Scope of Unique Local IPv6 Unicast Addresses
draft-gont-6man-ipv6-ula-scope-00

Document Type Active Internet-Draft (individual)
Author Fernando Gont 
Last updated 2021-01-05
Stream (None)
Intended RFC status (None)
Formats plain text pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
IPv6 maintenance Working Group (6man)                            F. Gont
Internet-Draft                                              SI6 Networks
Updates: 4291, 4193, 8190 (if approved)                  January 5, 2021
Intended status: Standards Track
Expires: July 9, 2021

              Scope of Unique Local IPv6 Unicast Addresses
                   draft-gont-6man-ipv6-ula-scope-00

Abstract

   Unique Local IPv6 Unicast Addresses (ULAs) are formally part of the
   IPv6 Global Unicast address space.  However, the semantics of ULAs
   clearly contradict the definition of "global scope".  This document
   discusses the why the terminology employed for the specification of
   ULAs is problematic, along with some practical consequences of the
   current specification of ULAs.  Finally, it formally updates RFC4291
   and RFC4193 such that the scope of ULAs is defined as "local".

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on July 9, 2021.

Copyright Notice

   Copyright (c) 2021 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must

Gont                      Expires July 9, 2021                  [Page 1]
Internet-Draft                  ULA Scope                   January 2021

   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  What Does 'Global Scope' mean?  . . . . . . . . . . . . . . .   2
   3.  Scope of Unique Local IPv6 Unicast Addresses  . . . . . . . .   3
   4.  Problems with the Definition of the ULA Scope . . . . . . . .   4
   5.  Practical Consequences  . . . . . . . . . . . . . . . . . . .   4
     5.1.  Address Attributes in Programming Languages . . . . . . .   5
   6.  Specification Updates . . . . . . . . . . . . . . . . . . . .   5
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
   8.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   9.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   7
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     10.1.  Normative References . . . . . . . . . . . . . . . . . .   7
     10.2.  Informative References . . . . . . . . . . . . . . . . .   8
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   Unique Local IPv6 Unicast Addresses (commonly referred to as "ULAs")
   [RFC4193] are formally part of the IPv6 Global Unicast address space.
   However, the semantics of ULAs clearly contradict the definition of
   "global scope" [RFC4007].

   This document discussed the specification of ULAs and, in particular,
   of their associated scope.  Additionally, it discusses how the
   semantics of ULAs contradicts their formal address scope along with
   some and practical consequences of this problematic definition.
   Finally, this document formally updates RFC4193 and RFC4291, such
   that ULAs are defined to have "local scope" (larger than link-local,
   and smaller than "global").

      The problematic definition of ULAs was initially encountered when
      analyzing IPv6 address properties while working on
      [I-D.gont-v6ops-ipv6-addressing-considerations].  The issue became
      fully-evident from discussions with Brian Carpenter, both off-list
      and on-list [v6ops-thread].

2.  What Does 'Global Scope' mean?

   [RFC4007] defines the scope of an address as:

      "[the] topological span within which the address may be used as a
      unique identifier for an interface or set of interfaces"

Gont                      Expires July 9, 2021                  [Page 2]
Internet-Draft                  ULA Scope                   January 2021

   And defines the "global scope" to be used for:

      "uniquely identifying interfaces anywhere in the Internet"

3.  Scope of Unique Local IPv6 Unicast Addresses

   [RFC4193] formally specifies Unique Local IPv6 Unicast Addresses.
   [RFC4193] did not formally update [RFC3513], the current IPv6
   Addressing Architecture at the time [RFC4193] was published.
   Therefore, ULAs were specified as a different address type, but
   rather as part of the Global Unicast address space.

   [RFC3513] was eventually obsoleted by [RFC4291] (current revision of
   the IPv6 Addressing Architecture), but still did not formally
   accommodate ULAs into the IPv6 Addressing Architecture.  For
   instance, Section 2.4 of [RFC4291] notes that the type of an IPv6
   address is identified by the high-order bits of the address, as
   follows:

     Address type         Binary prefix        IPv6 notation   Section
     ------------         -------------        -------------   -------
     Unspecified          00...0  (128 bits)   ::/128          2.5.2
     Loopback             00...1  (128 bits)   ::1/128         2.5.3
     Multicast            11111111             FF00::/8        2.7
     Link-Local unicast   1111111010           FE80::/10       2.5.6
     Global Unicast       (everything else)

   and subsequently notes that:

      "Future specifications may redefine one or more sub-ranges of the
      Global Unicast space for other purposes, but unless and until that
      happens, implementations must treat all addresses that do not
      start with any of the above-listed prefixes as Global Unicast
      addresses."

   Therefore, ULAs still formally belong to the Global Unicast address
   space.

   Additionally, Section 3.3 of [RFC4193] (the specification of Unique
   Local IPv6 Unicast Addresses) defines the scope of ULAs as:

      "By default, the scope of these addresses is global.  That is,
      they are not limited by ambiguity like the site-local addresses
      defined in [ADDARCH].  Rather, these prefixes are globally unique,
      and as such, their applicability is greater than site-local
      addresses."

Gont                      Expires July 9, 2021                  [Page 3]
Internet-Draft                  ULA Scope                   January 2021

4.  Problems with the Definition of the ULA Scope

   Section 3.3 of [RFC4193] (the specification of Unique Local IPv6
   Unicast Addresses) defines the scope of ULAs as:

      "By default, the scope of these addresses is global.  That is,
      they are not limited by ambiguity like the site-local addresses
      defined in [ADDARCH].  Rather, these prefixes are globally unique,
      and as such, their applicability is greater than site-local
      addresses.  Their limitation is in the routability of the
      prefixes, which is limited to a site and any explicit routing
      agreements with other sites to propagate them (also see
      Section 4.1).  Also, unlike site-locals, a site may have more than
      one of these prefixes and use them at the same time."

   However, there is a problem in this analysis: ULA prefixes have a
   finite probability of being globally unique.  For instance,
   Section 3.2.3 of [RFC4193] computes the probability of collisions
   *when inter-connecting a limited number of networks employing ULAs*.
   As such, based on the definition of "scope" and "global scope" (see
   Section 2), ULAs cannot possibly have a "global scope" -- their scope
   is certainly smaller than "global".  And this non-global scope does
   limit the global routability of ULAs since, in principle, an address
   cannot be routed outside of its associated zone.

      The only ULAs that could possibly have "global scope" are the so-
      called ULA-C [I-D.ietf-ipv6-ula-central], that have so far *not*
      been formally specified.

   It should be noted that the non-global scope of ULAs does not
   preclude their usage for e.g. inter-site Virtual Private Networks
   (VPN), as discussed in Section 4.7 of [RFC4193].  For example, the
   private address space specified in [RFC1918] for IPv4 networks has
   non-global scope, but still is regularly used for inter-site VPNs.
   ULAs having a non-global scope simply means that while allocating
   "Global IDs" from a Pseudo-Random Number Generator (PRNG) reduces the
   probability of collisions of Global IDs *when a limited number of
   networks employing ULAs are interconnected*, ULA prefixes cannot be
   expected to be globally unique.

      "Global scope" would imply that all ULA prefixes in use by any
      networks, whether interconnected or not, are unique.

5.  Practical Consequences

Gont                      Expires July 9, 2021                  [Page 4]
Internet-Draft                  ULA Scope                   January 2021

5.1.  Address Attributes in Programming Languages

   Python's ipaddress library [Python-ipaddr] defines 'IPv6Address'
   objects that have a number of attributes, including:

   o  'True' if the address is allocated for private networks.

   o  'True' if the address is allocated for public networks.

   For ULAs, the is_private attribute is 'True', while the is_global
   attribute is 'False'.  This contradicts the definition of ULAs as
   having "global scope" [RFC4291] [RFC4193], but is in line with the
   specification update performed by this document (see Section 6).

6.  Specification Updates

   The ultimate goal is to employ coherent terminology and definitions
   throughout the relevant protocol specifications.  Probably the only
   option to achieve this goal is update the definition of ULAs as
   having "local scope", with "local scope" defined as "larger than
   link-local, and smaller than global" (based on ULAs being defined as
   "local addresses").

   o  [TBD: Analyze possible implications on Default Address Selection
      for Internet Protocol Version 6 (IPv6) [RFC6724].]

   The following table from Section 2.4 of [RFC4291]:

   ---- cut here ----
     Address type         Binary prefix        IPv6 notation   Section
     ------------         -------------        -------------   -------
     Unspecified          00...0  (128 bits)   ::/128          2.5.2
     Loopback             00...1  (128 bits)   ::1/128         2.5.3
     Multicast            11111111             FF00::/8        2.7
     Link-Local unicast   1111111010           FE80::/10       2.5.6
     Global Unicast       (everything else)
   ---- cut here ----

   is replaced with:

Gont                      Expires July 9, 2021                  [Page 5]
Internet-Draft                  ULA Scope                   January 2021

   ---- cut here ----
   Address type         Binary prefix       IPv6 notation  Reference
   ------------         -------------       -------------  ---------
   Unspecified          00...0  (128 bits)  ::/128         Sec. 2.5.2
   Loopback             00...1  (128 bits)  ::1/128        Sec. 2.5.3
   Unique Local unicast 1111110             FC00::/7       [RFC4193]
   Multicast            11111111            FF00::/8       Sec. 2.7
   Link-Local unicast   1111111010          FE80::/10      Sec. 2.5.6
   Global Unicast       (everything else)
   ---- cut here ----

   The following text from Section 3.3 of [RFC4193]:

   ---- cut here ----
   By default, the scope of these addresses is global.  That is, they
   are not limited by ambiguity like the site-local addresses defined in
   [ADDARCH].  Rather, these prefixes are globally unique, and as such,
   their applicability is greater than site-local addresses.  Their
   limitation is in the routability of the prefixes, which is limited to
   a site and any explicit routing agreements with other sites to
   propagate them (also see Section 4.1).  Also, unlike site-locals, a
   site may have more than one of these prefixes and use them at the
   same time.
   ---- cut here ----

   is replaced with:

   ---- cut here ----
   The scope of these addresses is 'local', defined to be 'larger than
   link-local, but smaller than global'. Their limitation is in the
   routability of the prefixes, generally limited by any explicit
   routing agreements with other autonomous systems (ASes) to propagate
   them, and normally limited by the Default-Free Zone (DFZ) (also see
   Section 4.1).
   ---- cut here ----

7.  IANA Considerations

   The IANA is instructed to update the "IANA IPv6 Special-Purpose
   Address Registry" [IANA-ADDR-REG] by adding a "[RFCXXXX]" to the
   "RFC" column corresponding to the "fc00::/7" address block.

   Additionally, the following footnote:

      [4] See [RFC4193] for more details on the routability of Unique-
      Local addresses.  The Unique-Local prefix is drawn from the IPv6
      Global Unicast Address range, but is specified as not globally
      routed.

Gont                      Expires July 9, 2021                  [Page 6]
Internet-Draft                  ULA Scope                   January 2021

   must be replaced with:

      [4] See [RFC4193] for more details on the routability of Unique-
      Local addresses, and [RFCXXXX] for details on the scope of Unique-
      Local addresses.

   NOTE: [RFCXXXX] represents the RFC number assigned by the RFC Editor
   upon publication of this document as an RFC.

8.  Security Considerations

   This document does not introduce any new security considerations.

9.  Acknowledgements

   Fernando Gont would like to thank Brian Carpenter and Bob Hinden, for
   providing valuable comments on earlier versions of this document.

   Fernando Gont would like to thank Brian Carpenter for his end-less
   help, and for the discussion that eventually led to this document.

10.  References

10.1.  Normative References

   [RFC1918]  Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,
              and E. Lear, "Address Allocation for Private Internets",
              BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996,
              <https://www.rfc-editor.org/info/rfc1918>.

   [RFC4007]  Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and
              B. Zill, "IPv6 Scoped Address Architecture", RFC 4007,
              DOI 10.17487/RFC4007, March 2005,
              <https://www.rfc-editor.org/info/rfc4007>.

   [RFC4193]  Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
              Addresses", RFC 4193, DOI 10.17487/RFC4193, October 2005,
              <https://www.rfc-editor.org/info/rfc4193>.

   [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing
              Architecture", RFC 4291, DOI 10.17487/RFC4291, February
              2006, <https://www.rfc-editor.org/info/rfc4291>.

   [RFC8190]  Bonica, R., Cotton, M., Haberman, B., and L. Vegoda,
              "Updates to the Special-Purpose IP Address Registries",
              BCP 153, RFC 8190, DOI 10.17487/RFC8190, June 2017,
              <https://www.rfc-editor.org/info/rfc8190>.

Gont                      Expires July 9, 2021                  [Page 7]
Internet-Draft                  ULA Scope                   January 2021

10.2.  Informative References

   [I-D.gont-v6ops-ipv6-addressing-considerations]
              Gont, F. and G. Gont, "IPv6 Addressing Considerations",
              draft-gont-v6ops-ipv6-addressing-considerations-00 (work
              in progress), December 2020.

   [I-D.ietf-ipv6-ula-central]
              Hinden, R., "Centrally Assigned Unique Local IPv6 Unicast
              Addresses", draft-ietf-ipv6-ula-central-02 (work in
              progress), June 2007.

   [IANA-ADDR-REG]
              IANA, "IANA IPv6 Special-Purpose Address Registry",
              <https://www.iana.org/assignments/iana-ipv6-special-
              registry/iana-ipv6-special-registry.xhtml>.

   [Python-ipaddr]
              Python 3.3, "ipaddress -- IPv4/IPv6 manipulation library",
              <https://docs.python.org/3/library/ipaddress.html>.

   [RFC3513]  Hinden, R. and S. Deering, "Internet Protocol Version 6
              (IPv6) Addressing Architecture", RFC 3513,
              DOI 10.17487/RFC3513, April 2003,
              <https://www.rfc-editor.org/info/rfc3513>.

   [RFC6724]  Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown,
              "Default Address Selection for Internet Protocol Version 6
              (IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012,
              <https://www.rfc-editor.org/info/rfc6724>.

   [v6ops-thread]
              v6ops wg, "[v6ops] I-D Action: draft-gont-v6ops-ipv6-
              addressing-considerations-00.txt",  email thread on the
              v6ops wg mailing-list, 2020,
              <https://mailarchive.ietf.org/arch/msg/v6ops/b7r35HgOb-
              6dfxsDoW8c4FtGnZo//>.

Author's Address

   Fernando Gont
   SI6 Networks
   Segurola y Habana 4310, 7mo Piso
   Villa Devoto, Ciudad Autonoma de Buenos Aires
   Argentina

   Email: fgont@si6networks.com
   URI:   https://www.si6networks.com

Gont                      Expires July 9, 2021                  [Page 8]