draft-ietf-v6ops-addr-select-ps-09.txt   rfc5220.txt 
IPv6 Operations Working Group A. Matsumoto Network Working Group A. Matsumoto
Internet-Draft T. Fujisaki Request for Comments: 5220 T. Fujisaki
Intended status: Informational NTT Category: Informational NTT
Expires: December 19, 2008 R. Hiromi R. Hiromi
Intec Netcore Intec Netcore
K. Kanayama K. Kanayama
INTEC Systems INTEC Systems
June 17, 2008 Problem Statement for Default Address Selection in Multi-Prefix
Environments: Operational Issues of RFC 3484 Default Rules
Problem Statement of Default Address Selection in Multi-prefix
Environment: Operational Issues of RFC3484 Default Rules
draft-ietf-v6ops-addr-select-ps-09.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at Status of This Memo
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 19, 2008. This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Abstract Abstract
A single physical link can have multiple prefixes assigned to it. In A single physical link can have multiple prefixes assigned to it. In
that environment, end hosts might have multiple IP addresses and be that environment, end hosts might have multiple IP addresses and be
required to use them selectively. RFC 3484 defines default source required to use them selectively. RFC 3484 defines default source
and destination address selection rules and is implemented in a and destination address selection rules and is implemented in a
variety of OS's. But, it has been too difficult to use operationally variety of OSs. But, it has been too difficult to use operationally
for several reasons. In some environment where multiple prefixes are for several reasons. In some environments where multiple prefixes
assigned on a single physical link, the host using the default are assigned on a single physical link, the host using the default
address selection rules will experience some trouble in address selection rules will experience some trouble in
communication. This document describes the possible problems that communication. This document describes the possible problems that
end hosts could encounter in an environment with multiple prefixes. end hosts could encounter in an environment with multiple prefixes.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction ....................................................2
1.1. Scope of this document . . . . . . . . . . . . . . . . . . 3 1.1. Scope of This Document .....................................3
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 2. Problem Statement ...............................................4
2.1. Source Address Selection . . . . . . . . . . . . . . . . . 4 2.1. Source Address Selection ...................................4
2.1.1. Multiple Routers on Single Interface . . . . . . . . . 4 2.1.1. Multiple Routers on a Single Interface ..............4
2.1.2. Ingress Filtering Problem . . . . . . . . . . . . . . 5 2.1.2. Ingress Filtering Problem ...........................5
2.1.3. Half-Closed Network Problem . . . . . . . . . . . . . 6 2.1.3. Half-Closed Network Problem .........................6
2.1.4. Combined Use of Global and ULA . . . . . . . . . . . . 7 2.1.4. Combined Use of Global and ULA ......................7
2.1.5. Site Renumbering . . . . . . . . . . . . . . . . . . . 8 2.1.5. Site Renumbering ....................................8
2.1.6. Multicast Source Address Selection . . . . . . . . . . 9 2.1.6. Multicast Source Address Selection ..................9
2.1.7. Temporary Address Selection . . . . . . . . . . . . . 9 2.1.7. Temporary Address Selection .........................9
2.2. Destination Address Selection . . . . . . . . . . . . . . 10 2.2. Destination Address Selection .............................10
2.2.1. IPv4 or IPv6 prioritization . . . . . . . . . . . . . 10 2.2.1. IPv4 or IPv6 Prioritization ........................10
2.2.2. ULA and IPv4 dual-stack environment . . . . . . . . . 11 2.2.2. ULA and IPv4 Dual-Stack Environment ................11
2.2.3. ULA or Global Prioritization . . . . . . . . . . . . . 12 2.2.3. ULA or Global Prioritization .......................12
3. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3. Conclusion .....................................................13
4. Security Considerations . . . . . . . . . . . . . . . . . . . 14 4. Security Considerations ........................................14
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 5. Normative References ...........................................14
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.1. Normative References . . . . . . . . . . . . . . . . . . . 14
6.2. Informative References . . . . . . . . . . . . . . . . . . 15
Appendix A. Appendix. Revision History . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 16
Intellectual Property and Copyright Statements . . . . . . . . . . 17
1. Introduction 1. Introduction
In IPv6, a single physical link can have multiple prefixes assigned In IPv6, a single physical link can have multiple prefixes assigned
to it. In such cases, an end-host may have multiple IP addresses to it. In such cases, an end host may have multiple IP addresses
assigned to an interface on that link. In the IPv4-IPv6 dual stack assigned to an interface on that link. In the IPv4-IPv6 dual-stack
environment or in a site connected to both a ULA [RFC4193] and environment or in a site connected to both a Unique Local Address
Globally routable networks, an end-host typically has multiple IP (ULA) [RFC4193] and globally routable networks, an end host typically
addresses. These are examples of the networks that we focus on in has multiple IP addresses. These are examples of the networks that
this document. In such an environment, an end-host may encounter we focus on in this document. In such an environment, an end host
some communication troubles. may encounter some communication troubles.
Inappropriate source address selection at the end-host causes Inappropriate source address selection at the end host causes
unexpected asymmetric routing, filtering by a router or discarding of unexpected asymmetric routing, filtering by a router, or discarding
packets because there is no route to the host. of packets because there is no route to the host.
Considering a multi-prefix environment, destination address selection Considering a multi-prefix environment, destination address selection
is also important for correct or better communication establishment. is also important for correct or better communication establishment.
RFC 3484 [RFC3484] defines default source and destination address RFC 3484 [RFC3484] defines default source and destination address
selection algorithms and is implemented in a variety of OS's. But, selection algorithms and is implemented in a variety of OSs. But, it
it has been too difficult to use operationally for several reasons, has been too difficult to use operationally for several reasons, such
such as lack of autoconfiguration method. There are some problematic as lack of an autoconfiguration method. There are some problematic
cases where the hosts using the default address selection rules cases where the hosts using the default address selection rules
encounter communication troubles. encounter communication troubles.
This document describes such possibilities of incorrect address This document describes the possibilities of incorrect address
selection which leads to dropping packets and communication failure. selection that lead to dropping packets and communication failure.
1.1. Scope of this document 1.1. Scope of This Document
As other mechanisms already exist, the multi-homing techniques for As other mechanisms already exist, the multi-homing techniques for
achieving redundancy are basically out of our scope. achieving redundancy are basically out of our scope.
We focus on an end-site network environment and unmanaged hosts in We focus on an end-site network environment and unmanaged hosts in
such an environment. This is because address selection behavior at such an environment. This is because address selection behavior at
this kind of hosts is difficult to manipulate owing to the users' these kinds of hosts is difficult to manipulate, owing to the users'
lack of knowledge, hosts' location, or massiveness of the hosts. lack of knowledge, hosts' location, or massiveness of the hosts.
The scope of this document is to sort out problematic cases related The scope of this document is to sort out problematic cases related
to address selection. It includes problems that can be solved in the to address selection. It includes problems that can be solved in the
framework of RFC 3484 and problems that cannot. For the latter, RFC framework of RFC 3484 and problems that cannot. For the latter, RFC
3484 might be modified to meet their needs, or another address 3484 might be modified to meet their needs, or another address
selection solution might be necessary. For the former, an additional selection solution might be necessary. For the former, an additional
mechanism that mitigates the operational difficulty might be mechanism that mitigates the operational difficulty might be
necessary. necessary.
This document also includes simple solution analysis for each This document also includes simple solution analysis for each
problematic case. This analysis basically just focuses on whether problematic case. This analysis basically just focuses on whether or
the case can be solved in the framework of RFC 3484 or not. If not, not the case can be solved in the framework of RFC 3484. If not,
some possible solutions are described. Even if a case can be solved some possible solutions are described. Even if a case can be solved
in the framework of RFC 3484, as mentioned above, it does not in the framework of RFC 3484, as mentioned above, it does not
necessarily mean that there is no operational difficulty. For necessarily mean that there is no operational difficulty. For
example, in the environment stated above, it is not a feasible example, in the environment stated above, it is not a feasible
solution to configure each host's policy table by hand. So, for such solution to configure each host's policy table by hand. So, for such
an solution, configuration pain is yet another common problem. a solution, the difficulty of configuration is yet another common
problem.
2. Problem Statement 2. Problem Statement
2.1. Source Address Selection 2.1. Source Address Selection
2.1.1. Multiple Routers on Single Interface 2.1.1. Multiple Routers on a Single Interface
================== ==================
| Internet | | Internet |
================== ==================
| | | |
2001:db8:1000::/36 | | 2001:db8:8000::/36 2001:db8:1000::/36 | | 2001:db8:8000::/36
+----+-+ +-+----+ +----+-+ +-+----+
| ISP1 | | ISP2 | | ISP1 | | ISP2 |
+----+-+ +-+----+ +----+-+ +-+----+
| | | |
skipping to change at page 4, line 40 skipping to change at page 4, line 33
+-------+-+ +-+-------+ +-------+-+ +-+-------+
| | | |
2001:db8:1000:1::/64 | | 2001:db8:8000:1::/64 2001:db8:1000:1::/64 | | 2001:db8:8000:1::/64
| | | |
-----+-+-----+------ -----+-+-----+------
| |
+-+----+ 2001:db8:1000:1::100 +-+----+ 2001:db8:1000:1::100
| Host | 2001:db8:8000:1::100 | Host | 2001:db8:8000:1::100
+------+ +------+
[Fig. 1] Figure 1
Generally speaking, there is no interaction between next-hop Generally speaking, there is no interaction between next-hop
determination and address selection. In this example, when a host determination and address selection. In this example, when a host
starts a new connection and sends a packet via Router1, the host does starts a new connection and sends a packet via Router1, the host does
not necessarily choose address 2001:db8:1000:1::100 given by Router1 not necessarily choose address 2001:db8:1000:1::100 given by Router1
as the source address. This causes the same problem as described in as the source address. This causes the same problem as described in
the next section 'Ingress Filtering Problem'. the next section, "Ingress Filtering Problem".
Solution analysis: Solution analysis:
As this case depends on next-hop selection, controlling the
As this case depends on next hop selection, controling the address address selection behavior at the Host alone doesn't solve the
selection behavior at Host alone doesn't solve the entire problem. entire problem. One possible solution for this case is adopting
One possible solution for this case is adopting source address source-address-based routing at Router1 and Router2. Another
based routing at Router1 and Router2. Another solution may be solution may be using static routing at Router1, Router2, and the
using static routing at Router1, Router2 and Host, and using the Host, and using the corresponding static address selection policy
corresponding static address selection policy at Host. at the Host.
2.1.2. Ingress Filtering Problem 2.1.2. Ingress Filtering Problem
================== ==================
| Internet | | Internet |
================== ==================
| | | |
2001:db8:1000::/36 | | 2001:db8:8000::/36 2001:db8:1000::/36 | | 2001:db8:8000::/36
+----+-+ +-+----+ +----+-+ +-+----+
| ISP1 | | ISP2 | | ISP1 | | ISP2 |
skipping to change at page 5, line 35 skipping to change at page 5, line 28
| Router | | Router |
+----+----+ +----+----+
| 2001:db8:1000:1::/64 | 2001:db8:1000:1::/64
| 2001:db8:8000:1::/64 | 2001:db8:8000:1::/64
------+---+---------- ------+---+----------
| |
+-+----+ 2001:db8:1000:1::100 +-+----+ 2001:db8:1000:1::100
| Host | 2001:db8:8000:1::100 | Host | 2001:db8:8000:1::100
+------+ +------+
[Fig. 2] Figure 2
When a relatively small site, which we call a "customer network", is When a relatively small site, which we call a "customer network", is
attached to two upstream ISPs, each ISP delegates a network address attached to two upstream ISPs, each ISP delegates a network address
block, which is usually /48, and a host has multiple IPv6 addresses. block, which is usually /48, and a host has multiple IPv6 addresses.
When the source address of an outgoing packet is not the one that is When the source address of an outgoing packet is not the one that is
delegated by an upstream ISP, there is a possibility that the packet delegated by an upstream ISP, there is a possibility that the packet
will be dropped at the ISP by its Ingress Filter. Ingress filtering will be dropped at the ISP by its ingress filter. Ingress filtering
is becoming more popular among ISPs to mitigate the damage of DoS is becoming more popular among ISPs to mitigate the damage of
attacks. denial-of-service (DoS) attacks.
In this example, when the Router chooses the default route to ISP2 In this example, when the router chooses the default route to ISP2
and the Host chooses 2001:db8:1000:1::100 as the source address for and the host chooses 2001:db8:1000:1::100 as the source address for
packets sent to a host (2001:db8:2000::1) somewhere on the Internet, packets sent to a host (2001:db8:2000::1) somewhere on the Internet,
the packets may be dropped at ISP2 because of Ingress Filtering. the packets may be dropped at ISP2 because of ingress filtering.
Solution analysis: Solution analysis:
One possible solution for this case is adopting source-address-
One possible solution for this case is adopting source address based routing at the Router. Another solution may be using static
based routing at Router. Another solution may be using static routing at the Router, and using the corresponding static address
routing at Router, and using the corresponding static address selection policy at the Host.
selection policy at Host.
2.1.3. Half-Closed Network Problem 2.1.3. Half-Closed Network Problem
You can see a second typical source address selection problem in a You can see a second typical source address selection problem in a
multihome site with global-closed mixed connectivity like in the multi-homed site with global half-closed connectivity, as shown in
figure below. In this case, Host-A is in a multihomed network and the figure below. In this case, Host-A is in a multi-homed network
has two IPv6 addresses, one delegated from each of the upstream ISPs. and has two IPv6 addresses, one delegated from each of the upstream
Note that ISP2 is a closed network and does not have connectivity to ISPs. Note that ISP2 is a closed network and does not have
the Internet. connectivity to the Internet.
+--------+ +--------+
| Host-C | 2001:db8:a000::1 | Host-C | 2001:db8:a000::1
+-----+--+ +-----+--+
| |
============== +--------+ ============== +--------+
| Internet | | Host-B | 2001:db8:8000::1 | Internet | | Host-B | 2001:db8:8000::1
============== +--------+ ============== +--------+
| | | |
2001:db8:1000:/36 | | 2001:db8:8000::/36 2001:db8:1000:/36 | | 2001:db8:8000::/36
skipping to change at page 6, line 44 skipping to change at page 6, line 39
| Router | | Router |
+----+----+ +----+----+
| 2001:db8:1000:1::/64 | 2001:db8:1000:1::/64
| 2001:db8:8000:1::/64 | 2001:db8:8000:1::/64
------+---+---------- ------+---+----------
| |
+--+-----+ 2001:db8:1000:1::100 +--+-----+ 2001:db8:1000:1::100
| Host-A | 2001:db8:8000:1::100 | Host-A | 2001:db8:8000:1::100
+--------+ +--------+
[Fig. 3] Figure 3
You do not need two physical network connections here. The You do not need two physical network connections here. The
connection from the Router to ISP2 can be a logical link over ISP1 connection from the Router to ISP2 can be a logical link over ISP1
and the Internet. and the Internet.
When Host-A starts the connection to Host-B in ISP2, the source When Host-A starts the connection to Host-B in ISP2, the source
address of a packet that has been sent will be the one delegated from address of a packet that has been sent will be the one delegated from
ISP2, that is 2001:db8:8000:1::100, because of rule 8 (longest ISP2 (that is, 2001:db8:8000:1::100) because of rule 8 (longest
matching prefix) in RFC 3484. matching prefix) in RFC 3484.
Host-C is located somewhere on the Internet and has IPv6 address Host-C is located somewhere on the Internet and has IPv6 address
2001:db8:a000::1. When Host-A sends a packet to Host-C, the longest 2001:db8:a000::1. When Host-A sends a packet to Host-C, the longest
matching algorithm chooses 2001:db8:8000:1::100 for the source matching algorithm chooses 2001:db8:8000:1::100 for the source
address. In this case, the packet goes through ISP1 and may be address. In this case, the packet goes through ISP1 and may be
filtered by ISP1's ingress filter. Even if the packet is not filtered by ISP1's ingress filter. Even if the packet is not
filtered by ISP1, a return packet from Host-C cannot possibly be filtered by ISP1, a return packet from Host-C cannot possibly be
delivered to Host-A because the return packet is destined for 2001: delivered to Host-A because the return packet is destined for 2001:
db8:8000:1::100, which is closed from the Internet. db8:8000:1::100, which is closed from the Internet.
The important point is that each host chooses a correct source The important point is that each host chooses a correct source
address for a given destination address. To solve this kind of address for a given destination address. To solve this kind of
network policy based address selection problems, it is likely that network-policy-based address selection problem, it is likely that
delivering additional information to a node fits better than delivering additional information to a node provides a better
algorithmic solutions that are local to the node. solution than using algorithms that are local to the node.
Solution analysis: Solution analysis:
This problem can be solved in the RFC 3484 framework. For This problem can be solved in the RFC 3484 framework. For
example, configuring some address selection policies into Host-A's example, configuring some address selection policies into Host-A's
RFC 3484 policy table can solve this problem. RFC 3484 policy table can solve this problem.
2.1.4. Combined Use of Global and ULA 2.1.4. Combined Use of Global and ULA
============ ============
| Internet | | Internet |
skipping to change at page 7, line 50 skipping to change at page 7, line 45
+-+-----+-+ +-+-----+-+
| | 2001:db8:a:100::/64 | | 2001:db8:a:100::/64
fd01:2:3:200:/64 | | fd01:2:3:100:/64 fd01:2:3:200:/64 | | fd01:2:3:100:/64
-----+--+- -+--+---- -----+--+- -+--+----
| | | |
fd01:2:3:200::101 | | 2001:db8:a:100::100 fd01:2:3:200::101 | | 2001:db8:a:100::100
+----+----+ +-+----+ fd01:2:3:100::100 +----+----+ +-+----+ fd01:2:3:100::100
| Printer | | Host | | Printer | | Host |
+---------+ +------+ +---------+ +------+
[Fig. 4] Figure 4
As RFC 4864 [RFC4864] describes, using a ULA may be beneficial in As RFC 4864 [RFC4864] describes, using a ULA may be beneficial in
some scenarios. If the ULA is used for internal communication, some scenarios. If the ULA is used for internal communication,
packets with ULA need to be filtered at the Router. packets with the ULA need to be filtered at the Router.
This case does not presently create an address selection problem This case does not presently create an address selection problem
because of the dissimilarity between the ULA and the Global Unicast because of the dissimilarity between the ULA and the global unicast
Address. The longest matching rule of RFC 3484 chooses the correct address. The longest matching rule of RFC 3484 chooses the correct
address for both intra-site and extra-site communication. address for both intra-site and extra-site communication.
In the future, however, there is a possibility that the longest In the future, however, there is a possibility that the longest
matching rule will not be able to choose the correct address anymore. matching rule will not be able to choose the correct address anymore.
That is the moment when the assignment of those Global Unicast That is the moment when the assignment of those global unicast
Addresses starts, where the first bit is 1. In RFC 4291 [RFC4291], addresses starts, where the first bit is 1. In RFC 4291 [RFC4291],
almost all address spaces of IPv6, including those whose first bit is almost all address spaces of IPv6, including those whose first bit is
1, are assigned as Global Unicast Addresses. 1, are assigned as global unicast addresses.
Namely, when we start to assign a part of the address block 8000::/1 Namely, when we start to assign a part of the address block 8000::/1
as the global unicast address and that part is used somewhere in the as the global unicast address and that part is used somewhere in the
Internet, the longest matching rule ceases to function properly for Internet, the longest matching rule ceases to function properly for
the people trying to connect to the servers with those addresses. the people trying to connect to the servers with those addresses.
For example, when the destination host has an IPv6 address 8000::1, For example, when the destination host has an IPv6 address 8000::1,
and the originating host has 2001:db8::1 and fd0:1::1, the source and the originating host has 2001:db8:a:100::100 and
address will be fd00:1::1, because the longest matching bit length is fd01:2:3:100::100, the source address will be fd01:2:3:100::100,
0 for 2001:db8::1 and 1 for fd0:1::1 respectively. because the longest matching bit length is 0 for 2001:db8:a:100::100
and 1 for fd01:2:3:100::100, respectively.
Solution analysis: Solution analysis:
This problem can be solved in the RFC 3484 framework. For This problem can be solved in the RFC 3484 framework. For
example, configuring some address selection policies into Host's example, configuring some address selection policies into the
RFC 3484 policy table can solve this problem. Another solution is Host's RFC 3484 policy table can solve this problem. Another
to modify RFC 3484 and define ULA's scope smaller than the global solution is to modify RFC 3484 and define ULA's scope smaller than
scope. the global scope.
2.1.5. Site Renumbering 2.1.5. Site Renumbering
RFC 4192 [RFC4192] describes a recommended procedure for renumbering RFC 4192 [RFC4192] describes a recommended procedure for renumbering
a network from one prefix to another. An autoconfigured address has a network from one prefix to another. An autoconfigured address has
a lifetime, so by stopping advertisement of the old prefix, the a lifetime, so by stopping advertisement of the old prefix, the
autoconfigured address is eventually invalidated. autoconfigured address is eventually invalidated.
However, invalidating the old prefix takes a long time. You cannot However, invalidating the old prefix takes a long time. You cannot
stop routing to the old prefix as long as the old prefix is not stop routing to the old prefix as long as the old prefix is not
removed from the host. This can be a tough issue for ISP network removed from the host. This can be a tough issue for ISP network
administrators. administrators.
There is a technique of advertising the prefix with the preferred There is a technique of advertising the prefix with the preferred
lifetime zero, however, RFC 4862 [RFC4862] 5.5.4 does not absolutely lifetime zero; however, RFC 4862 [RFC4862], Section 5.5.4, does not
prohibit the use of a deprecated address for a new outgoing absolutely prohibit the use of a deprecated address for a new
connection due to limitations relating to what applications are outgoing connection due to limitations on the capabilities of
capable of doing." applications.
+-----+---+ +-----+---+
| Router | | Router |
+----+----+ +----+----+
| 2001:db8:b::/64 (new) | 2001:db8:b::/64 (new)
| 2001:db8:a::/64 (old) | 2001:db8:a::/64 (old)
------+---+---------- ------+---+----------
| |
+--+---+ 2001:db8:b::100 (new) +--+---+ 2001:db8:b::100 (new)
| Host | 2001:db8:a::100 (old) | Host | 2001:db8:a::100 (old)
+------+ +------+
[Fig. 5] Figure 5
Solution analysis: Solution analysis:
This problem can be mitigated in the RFC 3484 framework. For This problem can be mitigated in the RFC 3484 framework. For
example, configuring some address selection policies into Host's example, configuring some address selection policies into the
RFC 3484 policy table can solve this problem. Host's RFC 3484 policy table can solve this problem.
2.1.6. Multicast Source Address Selection 2.1.6. Multicast Source Address Selection
This case is an example of site-local or global unicast This case is an example of site-local or global unicast
prioritization. When you send a multicast packet across site- prioritization. When you send a multicast packet across site
borders, the source address of the multicast packet should be a borders, the source address of the multicast packet should be a
globally routable address. The longest matching algorithm, however, globally routable address. The longest matching algorithm, however,
selects a ULA if the sending host has both a ULA and a Global Unicast selects a ULA if the sending host has both a ULA and a Global Unicast
Address. Address.
Solution analysis: Solution analysis:
This problem can be solved in the RFC 3484 framework. For This problem can be solved in the RFC 3484 framework. For
example, configuring some address selection policies into the example, configuring some address selection policies into the
sending host's RFC 3484 policy table can solve this problem. sending host's RFC 3484 policy table can solve this problem.
2.1.7. Temporary Address Selection 2.1.7. Temporary Address Selection
RFC 3041 [RFC3041] defines a Temporary Address. The usage of a RFC 3041 [RFC3041] defines a Temporary Address. The usage of a
Temporary Address has both pros and cons. That is good for viewing Temporary Address has both pros and cons. It is good for viewing web
web pages or communicating with the general public, but that is bad pages or communicating with the general public, but it is bad for a
for a service that uses address-based authentication and for logging service that uses address-based authentication and for logging
purposes. purposes.
If you could turn the temporary address on and off, that would be If you could turn the temporary address on and off, that would be
better. If you could switch its usage per service (destination better. If you could switch its usage per service (destination
address), that would also be better. The same situation can be found address), that would also be better. The same situation can be found
when using HA (home address) and CoA (care-of address)in a Mobile when using an HA (home address) and a CoA (care-of address) in a
IPv6 [RFC3775] network. Mobile IPv6 [RFC3775] network.
The Future Work section in RFC 3041 discusses that an API extension Section 6 ("Future Work") of RFC 3041 discusses that an API extension
might be necessary to achieve a better address selection mechanism might be necessary to achieve a better address selection mechanism
with finer granularity. with finer granularity.
Solution analysis: Solution analysis:
This problem can not be solved in the RFC 3484 framework. A This problem can not be solved in the RFC 3484 framework. A
possible solution is to make applications to select desirable possible solution is to make applications to select desirable
addresses by using the IPv6 Socket API for Source Address addresses by using the IPv6 Socket API for Source Address
Selection defined in RFC 5014 [RFC5014]. Selection defined in RFC 5014 [RFC5014].
2.2. Destination Address Selection 2.2. Destination Address Selection
2.2.1. IPv4 or IPv6 prioritization 2.2.1. IPv4 or IPv6 Prioritization
The default policy table gives IPv6 addresses higher precedence than The default policy table gives IPv6 addresses higher precedence than
IPv4 addresses. There seem to be many cases, however, where network IPv4 addresses. There seem to be many cases, however, where network
administrators want to control the address selection policy of end- administrators want to control the address selection policy of end
hosts the other way around. hosts so that it is the other way around.
+---------+ +---------+
| Tunnel | | Tunnel |
| Service | | Service |
+--+---++-+ +--+---++-+
| || | ||
| || | ||
===========||== ===========||==
| Internet || | | Internet || |
===========||== ===========||==
skipping to change at page 11, line 4 skipping to change at page 11, line 33
| Router | | Router |
+----+----+ +----+----+
| 2001:db8:a:1::/64 | 2001:db8:a:1::/64
| 192.0.2.0/28 | 192.0.2.0/28
| |
------+---+---------- ------+---+----------
| |
+-+----+ 2001:db8:a:1::100 +-+----+ 2001:db8:a:1::100
| Host | 192.0.2.2 | Host | 192.0.2.2
+------+ +------+
[Fig. 6]
In the figure above, a site has native IPv4 and tunneled-IPv6 Figure 6
In the figure above, a site has native IPv4 and tunneled IPv6
connectivity. Therefore, the administrator may want to set a higher connectivity. Therefore, the administrator may want to set a higher
priority for using IPv4 than using IPv6 because the quality of the priority for using IPv4 than for using IPv6 because the quality of
tunnel network seems to be worse than that of the native transport. the tunnel network seems to be worse than that of the native
transport.
Solution analysis: Solution analysis:
This problem can be solved in the RFC 3484 framework. For This problem can be solved in the RFC 3484 framework. For
example, configuring some address selection policies into Host's example, configuring some address selection policies into the
RFC 3484 policy table can solve this problem. Host's RFC 3484 policy table can solve this problem.
2.2.2. ULA and IPv4 dual-stack environment 2.2.2. ULA and IPv4 Dual-Stack Environment
This is a special form of IPv4 and IPv6 prioritization. When an This is a special form of IPv4 and IPv6 prioritization. When an
enterprise has IPv4 Internet connectivity but does not yet have IPv6 enterprise has IPv4 Internet connectivity but does not yet have IPv6
Internet connectivity, and the enterprise wants to provide site-local Internet connectivity, and the enterprise wants to provide site-local
IPv6 connectivity, a ULA is the best choice for site-local IPv6 IPv6 connectivity, a ULA is the best choice for site-local IPv6
connectivity. Each employee host will have both an IPv4 global or connectivity. Each employee host will have both an IPv4 global or
private address and a ULA. Here, when this host tries to connect to private address and a ULA. Here, when this host tries to connect to
Host-B that has registered both A and AAAA records in the DNS, the Host-B that has registered both A and AAAA records in the DNS, the
host will choose AAAA as the destination address and the ULA for the host will choose AAAA as the destination address and the ULA for the
source address. This will clearly result in a connection failure. source address. This will clearly result in a connection failure.
skipping to change at page 12, line 30 skipping to change at page 12, line 35
| Router | | Router |
+----+----+ +----+----+
| fd01:2:3:4::/64 (ULA) | fd01:2:3:4::/64 (ULA)
| 192.0.2.240/28 | 192.0.2.240/28
------+---+---------- ------+---+----------
| |
+-+------+ fd01:2:3:4::100 (ULA) +-+------+ fd01:2:3:4::100 (ULA)
| Host-A | 192.0.2.245 | Host-A | 192.0.2.245
+--------+ +--------+
[Fig. 7] Figure 7
Solution analysis: Solution analysis:
This problem can be solved in the RFC 3484 framework. For This problem can be solved in the RFC 3484 framework. For
example, configuring some address selection policies into Host-A's example, configuring some address selection policies into Host-A's
RFC 3484 policy table can solve this problem. RFC 3484 policy table can solve this problem.
2.2.3. ULA or Global Prioritization 2.2.3. ULA or Global Prioritization
Differentiating services by the client's source address is very Differentiating services by the client's source address is very
common. IP-address-based authentication is an typical example of common. IP-address-based authentication is a typical example of
this. Another typical example is a web service that has pages for this. Another typical example is a web service that has pages for
the public and internal pages for employees or involved parties. Yet the public and internal pages for employees or involved parties. Yet
another example is DNS zone splitting. another example is DNS zone splitting.
However, a ULA and IPv6 global address both have global scope, and However, a ULA and an IPv6 global address both have global scope, and
RFC3484 default rules do not specify which address should be given RFC3484 default rules do not specify which address should be given
priority. This point makes IPv6 implementation of address-based priority. This point makes IPv6 implementation of address-based
service differentiation a bit harder. service differentiation a bit harder.
+--------+ +--------+
| Host-B | | Host-B |
+-+--|---+ +-+--|---+
| | | |
===========|== ===========|==
| Internet | | | Internet | |
skipping to change at page 13, line 31 skipping to change at page 13, line 36
| Router || | Router ||
+---+-----|+ +---+-----|+
| | 2001:db8:a:100::/64 | | 2001:db8:a:100::/64
| | fc12:3456:789a:100::/64 | | fc12:3456:789a:100::/64
--+-+---|----- --+-+---|-----
| | | |
+-+---|--+ 2001:db8:a:100::100 +-+---|--+ 2001:db8:a:100::100
| Host-A | fc12:3456:789a:100::100 | Host-A | fc12:3456:789a:100::100
+--------+ +--------+
[Fig. 7] Figure 8
Solution analysis: Solution analysis:
This problem can be solved in the RFC 3484 framework. For This problem can be solved in the RFC 3484 framework. For
example, configuring some address selection policies into Host-A's example, configuring some address selection policies into Host-A's
RFC 3484 policy table can solve this problem. RFC 3484 policy table can solve this problem.
3. Conclusion 3. Conclusion
We have covered problems related to destination or source address We have covered problems related to destination or source address
selection. These problems have their roots in the situation where selection. These problems have their roots in the situation where
end-hosts have multiple IP addresses. In this situation, every end- end hosts have multiple IP addresses. In this situation, every end
host must choose an appropriate destination and source address, which host must choose an appropriate destination and source address; this
cannot be achieved only by routers. choice cannot be achieved only by routers.
It should be noted that end-hosts must be informed about routing It should be noted that end hosts must be informed about routing
policies of their upstream networks for appropriate address policies of their upstream networks for appropriate address
selection. A site administrator must consider every possible address selection. A site administrator must consider every possible address
false-selection problem and take countermeasures beforehand. false-selection problem and take countermeasures beforehand.
4. Security Considerations 4. Security Considerations
When an intermediate router performs policy routing (e.g. source When an intermediate router performs policy routing (e.g., source-
address based routing), inappropriate address selection causes address-based routing), inappropriate address selection causes
unexpected routing. For example, in the network described in 2.1.3, unexpected routing. For example, in the network described in Section
when Host-A uses a default address selection policy and chooses an 2.1.3, when Host-A uses a default address selection policy and
inappropriate address, a packet sent to VPN can be delivered to a chooses an inappropriate address, a packet sent to a VPN can be
location via the Internet. This issue can lead to packet delivered to a location via the Internet. This issue can lead to
eavesdropping or session hijack. However, sending the packet back to packet eavesdropping or session hijack. However, sending the packet
the correct path from the attacker to the node is not easy, so these back to the correct path from the attacker to the node is not easy,
two risks are not serious. so these two risks are not serious.
As documented in the security consideration section in RFC 3484, As documented in the Security Considerations section of RFC 3484,
address selection algorithms expose a potential privacy concern. address selection algorithms expose a potential privacy concern.
When a malicious host can make a target host perform address When a malicious host can make a target host perform address
selection, for example by sending a anycast or a multicast packet, selection (for example, by sending an anycast or multicast packet),
the malicious host can get knowledge multiple addresses attached to the malicious host can get knowledge of multiple addresses attached
the target host. In a case like 2.1.4, if an attacker can make Host to the target host. In a case like Section 2.1.4, if an attacker can
to send a multicast packet and Host performs the default address make the Host to send a multicast packet and the Host performs the
selection algorithm, the attacker may be able to determine the ULAs default address selection algorithm, the attacker may be able to
attached to the Host. determine the ULAs attached to the host.
These security risks have roots in inappropriate address selection. These security risks have roots in inappropriate address selection.
Therefore, if a countermeasure is taken, and hosts always select an Therefore, if a countermeasure is taken, and hosts always select an
appropriate address that is suitable to a site's network structure appropriate address that is suitable to a site's network structure
and routing, these risks can be avoided. and routing, these risks can be avoided.
5. IANA Considerations 5. Normative References
This document has no actions for IANA.
6. References
6.1. Normative References
[RFC3041] Narten, T. and R. Draves, "Privacy Extensions for [RFC3041] Narten, T. and R. Draves, "Privacy Extensions for
Stateless Address Autoconfiguration in IPv6", RFC 3041, Stateless Address Autoconfiguration in IPv6", RFC 3041,
January 2001. January 2001.
[RFC3484] Draves, R., "Default Address Selection for Internet [RFC3484] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003. Protocol version 6 (IPv6)", RFC 3484, February 2003.
[RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support
in IPv6", RFC 3775, June 2004. in IPv6", RFC 3775, June 2004.
skipping to change at page 15, line 24 skipping to change at page 16, line 5
Address Autoconfiguration", RFC 4862, September 2007. Address Autoconfiguration", RFC 4862, September 2007.
[RFC4864] Van de Velde, G., Hain, T., Droms, R., Carpenter, B., and [RFC4864] Van de Velde, G., Hain, T., Droms, R., Carpenter, B., and
E. Klein, "Local Network Protection for IPv6", RFC 4864, E. Klein, "Local Network Protection for IPv6", RFC 4864,
May 2007. May 2007.
[RFC5014] Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6 [RFC5014] Nordmark, E., Chakrabarti, S., and J. Laganier, "IPv6
Socket API for Source Address Selection", RFC 5014, Socket API for Source Address Selection", RFC 5014,
September 2007. September 2007.
6.2. Informative References
Appendix A. Appendix. Revision History
01:
IP address notations changed to documentation address.
Description of solutions deleted.
02:
Security considerations section rewritten according to comments
from SECDIR.
03:
Intended status changed to Informational.
04:
This version reflects comments from IESG members.
05:
This version reflects comments from IESG members and Bob Hinden.
06:
This version reflects comments from Thomas Narten.
07:
This version reflects comments from Alfred Hoenes.
08:
Solution analysis for the section 2.1.6 was added.
09:
Typos were fixed, thanks to Jari Arrko.
Authors' Addresses Authors' Addresses
Arifumi Matsumoto Arifumi Matsumoto
NTT PF Lab NTT PF Lab
Midori-Cho 3-9-11 Midori-Cho 3-9-11
Musashino-shi, Tokyo 180-8585 Musashino-shi, Tokyo 180-8585
Japan Japan
Phone: +81 422 59 3334 Phone: +81 422 59 3334
Email: arifumi@nttv6.net EMail: arifumi@nttv6.net
Tomohiro Fujisaki Tomohiro Fujisaki
NTT PF Lab NTT PF Lab
Midori-Cho 3-9-11 Midori-Cho 3-9-11
Musashino-shi, Tokyo 180-8585 Musashino-shi, Tokyo 180-8585
Japan Japan
Phone: +81 422 59 7351 Phone: +81 422 59 7351
Email: fujisaki@nttv6.net EMail: fujisaki@nttv6.net
Ruri Hiromi Ruri Hiromi
Intec Netcore, Inc. Intec Netcore, Inc.
Shinsuna 1-3-3 Shinsuna 1-3-3
Koto-ku, Tokyo 136-0075 Koto-ku, Tokyo 136-0075
Japan Japan
Phone: +81 3 5665 5069 Phone: +81 3 5665 5069
Email: hiromi@inetcore.com EMail: hiromi@inetcore.com
Ken-ichi Kanayama Ken-ichi Kanayama
INTEC Systems Institute, Inc. INTEC Systems Institute, Inc.
Shimoshin-machi 5-33 Shimoshin-machi 5-33
Toyama-shi, Toyama 930-0804 Toyama-shi, Toyama 930-0804
Japan Japan
Phone: +81 76 444 8088 Phone: +81 76 444 8088
Email: kanayama_kenichi@intec-si.co.jp EMail: kanayama_kenichi@intec-si.co.jp
Full Copyright Statement Full Copyright Statement
Copyright (C) The IETF Trust (2008). Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
 End of changes. 63 change blocks. 
210 lines changed or deleted 154 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/