Internet DRAFT - draft-gont-6man-ipv6-ula-scope
draft-gont-6man-ipv6-ula-scope
IPv6 maintenance Working Group (6man) F. Gont
Internet-Draft SI6 Networks
Updates: 4291, 4193, 8190 (if approved) January 5, 2021
Intended status: Standards Track
Expires: July 9, 2021
Scope of Unique Local IPv6 Unicast Addresses
draft-gont-6man-ipv6-ula-scope-00
Abstract
Unique Local IPv6 Unicast Addresses (ULAs) are formally part of the
IPv6 Global Unicast address space. However, the semantics of ULAs
clearly contradict the definition of "global scope". This document
discusses the why the terminology employed for the specification of
ULAs is problematic, along with some practical consequences of the
current specification of ULAs. Finally, it formally updates RFC4291
and RFC4193 such that the scope of ULAs is defined as "local".
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 9, 2021.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Gont Expires July 9, 2021 [Page 1]
Internet-Draft ULA Scope January 2021
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. What Does 'Global Scope' mean? . . . . . . . . . . . . . . . 2
3. Scope of Unique Local IPv6 Unicast Addresses . . . . . . . . 3
4. Problems with the Definition of the ULA Scope . . . . . . . . 4
5. Practical Consequences . . . . . . . . . . . . . . . . . . . 4
5.1. Address Attributes in Programming Languages . . . . . . . 5
6. Specification Updates . . . . . . . . . . . . . . . . . . . . 5
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
8. Security Considerations . . . . . . . . . . . . . . . . . . . 7
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
10.1. Normative References . . . . . . . . . . . . . . . . . . 7
10.2. Informative References . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
Unique Local IPv6 Unicast Addresses (commonly referred to as "ULAs")
[RFC4193] are formally part of the IPv6 Global Unicast address space.
However, the semantics of ULAs clearly contradict the definition of
"global scope" [RFC4007].
This document discussed the specification of ULAs and, in particular,
of their associated scope. Additionally, it discusses how the
semantics of ULAs contradicts their formal address scope along with
some and practical consequences of this problematic definition.
Finally, this document formally updates RFC4193 and RFC4291, such
that ULAs are defined to have "local scope" (larger than link-local,
and smaller than "global").
The problematic definition of ULAs was initially encountered when
analyzing IPv6 address properties while working on
[I-D.gont-v6ops-ipv6-addressing-considerations]. The issue became
fully-evident from discussions with Brian Carpenter, both off-list
and on-list [v6ops-thread].
2. What Does 'Global Scope' mean?
[RFC4007] defines the scope of an address as:
"[the] topological span within which the address may be used as a
unique identifier for an interface or set of interfaces"
Gont Expires July 9, 2021 [Page 2]
Internet-Draft ULA Scope January 2021
And defines the "global scope" to be used for:
"uniquely identifying interfaces anywhere in the Internet"
3. Scope of Unique Local IPv6 Unicast Addresses
[RFC4193] formally specifies Unique Local IPv6 Unicast Addresses.
[RFC4193] did not formally update [RFC3513], the current IPv6
Addressing Architecture at the time [RFC4193] was published.
Therefore, ULAs were specified as a different address type, but
rather as part of the Global Unicast address space.
[RFC3513] was eventually obsoleted by [RFC4291] (current revision of
the IPv6 Addressing Architecture), but still did not formally
accommodate ULAs into the IPv6 Addressing Architecture. For
instance, Section 2.4 of [RFC4291] notes that the type of an IPv6
address is identified by the high-order bits of the address, as
follows:
Address type Binary prefix IPv6 notation Section
------------ ------------- ------------- -------
Unspecified 00...0 (128 bits) ::/128 2.5.2
Loopback 00...1 (128 bits) ::1/128 2.5.3
Multicast 11111111 FF00::/8 2.7
Link-Local unicast 1111111010 FE80::/10 2.5.6
Global Unicast (everything else)
and subsequently notes that:
"Future specifications may redefine one or more sub-ranges of the
Global Unicast space for other purposes, but unless and until that
happens, implementations must treat all addresses that do not
start with any of the above-listed prefixes as Global Unicast
addresses."
Therefore, ULAs still formally belong to the Global Unicast address
space.
Additionally, Section 3.3 of [RFC4193] (the specification of Unique
Local IPv6 Unicast Addresses) defines the scope of ULAs as:
"By default, the scope of these addresses is global. That is,
they are not limited by ambiguity like the site-local addresses
defined in [ADDARCH]. Rather, these prefixes are globally unique,
and as such, their applicability is greater than site-local
addresses."
Gont Expires July 9, 2021 [Page 3]
Internet-Draft ULA Scope January 2021
4. Problems with the Definition of the ULA Scope
Section 3.3 of [RFC4193] (the specification of Unique Local IPv6
Unicast Addresses) defines the scope of ULAs as:
"By default, the scope of these addresses is global. That is,
they are not limited by ambiguity like the site-local addresses
defined in [ADDARCH]. Rather, these prefixes are globally unique,
and as such, their applicability is greater than site-local
addresses. Their limitation is in the routability of the
prefixes, which is limited to a site and any explicit routing
agreements with other sites to propagate them (also see
Section 4.1). Also, unlike site-locals, a site may have more than
one of these prefixes and use them at the same time."
However, there is a problem in this analysis: ULA prefixes have a
finite probability of being globally unique. For instance,
Section 3.2.3 of [RFC4193] computes the probability of collisions
*when inter-connecting a limited number of networks employing ULAs*.
As such, based on the definition of "scope" and "global scope" (see
Section 2), ULAs cannot possibly have a "global scope" -- their scope
is certainly smaller than "global". And this non-global scope does
limit the global routability of ULAs since, in principle, an address
cannot be routed outside of its associated zone.
The only ULAs that could possibly have "global scope" are the so-
called ULA-C [I-D.ietf-ipv6-ula-central], that have so far *not*
been formally specified.
It should be noted that the non-global scope of ULAs does not
preclude their usage for e.g. inter-site Virtual Private Networks
(VPN), as discussed in Section 4.7 of [RFC4193]. For example, the
private address space specified in [RFC1918] for IPv4 networks has
non-global scope, but still is regularly used for inter-site VPNs.
ULAs having a non-global scope simply means that while allocating
"Global IDs" from a Pseudo-Random Number Generator (PRNG) reduces the
probability of collisions of Global IDs *when a limited number of
networks employing ULAs are interconnected*, ULA prefixes cannot be
expected to be globally unique.
"Global scope" would imply that all ULA prefixes in use by any
networks, whether interconnected or not, are unique.
5. Practical Consequences
Gont Expires July 9, 2021 [Page 4]
Internet-Draft ULA Scope January 2021
5.1. Address Attributes in Programming Languages
Python's ipaddress library [Python-ipaddr] defines 'IPv6Address'
objects that have a number of attributes, including:
o 'True' if the address is allocated for private networks.
o 'True' if the address is allocated for public networks.
For ULAs, the is_private attribute is 'True', while the is_global
attribute is 'False'. This contradicts the definition of ULAs as
having "global scope" [RFC4291] [RFC4193], but is in line with the
specification update performed by this document (see Section 6).
6. Specification Updates
The ultimate goal is to employ coherent terminology and definitions
throughout the relevant protocol specifications. Probably the only
option to achieve this goal is update the definition of ULAs as
having "local scope", with "local scope" defined as "larger than
link-local, and smaller than global" (based on ULAs being defined as
"local addresses").
o [TBD: Analyze possible implications on Default Address Selection
for Internet Protocol Version 6 (IPv6) [RFC6724].]
The following table from Section 2.4 of [RFC4291]:
---- cut here ----
Address type Binary prefix IPv6 notation Section
------------ ------------- ------------- -------
Unspecified 00...0 (128 bits) ::/128 2.5.2
Loopback 00...1 (128 bits) ::1/128 2.5.3
Multicast 11111111 FF00::/8 2.7
Link-Local unicast 1111111010 FE80::/10 2.5.6
Global Unicast (everything else)
---- cut here ----
is replaced with:
Gont Expires July 9, 2021 [Page 5]
Internet-Draft ULA Scope January 2021
---- cut here ----
Address type Binary prefix IPv6 notation Reference
------------ ------------- ------------- ---------
Unspecified 00...0 (128 bits) ::/128 Sec. 2.5.2
Loopback 00...1 (128 bits) ::1/128 Sec. 2.5.3
Unique Local unicast 1111110 FC00::/7 [RFC4193]
Multicast 11111111 FF00::/8 Sec. 2.7
Link-Local unicast 1111111010 FE80::/10 Sec. 2.5.6
Global Unicast (everything else)
---- cut here ----
The following text from Section 3.3 of [RFC4193]:
---- cut here ----
By default, the scope of these addresses is global. That is, they
are not limited by ambiguity like the site-local addresses defined in
[ADDARCH]. Rather, these prefixes are globally unique, and as such,
their applicability is greater than site-local addresses. Their
limitation is in the routability of the prefixes, which is limited to
a site and any explicit routing agreements with other sites to
propagate them (also see Section 4.1). Also, unlike site-locals, a
site may have more than one of these prefixes and use them at the
same time.
---- cut here ----
is replaced with:
---- cut here ----
The scope of these addresses is 'local', defined to be 'larger than
link-local, but smaller than global'. Their limitation is in the
routability of the prefixes, generally limited by any explicit
routing agreements with other autonomous systems (ASes) to propagate
them, and normally limited by the Default-Free Zone (DFZ) (also see
Section 4.1).
---- cut here ----
7. IANA Considerations
The IANA is instructed to update the "IANA IPv6 Special-Purpose
Address Registry" [IANA-ADDR-REG] by adding a "[RFCXXXX]" to the
"RFC" column corresponding to the "fc00::/7" address block.
Additionally, the following footnote:
[4] See [RFC4193] for more details on the routability of Unique-
Local addresses. The Unique-Local prefix is drawn from the IPv6
Global Unicast Address range, but is specified as not globally
routed.
Gont Expires July 9, 2021 [Page 6]
Internet-Draft ULA Scope January 2021
must be replaced with:
[4] See [RFC4193] for more details on the routability of Unique-
Local addresses, and [RFCXXXX] for details on the scope of Unique-
Local addresses.
NOTE: [RFCXXXX] represents the RFC number assigned by the RFC Editor
upon publication of this document as an RFC.
8. Security Considerations
This document does not introduce any new security considerations.
9. Acknowledgements
Fernando Gont would like to thank Brian Carpenter and Bob Hinden, for
providing valuable comments on earlier versions of this document.
Fernando Gont would like to thank Brian Carpenter for his end-less
help, and for the discussion that eventually led to this document.
10. References
10.1. Normative References
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,
and E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996,
<https://www.rfc-editor.org/info/rfc1918>.
[RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and
B. Zill, "IPv6 Scoped Address Architecture", RFC 4007,
DOI 10.17487/RFC4007, March 2005,
<https://www.rfc-editor.org/info/rfc4007>.
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", RFC 4193, DOI 10.17487/RFC4193, October 2005,
<https://www.rfc-editor.org/info/rfc4193>.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, DOI 10.17487/RFC4291, February
2006, <https://www.rfc-editor.org/info/rfc4291>.
[RFC8190] Bonica, R., Cotton, M., Haberman, B., and L. Vegoda,
"Updates to the Special-Purpose IP Address Registries",
BCP 153, RFC 8190, DOI 10.17487/RFC8190, June 2017,
<https://www.rfc-editor.org/info/rfc8190>.
Gont Expires July 9, 2021 [Page 7]
Internet-Draft ULA Scope January 2021
10.2. Informative References
[I-D.gont-v6ops-ipv6-addressing-considerations]
Gont, F. and G. Gont, "IPv6 Addressing Considerations",
draft-gont-v6ops-ipv6-addressing-considerations-00 (work
in progress), December 2020.
[I-D.ietf-ipv6-ula-central]
Hinden, R., "Centrally Assigned Unique Local IPv6 Unicast
Addresses", draft-ietf-ipv6-ula-central-02 (work in
progress), June 2007.
[IANA-ADDR-REG]
IANA, "IANA IPv6 Special-Purpose Address Registry",
<https://www.iana.org/assignments/iana-ipv6-special-
registry/iana-ipv6-special-registry.xhtml>.
[Python-ipaddr]
Python 3.3, "ipaddress -- IPv4/IPv6 manipulation library",
<https://docs.python.org/3/library/ipaddress.html>.
[RFC3513] Hinden, R. and S. Deering, "Internet Protocol Version 6
(IPv6) Addressing Architecture", RFC 3513,
DOI 10.17487/RFC3513, April 2003,
<https://www.rfc-editor.org/info/rfc3513>.
[RFC6724] Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown,
"Default Address Selection for Internet Protocol Version 6
(IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012,
<https://www.rfc-editor.org/info/rfc6724>.
[v6ops-thread]
v6ops wg, "[v6ops] I-D Action: draft-gont-v6ops-ipv6-
addressing-considerations-00.txt", email thread on the
v6ops wg mailing-list, 2020,
<https://mailarchive.ietf.org/arch/msg/v6ops/b7r35HgOb-
6dfxsDoW8c4FtGnZo//>.
Author's Address
Fernando Gont
SI6 Networks
Segurola y Habana 4310, 7mo Piso
Villa Devoto, Ciudad Autonoma de Buenos Aires
Argentina
Email: fgont@si6networks.com
URI: https://www.si6networks.com
Gont Expires July 9, 2021 [Page 8]