a correct source address
previous section does not solve the problem. What is important is for a given destination address as far as NAT does not exist in the
that each host chooses a correct source address for a given IPv6 world.
destination address as far as NAT does not exist in the IPv6 world.
2.1.4. Combined Use of Global and ULA 2.1.4. Combined Use of Global and ULA
============ ============
| Internet | | Internet |
============ ============
| |
| |
+----+----+ +----+----+
| ISP | | ISP |
+----+----+ +----+----+
| |
2001:db8:a::/48 | 2001:db8:a::/48 |
+----+----+ +----+----+
| Gateway | | Gateway |
+-+-----+-+ +-+-----+-+
| | 2001:db8:a:100::/64 | | 2001:db8:a:100::/64
fd01:2:3:200:/64 | | fd01:2:3:100:/64 fd01:2:3:200:/64 | | fd01:2:3:100:/64
-----+--+- -+--+---- -----+--+- -+--+----
| | | |
fd01:2:3:200:EUI64 | | 2001:db8:a:100:EUI64 fd01:2:3:200::EUI64 | | 2001:db8:a:100::EUI64
+----+----+ +-+----+ fd01:2:3:100:EUI64 +----+----+ +-+----+ fd01:2:3:100::EUI64
| Printer | | Host | | Printer | | Host |
+---------+ +------+ +---------+ +------+
[Fig. 4] [Fig. 4]
As NAP [I-D.ietf-v6ops-nap] describes, using ULA may be beneficial in As NAP [I-D.ietf-v6ops-nap] describes, using ULA may be beneficial in
some scenarios. If ULA is used for internal communication, packets some scenarios. If ULA is used for internal communication, packets
with ULA addresses need to be filtered at Gateway. with ULA addresses need to be filtered at Gateway.
There is no serious problem related to address selection in this There is no serious problem related to address selection in this
skipping to change at page 10, line 19 skipping to change at page 10, line 9
Internet connectivity, and the enterprise wants to provide site-local Internet connectivity, and the enterprise wants to provide site-local
IPv6 connectivity, ULA is the best choice for site-local IPv6 IPv6 connectivity, ULA is the best choice for site-local IPv6
connectivity. Each employee host will have both an IPv4 global or connectivity. Each employee host will have both an IPv4 global or
private address and a ULA. Here, when this host tries to connect to private address and a ULA. Here, when this host tries to connect to
Host-C that has registered both A and AAAA records in the DNS, the Host-C that has registered both A and AAAA records in the DNS, the
host will choose AAAA as the destination address and ULA for the host will choose AAAA as the destination address and ULA for the
source address. This will clearly result in a connection failure. source address. This will clearly result in a connection failure.
+--------+ +--------+
| Host-C | AAAA = 2001:db8::80 | Host-C | AAAA = 2001:db8::80
+-----+--+ A = 192.47.163.1 +-----+--+ A = 192.0.2.1
| |
============ ============
| Internet | | Internet |
============ ============
| no IPv6 connectivity | no IPv6 connectivity
+----+----+ +----+----+
| Gateway | | Gateway |
+----+----+ +----+----+
| |
| fd01:2:3::/48 (ULA) | fd01:2:3::/48 (ULA)
| 192.0.2.0/24 | 192.0.2.128/25
++--------+ ++--------+
| Router | | Router |
+----+----+ +----+----+
| fd01:2:3:4::/64 (ULA) | fd01:2:3:4::/64 (ULA)
| 192.0.2.240/28 | 192.0.2.240/28
------+---+---------- ------+---+----------
| |
+-+----+ fd01:2:3:4::100 (ULA) +-+----+ fd01:2:3:4::100 (ULA)
| Host | 192.0.2.245 | Host | 192.0.2.245
+------+ +------+
skipping to change at page 10, line 52 skipping to change at page 10, line 42
[Fig. 7] [Fig. 7]
2.2.3. ULA or Global Prioritization 2.2.3. ULA or Global Prioritization
It is very common to differentiate services by the client's source It is very common to differentiate services by the client's source
address. IP-address-based authentication is an extreme example of address. IP-address-based authentication is an extreme example of
this. Another typical example is a web service that has pages for this. Another typical example is a web service that has pages for
the public and internal pages for employees or involved parties. Yet the public and internal pages for employees or involved parties. Yet
another example is DNS zone splitting. another example is DNS zone splitting.
However, ULA and IPv6 global address both have global scope, and RFC However, ULA and IPv6 global address both have global scope, and
3484 default rules do not specify which address should be given RFC3484 default rules do not specify which address should be given
priority. This point makes IPv6 implementation of address-based priority. This point makes IPv6 implementation of address-based
service differentiation a bit harder. service differentiation a bit harder.
+------+ +------+
| Host | | Host |
+-+--|-+ +-+--|-+
| | | |
===========|== ===========|==
| Internet | | | Internet | |
===========|== ===========|==
skipping to change at page 11, line 27 skipping to change at page 11, line 24
+----+-+ +-->+------+ +----+-+ +-->+------+
| ISP +------+ DNS | 2001:db8:a::80 | ISP +------+ DNS | 2001:db8:a::80
+----+-+ +-->+------+ fc12:3456:789a::80 +----+-+ +-->+------+ fc12:3456:789a::80
| | | |
2001:db8:a::/48 | | 2001:db8:a::/48 | |
fc12:3456:789a::/48 | | fc12:3456:789a::/48 | |
+----+----|+ +----+----|+
| Gateway || | Gateway ||
+---+-----|+ +---+-----|+
| | 2001:db8:a:100::/64 | | 2001:db8:a:100::/64
| | fc12:3456:789a:100:/64 | | fc12:3456:789a:100::/64
--+-+---|----- --+-+---|-----
| | | |
+-+---|+ 2001:db8:a:100:EUI64 +-+---|+ 2001:db8:a:100::EUI64
| Host | fc12:3456:789a:100:EUI64 | Host | fc12:3456:789a:100::EUI64
+------+ +------+
[Fig. 7] [Fig. 7]
3. Solutions 3. Conclusion
3.1. More Specific Routes (RFC 4191)
This method enables network administrator to distribute routing
information to end-hosts. It can solve only two problems in this
document, that is 2.1.1, 2.2.2. Routing information doesn't
determine the source address when multiple addresses are attached to
the outgoing network interface. So, it cannot be used for every
cases here.
3.2. Policy Table Manipulation
Almost all the problem cases raised in this document can be solved by
configuring the policy table at end-hosts. The problem for a site-
administrator is that he does not have the means to deliver policies
to end-hosts. Therefore, we proposed a method for policy
distribution in the form of DHCPv6 option
[I-D.fujisaki-dhc-addr-select-opt]. The usage of this mechanisim is
illustrated in another I-D [I-D.arifumi-ipv6-policy-dist].
3.3. Revising RFC 3484
Revising address selection rules defined in RFC 3484 in another idea.
These problems are, however, too network-environment-specific, so
it's not easy to have all-purpose rule set.
4. Conclusion
We have covered problems related to destination or source address We have covered problems related to destination or source address
selection. These problems have their roots in the situation where selection. These problems have their roots in the situation where
end-hosts have multiple IP addresses. In this situation, every end- end-hosts have multiple IP addresses. In this situation, every end-
host must choose an appropriate destination and source address, which host must choose an appropriate destination and source address, which
cannot be achieved only by routers. cannot be achieved only by routers.
It should be noted that end-hosts must be informed about routing It should be noted that end-hosts must be informed about routing
policies of their upstream networks for appropriate address policies of their upstream networks for appropriate address
selection. A site administrator must consider every possible address selection. A site administrator must consider every possible address
false-selection problem and take countermeasures beforehand. false-selection problem and take countermeasures beforehand.
5. Security Considerations 4. Security Considerations
Address false-selection can lead to serious security problem, such as Address false-selection can lead to serious security problem, such as
session hijack. However, it should be noted that address selection session hijack. However, it should be noted that address selection
is eventually up to end-hosts. We have no means to enforce one is eventually up to end-hosts. We have no means to enforce one
specific address selection policy to every end-host. So, a network specific address selection policy to every end-host. So, a network
administrator has to take countermeasures for unexpected address administrator has to take countermeasures for unexpected address
selection. selection.
6. IANA Considerations 5. IANA Considerations
This document has no actions for IANA. This document has no actions for IANA.
7. References 6. References
7.1. Normative References 6.1. Normative References
[RFC3484] Draves, R., "Default Address Selection for Internet [RFC3484] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003. Protocol version 6 (IPv6)", RFC 3484, February 2003.
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", RFC 4193, October 2005. Addresses", RFC 4193, October 2005.
7.2. Informative References 6.2. Informative References
[I-D.arifumi-ipv6-policy-dist]
Matsumoto, A., "Practical Usages of Address Selection
Policy Distribution", draft-arifumi-ipv6-policy-dist-01
(work in progress), June 2006.
[I-D.fujisaki-dhc-addr-select-opt]
Fujisaki, T., "Distributing Default Address Selection
Policy using DHCPv6",
draft-fujisaki-dhc-addr-select-opt-02 (work in progress),
June 2006.
[I-D.ietf-v6ops-nap] [I-D.ietf-v6ops-nap]
Velde, G., "Network Architecture Protection for IPv6", Velde, G., "Local Network Protection for IPv6",
draft-ietf-v6ops-nap-04 (work in progress), October 2006. draft-ietf-v6ops-nap-06 (work in progress), January 2007.
[RFC3041] Narten, T. and R. Draves, "Privacy Extensions for [RFC3041] Narten, T. and R. Draves, "Privacy Extensions for
Stateless Address Autoconfiguration in IPv6", RFC 3041, Stateless Address Autoconfiguration in IPv6", RFC 3041,
January 2001. January 2001.
[RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and
More-Specific Routes", RFC 4191, November 2005.
[RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for [RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for
Renumbering an IPv6 Network without a Flag Day", RFC 4192, Renumbering an IPv6 Network without a Flag Day", RFC 4192,
September 2005. September 2005.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006. Architecture", RFC 4291, February 2006.
Appendix A. Appendix. Revision History Appendix A. Appendix. Revision History
01: 01:
Authors' addresses corrected. IP addresse notations changed to docmentation address.
Solutions section added. Descriptoin of solutions deleted.
Security Considerations section fully rewritten.
Some editorial changes.
Authors' Addresses Authors' Addresses
Arifumi Matsumoto Arifumi Matsumoto
NTT PF Lab NTT PF Lab
Midori-Cho 3-9-11 Midori-Cho 3-9-11
Musashino-shi, Tokyo 180-8585 Musashino-shi, Tokyo 180-8585
Japan Japan
Phone: +81 422 59 3334 Phone: +81 422 59 3334
Email: arifumi@nttv6.net Email: arifumi@nttv6.net
Tomohiro Fujisaki Tomohiro Fujisaki
NTT PF Lab NTT PF Lab
Midori-Cho 3-9-11 Midori-Cho 3-9-11
Musashino-shi, Tokyo 180-8585 Musashino-shi, Tokyo 180-8585
Japan Japan
Phone: +81 422 59 7351 Phone: +81 422 59 7351
Email: fujisaki@syce.net Email: fujisaki@nttv6.net
Ruri Hiromi Ruri Hiromi
Intec Netcore, Inc. Intec Netcore, Inc.
Shinsuna 1-3-3 Shinsuna 1-3-3
Koto-ku, Tokyo 136-0075 Koto-ku, Tokyo 136-0075
Japan Japan
Phone: +81 3 5665 5069 Phone: +81 3 5665 5069
Email: hiromi@inetcore.com Email: hiromi@inetcore.com
skipping to change at page 15, line 7 skipping to change at page 14, line 7
Intec Netcore, Inc. Intec Netcore, Inc.
Shinsuna 1-3-3 Shinsuna 1-3-3
Koto-ku, Tokyo 136-0075 Koto-ku, Tokyo 136-0075
Japan Japan
Phone: +81 3 5665 5069 Phone: +81 3 5665 5069
Email: kanayama@inetcore.com Email: kanayama@inetcore.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2006). Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
 End of changes. 47 change blocks. 
137 lines changed or deleted 79 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/