| draft-ietf-v6ops-addr-select-ps-05.txt | draft-ietf-v6ops-addr-select-ps-06.txt | |||
|---|---|---|---|---|
| IPv6 Operations Working Group A. Matsumoto | IPv6 Operations Working Group A. Matsumoto | |||
| Internet-Draft T. Fujisaki | Internet-Draft T. Fujisaki | |||
| Intended status: Informational NTT | Intended status: Informational NTT | |||
| Expires: October 24, 2008 R. Hiromi | Expires: November 15, 2008 R. Hiromi | |||
| K. Kanayama | K. Kanayama | |||
| Intec Netcore | Intec Netcore | |||
| April 22, 2008 | May 14, 2008 | |||
| Problem Statement of Default Address Selection in Multi-prefix | Problem Statement of Default Address Selection in Multi-prefix | |||
| Environment: Operational Issues of RFC3484 Default Rules | Environment: Operational Issues of RFC3484 Default Rules | |||
| draft-ietf-v6ops-addr-select-ps-05.txt | draft-ietf-v6ops-addr-select-ps-06.txt | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 1, line 38 | skipping to change at page 1, line 38 | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on October 24, 2008. | This Internet-Draft will expire on November 15, 2008. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The IETF Trust (2008). | Copyright (C) The IETF Trust (2008). | |||
| Abstract | Abstract | |||
| One physical link can carry multiple subnets. Moreover, we can use | A single physical link can have multiple prefixes assigned to it. In | |||
| multiple physical networks at the same time in a host. In that | that environment, end hosts might have multiple IP addresses and be | |||
| environment, end hosts might have multiple IP addresses and be | required to use them selectively. RFC 3484 defines default source | |||
| required to use them selectively. Without an appropriate source/ | and destination address selection rules and is implemented in a | |||
| destination address selection mechanism, the host will experience | variety of OS's. But, it has been too difficult to use operationally | |||
| some trouble in communication. RFC 3484 defines default source and | for several reasons, In some environment where multiple prefixes are | |||
| destination address selection algorithms, but the multi-prefix | assigned on a single physical link, the host with the default address | |||
| environment considered here needs additional rules beyond those of | selection rules will experience some trouble in communication. This | |||
| the default operation. This document describes the possible problems | document describes the possible problems that end hosts could | |||
| that end hosts could encounter in an environment with multiple | encounter in an environment with multiple prefixes. | |||
| subnets. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Scope of this document . . . . . . . . . . . . . . . . . . 3 | 1.1. Scope of this document . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.1. Source Address Selection . . . . . . . . . . . . . . . . . 3 | 2.1. Source Address Selection . . . . . . . . . . . . . . . . . 4 | |||
| 2.1.1. Multiple Routers on Single Interface . . . . . . . . . 4 | 2.1.1. Multiple Routers on Single Interface . . . . . . . . . 4 | |||
| 2.1.2. Ingress Filtering Problem . . . . . . . . . . . . . . 5 | 2.1.2. Ingress Filtering Problem . . . . . . . . . . . . . . 5 | |||
| 2.1.3. Half-Closed Network Problem . . . . . . . . . . . . . 5 | 2.1.3. Half-Closed Network Problem . . . . . . . . . . . . . 6 | |||
| 2.1.4. Combined Use of Global and ULA . . . . . . . . . . . . 7 | 2.1.4. Combined Use of Global and ULA . . . . . . . . . . . . 7 | |||
| 2.1.5. Site Renumbering . . . . . . . . . . . . . . . . . . . 8 | 2.1.5. Site Renumbering . . . . . . . . . . . . . . . . . . . 8 | |||
| 2.1.6. Multicast Source Address Selection . . . . . . . . . . 8 | 2.1.6. Multicast Source Address Selection . . . . . . . . . . 9 | |||
| 2.1.7. Temporary Address Selection . . . . . . . . . . . . . 9 | 2.1.7. Temporary Address Selection . . . . . . . . . . . . . 9 | |||
| 2.2. Destination Address Selection . . . . . . . . . . . . . . 9 | 2.2. Destination Address Selection . . . . . . . . . . . . . . 10 | |||
| 2.2.1. IPv4 or IPv6 prioritization . . . . . . . . . . . . . 9 | 2.2.1. IPv4 or IPv6 prioritization . . . . . . . . . . . . . 10 | |||
| 2.2.2. ULA and IPv4 dual-stack environment . . . . . . . . . 10 | 2.2.2. ULA and IPv4 dual-stack environment . . . . . . . . . 11 | |||
| 2.2.3. ULA or Global Prioritization . . . . . . . . . . . . . 11 | 2.2.3. ULA or Global Prioritization . . . . . . . . . . . . . 12 | |||
| 3. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 12 | 3. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 12 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 6.1. Normative References . . . . . . . . . . . . . . . . . . . 13 | 6.1. Normative References . . . . . . . . . . . . . . . . . . . 14 | |||
| 6.2. Informative References . . . . . . . . . . . . . . . . . . 14 | 6.2. Informative References . . . . . . . . . . . . . . . . . . 14 | |||
| Appendix A. Appendix. Revision History . . . . . . . . . . . . . 14 | Appendix A. Appendix. Revision History . . . . . . . . . . . . . 14 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| Intellectual Property and Copyright Statements . . . . . . . . . . 16 | Intellectual Property and Copyright Statements . . . . . . . . . . 17 | |||
| 1. Introduction | 1. Introduction | |||
| One physical link can carry multiple subnets. In that case, an end- | In IPv6, a single physical link can have multiple prefixes assigned | |||
| host has multiple IP addresses. In the IPv4-IPv6 dual stack | to it. In such cases, an end-host may have multiple IP addresses | |||
| environment or in a site connected to both a ULA [RFC4193] and Global | assigned to an interface on that link. In the IPv4-IPv6 dual stack | |||
| scope networks, an end-host has multiple IP addresses. These are | environment or in a site connected to both a ULA [RFC4193] and | |||
| examples of networks that we focus on in this document. In such an | Globally routable networks, an end-host typically has multiple IP | |||
| environment, an end-host will encounter some communication troubles. | addresses. These are examples of the networks that we focus on in | |||
| this document. In such an environment, an end-host may encounter | ||||
| some communication troubles. | ||||
| Inappropriate source address selection at the end-host causes | Inappropriate source address selection at the end-host causes | |||
| unexpected asymmetric routing, filtering by a router or discarding of | unexpected asymmetric routing, filtering by a router or discarding of | |||
| packets bacause there is no route to the host. | packets bacause there is no route to the host. | |||
| Considering a multi-prefix environment, destination address selection | Considering a multi-prefix environment, destination address selection | |||
| is also important for correct or better communication establishment. | is also important for correct or better communication establishment. | |||
| RFC 3484 [RFC3484] defines default source and destination address | RFC 3484 [RFC3484] defines default source and destination address | |||
| selection algorithms. In most cases, the host will be able to | selection algorithms and is implemented in a variety of OS's. But, | |||
| communicate with the targeted host using the algorithms. However, | it has been too difficult to use operationally for several reasons, | |||
| there are still problematic cases. This document describes such | such as lack of autoconfiguration method. There are some problematic | |||
| possibilities of incorrect address selection, which leads to dropping | cases where the host with the default address selection rules | |||
| packets and communication failure. | encounter communication troubles. | |||
| This document describes such possibilities of incorrect address | ||||
| selection which leads to dropping packets and communication failure. | ||||
| 1.1. Scope of this document | 1.1. Scope of this document | |||
| There has been a lot of discussion about "multiple addresses/ | As other mechanisms already exists, the multi-homing techniques for | |||
| prefixes". As other mechanisms already exists, the multi-homing | achieving redundancy are basically out of our scope. | |||
| techniques for achieving redundancy are out of our scope. | ||||
| We focus on an end-site network environment. The scope of this | We focus on an end-site network environment and unmanaged hosts in | |||
| document is to sort out problematic cases related to address | such an environment. This is because address selection behavior at | |||
| selection. It includes problems that cannot always be solved by | this kind of hosts are difficult to manipulate owing to the users's | |||
| changing the host's address selection algorithm, such as an address | lack of knowledge, hosts' location, or massiveness of the hosts. | |||
| selection mechanism that depends on the IPv6 address types. For | ||||
| example, a global address isn't always globally routable and ULA's | The scope of this document is to sort out problematic cases related | |||
| routable domain is dependent on the network policy. This document | to address selection. It includes problems that can be solved in the | |||
| includes these kind of network policy related address selection | framework of RFC 3484 and problems that cannot. For the latter, RFC | |||
| problems, as long as these problems are serious enough and worth | 3484 might be modified to meet their needs, or another address | |||
| solving. | selection solution might be necessary. For the former, an additional | |||
| mechanism that mitigates the operational difficulty might be | ||||
| necessary. | ||||
| This document also includes simple solution analysis for each | ||||
| problematic case. This analysis basically just focuses on whether | ||||
| the case can be solved in the framework of RFC 3484 or not. If not, | ||||
| some possible solutions are described. Even if a case can be solved | ||||
| in the framework of RFC 3484, as mentioned above, it does not | ||||
| necessarily mean that there is no operational difficulty. For | ||||
| example, in the environment stated above, it is not a feasible | ||||
| solution to configure each host's policy table by hand. So, for such | ||||
| an solution, configuration pain is yet another common problem. | ||||
| 2. Problem Statement | 2. Problem Statement | |||
| 2.1. Source Address Selection | 2.1. Source Address Selection | |||
| 2.1.1. Multiple Routers on Single Interface | 2.1.1. Multiple Routers on Single Interface | |||
| ================== | ================== | |||
| | Internet | | | Internet | | |||
| ================== | ================== | |||
| skipping to change at page 4, line 33 | skipping to change at page 4, line 44 | |||
| -----+-+-----+------ | -----+-+-----+------ | |||
| | | | | |||
| +-+----+ 2001:db8:1000:1::100 | +-+----+ 2001:db8:1000:1::100 | |||
| | Host | 2001:db8:8000:1::100 | | Host | 2001:db8:8000:1::100 | |||
| +------+ | +------+ | |||
| [Fig. 1] | [Fig. 1] | |||
| Generally speaking, there is no interaction between next-hop | Generally speaking, there is no interaction between next-hop | |||
| determination and address selection. In this example, when a host | determination and address selection. In this example, when a host | |||
| sends a packet via Router1, the host does not necessarily choose | starts a new connection and sends a packet via Router1, the host does | |||
| address 2001:db8:1000:1::100 given by Router1 as the source address. | not necessarily choose address 2001:db8:1000:1::100 given by Router1 | |||
| This causes the same problem as described in the next section | as the source address. This causes the same problem as described in | |||
| 'Ingress Filtering Problem'. | the next section 'Ingress Filtering Problem'. | |||
| Solution analysis: | ||||
| As this case depends on next hop selection, controling the address | ||||
| selection behavior at Host alone doesn't solve the entire problem. | ||||
| One possible solution for this case is adopting source address | ||||
| based routing at Router1 and Router2. Another solution may be | ||||
| using static routing at Router1, Router2 and Host, and using the | ||||
| corresponding static address selection policy at Host. | ||||
| 2.1.2. Ingress Filtering Problem | 2.1.2. Ingress Filtering Problem | |||
| ================== | ================== | |||
| | Internet | | | Internet | | |||
| ================== | ================== | |||
| | | | | | | |||
| 2001:db8:1000::/36 | | 2001:db8:8000::/36 | 2001:db8:1000::/36 | | 2001:db8:8000::/36 | |||
| +----+-+ +-+----+ | +----+-+ +-+----+ | |||
| | ISP1 | | ISP2 | | | ISP1 | | ISP2 | | |||
| skipping to change at page 5, line 45 | skipping to change at page 5, line 52 | |||
| delegated by an upstream ISP, there is a possibility that the packet | delegated by an upstream ISP, there is a possibility that the packet | |||
| will be dropped at the ISP by its Ingress Filter. Ingress | will be dropped at the ISP by its Ingress Filter. Ingress | |||
| filtering(uRPF: unicast Reverse Path Forwarding) is becoming more | filtering(uRPF: unicast Reverse Path Forwarding) is becoming more | |||
| popular among ISPs to mitigate the damage of DoS attacks. | popular among ISPs to mitigate the damage of DoS attacks. | |||
| In this example, when the Router chooses the default route to ISP2 | In this example, when the Router chooses the default route to ISP2 | |||
| and the Host chooses 2001:db8:1000:1::100 as the source address for | and the Host chooses 2001:db8:1000:1::100 as the source address for | |||
| packets sent to a host (2001:db8:2000::1) somewhere on the Internet, | packets sent to a host (2001:db8:2000::1) somewhere on the Internet, | |||
| the packets may be dropped at ISP2 because of Ingress Filtering. | the packets may be dropped at ISP2 because of Ingress Filtering. | |||
| Solution analysis: | ||||
| One possible solution for this case is adopting source address | ||||
| based routing at Router. Another solution may be using static | ||||
| routing at Router, and using the corresponding static address | ||||
| selection policy at Host. | ||||
| 2.1.3. Half-Closed Network Problem | 2.1.3. Half-Closed Network Problem | |||
| You can see a second typical source address selection problem in a | You can see a second typical source address selection problem in a | |||
| multihome site with global-closed mixed connectivity like in the | multihome site with global-closed mixed connectivity like in the | |||
| figure below. In this case, Host-A is in a multihomed network and | figure below. In this case, Host-A is in a multihomed network and | |||
| has two IPv6 addresses, one delegated from each of the upstream ISPs. | has two IPv6 addresses, one delegated from each of the upstream ISPs. | |||
| Note that ISP2 is a closed network and does not have connectivity to | Note that ISP2 is a closed network and does not have connectivity to | |||
| the Internet. | the Internet. | |||
| +--------+ | +--------+ | |||
| skipping to change at page 7, line 7 | skipping to change at page 7, line 21 | |||
| filtered by ISP1, a return packet from Host-C cannot possibly be | filtered by ISP1, a return packet from Host-C cannot possibly be | |||
| delivered to Host-A because the return packet is destined for 2001: | delivered to Host-A because the return packet is destined for 2001: | |||
| db8:8000:1::100, which is closed from the Internet. | db8:8000:1::100, which is closed from the Internet. | |||
| The important point is that each host chooses a correct source | The important point is that each host chooses a correct source | |||
| address for a given destination address. To solve this kind of | address for a given destination address. To solve this kind of | |||
| network policy based address selection problems, it is likely that | network policy based address selection problems, it is likely that | |||
| delivering addtional information to a node fits better than | delivering addtional information to a node fits better than | |||
| algorithmic solutions that are local to the node. | algorithmic solutions that are local to the node. | |||
| Solution analysis: | ||||
| This problem can be solved in the RFC 3484 framework. For | ||||
| example, configuring some address selection policies into Host-A's | ||||
| RFC 3484 policy table can solve this problem. | ||||
| 2.1.4. Combined Use of Global and ULA | 2.1.4. Combined Use of Global and ULA | |||
| ============ | ============ | |||
| | Internet | | | Internet | | |||
| ============ | ============ | |||
| | | | | |||
| | | | | |||
| +----+----+ | +----+----+ | |||
| | ISP | | | ISP | | |||
| +----+----+ | +----+----+ | |||
| skipping to change at page 7, line 32 | skipping to change at page 8, line 4 | |||
| | | 2001:db8:a:100::/64 | | | 2001:db8:a:100::/64 | |||
| fd01:2:3:200:/64 | | fd01:2:3:100:/64 | fd01:2:3:200:/64 | | fd01:2:3:100:/64 | |||
| -----+--+- -+--+---- | -----+--+- -+--+---- | |||
| | | | | | | |||
| fd01:2:3:200::101 | | 2001:db8:a:100::100 | fd01:2:3:200::101 | | 2001:db8:a:100::100 | |||
| +----+----+ +-+----+ fd01:2:3:100::100 | +----+----+ +-+----+ fd01:2:3:100::100 | |||
| | Printer | | Host | | | Printer | | Host | | |||
| +---------+ +------+ | +---------+ +------+ | |||
| [Fig. 4] | [Fig. 4] | |||
| As RFC 4864 [RFC4864] describes, using a ULA may be beneficial in | ||||
| As NAP [I-D.ietf-v6ops-nap] describes, using a ULA may be beneficial | some scenarios. If the ULA is used for internal communication, | |||
| in some scenarios. If the ULA is used for internal communication, | ||||
| packets with ULA need to be filtered at the Router. | packets with ULA need to be filtered at the Router. | |||
| This case does not presently create an address selection problem | This case does not presently create an address selection problem | |||
| because of the dissimilarity between the ULA and the Global Unicast | because of the dissimilarity between the ULA and the Global Unicast | |||
| Address. The longest matching rule of RFC 3484 chooses the correct | Address. The longest matching rule of RFC 3484 chooses the correct | |||
| address for both intra-site and extra-site communication. | address for both intra-site and extra-site communication. | |||
| In the future, however, there is a possibility that the longest | In the future, however, there is a possibility that the longest | |||
| matching rule will not be able to choose the correct address anymore. | matching rule will not be able to choose the correct address anymore. | |||
| That is the moment when the assignment of those Global Unicast | That is the moment when the assignment of those Global Unicast | |||
| skipping to change at page 8, line 11 | skipping to change at page 8, line 30 | |||
| Namely, when we start to assign a part of the address block 8000::/1 | Namely, when we start to assign a part of the address block 8000::/1 | |||
| as the global unicast address and that part is used somewhere in the | as the global unicast address and that part is used somewhere in the | |||
| Internet, the longest matching rule ceases to function properly for | Internet, the longest matching rule ceases to function properly for | |||
| the people trying to connect to the servers with those addresses. | the people trying to connect to the servers with those addresses. | |||
| For example, when the destination host has an IPv6 address 8000::1, | For example, when the destination host has an IPv6 address 8000::1, | |||
| and the originating host has 2001:db8::1 and fd0:1::1, the source | and the originating host has 2001:db8::1 and fd0:1::1, the source | |||
| address will be fd00:1::1, because the longest matching bit length is | address will be fd00:1::1, because the longest matching bit length is | |||
| 0 for 2001:db8::1 and 1 for fd0:1::1 respectively. | 0 for 2001:db8::1 and 1 for fd0:1::1 respectively. | |||
| Solution analysis: | ||||
| This problem can be solved in the RFC 3484 framework. For | ||||
| example, configuring some address selection policies into Host's | ||||
| RFC 3484 policy table can solve this problem. Another solution is | ||||
| to modify RFC 3484 and define ULA's scope smaller than the global | ||||
| scope. | ||||
| 2.1.5. Site Renumbering | 2.1.5. Site Renumbering | |||
| RFC 4192 [RFC4192] describes a recommended procedure for renumbering | RFC 4192 [RFC4192] describes a recommended procedure for renumbering | |||
| a network from one prefix to another. An autoconfigured address has | a network from one prefix to another. An autoconfigured address has | |||
| a lifetime, so by stopping advertisement of the old prefix, the | a lifetime, so by stopping advertisement of the old prefix, the | |||
| autoconfigured address is eventually invalidated. | autoconfigured address is eventually invalidated. | |||
| However, invalidating the old prefix takes a long time. You cannot | However, invalidating the old prefix takes a long time. You cannot | |||
| stop routing to the old prefix as long as the old prefix is not | stop routing to the old prefix as long as the old prefix is not | |||
| removed from the host. This can be a tough issue for ISP network | removed from the host. This can be a tough issue for ISP network | |||
| skipping to change at page 8, line 42 | skipping to change at page 9, line 20 | |||
| | 2001:db8:b::/64 (new) | | 2001:db8:b::/64 (new) | |||
| | 2001:db8:a::/64 (old) | | 2001:db8:a::/64 (old) | |||
| ------+---+---------- | ------+---+---------- | |||
| | | | | |||
| +--+-----+ 2001:db8:b::100 (new) | +--+-----+ 2001:db8:b::100 (new) | |||
| | Host-A | 2001:db8:a::100 (old) | | Host-A | 2001:db8:a::100 (old) | |||
| +--------+ | +--------+ | |||
| [Fig. 5] | [Fig. 5] | |||
| Solution analysis: | ||||
| This problem can be mitigated in the RFC 3484 framework. For | ||||
| example, configuring some address selection policies into the | ||||
| Host-A's RFC 3484 policy table can solve this problem. | ||||
| 2.1.6. Multicast Source Address Selection | 2.1.6. Multicast Source Address Selection | |||
| This case is an example of site-local or global prioritization. When | This case is an example of site-local or global prioritization. When | |||
| you send a multicast packet across site-borders, the source address | you send a multicast packet across site-borders, the source address | |||
| of the multicast packet should be a globally routable address. The | of the multicast packet should be a globally routable address. The | |||
| longest matching algorithm, however, selects a ULA if the sending | longest matching algorithm, however, selects a ULA if the sending | |||
| host has both a ULA and a Global Unicast Address. | host has both a ULA and a Global Unicast Address. | |||
| 2.1.7. Temporary Address Selection | 2.1.7. Temporary Address Selection | |||
| skipping to change at page 9, line 23 | skipping to change at page 9, line 51 | |||
| If you could turn the temporary address on and off, that would be | If you could turn the temporary address on and off, that would be | |||
| better. If you could switch its usage per service (destination | better. If you could switch its usage per service (destination | |||
| address), that would also be better. The same situation can be found | address), that would also be better. The same situation can be found | |||
| when using HA (home address) and CoA (care-of address)in a Mobile | when using HA (home address) and CoA (care-of address)in a Mobile | |||
| IPv6 [RFC3775] network. | IPv6 [RFC3775] network. | |||
| At the Future Work section in RFC 3041, it discusses that the API | At the Future Work section in RFC 3041, it discusses that the API | |||
| extension might be necessary to achieve better address selection | extension might be necessary to achieve better address selection | |||
| mechanism with finer granularity. | mechanism with finer granularity. | |||
| Solution analysis: | ||||
| This problem can not be solved in the RFC 3484 framework. A | ||||
| possible solution is to make applications to select desirable | ||||
| addresses by using IPv6 Socket API for Source Address Selection | ||||
| defind in RFC 5014 [RFC5014]. | ||||
| 2.2. Destination Address Selection | 2.2. Destination Address Selection | |||
| 2.2.1. IPv4 or IPv6 prioritization | 2.2.1. IPv4 or IPv6 prioritization | |||
| The default policy table gives IPv6 addresses higher precedence than | The default policy table gives IPv6 addresses higher precedence than | |||
| IPv4 addresses. There seem to be many cases, however, where network | IPv4 addresses. There seem to be many cases, however, where network | |||
| administrators want to control the address selection policy of end- | administrators want to control the address selection policy of end- | |||
| hosts the other way around. | hosts the other way around. | |||
| +---------+ | +---------+ | |||
| skipping to change at page 10, line 41 | skipping to change at page 11, line 6 | |||
| | Host | 192.0.2.2 | | Host | 192.0.2.2 | |||
| +------+ | +------+ | |||
| [Fig. 6] | [Fig. 6] | |||
| In the figure above, a site has native IPv4 and tunneled-IPv6 | In the figure above, a site has native IPv4 and tunneled-IPv6 | |||
| connectivity. Therefore, the administrator may want to set a higher | connectivity. Therefore, the administrator may want to set a higher | |||
| priority for using IPv4 than using IPv6 because the quality of the | priority for using IPv4 than using IPv6 because the quality of the | |||
| tunnel network seems to be worse than that of the native transport. | tunnel network seems to be worse than that of the native transport. | |||
| Solution analysis: | ||||
| This problem can be solved in the RFC 3484 framework. For | ||||
| example, configuring some address selection policies into Host's | ||||
| RFC 3484 policy table can solve this problem. | ||||
| 2.2.2. ULA and IPv4 dual-stack environment | 2.2.2. ULA and IPv4 dual-stack environment | |||
| This is a special form of IPv4 and IPv6 prioritization. When an | This is a special form of IPv4 and IPv6 prioritization. When an | |||
| enterprise has IPv4 Internet connectivity but does not yet have IPv6 | enterprise has IPv4 Internet connectivity but does not yet have IPv6 | |||
| Internet connectivity, and the enterprise wants to provide site-local | Internet connectivity, and the enterprise wants to provide site-local | |||
| IPv6 connectivity, a ULA is the best choice for site-local IPv6 | IPv6 connectivity, a ULA is the best choice for site-local IPv6 | |||
| connectivity. Each employee host will have both an IPv4 global or | connectivity. Each employee host will have both an IPv4 global or | |||
| private address and a ULA. Here, when this host tries to connect to | private address and a ULA. Here, when this host tries to connect to | |||
| Host-C that has registered both A and AAAA records in the DNS, the | Host-C that has registered both A and AAAA records in the DNS, the | |||
| host will choose AAAA as the destination address and the ULA for the | host will choose AAAA as the destination address and the ULA for the | |||
| skipping to change at page 11, line 32 | skipping to change at page 11, line 50 | |||
| | fd01:2:3:4::/64 (ULA) | | fd01:2:3:4::/64 (ULA) | |||
| | 192.0.2.240/28 | | 192.0.2.240/28 | |||
| ------+---+---------- | ------+---+---------- | |||
| | | | | |||
| +-+----+ fd01:2:3:4::100 (ULA) | +-+----+ fd01:2:3:4::100 (ULA) | |||
| | Host | 192.0.2.245 | | Host | 192.0.2.245 | |||
| +------+ | +------+ | |||
| [Fig. 7] | [Fig. 7] | |||
| Solution analysis: | ||||
| This problem can be solved in the RFC 3484 framework. For | ||||
| example, configuring some address selection policies into Host's | ||||
| RFC 3484 policy table can solve this problem. | ||||
| 2.2.3. ULA or Global Prioritization | 2.2.3. ULA or Global Prioritization | |||
| Differentiating services by the client's source address is very | Differentiating services by the client's source address is very | |||
| common. IP-address-based authentication is an typical example of | common. IP-address-based authentication is an typical example of | |||
| this. Another typical example is a web service that has pages for | this. Another typical example is a web service that has pages for | |||
| the public and internal pages for employees or involved parties. Yet | the public and internal pages for employees or involved parties. Yet | |||
| another example is DNS zone splitting. | another example is DNS zone splitting. | |||
| However, a ULA and IPv6 global address both have global scope, and | However, a ULA and IPv6 global address both have global scope, and | |||
| RFC3484 default rules do not specify which address should be given | RFC3484 default rules do not specify which address should be given | |||
| skipping to change at page 12, line 33 | skipping to change at page 12, line 50 | |||
| | | 2001:db8:a:100::/64 | | | 2001:db8:a:100::/64 | |||
| | | fc12:3456:789a:100::/64 | | | fc12:3456:789a:100::/64 | |||
| --+-+---|----- | --+-+---|----- | |||
| | | | | | | |||
| +-+---|+ 2001:db8:a:100::100 | +-+---|+ 2001:db8:a:100::100 | |||
| | Host | fc12:3456:789a:100::100 | | Host | fc12:3456:789a:100::100 | |||
| +------+ | +------+ | |||
| [Fig. 7] | [Fig. 7] | |||
| Solution analysis: | ||||
| This problem can be solved in the RFC 3484 framework. For | ||||
| example, configuring some address selection policies into Host's | ||||
| RFC 3484 policy table can solve this problem. | ||||
| 3. Conclusion | 3. Conclusion | |||
| We have covered problems related to destination or source address | We have covered problems related to destination or source address | |||
| selection. These problems have their roots in the situation where | selection. These problems have their roots in the situation where | |||
| end-hosts have multiple IP addresses. In this situation, every end- | end-hosts have multiple IP addresses. In this situation, every end- | |||
| host must choose an appropriate destination and source address, which | host must choose an appropriate destination and source address, which | |||
| cannot be achieved only by routers. | cannot be achieved only by routers. | |||
| It should be noted that end-hosts must be informed about routing | It should be noted that end-hosts must be informed about routing | |||
| policies of their upstream networks for appropriate address | policies of their upstream networks for appropriate address | |||
| skipping to change at page 13, line 34 | skipping to change at page 14, line 13 | |||
| and routing, these risks can be avoided. | and routing, these risks can be avoided. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| This document has no actions for IANA. | This document has no actions for IANA. | |||
| 6. References | 6. References | |||
| 6.1. Normative References | 6.1. Normative References | |||
| [I-D.ietf-v6ops-nap] | ||||
| Velde, G., "Local Network Protection for IPv6", | ||||
| draft-ietf-v6ops-nap-06 (work in progress), January 2007. | ||||
| [RFC3041] Narten, T. and R. Draves, "Privacy Extensions for | [RFC3041] Narten, T. and R. Draves, "Privacy Extensions for | |||
| Stateless Address Autoconfiguration in IPv6", RFC 3041, | Stateless Address Autoconfiguration in IPv6", RFC 3041, | |||
| January 2001. | January 2001. | |||
| [RFC3484] Draves, R., "Default Address Selection for Internet | [RFC3484] Draves, R., "Default Address Selection for Internet | |||
| Protocol version 6 (IPv6)", RFC 3484, February 2003. | Protocol version 6 (IPv6)", RFC 3484, February 2003. | |||
| [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support | [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support | |||
| in IPv6", RFC 3775, June 2004. | in IPv6", RFC 3775, June 2004. | |||
| skipping to change at page 14, line 15 | skipping to change at page 14, line 36 | |||
| [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast | [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast | |||
| Addresses", RFC 4193, October 2005. | Addresses", RFC 4193, October 2005. | |||
| [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing | [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing | |||
| Architecture", RFC 4291, February 2006. | Architecture", RFC 4291, February 2006. | |||
| [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless | [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless | |||
| Address Autoconfiguration", RFC 4862, September 2007. | Address Autoconfiguration", RFC 4862, September 2007. | |||
| [RFC4864] Van de Velde, G., Hain, T., Droms, R., Carpenter, B., and | ||||
| E. Klein, "Local Network Protection for IPv6", RFC 4864, | ||||
| May 2007. | ||||
| [RFC5014] Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6 | ||||
| Socket API for Source Address Selection", RFC 5014, | ||||
| September 2007. | ||||
| 6.2. Informative References | 6.2. Informative References | |||
| Appendix A. Appendix. Revision History | Appendix A. Appendix. Revision History | |||
| 01: | 01: | |||
| IP addresse notations changed to docmentation address. | IP addresse notations changed to docmentation address. | |||
| Descriptoin of solutions deleted. | Descriptoin of solutions deleted. | |||
| 02: | 02: | |||
| Security considerations section rewritten according to comments | Security considerations section rewritten according to comments | |||
| from SECDIR. | from SECDIR. | |||
| 03: | 03: | |||
| Intended status changed to Informational. | Intended status changed to Informational. | |||
| 04: | 04: | |||
| This version reflects comments from IESG members. | This version reflects comments from IESG members. | |||
| 05: | 05: | |||
| skipping to change at page 14, line 31 | skipping to change at page 15, line 16 | |||
| Descriptoin of solutions deleted. | Descriptoin of solutions deleted. | |||
| 02: | 02: | |||
| Security considerations section rewritten according to comments | Security considerations section rewritten according to comments | |||
| from SECDIR. | from SECDIR. | |||
| 03: | 03: | |||
| Intended status changed to Informational. | Intended status changed to Informational. | |||
| 04: | 04: | |||
| This version reflects comments from IESG members. | This version reflects comments from IESG members. | |||
| 05: | 05: | |||
| This version reflects comments from IESG members and Bob Hinden. | This version reflects comments from IESG members and Bob Hinden. | |||
| 06: | ||||
| This version reflects comments from Thomas Narten. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Arifumi Matsumoto | Arifumi Matsumoto | |||
| NTT PF Lab | NTT PF Lab | |||
| Midori-Cho 3-9-11 | Midori-Cho 3-9-11 | |||
| Musashino-shi, Tokyo 180-8585 | Musashino-shi, Tokyo 180-8585 | |||
| Japan | Japan | |||
| Phone: +81 422 59 3334 | Phone: +81 422 59 3334 | |||
| skipping to change at page 15, line 21 | skipping to change at page 16, line 4 | |||
| Email: fujisaki@nttv6.net | Email: fujisaki@nttv6.net | |||
| Ruri Hiromi | Ruri Hiromi | |||
| Intec Netcore, Inc. | Intec Netcore, Inc. | |||
| Shinsuna 1-3-3 | Shinsuna 1-3-3 | |||
| Koto-ku, Tokyo 136-0075 | Koto-ku, Tokyo 136-0075 | |||
| Japan | Japan | |||
| Phone: +81 3 5665 5069 | Phone: +81 3 5665 5069 | |||
| Email: hiromi@inetcore.com | Email: hiromi@inetcore.com | |||
| Ken-ichi Kanayama | Ken-ichi Kanayama | |||
| Intec Netcore, Inc. | Intec Netcore, Inc. | |||
| Shinsuna 1-3-3 | Shinsuna 1-3-3 | |||
| Koto-ku, Tokyo 136-0075 | Koto-ku, Tokyo 136-0075 | |||
| Japan | Japan | |||
| Phone: +81 3 5665 5069 | Phone: +81 3 5665 5069 | |||
| Email: kanayama@inetcore.com | Email: kanayama_kenichi@intec-si.co.jp | |||
| Full Copyright Statement | Full Copyright Statement | |||
| Copyright (C) The IETF Trust (2008). | Copyright (C) The IETF Trust (2008). | |||
| This document is subject to the rights, licenses and restrictions | This document is subject to the rights, licenses and restrictions | |||
| contained in BCP 78, and except as set forth therein, the authors | contained in BCP 78, and except as set forth therein, the authors | |||
| retain all their rights. | retain all their rights. | |||
| This document and the information contained herein are provided on an | This document and the information contained herein are provided on an | |||
| End of changes. 30 change blocks. | ||||
| 67 lines changed or deleted | 144 lines changed or added | |||
This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||