Network Working Group | F. Templin, Ed. |
Internet-Draft | Boeing Research & Technology |
Intended status: Informational | September 22, 2017 |
Expires: March 26, 2018 |
IPv6 Prefix Delegation for End Systems
draft-templin-v6ops-pdhost-10.txt
IPv6 prefixes are typically delegated to requesting routers which then use them to number their downstream-attached links and networks. This document considers the case when the requesting router is an end system which receives a delegated prefix that it can use for its own sub-delegation and/or multi-addressing purposes.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 26, 2018.
Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
IPv6 Prefix Delegation (PD) entails 1) the communication of a prefix from a delegating router to a requesting router, 2) a representation of the prefix in the delegating router's routing table, and 3) a control messaging service between the delegating and requesting routers to maintain prefix lifetimes. Following delegation, the prefix is available for the requesting router's exclusive use and is not shared with any other nodes. An example IPv6 PD service is the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) [RFC3315][RFC3633].
This document considers the case when the requesting router is actually an end system (ES) that can act as a router on behalf of its downstream networks and as a host on behalf of its local applications. The following paragraphs present possibilities for ES behavior upon receipt of a delegated prefix.
For ESes that connect downstream-attached (aka "tethered") networks, a Delegating Router 'D' delegates a prefix 'P' to a Requesting ES 'R' as shown in Figure 1:
+---------------------+ |Delegating Router 'D'| | (Delegate 'P') | +----------+----------+ | | Upstream link | +----------+----------+ | Upstream Interface | +---------------------+ | | | Requesting ES 'R' | | (Receive 'P') | | | +---------------------+ | Downstream Interface| +--+-+--+-+--+-----+--+ |A1| |A2| |A3| ... |An| +--+-+--+-++-+-----+--+ | | Downstream link | X----+-------------+--------+----+---------------+---X | | | | +---++-+--+ +---++-+--+ +---++-+--+ +---++-+--+ | |X1| | | |X2| | | |X3| | | |Xn| | | +--+ | | +--+ | | +--+ | | +--+ | | Host H1 | | Host H2 | | Host H3 | ... | Host Hn | +---------+ +---------+ +---------+ +---------+ <-------------- Tethered Network ------------->
Figure 1: Classic Routing End System Model
This document also considers the case when 'R' does not have any physical downstream interfaces, and can use 'P' solely for its own internal addressing purposes. In that case, 'R' assigns 'P' to a virtual interface (e.g., a loopback), and acts as a router that forwards packets between the upstream and virtual interfaces.
'R' can then function under the weak end system model [RFC1122][RFC8028] by assigning addresses taken from 'P' to a virtual interface as shown in Figure 2:
+---------------------+ |Delegating Router 'D'| | (Delegate 'P') | +----------+----------+ | | Upstream link | +----------+----------+ | Upstream Interface | +---------------------+ | | | Requesting ES 'R' | | (Receive 'P') | | | +---------------------+ | Virtual Interface | +--+-+--+-+--+-----+--+ |A1| |A2| |A3| ... |An| +--+-+--+-+--+-----+--+
Figure 2: Weak End System Model
'R' could instead function under the strong end system model [RFC1122][RFC8028] by assigning IPv6 addresses taken from 'P' to an upstream interface as shown in Figure 3:
+---------------------+ |Delegating Router 'D'| | (Delegate 'P') | +----------+----------+ | | Upstream link | +----------+----------+ | Upstream Interface | +--+-+--+-+--+-----+--+ |A1| |A2| |A3| ... |An| +--+-+--+-+--+-----+--+ | | | Requesting ES 'R' | | (Receive 'P') | | | +---------------------+ | Virtual Interface | +---------------------+
Figure 3: Strong End System Model
The following sections present considerations for ESes that employ prefix delegation mechanisms.
The terminology of the normative references apply. The following terms are defined for the purposes of this document:
IPv6 allows nodes to assign multiple addresses to a single interface. [RFC7934] discusses options for multi-addressing as well as use cases where multi-addressing may be desirable. Address configuration options for multi-addressing include StateLess Address AutoConfiguration (SLAAC) [RFC4862], stateful DHCPv6 address configuration [RFC3315], manual configuration, etc.
ESes configure addresses from a shared or individual prefix and assign them to the upstream interface over which the prefix was received. When it assigns the addresses, the ES is required to use Multicast Listener Discovery (MLD) [RFC3810] to join the appropriate solicited-node multicast group(s) and to use the Duplicate Address Detection (DAD) algorithm [RFC4862] to ensure that no other node configures a duplicate address.
In contrast, an ES that uses address configuration from a delegated prefix can assign addresses without invoking MLD/DAD on an upstream interface, since the prefix has been delegated to the ES for its own exclusive use and is not shared with any other nodes.
When an ES receives a prefix delegation, it has many alternatives for provisioning the prefix. [RFC7278] discusses alternatives for provisioning a prefix obtained by a User Equipment (UE) device under the 3rd Generation Partnership Program (3GPP) service model. This document considers the more general case when the ES receives a prefix delegation in which the prefix is explicitly delegated for its own exclusive use.
When the ES receives the prefix, it can distribute the prefix to downstream interfaces and configure one or more addresses for itself on downstream interfaces. The ES then acts as a router on behalf of its downstream-attached networks and configures a default route via a neighbor on an upstream interface.
The ES could instead (or in addition) use portions of the delegated prefix for its own multi-addressing purposes. In a first alternative, the ES can assign the prefix to a virtual interface and assign one or more addresses taken from the prefix to virtual interfaces. In that case, ES applications can use the assigned addresses according to the weak end system model.
In a second alternative, the ES can assign the prefix to a virtual interface and assign one or more addresses taken from the prefix to the upstream interface over which the prefix was received. In that case, ES applications can use the assigned addresses according to the strong end system model.
In both of these latter two cases, the ES acts as a host on behalf of its local applications and as a router from the standpoint of packet forwarding, prefix delegation and neighbor discovery over upstream interfaces. The ES can configure as many addresses for itself as it wants.
When an ES configures addresses for itself from a shared or individual prefix, the ES performs MLD/DAD by sending multicast messages over upstream interfaces to test whether there is another node on the link that configures a duplicate address. When there are many such addresses and/or many such nodes, this could result in substantial multicast traffic that affects all nodes on the link.
When an ES configures addresses for itself from a delegated prefix, the ES can configure as many addresses as it wants but does not perform MLD/DAD for any of the addresses over upstream interfaces. This means that the ES can configure arbitrarily many addresses without causing any multicast messaging over the upstream interface that could disturb other nodes.
The ES can be configured to either participate or not participate in a dynamic routing protocol over the upstream interface, according to the deployment model. When there are many ESes on the upstream link, dynamic routing protocol participation might be impractical due to scaling limitations, and may also be exacerbated by factors such as ES mobility.
Unless it participates in a dynamic routing protocol, the ES initially has only a default route pointing to a neighbor via an upstream interface. This means that packets sent by the ES over an upstream interface will initially go through a default router even if there is a better first-hop node on the link.
The ES acts as a simple host to send Router Solicitation (RS) messages over upstream interfaces (i.e., the same as described in Section 4.2 of [RFC7084]) but also sets the "Router" flag to TRUE in any Neighbor Advertisement messages it sends. The ES does not send RA messages over upstream interfaces.
The current first-hop router may send a Redirect message that updates the ES's neighbor cache so that future packets can use a better first-hop node on the link. The Redirect can apply either to a singleton destination address, or to an entire destination prefix as described in [I-D.templin-6man-rio-redirect].
The Internet Control Message Protocol for IPv6 (ICMPv6) includes a set of control message types [RFC4443] including Destination Unreachable (DU).
According to [RFC4443], routers SHOULD return DU messages (subject to rate limiting) with code 0 ("No route to destination") when a packet arrives for which there is no matching entry in the routing table, and with code 3 ("Address unreachable") when the IPv6 destination address cannot be resolved.
According to [RFC4443], hosts SHOULD return DU messages (subject to rate limiting) with code 3 to internal applications when the IPv6 destination address cannot be resolved, and with code 4 ("Port unreachable") if the IPv6 destination address is one of its own addresses but the transport protocol has no listener.
An ES that obtains and manages a prefix delegation per this document observes the same procedures as described for both routers and hosts above.
This document introduces no IANA considerations.
Security considerations for IPv6 Neighbor Discovery [RFC4861] and any applicable prefix delegation mechanisms apply to this document.
Additionally, the ES may receive unwanted IPv6 packets via an upstream interface that match a delegated prefix but do not match a configured IPv6 address. In that case, the ES drops the packets and observes the "Destination Unreachable - Address unreachable" procedures in Section 8.
The ES may also receive IPv6 packets via an upstream interface that do not match any of the ES's delegated prefixes. In that case, the ES drops the packets and observes the "Destination Unreachable - No route to destination" procedures in Section 8. This is necessary to avoid reflection attacks that would cause the ES to forward packets received from an upstream interface via the same or a different upstream interface.
This work was motivated by recent discussions on the v6ops list. Mark Smith pointed out the need to consider MLD as well as DAD for the assignment of addresses to interfaces. Ricardo Pelaez-Negro, Edwin Cordeiro, Fred Baker, Naveen Lakshman, Ole Troan, Bob Hinden, Brian Carpenter, Joel Halpern and Albert Manfredi provided useful comments that have greatly improved the document.
[I-D.templin-6man-rio-redirect] | Templin, F. and j. woodyatt, "Route Information Options in IPv6 Neighbor Discovery", Internet-Draft draft-templin-6man-rio-redirect-04, August 2017. |
[RFC1122] | Braden, R., "Requirements for Internet Hosts - Communication Layers", STD 3, RFC 1122, DOI 10.17487/RFC1122, October 1989. |
[RFC7084] | Singh, H., Beebee, W., Donley, C. and B. Stark, "Basic Requirements for IPv6 Customer Edge Routers", RFC 7084, DOI 10.17487/RFC7084, November 2013. |
[RFC7278] | Byrne, C., Drown, D. and A. Vizdal, "Extending an IPv6 /64 Prefix from a Third Generation Partnership Project (3GPP) Mobile Interface to a LAN Link", RFC 7278, DOI 10.17487/RFC7278, June 2014. |
[RFC7934] | Colitti, L., Cerf, V., Cheshire, S. and D. Schinazi, "Host Address Availability Recommendations", BCP 204, RFC 7934, DOI 10.17487/RFC7934, July 2016. |
[RFC8028] | Baker, F. and B. Carpenter, "First-Hop Router Selection by Hosts in a Multi-Prefix Network", RFC 8028, DOI 10.17487/RFC8028, November 2016. |