| draft-ietf-v6ops-addr-select-ps-06.txt | draft-ietf-v6ops-addr-select-ps-07.txt | |||
|---|---|---|---|---|
| IPv6 Operations Working Group A. Matsumoto | IPv6 Operations Working Group A. Matsumoto | |||
| Internet-Draft T. Fujisaki | Internet-Draft T. Fujisaki | |||
| Intended status: Informational NTT | Intended status: Informational NTT | |||
| Expires: November 15, 2008 R. Hiromi | Expires: December 14, 2008 R. Hiromi | |||
| K. Kanayama | ||||
| Intec Netcore | Intec Netcore | |||
| May 14, 2008 | K. Kanayama | |||
| INTEC Systems | ||||
| June 12, 2008 | ||||
| Problem Statement of Default Address Selection in Multi-prefix | Problem Statement of Default Address Selection in Multi-prefix | |||
| Environment: Operational Issues of RFC3484 Default Rules | Environment: Operational Issues of RFC3484 Default Rules | |||
| draft-ietf-v6ops-addr-select-ps-06.txt | draft-ietf-v6ops-addr-select-ps-07.txt | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 1, line 38 | skipping to change at page 1, line 39 | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on November 15, 2008. | This Internet-Draft will expire on December 14, 2008. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The IETF Trust (2008). | Copyright (C) The IETF Trust (2008). | |||
| Abstract | Abstract | |||
| A single physical link can have multiple prefixes assigned to it. In | A single physical link can have multiple prefixes assigned to it. In | |||
| that environment, end hosts might have multiple IP addresses and be | that environment, end hosts might have multiple IP addresses and be | |||
| required to use them selectively. RFC 3484 defines default source | required to use them selectively. RFC 3484 defines default source | |||
| and destination address selection rules and is implemented in a | and destination address selection rules and is implemented in a | |||
| variety of OS's. But, it has been too difficult to use operationally | variety of OS's. But, it has been too difficult to use operationally | |||
| for several reasons, In some environment where multiple prefixes are | for several reasons. In some environment where multiple prefixes are | |||
| assigned on a single physical link, the host with the default address | assigned on a single physical link, the host using the default | |||
| selection rules will experience some trouble in communication. This | address selection rules will experience some trouble in | |||
| document describes the possible problems that end hosts could | communication. This document describes the possible problems that | |||
| encounter in an environment with multiple prefixes. | end hosts could encounter in an environment with multiple prefixes. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Scope of this document . . . . . . . . . . . . . . . . . . 3 | 1.1. Scope of this document . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.1. Source Address Selection . . . . . . . . . . . . . . . . . 4 | 2.1. Source Address Selection . . . . . . . . . . . . . . . . . 4 | |||
| 2.1.1. Multiple Routers on Single Interface . . . . . . . . . 4 | 2.1.1. Multiple Routers on Single Interface . . . . . . . . . 4 | |||
| 2.1.2. Ingress Filtering Problem . . . . . . . . . . . . . . 5 | 2.1.2. Ingress Filtering Problem . . . . . . . . . . . . . . 5 | |||
| 2.1.3. Half-Closed Network Problem . . . . . . . . . . . . . 6 | 2.1.3. Half-Closed Network Problem . . . . . . . . . . . . . 6 | |||
| skipping to change at page 3, line 27 | skipping to change at page 3, line 27 | |||
| unexpected asymmetric routing, filtering by a router or discarding of | unexpected asymmetric routing, filtering by a router or discarding of | |||
| packets bacause there is no route to the host. | packets bacause there is no route to the host. | |||
| Considering a multi-prefix environment, destination address selection | Considering a multi-prefix environment, destination address selection | |||
| is also important for correct or better communication establishment. | is also important for correct or better communication establishment. | |||
| RFC 3484 [RFC3484] defines default source and destination address | RFC 3484 [RFC3484] defines default source and destination address | |||
| selection algorithms and is implemented in a variety of OS's. But, | selection algorithms and is implemented in a variety of OS's. But, | |||
| it has been too difficult to use operationally for several reasons, | it has been too difficult to use operationally for several reasons, | |||
| such as lack of autoconfiguration method. There are some problematic | such as lack of autoconfiguration method. There are some problematic | |||
| cases where the host with the default address selection rules | cases where the hosts using the default address selection rules | |||
| encounter communication troubles. | encounter communication troubles. | |||
| This document describes such possibilities of incorrect address | This document describes such possibilities of incorrect address | |||
| selection which leads to dropping packets and communication failure. | selection which leads to dropping packets and communication failure. | |||
| 1.1. Scope of this document | 1.1. Scope of this document | |||
| As other mechanisms already exists, the multi-homing techniques for | As other mechanisms already exist, the multi-homing techniques for | |||
| achieving redundancy are basically out of our scope. | achieving redundancy are basically out of our scope. | |||
| We focus on an end-site network environment and unmanaged hosts in | We focus on an end-site network environment and unmanaged hosts in | |||
| such an environment. This is because address selection behavior at | such an environment. This is because address selection behavior at | |||
| this kind of hosts are difficult to manipulate owing to the users's | this kind of hosts is difficult to manipulate owing to the users's | |||
| lack of knowledge, hosts' location, or massiveness of the hosts. | lack of knowledge, hosts' location, or massiveness of the hosts. | |||
| The scope of this document is to sort out problematic cases related | The scope of this document is to sort out problematic cases related | |||
| to address selection. It includes problems that can be solved in the | to address selection. It includes problems that can be solved in the | |||
| framework of RFC 3484 and problems that cannot. For the latter, RFC | framework of RFC 3484 and problems that cannot. For the latter, RFC | |||
| 3484 might be modified to meet their needs, or another address | 3484 might be modified to meet their needs, or another address | |||
| selection solution might be necessary. For the former, an additional | selection solution might be necessary. For the former, an additional | |||
| mechanism that mitigates the operational difficulty might be | mechanism that mitigates the operational difficulty might be | |||
| necessary. | necessary. | |||
| skipping to change at page 5, line 43 | skipping to change at page 5, line 43 | |||
| +------+ | +------+ | |||
| [Fig. 2] | [Fig. 2] | |||
| When a relatively small site, which we call a "customer network", is | When a relatively small site, which we call a "customer network", is | |||
| attached to two upstream ISPs, each ISP delegates a network address | attached to two upstream ISPs, each ISP delegates a network address | |||
| block, which is usually /48, and a host has multiple IPv6 addresses. | block, which is usually /48, and a host has multiple IPv6 addresses. | |||
| When the source address of an outgoing packet is not the one that is | When the source address of an outgoing packet is not the one that is | |||
| delegated by an upstream ISP, there is a possibility that the packet | delegated by an upstream ISP, there is a possibility that the packet | |||
| will be dropped at the ISP by its Ingress Filter. Ingress | will be dropped at the ISP by its Ingress Filter. Ingress filtering | |||
| filtering(uRPF: unicast Reverse Path Forwarding) is becoming more | is becoming more popular among ISPs to mitigate the damage of DoS | |||
| popular among ISPs to mitigate the damage of DoS attacks. | attacks. | |||
| In this example, when the Router chooses the default route to ISP2 | In this example, when the Router chooses the default route to ISP2 | |||
| and the Host chooses 2001:db8:1000:1::100 as the source address for | and the Host chooses 2001:db8:1000:1::100 as the source address for | |||
| packets sent to a host (2001:db8:2000::1) somewhere on the Internet, | packets sent to a host (2001:db8:2000::1) somewhere on the Internet, | |||
| the packets may be dropped at ISP2 because of Ingress Filtering. | the packets may be dropped at ISP2 because of Ingress Filtering. | |||
| Solution analysis: | Solution analysis: | |||
| One possible solution for this case is adopting source address | One possible solution for this case is adopting source address | |||
| based routing at Router. Another solution may be using static | based routing at Router. Another solution may be using static | |||
| skipping to change at page 9, line 47 | skipping to change at page 9, line 47 | |||
| web pages or communicating with the general public, but that is bad | web pages or communicating with the general public, but that is bad | |||
| for a service that uses address-based authentication and for logging | for a service that uses address-based authentication and for logging | |||
| purposes. | purposes. | |||
| If you could turn the temporary address on and off, that would be | If you could turn the temporary address on and off, that would be | |||
| better. If you could switch its usage per service (destination | better. If you could switch its usage per service (destination | |||
| address), that would also be better. The same situation can be found | address), that would also be better. The same situation can be found | |||
| when using HA (home address) and CoA (care-of address)in a Mobile | when using HA (home address) and CoA (care-of address)in a Mobile | |||
| IPv6 [RFC3775] network. | IPv6 [RFC3775] network. | |||
| At the Future Work section in RFC 3041, it discusses that the API | The Future Work section in RFC 3041 discusses that an API extension | |||
| extension might be necessary to achieve better address selection | might be necessary to achieve a better address selection mechanism | |||
| mechanism with finer granularity. | with finer granularity. | |||
| Solution analysis: | Solution analysis: | |||
| This problem can not be solved in the RFC 3484 framework. A | This problem can not be solved in the RFC 3484 framework. A | |||
| possible solution is to make applications to select desirable | possible solution is to make applications to select desirable | |||
| addresses by using IPv6 Socket API for Source Address Selection | addresses by using the IPv6 Socket API for Source Address | |||
| defind in RFC 5014 [RFC5014]. | Selection defind in RFC 5014 [RFC5014]. | |||
| 2.2. Destination Address Selection | 2.2. Destination Address Selection | |||
| 2.2.1. IPv4 or IPv6 prioritization | 2.2.1. IPv4 or IPv6 prioritization | |||
| The default policy table gives IPv6 addresses higher precedence than | The default policy table gives IPv6 addresses higher precedence than | |||
| IPv4 addresses. There seem to be many cases, however, where network | IPv4 addresses. There seem to be many cases, however, where network | |||
| administrators want to control the address selection policy of end- | administrators want to control the address selection policy of end- | |||
| hosts the other way around. | hosts the other way around. | |||
| skipping to change at page 13, line 32 | skipping to change at page 13, line 32 | |||
| 4. Security Considerations | 4. Security Considerations | |||
| When an intermediate router performs policy routing (e.g. source | When an intermediate router performs policy routing (e.g. source | |||
| address based routing), inappropriate address selection causes | address based routing), inappropriate address selection causes | |||
| unexpected routing. For example, in the network described in 2.1.3, | unexpected routing. For example, in the network described in 2.1.3, | |||
| when Host-A uses a default address selection policy and chooses an | when Host-A uses a default address selection policy and chooses an | |||
| inappropriate address, a packet sent to VPN can be delivered to a | inappropriate address, a packet sent to VPN can be delivered to a | |||
| location via the Internet. This issue can lead to packet | location via the Internet. This issue can lead to packet | |||
| eavesdropping or session hijack. However, sending the packet back to | eavesdropping or session hijack. However, sending the packet back to | |||
| the correct path from the attacker to the node is not easy, so these | the correct path from the attacker to the node is not easy, so these | |||
| two risk are not serious. | two risks are not serious. | |||
| As documented in the security consideration section in RFC 3484, | As documented in the security consideration section in RFC 3484, | |||
| address selection algorithms expose a potential privacy concern. | address selection algorithms expose a potential privacy concern. | |||
| When a malicious host can make a target host perform address | When a malicious host can make a target host perform address | |||
| selection, for example by sending a anycast or a multicast packet, | selection, for example by sending a anycast or a multicast packet, | |||
| the malicious host can know multiple addresses attached to the target | the malicious host can get knowledge multiple addresses attached to | |||
| host. In a case like 2.1.4, if an attacker can make Host to send a | the target host. In a case like 2.1.4, if an attacker can make Host | |||
| multicast packet and Host performs the default address selection | to send a multicast packet and Host performs the default address | |||
| algorithm, the attacker may be able to determine the ULAs attached to | selection algorithm, the attacker may be able to determine the ULAs | |||
| the Host. | attached to the Host. | |||
| These security risks have roots in inappropriate address selection. | These security risks have roots in inappropriate address selection. | |||
| Therefore, if a countermeasure is taken, and hosts always select an | Therefore, if a countermeasure is taken, and hosts always select an | |||
| appropriate address that is suitable to a site's network structure | appropriate address that is suitable to a site's network structure | |||
| and routing, these risks can be avoided. | and routing, these risks can be avoided. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| This document has no actions for IANA. | This document has no actions for IANA. | |||
| skipping to change at page 15, line 5 | skipping to change at page 15, line 5 | |||
| [RFC5014] Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6 | [RFC5014] Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6 | |||
| Socket API for Source Address Selection", RFC 5014, | Socket API for Source Address Selection", RFC 5014, | |||
| September 2007. | September 2007. | |||
| 6.2. Informative References | 6.2. Informative References | |||
| Appendix A. Appendix. Revision History | Appendix A. Appendix. Revision History | |||
| 01: | 01: | |||
| IP addresse notations changed to docmentation address. | IP addresse notations changed to documentation address. | |||
| Descriptoin of solutions deleted. | Description of solutions deleted. | |||
| 02: | 02: | |||
| Security considerations section rewritten according to comments | Security considerations section rewritten according to comments | |||
| from SECDIR. | from SECDIR. | |||
| 03: | 03: | |||
| Intended status changed to Informational. | Intended status changed to Informational. | |||
| 04: | 04: | |||
| This version reflects comments from IESG members. | This version reflects comments from IESG members. | |||
| 05: | 05: | |||
| This version reflects comments from IESG members and Bob Hinden. | This version reflects comments from IESG members and Bob Hinden. | |||
| 06: | 06: | |||
| This version reflects comments from Thomas Narten. | This version reflects comments from Thomas Narten. | |||
| 07: | ||||
| This version reflects comments from Alfred Hoenes. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Arifumi Matsumoto | Arifumi Matsumoto | |||
| NTT PF Lab | NTT PF Lab | |||
| Midori-Cho 3-9-11 | Midori-Cho 3-9-11 | |||
| Musashino-shi, Tokyo 180-8585 | Musashino-shi, Tokyo 180-8585 | |||
| Japan | Japan | |||
| Phone: +81 422 59 3334 | Phone: +81 422 59 3334 | |||
| skipping to change at page 16, line 5 | skipping to change at page 16, line 5 | |||
| Ruri Hiromi | Ruri Hiromi | |||
| Intec Netcore, Inc. | Intec Netcore, Inc. | |||
| Shinsuna 1-3-3 | Shinsuna 1-3-3 | |||
| Koto-ku, Tokyo 136-0075 | Koto-ku, Tokyo 136-0075 | |||
| Japan | Japan | |||
| Phone: +81 3 5665 5069 | Phone: +81 3 5665 5069 | |||
| Email: hiromi@inetcore.com | Email: hiromi@inetcore.com | |||
| Ken-ichi Kanayama | Ken-ichi Kanayama | |||
| Intec Netcore, Inc. | INTEC Systems Institute, Inc. | |||
| Shinsuna 1-3-3 | Shimoshin-machi 5-33 | |||
| Koto-ku, Tokyo 136-0075 | Toyama-shi, Toyama 930-0804 | |||
| Japan | Japan | |||
| Phone: +81 3 5665 5069 | Phone: +81 76 444 8088 | |||
| Email: kanayama_kenichi@intec-si.co.jp | Email: kanayama_kenichi@intec-si.co.jp | |||
| Full Copyright Statement | Full Copyright Statement | |||
| Copyright (C) The IETF Trust (2008). | Copyright (C) The IETF Trust (2008). | |||
| This document is subject to the rights, licenses and restrictions | This document is subject to the rights, licenses and restrictions | |||
| contained in BCP 78, and except as set forth therein, the authors | contained in BCP 78, and except as set forth therein, the authors | |||
| retain all their rights. | retain all their rights. | |||
| End of changes. 17 change blocks. | ||||
| 33 lines changed or deleted | 36 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||