Distributing Address Selection Policy using DHCPv6
draft-ietf-6man-addr-select-opt-04.txt

Abstract

RFC 3484 defines default address selection mechanisms for IPv6 that allow nodes to select appropriate address when faced with multiple source and/or destination addresses to choose between. The RFC 3484 allowed for the future definition of methods to administratively configure the address selection policy information. This document defines a new DHCPv6 option for such configuration, allowing a site administrator to distribute address selection policy overriding the default address selection parameters and policy table, and thus control the address selection behavior of nodes in their site.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http:/⁠/⁠datatracker.ietf.org/⁠drafts/⁠current/⁠.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on December 31, 2012.

Copyright Notice

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http:/⁠/⁠trustee.ietf.org/⁠license-⁠info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.

1. Introduction

RFC 3484 [RFC3484] describes default algorithms for selecting an address when a node has multiple destination and/or source addresses to choose from by using an address selection policy. In Section 2 of RFC 3484, it is suggested that the default policy table may be administratively configured to suit the specific needs of a site. This specification defines a new DHCPv6 option for such configuration.

Some problems have been identified with the default RFC 3484 address selection policy [RFC5220]. It is unlikely that any default policy will suit all scenarios, and thus mechanisms to control the source address selection policy will be necessary. Requirements for those mechanisms are described in [RFC5221], while solutions are discussed in [I-D.ietf-6man-addr-select-sol] and [I-D.ietf-6man-addr-select-considerations]. Those documents have helped shape the improvements in the default address selection algorithm [I-D.ietf-6man-rfc3484bis] as well as the DHCPv6 option defined in this specification.

1.1. Conventions Used in This Document

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

1.2. Terminology

This document uses the terminology defined in [RFC2460] and the DHCPv6 specification defined in [RFC3315]

2. Address Selection options

The Address Selection option provides the address selection policy table, and some other configuration parameters.

A address selection option contains zero or more policy table options. Multiple policy table options in a Policy Table option constitute a single policy table.

The format of the Address Selection option is given below.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          OPTION_ADDRSEL       |         option-len            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Reserved |A|P|                                               |
   +-+-+-+-+-+-+-+-+     POLICY TABLE OPTIONS                      |
   |                      (variable length)                        |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

              Figure 1: Address Selection option format

option-code:: OPTION_ADDRSEL (TBD).
option-len:: The total length of the Reserved field, A, P flags, and POLICY TABLE OPITONS in octets.
Reserved:: Reserved field. Server MUST set this value to zero and client MUST ignore its content.
A:: Automatic Row Addition flag. This flag toggles the Automatic Row Addition flag at client hosts, which is described in the section 2.1 in RFC 3484 revision [I-D.ietf-6man-rfc3484bis]. If this flag is set to 1, it does not change client host behavior, that is, a client MAY automatically add additional site-specific rows to the policy table. If set to 0, the Automatic Row Addition flag is disabled, and a client MAY NOT automatically add rows to the policy table.
P:: Privacy Preference flag. This flag toggles the Privacy Preference flag at client hosts, which is described in the section 5 in RFC 3484 revision [I-D.ietf-6man-rfc3484bis]. If this flag is set to 1, it does not change client host behavior, that is, a client SHOULD prefer temporary addresses. If set to 0, the Privacy Preference flag is disabled, and a client SHOULD prefer public addresses.
POLICY TABLE OPTIONS:: Zero or more Address Selection Policy Table options described below.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     OPTION_ADDRSEL_TABLE      |         option-len            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    label      |  precedence   |   prefix-len  |               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+               |
   |                                                               |
   |                   prefix   (variable length)                  |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   .                    Prefix Specific options                    .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

         Figure 2: Address Selection Policy Table option format

option-code:: OPTION_ADDRSEL_TABLE (TBD).
option-len:: The total length of the label field, precedence field, prefix-len field, prefix field, and DASP options field in octets.
label:: An 8-bit unsigned integer; this value is used to make a combination of source address prefixes and destination address prefixes.
precedence:: An 8-bit unsigned integer; this value is used for sorting destination addresses.
prefix-len:: An 8-bit unsigned integer; the number of leading bits in the prefix that are valid. The value ranges from 0 to 128.
prefix:: A variable-length field containing an IP address or the prefix of an IP address. An IPv4-mapped address [RFC4291] must be used to represent an IPv4 address as a prefix value. The Prefix should be truncated on the byte boundary. So the length of this field should be between 0 and 16 bytes.
Prefix Specific options:: Options specific to this particular Address Selection Policy option. This includes, but not limited to, zero or one Zone Index option that specify the zone index of the prefix in this option.

The format of the Zone Index option is given below.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      OPTION_ADDRSEL_ZONE        |         option-len          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                          zone-index                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

              Figure 3: Zone Index option format

option-code:: OPTION_ADDRSEL_ZONE (TBD).
option-len:: 4.
zone-index:: The zone-index field is an 32-bit unsigned integer, and used to specify the zone for scoped addresses. The zone-index is defined in RFC 3493 [RFC3493] as 'scope ID'.

3. Appearance of the Address Selection options

The Address Selection options MUST NOT appear in any messages other than the following ones: Solicit, Advertise, Request, Renew, Rebind, Reconfigure, Information-Request, and Reply.

4. Processing the Policy Table option

This section describes how to process received Policy Table option at the DHCPv6 client.

This option's concept is to serve as a hint for a node about how to behave in the network. So, basically, it should be up to the node's administrator how to deal with the received policy information in the way described below.

4.1. Handling of the local policy table

RFC 3484 defines the default policy table. Also, a user is usually able to configure the policy table to satisfy his requirement.

The client implementation SHOULD provide the following choices to the user:

a): It receives distributed policy table, and replaces the existing policy tables with that.
b): It preserves the default policy table, or manually configured policy.

4.2. Handling of the stale policy table

When the information from the DHCP server goes stale, the policy received form the DHCP server should be removed and the default policy should be restored.

The received information can be considered stale in several cases, such as, when the interface goes down, the DHCP server does not respond for a certain amount of time, and the Information Refresh Time is expired.

4.3. Processing multiple received policies

The policy table, and other parameters specified in this document are node-global information by its nature. So, the node cannot use multiple received policies at the same time. In other words, once the received policy from one source is merged with another source, the policy is more or less changed. The policy table is defined as a whole, so the slightest addition/deletion from the policy table brings a change in semantics of the policy.

It also should be noted that, when a node is single-homed and has only one upstream line, adopting a received policy table does not degrade the security level.

Under the above assumptions, how to handle multiple received policies is specified below.

A node MAY use Address Selection options in any of the following two cases:

1:: The Address Selection option is delivered across the only secure, trusted channel.
2:: The Address Selection option delivery is not secured, but the node is single-homed.

In other cases the node MUST NOT use Policy Table options unless the node is specifically configured to do so.

Discussion:: The secure trusted channel does not necessarily mean a prioritized route in the routing table. So, such a situation could happen that the traffic goes through a non-secure, non-trusted channel and the host follows the delivered policy from a secure, truested channel. However, this policy is not for optimization of traffic and resources at the local network and the hosts, but for implementing the network policy to the hosts in the network.

5. Implementation Considerations

The value 'label' is passed as an unsigned integer, but there is no special meaning for the value, that is whether it is a large or small number. It is used to select a preferred source address prefix corresponding to a destination address prefix by matching the same label value within the DHCP message. DHCPv6 clients need to convert this label to a representation specified by each implementation (e.g., string).
Currently, the label and precedence values are defined as 8-bit unsigned integers. In almost all cases, this value will be enough.
The maximum number of address selection rules that may be conveyed in one DHCPv6 message depends on the prefix length of each rule and the maximum DHCPv6 message size defined in RFC 3315. It is possible to carry over 3,000 rules in one DHCPv6 message (maximum UDP message size). However, it should not be expected that DHCP clients, servers and relay agents can handle UDP fragmentation. So, the number of the options and the total size of the options should be taken care of.
Since the number of selection rules could be large, an administrator configuring the policy to be distributed should consider the resulting DHCPv6 message size.

6. Security Considerations

A rogue DHCPv6 server could issue bogus address selection policies to a client. This might lead to incorrect address selection by the client, and the affected packets might be blocked at an outgoing ISP because of ingress filtering. Alternatively, an IPv6 transition mechanism might be preferred over native IPv6, even if it is available. To guard against such attacks, a legitimate DHCPv6 server should be communicated through a secure, trusted channel, such as a channel protected by IPsec, SEND and DHCP authentication, as described in section 21 of RFC 3315,

Another threat is about privacy concern. As in the security consideration section of RFC 3484, at least a part of, the address selection policy stored in a host can be leaked by a packet from a remote host. This issue will not be degraded regardless of the introduction of this option, or regardless of whether the host is multihomed or not.

7. IANA Considerations

IANA is requested to assign option codes to OPTION_ADDRSEL , OPTION_ADDRSEL_TABLE, and OPTION_ADDRSEL_ZONE from the option-code space as defined in section "DHCPv6 Options" of RFC 3315.

8. References

8.1. Normative References

[RFC2119]	Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315]	Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C. and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3484]	Draves, R., "Default Address Selection for Internet Protocol version 6 (IPv6)", RFC 3484, February 2003.
[I-D.ietf-6man-rfc3484bis]	Thaler, D, Draves, R, Matsumoto, A and T Chown, "Default Address Selection for Internet Protocol version 6 (IPv6)", Internet-Draft draft-ietf-6man-rfc3484bis-01, March 2012.
[I-D.ietf-6man-stable-privacy-addresses]	Gont, F, "A method for Generating Stable Privacy-Enhanced Addresses with IPv6 Stateless Address Autoconfiguration (SLAAC)", Internet-Draft draft-ietf-6man-stable-privacy-addresses-00, May 2012.

8.2. Informative References

[I-D.ietf-6man-addr-select-considerations]	Chown, T and A Matsumoto, "Considerations for IPv6 Address Selection Policy Changes", Internet-Draft draft-ietf-6man-addr-select-considerations-04, October 2011.
[RFC2460]	Deering, S.E. and R.M. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998.
[RFC3493]	Gilligan, R., Thomson, S., Bound, J., McCann, J. and W. Stevens, "Basic Socket Interface Extensions for IPv6", RFC 3493, February 2003.
[RFC4291]	Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006.
[RFC4941]	Narten, T., Draves, R. and S. Krishnan, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", RFC 4941, September 2007.
[RFC5220]	Matsumoto, A., Fujisaki, T., Hiromi, R. and K. Kanayama, "Problem Statement for Default Address Selection in Multi-Prefix Environments: Operational Issues of RFC 3484 Default Rules", RFC 5220, July 2008.
[RFC5221]	Matsumoto, A., Fujisaki, T., Hiromi, R. and K. Kanayama, "Requirements for Address Selection Mechanisms", RFC 5221, July 2008.
[I-D.ietf-6man-addr-select-sol]	Matsumoto, A, Fujisaki, T and R Hiromi, "Solution approaches for address-selection problems", Internet-Draft draft-ietf-6man-addr-select-sol-03, March 2010.

Appendix A. Past Discussion

The 'zone index' value is used to specify a particular zone for scoped addresses. This can be used effectively to control address selection in the site scope (e.g., to tell a node to use a specified source address corresponding to a site-scoped multicast address). However, in some cases such as a link-local scope address, the value specifying one zone is only meaningful locally within that node. There might be some cases where the administrator knows which clients are on the network and wants specific interfaces to be used though. However, in general case, it is hard to use this value.
Since we got a comment that some implementations use 32-bit integers for zone index value, we extended the bit length of the 'zone index' field. However, as described above, there might be few cases to specify 'zone index' in policy distribution, we defined this field as optional, controlled by a flag.
There may be some demands to control the use of special address types such as the temporary addresses described in RFC4941 [RFC4941], address assigned by DHCPv6 and so on. (e.g., informing not to use a temporary address when it communicate within the an organization's network). It is possible to indicate the type of addresses using reserved field value.

Authors' Addresses

Arifumi Matsumoto NTT SI Lab 3-9-11 Midori-Cho Musashino-shi, Tokyo 180-8585 Japan Phone: +81 422 59 3334 EMail: arifumi@nttv6.net

Tomohiro Fujisaki NTT PF Lab 3-9-11 Midori-Cho Musashino-shi, Tokyo 180-8585 Japan Phone: +81 422 59 7351 EMail: fujisaki@nttv6.net

Jun-ya Kato NTT SI Lab 3-9-11 Midori-Cho Musashino-shi, Tokyo 180-8585 Japan Phone: +81 422 59 2939 EMail: kato@syce.net

Tim Chown University of Southampton Southampton, Hampshire SO17 1BJ United Kingdom EMail: tjc@ecs.soton.ac.uk

1. Introduction
1.1. Conventions Used in This Document
1.2. Terminology
2. Address Selection options
3. Appearance of the Address Selection options
4. Processing the Policy Table option
4.1. Handling of the local policy table
4.2. Handling of the stale policy table
4.3. Processing multiple received policies
5. Implementation Considerations
6. Security Considerations
7. IANA Considerations
8. References
8.1. Normative References
8.2. Informative References
Appendix A. Past Discussion
Authors' Addresses