Internet DRAFT - draft-farmer-6man-routing-64
draft-farmer-6man-routing-64
6man Working Group D. Farmer
Internet-Draft Univ. of Minnesota
Updates: 4291 (if approved) January 6, 2019
Intended status: Standards Track
Expires: July 10, 2019
IPv6 Routing and its Relationship to
the 64-bit Boundary in the IPv6 Addressing Architecture
draft-farmer-6man-routing-64-02
Abstract
There is a common misconception that the IPv6 Addressing Architecture
requires the use of only /64 subnet prefixes for subnet routing.
This document clarifies the characterization of the relationship
between IPv6 routing and the 64 bit boundary, which is that of a
recommendation for the use of /64 subnet prefixes for subnet routing
in most circumstances, not a requirement for such. To further
clarify this relationship, the document also provides operational
guidance for the configuration of subnet prefixes and updates
RFC 4291 accordingly.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 10, 2019.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
Farmer Expires July 10, 2019 [Page 1]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Two Forms of Subnet Prefixes and Interface Identifiers . 3
2.2. How the Two Forms are Used . . . . . . . . . . . . . . . 6
2.3. Conclusion . . . . . . . . . . . . . . . . . . . . . . . 8
3. Updates to RFC 4291 . . . . . . . . . . . . . . . . . . . . . 9
4. Operational Guidance for the Configuration of Subnet Prefixes 9
4.1. Subnet Prefixes Other Than /64 . . . . . . . . . . . . . 11
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
6. Security Considerations . . . . . . . . . . . . . . . . . . . 12
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12
8. Change log [RFC Editor: Please remove] . . . . . . . . . . . 13
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
9.1. Normative References . . . . . . . . . . . . . . . . . . 13
9.2. Informative References . . . . . . . . . . . . . . . . . 15
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction
The IPv6 Addressing Architecture [RFC4291] defines the relationship
between subnet prefixes and interface identifiers. Furthermore, it
effectively defines two forms of subnet prefixes and interface
identifiers, a general form and a standard form of each, and an
additional third form of interface identifiers, the Modified EUI-64
format.
In their general form subnet prefixes have any length 0 to 128 bits,
inclusive, and interface identifiers are independent of any specific
length. IPv6 routing is based on these general forms, including both
subnet routing and on-link determination.
When the IPv6 Addressing Architecture also defines interface
identifiers as being 64 bits in length, and historically constructed
in Modified EUI 64 format, it is effectively creating a distinct
standard form of interface identifiers. Which also creates a
distinct standard form of subnet prefixes that are 64 bits in length
as well. Autonomous address-configuration and most other aspects of
the IPv6 specifications assume or depend on these standard forms.
Farmer Expires July 10, 2019 [Page 2]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
Additionally, most unicast addresses are intended to be formatted and
assigned based on these standard forms.
These two forms of subnet prefixes and interface identifiers are
currently not sufficiently distinguished in the IPv6 Addressing
Architecture allowing them to be confused and conflated, creating the
common misconception that it requires the use of only /64 subnet
prefixes for subnet routing. This confusion is compounded by a lack
of definitive operational guidance for the configuration of subnet
prefixes that would further clarify the controversy.
Although /64 subnet prefixes are required for autonomous address-
configuration and are most often configured for subnet routing, any
length subnet prefixes, 0 to 128 bits, inclusive, are valid for IPv6
routing, including both subnet routing and on-link determination.
Nevertheless, for consistency with the 64 bit boundary and most other
aspects of the IPv6 specifications, /64 subnet prefixes are
recommended for subnet routing in most circumstances.
This document clarifies the characterization of the relationship
between IPv6 routing and the 64-bit boundary, which is that of a
recommendation for the use of /64 subnet prefixes for subnet routing
in most circumstances, not a requirement for such. To further
clarify this relationship, the document also provides operational
guidance for the configuration of subnet prefixes and updates
RFC 4291 accordingly.
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2. Discussion
2.1. Two Forms of Subnet Prefixes and Interface Identifiers
The IPv6 Addressing Architecture [RFC4291], Section 2.5, paragraph 4,
and the diagram following it, define the structure of IPv6 unicast
addresses and the relationship between the general form of subnet
prefixes and interface identifiers. With the diagram implying at
least in this general form, that subnet prefixes have any length
between 0 and a 128 bits, inclusive. Further, it implies that the
general form of interface identifiers are independent of any specific
length and are defined only by the length of their associated subnet
prefix.
Farmer Expires July 10, 2019 [Page 3]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
A slightly sophisticated host (but still rather simple) may
additionally be aware of subnet prefix(es) for the link(s) it is
attached to, where different addresses may have different values
for n:
| n bits | 128-n bits |
+------------------------------+-------------------------------+
| subnet prefix | interface ID |
+------------------------------+-------------------------------+
The idea that this paragraph is referring to a general form of subnet
prefixes and interface identifiers and they are independent of any
specific length is reinforced by the fact this text is unchanged from
the text in [RFC1884], Section 2.4. Where in this earlier revision
of the IPv6 Addressing Architecture, 48-bit interface identifiers
were expected to be common.
The IPv6 Addressing Architecture [RFC4291], Section 2.5.1, goes on to
further define additional properties of the general form of interface
identifiers, that are independent of any specific length. Simply
put, in their general form interface identifiers are the right-hand
portion of IPv6 unicast addresses that uniquely identifies the
interface of a node within a subnet prefix on a link, regardless of
the length of the subnet prefix, which in turn are the left-hand
portion of IPv6 unicast addresses.
Interface identifiers in IPv6 unicast addresses are used to
identify interfaces on a link. They are required to be unique
within a subnet prefix. It is recommended that the same interface
identifier not be assigned to different nodes on a link. They may
also be unique over a broader scope. In some cases, an
interface's identifier will be derived directly from that
interface's link-layer address. The same interface identifier may
be used on multiple interfaces on a single node, as long as they
are attached to different subnets.
Note that the uniqueness of interface identifiers is independent
of the uniqueness of IPv6 addresses. For example, a Global
Unicast address may be created with a local scope interface
identifier and a Link-Local address may be created with a
universal scope interface identifier.
However, when the IPv6 Addressing Architecture [RFC4291],
Section 2.5.1, paragraph 3, defines the length of interface
identifiers as 64 bits, it is also effectively creating a distinct
standard form of interface identifiers, differentiated from the
general form which is independent of any specific length.
Farmer Expires July 10, 2019 [Page 4]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
For all unicast addresses, except those that start with the binary
value 000, Interface IDs are required to be 64 bits long and to be
constructed in Modified EUI-64 format.
[RFC7136] updates and [RFC8064] effectively deprecates the
requirement that interface identifiers are constructed in Modified
EUI-64 format. However, the original RFC 4291 version of the text is
quoted above as it helps to explain and develop the idea that a
distinct standard form of interface identifiers is being created as
opposed to merely defining additional properties of all interface
identifiers in general.
Several of the paragraphs following the above, discuss the details of
"Modified EUI-64 format-based interface identifiers", seeming to
imply that not all interface identifiers are in this format and
distinguishing them from not only general form interface identifiers
but even from other standard form interface identifiers that are 64
bits in length.
Furthermore, the IPv6 Addressing Architecture [RFC4291],
Section 2.5.4, paragraph 2, itself effectively distinguishes between
the standard and general forms of interface identifiers based on if
the unicast address starts with the binary value 000.
All Global Unicast addresses other than those that start with
binary 000 have a 64-bit interface ID field (i.e., n + m = 64),
formatted as described in Section 2.5.1. Global Unicast addresses
that start with binary 000 have no such constraint on the size or
structure of the interface ID field.
Based on the above, the idea that a 64-bit length and the Modified
EUI-64 format are fundamental properties of all interface identifiers
in general, seems like a stretch and a more logical interpretation is
that interface identifiers come in multiple forms, most with a
standard 64-bit length, many more specifically in Modified EUI-64
format, and others are independent of any specific length. This
interpretation, at least as it applies to the Modified EUI-64 format,
is consistent with the updates in [RFC7136].
Thus, when the IPv6 Addressing Architecture defines interface
identifiers as being 64 bits in length, it is effectively creating a
distinct standard form of interface identifiers differentiated from
the general form of interface identifiers which are independent of
any specific length.
Farmer Expires July 10, 2019 [Page 5]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
Finally, as a result of the tightly coupled relationship between
subnet prefixes and interface identifiers, creating a standard form
of interface identifiers also implies the creation of a standard form
of subnet prefixes that are also 64 bits in length.
2.2. How the Two Forms are Used
Many aspects of the IPv6 specifications are based or assume on these
standard form of subnet prefixes and interface identifiers. Most
notably, Stateless Address Autoconfiguration (SLAAC) [RFC4862] which
autonomously configures IPv6 addresses that are constructed by
generating standard form interface identifiers that are combined with
standard form subnet prefixes. These subnet prefixes are advertised
by routers and are learned by hosts through IPv6 ND RA messages
containing PIOs with the autonomous address-configuration (A) flag
set.
As discussed in SLAAC [RFC4862], Section 5.5.3, bullet d, PIOs with
the A flag set are validated against a single interface identifier
length. However, SLAAC itself does not define the interface
identifier length used or assume it is 64 bits in length. SLAAC
utilizes the interface identifier length defined in separate
link-type specific documents that are intended to be consistent with
the standard form interface identifier specified in the IPv6
Addressing Architecture.
If the sum of the prefix length and interface identifier length
does not equal 128 bits, the Prefix Information option MUST be
ignored. An implementation MAY wish to log a system management
error in this case. The length of the interface identifier is
defined in a separate link-type specific document, which should
also be consistent with the address architecture...
Furthermore, there are currently no IPv6 link-type specific documents
that specify an interface identifier length other than 64 bits.
Therefore, SLAAC effectively requires standard form interface
identifiers that are 64 bits in length, reinforcing the idea that
autonomous address-configuration is based on standard form subnet
prefixes and interface identifiers.
Beyond SLAAC, [RFC7421], Section 4.1, lists many other aspects of the
IPv6 specifications that assume or depend on the standard form of
subnet prefixes and interface identifiers. Furthermore, the IPv6
Addressing Architecture itself intends that most unicast addresses
and all Link-Local addresses are formatted and assigned based on
these standard forms of subnet prefixes and interface identifiers.
Finally, a rationale for using a single standard form interface
identifier length is also provided in RFC 7421, Section 2.
Farmer Expires July 10, 2019 [Page 6]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
However, as discussed in IPv6 ND [RFC4861], Section 5.2, and further
clarified in the IPv6 Subnet Model [RFC5942], subnet routing and
on-link determination depend on the general form subnet prefixes to
determine the addresses that are deliverable using a node's attached
interfaces. These subnet prefixes are normally advertised by routers
and learned by hosts through ND RA messages containing PIOs but with
the on-link (L) flag set, or through the manual configuration of
on-link prefixes directly on hosts and routers.
Although unlike SLAAC that validates PIOs with the A flag set, as
discussed in IPv6 ND [RFC4861], Section 6.3.4, PIOs with the L flag
set, or manually configured on-link prefixes, are not validated
against any particular subnet prefix length or interface identifier
length.
...[SLAAC] may impose certain restrictions on the prefix length
for address configuration purposes. Therefore, the prefix might
be rejected by [the SLAAC] implementation in the host. However,
the prefix length is still valid for on-link determination when
combined with other flags in the prefix option.
The fact that PIOs with the L flag set are not validated is confirmed
by SLAAC [RFC4862], Section 5.5.3, bullet d, where it says;
It should be noted, however, that this does not mean the
advertised prefix length is meaningless. In fact, the advertised
length has non-trivial meaning for on-link determination in
[IPv6 ND]...
Therefore, these subnet prefixes have any length 0 to 128 bits,
inclusive, reinforcing the idea that subnet routing and on-link
determination are based on the general form of subnet prefixes. This
idea is also discussed in the IPv6 Addressing Architecture [RFC4291],
Section 2.5, paragraph 1, itself, which says;
IPv6 unicast addresses are aggregatable with prefixes of arbitrary
bit-length, similar to IPv4 addresses under Classless Inter-Domain
Routing.
And, this idea is further reinforced and clarified by BCP 198
[RFC7608] which says;
Decision-making processes for forwarding MUST NOT restrict the
length of IPv6 prefixes by design. In particular, forwarding
processes MUST be designed to process prefixes of any length up to
/128, by increments of 1.
Farmer Expires July 10, 2019 [Page 7]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
2.3. Conclusion
As discussed above in Section 2.2 on-link determination and
autonomous address-configuration are logically separate functions in
IPv6, that are specified in separate documents, IPv6 ND and SLAAC
respectively, each with distinct and seemingly contradictory notions
about the length of subnet prefixes. It is tempting to try to
resolve this contradiction by applying the IPv6 Addressing
Architecture's requirement for the use of 64-bit interface
identifiers to subnet routing and on-link determination. However,
this requirement as implemented in the IPv6 protocol specifications
does not directly apply to IPv6 routing, including subnet routing and
on-link determination, and is inconsistent with not only statements
in IPv6 ND, but in both SLAAC and the IPv6 Addressing Architecture
themselves, as well as BCP 198, all quoted above in Section 2.2.
Notwithstanding the above and despite the fact that IPv6 routing,
including both subnet routing and on-link determination, is based on
the general form of subnet prefixes, with any length 0 to 128 bits,
inclusive, being valid, most other aspects of the IPv6
specifications, especially SLAAC, assume or depend on the standard
form of subnet prefixes and interface identifiers, both 64 bits in
length. As a consequence, when standard form subnet prefixes are not
also configured for subnet routing, there is a risk some IPv6
features will produce unpredictable results and others will not work
outright. [RFC7421], Section 4.2, discusses some of these
situations.
Therefore, for consistency with the 64-bit boundary and most other
aspects of the IPv6 specifications, but despite the requirement for
64-bit interface identifiers not directly applying, standard form
subnet prefixes, that is /64 subnet prefixes, are RECOMMENDED for
subnet routing in most circumstances. The formal exceptions to this
recommendation are subnet prefixes that begin with the binary value
000 and inter-router point-to-point links with 127-bit prefixes
[RFC6164].
In conclusion, the proper characterization of the relationship
between IPv6 routing and the 64-bit boundary in the IPv6 Addressing
Architecture is that of a recommendation for the use of /64 subnet
prefixes for subnet routing in most circumstances, not a requirement
for such. To further clarify this relationship, the remainder of
this document updates RFC 4291 based on this discussion and provides
operational guidance for the configuration of subnet prefixes
consistent with this recommendation.
Farmer Expires July 10, 2019 [Page 8]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
3. Updates to RFC 4291
Based on the discussion in Section 2, the IPv6 Addressing
Architecture [RFC4291], Section 2.5.1, paragraph 3, is updated by
replacing it with the following;
Standard Interface Identifiers are REQUIRED to be 64 bits long
except if the first three bits of the unicast address are 000.
The rationale for using for a single Standard Interface Identifier
length can be found in [RFC7421]. The Standard Interface
Identifier length only implies a recommendation as to the subnet
prefix lengths that are valid for routing in most circumstances.
The term "Interface IDs" has been changed to "Standard Interface
Identifiers" to distinguish the standard form of interface
identifiers from the general form that is independent of any specific
length, per [RFC8064] the requirement that standard form interface
identifiers are constructed in Modified EUI-64 format has been
removed, and the sentence has also been rearranged. Two additional
sentences have been added to the paragraph; the first, referring to
RFC 7421 for the rationale for using a single Standard Interface
Identifier length, and the second, clarifying the relationship
between IPv6 routing and the 64-bit boundary without removing the
requirement for other aspects of IPv6, especially SLAAC, to use
64-bit interface identifiers.
4. Operational Guidance for the Configuration of Subnet Prefixes
Unlike IPv4 where there is a single subnet mask parameter configured
both on hosts and routers, with the two aspects of a subnet, address
assignment and on-link determination, tightly coupled together; in
IPv6 these two aspects of a subnet are split into two independent
parameters that are configured together or separately and normally
only configured on routers. These two parameters are defined and
discussed in detail by IPv6 ND [RFC4861] and further clarified in the
IPv6 Subnet Model [RFC5942]. Briefly, as discussed in Section 2.2,
these two parameters are normally advertised by routers and learned
by hosts through IPv6 ND RA messages containing PIOs with, either or
both, the autonomous address-configuration (A) flag or the on-link
(L) flag set, or through the manual configuration of on-link prefixes
directly on hosts. This Section provides operational guidance for
the configuration of these parameters by both means.
As discussed in the IPv6 Node Requirements [RFC6434], Section 5.9,
all hosts are required to support SLAAC for the configuration of IPv6
unicast addresses, whereas hosts are not required to support other
mechanisms, such as the Dynamic Host Configuration Protocol for IPv6
(DHCPv6) [RFC8415] or even manual configuration. As a consequence,
Farmer Expires July 10, 2019 [Page 9]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
unless IPv6 ND RA messages containing a PIO with the A flag set are
advertised on a link, it is possible that some hosts will not be able
to configure an IPv6 address for that link, other than a Link-Local
address, additional consequences for the security and privacy of IPv6
users are discussed in Section 6. Further, the most efficient way
for two hosts in the same subnet to communicate is directly between
each other on the common link between them, or in other words
on-link. Finally, as discussed in Section 2.2 and 2.3, /64 subnet
prefixes are required for SLAAC and recommended for subnet routing
and on-link determination in most circumstances.
Therefore, routers SHOULD be configured to send IPv6 ND RA messages
containing at least one /64 PIO with both the A and L flags set on
each of a router's links. Unless it is known that all host connected
to a link support an IPv6 address configuration mechanism other than
SLAAC and that mechanism has been configured for each host or direct
communication between hosts on the same subnet is not desired.
More operationally, when configuring these two parameters on a
router, /64 PIOs are REQUIRED for all PIOs with the A flag set.
Furthermore, /64 PIOs with both the A and L flags set are
RECOMMENDED. Finally, /64 PIOs are RECOMMENDED for all PIOs with the
L flag set and /64 on-link prefixes are RECOMMENDED when manually
configured on hosts and routers, except for subnet prefixes that
begin with the binary value 000 and inter-router point-to-point links
with 127-bit prefixes [RFC6164].
Note: Typically when manually configuring an address on a host an
on-link prefix length may also be included. If not included, or
possibly if the prefix length is /128, this effectively signifies
that only an address is being manually configured on the interface
and no on-link prefix has been configured for the interface.
As recommended above, /64 PIOs with both the A and L flags set are
most often configured in practice; this is the default behavior for
many routers. However, /64 PIOs with only the A or L flag set, or
the manual configuration of /64 on-link prefixes on hosts, are
consistent with the IPv6 Addressing Architecture and they simply
represent different configuration options for /64 subnet prefixes.
While these options are not as frequently used, they are still valid
configurations, and their use is considered normal practice under the
proper circumstances. If the A flag is not set, this means, SLAAC is
not used to configure addresses for hosts on the subnet. If the L
flag is not set, this means, none of the addresses for the subnet are
on-link from a hosts perspective and traffic is not sent directly to
other hosts, but all traffic is sent to a router first. Finally, if
hosts are manually configured with on-link prefixes, then a router is
not required on the link, at least for configuration purposes.
Farmer Expires July 10, 2019 [Page 10]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
Note: regardless if a router advertises a PIO, with the A or L
flags set, the router itself MUST be configured with the on-link
prefixes for all subnets on all the links it is connected to, this
could be via manual configuration or another mechanism. Two, or
more, routers connected to the same link could have the same PIO
with different flags set, each PIO is evaluated separately for
each function, therefore effectively the sum of the flags across
all identical PIOs are used. Finally, a router MAY send an ND
Redirect message for an address for which a PIO with the L flag
set has not been advertised, any subsequent traffic for that
address will be sent directly to that host instead of the router
first.
4.1. Subnet Prefixes Other Than /64
In most circumstances, the use of subnet prefixes other than /64 are
inconsistent with the IPv6 Addressing Architecture, are generally
considered bad practice, and are NOT RECOMMENDED. Furthermore,
subnet prefixes other than /64 MUST NOT be used unless it is known
that all nodes on a link do not need any IPv6 features that depend on
/64 subnet prefixes or 64-bit Standard Interface Identifiers.
[RFC7421], Section 4.1, provides a non-exhaustive list of IPv6
features that depend on 64-bit Standard Interface Identifiers.
[RFC5375], Appendix B, discusses considerations for the use of subnet
prefixes other than /64, although some of the advice has been
obsoleted by [RFC6164] and [RFC7136].
Using subnet prefixes other than /64 for links servicing general-
purpose end hosts seems like an especially bad idea, it is usually
difficult to predict what IPv6 features such hosts will need,
especially their future needs. Therefore it seems doubtful the above
conditions can be met for such hosts. Whereas more tightly-
controlled infrastructure such as routers or special-purpose servers
can have their needs better understood, and while still not
recommended, it seems plausible that the above conditions could be
met in their case.
Again more operationally, the configuration of PIOs of any length
other than /64, or the manual configuration of on-link prefixes other
than /64, are NOT RECOMMENDED except for subnet prefixes that begin
with the binary value 000 and inter-router point-to-point links with
127-bit prefixes [RFC6164]. Furthermore, PIOs of any length other
than /64 with the A flag set are invalid and a configuration error,
they will not result in the auto-configuration of an address. PIOs
of any length other than /64 with the L flag set, or the manual
configuration of on-link prefixes of any length other than /64, while
they are NOT RECOMMENDED in most circumstances, they are still valid
for routing.
Farmer Expires July 10, 2019 [Page 11]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
Note: the combination a PIO of /65 or longer with the L flag set
and a covering /64 PIO with only the A flag set, configures a /64
subnet prefix but with only part of the subnet considered on-link
and the rest of the subnet not considered on-link. This
particular configuration, while technically valid, can be
operationally challenging and problematic. With this
configuration a host on the same link and subnet could behave
differently from another host on the same link and subnet, this
can be confusing and difficult to troubleshoot. Therefore in
practice, this configuration is best avoided.
5. IANA Considerations
This document includes no request to IANA.
6. Security Considerations
This document clarifies the relationship between IPv6 routing and the
64-bit boundary in the IPv6 Addressing Architecture. Further, it
provides operational guidance for the configuration of subnet
prefixes. This guidance and the clarifications provided are not
expected to introduce any new security considerations.
However, if there are not IPv6 ND RA messages advertised with at
least one /64 PIO with the A flag set on each link network, several
techniques that are intended to increase the security and privacy of
IPv6 users will be impacted negatively, specifically [RFC3972],
[RFC4941], and [RFC7217]. These techniques require the use of SLAAC,
hence the recommendation to configure /64 PIOs with the A flag set in
most circumstance. Further, the use of subnet prefixes longer than
/64 effectively creates smaller subnets making it more feasible to
perform IPv6 address scans. These and other related security and
privacy considerations are discussed in [RFC7707] and [RFC7721].
Nevertheless, the use of smaller subnets can provide effective
mitigation for neighbor cache exhaustion issues as discussed in
[RFC6164] and [RFC6583]. The relative weights applied in these
trade-offs will vary from situation to situation.
7. Acknowledgments
This document was inspired by a series of discussions on the 6MAN and
the V6OPS working group mailing lists over several years, including
discussions around the following; [RFC7421], BCP 198 [RFC7608],
[I-D.jinmei-6man-prefix-clarify], [I-D.bourbaki-6man-classless-ipv6],
[I-D.jaeggli-v6ops-indefensible-nd], and
[I-D.farmer-6man-exceptions-64]. All revolving around the discussion
of [RFC4291bis] and its advancement to Internet Standard.
Farmer Expires July 10, 2019 [Page 12]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
The author would like to thank Tatuya Jinmei and Ole Troan for
particularly useful comments on and discussion of
[I-D.farmer-6man-exceptions-64] that directly inspired the creation
of this document.
The author would like to thank the following, in alphabetical order,
for their contributions and comments:
Brian Carpenter
8. Change log [RFC Editor: Please remove]
draft-farmer-6man-routing-64-00, 2018-December-30:
*Original version.
draft-farmer-6man-routing-64-01, 2018-December-30:
*Fixed typos and other editorial changes
*Added missing "to" to the Title.
*Reduced some wordiness in the Abstract and Intro
*Corrected quote of RFC4291, Section 2.5, paragraph 4, the previous
was from RFC4291bis.
*Further developed the argument for standard form of interface
identifiers.
*Further clarified the intent of the change to RFC4291.
draft-farmer-6man-routing-64-02, 2019-January-6:
*Fixed typos, formatting and other editorial changes
*Further refined the argument for standard form of interface
identifiers.
*Added quote of RFC4291, Section 2.5, paragraph 1 in Section 2.2,
CIDR, etc...
*Further developed the conclusion, providing an argument why a
requirement is the incorrect relationship.
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
Farmer Expires July 10, 2019 [Page 13]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, DOI 10.17487/RFC4291, February
2006, <https://www.rfc-editor.org/info/rfc4291>.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
DOI 10.17487/RFC4861, September 2007,
<https://www.rfc-editor.org/info/rfc4861>.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862,
DOI 10.17487/RFC4862, September 2007,
<https://www.rfc-editor.org/info/rfc4862>.
[RFC5942] Singh, H., Beebee, W., and E. Nordmark, "IPv6 Subnet
Model: The Relationship between Links and Subnet
Prefixes", RFC 5942, DOI 10.17487/RFC5942, July 2010,
<https://www.rfc-editor.org/info/rfc5942>.
[RFC6164] Kohno, M., Nitzan, B., Bush, R., Matsuzaki, Y., Colitti,
L., and T. Narten, "Using 127-Bit IPv6 Prefixes on Inter-
Router Links", RFC 6164, DOI 10.17487/RFC6164, April 2011,
<https://www.rfc-editor.org/info/rfc6164>.
[RFC6434] Jankiewicz, E., Loughney, J., and T. Narten, "IPv6 Node
Requirements", RFC 6434, DOI 10.17487/RFC6434, December
2011, <https://www.rfc-editor.org/info/rfc6434>.
[RFC7136] Carpenter, B. and S. Jiang, "Significance of IPv6
Interface Identifiers", RFC 7136, DOI 10.17487/RFC7136,
February 2014, <https://www.rfc-editor.org/info/rfc7136>.
[RFC7608] Boucadair, M., Petrescu, A., and F. Baker, "IPv6 Prefix
Length Recommendation for Forwarding", BCP 198, RFC 7608,
DOI 10.17487/RFC7608, July 2015,
<https://www.rfc-editor.org/info/rfc7608>.
[RFC8064] Gont, F., Cooper, A., Thaler, D., and W. Liu,
"Recommendation on Stable IPv6 Interface Identifiers",
RFC 8064, DOI 10.17487/RFC8064, February 2017,
<https://www.rfc-editor.org/info/rfc8064>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
Farmer Expires July 10, 2019 [Page 14]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
[RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A.,
Richardson, M., Jiang, S., Lemon, T., and T. Winters,
"Dynamic Host Configuration Protocol for IPv6 (DHCPv6)",
RFC 8415, DOI 10.17487/RFC8415, November 2018,
<https://www.rfc-editor.org/info/rfc8415>.
9.2. Informative References
[I-D.bourbaki-6man-classless-ipv6]
Bourbaki, N., "IPv6 is Classless", draft-bourbaki-6man-
classless-ipv6-04 (work in progress), September 2018.
[I-D.farmer-6man-exceptions-64]
Farmer, D., "Exceptions to the Standard Subnet Boundary in
IPv6 Addressing", draft-farmer-6man-exceptions-64-09 (work
in progress), August 2018.
[I-D.jaeggli-v6ops-indefensible-nd]
Jaeggli, J., "Indefensible Neighbor Discovery", draft-
jaeggli-v6ops-indefensible-nd-01 (work in progress), July
2018.
[I-D.jinmei-6man-prefix-clarify]
Jinmei, T., "Clarifications on On-link and Subnet IPv6
Prefixes", draft-jinmei-6man-prefix-clarify-00 (work in
progress), March 2017.
[RFC1884] Hinden, R., Ed. and S. Deering, Ed., "IP Version 6
Addressing Architecture", RFC 1884, DOI 10.17487/RFC1884,
December 1995, <https://www.rfc-editor.org/info/rfc1884>.
[RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)",
RFC 3972, DOI 10.17487/RFC3972, March 2005,
<https://www.rfc-editor.org/info/rfc3972>.
[RFC4291bis]
Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", draft-ietf-6man-rfc4291bis-09 (work in
progress), July 2017,
<https://tools.ietf.org/id/draft-ietf-6man-rfc4291bis>.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007,
<https://www.rfc-editor.org/info/rfc4941>.
Farmer Expires July 10, 2019 [Page 15]
Internet-Draft IPv6 Routing and the 64-bit Boundary January 2019
[RFC5375] Van de Velde, G., Popoviciu, C., Chown, T., Bonness, O.,
and C. Hahn, "IPv6 Unicast Address Assignment
Considerations", RFC 5375, DOI 10.17487/RFC5375, December
2008, <https://www.rfc-editor.org/info/rfc5375>.
[RFC6583] Gashinsky, I., Jaeggli, J., and W. Kumari, "Operational
Neighbor Discovery Problems", RFC 6583,
DOI 10.17487/RFC6583, March 2012,
<https://www.rfc-editor.org/info/rfc6583>.
[RFC7217] Gont, F., "A Method for Generating Semantically Opaque
Interface Identifiers with IPv6 Stateless Address
Autoconfiguration (SLAAC)", RFC 7217,
DOI 10.17487/RFC7217, April 2014,
<https://www.rfc-editor.org/info/rfc7217>.
[RFC7421] Carpenter, B., Ed., Chown, T., Gont, F., Jiang, S.,
Petrescu, A., and A. Yourtchenko, "Analysis of the 64-bit
Boundary in IPv6 Addressing", RFC 7421,
DOI 10.17487/RFC7421, January 2015,
<https://www.rfc-editor.org/info/rfc7421>.
[RFC7707] Gont, F. and T. Chown, "Network Reconnaissance in IPv6
Networks", RFC 7707, DOI 10.17487/RFC7707, March 2016,
<https://www.rfc-editor.org/info/rfc7707>.
[RFC7721] Cooper, A., Gont, F., and D. Thaler, "Security and Privacy
Considerations for IPv6 Address Generation Mechanisms",
RFC 7721, DOI 10.17487/RFC7721, March 2016,
<https://www.rfc-editor.org/info/rfc7721>.
Author's Address
David Farmer
University of Minnesota
Office of Information Technology
2218 University Ave SE
Minneapolis, MN 55414
US
Phone: +16126260815
Email: farmer@umn.edu
URI: http://www.umn.edu/
Farmer Expires July 10, 2019 [Page 16]