| draft-ietf-v6ops-addr-select-ps-09.txt | rfc5220.txt | |||
|---|---|---|---|---|
| IPv6 Operations Working Group A. Matsumoto | Network Working Group A. Matsumoto | |||
| Internet-Draft T. Fujisaki | Request for Comments: 5220 T. Fujisaki | |||
| Intended status: Informational NTT | Category: Informational NTT | |||
| Expires: December 19, 2008 R. Hiromi | R. Hiromi | |||
| Intec Netcore | Intec Netcore | |||
| K. Kanayama | K. Kanayama | |||
| INTEC Systems | INTEC Systems | |||
| June 17, 2008 | Problem Statement for Default Address Selection in Multi-Prefix | |||
| Environments: Operational Issues of RFC 3484 Default Rules | ||||
| Problem Statement of Default Address Selection in Multi-prefix | ||||
| Environment: Operational Issues of RFC3484 Default Rules | ||||
| draft-ietf-v6ops-addr-select-ps-09.txt | ||||
| Status of this Memo | ||||
| By submitting this Internet-Draft, each author represents that any | ||||
| applicable patent or other IPR claims of which he or she is aware | ||||
| have been or will be disclosed, and any of which he or she becomes | ||||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | ||||
| Internet-Drafts are working documents of the Internet Engineering | ||||
| Task Force (IETF), its areas, and its working groups. Note that | ||||
| other groups may also distribute working documents as Internet- | ||||
| Drafts. | ||||
| Internet-Drafts are draft documents valid for a maximum of six months | ||||
| and may be updated, replaced, or obsoleted by other documents at any | ||||
| time. It is inappropriate to use Internet-Drafts as reference | ||||
| material or to cite them other than as "work in progress." | ||||
| The list of current Internet-Drafts can be accessed at | ||||
| http://www.ietf.org/ietf/1id-abstracts.txt. | ||||
| The list of Internet-Draft Shadow Directories can be accessed at | Status of This Memo | |||
| http://www.ietf.org/shadow.html. | ||||
| This Internet-Draft will expire on December 19, 2008. | This memo provides information for the Internet community. It does | |||
| not specify an Internet standard of any kind. Distribution of this | ||||
| memo is unlimited. | ||||
| Abstract | Abstract | |||
| A single physical link can have multiple prefixes assigned to it. In | A single physical link can have multiple prefixes assigned to it. In | |||
| that environment, end hosts might have multiple IP addresses and be | that environment, end hosts might have multiple IP addresses and be | |||
| required to use them selectively. RFC 3484 defines default source | required to use them selectively. RFC 3484 defines default source | |||
| and destination address selection rules and is implemented in a | and destination address selection rules and is implemented in a | |||
| variety of OS's. But, it has been too difficult to use operationally | variety of OSs. But, it has been too difficult to use operationally | |||
| for several reasons. In some environment where multiple prefixes are | for several reasons. In some environments where multiple prefixes | |||
| assigned on a single physical link, the host using the default | are assigned on a single physical link, the host using the default | |||
| address selection rules will experience some trouble in | address selection rules will experience some trouble in | |||
| communication. This document describes the possible problems that | communication. This document describes the possible problems that | |||
| end hosts could encounter in an environment with multiple prefixes. | end hosts could encounter in an environment with multiple prefixes. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction ....................................................2 | |||
| 1.1. Scope of this document . . . . . . . . . . . . . . . . . . 3 | 1.1. Scope of This Document .....................................3 | |||
| 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Problem Statement ...............................................4 | |||
| 2.1. Source Address Selection . . . . . . . . . . . . . . . . . 4 | 2.1. Source Address Selection ...................................4 | |||
| 2.1.1. Multiple Routers on Single Interface . . . . . . . . . 4 | 2.1.1. Multiple Routers on a Single Interface ..............4 | |||
| 2.1.2. Ingress Filtering Problem . . . . . . . . . . . . . . 5 | 2.1.2. Ingress Filtering Problem ...........................5 | |||
| 2.1.3. Half-Closed Network Problem . . . . . . . . . . . . . 6 | 2.1.3. Half-Closed Network Problem .........................6 | |||
| 2.1.4. Combined Use of Global and ULA . . . . . . . . . . . . 7 | 2.1.4. Combined Use of Global and ULA ......................7 | |||
| 2.1.5. Site Renumbering . . . . . . . . . . . . . . . . . . . 8 | 2.1.5. Site Renumbering ....................................8 | |||
| 2.1.6. Multicast Source Address Selection . . . . . . . . . . 9 | 2.1.6. Multicast Source Address Selection ..................9 | |||
| 2.1.7. Temporary Address Selection . . . . . . . . . . . . . 9 | 2.1.7. Temporary Address Selection .........................9 | |||
| 2.2. Destination Address Selection . . . . . . . . . . . . . . 10 | 2.2. Destination Address Selection .............................10 | |||
| 2.2.1. IPv4 or IPv6 prioritization . . . . . . . . . . . . . 10 | 2.2.1. IPv4 or IPv6 Prioritization ........................10 | |||
| 2.2.2. ULA and IPv4 dual-stack environment . . . . . . . . . 11 | 2.2.2. ULA and IPv4 Dual-Stack Environment ................11 | |||
| 2.2.3. ULA or Global Prioritization . . . . . . . . . . . . . 12 | 2.2.3. ULA or Global Prioritization .......................12 | |||
| 3. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | 3. Conclusion .....................................................13 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 14 | 4. Security Considerations ........................................14 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 | 5. Normative References ...........................................14 | |||
| 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | ||||
| 6.1. Normative References . . . . . . . . . . . . . . . . . . . 14 | ||||
| 6.2. Informative References . . . . . . . . . . . . . . . . . . 15 | ||||
| Appendix A. Appendix. Revision History . . . . . . . . . . . . . 15 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 16 | ||||
| Intellectual Property and Copyright Statements . . . . . . . . . . 17 | ||||
| 1. Introduction | 1. Introduction | |||
| In IPv6, a single physical link can have multiple prefixes assigned | In IPv6, a single physical link can have multiple prefixes assigned | |||
| to it. In such cases, an end-host may have multiple IP addresses | to it. In such cases, an end host may have multiple IP addresses | |||
| assigned to an interface on that link. In the IPv4-IPv6 dual stack | assigned to an interface on that link. In the IPv4-IPv6 dual-stack | |||
| environment or in a site connected to both a ULA [RFC4193] and | environment or in a site connected to both a Unique Local Address | |||
| Globally routable networks, an end-host typically has multiple IP | (ULA) [RFC4193] and globally routable networks, an end host typically | |||
| addresses. These are examples of the networks that we focus on in | has multiple IP addresses. These are examples of the networks that | |||
| this document. In such an environment, an end-host may encounter | we focus on in this document. In such an environment, an end host | |||
| some communication troubles. | may encounter some communication troubles. | |||
| Inappropriate source address selection at the end-host causes | Inappropriate source address selection at the end host causes | |||
| unexpected asymmetric routing, filtering by a router or discarding of | unexpected asymmetric routing, filtering by a router, or discarding | |||
| packets because there is no route to the host. | of packets because there is no route to the host. | |||
| Considering a multi-prefix environment, destination address selection | Considering a multi-prefix environment, destination address selection | |||
| is also important for correct or better communication establishment. | is also important for correct or better communication establishment. | |||
| RFC 3484 [RFC3484] defines default source and destination address | RFC 3484 [RFC3484] defines default source and destination address | |||
| selection algorithms and is implemented in a variety of OS's. But, | selection algorithms and is implemented in a variety of OSs. But, it | |||
| it has been too difficult to use operationally for several reasons, | has been too difficult to use operationally for several reasons, such | |||
| such as lack of autoconfiguration method. There are some problematic | as lack of an autoconfiguration method. There are some problematic | |||
| cases where the hosts using the default address selection rules | cases where the hosts using the default address selection rules | |||
| encounter communication troubles. | encounter communication troubles. | |||
| This document describes such possibilities of incorrect address | This document describes the possibilities of incorrect address | |||
| selection which leads to dropping packets and communication failure. | selection that lead to dropping packets and communication failure. | |||
| 1.1. Scope of this document | 1.1. Scope of This Document | |||
| As other mechanisms already exist, the multi-homing techniques for | As other mechanisms already exist, the multi-homing techniques for | |||
| achieving redundancy are basically out of our scope. | achieving redundancy are basically out of our scope. | |||
| We focus on an end-site network environment and unmanaged hosts in | We focus on an end-site network environment and unmanaged hosts in | |||
| such an environment. This is because address selection behavior at | such an environment. This is because address selection behavior at | |||
| this kind of hosts is difficult to manipulate owing to the users' | these kinds of hosts is difficult to manipulate, owing to the users' | |||
| lack of knowledge, hosts' location, or massiveness of the hosts. | lack of knowledge, hosts' location, or massiveness of the hosts. | |||
| The scope of this document is to sort out problematic cases related | The scope of this document is to sort out problematic cases related | |||
| to address selection. It includes problems that can be solved in the | to address selection. It includes problems that can be solved in the | |||
| framework of RFC 3484 and problems that cannot. For the latter, RFC | framework of RFC 3484 and problems that cannot. For the latter, RFC | |||
| 3484 might be modified to meet their needs, or another address | 3484 might be modified to meet their needs, or another address | |||
| selection solution might be necessary. For the former, an additional | selection solution might be necessary. For the former, an additional | |||
| mechanism that mitigates the operational difficulty might be | mechanism that mitigates the operational difficulty might be | |||
| necessary. | necessary. | |||
| This document also includes simple solution analysis for each | This document also includes simple solution analysis for each | |||
| problematic case. This analysis basically just focuses on whether | problematic case. This analysis basically just focuses on whether or | |||
| the case can be solved in the framework of RFC 3484 or not. If not, | not the case can be solved in the framework of RFC 3484. If not, | |||
| some possible solutions are described. Even if a case can be solved | some possible solutions are described. Even if a case can be solved | |||
| in the framework of RFC 3484, as mentioned above, it does not | in the framework of RFC 3484, as mentioned above, it does not | |||
| necessarily mean that there is no operational difficulty. For | necessarily mean that there is no operational difficulty. For | |||
| example, in the environment stated above, it is not a feasible | example, in the environment stated above, it is not a feasible | |||
| solution to configure each host's policy table by hand. So, for such | solution to configure each host's policy table by hand. So, for such | |||
| an solution, configuration pain is yet another common problem. | a solution, the difficulty of configuration is yet another common | |||
| problem. | ||||
| 2. Problem Statement | 2. Problem Statement | |||
| 2.1. Source Address Selection | 2.1. Source Address Selection | |||
| 2.1.1. Multiple Routers on Single Interface | 2.1.1. Multiple Routers on a Single Interface | |||
| ================== | ================== | |||
| | Internet | | | Internet | | |||
| ================== | ================== | |||
| | | | | | | |||
| 2001:db8:1000::/36 | | 2001:db8:8000::/36 | 2001:db8:1000::/36 | | 2001:db8:8000::/36 | |||
| +----+-+ +-+----+ | +----+-+ +-+----+ | |||
| | ISP1 | | ISP2 | | | ISP1 | | ISP2 | | |||
| +----+-+ +-+----+ | +----+-+ +-+----+ | |||
| | | | | | | |||
| skipping to change at page 4, line 40 | skipping to change at page 4, line 33 | |||
| +-------+-+ +-+-------+ | +-------+-+ +-+-------+ | |||
| | | | | | | |||
| 2001:db8:1000:1::/64 | | 2001:db8:8000:1::/64 | 2001:db8:1000:1::/64 | | 2001:db8:8000:1::/64 | |||
| | | | | | | |||
| -----+-+-----+------ | -----+-+-----+------ | |||
| | | | | |||
| +-+----+ 2001:db8:1000:1::100 | +-+----+ 2001:db8:1000:1::100 | |||
| | Host | 2001:db8:8000:1::100 | | Host | 2001:db8:8000:1::100 | |||
| +------+ | +------+ | |||
| [Fig. 1] | Figure 1 | |||
| Generally speaking, there is no interaction between next-hop | Generally speaking, there is no interaction between next-hop | |||
| determination and address selection. In this example, when a host | determination and address selection. In this example, when a host | |||
| starts a new connection and sends a packet via Router1, the host does | starts a new connection and sends a packet via Router1, the host does | |||
| not necessarily choose address 2001:db8:1000:1::100 given by Router1 | not necessarily choose address 2001:db8:1000:1::100 given by Router1 | |||
| as the source address. This causes the same problem as described in | as the source address. This causes the same problem as described in | |||
| the next section 'Ingress Filtering Problem'. | the next section, "Ingress Filtering Problem". | |||
| Solution analysis: | Solution analysis: | |||
| As this case depends on next-hop selection, controlling the | ||||
| As this case depends on next hop selection, controling the address | address selection behavior at the Host alone doesn't solve the | |||
| selection behavior at Host alone doesn't solve the entire problem. | entire problem. One possible solution for this case is adopting | |||
| One possible solution for this case is adopting source address | source-address-based routing at Router1 and Router2. Another | |||
| based routing at Router1 and Router2. Another solution may be | solution may be using static routing at Router1, Router2, and the | |||
| using static routing at Router1, Router2 and Host, and using the | Host, and using the corresponding static address selection policy | |||
| corresponding static address selection policy at Host. | at the Host. | |||
| 2.1.2. Ingress Filtering Problem | 2.1.2. Ingress Filtering Problem | |||
| ================== | ================== | |||
| | Internet | | | Internet | | |||
| ================== | ================== | |||
| | | | | | | |||
| 2001:db8:1000::/36 | | 2001:db8:8000::/36 | 2001:db8:1000::/36 | | 2001:db8:8000::/36 | |||
| +----+-+ +-+----+ | +----+-+ +-+----+ | |||
| | ISP1 | | ISP2 | | | ISP1 | | ISP2 | | |||
| skipping to change at page 5, line 35 | skipping to change at page 5, line 28 | |||
| | Router | | | Router | | |||
| +----+----+ | +----+----+ | |||
| | 2001:db8:1000:1::/64 | | 2001:db8:1000:1::/64 | |||
| | 2001:db8:8000:1::/64 | | 2001:db8:8000:1::/64 | |||
| ------+---+---------- | ------+---+---------- | |||
| | | | | |||
| +-+----+ 2001:db8:1000:1::100 | +-+----+ 2001:db8:1000:1::100 | |||
| | Host | 2001:db8:8000:1::100 | | Host | 2001:db8:8000:1::100 | |||
| +------+ | +------+ | |||
| [Fig. 2] | Figure 2 | |||
| When a relatively small site, which we call a "customer network", is | When a relatively small site, which we call a "customer network", is | |||
| attached to two upstream ISPs, each ISP delegates a network address | attached to two upstream ISPs, each ISP delegates a network address | |||
| block, which is usually /48, and a host has multiple IPv6 addresses. | block, which is usually /48, and a host has multiple IPv6 addresses. | |||
| When the source address of an outgoing packet is not the one that is | When the source address of an outgoing packet is not the one that is | |||
| delegated by an upstream ISP, there is a possibility that the packet | delegated by an upstream ISP, there is a possibility that the packet | |||
| will be dropped at the ISP by its Ingress Filter. Ingress filtering | will be dropped at the ISP by its ingress filter. Ingress filtering | |||
| is becoming more popular among ISPs to mitigate the damage of DoS | is becoming more popular among ISPs to mitigate the damage of | |||
| attacks. | denial-of-service (DoS) attacks. | |||
| In this example, when the Router chooses the default route to ISP2 | In this example, when the router chooses the default route to ISP2 | |||
| and the Host chooses 2001:db8:1000:1::100 as the source address for | and the host chooses 2001:db8:1000:1::100 as the source address for | |||
| packets sent to a host (2001:db8:2000::1) somewhere on the Internet, | packets sent to a host (2001:db8:2000::1) somewhere on the Internet, | |||
| the packets may be dropped at ISP2 because of Ingress Filtering. | the packets may be dropped at ISP2 because of ingress filtering. | |||
| Solution analysis: | Solution analysis: | |||
| One possible solution for this case is adopting source-address- | ||||
| One possible solution for this case is adopting source address | based routing at the Router. Another solution may be using static | |||
| based routing at Router. Another solution may be using static | routing at the Router, and using the corresponding static address | |||
| routing at Router, and using the corresponding static address | selection policy at the Host. | |||
| selection policy at Host. | ||||
| 2.1.3. Half-Closed Network Problem | 2.1.3. Half-Closed Network Problem | |||
| You can see a second typical source address selection problem in a | You can see a second typical source address selection problem in a | |||
| multihome site with global-closed mixed connectivity like in the | multi-homed site with global half-closed connectivity, as shown in | |||
| figure below. In this case, Host-A is in a multihomed network and | the figure below. In this case, Host-A is in a multi-homed network | |||
| has two IPv6 addresses, one delegated from each of the upstream ISPs. | and has two IPv6 addresses, one delegated from each of the upstream | |||
| Note that ISP2 is a closed network and does not have connectivity to | ISPs. Note that ISP2 is a closed network and does not have | |||
| the Internet. | connectivity to the Internet. | |||
| +--------+ | +--------+ | |||
| | Host-C | 2001:db8:a000::1 | | Host-C | 2001:db8:a000::1 | |||
| +-----+--+ | +-----+--+ | |||
| | | | | |||
| ============== +--------+ | ============== +--------+ | |||
| | Internet | | Host-B | 2001:db8:8000::1 | | Internet | | Host-B | 2001:db8:8000::1 | |||
| ============== +--------+ | ============== +--------+ | |||
| | | | | | | |||
| 2001:db8:1000:/36 | | 2001:db8:8000::/36 | 2001:db8:1000:/36 | | 2001:db8:8000::/36 | |||
| skipping to change at page 6, line 44 | skipping to change at page 6, line 39 | |||
| | Router | | | Router | | |||
| +----+----+ | +----+----+ | |||
| | 2001:db8:1000:1::/64 | | 2001:db8:1000:1::/64 | |||
| | 2001:db8:8000:1::/64 | | 2001:db8:8000:1::/64 | |||
| ------+---+---------- | ------+---+---------- | |||
| | | | | |||
| +--+-----+ 2001:db8:1000:1::100 | +--+-----+ 2001:db8:1000:1::100 | |||
| | Host-A | 2001:db8:8000:1::100 | | Host-A | 2001:db8:8000:1::100 | |||
| +--------+ | +--------+ | |||
| [Fig. 3] | Figure 3 | |||
| You do not need two physical network connections here. The | You do not need two physical network connections here. The | |||
| connection from the Router to ISP2 can be a logical link over ISP1 | connection from the Router to ISP2 can be a logical link over ISP1 | |||
| and the Internet. | and the Internet. | |||
| When Host-A starts the connection to Host-B in ISP2, the source | When Host-A starts the connection to Host-B in ISP2, the source | |||
| address of a packet that has been sent will be the one delegated from | address of a packet that has been sent will be the one delegated from | |||
| ISP2, that is 2001:db8:8000:1::100, because of rule 8 (longest | ISP2 (that is, 2001:db8:8000:1::100) because of rule 8 (longest | |||
| matching prefix) in RFC 3484. | matching prefix) in RFC 3484. | |||
| Host-C is located somewhere on the Internet and has IPv6 address | Host-C is located somewhere on the Internet and has IPv6 address | |||
| 2001:db8:a000::1. When Host-A sends a packet to Host-C, the longest | 2001:db8:a000::1. When Host-A sends a packet to Host-C, the longest | |||
| matching algorithm chooses 2001:db8:8000:1::100 for the source | matching algorithm chooses 2001:db8:8000:1::100 for the source | |||
| address. In this case, the packet goes through ISP1 and may be | address. In this case, the packet goes through ISP1 and may be | |||
| filtered by ISP1's ingress filter. Even if the packet is not | filtered by ISP1's ingress filter. Even if the packet is not | |||
| filtered by ISP1, a return packet from Host-C cannot possibly be | filtered by ISP1, a return packet from Host-C cannot possibly be | |||
| delivered to Host-A because the return packet is destined for 2001: | delivered to Host-A because the return packet is destined for 2001: | |||
| db8:8000:1::100, which is closed from the Internet. | db8:8000:1::100, which is closed from the Internet. | |||
| The important point is that each host chooses a correct source | The important point is that each host chooses a correct source | |||
| address for a given destination address. To solve this kind of | address for a given destination address. To solve this kind of | |||
| network policy based address selection problems, it is likely that | network-policy-based address selection problem, it is likely that | |||
| delivering additional information to a node fits better than | delivering additional information to a node provides a better | |||
| algorithmic solutions that are local to the node. | solution than using algorithms that are local to the node. | |||
| Solution analysis: | Solution analysis: | |||
| This problem can be solved in the RFC 3484 framework. For | This problem can be solved in the RFC 3484 framework. For | |||
| example, configuring some address selection policies into Host-A's | example, configuring some address selection policies into Host-A's | |||
| RFC 3484 policy table can solve this problem. | RFC 3484 policy table can solve this problem. | |||
| 2.1.4. Combined Use of Global and ULA | 2.1.4. Combined Use of Global and ULA | |||
| ============ | ============ | |||
| | Internet | | | Internet | | |||
| skipping to change at page 7, line 50 | skipping to change at page 7, line 45 | |||
| +-+-----+-+ | +-+-----+-+ | |||
| | | 2001:db8:a:100::/64 | | | 2001:db8:a:100::/64 | |||
| fd01:2:3:200:/64 | | fd01:2:3:100:/64 | fd01:2:3:200:/64 | | fd01:2:3:100:/64 | |||
| -----+--+- -+--+---- | -----+--+- -+--+---- | |||
| | | | | | | |||
| fd01:2:3:200::101 | | 2001:db8:a:100::100 | fd01:2:3:200::101 | | 2001:db8:a:100::100 | |||
| +----+----+ +-+----+ fd01:2:3:100::100 | +----+----+ +-+----+ fd01:2:3:100::100 | |||
| | Printer | | Host | | | Printer | | Host | | |||
| +---------+ +------+ | +---------+ +------+ | |||
| [Fig. 4] | Figure 4 | |||
| As RFC 4864 [RFC4864] describes, using a ULA may be beneficial in | As RFC 4864 [RFC4864] describes, using a ULA may be beneficial in | |||
| some scenarios. If the ULA is used for internal communication, | some scenarios. If the ULA is used for internal communication, | |||
| packets with ULA need to be filtered at the Router. | packets with the ULA need to be filtered at the Router. | |||
| This case does not presently create an address selection problem | This case does not presently create an address selection problem | |||
| because of the dissimilarity between the ULA and the Global Unicast | because of the dissimilarity between the ULA and the global unicast | |||
| Address. The longest matching rule of RFC 3484 chooses the correct | address. The longest matching rule of RFC 3484 chooses the correct | |||
| address for both intra-site and extra-site communication. | address for both intra-site and extra-site communication. | |||
| In the future, however, there is a possibility that the longest | In the future, however, there is a possibility that the longest | |||
| matching rule will not be able to choose the correct address anymore. | matching rule will not be able to choose the correct address anymore. | |||
| That is the moment when the assignment of those Global Unicast | That is the moment when the assignment of those global unicast | |||
| Addresses starts, where the first bit is 1. In RFC 4291 [RFC4291], | addresses starts, where the first bit is 1. In RFC 4291 [RFC4291], | |||
| almost all address spaces of IPv6, including those whose first bit is | almost all address spaces of IPv6, including those whose first bit is | |||
| 1, are assigned as Global Unicast Addresses. | 1, are assigned as global unicast addresses. | |||
| Namely, when we start to assign a part of the address block 8000::/1 | Namely, when we start to assign a part of the address block 8000::/1 | |||
| as the global unicast address and that part is used somewhere in the | as the global unicast address and that part is used somewhere in the | |||
| Internet, the longest matching rule ceases to function properly for | Internet, the longest matching rule ceases to function properly for | |||
| the people trying to connect to the servers with those addresses. | the people trying to connect to the servers with those addresses. | |||
| For example, when the destination host has an IPv6 address 8000::1, | For example, when the destination host has an IPv6 address 8000::1, | |||
| and the originating host has 2001:db8::1 and fd0:1::1, the source | and the originating host has 2001:db8:a:100::100 and | |||
| address will be fd00:1::1, because the longest matching bit length is | fd01:2:3:100::100, the source address will be fd01:2:3:100::100, | |||
| 0 for 2001:db8::1 and 1 for fd0:1::1 respectively. | because the longest matching bit length is 0 for 2001:db8:a:100::100 | |||
| and 1 for fd01:2:3:100::100, respectively. | ||||
| Solution analysis: | Solution analysis: | |||
| This problem can be solved in the RFC 3484 framework. For | This problem can be solved in the RFC 3484 framework. For | |||
| example, configuring some address selection policies into Host's | example, configuring some address selection policies into the | |||
| RFC 3484 policy table can solve this problem. Another solution is | Host's RFC 3484 policy table can solve this problem. Another | |||
| to modify RFC 3484 and define ULA's scope smaller than the global | solution is to modify RFC 3484 and define ULA's scope smaller than | |||
| scope. | the global scope. | |||
| 2.1.5. Site Renumbering | 2.1.5. Site Renumbering | |||
| RFC 4192 [RFC4192] describes a recommended procedure for renumbering | RFC 4192 [RFC4192] describes a recommended procedure for renumbering | |||
| a network from one prefix to another. An autoconfigured address has | a network from one prefix to another. An autoconfigured address has | |||
| a lifetime, so by stopping advertisement of the old prefix, the | a lifetime, so by stopping advertisement of the old prefix, the | |||
| autoconfigured address is eventually invalidated. | autoconfigured address is eventually invalidated. | |||
| However, invalidating the old prefix takes a long time. You cannot | However, invalidating the old prefix takes a long time. You cannot | |||
| stop routing to the old prefix as long as the old prefix is not | stop routing to the old prefix as long as the old prefix is not | |||
| removed from the host. This can be a tough issue for ISP network | removed from the host. This can be a tough issue for ISP network | |||
| administrators. | administrators. | |||
| There is a technique of advertising the prefix with the preferred | There is a technique of advertising the prefix with the preferred | |||
| lifetime zero, however, RFC 4862 [RFC4862] 5.5.4 does not absolutely | lifetime zero; however, RFC 4862 [RFC4862], Section 5.5.4, does not | |||
| prohibit the use of a deprecated address for a new outgoing | absolutely prohibit the use of a deprecated address for a new | |||
| connection due to limitations relating to what applications are | outgoing connection due to limitations on the capabilities of | |||
| capable of doing." | applications. | |||
| +-----+---+ | +-----+---+ | |||
| | Router | | | Router | | |||
| +----+----+ | +----+----+ | |||
| | 2001:db8:b::/64 (new) | | 2001:db8:b::/64 (new) | |||
| | 2001:db8:a::/64 (old) | | 2001:db8:a::/64 (old) | |||
| ------+---+---------- | ------+---+---------- | |||
| | | | | |||
| +--+---+ 2001:db8:b::100 (new) | +--+---+ 2001:db8:b::100 (new) | |||
| | Host | 2001:db8:a::100 (old) | | Host | 2001:db8:a::100 (old) | |||
| +------+ | +------+ | |||
| [Fig. 5] | Figure 5 | |||
| Solution analysis: | Solution analysis: | |||
| This problem can be mitigated in the RFC 3484 framework. For | This problem can be mitigated in the RFC 3484 framework. For | |||
| example, configuring some address selection policies into Host's | example, configuring some address selection policies into the | |||
| RFC 3484 policy table can solve this problem. | Host's RFC 3484 policy table can solve this problem. | |||
| 2.1.6. Multicast Source Address Selection | 2.1.6. Multicast Source Address Selection | |||
| This case is an example of site-local or global unicast | This case is an example of site-local or global unicast | |||
| prioritization. When you send a multicast packet across site- | prioritization. When you send a multicast packet across site | |||
| borders, the source address of the multicast packet should be a | borders, the source address of the multicast packet should be a | |||
| globally routable address. The longest matching algorithm, however, | globally routable address. The longest matching algorithm, however, | |||
| selects a ULA if the sending host has both a ULA and a Global Unicast | selects a ULA if the sending host has both a ULA and a Global Unicast | |||
| Address. | Address. | |||
| Solution analysis: | Solution analysis: | |||
| This problem can be solved in the RFC 3484 framework. For | This problem can be solved in the RFC 3484 framework. For | |||
| example, configuring some address selection policies into the | example, configuring some address selection policies into the | |||
| sending host's RFC 3484 policy table can solve this problem. | sending host's RFC 3484 policy table can solve this problem. | |||
| 2.1.7. Temporary Address Selection | 2.1.7. Temporary Address Selection | |||
| RFC 3041 [RFC3041] defines a Temporary Address. The usage of a | RFC 3041 [RFC3041] defines a Temporary Address. The usage of a | |||
| Temporary Address has both pros and cons. That is good for viewing | Temporary Address has both pros and cons. It is good for viewing web | |||
| web pages or communicating with the general public, but that is bad | pages or communicating with the general public, but it is bad for a | |||
| for a service that uses address-based authentication and for logging | service that uses address-based authentication and for logging | |||
| purposes. | purposes. | |||
| If you could turn the temporary address on and off, that would be | If you could turn the temporary address on and off, that would be | |||
| better. If you could switch its usage per service (destination | better. If you could switch its usage per service (destination | |||
| address), that would also be better. The same situation can be found | address), that would also be better. The same situation can be found | |||
| when using HA (home address) and CoA (care-of address)in a Mobile | when using an HA (home address) and a CoA (care-of address) in a | |||
| IPv6 [RFC3775] network. | Mobile IPv6 [RFC3775] network. | |||
| The Future Work section in RFC 3041 discusses that an API extension | Section 6 ("Future Work") of RFC 3041 discusses that an API extension | |||
| might be necessary to achieve a better address selection mechanism | might be necessary to achieve a better address selection mechanism | |||
| with finer granularity. | with finer granularity. | |||
| Solution analysis: | Solution analysis: | |||
| This problem can not be solved in the RFC 3484 framework. A | This problem can not be solved in the RFC 3484 framework. A | |||
| possible solution is to make applications to select desirable | possible solution is to make applications to select desirable | |||
| addresses by using the IPv6 Socket API for Source Address | addresses by using the IPv6 Socket API for Source Address | |||
| Selection defined in RFC 5014 [RFC5014]. | Selection defined in RFC 5014 [RFC5014]. | |||
| 2.2. Destination Address Selection | 2.2. Destination Address Selection | |||
| 2.2.1. IPv4 or IPv6 prioritization | 2.2.1. IPv4 or IPv6 Prioritization | |||
| The default policy table gives IPv6 addresses higher precedence than | The default policy table gives IPv6 addresses higher precedence than | |||
| IPv4 addresses. There seem to be many cases, however, where network | IPv4 addresses. There seem to be many cases, however, where network | |||
| administrators want to control the address selection policy of end- | administrators want to control the address selection policy of end | |||
| hosts the other way around. | hosts so that it is the other way around. | |||
| +---------+ | +---------+ | |||
| | Tunnel | | | Tunnel | | |||
| | Service | | | Service | | |||
| +--+---++-+ | +--+---++-+ | |||
| | || | | || | |||
| | || | | || | |||
| ===========||== | ===========||== | |||
| | Internet || | | | Internet || | | |||
| ===========||== | ===========||== | |||
| skipping to change at page 11, line 4 | skipping to change at page 11, line 33 | |||
| | Router | | | Router | | |||
| +----+----+ | +----+----+ | |||
| | 2001:db8:a:1::/64 | | 2001:db8:a:1::/64 | |||
| | 192.0.2.0/28 | | 192.0.2.0/28 | |||
| | | | | |||
| ------+---+---------- | ------+---+---------- | |||
| | | | | |||
| +-+----+ 2001:db8:a:1::100 | +-+----+ 2001:db8:a:1::100 | |||
| | Host | 192.0.2.2 | | Host | 192.0.2.2 | |||
| +------+ | +------+ | |||
| [Fig. 6] | ||||
| In the figure above, a site has native IPv4 and tunneled-IPv6 | Figure 6 | |||
| In the figure above, a site has native IPv4 and tunneled IPv6 | ||||
| connectivity. Therefore, the administrator may want to set a higher | connectivity. Therefore, the administrator may want to set a higher | |||
| priority for using IPv4 than using IPv6 because the quality of the | priority for using IPv4 than for using IPv6 because the quality of | |||
| tunnel network seems to be worse than that of the native transport. | the tunnel network seems to be worse than that of the native | |||
| transport. | ||||
| Solution analysis: | Solution analysis: | |||
| This problem can be solved in the RFC 3484 framework. For | This problem can be solved in the RFC 3484 framework. For | |||
| example, configuring some address selection policies into Host's | example, configuring some address selection policies into the | |||
| RFC 3484 policy table can solve this problem. | Host's RFC 3484 policy table can solve this problem. | |||
| 2.2.2. ULA and IPv4 dual-stack environment | 2.2.2. ULA and IPv4 Dual-Stack Environment | |||
| This is a special form of IPv4 and IPv6 prioritization. When an | This is a special form of IPv4 and IPv6 prioritization. When an | |||
| enterprise has IPv4 Internet connectivity but does not yet have IPv6 | enterprise has IPv4 Internet connectivity but does not yet have IPv6 | |||
| Internet connectivity, and the enterprise wants to provide site-local | Internet connectivity, and the enterprise wants to provide site-local | |||
| IPv6 connectivity, a ULA is the best choice for site-local IPv6 | IPv6 connectivity, a ULA is the best choice for site-local IPv6 | |||
| connectivity. Each employee host will have both an IPv4 global or | connectivity. Each employee host will have both an IPv4 global or | |||
| private address and a ULA. Here, when this host tries to connect to | private address and a ULA. Here, when this host tries to connect to | |||
| Host-B that has registered both A and AAAA records in the DNS, the | Host-B that has registered both A and AAAA records in the DNS, the | |||
| host will choose AAAA as the destination address and the ULA for the | host will choose AAAA as the destination address and the ULA for the | |||
| source address. This will clearly result in a connection failure. | source address. This will clearly result in a connection failure. | |||
| skipping to change at page 12, line 30 | skipping to change at page 12, line 35 | |||
| | Router | | | Router | | |||
| +----+----+ | +----+----+ | |||
| | fd01:2:3:4::/64 (ULA) | | fd01:2:3:4::/64 (ULA) | |||
| | 192.0.2.240/28 | | 192.0.2.240/28 | |||
| ------+---+---------- | ------+---+---------- | |||
| | | | | |||
| +-+------+ fd01:2:3:4::100 (ULA) | +-+------+ fd01:2:3:4::100 (ULA) | |||
| | Host-A | 192.0.2.245 | | Host-A | 192.0.2.245 | |||
| +--------+ | +--------+ | |||
| [Fig. 7] | Figure 7 | |||
| Solution analysis: | Solution analysis: | |||
| This problem can be solved in the RFC 3484 framework. For | This problem can be solved in the RFC 3484 framework. For | |||
| example, configuring some address selection policies into Host-A's | example, configuring some address selection policies into Host-A's | |||
| RFC 3484 policy table can solve this problem. | RFC 3484 policy table can solve this problem. | |||
| 2.2.3. ULA or Global Prioritization | 2.2.3. ULA or Global Prioritization | |||
| Differentiating services by the client's source address is very | Differentiating services by the client's source address is very | |||
| common. IP-address-based authentication is an typical example of | common. IP-address-based authentication is a typical example of | |||
| this. Another typical example is a web service that has pages for | this. Another typical example is a web service that has pages for | |||
| the public and internal pages for employees or involved parties. Yet | the public and internal pages for employees or involved parties. Yet | |||
| another example is DNS zone splitting. | another example is DNS zone splitting. | |||
| However, a ULA and IPv6 global address both have global scope, and | However, a ULA and an IPv6 global address both have global scope, and | |||
| RFC3484 default rules do not specify which address should be given | RFC3484 default rules do not specify which address should be given | |||
| priority. This point makes IPv6 implementation of address-based | priority. This point makes IPv6 implementation of address-based | |||
| service differentiation a bit harder. | service differentiation a bit harder. | |||
| +--------+ | +--------+ | |||
| | Host-B | | | Host-B | | |||
| +-+--|---+ | +-+--|---+ | |||
| | | | | | | |||
| ===========|== | ===========|== | |||
| | Internet | | | | Internet | | | |||
| skipping to change at page 13, line 31 | skipping to change at page 13, line 36 | |||
| | Router || | | Router || | |||
| +---+-----|+ | +---+-----|+ | |||
| | | 2001:db8:a:100::/64 | | | 2001:db8:a:100::/64 | |||
| | | fc12:3456:789a:100::/64 | | | fc12:3456:789a:100::/64 | |||
| --+-+---|----- | --+-+---|----- | |||
| | | | | | | |||
| +-+---|--+ 2001:db8:a:100::100 | +-+---|--+ 2001:db8:a:100::100 | |||
| | Host-A | fc12:3456:789a:100::100 | | Host-A | fc12:3456:789a:100::100 | |||
| +--------+ | +--------+ | |||
| [Fig. 7] | Figure 8 | |||
| Solution analysis: | Solution analysis: | |||
| This problem can be solved in the RFC 3484 framework. For | This problem can be solved in the RFC 3484 framework. For | |||
| example, configuring some address selection policies into Host-A's | example, configuring some address selection policies into Host-A's | |||
| RFC 3484 policy table can solve this problem. | RFC 3484 policy table can solve this problem. | |||
| 3. Conclusion | 3. Conclusion | |||
| We have covered problems related to destination or source address | We have covered problems related to destination or source address | |||
| selection. These problems have their roots in the situation where | selection. These problems have their roots in the situation where | |||
| end-hosts have multiple IP addresses. In this situation, every end- | end hosts have multiple IP addresses. In this situation, every end | |||
| host must choose an appropriate destination and source address, which | host must choose an appropriate destination and source address; this | |||
| cannot be achieved only by routers. | choice cannot be achieved only by routers. | |||
| It should be noted that end-hosts must be informed about routing | It should be noted that end hosts must be informed about routing | |||
| policies of their upstream networks for appropriate address | policies of their upstream networks for appropriate address | |||
| selection. A site administrator must consider every possible address | selection. A site administrator must consider every possible address | |||
| false-selection problem and take countermeasures beforehand. | false-selection problem and take countermeasures beforehand. | |||
| 4. Security Considerations | 4. Security Considerations | |||
| When an intermediate router performs policy routing (e.g. source | When an intermediate router performs policy routing (e.g., source- | |||
| address based routing), inappropriate address selection causes | address-based routing), inappropriate address selection causes | |||
| unexpected routing. For example, in the network described in 2.1.3, | unexpected routing. For example, in the network described in Section | |||
| when Host-A uses a default address selection policy and chooses an | 2.1.3, when Host-A uses a default address selection policy and | |||
| inappropriate address, a packet sent to VPN can be delivered to a | chooses an inappropriate address, a packet sent to a VPN can be | |||
| location via the Internet. This issue can lead to packet | delivered to a location via the Internet. This issue can lead to | |||
| eavesdropping or session hijack. However, sending the packet back to | packet eavesdropping or session hijack. However, sending the packet | |||
| the correct path from the attacker to the node is not easy, so these | back to the correct path from the attacker to the node is not easy, | |||
| two risks are not serious. | so these two risks are not serious. | |||
| As documented in the security consideration section in RFC 3484, | As documented in the Security Considerations section of RFC 3484, | |||
| address selection algorithms expose a potential privacy concern. | address selection algorithms expose a potential privacy concern. | |||
| When a malicious host can make a target host perform address | When a malicious host can make a target host perform address | |||
| selection, for example by sending a anycast or a multicast packet, | selection (for example, by sending an anycast or multicast packet), | |||
| the malicious host can get knowledge multiple addresses attached to | the malicious host can get knowledge of multiple addresses attached | |||
| the target host. In a case like 2.1.4, if an attacker can make Host | to the target host. In a case like Section 2.1.4, if an attacker can | |||
| to send a multicast packet and Host performs the default address | make the Host to send a multicast packet and the Host performs the | |||
| selection algorithm, the attacker may be able to determine the ULAs | default address selection algorithm, the attacker may be able to | |||
| attached to the Host. | determine the ULAs attached to the host. | |||
| These security risks have roots in inappropriate address selection. | These security risks have roots in inappropriate address selection. | |||
| Therefore, if a countermeasure is taken, and hosts always select an | Therefore, if a countermeasure is taken, and hosts always select an | |||
| appropriate address that is suitable to a site's network structure | appropriate address that is suitable to a site's network structure | |||
| and routing, these risks can be avoided. | and routing, these risks can be avoided. | |||
| 5. IANA Considerations | 5. Normative References | |||
| This document has no actions for IANA. | ||||
| 6. References | ||||
| 6.1. Normative References | ||||
| [RFC3041] Narten, T. and R. Draves, "Privacy Extensions for | [RFC3041] Narten, T. and R. Draves, "Privacy Extensions for | |||
| Stateless Address Autoconfiguration in IPv6", RFC 3041, | Stateless Address Autoconfiguration in IPv6", RFC 3041, | |||
| January 2001. | January 2001. | |||
| [RFC3484] Draves, R., "Default Address Selection for Internet | [RFC3484] Draves, R., "Default Address Selection for Internet | |||
| Protocol version 6 (IPv6)", RFC 3484, February 2003. | Protocol version 6 (IPv6)", RFC 3484, February 2003. | |||
| [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support | [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support | |||
| in IPv6", RFC 3775, June 2004. | in IPv6", RFC 3775, June 2004. | |||
| skipping to change at page 15, line 24 | skipping to change at page 16, line 5 | |||
| Address Autoconfiguration", RFC 4862, September 2007. | Address Autoconfiguration", RFC 4862, September 2007. | |||
| [RFC4864] Van de Velde, G., Hain, T., Droms, R., Carpenter, B., and | [RFC4864] Van de Velde, G., Hain, T., Droms, R., Carpenter, B., and | |||
| E. Klein, "Local Network Protection for IPv6", RFC 4864, | E. Klein, "Local Network Protection for IPv6", RFC 4864, | |||
| May 2007. | May 2007. | |||
| [RFC5014] Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6 | [RFC5014] Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6 | |||
| Socket API for Source Address Selection", RFC 5014, | Socket API for Source Address Selection", RFC 5014, | |||
| September 2007. | September 2007. | |||
| 6.2. Informative References | ||||
| Appendix A. Appendix. Revision History | ||||
| 01: | ||||
| IP address notations changed to documentation address. | ||||
| Description of solutions deleted. | ||||
| 02: | ||||
| Security considerations section rewritten according to comments | ||||
| from SECDIR. | ||||
| 03: | ||||
| Intended status changed to Informational. | ||||
| 04: | ||||
| This version reflects comments from IESG members. | ||||
| 05: | ||||
| This version reflects comments from IESG members and Bob Hinden. | ||||
| 06: | ||||
| This version reflects comments from Thomas Narten. | ||||
| 07: | ||||
| This version reflects comments from Alfred Hoenes. | ||||
| 08: | ||||
| Solution analysis for the section 2.1.6 was added. | ||||
| 09: | ||||
| Typos were fixed, thanks to Jari Arrko. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Arifumi Matsumoto | Arifumi Matsumoto | |||
| NTT PF Lab | NTT PF Lab | |||
| Midori-Cho 3-9-11 | Midori-Cho 3-9-11 | |||
| Musashino-shi, Tokyo 180-8585 | Musashino-shi, Tokyo 180-8585 | |||
| Japan | Japan | |||
| Phone: +81 422 59 3334 | Phone: +81 422 59 3334 | |||
| Email: arifumi@nttv6.net | EMail: arifumi@nttv6.net | |||
| Tomohiro Fujisaki | Tomohiro Fujisaki | |||
| NTT PF Lab | NTT PF Lab | |||
| Midori-Cho 3-9-11 | Midori-Cho 3-9-11 | |||
| Musashino-shi, Tokyo 180-8585 | Musashino-shi, Tokyo 180-8585 | |||
| Japan | Japan | |||
| Phone: +81 422 59 7351 | Phone: +81 422 59 7351 | |||
| Email: fujisaki@nttv6.net | EMail: fujisaki@nttv6.net | |||
| Ruri Hiromi | Ruri Hiromi | |||
| Intec Netcore, Inc. | Intec Netcore, Inc. | |||
| Shinsuna 1-3-3 | Shinsuna 1-3-3 | |||
| Koto-ku, Tokyo 136-0075 | Koto-ku, Tokyo 136-0075 | |||
| Japan | Japan | |||
| Phone: +81 3 5665 5069 | Phone: +81 3 5665 5069 | |||
| Email: hiromi@inetcore.com | EMail: hiromi@inetcore.com | |||
| Ken-ichi Kanayama | Ken-ichi Kanayama | |||
| INTEC Systems Institute, Inc. | INTEC Systems Institute, Inc. | |||
| Shimoshin-machi 5-33 | Shimoshin-machi 5-33 | |||
| Toyama-shi, Toyama 930-0804 | Toyama-shi, Toyama 930-0804 | |||
| Japan | Japan | |||
| Phone: +81 76 444 8088 | Phone: +81 76 444 8088 | |||
| Email: kanayama_kenichi@intec-si.co.jp | EMail: kanayama_kenichi@intec-si.co.jp | |||
| Full Copyright Statement | Full Copyright Statement | |||
| Copyright (C) The IETF Trust (2008). | Copyright (C) The IETF Trust (2008). | |||
| This document is subject to the rights, licenses and restrictions | This document is subject to the rights, licenses and restrictions | |||
| contained in BCP 78, and except as set forth therein, the authors | contained in BCP 78, and except as set forth therein, the authors | |||
| retain all their rights. | retain all their rights. | |||
| This document and the information contained herein are provided on an | This document and the information contained herein are provided on an | |||
| End of changes. 63 change blocks. | ||||
| 210 lines changed or deleted | 154 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||