--- 1/draft-ietf-6man-addr-select-opt-01.txt 2012-02-15 13:13:57.978670841 +0100 +++ 2/draft-ietf-6man-addr-select-opt-02.txt 2012-02-15 13:13:57.998704729 +0100 @@ -1,57 +1,54 @@ 6man Working Group A. Matsumoto Internet-Draft T. Fujisaki Intended status: Standards Track J. Kato -Expires: December 30, 2011 NTT +Expires: August 18, 2012 NTT T. Chown University of Southampton - June 28, 2011 + February 15, 2012 Distributing Address Selection Policy using DHCPv6 - draft-ietf-6man-addr-select-opt-01.txt + draft-ietf-6man-addr-select-opt-02.txt Abstract RFC 3484 defines default address selection mechanisms for IPv6 that allow nodes to select appropriate address when faced with multiple - source and/or destination addresses to choose between. The RFC + source and/or destination addresses to choose between. The RFC 3484 allowed for the future definition of methods to administratively configure the address selection policy information. This document defines a new DHCPv6 option for such configuration, allowing a site - administrator to distribute address selection policy, and thus - control the address selection behavior of nodes in their site. While - RFC 3484 is in the process of being updated, with a revised default - policy table, that table may not suit every scenario, and thus the - DHCPv6 option defined in this text may be used to override that - policy where desired. + administrator to distribute address selection policy overriding the + default address selection policy table, and thus control the address + selection behavior of nodes in their site. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on December 30, 2011. + This Internet-Draft will expire on August 18, 2012. Copyright Notice - Copyright (c) 2011 IETF Trust and the persons identified as the + Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as @@ -66,105 +63,80 @@ the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. 1. Introduction RFC 3484 [RFC3484] describes default algorithms for selecting an address when a node has multiple destination and/or source addresses - to choose between by using an address selection policy. In Section 2 - of RFC 3484, it is suggested that the default policy table may be + to choose from by using an address selection policy. In Section 2 of + RFC 3484, it is suggested that the default policy table may be administratively configured to suit the specific needs of a site. - This text defines a new DHCPv6 option for such configuration. + This specification defines a new DHCPv6 option for such + configuration. - Some problems have been identified with the default address selection - policy detailed in RFC 3484 [RFC5220], and as a result the RFC is in - the process of being updated, as per [I-D.ietf-6man-rfc3484-revise]. - While this update provides a better default address selection policy, - it is unlikely that such a default will suit all scenarios, and thus - mechanisms to control the source address selection policy will be - necessary. Requirements for those mechanisms are described in - [RFC5221], while solutions are discussed in - [I-D.ietf-6man-addr-select-sol] and + Some problems have been identified with the default RFC 3484 address + selection policy [RFC5220]. It is unlikely that any default policy + will suit all scenarios, and thus mechanisms to control the source + address selection policy will be necessary. Requirements for those + mechanisms are described in [RFC5221], while solutions are discussed + in [I-D.ietf-6man-addr-select-sol] and [I-D.ietf-6man-addr-select-considerations]. Those documents have - helped shape the improvements in [I-D.ietf-6man-rfc3484-revise] as - well as the DHCPv6 option defined here. + helped shape the improvements in the default address selection + algorithm [I-D.ietf-6man-rfc3484-revise] as well as the DHCPv6 option + defined in this specification. 1.1. Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 1.2. Terminology This document uses the terminology defined in [RFC2460] and the DHCPv6 specification defined in [RFC3315] 2. Address Selection Policy Option The Address Selection Policy Option provides the policy table for - address selection rules as described in RFC 3484 and updated in + address selection rules as described in RFC 3484 and in [I-D.ietf-6man-rfc3484-revise]. Each end node is expected to configure its policy table, as described in RFC 3484, using the Address Selection Policy option information as described in the section below on processing the option. The format of the Address Selection Policy option is given below: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_DASP | option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | label | precedence |z| reserved | prefix-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | zone-index (if present (z = 1)) | - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | - | Prefix (Variable Length) | - | | - | | - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | label | precedence |z| reserved | prefix-len | - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | zone-index (if present (z = 1)) | - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | | - | Prefix (Variable Length) | - | | - | | - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - . . - . . - . . - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | label | precedence |z| reserved | prefix-len | - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | zone-index (if present (z = 1)) | + | Prefix (Variable Length) +-+-+-+-+-+-+-+-+ + | | suboption-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | | - | Prefix (Variable Length) | - | | - | | + | suboption-zone-index (if present (z = 1)) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ [Fig. 1] Fields: option-code: OPTION_DASP (TBD) - option-len: The total length of the label fields, precedence fields, zone-index fields, prefix-len fields, and prefix fields in octets. label: An 8-bit unsigned integer; this value is used to make a combination of source address prefixes and destination address prefixes. precedence: An 8-bit unsigned integer; this value is used for sorting destination addresses. @@ -171,89 +143,104 @@ z bit: 'zone-index' bit. If z bit is set to 1, 32 bit zone-index value is included right after the "prefix-len" field, and "Prefix" value continues after the "zone-index" field. If z bit is 0, "Prefix" value continues right after the "prefix-len" value. reserved: 6-bit reserved field. Initialized to zero by sender, and ignored by receiver. - zone-index: If the z-bit is set to 1, this field is inserted between - "prefix-len" field and "Prefix" field. The zone-index field is - an 32-bit unsigned integer and used to specify zones for scoped - addresses. This bit length is defined in RFC3493 [RFC3493] as - 'scope ID'. + suboption-len: 'suboption-len' specifies the length of the suboption + fields in bytes. Currently, the only defined suboption is zone- + index, described as 'suboption-zone-index'. + + suboption-zone-index: If the z-bit is set to 1, this field is + inserted between "prefix-len" field and "Prefix" field. The + zone-index field is an 32-bit unsigned integer and used to + specify zones for scoped addresses. The zone-index is defined + in RFC 3493 [RFC3493] as 'scope ID'. prefix-len: An 8-bit unsigned integer; the number of leading bits in - the prefix that are valid. The value ranges from 0 to 128. The - Prefix field is 0, 4, 8, 12, or 16 octets, depending on the - length. + the prefix that are valid. The value ranges from 0 to 128. Prefix: A variable-length field containing an IP address or the prefix of an IP address. An IPv4-mapped address [RFC4291] must - be used to represent an IPv4 address as a prefix value. + be used to represent an IPv4 address as a prefix value. The + Prefix should be truncated on the byte boundary. So the length + of this field should be between 0 and 16 bytes. -3. Appearance of this Option + Multiple Address Selection Policy options MAY appear in a DHCPv6 + message. They MUST be treated in the way that they constitute a + single policy table. + +3. Appearance of the Address Selection Policy Option The Address Selection Policy option MUST NOT appear in any messages other than the following ones: Solicit, Advertise, Request, Renew, - Rebind, Information-Request, and Reply. + Rebind, Reconfigure, Information-Request, and Reply. 4. Processing the Address Selection Policy Option This section describes how to process received Address Selection Policy Options at the DHCPv6 client. This option's concept is to serve as a hint for a node about how to behave in the network. So, basically, it should be up to the node's administrator how to make use of or even ignore the received policy information. - However, we need to define the default behavior of the receiving node - in order to reduce operational complexity. - -4.1. Handling the local policy table +4.1. Handling of the local policy table - RFC3484 defines the default policy for the policy table. Also, a - user is usually able to configure the policy table to satisfy his - requirement. + RFC 3484 defines the default policy table. Also, a user is usually + able to configure the policy table to satisfy his requirement. The client node SHOULD provide the following choices: a) It receives distributed policy table, and replaces the existing policy tables with that. b) It preserves the default policy table, or manually configured policy. -4.2. Processing multiple received policy tables +4.2. Handling of the stale policy table - The policy table is node-global information by its nature. So, the - node cannot use multiple received policy tables at the same time. + When the information from the DHCP server goes stale, the policy + received form the DHCP server should be removed and the default + policy should be restored. - It should be noted that adopting a received policy table as the node- - global information can cause security problems, such as DOS attack, - and leak of privacy information. + The received information can be considered stale in several cases, + such as, when the interface goes down, the DHCP server does not + respond for a certain amount of time, and the Information Refresh + Time is expired. - Moreover, it also should be noted that, when a node is single-homed - and has only one upstream line, adopting a received policy table does - not degrade the security level. +4.3. Processing multiple received policy tables + + The policy table is node-global information by its nature. So, the + node cannot use multiple received policy tables at the same time. In + other words, once the received policy from one source is merged with + another source, the policy is more or less changed. The policy table + is defined as a whole, so the slightest addition/deletion from the + policy table brings a change in semantics of the policy. + + It also should be noted that, when a node is single-homed and has + only one upstream line, adopting a received policy table does not + degrade the security level. Under the above assumptions, we specify how to handle multiple received policy tables below. A node MAY use OPTION_DASP in any of the following two cases: - 1: The address selection option is delivered across a secure, trusted - channel. - 2: The address selection option is not secured, but the node is - single-homed. + 1: The address selection option is delivered across the only secure, + trusted channel. + 2: The address selection option delivery is not secured, but the node + is single-homed. In other cases the node MUST NOT use OPTION_DASP unless the node is specifically configured to do so. 5. Implementation Considerations o The value 'label' is passed as an unsigned integer, but there is no special meaning for the value, that is whether it is a large or small number. It is used to select a preferred source address prefix corresponding to a destination address prefix by matching @@ -262,40 +249,47 @@ implementation (e.g., string). o Currently, the label and precedence values are defined as 8-bit unsigned integers. In almost all cases, this value will be enough. o The maximum number of address selection rules that may be conveyed in one DHCPv6 message depends on the prefix length of each rule and the maximum DHCPv6 message size defined in RFC 3315. It is possible to carry over 3,000 rules in one DHCPv6 message (maximum - UDP message size), but the usual number would be much smaller, - e.g. the default policy table defined in RFC 3484 contains 5 - rules. + UDP message size). However, it should not be expected that DHCP + clients, servers and relay agents can handle UDP fragmentation. + So, the number of the options and the total size of the options + should be taken care of. o Since the number of selection rules could be large, an administrator configuring the policy to be distributed should consider the resulting DHCPv6 message size. 6. Security Considerations A rogue DHCPv6 server could issue bogus address selection policies to a client. This might lead to incorrect address selection by the client, and the affected packets might be blocked at an outgoing ISP because of ingress filtering. Alternatively, an IPv6 transition mechanism might be preferred over native IPv6, even if it is - available. + available. To guard against such attacks, a legitimate DHCPv6 server + should be communicated through a secure, trusted channel, such as a + channel protected by IPsec, SEND and DHCP authentication, as + described in section 21 of RFC 3315, - To guard against such attacks, both DCHP clients and servers SHOULD - use DHCP authentication, as described in section 21 of RFC 3315, - "Authentication of DHCP messages." + Another threat is about privacy concern. As in the security + consideration section of RFC 3484, at least a part of, the address + selection policy stored in a host can be leaked by a packet from a + remote host. This issue will not be degraded regardless of the + introduction of this option, or regardless of whether the host is + multihomed or not. 7. IANA Considerations IANA is requested to assign option codes to OPTION_DASP from the option-code space as defined in section "DHCPv6 Options" of RFC 3315. 8. References 8.1. Normative References @@ -305,36 +299,36 @@ [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [RFC3484] Draves, R., "Default Address Selection for Internet Protocol version 6 (IPv6)", RFC 3484, February 2003. 8.2. Informative References [I-D.ietf-6man-addr-select-considerations] - Chown, T., "Considerations for IPv6 Address Selection - Policy Changes", - draft-ietf-6man-addr-select-considerations-03 (work in - progress), March 2011. + Chown, T. and A. Matsumoto, "Considerations for IPv6 + Address Selection Policy Changes", + draft-ietf-6man-addr-select-considerations-04 (work in + progress), October 2011. [I-D.ietf-6man-addr-select-sol] Matsumoto, A., Fujisaki, T., and R. Hiromi, "Solution approaches for address-selection problems", draft-ietf-6man-addr-select-sol-03 (work in progress), March 2010. [I-D.ietf-6man-rfc3484-revise] - Matsumoto, A., Kato, J., and T. Fujisaki, "Update to RFC - 3484 Default Address Selection for IPv6", - draft-ietf-6man-rfc3484-revise-03 (work in progress), - June 2011. + Matsumoto, A., Kato, J., Fujisaki, T., and T. Chown, + "Update to RFC 3484 Default Address Selection for IPv6", + draft-ietf-6man-rfc3484-revise-05 (work in progress), + October 2011. [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. [RFC3493] Gilligan, R., Thomson, S., Bound, J., McCann, J., and W. Stevens, "Basic Socket Interface Extensions for IPv6", RFC 3493, February 2003. [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006.