| draft-ietf-v6ops-ipv6-discard-prefix-02.txt | draft-ietf-v6ops-ipv6-discard-prefix-03.txt | |||
|---|---|---|---|---|
| v6ops Working Group N. Hilliard | v6ops Working Group N. Hilliard | |||
| Internet-Draft INEX | Internet-Draft INEX | |||
| Updates: 5156 (if approved) January 9, 2012 | Updates: 5156 (if approved) March 28, 2012 | |||
| Intended status: Informational | Intended status: Informational | |||
| Expires: July 12, 2012 | Expires: September 29, 2012 | |||
| A Discard Prefix for IPv6 | A Discard Prefix for IPv6 | |||
| draft-ietf-v6ops-ipv6-discard-prefix-02 | draft-ietf-v6ops-ipv6-discard-prefix-03 | |||
| Abstract | Abstract | |||
| Remote triggered black hole filtering describes a method of | Remote triggered black hole filtering describes a method of | |||
| militating against denial-of-service attacks by selectively | mitigating the effects of denial-of-service attacks by selectively | |||
| discarding traffic based on source or destination address. Remote | discarding traffic based on source or destination address. Remote | |||
| triggered black hole routing describes a method of selectively re- | triggered black hole routing describes a method of selectively re- | |||
| routing traffic into a sinkhole router (for further analysis) based | routing traffic into a sinkhole router (for further analysis) based | |||
| on destination address. This document updates RFC5156 by explaining | on destination address. This document updates RFC5156 by explaining | |||
| why a unique IPv6 prefix should be formally assigned by IANA for the | why a unique IPv6 prefix should be formally assigned by IANA for the | |||
| purpose of facilitating IPv6 remote triggered black hole filtering | purpose of facilitating IPv6 remote triggered black hole filtering | |||
| and routing. | and routing. | |||
| Status of this Memo | Status of this Memo | |||
| skipping to change at page 1, line 39 | skipping to change at page 1, line 39 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 12, 2012. | This Internet-Draft will expire on September 29, 2012. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3 | 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3 | |||
| 2. A Discard Prefix for IPv6 . . . . . . . . . . . . . . . . . . . 4 | 2. A Discard Prefix for IPv6 . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Operational Implications . . . . . . . . . . . . . . . . . . . 4 | 3. Operational Implications . . . . . . . . . . . . . . . . . . . 4 | |||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 | |||
| 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6.1. Normative References . . . . . . . . . . . . . . . . . . . 5 | 6.1. Normative References . . . . . . . . . . . . . . . . . . . 5 | |||
| 6.2. Informative References . . . . . . . . . . . . . . . . . . 5 | 6.2. Informative References . . . . . . . . . . . . . . . . . . 5 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 5 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 1. Introduction | 1. Introduction | |||
| Remote triggered black hole (RTBH) filtering describes a class of | Remote triggered black hole (RTBH) filtering describes a class of | |||
| methods of blocking IP traffic either from a specific source | methods of blocking IP traffic either from a specific source | |||
| ([RFC5635]) or to a specific destination ([RFC3882]) on a network. | ([RFC5635]) or to a specific destination ([RFC3882]) on a network. | |||
| Remote triggered black hole (RTBH) routing describes a class of | RTBH routing describes a class of methods of re-routing IP traffic | |||
| methods of re-routing IP traffic destined to the attacked/targeted | destined to the attacked/targeted host to a special path (tunnel) | |||
| host to a special path (tunnel) where a sniffer could capture the | where a sniffer could capture the traffic for analysis. Both these | |||
| traffic for analysis. These methods operate by setting the next-hop | methods operate by setting the next-hop address of an IP packet with | |||
| address of an IP packet with a specified source or destination | a specified source or destination address to be a unicast prefix | |||
| address to be a unicast prefix which is wired locally or remotely to | which is connected locally or remotely to a router's discard, null or | |||
| a router's discard, null or tunnel interface. Typically, this | tunnel interface. Typically, reachability information for this | |||
| information is propagated throughout an autonomous system using a | prefix is propagated throughout an autonomous system using a dynamic | |||
| dynamic routing protocol such as BGP ([RFC3882]). By deploying RTBH | routing protocol such as BGP ([RFC3882]). By deploying RTBH systems | |||
| systems across a network, traffic to or from specific destinations | across a network, traffic to or from specific destinations may be | |||
| may be selectively black-holed or re-routed to a sinkhole device in a | selectively black-holed or re-routed to a sinkhole device in a manner | |||
| manner which is efficient, scalable and straightforward to implement. | which is efficient, scalable and straightforward to implement. | |||
| For IPv4, some networks configure RTBH installations using [RFC1918] | ||||
| address space or the address blocks reserved for documentation in | ||||
| [RFC5737]. | ||||
| However RTBH configurations are not documentation, but operationally | On some networks, operators configure RTBH installations using | |||
| [RFC1918] address space or the address blocks reserved for | ||||
| documentation in [RFC5737]. This approach is inadequate because RTBH | ||||
| configurations are not documentation, but rather operationally | ||||
| important features of many public-facing production networks. | important features of many public-facing production networks. | |||
| Furthermore, [RFC3849] specifies that the IPv6 documentation prefix | Furthermore, [RFC3849] specifies that the IPv6 documentation prefix | |||
| should be filtered in both local and public contexts. On this basis, | should be filtered in both local and public contexts. On this basis, | |||
| it is suggested that both private network address blocks and | it is suggested that both private network address blocks and the | |||
| documentation prefixes described in [RFC5737] are inappropriate for | documentation prefixes described in [RFC5737] are inappropriate for | |||
| the purpose of RTBH configurations. | RTBH configurations, and that a dedicated IPv6 prefix should be | |||
| assigned instead. | ||||
| While it could be argued that there are other addresses and address | ||||
| prefixes which could be used for this purpose (e.g. ::/128), or that | ||||
| an operator could assign an address block from their own address | ||||
| space for this purposes, there is currently no operational clarity on | ||||
| what address block would be appropriate or inappropriate to use for | ||||
| this purpose. By assigning a globally unique discard prefix for | ||||
| IPv6, the IETF will introduce good practice for the implementation of | ||||
| IPv6 RTBH configurations and will facilitate operational clarity by | ||||
| allowing operators to implement consistent and deterministic inter- | ||||
| domain prefix and traffic filtering policies for black-holed traffic. | ||||
| This document updates [RFC5156]. | This document updates [RFC5156]. | |||
| 1.1. Notational Conventions | 1.1. Notational Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| 2. A Discard Prefix for IPv6 | 2. A Discard Prefix for IPv6 | |||
| For the purposes of implementing an IPv6 remote triggered black hole | For the purposes of implementing an IPv6 remote triggered black hole | |||
| configuration, a unicast address block is required. There are | configuration, a unicast address block is required. There are | |||
| currently no IPv6 unicast address blocks which are specifically | currently no IPv6 unicast address blocks which are specifically | |||
| nominated for the purposes of implementing such RTBH systems. | nominated for the purposes of implementing such RTBH systems. | |||
| While it could be argued that there are other addresses and address | ||||
| prefixes which could be used for this purpose (e.g. documentation | ||||
| prefixes, private address space), or that an operator could assign an | ||||
| address block from their own address space for this purposes, there | ||||
| is currently no operational clarity on what address block would be | ||||
| appropriate or inappropriate to use for this purpose. By assigning a | ||||
| globally unique discard prefix for IPv6, the IETF will introduce good | ||||
| practice for the implementation of IPv6 RTBH configurations and will | ||||
| facilitate operational clarity by allowing operators to implement | ||||
| consistent and deterministic inter-domain prefix and traffic | ||||
| filtering policies for black-holed traffic. | ||||
| As [RFC3882] and [RFC5635] describe situations where more than one | As [RFC3882] and [RFC5635] describe situations where more than one | |||
| discard address may be used for implementing multiple remote | discard address may be used for implementing multiple remote | |||
| triggered black hole scenarios, a single assigned prefix is not | triggered black hole scenarios, a single address is not sufficient to | |||
| sufficient to cover all likely RTBH situations. Consequently, an | cover all likely RTBH situations. Consequently, an address block is | |||
| address block is required in preference to a single address. | required. | |||
| 3. Operational Implications | 3. Operational Implications | |||
| This assignment MAY be carried in a dynamic routing protocol within | This assignment MAY be carried in a dynamic routing protocol within | |||
| an autonomous system. The assignment SHOULD NOT be announced to or | an autonomous system. The assignment SHOULD NOT be announced to or | |||
| accepted from third party autonomous systems and IPv6 traffic with a | accepted from third party autonomous systems and IPv6 traffic with a | |||
| destination address within this prefix SHOULD NOT be forwarded to or | destination address within this prefix SHOULD NOT be forwarded to or | |||
| accepted from third party autonomous systems. | accepted from third party autonomous systems. If the prefix or a | |||
| subnet of the prefix is inadvertently announced to or accepted from a | ||||
| third party autonomous system, this may cause excessive volumes of | ||||
| traffic to pass unintentionally between the the two networks, which | ||||
| would aggravate the effect of a denial-of-service attack. | ||||
| On networks which implement IPv6 remote triggered black holes, some | On networks which implement IPv6 remote triggered black holes, some | |||
| or all of this network block MAY be configured with a destination of | or all of this network block MAY be configured with a next-hop | |||
| a discard or null interface on any or all IPv6 routers within the | destination of a discard or null interface on any or all IPv6 routers | |||
| autonomous system. | within the autonomous system. | |||
| 4. IANA Considerations | 4. IANA Considerations | |||
| This document directs IANA to record the allocation of the IPv6 | This document directs IANA to record the allocation of the IPv6 | |||
| address prefix xxxx/64 as a discard-only prefix in the IPv6 Address | address prefix xxxx/64 as a discard-only prefix in the IPv6 Address | |||
| Space registry. No end party is to be assigned this prefix. The | Space registry. No end party is to be assigned this prefix. The | |||
| prefix should be allocated from ::/3. | prefix should be allocated from ::/3. | |||
| 5. Security Considerations | 5. Security Considerations | |||
| As the prefix specified in this document should not normally be | As the prefix specified in this document ought not normally be | |||
| transmitted or accepted over inter-domain BGP sessions, it is usually | transmitted or accepted over inter-domain BGP sessions for the | |||
| appropriate to include this prefix in inter-domain BGP prefix filters | reasons described in Section 3, it is usually appropriate to include | |||
| [RFC3704]. | this prefix in inter-domain BGP prefix filters [RFC3704]. | |||
| 6. References | 6. References | |||
| 6.1. Normative References | 6.1. Normative References | |||
| [RFC3882] Turk, D., "Configuring BGP to Block Denial-of-Service | [RFC3882] Turk, D., "Configuring BGP to Block Denial-of-Service | |||
| Attacks", RFC 3882, September 2004. | Attacks", RFC 3882, September 2004. | |||
| [RFC5156] Blanchet, M., "Special-Use IPv6 Addresses", RFC 5156, | [RFC5156] Blanchet, M., "Special-Use IPv6 Addresses", RFC 5156, | |||
| April 2008. | April 2008. | |||
| [RFC5635] Kumari, W. and D. McPherson, "Remote Triggered Black Hole | [RFC5635] Kumari, W. and D. McPherson, "Remote Triggered Black Hole | |||
| Filtering with Unicast Reverse Path Forwarding (uRPF)", | Filtering with Unicast Reverse Path Forwarding (uRPF)", | |||
| End of changes. 16 change blocks. | ||||
| 46 lines changed or deleted | 53 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||