HTTP/1.1 200 OK Date: Tue, 09 Apr 2002 03:49:55 GMT Server: Apache/1.3.20 (Unix) Last-Modified: Tue, 07 Apr 1998 05:56:30 GMT ETag: "2e7af4-b839-3529c00e" Accept-Ranges: bytes Content-Length: 47161 Connection: close Content-Type: text/plain IPng Working Group Matt Crawford Internet Draft Fermilab Bob Hinden Nokia March 12, 1998 Router Renumbering for IPv6 Status of this Memo This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a ``working draft'' or ``work in progress.'' To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the Internet Drafts Shadow Directories on ftp.is.co.za (Africa), ftp.nordu.net (North Europe), ftp.nis.garr.it (South Europe), ds.internic.net (US East Coast), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). Distribution of this memo is unlimited. 1. Abstract IPv6 Neighbor Discovery and Address Autoconfiguration conveniently make initial assignments of address prefixes to hosts. Aside from the problem of connection survival across a renumbering event, these two mechanisms also simplify the reconfiguration of hosts when the set of valid prefixes changes. This document defines a mechanism called Router Renumbering (''RR'') which allows address prefixes on routers to be configured and reconfigured almost as easily as the combination of Neighbor Discovery and Address Autoconfiguration works for hosts. It provides a means for a network manager to make updates to the prefixes used by and advertised by IPv6 routers throughout a site. Expires September 17, 1998 Crawford [Page 1] Internet Draft Router Renumbering March 12, 1998 2. Functional Overview Router Renumbering Command packets contain a sequence of Prefix Control Operations (PCOs). Each PCO specifies an operation, a Match-Prefix, and zero or more Use-Prefixes. A router processes each PCO in sequence, checking each of its interfaces for an address or prefix which matches the Match-Prefix. For every interface on which a match is found, the operation is applied. The operation is one of ADD, CHANGE, or SET-GLOBAL to instruct the router to respectively add the Use-Prefixes to the set of configured prefixes, remove the prefix which matched the Match-Prefix and replace it with the Use-Prefixes, or replace all global-scope prefixes with the Use-Prefixes. If the set of Use-Prefixes in the PCO is empty, the ADD operation does nothing and the other two reduce to deletions. Additional information for each Use-Prefix is included in the Prefix Control Operation: the valid and preferred lifetimes to be included in Router Advertisement Prefix Information Options [ND], and either the L and A flags for the same option, or an indication that they are to be copied from the prefix that matched the Match-Prefix. It is possible to instruct routers to create new prefixes by combining the Use-Prefixes in a PCO with some portion of the existing prefix which matched the Match-Prefix. This simplifies certain operations which are expected to be among the most common. For every Use-Prefix, the PCO specifies a number of bits which should be copied from the existing address or prefix which matched the Match-Prefix and appended to the use-prefix prior to configuring the new prefix on the interface. The copied bits are zero or more bits from the positions immediately after the length of the Use- Prefix. If subnetting information is in the same portion of of the old and new prefixes, this synthesis allows a single Prefix Control Operation to define a new global prefix on every router in a site, while preserving the subnetting structure. Because of the power of the Router Renumbering mechanism, each RR message includes a sequence number and an authenticator to guard against replays. Each elementary RR operation is idempotent and so could be retransmitted for improved reliability, as long as the sequence number is current, without concern about multiple processing. However, non-idempotent combinations of elementary RR operations can easily be constructed and messages containing such combinations could not be safely reprocessed. Therefore, all routers are required to guard against processing an RR message more than once. Possibly a network manager will want to perform more renumbering, or exercise more detailed control, than can be expressed in a single Expires September 17, 1998 Crawford [Page 2] Internet Draft Router Renumbering March 12, 1998 Router Renumbering packet on the available media. The RR mechanism is most powerful when RR packets are multicast, so IP fragmentation is undesirable. For these reasons, each RR packet contains a "Segment Number". All RR packets which have a Sequence Number equal to the highest value seen (for each valid key), and which pass the authentication check, are equally valid and must be processed. However, a router must keep track of the Segment Numbers of RR messages already processed and avoid reprocessing a message whose Sequence Number and Segment Number match a previously processed message. There is a "Test" flag which indicates that all routers should simulate processing of the RR message and not perform any actual reconfiguration. A separate "Report" flag instructs routers to send a Router Renumbering Result message back to the source of the RR Command message indicating the actual or simulated result of the operations in the RR Command message. The effect or simulated effect of an RR Command message may also reported to network management by means outside the scope of this document, regardless of the value of the "Report" flag. 3. Definitions 3.1. Terminology Address This term always refers to a 128-bit IPv6 address [AARCH]. When referring to bits within an address, they are numbered from 0 to 127, with bit 0 being the first bit of the Format Prefix. Prefix A prefix can be understood as an address plus a length, the latter being an integer in the range 0 to 128 indicating how many leading bits are significant. When referring to bits within a prefix, they are numbered in the same way as the bits of an address. For example, the significant bits of a prefix whose length is L are the bits numbered 0 through L-1, inclusive. Match An address A "matches" a prefix P whose length is L if the first L bits of A are identical with the first L bits of P. (Every address matches a prefix of length 0.) A prefix P1 with length L1 matches a prefix P2 of length L2 if L1 >= L2 and the first L2 bits of P1 and P2 are identical. Expires September 17, 1998 Crawford [Page 3] Internet Draft Router Renumbering March 12, 1998 Prefix Control Operation, Match-Prefix, Use-Prefix These are defined section 2. Matched Prefix The existing prefix or address which matched a Match-Prefix. New Prefix A prefix constructed from a Use-Prefix, possibly including some of the Matched-Prefix. Recorded Sequence Number The highest sequence number found in a valid, authenticated message with a given key MUST be recorded in non-volatile storage along with that key. Note that "matches" is a transitive relation but not reflexive. If two prefixes match each other, they are identical. 3.2. Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [KWORD]. 3.3. Authentication Algorithms All implementations MUST support HMAC-MD5 [HMAC] for authentication. Additional algorithms MAY be supported. 4. Message Format There are two types of Router Renumbering messages: Commands, which are sent to routers, and Results, which are sent by routers. The two types of messages are distinguished the ICMPv6 "Code" field and differ in the contents of the "Message Body" field. Expires September 17, 1998 Crawford [Page 4] Internet Draft Router Renumbering March 12, 1998 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | / IPv6 header, extension headers / | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | / ICMPv6 & RR Header (16 octets) / | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | / RR Message Body / | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | / Authentication Data (16 octets for HMAC-MD5) / | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Router Renumbering Message Format Router Renumbering messages are carried in ICMPv6 packets with Type = 138. The RR message comprises An RR header, containing the ICMPv6 header, the sequence and segment numbers and information about the authentication key and the location and length of the authentication data within the packet. The RR Message Body, of variable length; The authentication data, with length dependent on the authentication type. The length of HMAC-MD5 authentication data is 16 octets. All fields marked "reserved" or "res" MUST be set to zero on generation of an RR message. During processing of the message they MUST be included in the authentication check, but otherwise ignored. All implementations which generate Router Renumbering Command messages MUST support sending them to the All Routers multicast address with link and site scopes, and to unicast addresses of link-local and site-local formats. All routers MUST be capable of receiving RR messages sent to those multicast addresses and to any of their link local and site local unicast addresses. Implementations SHOULD support sending and receiving RR messages addressed to other unicast addresses. Expires September 17, 1998 Crawford [Page 5] Internet Draft Router Renumbering March 12, 1998 4.1. Router Renumbering Header 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SegmentNumber | Flags | KeyID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AuthLen | AuthOffset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SequenceNumber | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Fields: Type 138 (decimal), the ICMPv6 type value assigned to Router Renumbering Code 0 for a Router Renumbering Command 1 for a Router Renumbering Result Checksum The ICMPv6 checksum, as specified in [ICMPV6]. The checksum covers the IPv6 pseudo-header and all fields of the RR message from the Type field through the Authentication Data. (For purposes of calculating and verifying the Authentication Data, the ICMPv6 checksum field is considered to be zero.) SegmentNumber An unsigned 8-bit field which enumerates different valid RR messages having the same SequenceNumber and KeyID. Flags A combination of one-bit flags. Six are defined and two bits are reserved. +-+-+-+-+-+-+-+-+ |T|R|A|S|P|E|res| +-+-+-+-+-+-+-+-+ The flags T, R, A and S have defined meanings in an RR Command message. In a Result message they MUST be copied from the corresponding Command. The flags P and E are meaningful only in a Result message and MUST be zero in a Command. T 0 indicates that the router configuration is to be Expires September 17, 1998 Crawford [Page 6] Internet Draft Router Renumbering March 12, 1998 modified; 1 indicates a "Test" message: processing is to be simulated and no configuration changes are to be made. R 0 indicates that a Result message MUST NOT be sent (but other forms of logging are not precluded); 1 indicates that the router MUST send a Result message upon completion of processing the Command message; A 0 indicates that the Command MUST NOT be applied to interfaces which are administratively shut down; 1 indicates that the Command MUST be applied to interfaces regardless of administrative shutdown status. S This flag MUST be ignored unless the router treats interfaces as belonging to different "sites". 0 indicates that the Command MUST be applied to interfaces regardless of which site they belong to; 1 indicates that the Command MUST be applied only to interfaces which belong to the same site as the interface to which the Command is addressed. If the destination address is appropriate for interfaces belonging to more than one site, then the Command MUST be applied only to interfaces belonging to the same site as the interface on which the Command was received. P 0 indicates that the Result message contains the complete report of processing the Command; 1 indicates that the Command message was previously processed (and is not a Test) and the responding router is not processing it again. This Result message MAY have an empty body. E 0 indicates that no error was encountered during processing of the Command; 1 indicates that an error was encountered. KeyID An unsigned 16-bit field that identifies the key used to create and verify the Authentication Data for this RR message. If multiple authentication algorithms are supported by the implementation, the choice of algorithm is implicit in the KeyID. If an asymmetric scheme is used, the public key for verification of received Expires September 17, 1998 Crawford [Page 7] Internet Draft Router Renumbering March 12, 1998 messages and the private key for signing transmitted messages are both implied by the KeyID. AuthLen An unsigned 16-bit field giving the length in octets of the Authentication Data. AuthOffset An unsigned 16-bit offset, measured in octets, from the beginning of the RR message (which is the beginning of the ICMPv6 header) to the beginning of the Authentication Data. The smallest valid value for AuthOffset is 16. SequenceNumber An unsigned 32-bit sequence number. The sequence number MUST be non-decreasing for all messages sent with the same KeyID. 4.2. Message Body -- Command Message The body of an RR Command message is a sequence of zero or more Prefix Control Operations, each of variable length. The end of the sequence MAY be located by the AuthOffset field in the RR header. 4.2.1. Prefix Control Operation A Prefix Control Operation has one Match-Prefix Part of 24 octets, followed by zero or more Use-Prefix Parts of 32 octets each. 4.2.1.1. Match-Prefix Part 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OpCode | OpLength | Ordinal | MatchLen | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +- -+ | | +- MatchPrefix -+ | | +- -+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Expires September 17, 1998 Crawford [Page 8] Internet Draft Router Renumbering March 12, 1998 Fields: OpCode An unsigned 8-bit field specifying the operation to be performed when the associated MatchPrefix matches an interface's prefix or address. Values are: 1 the ADD operation 2 the CHANGE operation 3 the SET-GLOBAL operation OpLength The total length of this Prefix Control Operation, in units of 8 octets. A valid OpLength will always be of the form 4N+3, with N equal to the number of UsePrefix parts (possibly zero). Ordinal An 8-bit field which MUST have a different value in each Prefix Control Operation contained in a given RR Command message. The value is otherwise unconstrained. MatchLen An 8-bit unsigned integer between 0 and 128 inclusive specifying the number of initial bits of MatchPrefix which are significant in matching. MatchPrefix The 128-bit prefix to be compared with each interface's prefix or address. Expires September 17, 1998 Crawford [Page 9] Internet Draft Router Renumbering March 12, 1998 4.2.1.2. Use-Prefix Part 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | UseLen | KeepLen | FlagMask | RAFlags | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Valid Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Preferred Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |V|P| reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +- -+ | | +- UsePrefix -+ | | +- -+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Fields: UseLen An 8-bit unsigned integer less than or equal to 128 specifying the number of initial bits of UsePrefix to use in creating a new prefix for an interface. KeepLen An 8-bit unsigned integer less than or equal to (128- UseLen) specifying the number of bits of the prefix or address which matched the associated Match-Prefix which should be retained in the new prefix. The retained bits are those at positions UseLen through (UseLen+KeepLen-1) in the matched address or prefix, and they are copied to the same positions in the New Prefix. FlagMask An 8-bit mask. A 1 bit in any position means that the corresponding flag bit in a Router Advertisement (RA) Prefix Information Option for the New Prefix should be set from the RAFlags field in this Use-Prefix Part. A 0 bit in the FlagMask means that the RA flag bit for the New Prefix should be copied from the corresponding RA flag bit of the Matched Prefix. RAFlags An 8 bit field which, under control of the FlagMask field, may be used to initialize the flags in Router Advertisement Prefix Information Options [ND] which advertise the New Prefix. Note that only two flags have Expires September 17, 1998 Crawford [Page 10] Internet Draft Router Renumbering March 12, 1998 defined meanings to date: the L (on-link) and A (autonomous configuration) flags. These flags occupy the two leftmost bit positions in the RAFlags field, corresponding to their position in the Prefix Information Option. Valid Lifetime A 32-bit unsigned integer which is the number of seconds for which the New Prefix will be valid [ND, SAA]. Preferred Lifetime A 32-bit unsigned integer which is the number of seconds for which the New Prefix will be preferred [ND, SAA]. V A 1-bit flag indicating that the valid lifetime of the New Prefix MUST be effectively decremented in real time. P A 1-bit flag indicating that the preferred lifetime of the New Prefix MUST be effectively decremented in real time. UsePrefix The 128-bit Use-prefix which either becomes or is used in forming (if KeepLen is nonzero) the New Prefix. It MUST NOT have the form of a multicast or link-local address [AARCH]. 4.3. Message Body -- Result Message The body of an RR Result message is a sequence of zero or more Match Reports of 24 octets. An RR Command message with the "R" flag set will elicit an RR Result message containing one Match Report for each Prefix Control Operation, for each different prefix it matches on each interface. The Match Report has the following format. Expires September 17, 1998 Crawford [Page 11] Internet Draft Router Renumbering March 12, 1998 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | reserved | Ordinal | MatchedLen | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | InterfaceIndex | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +- -+ | | +- MatchedPrefix -+ | | +- -+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Fields: Ordinal Copied from the Prefix Control Operation whose MatchPrefix matched the MatchedPrefix on the interface indicated by InterfaceIndex. MatchedLen The length of the existing prefix which was matched by the MatchPrefix. InterfaceIndex The router's numeric designation of the interface on which the MatchedPrefix was configured. This SHOULD be the same designation as is used in the SNMP Interfaces group. It is possible for a Result message to be larger than the Command message which elicited it. Such a Result message may have to be fragmented for transmission. If so, it SHOULD be fragmented to the IPv6 minimum required MTU [IPV6]. 4.4. Authentication The authentication covers the following fields, which are to be treated as contiguous data for the purpose of computing and verifying the AuthData. The IPv6 source address, The IPv6 destination address, The ICMPv6 and RR Header, The RR Message Body (which may be empty). Expires September 17, 1998 Crawford [Page 12] Internet Draft Router Renumbering March 12, 1998 4.4.1. HMAC-MD5 When the key and algorithm associated with the KeyID indicate that HMAC-MD5 authentication is to be used, the AuthData is generated in accordance with RFC 2104 [HMAC]. Before generating the AuthData, all fields of the RR header and all the PCOs are filled in, except that the ICMPv6 checksum field is set to zero. AuthLen will be 16 and AuthOffset will be equal to the length in octets of the RR message, not including the AuthData, the IPv6 header or any extension headers, but including the ICMPv6 header. When checking the AuthData, the ICMPv6 checksum must be effectively set to zero. 4.4.2. IPSEC The KeyID value zero is reserved to indicate that no Authentication is done on the Router Renumbering message itself. An RR message with Key ID zero MUST have AuthLen equal to zero and AuthOffset equal to the total length of the ICMPv6/RR header plus the RR message body. Such a message MUST be authenticated at the IP layer [IPSEC]. 5. Message Processing Processing of received Router Renumbering Result messages is entirely implementation-defined. Processing of received Router Renumbering Command messages consists of three parts: header check, authentication check, and execution. 5.1. Header Check First, the existence and validity of the key indicated by the KeyID are checked. If KeyID and AuthLen are zero and the message was not authenticated by IP layer security, or if KeyID is not zero and does not indicate a valid key, or if the value of AuthLen is not correct for the indicated key, then the message MUST be discarded and SHOULD be logged to network management. Next, if the router is multi-sited, and the S flag is set and the destination address of the Command is appropriate for interfaces belonging to more than one site, but is not appropriate for the Expires September 17, 1998 Crawford [Page 13] Internet Draft Router Renumbering March 12, 1998 interface on which the Command was received, this is an error. If the R flag is set, return a Result message with the E flag set and no Match Reports. The Command message MUST be discarded and SHOULD be logged to network management. Next, the SequenceNumber is compared to the Recorded Sequence Number for the specified key. (If no messages have been received and accepted using this key, the Recorded Sequence Number is zero.) This comparison is done with the two numbers considered as unsigned integers, not as DNS-style serial numbers. If the SequenceNumber is less than the Recorded Sequence Number for the key, the message MUST be discarded and SHOULD be logged to network management. Finally, if the SequenceNumber in the message is greater than the Recorded Sequence Number or the T flag is not set, skip to the Authentication Check. Otherwise the SegmentNumber MUST now be checked. If a correctly authenticated message with the same KeyID, SequenceNumber and SegmentNumber has not already been processed, skip to the Authentication Check. Otherwise, this Command is a duplicate and not a Test Command. If the R flag is not set, the duplicate message MUST be discarded and SHOULD NOT be logged to network management. If R is set, an RR Result message with the P flag set MUST be sent to the source address of the Command. The body of that Result message MUST either be empty or be a saved copy of the Result message body generated by processing of the previous message with the same KeyID, SequenceNumber and SegmentNumber. After sending the Result message, the Command MUST be discarded without further processing. 5.2. Authentication Check The authentication check is performed over the RR message, without any IPv6 or extension headers. In the case of HMAC-MD5 it proceeds as described in [HMAC] and [MD5]. If the computed authentication value is not equal to the AuthData in the received packet, the authentication check fails. If the authentication check fails, the message MUST be discarded and SHOULD be logged to network management. If the authentication check passes, and the SequenceNumber is greater than the Recorded Sequence Number for the key, then the list of processed SegmentNumbers, if any, MUST be cleared and the Recorded Sequence Number MUST be updated to the value used in the current message, regardless of subsequent processing errors. At this point, if T is set and R is not set, the message MAY be Expires September 17, 1998 Crawford [Page 14] Internet Draft Router Renumbering March 12, 1998 discarded without further processing. 5.3. Execution For each applicable router interface, as determined by the A and S flags, the Prefix Control Operations in an RR Command message must be carried out in order of appearance. The relative order of PCO processing among different interfaces is not specified. If the T flag is set, create a copy of each interface's configuration on which to operate, because the results of processing a PCO may affect the processing of subsequent PCOs. Note that if all operations are performed on one interface before proceeding to another interface, only one interface-configuration copy will be required at a time. If the R flag is set in the RR header, begin constructing an RR Result message. The RR header is completely determined at this time except for the Checksum and AuthOffset. For each interface and for each Prefix Control Operation, each prefix configured on that interface is tested to determine whether it matches (as defined in section 3.1) the MatchPrefix of the PCO. The prefixes are tested in an arbitrary order. Any new prefix configured on an interface by the effect of a given PCO MUST NOT be tested against that PCO, but MUST be tested against any subsequent PCOs in the same RR Command message. Under a certain condition the addresses on an interface are also tested to see whether any of them matches the MatchPrefix. If and only if a configured prefix "P" does not match the MatchPrefix "M" but M does match P (this can happen only if M is longer than P), then those addresses on that interface which match P MUST be tested to determine whether any of them matches M. If any such address does match M, process the PCO as if P matched M, but when forming New Prefixes, if KeepLen is non-zero, bits are copied from the address. This special case allows a PCO to be easily targeted to a single specific interface in a network. If P does not match M, processing is finished for this combination of PCO, interface and prefix. Continue with another prefix on the same interface if there are any more prefixes which have not been tested against this PCO and were not created by the action of this PCO. If no such prefixes remain on the current interface, continue processing with the next PCO on the same interface, or with another interface. Expires September 17, 1998 Crawford [Page 15] Internet Draft Router Renumbering March 12, 1998 If P does match M, either directly or because a configured address which matches P also matches M, then P is the Matched Prefix. Perform the following steps. If the Command has the R flag set, add a Match Report to the Result message being constructed. If the OpCode is CHANGE, mark P for deletion from the current interface. If the OpCode is SET-GLOBAL, mark all global-scope prefixes on the current interface for deletion. If there are any Use-Prefix parts in the current PCO, form the New Prefixes. For each New Prefix which is already configured on the current interface, unmark that prefix for deletion and update the lifetimes and RA flags. For each New Prefix which is not already configured, add the prefix and, if appropriate, configure an address with that prefix. Delete any prefixes which are still marked for deletion, together with any addresses which match those prefixes but do not match any prefix which is not marked for deletion. After processing all the Prefix Control Operations on all the interfaces, an implementation MUST record the SegmentNumber of the packet in a list associated with the KeyID and SequenceNumber. If the Command has the R flag set, compute the AuthData and append it to the Result message, fill in the AuthOffset and Checksum and send the Result message. A copy of the Result message MAY be saved to be retransmitted in response to a duplicate Command. 6. Key Management As with all security methods using keys, it is necessary to change the RR Authentication Key on a regular basis. To provide RR functionality during key changes, implementations MUST be able to store and use more than one Authentication Key at the same time. The Authentication Keys SHOULD NOT be stored or transmitted using algorithms or protocols that have known flaws. Implementations MUST support the storage of more than one key at the same time, MUST associate a specific lifetime (start and end times) and a key identifier with each key, and MUST support manual key distribution (e.g., manual entry of the key, key lifetime, and key identifier on Expires September 17, 1998 Crawford [Page 16] Internet Draft Router Renumbering March 12, 1998 the router console). An infinite key lifetime SHOULD NOT be allowed. If infinite lifetimes are allowed, manual deletion of valid keys MUST be supported; otherwise manual deletion SHOULD be supported. The implementation MAY automatically delete expired keys. 7. Usage Examples This section sketches some sample applications of Router Renumbering. 7.1. Maintaining Global-Scope Prefixes A simple use of the Router Renumbering mechanism, and one which is expected to to be common, is the maintenance of a set of global prefixes with a subnet structure that matches that of the site's site-local address assignments. In the steady state this would serve to keep the Preferred and Valid lifetimes set to their desired values. During a renumbering transition, similar Command messages can add new prefixes and/or delete old ones. An outline of a suitable Command message follows. Fields not listed are presumed set to suitable values. This Command assumes all router interfaces to be maintained already have site-local [AARCH] addresses. IPv6 Header Next Header = 58 (ICMPv6) Source Address = (Management Station) Destination Address = FF05::2 (All Routers, site-local scope) ICMPv6/RR Header Type = 138 (Router Renumbering), Code = 0 (Command) Flags = 60 hex (R, A) AuthOffset = 32 N + 24 (assuming N global prefixes) First (and only) PCO: Match-Prefix Part OpCode = 3 (SET-GLOBAL) OpLength = 4 N + 3 (assuming N global prefixes) Ordinal = 0 (arbitrary) MatchLen = 10 MatchPrefix = FEC0::0 First Use-Prefix Part UseLen = 48 (Length of TLA ID + RES + NLA ID [AARCH]) Expires September 17, 1998 Crawford [Page 17] Internet Draft Router Renumbering March 12, 1998 KeepLen = 16 (Length of SLA (subnet) ID [AARCH]) FlagMask, RAFlags, Lifetimes, V & P flags -- as desired UsePrefix = First global /48 prefix . . . Nth Use-Prefix Part UseLen = 48 KeepLen = 16 FlagMask, RAFlags, Lifetimes, V & P flags -- as desired UsePrefix = Last global /48 prefix This will cause N global prefixes to be set (or updated) on each applicable interface. On each interface, the SLA ID (subnet) field of each global prefix will be copied from the existing site-local prefix. 7.2. Renumbering a Subnet A subnet can be gracefully renumbered by setting the valid and preferred timers on the old prefix to a short value and having them run down, while concurrently adding adding the new prefix. Later, the expired prefix is deleted. The first step is described by the following RR Command. IPv6 Header Next Header = 58 (ICMPv6) Source Address = (Management Station) Destination Address = FF05::2 (All Routers, site-local scope) ICMPv6/RR Header Type = 138 (Router Renumbering), Code = 0 (Command) Flags = 60 hex (R, A) AuthOffset = 88 First (and only) PCO: Match-Prefix Part OpCode = 2 (CHANGE) OpLength = 11 (reflects 2 Use-Prefix Parts) Ordinal = 0 (arbitrary) MatchLen = 64 MatchPrefix = Old /64 prefix First Use-Prefix Part UseLen = 0 Expires September 17, 1998 Crawford [Page 18] Internet Draft Router Renumbering March 12, 1998 KeepLen = 64 (this retains the old prefix value intact) FlagMask = 0, RAFlags = 0 Valid Lifetime = 28800 seconds (8 hours) Preferred Lifetime = 7200 seconds (2 hours) V flag = 1, P flag = 1 UsePrefix = 0::0 Second Use-Prefix Part UseLen = 64 KeepLen = 0 FlagMask = 0, RAFlags = 0 Lifetimes, V & P flags -- as desired UsePrefix = New /64 prefix The second step, deletion of the old prefix, can be done by an RR Command with the same Match-Prefix Part (except for an OpLength reduced from 11 to 3) and no Use-Prefix Parts. Any temptation to set KeepLen = 64 in the second Use-Prefix Part above should be resisted, as it would instruct the router to sidestep address configuration. 7.3. Key Changes Using a new authentication key while a previously used key is still valid can open the possibility of a replay attack. The processing rules as given in section 5 specify that routers keep track of the highest sequence number seen for each key, and that messages with that key and sequence number remain valid until either a higher sequence number is seen or the key expires. The difficulty arises when a new key is used to send a message which supersedes the last message sent with another still-valid key. That older message can still be replayed. This vulnerability can be avoided in practice by sending a "NO-OP" Command message with the old key and a valid new sequence number before using a newer key. This message will then become the only one which can be replayed with the old key. Examples of NO-OP messages are one which contains no Prefix Control Operations, or one with the T flag set. As with any other RR Command, the NO-OP SHOULD be repeated until it is confidently determined that all relevant routers have processed it. Clearly a management station must keep track of the highest sequence number it has used for each authentication key, at least to the extent of being able to generate a larger value when needed. A timestamp may make a good sequence number. Expires September 17, 1998 Crawford [Page 19] Internet Draft Router Renumbering March 12, 1998 8. Security Considerations The Router Renumbering mechanism proposed here is very powerful and prevention of spoofing it is important. Replay of old messages must be prevented, except in the narrow case of idempotent messages which are still valid at the time of replay. We believe the authentication mechanisms included in this specification achieve the necessary protections, so long as authentication keys are not compromised. Authentication keys must be as well protected as is any other access method that allows reconfiguration of a site's routers. Distribution of keys must not expose them or permit alteration, and key lifetimes must be limited. If the messages of several different protocols use the same authentication mechanism then it's possible for one authenticated message body to be grafted onto a different set of headers and cause at least some confusion, and possibly worse. One solution to this problem is never to use the same set of keys for two different protocols. 9. Acknowledgments This protocol was designed by Matt Crawford based on an idea of Robert Hinden and Geert Jan de Groot. Several other members of the IPNG Working Group contributed useful comments. Some of the key management text was borrowed from "RIP-2 MD5 Authentication." 10. References [AARCH] R. Hinden, S. Deering, "IP Version 6 Addressing Architecture", Currently draft-ietf-ipngwg-addr-arch-v2-06.txt. [HMAC] H. Krawczyk, M. Bellare, R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104. [ICMPV6] A. Conta, S. Deering, "Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6)", currently draft-ietf-ipngwg-icmp-v2-00.txt. [IPSEC] S. Kent, R. Atkinson, "Security Architecture for the Internet Expires September 17, 1998 Crawford [Page 20] Internet Draft Router Renumbering March 12, 1998 Protocol", currently draft-ietf-ipsec-arch-sec-03.txt. [IPV6] S. Deering, R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", currently draft-ietf-ipngwg-ipv6-spec-v2-01.txt. [KWORD] S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels," RFC 2119. [MD5] R. Rivest, "The MD5 Message-Digest Algorithm", RFC 1321. [ND] T. Narten, E. Nordmark, W. Simpson, "Neighbor Discovery for IP Version 6 (IPv6)", currently draft-ietf-ipngwg- discovery-v2-02.txt. [SAA] S. Thomson, T. Narten, "IPv6 Stateless Address Autoconfiguration", draft-ietf-ipngwg-addrconf-v2-02.txt. 11. Authors' Addresses Matt Crawford Robert M. Hinden Fermilab MS 368 Nokia PO Box 500 232 Java Drive Batavia, IL 60510 Sunnyvale, CA 94089 USA USA Phone: +1 630 840 3461 Phone: +1 408 990 2004 Email: crawdad@fnal.gov Email: hinden@ipsilon.com Expires September 17, 1998 Crawford [Page 21]