Network Working Group F. Templin, Ed.
Internet-Draft Boeing Research & Technology
Intended status: Informational September 22, 2017
Expires: March 26, 2018
IPv6 Prefix Delegation for End Systems
draft-templin-v6ops-pdhost-10.txt
Abstract
IPv6 prefixes are typically delegated to requesting routers which
then use them to number their downstream-attached links and networks.
This document considers the case when the requesting router is an end
system which receives a delegated prefix that it can use for its own
sub-delegation and/or multi-addressing purposes.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 26, 2018.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Templin Expires March 26, 2018 [Page 1]
Internet-Draft Prefix Delegation for End Systems September 2017
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Multi-Addressing Considerations . . . . . . . . . . . . . . . 6
4. Multi-Addressing Alternatives for Delegated Prefixes . . . . 6
5. MLD/DAD Implications . . . . . . . . . . . . . . . . . . . . 7
6. Dynamic Routing Protocol Implications . . . . . . . . . . . . 7
7. IPv6 Neighbor Discovery Implications . . . . . . . . . . . . 8
8. ICMPv6 Implications . . . . . . . . . . . . . . . . . . . . . 8
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
10. Security Considerations . . . . . . . . . . . . . . . . . . . 9
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
12.1. Normative References . . . . . . . . . . . . . . . . . . 9
12.2. Informative References . . . . . . . . . . . . . . . . . 10
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction
IPv6 Prefix Delegation (PD) entails 1) the communication of a prefix
from a delegating router to a requesting router, 2) a representation
of the prefix in the delegating router's routing table, and 3) a
control messaging service between the delegating and requesting
routers to maintain prefix lifetimes. Following delegation, the
prefix is available for the requesting router's exclusive use and is
not shared with any other nodes. An example IPv6 PD service is the
Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
[RFC3315][RFC3633].
This document considers the case when the requesting router is
actually an end system (ES) that can act as a router on behalf of its
downstream networks and as a host on behalf of its local
applications. The following paragraphs present possibilities for ES
behavior upon receipt of a delegated prefix.
For ESes that connect downstream-attached (aka "tethered") networks,
a Delegating Router 'D' delegates a prefix 'P' to a Requesting ES 'R'
as shown in Figure 1:
Templin Expires March 26, 2018 [Page 2]
Internet-Draft Prefix Delegation for End Systems September 2017
+---------------------+
|Delegating Router 'D'|
| (Delegate 'P') |
+----------+----------+
|
| Upstream link
|
+----------+----------+
| Upstream Interface |
+---------------------+
| |
| Requesting ES 'R' |
| (Receive 'P') |
| |
+---------------------+
| Downstream Interface|
+--+-+--+-+--+-----+--+
|A1| |A2| |A3| ... |An|
+--+-+--+-++-+-----+--+
|
| Downstream link
|
X----+-------------+--------+----+---------------+---X
| | | |
+---++-+--+ +---++-+--+ +---++-+--+ +---++-+--+
| |X1| | | |X2| | | |X3| | | |Xn| |
| +--+ | | +--+ | | +--+ | | +--+ |
| Host H1 | | Host H2 | | Host H3 | ... | Host Hn |
+---------+ +---------+ +---------+ +---------+
<-------------- Tethered Network ------------->
Figure 1: Classic Routing End System Model
In this figure, when Delegating Router 'D' delegates prefix 'P', it
inserts 'P' into its routing table with Requesting ES 'R' as the next
hop. Meanwhile, 'R' receives 'P' via an upstream interface and sub-
delegates 'P' to its downstream external (physical) and/or internal
(virtual) networks. R assigns addresses 'A(i)' taken from 'P' to
downstream interfaces, and Hosts 'H(i)' on downstream networks assign
addresses 'X(i)' taken from 'P' to their interface connections to the
downstream link. 'R' then acts as a router between hosts 'H(i)' on
downstream links and correspondents reachable via other interfaces.
This document also considers the case when 'R' does not have any
physical downstream interfaces, and can use 'P' solely for its own
internal addressing purposes. In that case, 'R' assigns 'P' to a
Templin Expires March 26, 2018 [Page 3]
Internet-Draft Prefix Delegation for End Systems September 2017
virtual interface (e.g., a loopback), and acts as a router that
forwards packets between the upstream and virtual interfaces.
'R' can then function under the weak end system model
[RFC1122][RFC8028] by assigning addresses taken from 'P' to a virtual
interface as shown in Figure 2:
+---------------------+
|Delegating Router 'D'|
| (Delegate 'P') |
+----------+----------+
|
| Upstream link
|
+----------+----------+
| Upstream Interface |
+---------------------+
| |
| Requesting ES 'R' |
| (Receive 'P') |
| |
+---------------------+
| Virtual Interface |
+--+-+--+-+--+-----+--+
|A1| |A2| |A3| ... |An|
+--+-+--+-+--+-----+--+
Figure 2: Weak End System Model
'R' could instead function under the strong end system model
[RFC1122][RFC8028] by assigning IPv6 addresses taken from 'P' to an
upstream interface as shown in Figure 3:
Templin Expires March 26, 2018 [Page 4]
Internet-Draft Prefix Delegation for End Systems September 2017
+---------------------+
|Delegating Router 'D'|
| (Delegate 'P') |
+----------+----------+
|
| Upstream link
|
+----------+----------+
| Upstream Interface |
+--+-+--+-+--+-----+--+
|A1| |A2| |A3| ... |An|
+--+-+--+-+--+-----+--+
| |
| Requesting ES 'R' |
| (Receive 'P') |
| |
+---------------------+
| Virtual Interface |
+---------------------+
Figure 3: Strong End System Model
The major benefit for an ES managing a delegated prefix in either the
weak or strong end system models is multi-addressing. With multi-
addressing, the ES can configure an unlimited supply of addresses to
make them available for local applications without requiring
coordination with any other nodes on upstream interfaces.
The following sections present considerations for ESes that employ
prefix delegation mechanisms.
2. Terminology
The terminology of the normative references apply. The following
terms are defined for the purposes of this document:
node, host, router
the same as defined in [RFC8200].
End System (ES)
a node that acts as a host on behalf of its local applications and
as a router on behalf of its downstream interface(s), but does not
forward packets received on an upstream interface via the same or
a different upstream interface (see: Security Considerations).
shared prefix
Templin Expires March 26, 2018 [Page 5]
Internet-Draft Prefix Delegation for End Systems September 2017
an IPv6 prefix that may be advertised to more than one node on the
link, e.g., in a Router Advertisement (RA) message Prefix
Information Option (PIO) [RFC4861].
individual prefix
an IPv6 prefix that is advertised to exactly one node on the link
(e.g., in an RA PIO), where the node is a passive recipient of the
prefix.
delegated prefix
an IPv6 prefix that is conveyed to an ES for its own exclusive
use, where the ES is an active participant in the prefix
delegation and maintenance procedures.
3. Multi-Addressing Considerations
IPv6 allows nodes to assign multiple addresses to a single interface.
[RFC7934] discusses options for multi-addressing as well as use cases
where multi-addressing may be desirable. Address configuration
options for multi-addressing include StateLess Address
AutoConfiguration (SLAAC) [RFC4862], stateful DHCPv6 address
configuration [RFC3315], manual configuration, etc.
ESes configure addresses from a shared or individual prefix and
assign them to the upstream interface over which the prefix was
received. When it assigns the addresses, the ES is required to use
Multicast Listener Discovery (MLD) [RFC3810] to join the appropriate
solicited-node multicast group(s) and to use the Duplicate Address
Detection (DAD) algorithm [RFC4862] to ensure that no other node
configures a duplicate address.
In contrast, an ES that uses address configuration from a delegated
prefix can assign addresses without invoking MLD/DAD on an upstream
interface, since the prefix has been delegated to the ES for its own
exclusive use and is not shared with any other nodes.
4. Multi-Addressing Alternatives for Delegated Prefixes
When an ES receives a prefix delegation, it has many alternatives for
provisioning the prefix. [RFC7278] discusses alternatives for
provisioning a prefix obtained by a User Equipment (UE) device under
the 3rd Generation Partnership Program (3GPP) service model. This
document considers the more general case when the ES receives a
prefix delegation in which the prefix is explicitly delegated for its
own exclusive use.
When the ES receives the prefix, it can distribute the prefix to
downstream interfaces and configure one or more addresses for itself
Templin Expires March 26, 2018 [Page 6]
Internet-Draft Prefix Delegation for End Systems September 2017
on downstream interfaces. The ES then acts as a router on behalf of
its downstream-attached networks and configures a default route via a
neighbor on an upstream interface.
The ES could instead (or in addition) use portions of the delegated
prefix for its own multi-addressing purposes. In a first
alternative, the ES can assign the prefix to a virtual interface and
assign one or more addresses taken from the prefix to virtual
interfaces. In that case, ES applications can use the assigned
addresses according to the weak end system model.
In a second alternative, the ES can assign the prefix to a virtual
interface and assign one or more addresses taken from the prefix to
the upstream interface over which the prefix was received. In that
case, ES applications can use the assigned addresses according to the
strong end system model.
In both of these latter two cases, the ES acts as a host on behalf of
its local applications and as a router from the standpoint of packet
forwarding, prefix delegation and neighbor discovery over upstream
interfaces. The ES can configure as many addresses for itself as it
wants.
5. MLD/DAD Implications
When an ES configures addresses for itself from a shared or
individual prefix, the ES performs MLD/DAD by sending multicast
messages over upstream interfaces to test whether there is another
node on the link that configures a duplicate address. When there are
many such addresses and/or many such nodes, this could result in
substantial multicast traffic that affects all nodes on the link.
When an ES configures addresses for itself from a delegated prefix,
the ES can configure as many addresses as it wants but does not
perform MLD/DAD for any of the addresses over upstream interfaces.
This means that the ES can configure arbitrarily many addresses
without causing any multicast messaging over the upstream interface
that could disturb other nodes.
6. Dynamic Routing Protocol Implications
The ES can be configured to either participate or not participate in
a dynamic routing protocol over the upstream interface, according to
the deployment model. When there are many ESes on the upstream link,
dynamic routing protocol participation might be impractical due to
scaling limitations, and may also be exacerbated by factors such as
ES mobility.
Templin Expires March 26, 2018 [Page 7]
Internet-Draft Prefix Delegation for End Systems September 2017
Unless it participates in a dynamic routing protocol, the ES
initially has only a default route pointing to a neighbor via an
upstream interface. This means that packets sent by the ES over an
upstream interface will initially go through a default router even if
there is a better first-hop node on the link.
7. IPv6 Neighbor Discovery Implications
The ES acts as a simple host to send Router Solicitation (RS)
messages over upstream interfaces (i.e., the same as described in
Section 4.2 of [RFC7084]) but also sets the "Router" flag to TRUE in
any Neighbor Advertisement messages it sends. The ES does not send
RA messages over upstream interfaces.
The current first-hop router may send a Redirect message that updates
the ES's neighbor cache so that future packets can use a better
first-hop node on the link. The Redirect can apply either to a
singleton destination address, or to an entire destination prefix as
described in [I-D.templin-6man-rio-redirect].
8. ICMPv6 Implications
The Internet Control Message Protocol for IPv6 (ICMPv6) includes a
set of control message types [RFC4443] including Destination
Unreachable (DU).
According to [RFC4443], routers SHOULD return DU messages (subject to
rate limiting) with code 0 ("No route to destination") when a packet
arrives for which there is no matching entry in the routing table,
and with code 3 ("Address unreachable") when the IPv6 destination
address cannot be resolved.
According to [RFC4443], hosts SHOULD return DU messages (subject to
rate limiting) with code 3 to internal applications when the IPv6
destination address cannot be resolved, and with code 4 ("Port
unreachable") if the IPv6 destination address is one of its own
addresses but the transport protocol has no listener.
An ES that obtains and manages a prefix delegation per this document
observes the same procedures as described for both routers and hosts
above.
9. IANA Considerations
This document introduces no IANA considerations.
Templin Expires March 26, 2018 [Page 8]
Internet-Draft Prefix Delegation for End Systems September 2017
10. Security Considerations
Security considerations for IPv6 Neighbor Discovery [RFC4861] and any
applicable prefix delegation mechanisms apply to this document.
Additionally, the ES may receive unwanted IPv6 packets via an
upstream interface that match a delegated prefix but do not match a
configured IPv6 address. In that case, the ES drops the packets and
observes the "Destination Unreachable - Address unreachable"
procedures in Section 8.
The ES may also receive IPv6 packets via an upstream interface that
do not match any of the ES's delegated prefixes. In that case, the
ES drops the packets and observes the "Destination Unreachable - No
route to destination" procedures in Section 8. This is necessary to
avoid reflection attacks that would cause the ES to forward packets
received from an upstream interface via the same or a different
upstream interface.
11. Acknowledgements
This work was motivated by recent discussions on the v6ops list.
Mark Smith pointed out the need to consider MLD as well as DAD for
the assignment of addresses to interfaces. Ricardo Pelaez-Negro,
Edwin Cordeiro, Fred Baker, Naveen Lakshman, Ole Troan, Bob Hinden,
Brian Carpenter, Joel Halpern and Albert Manfredi provided useful
comments that have greatly improved the document.
12. References
12.1. Normative References
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
DOI 10.17487/RFC0791, September 1981,
<https://www.rfc-editor.org/info/rfc791>.
[RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins,
C., and M. Carney, "Dynamic Host Configuration Protocol
for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July
2003, <https://www.rfc-editor.org/info/rfc3315>.
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
Host Configuration Protocol (DHCP) version 6", RFC 3633,
DOI 10.17487/RFC3633, December 2003,
<https://www.rfc-editor.org/info/rfc3633>.
Templin Expires March 26, 2018 [Page 9]
Internet-Draft Prefix Delegation for End Systems September 2017
[RFC3810] Vida, R., Ed. and L. Costa, Ed., "Multicast Listener
Discovery Version 2 (MLDv2) for IPv6", RFC 3810,
DOI 10.17487/RFC3810, June 2004,
<https://www.rfc-editor.org/info/rfc3810>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification", STD 89,
RFC 4443, DOI 10.17487/RFC4443, March 2006,
<https://www.rfc-editor.org/info/rfc4443>.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
DOI 10.17487/RFC4861, September 2007,
<https://www.rfc-editor.org/info/rfc4861>.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862,
DOI 10.17487/RFC4862, September 2007,
<https://www.rfc-editor.org/info/rfc4862>.
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200,
DOI 10.17487/RFC8200, July 2017,
<https://www.rfc-editor.org/info/rfc8200>.
12.2. Informative References
[I-D.templin-6man-rio-redirect]
Templin, F. and j. woodyatt, "Route Information Options in
IPv6 Neighbor Discovery", draft-templin-6man-rio-
redirect-04 (work in progress), August 2017.
[RFC1122] Braden, R., Ed., "Requirements for Internet Hosts -
Communication Layers", STD 3, RFC 1122,
DOI 10.17487/RFC1122, October 1989,
<https://www.rfc-editor.org/info/rfc1122>.
[RFC7084] Singh, H., Beebee, W., Donley, C., and B. Stark, "Basic
Requirements for IPv6 Customer Edge Routers", RFC 7084,
DOI 10.17487/RFC7084, November 2013,
<https://www.rfc-editor.org/info/rfc7084>.
[RFC7278] Byrne, C., Drown, D., and A. Vizdal, "Extending an IPv6
/64 Prefix from a Third Generation Partnership Project
(3GPP) Mobile Interface to a LAN Link", RFC 7278,
DOI 10.17487/RFC7278, June 2014,
<https://www.rfc-editor.org/info/rfc7278>.
Templin Expires March 26, 2018 [Page 10]
Internet-Draft Prefix Delegation for End Systems September 2017
[RFC7934] Colitti, L., Cerf, V., Cheshire, S., and D. Schinazi,
"Host Address Availability Recommendations", BCP 204,
RFC 7934, DOI 10.17487/RFC7934, July 2016,
<https://www.rfc-editor.org/info/rfc7934>.
[RFC8028] Baker, F. and B. Carpenter, "First-Hop Router Selection by
Hosts in a Multi-Prefix Network", RFC 8028,
DOI 10.17487/RFC8028, November 2016,
<https://www.rfc-editor.org/info/rfc8028>.
Author's Address
Fred L. Templin (editor)
Boeing Research & Technology
P.O. Box 3707
Seattle, WA 98124
USA
Email: fltemplin@acm.org
Templin Expires March 26, 2018 [Page 11]