| draft-ietf-6man-addr-select-opt-09.txt | draft-ietf-6man-addr-select-opt-10.txt | |||
|---|---|---|---|---|
| 6man Working Group A.M. Matsumoto | 6man Working Group A.M. Matsumoto | |||
| Internet-Draft T.F. Fujisaki | Internet-Draft T.F. Fujisaki | |||
| Intended status: Standards Track NTT | Intended status: Standards Track NTT | |||
| Expires: October 27, 2013 T.C. Chown | Expires: November 01, 2013 T.C. Chown | |||
| University of Southampton | University of Southampton | |||
| April 25, 2013 | April 30, 2013 | |||
| Distributing Address Selection Policy using DHCPv6 | Distributing Address Selection Policy using DHCPv6 | |||
| draft-ietf-6man-addr-select-opt-09.txt | draft-ietf-6man-addr-select-opt-10.txt | |||
| Abstract | Abstract | |||
| RFC 6724 defines default address selection mechanisms for IPv6 that | RFC 6724 defines default address selection mechanisms for IPv6 that | |||
| allow nodes to select an appropriate address when faced with multiple | allow nodes to select an appropriate address when faced with multiple | |||
| source and/or destination addresses to choose between. The RFC 6724 | source and/or destination addresses to choose between. The RFC 6724 | |||
| allowed for the future definition of methods to administratively | allowed for the future definition of methods to administratively | |||
| configure the address selection policy information. This document | configure the address selection policy information. This document | |||
| defines a new DHCPv6 option for such configuration, allowing a site | defines a new DHCPv6 option for such configuration, allowing a site | |||
| administrator to distribute address selection policy overriding the | administrator to distribute address selection policy overriding the | |||
| skipping to change at page 1, line 40 | skipping to change at page 1, line 40 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on October 27, 2013. | This Internet-Draft will expire on November 01, 2013. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2013 IETF Trust and the persons identified as the | Copyright (c) 2013 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 38 | skipping to change at page 2, line 38 | |||
| RFC 6724, it is suggested that the default policy table may be | RFC 6724, it is suggested that the default policy table may be | |||
| administratively configured to suit the specific needs of a site. | administratively configured to suit the specific needs of a site. | |||
| This specification defines a new DHCPv6 option for such | This specification defines a new DHCPv6 option for such | |||
| configuration. | configuration. | |||
| Some problems have been identified with the default RFC 3484 address | Some problems have been identified with the default RFC 3484 address | |||
| selection policy [RFC5220]. It is unlikely that any default policy | selection policy [RFC5220]. It is unlikely that any default policy | |||
| will suit all scenarios, and thus mechanisms to control the source | will suit all scenarios, and thus mechanisms to control the source | |||
| address selection policy will be necessary. Requirements for those | address selection policy will be necessary. Requirements for those | |||
| mechanisms are described in [RFC5221], while solutions are discussed | mechanisms are described in [RFC5221], while solutions are discussed | |||
| in [I-D.ietf-6man-addr-select-sol] and | in [I-D.ietf-6man-addr-select-considerations]. Those documents have | |||
| [I-D.ietf-6man-addr-select-considerations]. Those documents have | ||||
| helped shape the improvements in the default address selection | helped shape the improvements in the default address selection | |||
| algorithm [RFC6724] as well as the DHCPv6 option defined in this | algorithm [RFC6724] as well as the DHCPv6 option defined in this | |||
| specification. | specification. | |||
| 1.1. Conventions Used in This Document | 1.1. Conventions Used in This Document | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| skipping to change at page 3, line 14 | skipping to change at page 3, line 14 | |||
| This document uses the terminology defined in [RFC2460] and the | This document uses the terminology defined in [RFC2460] and the | |||
| DHCPv6 specification defined in [RFC3315] | DHCPv6 specification defined in [RFC3315] | |||
| 2. Address Selection options | 2. Address Selection options | |||
| The Address Selection option provides the address selection policy | The Address Selection option provides the address selection policy | |||
| table, and some other configuration parameters. | table, and some other configuration parameters. | |||
| An Address Selection option contains zero or more policy table | An Address Selection option contains zero or more policy table | |||
| options. Multiple Policy Table options in an Address Selection | options. Multiple Policy Table options in an Address Selection | |||
| option constitute a single policy table. | option constitute a single policy table. When it does not contain | |||
| policy table option, it is used to convey the A and P flags. | ||||
| The format of the Address Selection option is given below. | The format of the Address Selection option is given below. | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | OPTION_ADDRSEL | option-len | | | OPTION_ADDRSEL | option-len | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Reserved |A|P| | | | Reserved |A|P| | | |||
| +-+-+-+-+-+-+-+-+ POLICY TABLE OPTIONS | | +-+-+-+-+-+-+-+-+ POLICY TABLE OPTIONS | | |||
| skipping to change at page 4, line 13 | skipping to change at page 4, line 22 | |||
| policy table. | policy table. | |||
| P: Privacy Preference flag. This flag toggles the Privacy | P: Privacy Preference flag. This flag toggles the Privacy | |||
| Preference flag at client hosts, which is described in the | Preference flag at client hosts, which is described in the | |||
| section 5 in RFC 6724 [RFC6724]. If this flag is set to 1, it | section 5 in RFC 6724 [RFC6724]. If this flag is set to 1, it | |||
| does not change client host behavior, that is, a client will | does not change client host behavior, that is, a client will | |||
| prefer temporary addresses. If set to 0, the Privacy Preference | prefer temporary addresses. If set to 0, the Privacy Preference | |||
| flag is disabled, and a client will prefer public addresses. | flag is disabled, and a client will prefer public addresses. | |||
| POLICY TABLE OPTIONS: Zero or more Address Selection Policy Table | POLICY TABLE OPTIONS: Zero or more Address Selection Policy Table | |||
| options described below. | options described below. This option corresponds to a row in | |||
| the policy table defined in the section 2.1 in RFC 6724 | ||||
| [RFC6724]. | ||||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | OPTION_ADDRSEL_TABLE | option-len | | | OPTION_ADDRSEL_TABLE | option-len | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | label | precedence | prefix-len | | | | label | precedence | prefix-len | | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | |||
| | | | | | | |||
| | prefix (variable length) | | | prefix (variable length) | | |||
| skipping to change at page 4, line 35 | skipping to change at page 5, line 6 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Figure 2: Address Selection Policy Table option format | Figure 2: Address Selection Policy Table option format | |||
| option-code: OPTION_ADDRSEL_TABLE (TBD). | option-code: OPTION_ADDRSEL_TABLE (TBD). | |||
| option-len: The total length of the label field, precedence field, | option-len: The total length of the label field, precedence field, | |||
| prefix-len field, and prefix field. | prefix-len field, and prefix field. | |||
| label: An 8-bit unsigned integer; this value is for correlation of | label: An 8-bit unsigned integer; this value is for correlation of | |||
| source address prefixes and destination address prefixes. | source address prefixes and destination address prefixes. This | |||
| field is used to deliver a label value in RFC 6724 policy table. | ||||
| precedence: An 8-bit unsigned integer; this value is used for | precedence: An 8-bit unsigned integer; this value is used for | |||
| sorting destination addresses. | sorting destination addresses. This field is used to to deliver | |||
| a precedence value in RFC 6724 policy table. | ||||
| prefix-len: An 8-bit unsigned integer; the number of leading bits in | prefix-len: An 8-bit unsigned integer; the number of leading bits in | |||
| the prefix that are valid. The value ranges from 0 to 128. | the prefix that are valid. The value ranges from 0 to 128. | |||
| prefix: A variable-length field containing an IP address or the | prefix: A variable-length field containing an IP address or the | |||
| prefix of an IP address. An IPv4-mapped address [RFC4291] must | prefix of an IP address. An IPv4-mapped address [RFC4291] must | |||
| be used to represent an IPv4 address as a prefix value. This | be used to represent an IPv4 address as a prefix value. This | |||
| field is padded with zeros up to the nearest octet boundary when | field is padded with zeros up to the nearest octet boundary when | |||
| prefix6-len is not divisible by 8. This can be expressed using | prefix6-len is not divisible by 8. This can be expressed using | |||
| the following equation: (prefix-len+7)/8 So the length of this | the following equation: (prefix-len+7)/8 So the length of this | |||
| skipping to change at page 5, line 22 | skipping to change at page 5, line 33 | |||
| 2001:db8::/60 would be encoded with an prefix-len of 60, the | 2001:db8::/60 would be encoded with an prefix-len of 60, the | |||
| prefix would be 8 octets and would contains octets 20 01 0d b8 | prefix would be 8 octets and would contains octets 20 01 0d b8 | |||
| 00 00 00 00. | 00 00 00 00. | |||
| 3. Processing the Policy Table option | 3. Processing the Policy Table option | |||
| This section describes how to process received Policy Table option at | This section describes how to process received Policy Table option at | |||
| the DHCPv6 client. | the DHCPv6 client. | |||
| This option's concept is to serve as a hint for a node about how to | This option's concept is to serve as a hint for a node about how to | |||
| behave in the network. So, basically, it should be up to the node's | behave in the network. Ultimately, it can be controlled by the | |||
| administrator how to deal with the received policy information in the | node's administrator how to deal with the received policy | |||
| way described below. | information, but the implementation SHOULD follow the way described | |||
| below uniformly to ease diagnose brokenness and to reduce operational | ||||
| costs. | ||||
| 3.1. Handling of the local policy table | 3.1. Handling of the local policy table | |||
| RFC 6724 defines the default policy table. Also, users are usually | RFC 6724 defines the default policy table. Also, users are usually | |||
| able to configure the policy table to satisfy their own requirements. | able to configure the policy table to satisfy their own requirements. | |||
| The client implementation SHOULD provide the following choices to the | The client implementation SHOULD provide the following choices to the | |||
| user: | user. The choice a SHOULD be default, as far as the policy table is | |||
| not configured by the user. | ||||
| a) replace the existing active policy table with the DHCPv6 | a) replace the existing active policy table with the DHCPv6 | |||
| distributed policy table. | distributed policy table. | |||
| b) preserve the existing active policy table, whether this be the | b) preserve the existing active policy table, whether this be the | |||
| default policy table, or user configured policy. | default policy table, or user configured policy. | |||
| 3.2. Handling of the stale policy table | 3.2. Handling of the stale policy table | |||
| When the information from the DHCP server goes stale, the policy | When the information from the DHCP server goes stale, the policy | |||
| received form the DHCP server should be deprecated. | received form the DHCP server SHOULD be deprecated. | |||
| The received information can be considered stale in several cases, | The received information can be considered stale in several cases, | |||
| such as, when the interface goes down, the DHCP server does not | such as, when the interface goes down, the DHCP server does not | |||
| respond for a certain amount of time, and the Information Refresh | respond for a certain amount of time, and the Information Refresh | |||
| Time is expired. | Time is expired. | |||
| 3.3. Multi-interface situation | 3.3. Multi-interface situation | |||
| The policy table, and other parameters specified in this document are | The policy table, and other parameters specified in this document are | |||
| node-global information by their nature. One reason being that the | node-global information by their nature. One reason being that the | |||
| outbound interface is usually chosen after destination address | outbound interface is usually chosen after destination address | |||
| selection. So, a host cannot make use of multiple address selection | selection. So, a host cannot make use of multiple address selection | |||
| policies even if they are stored per interface. | policies even if they are stored per interface. | |||
| Even if the received policy from one source is merged with one from | Even if the received policy from one source is merged with one from | |||
| another source, the effect of both policy are more or less changed. | another source, the effect of both policy are more or less changed. | |||
| The policy table is defined as a whole, so the slightest addition/ | The policy table is defined as a whole, so the slightest addition/ | |||
| deletion from the policy table brings a change in semantics of the | deletion from the policy table brings a change in semantics of the | |||
| skipping to change at page 6, line 24 | skipping to change at page 6, line 43 | |||
| policy. | policy. | |||
| It also should be noted that absence of the distributed policy from a | It also should be noted that absence of the distributed policy from a | |||
| certain network interface should not be treated as absence of policy | certain network interface should not be treated as absence of policy | |||
| itself, because it may mean preference for the default address | itself, because it may mean preference for the default address | |||
| selection policy. | selection policy. | |||
| Under the above assumptions, how to handle received policy is | Under the above assumptions, how to handle received policy is | |||
| specified below. | specified below. | |||
| A node MAY use Address Selection options by default in any of the | A node SHOULD use Address Selection options by default in any of the | |||
| following two cases: | following two cases: | |||
| 1: The host is single-homed, where the host belongs to one | 1: The host is single-homed, where the host belongs to one | |||
| administrative network domain exclusively usually through one | administrative network domain exclusively usually through one | |||
| active network interface. | active network interface. | |||
| 2: The host implements some advanced heuristics to deal with multiple | 2: The host implements some advanced heuristics to deal with multiple | |||
| received policy, which is outside the scope of this document. | received policy, which is outside the scope of this document. | |||
| The above restrictions do not preclude implementations from providing | The above restrictions do not preclude implementations from providing | |||
| skipping to change at page 7, line 44 | skipping to change at page 8, line 17 | |||
| Another threat is about privacy concern. As in the security | Another threat is about privacy concern. As in the security | |||
| consideration section of RFC 6724, at least a part of, the address | consideration section of RFC 6724, at least a part of, the address | |||
| selection policy stored in a host can be leaked by a packet from a | selection policy stored in a host can be leaked by a packet from a | |||
| remote host. This issue will not be modified by the introduction of | remote host. This issue will not be modified by the introduction of | |||
| this option, regardless of whether the host is multihomed or not. | this option, regardless of whether the host is multihomed or not. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| IANA is requested to assign option codes to OPTION_ADDRSEL and | IANA is requested to assign option codes to OPTION_ADDRSEL and | |||
| OPTION_ADDRSEL_TABLE from the option-code space as defined in section | OPTION_ADDRSEL_TABLE from the "DHCP Option Codes" registry (http:// | |||
| "DHCPv6 Options" of RFC 3315. | www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xml). | |||
| 7. References | 7. References | |||
| 7.1. Normative References | 7.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., | [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., | |||
| and M. Carney, "Dynamic Host Configuration Protocol for | and M. Carney, "Dynamic Host Configuration Protocol for | |||
| skipping to change at page 8, line 26 | skipping to change at page 8, line 45 | |||
| "Default Address Selection for Internet Protocol Version 6 | "Default Address Selection for Internet Protocol Version 6 | |||
| (IPv6)", RFC 6724, September 2012. | (IPv6)", RFC 6724, September 2012. | |||
| 7.2. Informative References | 7.2. Informative References | |||
| [I-D.ietf-6man-addr-select-considerations] | [I-D.ietf-6man-addr-select-considerations] | |||
| Chown, T. and A. Matsumoto, "Considerations for IPv6 | Chown, T. and A. Matsumoto, "Considerations for IPv6 | |||
| Address Selection Policy Changes", draft-ietf-6man-addr- | Address Selection Policy Changes", draft-ietf-6man-addr- | |||
| select-considerations-05 (work in progress), April 2013. | select-considerations-05 (work in progress), April 2013. | |||
| [I-D.ietf-6man-addr-select-sol] | ||||
| Matsumoto, A., Fujisaki, T., and R. Hiromi, "Solution | ||||
| approaches for address-selection problems", draft-ietf- | ||||
| 6man-addr-select-sol-03 (work in progress), March 2010. | ||||
| [RFC2460] Deering, S.E. and R.M. Hinden, "Internet Protocol, Version | [RFC2460] Deering, S.E. and R.M. Hinden, "Internet Protocol, Version | |||
| 6 (IPv6) Specification", RFC 2460, December 1998. | 6 (IPv6) Specification", RFC 2460, December 1998. | |||
| [RFC3493] Gilligan, R., Thomson, S., Bound, J., McCann, J., and W. | [RFC3493] Gilligan, R., Thomson, S., Bound, J., McCann, J., and W. | |||
| Stevens, "Basic Socket Interface Extensions for IPv6", RFC | Stevens, "Basic Socket Interface Extensions for IPv6", RFC | |||
| 3493, February 2003. | 3493, February 2003. | |||
| [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing | [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing | |||
| Architecture", RFC 4291, February 2006. | Architecture", RFC 4291, February 2006. | |||
| skipping to change at page 9, line 13 | skipping to change at page 9, line 29 | |||
| July 2008. | July 2008. | |||
| Appendix A. Acknowledgements | Appendix A. Acknowledgements | |||
| Authors would like to thank to Dave Thaler, Pekka Savola, Remi Denis- | Authors would like to thank to Dave Thaler, Pekka Savola, Remi Denis- | |||
| Courmont, Francois-Xavier Le Bail, Ole Troan, Bob Hinden, Dmitry | Courmont, Francois-Xavier Le Bail, Ole Troan, Bob Hinden, Dmitry | |||
| Anipko, Ray Hunter, Rui Paulo, Brian E Carpenter, Tom Petch, and the | Anipko, Ray Hunter, Rui Paulo, Brian E Carpenter, Tom Petch, and the | |||
| members of 6man's address selection design team for their invaluable | members of 6man's address selection design team for their invaluable | |||
| contributions to this document. | contributions to this document. | |||
| Appendix B. Past Discussion | ||||
| o The 'zone index' value is used to specify a particular zone for | ||||
| scoped addresses. This can be used effectively to control address | ||||
| selection in the site scope (e.g., to tell a node to use a | ||||
| specified source address corresponding to a site-scoped multicast | ||||
| address). However, in some cases such as a link-local scope | ||||
| address, the value specifying one zone is only meaningful locally | ||||
| within that node. There might be some cases where the | ||||
| administrator knows which clients are on the network and wants | ||||
| specific interfaces to be used though. However, in general case, | ||||
| it is really rare case, and the field was removed. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Arifumi Matsumoto | Arifumi Matsumoto | |||
| NTT NT Lab | NTT NT Lab | |||
| 3-9-11 Midori-Cho | 3-9-11 Midori-Cho | |||
| Musashino-shi, Tokyo 180-8585 | Musashino-shi, Tokyo 180-8585 | |||
| Japan | Japan | |||
| Phone: +81 422 59 3334 | Phone: +81 422 59 3334 | |||
| Email: arifumi@nttv6.net | Email: arifumi@nttv6.net | |||
| End of changes. 17 change blocks. | ||||
| 36 lines changed or deleted | 26 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||