Network Working Group                                    G. Van de Velde
Internet-Draft                                              C. Popoviciu
Expires: December 3, 2006                                  Cisco Systems
                                                                T. Chown
                                               University of Southampton
                                                            June 1, 2006
                                                              O. Bonness
                                                                 C. Hahn
                                      T-Systems Enterprise Services GmbH
             IPv6 Unicast Address Assignment Considerations
                    <draft-ietf-v6ops-addcon-00.txt>
                    <draft-ietf-v6ops-addcon-01.txt>

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on December 3, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   One fundamental aspect of any IP communications infrastructure is its
   addressing plan.  With its new address architecture and allocation
   policies, the introduction of IPv6 into a network means that network
   designers and operators need to reconsider their existing approaches
   to network addressing.  Lack of guideliness guidelines on handling this aspect of
   network design could slow down the integration of IPv6.  This draft
   aims to provide the information and recommendations relevant to
   planning the addressing aspects of IPv6 deployments.  The draft also
   provides IPv6 addressing case studies for both an enterprise and an
   ISP network.  In this first version of the draft we aim to provoke
   discussion on this important topic; more detailed case study texts
   will follow.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3  4
   2.  Network Level Addressing Design Considerations . . . . . . . .  4  5
     2.1.  Global Unique Addresses  . . . . . . . . . . . . . . . . .  4  5
     2.2.  Unique Local IPv6 Addresses  . . . . . . . . . . . . . . .  4  5
     2.3.  6Bone Address Space  . . . . . . . . . . . . . . . . . . .  5  6
     2.4.  Network Level Design Considerations  . . . . . . . . . . .  6  7
       2.4.1.  Sizing the Network Allocation  . . . . . . . . . . . .  7  8
       2.4.2.  Address Space Conservation . . . . . . . . . . . . . .  7  8
   3.  Subnet Prefix Considerations . . . . . . . . . . . . . . . . .  7  8
     3.1.  Considerations for subnet prefixes shorter then /64  . . .  7  8
     3.2.  Considerations for /64 prefixes  . . . . . . . . . . . . .  8  9
     3.3.  Considerations for subnet prefixes longer then /64 . . . .  8  9
       3.3.1.  Anycast addresses  . . . . . . . . . . . . . . . . . .  8  9
       3.3.2.  Addresses used by Embedded-RP (RFC3956)  . . . . . . . 10 11
       3.3.3.  ISATAP addresses . . . . . . . . . . . . . . . . . . . 10 11
       3.3.4.  /126 addresses . . . . . . . . . . . . . . . . . . . . 11 12
       3.3.5.  /127 addresses . . . . . . . . . . . . . . . . . . . . 11 12
       3.3.6.  /128 addresses . . . . . . . . . . . . . . . . . . . . 11 12
   4.  Allocation of the IID of an IPv6 Address . . . . . . . . . . . 11 12
     4.1.  Automatic EUI-64 Format Option . . . . . . . . . . . . . . 12 13
     4.2.  Using Privacy Extensions . . . . . . . . . . . . . . . . . 12 13
     4.3.  Cryptographically Generated IPv6 Addresses . . . . . . . . 12 13
     4.4.  Manual/Dynamic Assignment Option . . . . . . . . . . . . . 13 14
   5.  Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . 13 14
     5.1.  Enterprise Considerations  . . . . . . . . . . . . . . . . 13 14
       5.1.1.  Obtaining general IPv6 network prefixes  . . . . . . . 13 14
       5.1.2.  Forming an address (subnet) allocation plan  . . . . . 14 15
       5.1.3.  Other considerations . . . . . . . . . . . . . . . . . 15 16
       5.1.4.  Node configuration considerations  . . . . . . . . . . 15 16
       5.1.5.  Observations . . . . . . . . . . . . . . . . . . . . . 16 17
     5.2.  Service Provider Considerations  . . . . . . . . . . . . . 16 17
       5.2.1.  Investigation of objective Requirements for an
               IPv6 addressing schema of a Service Provider . . . . . 17
       5.2.2.  IPv6 address allocation plan for a Service Provider  . 19
       5.2.3.  Additional Remarks . . . . . . . . . . . . . . . . . . 23
   6.  Security  IANA Considerations  . . . . . . . . . . . . . . . . . . . 16 . . 24
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 24
   8.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16
   8. 25
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 16
     8.1. 25
     9.1.  Normative References . . . . . . . . . . . . . . . . . . . 16
     8.2. 25
     9.2.  Informative References . . . . . . . . . . . . . . . . . . 16 25
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 19 28
   Intellectual Property and Copyright Statements . . . . . . . . . . 20 30

1.  Introduction

   The Internet Protocol Version 6 (IPv6) Addressing Architecture [23]
   defines three main types of addresses: unicast, anycast and
   multicast.  This document focuses on unicast addresses, for which
   there are currently three principal allocated types: Global Unique
   Addresses [12] ('globals'), Unique Local IPv6 Addresses [22] (ULAs)
   and 6bone address space [3].

   The document covers aspects that should be considered during IPv6
   deployment for the design and planning of an addressing scheme for an
   IPv6 network.  The network's IPv6 addressing plan may be for an IPv6-
   only network, or for a dual-stack infrastructure where some or all
   devices have addresses in both protocols.  These considerations will
   help an IPv6 network designer to efficiently and prudently assign the
   IPv6 address space that has been allocated to its organization.

   The address assignment considerations are analyzed separately for the
   two major components of the IPv6 unicast addresses, namely 'Network
   Level Addressing' (the allocation of subnets) and the 'Subnet Prefix'
   (address usage within a subnet).  Thus the document includes a
   discussion of aspects of address assignment to nodes and interfaces
   in an IPv6 network.  Finally the document will provide two examples
   of a successfully deployed address plan plans in a service provider (ISP)
   and an enterprise network.

   Parts of this document highlight the differences that an experienced
   IPv4 network designer should consider when planning an IPv6
   deployment, for example:

   o  IPv6 devices will more likely be multi-addressed in comparison
      with their IPv4 counterparts.
   o  The practically unlimited size of an IPv6 subnet (2^64 bits)
      reduces the requirement to size subnets to device counts for the
      purposes of (IPv4) address conservation.
   o  Eventhough  Even though there is no broadcast for the IPv6 protocol, there is
      still need to consider the number of devices in a given subnet due
      to traffic storm and level of traffic generated by hosts.
   o  The implications of the reduced threat of address-based host
      scanning, as discussed in [26].

   We do not discuss here how a site or ISP should proceed with
   acquiring its globally routable IPv6 address prefix.  However, one
   should note that IPv6 networks receive their global unicast address
   allocation from their 'upstream' provider, which may be another ISP,
   a Local Internet Registry (LIR) or a Regional Internet Registry
   (RIR).  In each case the prefix received is provider assigned (PA);
   there is currently no provider independent (PI) address space for
   IPv6.  Thus an IPv6 network which changes provider will need to
   undergo a renumbering process, as described in [21].  A separate
   document [28] makes recommendations to ease the IPv6 renumbering
   process.

   This document neither discusses implemention implementation aspects between ULA
   addresses and Site-local addresses.  Most implementations know about
   Site-local addresses even though they are deprecated, and do not know
   about ULAs - even though they are according current specification.
   As result transitioning between these types of addresses may cause
   difficulties.

2.  Network Level Addressing Design Considerations

   This section discusses the kind of IPv6 addresses used at the network
   level for the IPv6 infrastructure.  The kind of addresses that can be
   considered are Global Unique Addresses, ULAs and 6bone address space.

2.1.  Global Unique Addresses

   The most commonly used unicast addresses will be Global Unique
   Addresses ('globals').  No significant considerations are neccesary necessary
   if the organization has an address space assignment and a single
   prefix is deployed through a single upstream provider.

   However, a multihomed site may deploy addresses from two or more
   Service Provider assigned IPv6 address ranges.  Here, the network
   Administrator must have awareness on where and how these ranges are
   used on the multihomed infrastructure environment.  The nature of the
   usage of multiple prefixes may depend on the reason for multihoming
   (e.g. resilience failover, load balancing, policy-based routing, or
   multihoming during an IPv6 renumbering event).  IPv6 introduces
   improved support for multi-addressed hosts through the IPv6 default
   address selection methods described in RFC3484 [10].  A multihomed
   host may thus have two addresses, one per prefix (provider), and
   select source and destination addresses to use as described in that
   RFC.

2.2.  Unique Local IPv6 Addresses

   ULAs have replaced the originally conceived Site Local addresses in
   the IPv6 addressing architecture, for reasons described in [17].
   ULAs improve on site locals by offering a high probability of the
   global uniqueness of the prefix used, which can be beneficial in the
   case of (deliberate or accidental) leakage, or where networks are
   merged.  ULAs are akin to the private address space [1] assigned for
   IPv4 networks.

   The ULA address range allows a network administrator to deploy IPv6
   addresses on their network without asking for a globally unique
   registered IPv6 address range.  A ULA prefix is 48 bits, i.e. a /48,
   the same as the currently recommended allocation for a site from the
   globally routable IPv6 address space [7].

   ULAs provide the means to deploy a fixed addressing scheme that is
   not affected by a change in service provider and the corresponding PA
   global addresses.  Internal operation of the network is thus
   unaffected during renumbering events.  Nevertheless, this type of
   address must be used with caution.

   A site using ULAs may or may not also deploy globals.  In an isolated
   network ULAs may be deployed on their own.  In a connected network,
   that also deploys global addresses, both may be deployed, such that
   hosts become multiaddressed (one global and one ULA address) and the
   IPv6 default address selection algorithm will pick the appropriate
   source and destination addresses to use, e.g.  ULAs will be selected
   where both the source and destination hosts have ULA addresses.
   Because a ULA and a global site prefix are both /48 length, an
   administrator can choose to use the same subnetting (and host
   addressing) plan for both prefixes.

   As an example of the problems ULAs may cause, when using IPv6
   multicast within the network, the IPv6 default address selection
   algorithm prefers the ULA address as the source address for the IPv6
   multicast streams.  This is NOT a valid option when sending an IPv6
   multicast stream to the IPv6 Internet for two reasons.  For one,
   these addresses are not globally routable so RPF checks for such
   traffic will fail outside the internal network.  The other reason is
   that the traffic will likely not cross the network boundary due to
   multicast domain control and perimeter security policies.

   In principal ULAs allow easier network mergers than RFC1918 addresses
   do for IPv4 because ULA prefixes have a high probability of
   uniqueness, if the prefix is chosen as described in the RFC.

   The usage of ULAs should be carefully considered even when not
   attached to the IPv6 Internet due to the potential for added
   complexity when connecting to the Internet at some point in the
   future.

2.3.  6Bone Address Space

   The 6Bone address space was used before the RIRs started to
   distribute 'production' IPv6 prefixes.  The 6Bone prefixes have a
   common first 16 bits in the IPv6 Prefix of 3FFE::/16.  This address
   range is deprecated as of 6th June 2006 [15] and should be avoided on
   any new IPv6 network deployments.  Sites using 6bone address space
   should renumber to production address space using procedures as
   defined in [21].

2.4.  Network Level Design Considerations

   IPv6 provides network administrators with a significantly larger
   address space, enabling them to be very creative in how they can
   define logical and practical address plans.  The subneting subnetting of
   assigned prefixes can be done based on various logical schemes that
   involve factors such as:
   o  Geographical Boundaries - by assigning a common prefix to all
      subnets within a geographical area.
   o  Organizational Boundaries - by assigning a common prefix to an
      entire organization or group within a corporate infrastructure.
   o  Service Type - by reserving certain prefixes for predefined
      services such as: VoIP, Content Distribution, wireless services,
      Internet Access, etc.
   Such logical addressing plans have the potential to simplify network
   operations and service offerings, and to simplify network management
   and troubleshooting.  A very large network would also have no need to
   consider using private address space for its infrastructure devices,
   simplifying network management.

   The network designer must however keep in mind several factors when
   developing these new addressing schemes:
   o  Prefix Aggregation - The larger IPv6 addresses can lead to larger
      routing tables unless network designers are actively pursuing
      aggregation.  While prefix aggregation will be enforced by the
      service provider, it is beneficial for the individual
      organizations to observe the same principles in their network
      design process.
   o  Network growth - The allocation mechanism for flexible growth of a
      network prefix, documented in RFC3531 [11] can be used to allow
      the network infrastructure to grow and be numbered in a way that
      is likely to preserve aggregation (the plan leaves 'holes' for
      growth).
   o  ULA usage in large networks - Networks which have a large number
      of 'sites' that each deploy a ULA prefix which will by default be
      a 'random' /48 under fc00::/7 will have no aggregation of those
      prefixes.  Thus the end result may be cumbersome because the
      network will have large amounts of non-aggregated ULA prefixes.
      However, there is no rule to disallow large networks to use a
      single ULA for all 'sites', as a ULA still provides 16 bits for
      subnetting to be used internally.

2.4.1.  Sizing the Network Allocation

   We do not discuss here how a network designer sizes their application
   for address space.  By default a site will receive a /48 prefix [7].
   The default provider allocation via the RIRs is currently a /32 [27].
   These allocations are indicators for a first allocation for a
   network.  Different sizes may be obtained based on the anticipated
   address usage [27].  There are examples of allocations as large as
   /19 having been made from RIRs to providers at the time of writing.

2.4.2.  Address Space Conservation

   Despite the large IPv6 address space which enables easier subneting, subnetting,
   it still is important to ensure an efficient use of this resource.
   Some addressing schemes, while facilitating aggregation and
   management, could lead to significant numbers of addresses being
   unused.  Address conservation requirements are less stringent in IPv6
   but they should still be observed.

   The proposed HD [8] value for IPv6 is 0.94 compared to the current
   value of 0.96 for IPv4.  Note that for IPv6 HD is calculated for
   sites,
   sites (i.e. on a basis of /48), instead of based on addresses like
   with IPv4.

3.  Subnet Prefix Considerations

   This section analyzes the considerations applied to define the subnet
   prefix of the IPv6 addresses.  The boundaries of the subnet prefix
   allocation are specified in RFC4291 [23].  In this document we
   analyze their practical implications.  Based on RFC4291 [23] it is
   legal for any IPv6 unicast address starting with binary address '000'
   to have a subnet prefix larger than, smaller than or of equal to 64
   bits.  Each of these three options are is discussed in this document.

3.1.  Considerations for subnet prefixes shorter then /64

   An allocation of a prefix shorter then 64 bits to a node or interface
   is bad practice.  The shortest subnet prefix that could theoretically
   be assigned to an interface or node is limited by the size of the
   network prefix allocated to the organization.

   A possible reason for choosing the subnet prefix for an interface
   shorter then /64 is that it would allow more nodes to be attached to
   that interface compared to a prescribed length of 64 bits.  This
   however is unnecessary considering that 2^64 provides plenty of node
   addresses for a well designed IPv6 network.  Layer two technologies
   are unlikely to support such large numbers of nodes within a single
   link (e.g.  Ethernet limited to 48-bits of hosts)

   The subnet prefix assignments can be made either by manual
   configuration, by a stateful Host Configuration Protocol [9] or by a
   stateful prefix delegation mechanism [14].

3.2.  Considerations for /64 prefixes

   Based on RFC3177 [7], 64 bits is the prescribed subnet prefix length
   to allocate to interfaces and nodes.

   When using a /64 subnet length, the address assignment for these
   addresses can be made either by manual configuration, by a stateful
   Host Configuration Protocol [9] [16] or by stateless
   autoconfiguration [2].

   Note that RFC3177 strongly prescribes 64 bit subnets for general
   usage, and that stateless autoconfiguration option is only defined
   for 64 bit subnets.

3.3.  Considerations for subnet prefixes longer then /64

   Address space conservation is the main motivation for using a subnet
   prefix length longer than 64 bits.

   The address assignment can be made either by manual configuration or
   by a stateful Host Configuration Protocol [9].

   When assigning a subnet prefix of more then 80 bits, according to
   RFC4291 [23] "u" and "g" bits (respectively the 81st and 82nd bit)
   need to be taken into consideration and should be set correctly.  In
   currently implemented IPv6 protocol stacks, the relevance of the "u"
   (universal/local) bit and "g" (the individual/group) bit are marginal
   and typically will not show an issue when configured wrongly, however
   future implementations may turn out differently.

   When using subnet lengths longer then 64 bits, it is important to
   avoid selecting addresses that may have a predefined use and could
   confuse IPv6 protocol stacks.  The alternate usage may not be a
   simple unicast address in all cases.  The following points should be
   considerated
   considered when selecting a subnet length longer then 64 bits
   subnet prefix length. bits.

3.3.1.  Anycast addresses

3.3.1.1.  Subnet Router Anycast Address

   RFC4291 [23] provides a definition for the required Subnet Router
   Anycast Address as follows:

    |                   n bits                   |   128-n bits   |
      +------------------------------------------------+----------------+
    +--------------------------------------------+----------------+
    |               subnet prefix                | 00000000000000 |
      +------------------------------------------------+----------------+
    +--------------------------------------------+----------------+

   It is recommended to avoid allocating this IPv6 address to a device
   which is not a router. no  No additional dependancy dependencies for the subnet
   prefix
   with the exception of while the EUI-64 and an IID dependency.  These dependencies will be discussed
   later in this document.

3.3.1.2.  Reserved IPv6 Subnet Anycast Addresses

   RFC2526 [4] stated that within each subnet, the highest 128 interface
   identifier values are reserved for assignment as subnet anycast
   addresses.

   The construction of a reserved subnet anycast address depends on the
   type of IPv6 addresses used within the subnet, as indicated by the
   format prefix in the addresses.

   The first type of Subnet Router Anycast addresses have been defined
   as follows for EUI-64 format:

    |           64 bits            |      57 bits     |   7 bits   |
      +---------------------------------+------------------+------------+
    +------------------------------+------------------+------------+
    |        subnet prefix         | 1111110111...111 | anycast ID |
      +---------------------------------+------------------+------------+
    +------------------------------+------------------+------------+

   The anycast address structure implies that it is important to avoid
   creating a subnet prefix where the bits 65 to 121 are defined as
   "1111110111...111" (57 bits in total) so that confusion can be
   avoided.

   For other IPv6 address types (that is, with format prefixes other
   than those listed above), the interface identifier is not in EUI-64
   format and may be other than 64 bits in length; these reserved subnet
   anycast addresses for such address types are constructed as follows:

    |           n bits             |    121-n bits    |   7 bits   |
      +---------------------------------+------------------+------------+
    +------------------------------+------------------+------------+
    |        subnet prefix         | 1111111...111111 | anycast ID |
      +---------------------------------+------------------+------------+
    +------------------------------+------------------+------------+
                                   |   interface identifier field  |

   In the case discussed above there is no additional dependancy dependency for the
   subnet prefix with the exception of the EUI-64 and an IID dependency.
   These will be discussed later in this document.

3.3.2.  Addresses used by Embedded-RP (RFC3956)

   Embedded-RP [18] reflects the concept of integrating the Rendezvous
   Point (RP) IPv6 address into the IPv6 multicast group address.  Due
   to this embedding and the fact that the length of the IPv6 address
   AND the IPv6 multicast address are 128 bits, it is not possible to
   have the complete IPv6 address of the multicast RP embedded as such.

   This resulted in a restriction of 15 possible RP-addresses per prefix
   that can be used with embedded-RP.  The space assigned for the
   embedded-RP is based on the 4 low order bits, while the remainder of
   the Interface ID is set to all '0'.

               [IPv6-prefix (64 bits)][60 bits all '0'][RIID]

                   Where: [RIID] = 4 bit.

   Consequently this leads to the awareness

   This format implies that when when selecting subnet prefixes longer then
   64, where and the bits beyond the 64th bit one are none-zero embedded-RP none-zero, the subnet can
   not be used for that subnet. use embedded-RP.

   In addition it is discouraged to assign a matching embedded-RP IPv6
   address to a device that is not a real Multicast RendezVous Rendezvous Point.

3.3.3.  ISATAP addresses

   ISATAP [25] is an automatic tunneling protocol used to provide IPv6
   connectivity over an IPv4 campus or enterprise environment.  In order
   to leverage the underlying IPv4 infrastructure, the IPv6 addresses
   are constructed in a special format.

   An IPv6 ISATAP [25] address has the IPv4 address embedded, based on a
   predefined structure policy that identifies them as an ISATAP [25]
   address.

                [IPv6 Prefix (64 bits)][0000:5EFE][IPv4 address]
   When using subnet prefix length longer then 64 bits it is recommended
   that that the portion of the IPv6 prefix from bit 65 to the end of
   the subnet prefix does not match with the welknown well-known ISATAP [0000:5EFE] [0000:
   5EFE] address portion.

   In its actual definition there is no multicast support on ISATAP

3.3.4.  /126 addresses

   The 126 bit subnet prefixes are typically used for point-to-point
   links similar to the RFC3021 [5] recommendations for IPv4.  The usage
   of this subnet address length does not lead to any additional
   considerations other than the ones discussed earlier in this section,
   particularly those related to the "u" and "g" bits.

3.3.5.  /127 addresses

   The usage of the /127 addresses is not valid and should be strongly
   discouraged as documented in RFC3627 [13].

3.3.6.  /128 addresses

   The 128 bit address prefix may be used in those situations where we
   know that one, and only one address is sufficient.  Example usage
   would be the offlink off-link loopback address of a network device.

   When choosing a 128 bit prefix, it is recommended to take the "u" and
   "g" bits into consideration and to make sure that there is no overlap
   with either the following well known well-known addresses:
   o  Subnet Router Anycast Address
   o  Reserved Subnet Anycast Address
   o  Addresses used by Embedded-RP
   o  ISATAP Addresses

4.  Allocation of the IID of an IPv6 Address

   In order to have a complete IPv6 address, an interface must be
   associated a prefix and an Interface Identifier (IID).  Section 3 of
   this document analyzed the prefix selection considerations.  This
   section discusses the elements that should be considered when
   assigning the IID portion of the IPv6 address.

   There are various ways to allocate an IPv6 address to a device or
   interface.  The option with the least amount of caveats for the
   network administrator is that of EUI-64 [2] based addresses.  For the
   manual or dynamic options, the overlap with well known IPv6 addresses
   should be avoided.

4.1.  Automatic EUI-64 Format Option

   When using this method the network administrator has to allocate a
   valid 64 bit subnet prefix.  The EUI-64 [2] allocation procedure can
   from that moment onwards assign the remaining 64 IID bits in a
   stateless manner.  All the considerations for selecting a valid IID
   have been incorporated in the EUI-64 methodology.

4.2.  Using Privacy Extensions

   The main purpose of IIDs generated based on RFC3041 [6] is to provide
   privacy to the entity using this address.  While there is are no
   particular restraints constraints in the usage of these addresses as defined in
   [6] there are some implications to be aware of when using privacy
   addresses as documented in section 4 of RFC3041 [6]:
   o  The privacy extension algoritm algorithm may complicate flexibility in
      future transport protocols
   o  These addresses may add complexity to the operational management
      and troubleshooting of the infrastructure (i.e. which address
      belongs to which real host)
   o  A reverse DNS lookup check may be broken when using privacy
      extensions

4.3.   Cryptographically Generated IPv6 Addresses

   Cryptographically Generated Addresses (CGAs) are based upon RFC3972
   [20] and provide a method for binding a public signature key to an
   IPv6 address in the Secure Neighbor Discovery (SEND) protocol [19].

   The basic idea is to generate the interface identifier (i.e. the
   rightmost 64 bits) of the IPv6 address by computing a cryptographic
   hash of the public key.  The resulting IPv6 address is called a
   cryptographically generated address (CGA).  The corresponding private
   key can then be used to sign messages sent from that address.

   Implications to be aware of when using CGA addresses are found in
   section 7 of RFC3972 [20]:
   o  When using CGA addresses the values of the "u" and "g" bits are
      ignored however it does not add any security or implementation
      implications
   o  There is no mechanism for proving that an address is not a CGA
   o  When it is discovered that a node has been compromised, a new
      signature key and a new CGA should be generated

   Due to the fact that CGA generated addresses are almost
   indistinguishable from a privacy address and has similar properties
   for many purposes, the same considerations as with privacy addresses
   are also valid for CGA generated addresses.

4.4.  Manual/Dynamic Assignment Option

   This section discusses those IID allocations that are not implemented
   through stateless address configuration (Section 4.1).  They are
   applicable regardless of the prefix length used on the link.  It is
   out of scope for this section to discuss the various assignment
   methods (e.g. manual configuration, DHCPv6, etc).

   In this situation the actual allocation is done by human intervention
   and consideration needs to be given to the complete IPv6 address so
   that it does not result in overlaps with any of the well known IPv6
   addresses:
   o  Subnet Router Anycast Address
   o  Reserved Subnet Anycast Address
   o  Addresses used by Embedded-RP
   o  ISATAP Addresses

   When using an address assigned by human intervention it is
   recommended to choose IPv6 addresses which are not abvious obvious to guess
   and/or avoid any IPv6 addresses that embed IPv4 addresses used in the
   current infrastructure.  Following these two recommendations will
   make it more difficult for malicious third parties to guess targets
   for attack, and thus reduce security threats to a certain extent.

5.  Case Studies

   tbc.

5.1.  Enterprise Considerations

   In this section we consider a case study of a campus network that is
   deploying IPv6 in parallel with existing IPv4 protocols in a dual-
   stack environment.  The specific example is the University of
   Southampton (UK).  The case study is a 'work in progress' as the
   deployment is an evolving one, currently covering around 1,500 hosts.

5.1.1.  Obtaining general IPv6 network prefixes

   In the case of a campus network, the site will typically take its
   connectivity from its National Research and Education Network (NREN).
   Southampton connects to JANET, the UK academic network.  JANET
   currently has a /32 allocation from RIPE of 2001:630::/32.  The
   current recommended practice is for sites to receive a /48
   allocation, and on this basis Southampton has received such a prefix
   for its own use, specifically 2001:630:d0::/48.

   No ULA addressing is used on site.  The campus does not expect to
   change service provider, and thus does not plan to use ULAs for the
   (perceived) benefit of easing network renumbering.  Indeed, the
   campus has renumbered following the aforementioned renumbering
   procedure [21] on two occassions, occasions, and this has proven adequate (with
   provisos documented in [28].  We also do not see any need to deploy
   ULAs for in or out of band network management; there are enough IPv6
   prefixes available in the site allocation for the infrastructure.

   No 6bone addressing is used on site.  This was phased out some time
   ago.  We note that as of 6th June 2006 transit ISPs will likely
   filter any attempted use of such prefixes.

   Southampton does participate in global and organisation organization scope IPv6
   multicast networks.  Multicast address allocations are not discussed
   here as they are not in scope for the document.  Embedded RP is in
   use, and has been tested successfully across providers between sites.

5.1.2.  Forming an address (subnet) allocation plan

   The campus has a /16 prefix for IPv4 use; in principle 256 subnets of
   256 addresses.  In reality the subnetting is muddier, because of
   concerns of IPv4 address conservation; subnets are sized to the hosts
   within them, e.g. a /26 IPv4 prefix is used if a subnet has 35 hosts
   in it.  While this is efficient, it increases management burden when
   physical deployments change, and IPv4 subnets require resizing (up or
   down), even with DHCP in use.

   The /48 IPv6 prefix is considerably larger than the IPv4 allocation
   already in place at the site.  It is loosely equivalent to a 'Class
   A' IPv4 prefix in that it has 2^16 (over 65,000) subnets, but has an
   effectively unlimited subnet address size (2^64) compared to 256 in
   the IPv4 equivalent.  The increased subnet size means that /64 IPv6
   prefixes can be used on all subnets, without any requirement to
   resize them at a later date.  The increased subnet volume allows
   subnets to be allocated more generously to schools and departments in
   the campus.  While address conservation is still important, it is no
   longer an impediment on network management.  Rather, address (subnet)
   allocation is more about planning for future expansion.

   In a dual-stack network, we chose to deploy our IP subnets
   congruently for IPv4 and IPv6.  This is because the systems are still
   in the same administrative domains and the same geography.  We do not
   expect to have IPv6-only subnets in production use for a while yet,
   outside testbeds test beds and our early Mobile IPv6 trials.  The firewall
   would ideally be a single dual-stack device with consistent policies
   (by host rather than IP version), however this is currently
   implemented as a firewall per IP protocol due to vendor limitations
   (Nokia/Checkpoint for IPv4, BSD pf tool for IPv6).

   The subnet allocation plan required a division of the address space
   per school or department.  Here a /56 was allocated to the school
   level of the university; there are around 30 schools currently.
   Further allocations were made for central IT infrastructure, for the
   network infrastructure and the server side systems.

5.1.3.  Other considerations

   The network uses a Demilitarized Zone (DMZ) topology for some level
   of protection of 'public' systems.  Again, this topology is congruent
   with the IPv4 network.

   There are no specific transition methods deployed internally to the
   campus; everything is using the conventional dual-stack approach.
   There is no use of tools such as ISATAP for example.

   For the Mobile IPv6 early trails, we have allocated one prefix for
   Home Agent (HA) use.  We have not yet considered how Mobile IPv6
   usage may grow, and whether more or even every subnet will require HA
   support.

   The university operates a tunnel broker service on behalf of UKERNA.
   This uses separate address space from JANET, not the main university
   allocation.

5.1.4.  Node configuration considerations

   We currently use stateless autoconfiguration on most subnets for IPv6
   hosts.  There is no DHCPv6 service deployed yet, beyond tests of
   early code releases.  We do seek a common integrated DHCP/DNS
   management platform, even if the servers themselves are not
   colocated. co-
   located.  Currently we add client statelessly autoconfigured
   addresses to the DNS manually.  Our administrators would prefer the
   use of DHCP because they believe it gives them some management
   control.

   Regarding the [26] implications, we note that all our hosts are dual-
   stack, and thus are potentially exposed over both protocols anyway.
   We publish all addresses in DNS, and do not operate a two faced DNS.

   We have internal usage of RFC3041 privacy addresses currently, but
   may wish to administratibely administratively disable this (perhaps via DHCP), but we
   need to determine the feasibility of this on all systems, e.g. for
   WLAN guests or other user-maintained systems.  Network management
   should be simpler without RFC3041 in opeation. operation.  Note RFC3041 is only
   an issue for outbound connections.

   We manually configure server addresses to avoid address changes on a
   change of network adaptor.  With IPv6 you can choose to pick ::53 for
   a DNS server, or can pick 'random' addresses for obfuscation, though
   that's not an issue for publicly advertised addresses (dns, mx, web,
   etc).

5.1.5.  Observations

   The site is not (yet) using prefix delegation tools for IPv6.

5.2.  Service Provider Considerations

   case studies are requested and in development. they should be added
   for the -01 draft.

6.  Security Considerations

   This

   In this section an IPv6 addressing documents does not have any direct impact on schema is sketched that could
   serve as an example by a Service Provider offering Internet infrastructure security.

7.  Acknowledgements

   Constructive feedback Services
   as well as Network Access services to millions of customers.  In this
   example, the Service Provider is assumed to operate an MPLS based
   backbone and contributions have implements 6PE to provide IPv6 backbone transport
   between the different locations (POPs) of a fully dual-stacked
   network access and aggregation area.

   Besides that it is assumed that the Service Provider

   o  has received a /20 from its RIR
   o  operates its own LIR
   o  has to address its own IPv6 infrastructure
   o  delegates prefixes from this aggregate to its customers.

   Hence this addressing schema covers the numbering of the Service
   Provider IPv6 network devices as well the customer aggregates chosen
   out of the /20 prefix of the SP.

5.2.1.  Investigation of objective Requirements for an IPv6 addressing
        schema of a Service Provider

   The first step of the IPv6 addressing plan design for a Service
   provider should be the identification of all technical, operational,
   political and business requirements that have to be satisfied by the
   services supported by this addressing schema.

   According to the different technical constraints and business models
   as well as the different weights of these requirements (from the
   point of view of the corresponding Service Provider) it is very
   likely that different addressing schemas will be developed and
   deployed by different ISPs.  Nevertheless the addressing schema of
   this section is one possible example.

5.2.1.1.  Requirements for an IPv6 addressing schema from the LIR
          perspective of the Service Provider
   In their role as LIR the Service Providers have to care about the
   policy constraints of the RIRs and the standards of the IETF
   regarding IPv6 addressing.  In this context, the following basic
   requirements and recommendations have to be taken into account and
   should be satisfied by the IPv6 address allocation plan of a Service
   Provider:
   o  As recommended in RFC 3177 [7] and in several RIR policies
      "Common" customers sites (normally private customers) should
      receive a /48 prefix from the aggregate of the Service Provider.
      (Note: The addressing plan must be flexible enough and take into
      account the possible change of the minimum allocation size for end
      users currently under definition by the RIRs.)
   o  "Big customers" (like big enterprises, governmental agencies etc.)
      may receive shorter prefixes according to their needs when this
      need could be documented and justified to the RIR.
   o  The IPv6 address allocation schema has to be able to meet the HD-
      ratio of 0.94 as it is defined for IPv6.  This requirement
      corresponds to the demand for an efficient usage of the IPv6
      address aggregate by the Service Provider.  (Note: A HD-ratio of
      0.94 means an effective usage of about 31% of the /20 of the
      Service Provider on the basis of /48 assignments.)
   o  All assignments to customers have to be documented and stored into
      a database that can also be queried by the RIR.
   o  The LIR has to make available means for supporting the reverse DNS
      mapping of the customer prefixes.

5.2.1.2.  IPv6 addressing schema requirements from the ISP perspective
          of the Service Provider

   From ISP perspective the following basic requirements could be
   identified:
   o  The IPv6 address allocation schema must be able to realize a
      maximal aggregation of all IPv6 address delegations to customers
      into the /20 of the Service Provider.  Only this /20 will be
      routed and injected from the Service Provider into the global
      routing table (DFZ).  This strong aggregation keeps the routing
      tables of the DFZ small and eases filtering and access control
      very much.  (Note: A strong aggregation e.g. on POP or LER basis
      limits as well the numbers of customer routes that are visible
      within the ISP network.)
   o  The IPv6 addressing schema of the SP should contain maximal
      flexibility since the infrastructure of the SP will change over
      the time with new customers, transport technologies and business
      cases.  The requirement of maximal flexibility is contrary to the
      requirements of strong IPv6 address aggregation and efficient
      address usage, but at this point each SP has to decide which of
      these requirements to prioritize.

   o  Keeping the multilevel network hierarchy of an ISP in mind, due to
      addressing efficiency reasons not all hierarchy levels can and
      should be mapped into the IPv6 addressing schema of an ISP.
      Sometimes it is much better to implement "flat" addressing for the
      ISP network than to loose big chunks of the IPv6 address aggregate
      in addressing each level of network hierarchy.  Besides that a
      decoupling of provider network addressing and customer addressing
      is recommended.

5.2.1.3.  IPv6 addressing schema requirements from the Network Access
          provider perspective of the Service Provider

   As already done for the LIR and the ISP roles of the SP it is also
   necessary to identify requirements that come from its Network Access
   Provider role.  Some of the basic requirements are:
   o  The IPv6 addressing schema of the SP must be flexible enough to
      adapt changes that are injected from the customer side.  This
      covers changes that are based on the raising IPv6 address needs of
      the customer as well as changes that come from topological
      modifications (e.g. when the customer moves from one point of
      network attachment (POP) to another).
   o  For each IPv6 address assignment to customers a "buffer zone" must
      be reserved that allows the customer to grow in its addressing
      range without renumbering or assignment of additional prefixes.
   o  The IPv6 addressing schema of the SP must deal with multiple-
      attachments of a single customer to the SP network infrastructure
      (i.e. multi-homed network access with the same SP).

   These few requirements are only part of all the requirements a
   Service Provider has to investigate and keep in mind during the
   definition phase of its addressing architecture.  Each SP will most
   likely add more constraints to this list.

5.2.2.  IPv6 address allocation plan for a Service Provider

   This section illustrates how the /20 IPv6 prefix of the SP can be
   used to address the SP-own infrastructure and to delegate IPv6
   prefixes to its customers following the above mentioned requirements
   as far as possible.

   The below figure summarizes the device types in an SP network and the
   typical network design.  The network hierarchy of the SP has to be
   taken into account for the design of an IPv6 addressing schema and
   defines its basic shape.

   +------------------------------------------------------------------+
   |               LSRs of the MPLS Backbone of the SP                |
   +------------------------------------------------------------------+
      |        |             |              |                 |
      |        |             |              |                 |
   +-----+  +-----+     +--------+     +--------+         +--------+
   | LER |  | LER |     | LER-BB |     | LER-BB |         | LER-BB |
   +-----+  +-----+     +--------+     +--------+         +--------+
    |   |    |   |        |    |      /     |              |     |
    |   |    |   |        |    |     /      |              |     |
    |   |    |   |  +------+  +------+   +------+          |     |
    |   |    |   |  |BB-RAR|  |BB-RAR|   |  AG  |          |     |
    |   |    |   |  +------+  +------+   +------+          |     |
    |   |    |   |    |  |      |  |      |    |           |     |
    |   |    |   |    |  |      |  |      |    |           |     |
    |   |    |   |    |  |      |  | +-----+  +-----+  +-----+  +-----+
    |   |    |   |    |  |      |  | | RAR |  | RAR |  | RAR |  | RAR |
    |   |    |   |    |  |      |  | +-----+  +-----+  +-----+  +-----+
    |   |    |   |    |  |      |  |  |   |    |   |    |   |    |   |
    |   |    |   |    |  |      |  |  |   |    |   |    |   |    |   |
   +-------------------------------------------------------------------+
   |                       Customer networks                           |
   +-------------------------------------------------------------------+
   Figure: Exemplary Service Provider Network

   LSR    ... Label Switch Router
   LER    ... Label Edge Router
   LER-BB ... Broadband Label Edge Router
   RAR    ... Remote Access Router
   BB-RAR ... Broadband Remote Access Router
   AG     ... Aggregation Router

   Basic design decisions for the SP IPv6 address plan regarding
   customer prefixes take into consideration:
   o  The prefixes assigned to all customers behind the same LER (e.g.
      LER or LER-BB) are aggregated under one prefix.  This ensures that
      the number of labels that have to be used for 6PE is limited and
      hence provides a strong MPLS label conservation.
   o  The /20 prefix of the SP is separated into 3 different pools that
      are used to allocate IPv6 prefixes to the customers of the SP:
      *  A pool (e.g. /24) for satisfying the addressing needs of real
         "big" customers (as defined in 5.2.2.1 sub-section A.) that
         need IPv6 prefixes larger than /48 (e.g. /32).  These customers
         are assumed to be connected to several POPs of the access
         network, so that this customer prefix will be visible in each
         of these POPs.

      *  A pool (e.g. /24) for the LERs with direct customer connections
         (e.g. dedicated line access) and without an additional
         aggregation area between the customer and the LER.  (These LERs
         are mostly connected to a limited number of customers because
         of the limited number of interfaces/ports.)
      *  A larger pool (e.g. 14*/24) for LERs (e.g.  LER-BB) that serve
         a high number of customers that are normally connected via some
         kind of aggregation network (e.g.  DSL customers behind a BB-
         RAR or Dial-In customers behind a RAR).
      *  The IPv6 address delegation within each Pool (end customer
         delegation or also the aggregates that are dedicated to the
         LERs itself) should be chosen with an additional buffer zone of
         300% for future growth.

5.2.2.1.  Defining an IPv6 address allocation plan for customers of the
          Service Provider

5.2.2.1.1.  'Big' customers

   SP's "big" customers receive their prefix from the /24 IPv6 address
   aggregate that has been reserved for their "big" customers.  A
   customer is considered as "big" customer if it has a very complex
   network infrastructure and/or huge IPv6 address needs (e.g. because
   of very large customer numbers) and/or several uplinks to different
   POPs of the SP network.

   The assigned IPv6 address prefixes can have a prefix length in the
   range 32-48 and for each assignment a 300% future growing zone is
   marked as "reserved" for this customer.  This means that for instance
   with a delegation of a /34 to a customer the /32 that contains this
   /34 is reserved for the customer for future usage.

   The prefixes for the "big" customers can be chosen from the
   corresponding LER customer pool by either using an equidistant
   algorithm or using mechanisms simililar to the Sparse Alocation
   Algorithm (SAA) [27].

5.2.2.1.2.  'Common' customers

   All customers that are not "big" customers are considered as "common"
   customers.  They represent the majority of customers hence they
   receive a /48 out of the IPv6 customer address pool of the LER where
   they are directly connected or aggregated.

   Again a 300% future growing IPv6 address range is reserved for each
   customer, so that a "common" customer receives a /48 allocation but
   has a /46 reserved.

   In the network access scenarios where the customer is directly
   connected to the LER the customer prefix is directly taken out of the
   customer IPv6 address aggregate (e.g. /38) of the corresponding LER.

   In all other cases (e.g. the customer is attached to a RAR that is
   themselves aggregated to an AG or to a LER) at least 2 different
   approaches are possible.

   1.)  Mapping of Aggregation Network Hierarchy into Customer IPv6
   Addressing Schema.  The aggregation network hierarchy could be mapped
   into the design of the customer prefix pools of each network level in
   order to achieve a maximal aggregation at the LER level as well as at
   the intermediate levels.  (Example: Customer - /48, RAR - /38, AG -
   /32, LER-BB - /30).  At each network level an adequate growing zone
   should be reserved.  (Note: This approach requires of course some
   "fine tuning" of the addressing schema based on a very good knowledge
   of the Service Provider network topology including actual growing
   ranges and rates.)

   When the IPv6 customer address pool of a LER (or another device of
   the aggregation network - AG or RAR) is exhausted, the related LER
   (or AG or RAR) prefix is shortened by 1 or 2 bits (e.g. from /38 to
   /37 or /36) so that the originally reserved growing zone can be used
   for further IPv6 address allocations to customers.  In the case where
   the growing zone is exhausted as well a new prefix range from the
   corresponding pool of the next higher hierarchy level can be
   requested.

   2.)  "Flat" Customer IPv6 Addressing Schema.  The other option is to
   allocate all the customer prefixes directly out of the customer IPv6
   address pool of the LER where the customers are attached and
   aggregated and ignore the intermediate aggregation network
   infrastructure.  This approach leads of course to a higher amount of
   customer routes at LER and aggregation network level but takes a
   great amount of complexity out of the addressing schema.
   Nevertheless the aggregation of the customer prefixes to one prefix
   at LER level is realized as required above.

   If the actual observed growing rates show that the reserved growing
   zones are not needed than these growing areas can be freed and used
   for assignments for prefix pools to other devices at the same level
   of the network hierarchy.

5.2.2.2.  Defining an IPv6 address allocation plan for the Service
          Provider Network Infrastructure

   For the IPv6 addressing of SPs own network infrastructure a /32 (or
   /40) from the "big" customers address pool can be chosen.

   This SP infrastructure prefix is used to code the network
   infrastructure of the SP by assigning a /48 to every POP/location and
   using for instance a /56 for coding the corresponding router within
   this POP.  Each SP internal link behind a router interface could be
   coded using a /64 prefix.  (Note: While it is suggested to chose a
   /48 for addressing the POP/location of the SP network it is left to
   each SP to decide what prefix length to assign to the routers and
   links within this POP.)

   The IIDs of the router interfaces may be generated by using EUI-64 or
   through plain manual configuration e.g. for coding additional network
   or operational information into the IID.

   It is assumed that a 300% growing zones for each level of network
   hierarchy and additional prefixes may be assigned to POPs and/or
   routers if needed.

   Loopback interfaces of routers may be chosen from the first /64 of
   the /56 router prefix (in the example above).

   (Note: The /32 prefix that has been chosen for addressing SPs own
   IPv6 network infrastructure gives enough place to code additional
   functionalities like security levels or private and test
   infrastructure although such approaches haven't been considered in
   more detail for the above described SP until now.)

   Point-to-point links to customers (e.g.  PPP links, dedicated line
   etc.) may be addressed using /126 prefixes out of the first /64 of
   the access routers that could be reserved for this reason.

5.2.3.  Additional Remarks

5.2.3.1.  ULA

   From the actual view point of SP there is no compelling reason why
   ULAs should be used from a SP.  Look at section 2.2.

   ULAs could be used inside the SP network in order to have an
   additional "site-local scoped" IPv6 address for SPs own
   infrastructure for instance for network management reasons and maybe
   also in order to have an addressing schema that couldn't be reached
   from outside the SP network.

   In the case when ULAs are used it is possible to map the proposed
   internal IPv6 addressing of SPs own network infrastructure as
   described in 5.2.2.2 above directly to the ULA addressing schema by
   substituting the /48 POP prefix with a /48 ULA site prefix.

5.2.3.2.  Multicast

   IPv6 Multicast-related addressing issues are out of the scope of this
   document.

5.2.3.3.  POP Multi-homing or Change of POP

   POP (or better LER) Multi-homing of customers with the same SP can be
   realized within the proposed IPv6 addressing schema of the SP by
   assigning multiple LER-dependent prefixes to this customer (i.e.
   considering each customer location as a single-standing customer) or
   by choosing a customer prefix out of the pool of "big" customers.
   The second solution has the disadvantage that in every LER where the
   customer is attached this prefix will appear inside the IGP routing
   table requiring an explicit MPLS label.

   An equal effect happens when a customer changes its point of
   attachment to another POP/LER since in this case the customer prefix
   could not be aggregated into the LER prefix and needs to be
   advertised more specific in the IGP.

   (Note: The described negative POP/LER Multi-homing effects to the
   addressing architecture in the SP access network are not tackled by
   implementing the Shim6 Site Multi-homing approach since this approach
   targets only on a mechanism for dealing with multiple prefixes in end
   systems -- the SP will nevertheless have unaggregated customer
   prefixes in its internal routing tables.)

5.2.3.4.  Extensions needed for the later IPv6 migration phases

   The proposed IPv6 addressing schema for a SP needs some slight
   enhancements / modifications for the later phases of IPv6
   integration, for instance in the case when the whole MPLS backbone
   infrastructure (LDP, IGP etc.) is realized over IPv6 transport an
   addressing of the LSRs is needed.  Other changes may be necessary as
   well but should not be explained at this point.

6.  IANA Considerations

   There are no extra IANA consideration for this document.

7.  Security Considerations

   This IPv6 addressing documents does not have any direct impact on
   Internet infrastructure security.

8.  Acknowledgements

   Constructive feedback and contributions have been received from Stig
   Venaas, Pekka Savola, John Spencer, Patrick Grossetete and Carlos
   Garcia Braschi.

8.

9.  References

8.1.

9.1.  Normative References

8.2.

9.2.  Informative References

   [1]   Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and E.
         Lear, "Address Allocation for Private Internets", BCP 5,
         RFC 1918, February 1996.

   [2]   Thomson, S. and T. Narten, "IPv6 Stateless Address
         Autoconfiguration", RFC 2462, December 1998.

   [3]   Hinden, R., Fink, R., and J. Postel, "IPv6 Testing Address
         Allocation", RFC 2471, December 1998.

   [4]   Johnson, D. and S. Deering, "Reserved IPv6 Subnet Anycast
         Addresses", RFC 2526, March 1999.

   [5]   Retana, A., White, R., Fuller, V., and D. McPherson, "Using 31-
         Bit Prefixes on IPv4 Point-to-Point Links", RFC 3021,
         December 2000.

   [6]   Narten, T. and R. Draves, "Privacy Extensions for Stateless
         Address Autoconfiguration in IPv6", RFC 3041, January 2001.

   [7]   IAB and IESG, "IAB/IESG Recommendations on IPv6 Address
         Allocations to Sites", RFC 3177, September 2001.

   [8]   Durand, A. and C. Huitema, "The H-Density Ratio for Address
         Assignment Efficiency An Update on the H ratio", RFC 3194,
         November 2001.

   [9]   Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M.
         Carney, "Dynamic Host Configuration Protocol for IPv6
         (DHCPv6)", RFC 3315, July 2003.

   [10]  Draves, R., "Default Address Selection for Internet Protocol
         version 6 (IPv6)", RFC 3484, February 2003.

   [11]  Blanchet, M., "A Flexible Method for Managing the Assignment of
         Bits of an IPv6 Address Block", RFC 3531, April 2003.

   [12]  Hinden, R., Deering, S., and E. Nordmark, "IPv6 Global Unicast
         Address Format", RFC 3587, August 2003.

   [13]  Savola, P., "Use of /127 Prefix Length Between Routers
         Considered Harmful", RFC 3627, September 2003.

   [14]  Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host
         Configuration Protocol (DHCP) version 6", RFC 3633,
         December 2003.

   [15]  Fink, R. and R. Hinden, "6bone (IPv6 Testing Address
         Allocation) Phaseout", RFC 3701, March 2004.

   [16]  Droms, R., "Stateless Dynamic Host Configuration Protocol
         (DHCP) Service for IPv6", RFC 3736, April 2004.

   [17]  Huitema, C. and B. Carpenter, "Deprecating Site Local
         Addresses", RFC 3879, September 2004.

   [18]  Savola, P. and B. Haberman, "Embedding the Rendezvous Point
         (RP) Address in an IPv6 Multicast Address", RFC 3956,
         November 2004.

   [19]  Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure
         Neighbor Discovery (SEND)", RFC 3971, March 2005.

   [20]  Aura, T., "Cryptographically Generated Addresses (CGA)",
         RFC 3972, March 2005.

   [21]  Baker, F., Lear, E., and R. Droms, "Procedures for Renumbering
         an IPv6 Network without a Flag Day", RFC 4192, September 2005.

   [22]  Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
         Addresses", RFC 4193, October 2005.

   [23]  Hinden, R. and S. Deering, "IP Version 6 Addressing
         Architecture", RFC 4291, February 2006.

   [24]  Templin, F., Gleeson, T., Talwar, M., and D. Thaler, "Intra-
         Site Automatic Tunnel Addressing Protocol (ISATAP)",
         draft-ietf-ngtrans-isatap-24 (work in progress), January 2005.

   [25]  Templin, F., Gleeson, T., Talwar, M., and D. Thaler, "Intra-
         Site Automatic Tunnel Addressing Protocol
         (draft-ietf-ngtrans-isatap-24.txt)", July 2005.

   [26]  Chown, T., "IPv6 Implications for TCP/UDP Port Scanning (chown-
         v6ops- port-scanning-implications-02.txt)", October 2005.

   [27]  APNIC, ARIN, RIPE NCC, "IPv6 Address Allocation and Assignment
         Policy (www.ripe.net/ripe/docs/ipv6policy.html)", January 2003.

   [28]  Chown, T., Thompson, M., Ford, A., and S. Venaas, "Things to
         think about when Renumbering an IPv6 network
         (draft-chown-v6ops-renumber-thinkabout-03.txt)", July 2005.

   [29]  Paul Wilson, Raymond Plzak, Axel Pawlik, "IPv6 Address Space
         Management (www.ripe.net/ripe/docs/ipv6-sparse.html)",
         February 2005.

Authors' Addresses

   Gunter Van de Velde
   Cisco Systems
   De Kleetlaan 6a
   Diegem  1831
   Belgium

   Phone: +32 2704 5473
   Email: gunter@cisco.com

   Ciprian Popoviciu
   Cisco Systems
   7025-6 Kit Creek Road
   Research Triangle Park, North Carolina  PO Box 14987
   USA

   Phone: +1 919 392-3723
   Email: cpopovic@cisco.com

   Tim Chown
   University of Southampton
   Highfield
   Southampton,   SO17 1BJ
   United Kingdom

   Phone: +44 23 8059 3257
   Email: tjc@ecs.soton.ac.uk

   Olaf Bonness
   T-Systems Enterprise Services GmbH
   Goslarer Ufer 35
   Berlin,   10589
   Germany

   Phone: +49 30 3497 3124
   Email: Olaf.Bonness@t-systems.com
   Christian Hahn
   T-Systems Enterprise Services GmbH
   Goslarer Ufer 35
   Berlin,   10589
   Germany

   Phone: +49 30 3497 3164
   Email: HahnC@t-systems.com

Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright Statement

   Copyright (C) The Internet Society (2006).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.