Internet DRAFT - draft-lemon-stub-networks
draft-lemon-stub-networks
Internet Engineering Task Force T. Lemon
Internet-Draft Apple Inc.
Intended status: Best Current Practice 10 November 2022
Expires: 14 May 2023
Automatically Connecting Stub Networks to Unmanaged Infrastructure
draft-lemon-stub-networks-07
Abstract
This document describes a set of practices for connecting stub
networks to adjacent infrastructure networks. This is applicable in
cases such as constrained (Internet of Things) networks where there
is a need to provide functional parity of service discovery and
reachability between devices on the stub network and devices on an
adjacent infrastructure link (for example, a home network).
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 14 May 2023.
Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Lemon Expires 14 May 2023 [Page 1]
�
Internet-Draft Automatic Stub Networks November 2022
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Interoperability Goals . . . . . . . . . . . . . . . . . 4
1.2. Usability Goals . . . . . . . . . . . . . . . . . . . . . 5
2. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Constants . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4. Conventions and Terminology Used in This Document . . . . . . 7
5. Support for adjacent infrastructure links . . . . . . . . . . 7
5.1. Managing addressability on an adjacent infrastructure
link . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5.1.1. Usable On-Link Prefixes . . . . . . . . . . . . . . . 7
5.1.2. State Machine for maintaining a usable on-link prefix
on an infrastructure link . . . . . . . . . . . . . . 8
5.2. Managing addressability on the stub network . . . . . . . 12
5.2.1. Maintenance across stub router restarts . . . . . . . 12
5.2.2. Generating a ULA prefix to provide addressability . . 13
5.2.3. Using DHCPv6 Prefix Delegation to acquire a prefix to
provide addressability . . . . . . . . . . . . . . . 14
5.3. Managing reachability on the adjacent infrastructure
link . . . . . . . . . . . . . . . . . . . . . . . . . . 14
5.4. Managing reachability on the stub network . . . . . . . . 14
5.5. Providing discoverability between stub network links and
infrastructure network links . . . . . . . . . . . . . . 15
5.5.1. Discoverability by hosts on adjacent infrastructure
links . . . . . . . . . . . . . . . . . . . . . . . . 15
5.5.2. Providing discoverability of adjacent infrastructure
hosts on the stub network . . . . . . . . . . . . . . 16
6. Providing reachability to IPv4 services to the stub
network . . . . . . . . . . . . . . . . . . . . . . . . . 17
6.1. NAT64 provided by infrastructure . . . . . . . . . . . . 17
6.2. NAT64 provided by stub router(s) . . . . . . . . . . . . 18
7. Handling partitioning events on a stub network . . . . . . . 19
8. Normative References . . . . . . . . . . . . . . . . . . . . 19
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 21
1. Introduction
This document describes a set of practices for connecting stub
networks to adjacent infrastructure networks. There are several use
cases for stub networks. Motivating factors include:
* Incompatible speed: for example, an 802.15.4 network could not be
easily bridged to a WiFi network because the data rates are so
dissimilar. So either it must be bridged in a very complicated
and careful way to avoid overwhelming the 802.15.4 network with
irrelevant traffic, or the 802.15.4 network needs to be a separate
subnet.
Lemon Expires 14 May 2023 [Page 2]
�
Internet-Draft Automatic Stub Networks November 2022
* Incompatible media: for example, a constrained 802.15.4 network
connected as a stub network to a WiFi or ethernet infrastructure
network. In the case of an 802.15.4 network, it is quite possible
that the devices used to link the infrastructure network to the
stub network will not be conceived of by the end user as routers.
Consequently, we cannot assume that these devices will be on all
the time. A solution for this use case will require some sort of
commissioning process for stub routers, and can't assume that any
particular stub router will always be available; rather, any stub
router that is available must be able to adapt to current
conditions to provide reachability.
* Convenience: end users often connect devices to each other in
order to extend networks
* Transitory connectivity: a mobile device acting as a router for a
set of co-located devices could connect to a network and gain
access to services for itself and for the co-located devices.
Such a stub network is unlikely to have more than one stub router.
What makes stub networks a distinct type of network is simply that a
stub network never provides transit between networks to which it is
connected. The term "stub" refers to the way the network is seen by
the link to which it is connected: there is reachability through a
stub network router to devices on the stub network from the
infrastructure link, but there is no reachability through the stub
network to any link beyond that one.
Eliminating transit routing is not intended to be seen as a virtue in
itself, but rather as a simplifying assumption that makes it possible
to solve a subset of the general problem of automating multi-link
networks. Stub networks may be globally reachable, or may be only
locally reachable. This document addresses local reachability. A
host on a locally reachable stub network can only interoperate with
hosts on the network link(s) to which it is connected.
It may be noted that just as you can plug several home routers
together in series to form multi-layer NATs, there is nothing
preventing the owner of a stub network router from plugging it into
another stub network router. In the case of an IoT wireless network,
there may be no way to do this, nor would it be desirable, but a stub
router that uses ethernet on both the infrastructure and stub network
sides could be connected this way. Nothing in this document is
intended to prevent this from being done, but neither do we attempt
to solve the problems that this could create.
Lemon Expires 14 May 2023 [Page 3]
�
Internet-Draft Automatic Stub Networks November 2022
The goal of this document is to describe the minimal set of changes
or behaviors required to use existing IETF specifications to support
the stub network use case. The result is intended to be deployable
on existing networks without requiring changes to those networks.
1.1. Interoperability Goals
The goal here is for hosts on the stub network to be able to
interoperate with hosts on the adjacent infrastructure link or links.
What we mean by "interoperate" is that a host on a stub network:
* is discoverable by hosts attached to adjacent infrastructure links
* is able to discover hosts attached to adjacent infrastructure
links
* is able to discover hosts on the Internet
* is able to acquire an IP address that can be used to communicate
with hosts attached to adjacent infrastructure links
* has reachability to the hosts attached to adjacent infrastructure
links
* is reachable by hosts on the adjacent infrastructure link
* is able to reach hosts on the Internet
Discoverability here means "discoverable using DNS, or DNS Service
Discovery". DNS Service Discovery includes multicast DNS [RFC6762].
As an example, when one host connected to a specific WiFi network
wishes to discover services on hosts connected to that same WiFi
network, it can do so using multicast DNS. Similarly, when a host on
some other network wishes to discover the same service, it must use
DNS-based DNS Service Discovery [RFC6763]. In both cases,
"discoverable using DNS" means that the host has an entry in the DNS.
We lump discoverability in with reachability and addressability, both
of which are essentially Layer 3 issues. The reason for this is that
it does us no good to automatically set up connectivity between stub
network hosts and infrastructure hosts if the infrastructure hosts
have no means to learn about the availability of services provided by
stub network hosts. For stub network hosts that only consume cloud
services this will not be an issue, but for stub networks that
provide services, such as IoT devices on stub networks with
incompatible media, discoverability is necessary in order for stub
network connectivity to be useful.
Lemon Expires 14 May 2023 [Page 4]
�
Internet-Draft Automatic Stub Networks November 2022
Ability to acquire an IP address that can be used to communicate
means that the IP address a host on the stub network acquires can be
used to communicate with it by hosts on adjacent links, for locally
reachable stub networks.
Reachability to hosts on adjacent links means that when a host (A) on
the stub network has the IP address of such a host (B), with which it
intends to communicate, host (A) knows of a next-hop router to which
it can send datagrams, so that they will ultimately reach host (B).
Reachability from hosts on adjacent links means that when host (A) on
an adjacent link has a datagram destined for the IP address of a host
(B) on the stub network, a next-hop router is known by host (A) such
that, when the datagram is sent to that router, it will ultimately
reach host (B) on the stub network.
1.2. Usability Goals
In addition to the interoperability goals we've described above, the
additional goal for stub networks is that they be able to be
connected automatically, with no user intervention. The experience
of connecting a stub network to an infrastructure should be as
straightforward as connecting a new host to the same infrastructure
network.
2. Glossary
Addressability The ability to associate each node on a link with its
own IPv6 address.
Reachability Given an IPv6 destination address that is not on-link
for any link to which a node is attached, the information required
that allows the node to send packets to a router that can forward
those packets towards a link where the destination address is on-
link.
Infrastructure network the network infrastructure to which a stub
router connects. This network can be a single link, or a network
of links. The network may also provide some services, such as a
DNS resolver, a DHCPv4 server, and a DHCPv6 prefix delegation
server, for example.
Adjacent infrastructure link any link to which a stub network router
is directly attached, that is part of an infrastructure network
and is not the stub network.
Off-Stub-Network-Routable (OSNR) Prefix a prefix advertised on the
Lemon Expires 14 May 2023 [Page 5]
�
Internet-Draft Automatic Stub Networks November 2022
stub network that can be used for communication with hosts not on
the stub network.
3. Constants
This section describes the meaning of and gives default values for
various constants used in this document.
STALE_RA_TIME Default: 10 minutes. The amount of time that can pass
after the last time a router advertisement from a particular has
been received before we assume the router is no longer present.
This is a stopgap in case the router is reachable but has silently
stopped advertising a prefix; this situation is unlikely, but if
it does happen, new devices joining the infrastructure network
will not be able to reach devices on the stub network until the
stub router decides that the router that advertised the usable
prefix is stale.
STUB_PROVIDED_PREFIX_LIFETIME Default: 30 minutes. The valid and
preferred lifetime the stub router will advertise. This needs to
be long enough that a host is actually willing to use it, and
obviously should also be long enough that a missed beacon will not
cause the host to stop using it. The values suggested here allow
ten beacons to be missed before the host will stop using the
prefix.
BEACON_INTERVAL Default: 3 minutes. How often the stub router will
transmit an RA. This should be frequent enough that a missed
Router Solicit (e.g. due to congestion on a WiFi link) will not
result in an extremely long outage (assuming the congestion passes
before the beacon is sent, of course).
PREFIX_DELEGATION_INTERVAL Default: 30 minutes. The lifetime a stub
router should request for a DHCPv6-delegated prefix. The longer
this is, the more prefixes will be consumed on a network where
stub routers are not stable. The lifetime here is chosen to be
long enough that a reboot of the DHCP server will not prevent the
prefix being renewed. It happens to coincide with the value of
STUB_PROVIDED_PREFIX_LIFETIME, but the two should not be
considered to be equivalent.
MAX_USABLE_REACHABLE_TIME Default: 60 seconds. The maximum
ReachableTime value that a router can have in the Neighbor
Table before any usable prefixes it has advertised are no longer
considered usable.
Lemon Expires 14 May 2023 [Page 6]
�
Internet-Draft Automatic Stub Networks November 2022
4. Conventions and Terminology Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
5. Support for adjacent infrastructure links
We assume that the adjacent infrastructure link supports Neighbor
Discovery [RFC4861], and specifically that routers and on-link
prefixes can be advertised using router advertisements and discovered
using neighbor solicits. The stub network link may also support
this, or may use some different mechanism. This section specifies
how advertisement of the on-link prefix for such links is managed.
In this section we will use the term "Advertising Interface" as
described in Section 6.2.2 of [RFC4861].
Support for adjacent infrastructure links on networks where Neighbor
Discovery is not supported are out of scope for this document. Stub
routers do not provide routing between adjacent infrastructure links
when connected to more than one such link.
5.1. Managing addressability on an adjacent infrastructure link
In order to provide IPv6 routing to the stub network, IPv6 addressing
must be available on each adjacent infrastructure link. Ideally such
addressing is already present on these links, and need not be
provided. However, if it is not present, the stub router must
provide it.
5.1.1. Usable On-Link Prefixes
IPv6 addressing is considered to be present on the link if a usable
on-link prefix is advertised on the adjacent infrastructure link. A
usable on-link prefix is a prefix advertised on the link that has a
preferred time of 30 minutes or more, is marked on-link and allows
autonomous configuration.
A prefix is not considered a usable on-link prefix if it is
advertised on the link as on-link, but the 'm' bit is set in the
Router Advertisement message header ([RFC4861], Section 4.2) that
contains the Prefix option. This indicates that node addressibility
is being managed using DHCPv6. Nodes are not required to use DHCPv6
to acquire addresses, so a prefix that requires the use of DHCPv6
can't be considered "usable"-not all hosts can actually use it.
Lemon Expires 14 May 2023 [Page 7]
�
Internet-Draft Automatic Stub Networks November 2022
A prefix is considered to be advertised on the link if, when a Router
Solicit message ([RFC4861], Section 4.1) is sent, a Router
Advertisement message is received in response which contains a prefix
information option ([RFC4861], Section 4.6.2) for that prefix.
After an RA message containing a usable prefix has been received, it
can be assumed for some period of time thereafter that the prefix is
still valid on the link. However, prefix lifetimes and router
lifetimes are often quite long. In addition to knowing that a prefix
has been advertised on the link in the past, and is still valid, we
must therefore ensure that at least one router that has advertised
this prefix is still alive to respond to router advertisements.
5.1.2. State Machine for maintaining a usable on-link prefix on an
infrastructure link
The possible states of an interface connected to an adjacent
infrastructure link are described here, along with actions required
to be taken to monitor the state. The purpose of the state machine
described here is to ensure that at all times, when a new host
arrives on the adjacent infrastructure link, it is able to acquire an
IPv6 address on that link.
5.1.2.1. Status of IP addressability on adjacent infrastructure link
unknown (STATE-UNKNOWN)
When the stub router interface first connects to the adjacent
infrastructure link, it MUST begin router discovery.
If, after router discovery has completed, no usable on-link prefix
has been found, the router moves this interface to STATE-BEGIN-
ADVERTISING (Section 5.1.2.3).
If, during router discovery, a usable on-link prefix is found, the
router moves the interface to STATE-USABLE (Section 5.1.2.2).
In this state, the stub router MUST NOT treat this interface as an
advertising interface as described in Section 6.2.2 of [RFC4861].
5.1.2.2. IP addressability already present on adjacent infrastructure
link (STATE-USABLE)
When entering this state, if the router MUST discontinue treating the
interface as an Advertising Interface as described in Section 6.2.2
of [RFC4861], if it has been doing so.
Lemon Expires 14 May 2023 [Page 8]
�
Internet-Draft Automatic Stub Networks November 2022
When a new host appears on the adjacent infrastructure link and sends
an initial router solicit, if it does not receive a usable on-link
prefix, it will not be able to communicate. Consequently, the stub
router MUST monitor router solicits and advertisements on the
interface in order to determine whether a prefix that has been
advertised on the link is still being advertised. To accomplish this
we have two complementary methods: router staleness detection and
neighbor unreachability detection.
5.1.2.2.1. Router staleness detection
The stub router MUST listen for router advertisements on the adjacent
infrastructure link to which the interface is attached, and record
the time at which each router advertisement was received. The router
MUST NOT consider any router advertisement that is older than
STALE_RA_TIME to be usable. When the last non-stale router
advertisement containing a usable prefixes on the link is marked
stale, the stub router MUST move the interface to STATE-BEGIN-
ADVERTISING.
5.1.2.2.2. Router Unreachability Detection
For each usable route, the stub router MUST monitor the state of
reachability to the router(s) that advertised it as described in
([RFC4861], Section 7.3.1) using a ReachableTime value of no more
than MAX_USABLE_REACHABLE_TIME. The reason for this is that if no
router providing the on-link prefix on the infrastructure link is
reachable, then when a new host joins the network, it will have no
usable on-link prefix to use for autoconfiguration, and thus will be
unable to communicate with hosts on the stub network.
Whenever the ReachableTime for a router advertising a usable prefix
exceeds MAX_USABLE_REACHABLE_TIME, the stub router MUST send unicast
neighbor solicits as described in Section 7.2.2 of [RFC4861] until
either a response is received, which resets ReachableTime to zero, or
the maximum number of retransmissions has been sent.
The stub router MUST listen for router solicits on the adjacent
infrastructure link. When a router solicit is received, if none of
the on-link routers on the adjacent infrastructure link are marked
reachable, the stub router MUST move this interface to the STATE-
BEGIN-ADVERTISING state (Section 5.1.2.3).
If a beacon interval arrives, and there are no routers advertising
usable prefixes that have a ReachableTime that is less than
MAX_USABLE_REACHABLE_TIME, then the router MUST move this interface
to the STATE-BEGIN-ADVERTISING state.
Lemon Expires 14 May 2023 [Page 9]
�
Internet-Draft Automatic Stub Networks November 2022
5.1.2.3. IP addressability not present on adjacent infrastructure link
(STATE-BEGIN-ADVERTISING)
In this state, the stub router generates its own on-link prefix for
the interface. This prefix has a valid and preferred lifetime of
STUB_PROVIDED_PREFIX_LIFETIME seconds. The stub router sends a
router advertisement containing this prefix. The 'A' (autonomous
configuration), 'L' (on-link) Section 4.6.2 of [RFC4861] and the Stub
Router bit ([I-D.hui-stub-router-ra-flag]) MUST be set in the prefix
header.
This router advertisement MUST also include a Route Information
Option (Section 2.3 of [RFC4191]) for each routable prefix advertised
on the stub network. If the stub router is also a normal router
(e.g. a home WiFi router), it SHOULD include all other routes that it
is advertising in the RA, if there is space.
After having sent the initial router advertisement, the stub router
moves the interface into the STATE-ADVERTISING-USABLE state
(Section 5.1.2.4).
5.1.2.4. IP addressability not present on adjacent infrastructure link
(STATE-ADVERTISING-USABLE)
When entering this state, if the router MUST begin treating the
interface as an Advertising Interface as described in Section 6.2.2
of [RFC4861] if it is not already doing so.
The stub router sends a router advertisement message, as described in
Section 5.1.2.3, every BEACON_INTERVAL seconds.
The stub router may receive a router advertisement containing a
usable on-link prefix on the adjacent infrastructure link. If the
advertised prefix is different than the prefix the stub router is
advertising as the on-link usable prefix, and the Stub Router bit is
not set in the prefix option for the prefix, the stub router moves
the interface to STATE-DEPRECATING (Section 5.1.2.5).
If the stub router bit is set in the received prefix, then one of the
following must be true:
* The prefixes are equal. In this case, the interface remains in
STATE-ADVERTISING-USABLE.
* The prefix the stub router is advertising is a ULA [RFC4193], and
the received prefix is a non-ULA prefix. In this case, the
interface moves into the STATE-DEPRECATING (Section 5.1.2.5)
state.
Lemon Expires 14 May 2023 [Page 10]
�
Internet-Draft Automatic Stub Networks November 2022
* Both prefixes are ULA prefixes, and the received prefix,
considered as a 128-bit big-endian unsigned integer, is
numerically lower, then the interface moves to STATE-DEPRECATING
(Section 5.1.2.5.
* Otherwise the interface remains in STATE-ADVERTISING-USABLE.
5.1.2.5. Stub router deprecating its on-link prefix (STATE-DEPRECATING)
On entry to this state, the stub router has been treating the
interface as an Advertising Interface as described in Section 6.2.2
of [RFC4861], and MUST continue to do so.
When the stub router has detected the availability of usable on-link
prefix on the adjacent infrastructure link to which the interface is
attached, and that prefix is preferable to the one it is advertising,
it continues to advertise its own prefix, but deprecates it:
* the preferred lifetime for its prefix should be set to zero in
subsequent router advertisement messages.
* the valid lifetime for its prefix should be reduced with each
subsequent router advertisement messages.
* the usability of the infrastructure-provided on-link prefix should
be monitored as in the STATE-USABLE state; if during the
deprecation period, the stub router detects that there are no
longer any usable prefixes on the link, as described in
Section 5.1.2.2.1 or in Section 5.1.2.2.2, it MUST return the
interface to the STATE-BEGIN-ADVERTISING (Section 5.1.2.4) state
and resume advertising its prefix with the valid and preferred
lifetimes described there.
In this state, the valid lifetime (VALID) is computed based on three
values: the current time when a router advertisement is being
generated (NOW), the time at which the new usable on-link prefix
advertisement was received (DEPRECATE_TIME), and
STUB_PROVIDED_PREFIX_LIFETIME. All of these values are in seconds.
VALID is computed as follows:
VALID = STUB_PROVIDED_PREFIX_LIFETIME - (NOW - DEPRECATE_TIME)
If VALID is less than BEACON_INTERVAL, the stub router does not
include the deprecated prefix in the router advertisement. Note that
VALID could be less than zero. Otherwise, the prefix is provided in
the advertisement, but with a valid lifetime of VALID.
Lemon Expires 14 May 2023 [Page 11]
�
Internet-Draft Automatic Stub Networks November 2022
5.2. Managing addressability on the stub network
How addressability is managed on stub networks depends on the nature
of the stub network. For some stub networks, the stub router can be
sure that it is the only router. For example, a stub router that is
providing a Wi-Fi network for tethering will advertise its own SSID
and use its own joining credentials; in this case, it can assume that
it is the only router for that network, and advertise a default route
and on-link prefix just like any other router.
However, some stub networks are more cooperative in nature, for
example IP mesh networks. On such networks, multiple stub routers
may be present and be providing addressability and reachability.
In either case, some stub router connected to the stub network MUST
provide a usable on-link prefix (the OSNR prefix) for the stub
network. If the stub network is a multicast-capable medium where
Router Advertisements are used for router discovery, the same
mechanism described in Section 5.1.2 is used.
Stub networks that do not support the use of Router Advertisements
for router discovery must use some similar mechanism that is
compatible with that type of network. Describing the process of
establishing a common OSNR prefix on such networks is out of scope
for this document.
5.2.1. Maintenance across stub router restarts
Stub routers may restart from time to time; when a restart occurs,
the stub router may have been advertising state to the network which,
following the restart, is no longer required.
For example, suppose there are two stub routers connected to the same
infrastructure link. When the first stub router is restarted, the
second takes over providing an on-link prefix. Now the first router
rejoins the link. It sees that the second stub router's prefix is
advertised on the infrastructure link, and therefore does not
advertise its own.
This behavior can cause problems because the first stub router no
longer sees the on-link prefix it had been advertising on
infrastructure as on-link. Consequently, if it receives a packet to
forward to such an address, it will forward that packet directly to a
default router, if one is present; otherwise, it will have no route
to the destination, and will drop the packet.
Lemon Expires 14 May 2023 [Page 12]
�
Internet-Draft Automatic Stub Networks November 2022
To address this problem, stub routers SHOULD remember the last time a
prefix was advertised across restarts. On restart, the router can
immediately begin deprecating the prefix, and can stop after the
prefix valid lifetime goes to zero, based on the recorded time that
the last advertisement was sent.
When a stub router has only flash memory with limited write lifetime,
it may be inappropriate to do a write to flash every time a prefix
beacon happens. In this case, the router SHOULD record the set of
prefixes that have been advertised on infrastructure and the maximum
valid lifetime that was advertised. On restart, the router should
assume that hosts on the infrastructure link have received
advertisements for any such prefixes, and should immediately
deprecate them, and continue to do so until the maximum valid
lifetime has elapsed after restart.
[WG: we could actually just not advertise the prefix, rather than
deprecating it. In this case, the host should wind up preferring
some other prefix for new connections anyway, because it will have a
later preferred lifetime expiry. As long as we remember the route
and resume forwarding for it, existing connections can continue until
the prefix becomes invalid.
5.2.2. Generating a ULA prefix to provide addressability
In order to be able to provide addressability either on the stub
network or on an adjacent infrastructure network, a stub router must
allocate its own ULA prefix. ULA prefixes, described in Unique Local
IPv6 Unicast Addresses ([RFC4193]) are randomly allocated prefixes.
A stub router MUST allocate a single ULA prefix for use in providing
on-link prefixes to the stub network and the infrastructure network,
as needed.
The ULA prefix allocated by a stub router SHOULD be maintained across
reboots, and SHOULD remain stable over time. For privacy reasons, a
stub router that roams from network to network may wish to allocate a
different ULA prefix each time it connects to a different
infrastructure network.
If IPv6 prefix delegation is available, which implies that IPv6
service is also available on the infrastructure link, then the stub
router MAY use IPv6 prefix delegation to acquire a prefix to
advertise on the stub network, rather than allocating one out of its
ULA prefix.
Lemon Expires 14 May 2023 [Page 13]
�
Internet-Draft Automatic Stub Networks November 2022
5.2.3. Using DHCPv6 Prefix Delegation to acquire a prefix to provide
addressability
If DHCPv6 PD is available on the link, it is preferable to acquire a
prefix using DHCPv6 PD rather than generating a ULA prefix, because
the DHCPv6-PD-provided prefix is routable at least on the local
infrastructure. Therefore, when DHCPv6-PD is available, the BR MUST
use DHCPv6 PD rather than its own prefix.
5.3. Managing reachability on the adjacent infrastructure link
Stub routers MUST advertise reachability to stub network OSNR
prefixes on any AIL to which they are connected. If the stub router
is advertising a usable prefix on any interface, any such prefixes
MUST be advertised on that interface in the same beacon that is
advertising the usable prefix, to avoid unnecessary multicast
traffic.
Each stub network will have some set of prefixes that are advertised
as on-link for that network. A stub router connected to that network
SHOULD advertise reachability to all such prefixes on any AIL to
which it is attached using router advertisements
5.4. Managing reachability on the stub network
The stub router MAY advertise itself as a default router on the stub
network, if it itself has a default route on the AIL. In some cases
it may not be desirable to advertise reachability to the Internet as
a whole; in this case the stub router is not required to advertise
itself as a default router.
If the stub router is not advertising itself as a default router on
the stub network, it MUST advertise reachability to any prefixes that
are being advertised as on-link on AILs to which it is attached.
This is true for prefixes it is advertising, and for other prefixes
being advertised on that link.
Note that in some stub network configurations, it is possible for
more than one stub router to be connected to the stub network, and
each stub router may be connected to a different AIL. In this case,
a stub router advertising a default route may receive a packet
destined for a link that is not an AIL for that router, but is an AIL
for a different router. In such a case, if the infrastructure is not
capable of routing between these two AILs, a packet which could have
been delivered by another stub router will be lost by the stub router
that received it.
Lemon Expires 14 May 2023 [Page 14]
�
Internet-Draft Automatic Stub Networks November 2022
Consequently, stub routers SHOULD be configurable to not advertise
themselves as default routers on the stub network. Stub routers
SHOULD be configurable to explicitly advertise AIL prefixes on the
stub network even if they are advertising as a default router. The
mechanisms by which such configuration can be accomplished are out of
scope for this document.
It is also possible that stub routers for more than one stub network
may be connected to the same adjacent infrastructure link. In this
case, the stub routers will be advertising Router Information Options
in their router advertisements for their OSNR prefixes. Stub routers
MUST track the presence of such routes, and MUST advertise
reachability to them on interfaces connected to stub networks.
5.5. Providing discoverability between stub network links and
infrastructure network links
Since DNS-SD is in wide use, and provides for ad-hoc, self-
configuring advertising using the mDNS transport, this is a suitable
mandatory-to-implement protocol for stub networks, which must be able
to attach to infrastructure networks without the help of new
mechanisms provided by the infrastructure. Therefore, stub routers
MUST provide DNS-SD service as described in this section.
5.5.1. Discoverability by hosts on adjacent infrastructure links
The adjacent infrastructure can be assumed to already enable some
service discovery mechanism between hosts on the infrastructure
network, and can be assumed to provide a local DNS resolver.
Therefore, we do not need to define a stub-network-specific mechanism
for providing these services on the infrastructure network.
In some cases it will be necessary for hosts on the adjacent
infrastructure link to be able to discover devices on the stub
network. In other cases, this will be unnecessary or even
undesirable. For example, it may be undesirable for devices on an
adjacent infrastructure link to be able to discover devices on a Wi-
Fi tether, for example provided by a mobile phone.
One example of a use case for stub networks where such discovery is
desirable is the constrained network use case. In this case a low-
power, low-cost stub network provides connectivity for devices that
provide services to the infrastructure. For such networks, it is
necessary that devices on the infrastructure be able to discover
devices on the stub network.
Lemon Expires 14 May 2023 [Page 15]
�
Internet-Draft Automatic Stub Networks November 2022
The most basic use case for this is to provide feature parity with
existing solutions like multicast DNS (mDNS). For example, a light
bulb with built-in Wi-Fi connectivity might be discoverable on the
infrastructure link to which it is connected, using mDNS, but likely
is not discoverable on other links. To provide equivalent
functionality for an equivalent device on a constrained network that
is a stub network, the stub network device must be discoverable on
the infrastructure link (which is an AIL from the perspective of the
stub network).
If services are to be advertised using DNS Service Discovery
[RFC6763], there are in principle two ways to accomplish this. One
is to present services on the stub network as a DNS zone which can
then be configured as a browsing domain in the DNS ([RFC6763],
Section 11). The second is to advertise stub network services on the
AIL using multicast DNS (mDNS) [RFC6762].
Because this document defines behavior for stub routers connecting to
infrastructure networks that do not provide any new mechanism for
integrating stub networks, there is no way for a stub router to
provide DNS-SD service on an infrastructure link in the form of a DNS
zone in which to do discovery. Therefore, service on the
infrastructure link MUST be provided using an Advertising Proxy, as
defined in [I-D.ietf-dnssd-advertising-proxy].
One limitation of this solution is that it requires that hosts on the
stub network use the DNS-SD Service Registration Protocol
[I-D.ietf-dnssd-srp] to register their DNS-SD advertisements. This
means that in the case of a stub network used for WiFi tethering,
hosts on the stub network will not be discoverable by hosts on the
infrastructure network. Any solution to this problem would require
that the stub router provide a Discovery Proxy [RFC8766]. However, a
discovery proxy is queried using DNS, not mDNS. This requires
assistance from the infrastructure network, and is therefore out of
scope for this document.
5.5.2. Providing discoverability of adjacent infrastructure hosts on
the stub network
Hosts on the stub network may need to discover hosts on the adjacent
infrastructure network, or on the stub network. In the IoT network
example we've been using, there might be a light switch on the stub
network which needs to be able to actuate a light bulb connected to
the adjacent infrastructure network. In order to know where to send
the actuation messages, the light switch will need to be able to
discover the light bulb's address somehow.
Lemon Expires 14 May 2023 [Page 16]
�
Internet-Draft Automatic Stub Networks November 2022
Because the stub network is managed by stub routers, any DNS resolver
that's available on the stub network will necessarily be provided by
one or more stub routers. This means that the stub router can enable
discovery of hosts on the infrastructure network by hosts on the stub
network using a Discovery Proxy [RFC8766]. The Discovery Proxy can
be advertised as available to hosts on the stub network through the
DNS resolver provided on the stub network, as described in Section 11
of [RFC6763].
By implication, this means that stub routers MUST provide a DNS
resolver. In addition, stub routers MUST provide DNS zones for each
adjacent infrastructure link, and MUST list these zones in the list
of default browsing zones as defined in RFC6763. [[WG: we need to
say how these zones are named. Or refer to the Advertising Proxy doc
and have that doc say how they are named.]]
The stub router MUST also maintain an SRP registrar and use
registrations made through that registrar to populate a DNS zone
which is advertised as a default browsing domain, as above. This SRP
registrar MUST be advertised on the stub network either using the
dnssd-srp and/or dnssd-srp-tls service names or some stub-network-
specific mechanism, the details of which are out of scope for this
document.
6. Providing reachability to IPv4 services to the stub network
6.1. NAT64 provided by infrastructure
Stub networks are defined to be IPv6-only because it would be
difficult to implement a stub network using IPv4 technology.
However, stub network devices may need to be able to communicate with
IPv4-only services either on the adjacent infrastructure, or on the
global internet. Ideally, the infrastructure network fully supports
IPv6, and all services on the infrastructure network are
IPv6-capable. In this case, perhaps the infrastructure network
provides NAT64 service to IPv4-only hosts on the internet. In this
ideal setting, the stub router need do nothing-the infrastructure
network is doing it all.
Lemon Expires 14 May 2023 [Page 17]
�
Internet-Draft Automatic Stub Networks November 2022
In this situation, if there are multiple stub routers, each connected
to the same adjacent infrastructure link, there is no need for
special behavior-each stub router can advertise a default route, and
any stub router will do to route NAT64 traffic. If some stub routers
are connected to different adjacent infrastructure links than others,
some of which support NAT64 and some of which do not, then the
default route may not carry traffic to the correct link for NAT64
service. In this case, a more specific address to the infrastructure
NAT64 prefix(es) MUST be advertised by those stub routers that are
able to discover it.
6.2. NAT64 provided by stub router(s)
Most infrastructure networks at present do not provide NAT64 service.
It is therefore necessary for stub routers to be able to provide
NAT64 service if IPv4 hosts are to be reachable from the stub
network.
To provide NAT64 service, a stub router must allocate a NAT64 prefix.
For convenience, the stub network allocates a single prefix out of
the /48 ULA prefix that it maintains. Out of the 2^16 possible
subnets of the /48, the stub router SHOULD use the numerically
highest /64 prefix.
If there are multiple stub routers providing connectivity between the
stub network and infrastructure, each stub network uses its own NAT64
prefix-there is no common NAT64 prefix. The reason for this is that
NAT64 translation is not stateless, and is tied to the stub router's
IPv4 address. Therefore each NAT64 egress is not equivalent.
A stub network that services a Wi-Fi stub network SHOULD provide
DNS64 translation: hosts on the stub network cannot be assumed to be
able to do DNS64 synthesis in the stub resolver. In this case the
DNS resolver on the stub router MUST honor the CD and DO bits if
received in a request, since this indicates that the stub resolver on
the requestor intends to do DNSSEC validation. In this case, the
resolver on the stub router MUST NOT perform DNS64 synthesis.
On specific stub networks it may be desirable to require the stub
network device to perform DNS64 synthesis. Stub network routers for
such networks do not need to provide DNS64 synthesis. Instead, they
MUST provide an ipv4only.arpa answer that advertises the NAT64 prefix
for that stub router, and MUST provide an explicit route to that
NAT64 prefix on the stub network using RA or whatever technology is
specific to that stub network type.
Lemon Expires 14 May 2023 [Page 18]
�
Internet-Draft Automatic Stub Networks November 2022
In constrained networks it can be very useful if stub network
resolvers provide the information required to do DNS64 translation in
the answer to the AAAA query. If the answer to an AAAA query comes
back with "no data" (not NXDOMAIN), this suggests that there may be
an A record. In this case, the stub network's resolver SHOULD
attempt to look up an A record on the same name. If such a record
exists, the resolver SHOULD return no data in the Answer section of
the DNS response, and SHOULD provide any CNAME records that were
involved in returning the "no data" answer to the AAAA query, and
SHOULD provide any A records that were ultimately returned, in the
Additional section. The resolver should also include an
ipv4only.arpa record in the Additional section.
7. Handling partitioning events on a stub network
If a stub network is constructed using mesh technology, it may become
partitioned. In such a situation, it may be one stub router is
connected to one partition, and another stub router is connected to
the other partition. In this situation, in order for all nodes to be
reachable, it is necessary that each partition of the stub network
have its own prefix. When such a partition occurs, the stub routers
must detect that it has occurred. If a stub router is currently
providing a prefix on the stub network, it need take no action. If a
stub router had not been providing a prefix on the stub network, and
now discovers that there is no stub router providing a prefix on the
network, it MUST begin to provide its own prefix on the stub network.
It MUST also advertise reachability to that new prefix on its
adjacent infrastructure link(s).
When partitions of this type occur, they may also heal. When a
partition heals in a situation where two stub routers have both been
advertising a prefix, it will now appear that there are two prefixes
on the stub network.
When the time comes to deprecate one or more prefixes as a result of
a network partition healing, only one prefix should remain. If there
are any GUA prefixes, and if there is no specific configuration
contradicting this, the GUA prefix that is numerically lowest should
be kept, and all others deprecated. If there are no GUA prefixes,
then the ULA prefix that is numerically lowest should be kept, and
the others deprecated. By using this approach, it is not necessary
for the routers to coordinate in advance.
8. Normative References
Lemon Expires 14 May 2023 [Page 19]
�
Internet-Draft Automatic Stub Networks November 2022
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and
More-Specific Routes", RFC 4191, DOI 10.17487/RFC4191,
November 2005, <https://www.rfc-editor.org/info/rfc4191>.
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", RFC 4193, DOI 10.17487/RFC4193, October 2005,
<https://www.rfc-editor.org/info/rfc4193>.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
DOI 10.17487/RFC4861, September 2007,
<https://www.rfc-editor.org/info/rfc4861>.
[RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762,
DOI 10.17487/RFC6762, February 2013,
<https://www.rfc-editor.org/info/rfc6762>.
[RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service
Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013,
<https://www.rfc-editor.org/info/rfc6763>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8766] Cheshire, S., "Discovery Proxy for Multicast DNS-Based
Service Discovery", RFC 8766, DOI 10.17487/RFC8766, June
2020, <https://www.rfc-editor.org/info/rfc8766>.
[I-D.ietf-dnssd-srp]
Lemon, T. and S. Cheshire, "Service Registration Protocol
for DNS-Based Service Discovery", Work in Progress,
Internet-Draft, draft-ietf-dnssd-srp-17, 12 October 2022,
<https://www.ietf.org/archive/id/draft-ietf-dnssd-srp-
17.txt>.
[I-D.ietf-dnssd-advertising-proxy]
Cheshire, S. and T. Lemon, "Advertising Proxy for DNS-SD
Service Registration Protocol", Work in Progress,
Internet-Draft, draft-ietf-dnssd-advertising-proxy-01, 11
July 2022, <https://www.ietf.org/archive/id/draft-ietf-
dnssd-advertising-proxy-01.txt>.
Lemon Expires 14 May 2023 [Page 20]
�
Internet-Draft Automatic Stub Networks November 2022
[I-D.hui-stub-router-ra-flag]
Hui, J., "Stub Router Flag in ICMPv6 Router Advertisement
Messages", Work in Progress, Internet-Draft, draft-hui-
stub-router-ra-flag-00, 7 July 2022,
<https://www.ietf.org/archive/id/draft-hui-stub-router-ra-
flag-00.txt>.
Author's Address
Ted Lemon
Apple Inc.
One Apple Park Way
Cupertino, California 95014
United States of America
Email: mellon@fugue.com
Lemon Expires 14 May 2023 [Page 21]
