--- 1/draft-ietf-6man-text-addr-representation-04.txt 2010-02-17 05:10:42.000000000 +0100 +++ 2/draft-ietf-6man-text-addr-representation-05.txt 2010-02-17 05:10:42.000000000 +0100 @@ -1,19 +1,19 @@ IPv6 Maintenance Working Group S. Kawamura Internet-Draft NEC BIGLOBE, Ltd. -Intended status: Standards Track M. Kawashima -Expires: July 18, 2010 NEC AccessTechnica, Ltd. - January 14, 2010 +Updates: 4291 (if approved) M. Kawashima +Intended status: Standards Track NEC AccessTechnica, Ltd. +Expires: August 21, 2010 February 17, 2010 A Recommendation for IPv6 Address Text Representation - draft-ietf-6man-text-addr-representation-04 + draft-ietf-6man-text-addr-representation-05 Abstract As IPv6 network grows, there will be more engineers and also non- engineers who will have the need to use an IPv6 address in text. While the IPv6 address architecture RFC 4291 section 2.2 depicts a flexible model for text representation of an IPv6 address, this flexibility has been causing problems for operators, system engineers, and users. This document will describe the problems that a flexible text representation has been causing. This document also @@ -37,21 +37,21 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on July 18, 2010. + This Internet-Draft will expire on August 21, 2010. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -92,28 +92,27 @@ 3.4.3. Legibility . . . . . . . . . . . . . . . . . . . . . . 9 4. A Recommendation for IPv6 Text Representation . . . . . . . . 9 4.1. Handling Leading Zeros in a 16 Bit Field . . . . . . . . . 10 4.2. "::" Usage . . . . . . . . . . . . . . . . . . . . . . . . 10 4.2.1. Shorten As Much As Possible . . . . . . . . . . . . . 10 4.2.2. Handling One 16 Bit 0 Field . . . . . . . . . . . . . 10 4.2.3. Choice in Placement of "::" . . . . . . . . . . . . . 10 4.3. Lower Case . . . . . . . . . . . . . . . . . . . . . . . . 10 5. Text Representation of Special Addresses . . . . . . . . . . . 10 6. Notes on Combining IPv6 Addresses with Port Numbers . . . . . 11 - 7. Prefix Representation . . . . . . . . . . . . . . . . . . . . 11 - 8. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 12 - 9. Security Considerations . . . . . . . . . . . . . . . . . . . 12 - 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 - 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12 - 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 - 12.1. Normative References . . . . . . . . . . . . . . . . . . . 13 - 12.2. Informative References . . . . . . . . . . . . . . . . . . 13 + 7. Prefix Representation . . . . . . . . . . . . . . . . . . . . 12 + 8. Security Considerations . . . . . . . . . . . . . . . . . . . 12 + 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 + 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 12 + 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 + 11.1. Normative References . . . . . . . . . . . . . . . . . . . 12 + 11.2. Informative References . . . . . . . . . . . . . . . . . . 13 Appendix A. For Developers . . . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 1. Introduction A single IPv6 address can be text represented in many ways. Examples are shown below. 2001:db8:0:0:1:0:0:1 @@ -124,21 +123,21 @@ 2001:db8::0:1:0:0:1 2001:0db8::1:0:0:1 2001:db8:0:0:1::1 2001:db8:0000:0:1::1 2001:DB8:0:0:1::1 - All the above point to the same IPv6 address. This flexibility has + All the above represent the same IPv6 address. This flexibility has caused many problems for operators, systems engineers, and customers. The problems will be noted in Section 3. Also, a canonical representation format to avoid problems will be introduced in Section 4. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. @@ -171,21 +170,21 @@ 'A special syntax is available to compress the zeros. The use of "::" indicates one or more groups of 16 bits of zeros.' It is possible to select whether or not to omit just one 16 bits of zeros. 2001:db8:aaaa:bbbb:cccc:dddd::1 2001:db8:aaaa:bbbb:cccc:dddd:0:1 - In case where there are more than one zero fields, there is a choice + In case where there is more than one zero fields, there is a choice of how many fields can be shortened. Examples follow. 2001:db8:0:0:0::1 2001:db8:0:0::1 2001:db8:0::1 2001:db8::1 @@ -253,43 +252,41 @@ would think that their input was wrong, and will likely retry several times or make a frustrated call to the database hostmaster. If there was a need to register the same address on different systems, and each system showed a different text representation, this would confuse people even more. Although this document focuses on addresses rather than prefixes, this is worth mentioning since problems encountered are mostly equal. 3.1.4. Searching for an Address in a Network Diagram - Network diagrams and blue-prints contain IP addresses as allocated to - system devices. In times of trouble shooting, there may be a need to - search through a diagram to find the point of failure (for example, - if a traceroute stopped at 2001:db8::1, one would search the diagram - for that address). This is a technique quite often in use in - enterprise networks and managed services. Again, the different - flavors of text representation will result in a time-consuming - search, leading to longer MTTR in times of trouble. + Network diagrams and blue-prints often show what IP addresses are + assigned to a system devices. In times of trouble shooting, there + may be a need to search through a diagram to find the point of + failure (for example, if a traceroute stopped at 2001:db8::1, one + would search the diagram for that address). This is a technique + quite often in use in enterprise networks and managed services. + Again, the different flavors of text representation will result in a + time-consuming search, leading to longer MTTR in times of trouble. 3.2. Parsing and Modifying 3.2.1. General Summary With all the possible text representation ways, each application must include a module, object, link, etc. to a function that will parse IPv6 addresses in a manner that no matter how it is represented, they - will mean the same address. This is not too much a problem if the - output is to be just 'read' or 'managed' by a network engineer. - However, many system engineers who integrate complex computer systems - to corporate customers will have difficulties finding that their - favorite tool will not have this function, or will encounter - difficulties such as having to rewrite their macro's or scripts for - their customers. + will mean the same address. Many system engineers who integrate + complex computer systems to corporate customers will have + difficulties finding that their favorite tool will not have this + function, or will encounter difficulties such as having to rewrite + their macro's or scripts for their customers. 3.2.2. Logging If an application were to output a log summary that represented the address in full (such as 2001:0db8:0000:0000:1111:2222:3333:4444), the output would be highly unreadable compared to the IPv4 output. The address would have to be parsed and reformed to make it useful for human reading. Sometimes, logging for critical systems is done by mirroring the same traffic to two different systems. Care must be taken that no matter what the log output is, the logs should be @@ -295,26 +292,27 @@ taken that no matter what the log output is, the logs should be parsed so they will mean the same. 3.2.3. Auditing: Case 1 When a router or any other network appliance machine configuration is audited, there are many methods to compare the configuration information of a node. Sometimes, auditing will be done by just comparing the changes made each day. In this case, if configuration was done such that 2001:db8::1 was changed to 2001:0db8:0000:0000: + 0000:0000:0000:0001 just because the new engineer on the block felt - it was better, a simple diff will tell you that a different address - was configured. If this was done on a wide scale network, people - will be focusing on 'why the extra zeros were put in' instead of - doing any real auditing. Lots of tools are just plain 'diff's that - do not take into account address representation rules. + it was better, a simple diff will show that a different address was + configured. If this was done on a wide scale network, people will be + focusing on 'why the extra zeros were put in' instead of doing any + real auditing. Lots of tools are just plain 'diff's that do not take + into account address representation rules. 3.2.4. Auditing: Case 2 Node configurations will be matched against an information system that manages IP addresses. If output notation is different, there will need to be a script that is implemented to cover for this. The result of an SNMP GET operation, converted to text and compared to a textual address written by a human is highly unlikely to match on first try. @@ -389,77 +387,85 @@ Capital case D and 0 can be quite often misread. Capital B and 8 can also be misread. 4. A Recommendation for IPv6 Text Representation A recommendation for a canonical text representation format of IPv6 addresses is presented in this section. The recommendation in this document is one that, complies fully with [RFC4291], is implemented by various operating systems, and is human friendly. The - recommendation in this document SHOULD be followed by systems when + recommendation in this section SHOULD be followed by systems when generating an address to represent as text, but all implementations - MUST accept any legitimate [RFC4291] format. It is advised that - humans also follow these recommendations when spelling an address. + MUST accept and be able to handle any legitimate [RFC4291] format. + It is advised that humans also follow these recommendations when + spelling an address. 4.1. Handling Leading Zeros in a 16 Bit Field - Leading zeros should be chopped for human legibility and easier - searching. Also, a single 16 bit 0000 field should be represented as - just 0. + Leading zeros MUST be suppressed. For example 2001:0db8::0001 is not + acceptable and must be represented as 2001:db8::1. A single 16 bit + 0000 field MUST be represented as 0. 4.2. "::" Usage 4.2.1. Shorten As Much As Possible - The use of "::" should be used to its maximum capability (i.e. 2001: - db8::0:1 is not considered as clean representation). + The use of symbol "::" MUST be used to its maximum capability. For + example, 2001:db8::0:1 is not acceptable, because the symbol "::" + could have been used to produce a shorter representation 2001:db8::1. 4.2.2. Handling One 16 Bit 0 Field - "::" should not be used to shorten just one 16 bit 0 field for it - would tend to mislead that there are more than one 16 bit field that - is shortened. + The symbol "::" MUST NOT be used to shorten just one 16 bit 0 field. + For example, the representation 2001:db8:0:1:1:1:1:1 is correct, but + 2001:db8::1:1:1:1:1 is not correct. 4.2.3. Choice in Placement of "::" When there is an alternative choice in the placement of a "::", the - longest run of consecutive 16 bit 0 fields should be shortened (i.e. - latter is shortened in 2001:0:0:1:0:0:0:1). When the length of the - consecutive 16 bit 0 fields are equal (i.e. 2001:db8:0:0:1:0:0:1), - the former is shortened. This is consistent with many current - implementations. One idea to avoid any confusion, is for the - operator to not use 16 bit field 0 in the first 64 bits. By nature - IPv6 addresses are usually assigned or allocated to end-users from a - prefix of 32 bits or longer (typically 48 bits or longer). + longest run of consecutive 16 bit 0 fields MUST be shortened (i.e. + the sequence with three consecutive zero fields is shortened in 2001: + 0:0:1:0:0:0:1). When the length of the consecutive 16 bit 0 fields + are equal (i.e. 2001:db8:0:0:1:0:0:1), the first sequence of zero + bits MUST be shortened. For example 2001:db8::1:0:0:1 is correct + representation. 4.3. Lower Case - Recent implementations tend to represent IPv6 address as lower case. - It is better to use lower case to avoid problems such as described in - section 3.3.3 and 3.4.3. + The characters "a", "b", "c", "d", "e", "f" in an IPv6 address MUST + be represented in lower case. 5. Text Representation of Special Addresses Addresses such as IPv4-Mapped IPv6 addresses, ISATAP [RFC5214], and IPv4-translatable addresses [I-D.ietf-behave-address-format] have IPv4 addresses embedded in the low-order 32 bits of the address. These addresses have special representation that may mix hexadecimal and dot decimal notations. The decimal notation may be used only for the last 32 bits of the address. For these addresses, mixed notation - is recommended if the following condition is met: The address can be + is RECOMMENDED if the following condition is met: The address can be distinguished as having IPv4 addresses embedded in the lower 32 bits solely from the address field through the use of a well known prefix. - If it is known by some external method that a given prefix includes - an IPv4 address, it MAY be represented as mixed notation. Tools that - provide options to specify prefixes that is (or is not) to be - represented as mixed notation may be useful. + Such prefixes are defined in [RFC4291] and [RFC5214] at the time of + writing. If it is known by some external method that a given prefix + includes an IPv4 address, it MAY be represented as mixed notation. + Tools that provide options to specify prefixes that is (or is not) to + be represented as mixed notation may be useful. + + There is a trade-off here where a recommendation to achieve exact + match in a search (no dot decimals whatsoever) and recommendation to + help the readability of an addresses (dot decimal whenever possible) + does not result in the same solution. The above recommendation is + aimed at fixing the representation as much as possible while leaving + the opportunity for future well known prefixes to be represented in a + human friendly manner as tools adjust to newly assigned prefixes. The text representation method noted in Section 4 should be applied for the leading hexadecimal part (i.e. ::ffff:192.0.2.1 instead of 0:0:0:0:0:ffff:192.0.2.1). 6. Notes on Combining IPv6 Addresses with Port Numbers When IPv6 addresses and port numbers are represented in text combined together, there are many different ways to do so. Examples are shown below. @@ -471,90 +477,73 @@ o 2001:db8::1.80 o 2001:db8::1 port 80 o 2001:db8::1p80 o 2001:db8::1#80 The situation is not much different in IPv4, but the most ambiguous case with IPv6 is the second bullet. This is due to the "::"usage in - IPv6 addresses. This style is not recommended for its ambiguity. - The [] style as expressed in [RFC3986] should be employed, and is the + IPv6 addresses. This style is NOT RECOMMENDED for its ambiguity. + The [] style as expressed in [RFC3986] SHOULD be employed, and is the default unless otherwise specified. Other styles are acceptable when there is exactly one style for the given context and cross-platform - portability does not become an issue. + portability does not become an issue. For URIs, [RFC3986] MUST be + followed. 7. Prefix Representation Problems with prefixes are just the same as problems encountered with addresses. Text representation method of IPv6 prefixes should be no different from that of IPv6 addresses. -8. Conclusion - - The recommended format of text representing an IPv6 address is - summarized as follows. - - (1) omit leading zeros in a 16 bit field - - (2) when using "::", shorten consecutive zero fields to their - maximum extent (leave no zero fields behind). - - (3) "::" used where shortens address the most - - (4) "::" used in the former part in case of a tie breaker - - (5) do not shorten one 16 bit 0 field, but always shorten when - there are two or more consecutive 16 bit 0 fields - - (6) use lower case - - Hints for developers are written in the Appendix section. - -9. Security Considerations +8. Security Considerations - None. + This document notes on some examples where IPv6 addresses are + compared in text format. The example on Section 3.2.5 is one that + may cause a security risk if used for access control. The common + practice of comparing X.509 data is done in binary format. -10. IANA Considerations +9. IANA Considerations None. -11. Acknowledgements +10. Acknowledgements The authors would like to thank Jan Zorz, Randy Bush, Yuichi Minami, Toshimitsu Matsuura for their generous and helpful comments in kick starting this document. We also would like to thank Brian Carpenter, Akira Kato, Juergen Schoenwaelder, Antonio Querubin, Dave Thaler, Brian Haley, Suresh Krishnan, Jerry Huang, Roman Donchenko, Heikki Vatiainen ,Dan Wing for their input. Also a very special thanks to Ron Bonica, Fred Baker, Brian Haberman, Robert Hinden, Jari Arkko, and Kurt Lindqvist for their support in bringing this document to the light of IETF working groups. -12. References +11. References -12.1. Normative References +11.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006. -12.2. Informative References +11.2. Informative References [I-D.ietf-behave-address-format] Huitema, C., Bao, C., Bagnulo, M., Boucadair, M., and X. Li, "IPv6 Addressing of IPv4/IPv6 Translators", - draft-ietf-behave-address-format-03 (work in progress), - December 2009. + draft-ietf-behave-address-format-04 (work in progress), + January 2010. [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005. [RFC4038] Shin, M-K., Hong, Y-G., Hagino, J., Savola, P., and E. Castro, "Application Aspects of IPv6 Transition", RFC 4038, March 2005. [RFC5214] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site