--- 1/draft-ietf-v6ops-host-addr-availability-02.txt 2015-12-10 08:15:03.365389345 -0800 +++ 2/draft-ietf-v6ops-host-addr-availability-03.txt 2015-12-10 08:15:03.393390015 -0800 @@ -1,21 +1,21 @@ IPv6 Operations L. Colitti Internet-Draft V. Cerf Intended status: Best Current Practice Google -Expires: May 4, 2016 S. Cheshire +Expires: June 12, 2016 S. Cheshire D. Schinazi Apple Inc. - November 1, 2015 + December 10, 2015 Host address availability recommendations - draft-ietf-v6ops-host-addr-availability-02 + draft-ietf-v6ops-host-addr-availability-03 Abstract This document recommends that networks provide general-purpose end hosts with multiple global IPv6 addresses when they attach, and describes the benefits of and the options for doing so. Status of This Memo This Internet-Draft is submitted in full conformance with the @@ -24,21 +24,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on May 4, 2016. + This Internet-Draft will expire on June 12, 2016. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -57,22 +57,22 @@ 4. Problems with assigning a restricted number of addresses per host . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Overcoming limits using Network Address Translation . . . . . 5 6. Options for obtaining more than one address . . . . . . . . . 6 7. Number of addresses required . . . . . . . . . . . . . . . . 7 8. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 7 9. Operational considerations . . . . . . . . . . . . . . . . . 8 9.1. Stateful addressing and host tracking . . . . . . . . . . 8 9.2. Address space management . . . . . . . . . . . . . . . . 9 9.3. Addressing link layer scalability issues via IP routing . 9 - 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 - 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 + 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 + 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 12. Security Considerations . . . . . . . . . . . . . . . . . . . 10 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 13.1. Normative References . . . . . . . . . . . . . . . . . . 10 13.2. Informative References . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 1. Introduction In most aspects, the IPv6 protocol is very similar to IPv4. This similarity can create a tendency to think of IPv6 as 128-bit IPv4, @@ -407,61 +407,78 @@ IPv6 addresses. 9.3. Addressing link layer scalability issues via IP routing The number of IPv6 addresses on a link has direct impact for networking infrastructure nodes (routers, switches) and other nodes on the link. Setting aside exhaustion attacks via Layer 2 address spoofing, every (Layer 2, IP) address pair impacts networking hardware requirements in terms of memory, MLD snooping, solicited node multicast groups, etc. Many of these costs are incurred by - neighboring hosts. Switching to a DHCPv6 PD model means there are - only forwarding decisions, with only one routing entry and one ND - cache entry per device on the network. + neighboring hosts. + + Hosts on such networks that create unreasonable numbers of addresses + risk impairing network connectivity for themselves and other hosts on + the network, and in extreme cases (e.g., hundreds or thousands of + addresses) may even find their network access restricted by denial- + of-service protection mechanisms. We expect these scaling + limitations to change over time as hardware and applications evolve. + However, switching to a DHCPv6 PD model with one /64 prefix per host + resolves these scaling limitations, with only one routing entry and + one ND cache entry per device on the network. + + Also, a DHCPv6 PD model with a dedicated /64 per host makes it + possible for the host not to assign global IPv6 addresses directly to + its physical network interface, but instead to assign them to an + internal interface such as a loopback interface. This obviates the + need to perform Neighbour Discovery and Duplicate Address Detection + for anything other than the link-local address on its physical + network interface, reducing network traffic. 10. Acknowledgements - The authors thank Tore Anderson, Brian Carpenter, Wesley George, Erik - Kline, Shucheng (Will) Liu, Dieter Siegmund, Mark Smith, Sander - Steffann and James Woodyatt for their input and contributions. + The authors thank Tore Anderson, Brian Carpenter, David Farmer, + Wesley George, Erik Kline, Shucheng (Will) Liu, Dieter Siegmund, Mark + Smith, Sander Steffann and James Woodyatt for their input and + contributions. 11. IANA Considerations This memo includes no request to IANA. 12. Security Considerations None so far. 13. References 13.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate - Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ - RFC2119, March 1997, + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, . 13.2. Informative References [I-D.herbert-nvo3-ila] Herbert, T., "Identifier-locator addressing for network virtualization", draft-herbert-nvo3-ila-01 (work in progress), October 2015. [I-D.ietf-dhc-anonymity-profile] Huitema, C., Mrugalski, T., and S. Krishnan, "Anonymity profile for DHCP clients", draft-ietf-dhc-anonymity- profile-04 (work in progress), October 2015. [I-D.tsvwg-quic-protocol] - Jana, J. and I. Swett, "QUIC: A UDP-Based Secure and + Iyengar, J. and I. Swett, "QUIC: A UDP-Based Secure and Reliable Transport for HTTP/2", draft-tsvwg-quic- protocol-01 (work in progress), July 2015. [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., and E. Lear, "Address Allocation for Private Internets", BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996, . [RFC2993] Hain, T., "Architectural Implications of NAT", RFC 2993, DOI 10.17487/RFC2993, November 2000, @@ -479,70 +496,70 @@ [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, DOI 10.17487/RFC4291, February 2006, . [RFC4389] Thaler, D., Talwar, M., and C. Patel, "Neighbor Discovery Proxies (ND Proxy)", RFC 4389, DOI 10.17487/RFC4389, April 2006, . [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless - Address Autoconfiguration", RFC 4862, DOI 10.17487/ - RFC4862, September 2007, + Address Autoconfiguration", RFC 4862, + DOI 10.17487/RFC4862, September 2007, . [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, . [RFC5902] Thaler, D., Zhang, L., and G. Lebovitz, "IAB Thoughts on - IPv6 Network Address Translation", RFC 5902, DOI 10.17487/ - RFC5902, July 2010, + IPv6 Network Address Translation", RFC 5902, + DOI 10.17487/RFC5902, July 2010, . [RFC6434] Jankiewicz, E., Loughney, J., and T. Narten, "IPv6 Node Requirements", RFC 6434, DOI 10.17487/RFC6434, December 2011, . [RFC6459] Korhonen, J., Ed., Soininen, J., Patil, B., Savolainen, T., Bajko, G., and K. Iisakkila, "IPv6 in 3rd Generation Partnership Project (3GPP) Evolved Packet System (EPS)", RFC 6459, DOI 10.17487/RFC6459, January 2012, . [RFC6877] Mawatari, M., Kawashima, M., and C. Byrne, "464XLAT: - Combination of Stateful and Stateless Translation", RFC - 6877, DOI 10.17487/RFC6877, April 2013, + Combination of Stateful and Stateless Translation", + RFC 6877, DOI 10.17487/RFC6877, April 2013, . [RFC7039] Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt, Ed., "Source Address Validation Improvement (SAVI) Framework", RFC 7039, DOI 10.17487/RFC7039, October 2013, . [RFC7217] Gont, F., "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address - Autoconfiguration (SLAAC)", RFC 7217, DOI 10.17487/ - RFC7217, April 2014, + Autoconfiguration (SLAAC)", RFC 7217, + DOI 10.17487/RFC7217, April 2014, . [RFC7278] Byrne, C., Drown, D., and A. Vizdal, "Extending an IPv6 /64 Prefix from a Third Generation Partnership Project - (3GPP) Mobile Interface to a LAN Link", RFC 7278, DOI - 10.17487/RFC7278, June 2014, + (3GPP) Mobile Interface to a LAN Link", RFC 7278, + DOI 10.17487/RFC7278, June 2014, . [RFC7421] Carpenter, B., Ed., Chown, T., Gont, F., Jiang, S., Petrescu, A., and A. Yourtchenko, "Analysis of the 64-bit - Boundary in IPv6 Addressing", RFC 7421, DOI 10.17487/ - RFC7421, January 2015, + Boundary in IPv6 Addressing", RFC 7421, + DOI 10.17487/RFC7421, January 2015, . [TARP] Gleitz, PM. and SM. Bellovin, "Transient Addressing for Related Processes: Improved Firewalling by Using IPv6 and Multiple Addresses per Host", August 2001. Authors' Addresses Lorenzo Colitti Google