draft-ietf-6man-ra-pref64-04.txt   draft-ietf-6man-ra-pref64-05.txt 
IPv6 Maintenance L. Colitti IPv6 Maintenance L. Colitti
Internet-Draft J. Linkova Internet-Draft J. Linkova
Intended status: Standards Track Google Intended status: Standards Track Google
Expires: February 12, 2020 August 11, 2019 Expires: April 2, 2020 September 30, 2019
Discovering PREF64 in Router Advertisements Discovering PREF64 in Router Advertisements
draft-ietf-6man-ra-pref64-04 draft-ietf-6man-ra-pref64-05
Abstract Abstract
This document specifies a Router Advertisement option to communicate This document specifies a Router Advertisement option to communicate
NAT64 prefixes to clients. NAT64 prefixes to clients.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 31 skipping to change at page 1, line 31
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 12, 2020. This Internet-Draft will expire on April 2, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 12 skipping to change at page 2, line 12
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 2
2. Use cases for communicating the NAT64 prefix to hosts . . . . 3 2. Use cases for communicating the NAT64 prefix to hosts . . . . 3
3. Why include the NAT64 prefix in Router Advertisements . . . . 3 3. Why include the NAT64 prefix in Router Advertisements . . . . 3
4. Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Usage Guidelines . . . . . . . . . . . . . . . . . . . . . . 4
5. Option format . . . . . . . . . . . . . . . . . . . . . . . . 4 5. Option format . . . . . . . . . . . . . . . . . . . . . . . . 5
6. Handling Multiple NAT64 Prefixes . . . . . . . . . . . . . . 6 6. Handling Multiple NAT64 Prefixes . . . . . . . . . . . . . . 6
7. Multihoming . . . . . . . . . . . . . . . . . . . . . . . . . 7 7. PREF64 Consistency . . . . . . . . . . . . . . . . . . . . . 7
8. Pref64 Consistency . . . . . . . . . . . . . . . . . . . . . 8 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 9. Security Considerations . . . . . . . . . . . . . . . . . . . 8
10. Security Considerations . . . . . . . . . . . . . . . . . . . 8 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 11.1. Normative References . . . . . . . . . . . . . . . . . . 8
12.1. Normative References . . . . . . . . . . . . . . . . . . 9 11.2. Informative References . . . . . . . . . . . . . . . . . 9
12.2. Informative References . . . . . . . . . . . . . . . . . 9 11.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 10
12.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction 1. Introduction
NAT64 [RFC6146] with DNS64 [RFC6147] is a widely-deployed mechanism NAT64 [RFC6146] with DNS64 [RFC6147] is a widely-deployed mechanism
to provide IPv4 access on IPv6-only networks. In various scenarios, to provide IPv4 access on IPv6-only networks. In various scenarios,
the host must be aware of the NAT64 prefix in use by the network. the host must be aware of the NAT64 prefix in use by the network.
This document specifies a Router Advertisement [RFC4861] option to This document specifies a Router Advertisement [RFC4861] option to
communicate the NAT64 prefix to hosts. communicate the NAT64 prefix to hosts.
1.1. Requirements Language 1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
1.2. Terminology 1.2. Terminology
Pref64 (or NAT64 prefix): an IPv6 prefix used for IPv6 address PREF64 (or NAT64 prefix): an IPv6 prefix used for IPv6 address
synthesis [RFC6146]; synthesis [RFC6146];
NAT64: Network Address and Protocol Translation from IPv6 Clients to NAT64: Network Address and Protocol Translation from IPv6 Clients to
IPv4 Servers ([RFC6146]); IPv4 Servers [RFC6146];
RA: Router Advertisement, a message used by IPv6 routers to advertise RA: Router Advertisement, a message used by IPv6 routers to advertise
their presence together with various link and Internet parameters their presence together with various link and Internet parameters
([RFC4861]); [RFC4861];
DNS64: a mechanism for synthesizing AAAA records from A records DNS64: a mechanism for synthesizing AAAA records from A records
([RFC6147]); [RFC6147];
2. Use cases for communicating the NAT64 prefix to hosts 2. Use cases for communicating the NAT64 prefix to hosts
On networks employing NAT64, it is useful for hosts to know the NAT64 On networks employing NAT64, it is useful for hosts to know the NAT64
prefix for several reasons, including the following: prefix for several reasons, including the following:
o Local DNSSEC validation. As discussed in [RFC6147] section 2, the o Enabling DNS64 functions on end hosts. In particular:
stub resolver in the host "will try to obtain (real) AAAA RRs, and
in case they are not available, the DNS64 function will synthesize
AAAA RRs for internal usage." This is required in order to use
DNSSEC on a NAT64 network.
o IPv4 address literals on an IPv6-only host. As described in * Local DNSSEC validation (DNS64 in stub-resolver mode). As
[RFC8305] section 7.1, IPv6-only hosts connecting to IPv4 address discussed in [RFC6147] section 2, the stub resolver in the host
literals can resolve the IPv4 literal to an IPv6 address. "will try to obtain (real) AAAA RRs, and in case they are not
available, the DNS64 function will synthesize AAAA RRs for
internal usage." This is required in order to use DNSSEC on a
NAT64 network.
o 464XLAT [RFC6877]. 464XLAT is widely deployed and requires that * Trusted DNS server. AAAA synthesis is required for the host to
the host be aware of the NAT64 prefix. be able to use a DNS server not provided by the network (e.g.,
a DNS-over-TLS server [RFC7858] with which the host has an
existing trust relationship).
o Trusted DNS server. AAAA synthesis is required for the host to be * Networks with no DNS64 server. Hosts that support AAAA
able to use a DNS server not provided by the network (e.g., a DNS- synthesis and that are aware of the NAT64 prefix in use do not
over-TLS server ([RFC7858]) with which the host has an existing need the network to perform the DNS64 function at all.
trust relationship).
o Networks with no DNS64 server. Hosts that support AAAA synthesis o Enabling NAT64 address translation functions on end hosts. For
and that are aware of the NAT64 prefix in use do not need the example:
network to perform the DNS64 function at all.
* IPv4 address literals on an IPv6-only host. As described in
[RFC8305] section 7.1, IPv6-only hosts connecting to IPv4
address literals can translate the IPv4 literal to an IPv6
literal.
* 464XLAT [RFC6877]. 464XLAT requires the host be aware of the
NAT64 prefix.
3. Why include the NAT64 prefix in Router Advertisements 3. Why include the NAT64 prefix in Router Advertisements
Fate sharing: NAT64 requires a routing to be configured. IPv6 Fate sharing: NAT64 requires routing to be configured. IPv6 routing
routing configuration requires receiving an IPv6 Router Advertisement configuration requires receiving an IPv6 Router Advertisement
[RFC4861]. Compared to currently-deployed NAT64 prefix discovery [RFC4861]. Therefore using Router Advertisements to provide hosts
methods such as [RFC7050], including the NAT64 prefix in the Router with NAT64 prefix ensures that NAT64 reachability information shares
fate with the rest of network configuration on the host.
Atomic configuration: including the NAT64 prefix in the Router
Advertisement minimizes the number of packets required to configure a Advertisement minimizes the number of packets required to configure a
host. This speeds up the process of connecting to a network that host. Only one packet (a Router Advertisement) is required to
supports NAT64/DNS64, and simplifies host implementation by removing complete the network configuration. This speeds up the process of
the possibility that the host can have an incomplete layer 3 connecting to a network that supports NAT64/DNS64, and simplifies
configuration (e.g., IPv6 addresses and prefixes, but no NAT64 host implementation by removing the possibility that the host can
prefix). have an incomplete layer 3 configuration (e.g., IPv6 addresses and
prefixes, but no NAT64 prefix).
Updatability: it is possible to change the NAT64 prefix at any time, Updatability: it is possible to change the NAT64 prefix at any time,
because when it changes, it is possible to notify hosts by sending a because when it changes, it is possible to notify hosts by sending a
new Router Advertisement. new Router Advertisement.
Deployability: all IPv6 hosts and networks are required to support Deployability: all IPv6 hosts and networks are required to support
[RFC4861]. Other options such as [RFC7225] require implementing Neighbor Discovery [RFC4861] so just a minor extension to the
other protocols. existing implementation is required. Other options such as [RFC7225]
require implementing other protocols (e.g. PCP [RFC7225]) which
could be considered an obstacle for deplyoment.
4. Semantics 4. Usage Guidelines
To support prefix lengths defined in ([RFC6052]) this option contains To support prefix lengths defined in [RFC6052] this option contains
the prefix length field. However as /96 prefix is considered to be the prefix length field. However as /96 prefix is considered to be
the most common use case, the prefix length field is optional and the most common use case, the prefix length field is optional and
only presents for non-/96 prefixes. It allows to keep the option only presents for non-/96 prefixes. It allows to keep the option
length to a minimum (16 bytes) for the most common case and increase length to a minimum (16 octets) for the most common case and increase
it to 20 bytes for non-/96 prefixes only (see Section 5 below for it to 24 octets for non-/96 prefixes only (see Section 5 below for
more details). more details).
This option specifies exactly one NAT64 prefix for all IPv4 This option specifies exactly one NAT64 prefix for all IPv4
destinations. If the network operator desires to route different destinations. If the network operator desires to route different
parts of the IPv4 address space to different NAT64 devices, this can parts of the IPv4 address space to different NAT64 devices, this can
be accomplished by routing more specifics of the NAT64 prefix to be accomplished by routing more specifics of the NAT64 prefix to
those devices. For example, if the operator would like to route those devices. For example, if the operator would like to route
10.0.0.0/8 through NAT64 device A and the rest of the IPv4 space 10.0.0.0/8 through NAT64 device A and the rest of the IPv4 space
through NAT64 device B, and the operator's NAT64 prefix is through NAT64 device B, and the operator's NAT64 prefix is
2001:db8:a:b::/96, then the operator can route 2001:db8:a:b::/96, then the operator can route
skipping to change at page 4, line 45 skipping to change at page 5, line 5
In a network (or a provisioning domain) that provides both IPv4 and In a network (or a provisioning domain) that provides both IPv4 and
NAT64, it may be desirable for certain IPv4 addresses not to be NAT64, it may be desirable for certain IPv4 addresses not to be
translated. An example might be private address ranges that are translated. An example might be private address ranges that are
local to the network/provisioning domain and should not be reached local to the network/provisioning domain and should not be reached
through the NAT64. This type of configuration cannot be conveyed to through the NAT64. This type of configuration cannot be conveyed to
hosts using this option, or through other NAT64 prefix provisioning hosts using this option, or through other NAT64 prefix provisioning
mechanisms such as [RFC7050] or [RFC7225]. This problem does not mechanisms such as [RFC7050] or [RFC7225]. This problem does not
apply in IPv6-only networks, because in such networks, the host does apply in IPv6-only networks, because in such networks, the host does
not have an IPv4 address and cannot reach any IPv4 destinations not have an IPv4 address and cannot reach any IPv4 destinations
without the NAT64. The multihoming and multiple provisioning domains without the NAT64..
scenarios are discussed in Section 7.
5. Option format 5. Option format
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Lifetime | | Type | Length | Lifetime | PL |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| Highest 96 bits of the Prefix | | Highest 96 bits of the Prefix |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lowest bits (96-127) of the prefix (optional, if Length > 2) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Prefix Length | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: NAT64 Prefix Option Format Figure 1: NAT64 Prefix Option Format
Fields: Fields:
Type 8-bit identifier of the Pref64 option type as assigned by Type 8-bit identifier of the PREF64 option type as assigned by
IANA: TBD IANA: TBD
Length 8-bit unsigned integer. The length of the option (including Length 8-bit unsigned integer. The length of the option (including
the Type and Length fields) is in units of 8 octets. If the the Type and Length fields) is in units of 8 octets. The
prefix length is 96 bits the sender MUST set the Length to 2 sender MUST set the length to 2. The receiver MUST ignore
and include the 96 bits of the prefix in the option. If the the PREF64 option if the length field value is not 2.
prefix length is not 96 bits then the sender MUST set the
length to 3 and include all 128 bits of the prefix in the
Prefix field and set the Prefix Length field to the prefix
length. The receiver MUST ignore the Pref64 option if the
length field value is 1. If the Length field value exceeds
3, the receiver MUST utilize the first 21 octets and ignore
the rest of the option.
Lifetime 16-bit unsigned integer. The maximum time in seconds over Lifetime 13-bit unsigned integer. The maximum time in units of 8
which this NAT64 prefix MAY be used. The value of Lifetime secons over which this NAT64 prefix MAY be used. The value
SHOULD by default be set to lesser of 3 x MaxRtrAdvInterval of Lifetime SHOULD by default be set to the lesser of 3 x
or 65535 seconds. A value of zero means that the prefix MaxRtrAdvInterval divided by 8 or 8192. The reciever MUST
MUST no longer be used. multiply the Lifetime value by 8 to calculate the maximum
time in seconds the prefix MAY be used. Lifetime of 0
indicates that the prefix SHOULD NOT be used anymore. Router
vendors SHOULD allow adminstrators to specify non-zero
lifetime values which are not divisible by 8. In such cases
the router SHOULD round the provided value up to the lesser
of nearest integer divisible by 8 or 65536, divide the
result by 8 and set the Lifetime field to the resulting
value.
PL 3-bit unsigned integer.This field encodes the NAT64 Prefix
(Prefix Length. The PL field values 0,1,2,3,4 and 5 indicate the
Length) NAT64 prefix length of 96,64,56,48,40 and 32 bits
respectively. The reciever MUST ignore the PREF64 option if
the prefix length field is not set to one of those values.
Highest 96-bit unsigned integer. Contains bits 0 - 95 of the NAT64 Highest 96-bit unsigned integer. Contains bits 0 - 95 of the NAT64
96 bits prefix. 96 bits prefix.
of the of the
prefix prefix
Lowest 32-bit unsigned integer. Contains bits 96 - 127 of the NAT64
bits of prefix. This field is optional and presents only if the
the prefix length is not 96 bits.
prefix
Prefix 8-bit unsigned integer. Optional field which present only if
Length the prefix length is not 96 bits. The sender MUST set it
only to one of the following values: 32, 40, 48, 56, 64
([RFC6052]. The receiver MUST ignore the Pref64 option if
the prefix length value is not set to one of those numbers.
Reserved A 3-byte unused field. If present it MUST be initialized to
zero by the sender and MUST be ignored by the receiver. This
field is optional and presents only if the prefix length is
not 96 bits.
6. Handling Multiple NAT64 Prefixes 6. Handling Multiple NAT64 Prefixes
In some cases a host may receive multiple NAT64 prefixes from In some cases a host may receive multiple NAT64 prefixes from
different sources. Possible scenarios include (but are not limited different sources. Possible scenarios include (but are not limited
to): to):
o the host is using multiple mechanisms to discover Pref64 prefixes o the host is using multiple mechanisms to discover PREF64 prefixes
(e.g. by using PCP ([RFC7225]) and/or by resolving IPv4-only fully (e.g. by using PCP [RFC7225]) and/or by resolving IPv4-only fully
qualified domain name ([RFC7050]) in addition to receiving the qualified domain name [RFC7050] in addition to receiving the
Pref64 RA option); PREF64 RA option);
o The pref64 option presents in a single RA more than once; o The pref64 option presents in a single RA more than once;
o the host receives multiple RAs with different Pref64 prefixes on o the host receives multiple RAs with different PREF64 prefixes on
one or multiple interfaces. one or multiple interfaces.
When multiple Pref64 were discovered via RA Pref64 Option (the Option When multiple PREF64 were discovered via RA PREF64 Option (the Option
presents more than once in a single RA or multiple RAs were presents more than once in a single RA or multiple RAs were
received), host behaviour with regards to synthesizing IPv6 addresses received), host behaviour with regards to synthesizing IPv6 addresses
from IPv4 addresses SHOULD follow the recommendations given in from IPv4 addresses SHOULD follow the recommendations given in
Section 3 of [RFC7050], limited to the NAT64 prefixes that have non- Section 3 of [RFC7050], limited to the NAT64 prefixes that have non-
zero lifetime.. zero lifetime..
When different Pref64 are discovered by using multiple mechanisms, When different PREF64 are discovered by using multiple mechanisms,
hosts SHOULD select one source of information only. The RECOMMENDED hosts SHOULD select one source of information only. The RECOMMENDED
order is: order is:
o PCP-discovered prefixes ([RFC7225]), if supported; o PCP-discovered prefixes [RFC7225], if supported;
o Pref64 discovered via RA Option; o PREF64 discovered via RA Option;
o Pref64 resolving IPv4-only fully qualified domain name ([RFC7050]) o PREF64 resolving IPv4-only fully qualified domain name [RFC7050]
Note that if the network provides Pref64 both via this RA option and Note that if the network provides PREF64 both via this RA option and
[RFC7225], hosts that receive the Pref64 via RA option may choose to [RFC7225], hosts that receive the PREF64 via RA option may choose to
use it immediately before waiting for PCP to complete, and therefore use it immediately before waiting for PCP to complete, and therefore
some traffic may not reflect any more detailed configuration provided some traffic may not reflect any more detailed configuration provided
by PCP. by PCP.
7. Multihoming 7. PREF64 Consistency
Like most IPv6 configuration information, the Pref64 option is
specific to the network on which it is received. For example, a
Pref64 option received on a particular wireless network may not be
usable unless the traffic is also sourced on that network.
Similarly, a host connected to a cellular network that provides NAT64
generally cannot use that NAT64 for destinations reached through a
VPN tunnel that terminates outside that network.
Thus, correct use of this option on a multihomed host generally
requires the host to support the concept of multiple Provisioning
Domains (PvD, a set of configuration information associated with a
network, [RFC7556]) and to be able to use these PvDs.
This issue is not specific to the Pref64 RA option and, for example,
is quite typical for DNS resolving on multihomed hosts (e.g. a host
might resolve a destination name by using the corporate DNS server
via the VPN tunnel but then send the traffic via its Internet-facing
interface).
8. Pref64 Consistency
Section 6.2.7 of [RFC4861] recommends that routers inspect RAs sent Section 6.2.7 of [RFC4861] recommends that routers inspect RAs sent
by other routers to ensure that all routers onlink advertise the by other routers to ensure that all routers onlink advertise the
consistent information. Routers SHOULD inspect valid Pref64 options consistent information. Routers SHOULD inspect valid PREF64 options
received on a given link and verify the consistency. Detected received on a given link and verify the consistency. Detected
inconsistencies indicate that one or more routers might be inconsistencies indicate that one or more routers might be
misconfigured. Routers SHOULD log such cases to system or network misconfigured. Routers SHOULD log such cases to system or network
management. Routers SHOULD check and compare the following management. Routers SHOULD check and compare the following
information: information:
o set of Pref64 with non-zero lifetime; o set of PREF64 with non-zero lifetime;
o set of Pref64 with zero lifetime. o set of PREF64 with zero lifetime.
PvD-aware routers MUST only compare information scoped to the same PvD-aware routers MUST only compare information scoped to the same
implicit or explicit PvD. implicit or explicit PvD.
9. IANA Considerations 8. IANA Considerations
The IANA is requested to assign a new IPv6 Neighbor Discovery Option The IANA is requested to assign a new IPv6 Neighbor Discovery Option
type for the PREF64 option defined in this document. type for the PREF64 option defined in this document.
+---------------+-------+ +---------------+-------+
| Option Name | Type | | Option Name | Type |
+---------------+-------+ +---------------+-------+
| PREF64 option | (TBD) | | PREF64 option | (TBD) |
+---------------+-------+ +---------------+-------+
Table 1 Table 1
The IANA registry for these options is: The IANA registry for these options is:
https://www.iana.org/assignments/icmpv6-parameters [1] https://www.iana.org/assignments/icmpv6-parameters [1]
10. Security Considerations 9. Security Considerations
Because Router Advertisements are required in all IPv6 configuration Because Router Advertisements are required in all IPv6 configuration
scenarios, on IPv6-only networks, Router Advertisements must already scenarios, on IPv6-only networks, Router Advertisements must already
be secured, e.g., by deploying RA guard [RFC6105]. Providing all be secured, e.g., by deploying RA guard [RFC6105]. Providing all
configuration in Router Advertisements increases security by ensuring configuration in Router Advertisements increases security by ensuring
that no other protocols can be abused by malicious attackers to that no other protocols can be abused by malicious attackers to
provide hosts with invalid configuration. provide hosts with invalid configuration.
The security measures that must already be in place to ensure that The security measures that must already be in place to ensure that
Router Advertisements are only received from legitimate sources Router Advertisements are only received from legitimate sources
eliminate the problem of NAT64 prefix validation described in section eliminate the problem of NAT64 prefix validation described in section
3.1 of [RFC7050]. 3.1 of [RFC7050].
11. Acknowledgements 10. Acknowledgements
Thanks to the following people (in alphabetical order) for their Thanks to the following people (in alphabetical order) for their
review and feedback: Mikael Abrahamsson, Mark Andrews, Brian E review and feedback: Mikael Abrahamsson, Mark Andrews, Brian E
Carpenter, David Farmer, Nick Heatley, Martin Hunek, Tatuya Jinmei, Carpenter, David Farmer, Nick Heatley, Robert Hinden, Martin Hunek,
Erik Kline, David Lamparter, Jordi Palet Martinez, Tommy Pauly, Tatuya Jinmei, Erik Kline, David Lamparter, Jordi Palet Martinez,
Michael Richardson, David Schinazi. Tommy Pauly, Michael Richardson, David Schinazi, Ole Troan.
12. References 11. References
12.1. Normative References 11.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
DOI 10.17487/RFC4861, September 2007, DOI 10.17487/RFC4861, September 2007,
<https://www.rfc-editor.org/info/rfc4861>. <https://www.rfc-editor.org/info/rfc4861>.
[RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X.
Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052,
DOI 10.17487/RFC6052, October 2010, DOI 10.17487/RFC6052, October 2010,
<https://www.rfc-editor.org/info/rfc6052>. <https://www.rfc-editor.org/info/rfc6052>.
12.2. Informative References [RFC7050] Savolainen, T., Korhonen, J., and D. Wing, "Discovery of
the IPv6 Prefix Used for IPv6 Address Synthesis",
RFC 7050, DOI 10.17487/RFC7050, November 2013,
<https://www.rfc-editor.org/info/rfc7050>.
11.2. Informative References
[I-D.ietf-intarea-provisioning-domains] [I-D.ietf-intarea-provisioning-domains]
Pfister, P., Vyncke, E., Pauly, T., Schinazi, D., and W. Pfister, P., Vyncke, E., Pauly, T., Schinazi, D., and W.
Shao, "Discovering Provisioning Domain Names and Data", Shao, "Discovering Provisioning Domain Names and Data",
draft-ietf-intarea-provisioning-domains-05 (work in draft-ietf-intarea-provisioning-domains-07 (work in
progress), June 2019. progress), September 2019.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements", Rose, "DNS Security Introduction and Requirements",
RFC 4033, DOI 10.17487/RFC4033, March 2005, RFC 4033, DOI 10.17487/RFC4033, March 2005,
<https://www.rfc-editor.org/info/rfc4033>. <https://www.rfc-editor.org/info/rfc4033>.
[RFC6105] Levy-Abegnoli, E., Van de Velde, G., Popoviciu, C., and J. [RFC6105] Levy-Abegnoli, E., Van de Velde, G., Popoviciu, C., and J.
Mohacsi, "IPv6 Router Advertisement Guard", RFC 6105, Mohacsi, "IPv6 Router Advertisement Guard", RFC 6105,
DOI 10.17487/RFC6105, February 2011, DOI 10.17487/RFC6105, February 2011,
<https://www.rfc-editor.org/info/rfc6105>. <https://www.rfc-editor.org/info/rfc6105>.
skipping to change at page 10, line 26 skipping to change at page 9, line 49
Beijnum, "DNS64: DNS Extensions for Network Address Beijnum, "DNS64: DNS Extensions for Network Address
Translation from IPv6 Clients to IPv4 Servers", RFC 6147, Translation from IPv6 Clients to IPv4 Servers", RFC 6147,
DOI 10.17487/RFC6147, April 2011, DOI 10.17487/RFC6147, April 2011,
<https://www.rfc-editor.org/info/rfc6147>. <https://www.rfc-editor.org/info/rfc6147>.
[RFC6877] Mawatari, M., Kawashima, M., and C. Byrne, "464XLAT: [RFC6877] Mawatari, M., Kawashima, M., and C. Byrne, "464XLAT:
Combination of Stateful and Stateless Translation", Combination of Stateful and Stateless Translation",
RFC 6877, DOI 10.17487/RFC6877, April 2013, RFC 6877, DOI 10.17487/RFC6877, April 2013,
<https://www.rfc-editor.org/info/rfc6877>. <https://www.rfc-editor.org/info/rfc6877>.
[RFC7050] Savolainen, T., Korhonen, J., and D. Wing, "Discovery of
the IPv6 Prefix Used for IPv6 Address Synthesis",
RFC 7050, DOI 10.17487/RFC7050, November 2013,
<https://www.rfc-editor.org/info/rfc7050>.
[RFC7225] Boucadair, M., "Discovering NAT64 IPv6 Prefixes Using the [RFC7225] Boucadair, M., "Discovering NAT64 IPv6 Prefixes Using the
Port Control Protocol (PCP)", RFC 7225, Port Control Protocol (PCP)", RFC 7225,
DOI 10.17487/RFC7225, May 2014, DOI 10.17487/RFC7225, May 2014,
<https://www.rfc-editor.org/info/rfc7225>. <https://www.rfc-editor.org/info/rfc7225>.
[RFC7556] Anipko, D., Ed., "Multiple Provisioning Domain [RFC7556] Anipko, D., Ed., "Multiple Provisioning Domain
Architecture", RFC 7556, DOI 10.17487/RFC7556, June 2015, Architecture", RFC 7556, DOI 10.17487/RFC7556, June 2015,
<https://www.rfc-editor.org/info/rfc7556>. <https://www.rfc-editor.org/info/rfc7556>.
[RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., [RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D.,
and P. Hoffman, "Specification for DNS over Transport and P. Hoffman, "Specification for DNS over Transport
Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May
2016, <https://www.rfc-editor.org/info/rfc7858>. 2016, <https://www.rfc-editor.org/info/rfc7858>.
[RFC8305] Schinazi, D. and T. Pauly, "Happy Eyeballs Version 2: [RFC8305] Schinazi, D. and T. Pauly, "Happy Eyeballs Version 2:
Better Connectivity Using Concurrency", RFC 8305, Better Connectivity Using Concurrency", RFC 8305,
DOI 10.17487/RFC8305, December 2017, DOI 10.17487/RFC8305, December 2017,
<https://www.rfc-editor.org/info/rfc8305>. <https://www.rfc-editor.org/info/rfc8305>.
12.3. URIs 11.3. URIs
[1] https://www.iana.org/assignments/icmpv6-parameters [1] https://www.iana.org/assignments/icmpv6-parameters
Authors' Addresses Authors' Addresses
Lorenzo Colitti Lorenzo Colitti
Google Google
Roppongi 6-10-1 Roppongi 6-10-1
Minato, Tokyo 106-6126 Minato, Tokyo 106-6126
JP JP
 End of changes. 50 change blocks. 
144 lines changed or deleted 123 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/