--- 1/draft-ietf-6man-addr-select-opt-06.txt 2012-11-14 08:17:02.997341943 +0100 +++ 2/draft-ietf-6man-addr-select-opt-07.txt 2012-11-14 08:17:03.017342397 +0100 @@ -1,20 +1,20 @@ 6man Working Group A. Matsumoto Internet-Draft T. Fujisaki Intended status: Standards Track NTT -Expires: March 25, 2013 T. Chown +Expires: May 18, 2013 T. Chown University of Southampton - September 21, 2012 + November 14, 2012 Distributing Address Selection Policy using DHCPv6 - draft-ietf-6man-addr-select-opt-06.txt + draft-ietf-6man-addr-select-opt-07.txt Abstract RFC 6724 defines default address selection mechanisms for IPv6 that allow nodes to select appropriate address when faced with multiple source and/or destination addresses to choose between. The RFC 6724 allowed for the future definition of methods to administratively configure the address selection policy information. This document defines a new DHCPv6 option for such configuration, allowing a site administrator to distribute address selection policy overriding the @@ -29,21 +29,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on March 25, 2013. + This Internet-Draft will expire on May 18, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -95,23 +95,23 @@ 1.2. Terminology This document uses the terminology defined in [RFC2460] and the DHCPv6 specification defined in [RFC3315] 2. Address Selection options The Address Selection option provides the address selection policy table, and some other configuration parameters. - A address selection option contains zero or more policy table - options. Multiple policy table options in a Policy Table option - constitute a single policy table. + An Address Selection option contains zero or more policy table + options. Multiple Policy Table options in an Address Selection + option constitute a single policy table. The format of the Address Selection option is given below. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_ADDRSEL | option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved |A|P| | +-+-+-+-+-+-+-+-+ POLICY TABLE OPTIONS | @@ -128,29 +128,29 @@ Reserved: Reserved field. Server MUST set this value to zero and client MUST ignore its content. A: Automatic Row Addition flag. This flag toggles the Automatic Row Addition flag at client hosts, which is described in the section 2.1 in RFC 6724 [RFC6724]. If this flag is set to 1, it does not change client host behavior, that is, a client MAY automatically add additional site-specific rows to the policy table. If set to 0, the Automatic Row Addition flag is - disabled, and a client MAY NOT automatically add rows to the + disabled, and a client SHOULD NOT automatically add rows to the policy table. P: Privacy Preference flag. This flag toggles the Privacy Preference flag at client hosts, which is described in the section 5 in RFC 6724 [RFC6724]. If this flag is set to 1, it - does not change client host behavior, that is, a client SHOULD + does not change client host behavior, that is, a client will prefer temporary addresses. If set to 0, the Privacy Preference - flag is disabled, and a client SHOULD prefer public addresses. + flag is disabled, and a client will prefer public addresses. POLICY TABLE OPTIONS: Zero or more Address Selection Policy Table options described below. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_ADDRSEL_TABLE | option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | label | precedence | prefix-len | | @@ -172,70 +172,70 @@ precedence: An 8-bit unsigned integer; this value is used for sorting destination addresses. prefix-len: An 8-bit unsigned integer; the number of leading bits in the prefix that are valid. The value ranges from 0 to 128. prefix: A variable-length field containing an IP address or the prefix of an IP address. An IPv4-mapped address [RFC4291] must be used to represent an IPv4 address as a prefix value. The - prefix should be zero padded up to the next octet boundary. So - the length of this field should be between 0 and 16 bytes. + prefix should be left aligned, big-endian, and zero padded on + the right up to the next octet boundary. So the length of this + field should be between 0 and 16 bytes. 3. Appearance of the Address Selection options - The Address Selection options MUST NOT appear in any messages other - than the following ones: Solicit, Advertise, Request, Renew, Rebind, - Reconfigure, Information-Request, and Reply. + The Address Selection options MUST NOT appear in any DHCPv6 messages + other than the following ones: Solicit, Advertise, Request, Renew, + Rebind, Reconfigure, Information-Request, and Reply. 4. Processing the Policy Table option This section describes how to process received Policy Table option at the DHCPv6 client. This option's concept is to serve as a hint for a node about how to behave in the network. So, basically, it should be up to the node's administrator how to deal with the received policy information in the way described below. 4.1. Handling of the local policy table - RFC 6724 defines the default policy table. Also, a user is usually - able to configure the policy table to satisfy his requirement. + RFC 6724 defines the default policy table. Also, users are usually + able to configure the policy table to satisfy their own requirements. The client implementation SHOULD provide the following choices to the user: - a) It receives distributed policy table, and replaces the existing - policy tables with that. - b) It preserves the default policy table, or manually configured - policy. + a) replace the existing active policy table with the DHCPv6 + distributed policy table. + b) preserve the existing active policy table, whether this be the + default policy table, or user configured policy. 4.2. Handling of the stale policy table When the information from the DHCP server goes stale, the policy - received form the DHCP server should be removed and the default - policy should be restored. + received form the DHCP server should be deprecated. The received information can be considered stale in several cases, such as, when the interface goes down, the DHCP server does not respond for a certain amount of time, and the Information Refresh Time is expired. 4.3. Multi-interface situation The policy table, and other parameters specified in this document are - node-global information by its nature. One of the reason is that the + node-global information by their nature. One reason being that the outbound interface is usually chosen after destination address selection. So, a host cannot make use of multiple address selection - policy even if they are stored per interface. + policies even if they are stored per interface. Even if the received policy from one source is merged with one from another source, the effect of both policy are more or less changed. The policy table is defined as a whole, so the slightest addition/ deletion from the policy table brings a change in semantics of the policy. It also should be noted that absence of the distributed policy from a certain network interface should not be treated as absence of policy itself, because it may mean preference for the default address @@ -261,76 +261,73 @@ address selection policies per interface. They can be used effectively on such implementations that adopt per-application interface selection. 5. Implementation Considerations o The value 'label' is passed as an unsigned integer, but there is no special meaning for the value, that is whether it is a large or small number. It is used to select a preferred source address prefix corresponding to a destination address prefix by matching - the same label value within the DHCP message. DHCPv6 clients need - to convert this label to a representation specified by each - implementation (e.g., string). + the same label value within the DHCP message. DHCPv6 clients + SHOULD convert this label to a representation appropriate for the + local implementation (e.g., string). o Currently, the label and precedence values are defined as 8-bit unsigned integers. In almost all cases, this value will be enough. o The maximum number of address selection rules that may be conveyed in one DHCPv6 message depends on the prefix length of each rule and the maximum DHCPv6 message size defined in RFC 3315. It is possible to carry over 3,000 rules in one DHCPv6 message (maximum UDP message size). However, it should not be expected that DHCP clients, servers and relay agents can handle UDP fragmentation. - So, the number of the options and the total size of the options - should be taken care of. + Network adiministrators SHOULD consider local limitations to the + maximum DHCPv6 message size that can be reliably transported via + their specific local infrastructure to end nodes; and therefore + they SHOULD consider the number of options, the total size of the + options, and the resulting DHCPv6 message size, when defining + their Policy Table. o Since the number of selection rules could be large, an administrator configuring the policy to be distributed should consider the resulting DHCPv6 message size. 6. Security Considerations A rogue DHCPv6 server could issue bogus address selection policies to a client. This might lead to incorrect address selection by the client, and the affected packets might be blocked at an outgoing ISP - because of ingress filtering. Alternatively, an IPv6 transition - mechanism might be preferred over native IPv6, even if it is - available. To guard against such attacks, a legitimate DHCPv6 server - should be communicated through a secure, trusted channel, such as a - channel protected by IPsec, SEND and DHCP authentication, as + because of ingress filtering, incur additional network charges, or be + misdirected to an attacker's machine. Alternatively, an IPv6 + transition mechanism might be preferred over native IPv6, even if it + is available. To guard against such attacks, a legitimate DHCPv6 + server should communicate through a secure, trusted channel, such as + a channel protected by IPsec, SEND and DHCP authentication, as described in section 21 of RFC 3315, Another threat is about privacy concern. As in the security consideration section of RFC 6724, at least a part of, the address selection policy stored in a host can be leaked by a packet from a - remote host. This issue will not be degraded regardless of the - introduction of this option, or regardless of whether the host is - multihomed or not. + remote host. This issue will not be modified by the introduction of + this option, regardless of whether the host is multihomed or not. 7. IANA Considerations - IANA is requested to assign option codes to OPTION_ADDRSEL , - OPTION_ADDRSEL_TABLE, and OPTION_ADDRSEL_ZONE from the option-code - space as defined in section "DHCPv6 Options" of RFC 3315. + IANA is requested to assign option codes to OPTION_ADDRSEL and + OPTION_ADDRSEL_TABLE from the option-code space as defined in section + "DHCPv6 Options" of RFC 3315. 8. References - 8.1. Normative References - [I-D.ietf-6man-stable-privacy-addresses] - Gont, F., "A method for Generating Stable Privacy-Enhanced - Addresses with IPv6 Stateless Address Autoconfiguration - (SLAAC)", draft-ietf-6man-stable-privacy-addresses-00 - (work in progress), May 2012. - [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [RFC3484] Draves, R., "Default Address Selection for Internet Protocol version 6 (IPv6)", RFC 3484, February 2003. @@ -372,22 +369,23 @@ Default Rules", RFC 5220, July 2008. [RFC5221] Matsumoto, A., Fujisaki, T., Hiromi, R., and K. Kanayama, "Requirements for Address Selection Mechanisms", RFC 5221, July 2008. Appendix A. Acknowledgements Authors would like to thank to Dave Thaler, Pekka Savola, Remi Denis- Courmont, Francois-Xavier Le Bail, Ole Troan, Bob Hinden, Dmitry - Anipko, and the members of 6man's address selection design team for - their invaluable contributions to this document. + Anipko, Ray Hunter, Rui Paulo, Brian E Carpenter, Tom Petch, and the + members of 6man's address selection design team for their invaluable + contributions to this document. Appendix B. Past Discussion o The 'zone index' value is used to specify a particular zone for scoped addresses. This can be used effectively to control address selection in the site scope (e.g., to tell a node to use a specified source address corresponding to a site-scoped multicast address). However, in some cases such as a link-local scope address, the value specifying one zone is only meaningful locally within that node. There might be some cases where the