IPv6 maintenance Working Group(6man) Lin Luo Internet-Draft H3C Corporation Intended status: Standards Track Qianli Zhang Expires: December 30, 2019 Tsinghua University HaiHong Zhang H3C Corporation June 30, 2019 Enhanced IPv6 Stateless Address autoconfiguration draft-luo-6man-ipv6-ra-prefix-flag-00 Abstract This document specifies new flag in the format of a Prefix Information Option, IPv6 routers advertise the address refresh capability and address generation mechanism to IPv6 hosts. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on November 20, 2019. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Luo, et al. Expires December 30, 2019 [Page 1] Internet-Draft IPv6 RA Prefix Flag June 2019 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Specification of Requirements . . . . . . . . . . . . . . . . 2 3. Algorithm Specification . . . . . . . . . . . . . . . . . . . 3 3.1. Prefix Information Option . . . . . . . . . . . . . . . . 3 3.2. Router processing . . . . . . . . . . . . . . . . . . . 4 3.3. Host processing . . . . . . . . . . . . . . . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 6. Normative References . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 Luo, et al. Expires December 30, 2019 [Page 2] Internet-Draft IPv6 RA Prefix Flag June 2019 1. Introduction The IPv6 Neighbor Discovery (ND) Protocol [RFC4861] specifies router advertisement message contains Prefix Information Option, [RFC4862] specifies Stateless Address Autoconfiguration (SLAAC), On the other hand, Dynamic Host Configuration Protocol for IPv6 (DHCPv6) [RFC8415] is used when a site requires tighter control over exact address assignments. IPv6 hosts generate addresses composed of prefix advertised by router, an Interface Identifier(IID) in [RFC4291] typically embeds the link-layer address. In [RFC4941], the concept of a temporary address is proposed for privacy concerns, the host randomly generates a temporary identification and the temporary address is regenerated on a periodic basis. [RFC6724] recommends the host needs to prefer the temporary address above the public address. Various new forms of IIDs have been defined, including Cryptographically Generated Addresses (CGAs) [RFC4982] of Secure Neighbor Discovery (SEND) [RFC3971] and others. The security and privacy implications of different IPv6 IIDs are discussed, and [RFC8064] recommends semantically opaque address as the default scheme for generating IPv6 stable addresses with SLAAC. Otherwise, the mechanism of temporary address generation and address selection are widely used by most operating systems. This document specifies a new flag in the format of a Prefix Information Option, IPv6 routers advertise the address refresh capability and address generation mechanism to IPv6 hosts. Despite hosts choose any IIDs generation forms, according to address refresh capability, it is easy to perform extending lifetime of temporary address and public address. [RFC7136] specifies IIDs MUST be viewed as an opaque bit string by third parties, except in the local context, the address generation flag provides a mechanism in different kinds of application scenarios, such as authorized network and location service network. 2. Specification of Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Luo, et al. Expires December 30, 2019 [Page 3] Internet-Draft IPv6 RA Prefix Flag June 2019 3. Algorithm Specification In a local context, when hosts need authentication to access the network, most routers offer the capability of flow monitoring and quality of service based on host IPv6 address, stable address is required here. Instead of letting host freely generate an address, it is better to specify that the address time is forced to refresh. Furthermore, routers can choose the address generation mechanism to advertise, including CGA, stable and semantically opaque address, address based on location. 3.1. Prefix Information Option 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Prefix Length |L|A|R|T|Mode|Res| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Valid Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Preferred Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Prefix + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ This format represents the following changes over that originally specified for Neighbor Discovery [RFC4861] [RFC6275]: T 1-bit address time refresh flag. When set, indicates that the address generated by this prefix must be refreshed. Mode 3-bit unsigned integer indicating the address generation mode, the follow mode values are currently defined: 0 default addresses mode 1 [RFC7217] stable,opaque addresses mode 2 [RFC3972] CGA mode Reserved1 Reduced from a 5-bit field to a 1-bit field to Luo, et al. Expires December 30, 2019 [Page 4] Internet-Draft IPv6 RA Prefix Flag June 2019 account for the addition of the above bit. 3.2. Router Specification A router sends Router Advertisement messages periodically or in response to Router Solicitation. Prefix information Option specifies prefix and corresponding flags which is used for stateless address autoconfiguration. In each prefix information option: a) If the router does not specify the address refresh flag and generation mode , it must be set to 0. b) If the Autonomous flag is set to 0, the address refresh flag and generation mode should be set to 0. c) According to the network configuration, the address refresh flag or generation mode should be set to an appropriate value. 3.3. Host Specification Upon receipt of a valid Router Advertisement message: a) If the Autonomous flag is set to 0, the address refresh flag and address generation mode should be silently ignored. b) If the prefix is link-local prefix, the address refresh flag and address generation mode should be silently ignored. c) If the Prefix Information Option is valid to generate address: 1) The host must expand the time of address when the address refresh flag is set to 1. 2) The generate mode should be ignored if the host does not support. 3) The generation mode flag is set to 0, the address is generated by default. 4) Host should generate address as the mode described. 4. Security Considerations This document specifies a new flag in the format of a Prefix Information Option, IPv6 routers to advertise the address refresh capability and address generation mechanism to IPv6 hosts. The inclusion of additional bit fields provides extend information of Luo, et al. Expires December 30, 2019 [Page 5] Internet-Draft IPv6 RA Prefix Flag June 2019 network, it shares the security issues of NDP that are documented in [RFC4861]. It recommends the existed scheme for generating IPv6 address with SLAAC, such that the security and privacy issues of IIDs are mitigated. Luo, et al. Expires December 30, 2019 [Page 6] Internet-Draft IPv6 RA Prefix Flag June 2019 5. IANA Considerations This document does not include an IANA request. 6. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. . [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure Neighbor Discovery (SEND)", RFC 3971, March 2005. . [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)",RFC 3972, March 2005. . [RFC4291] R. Hinden, S. Deering, "IP Version 6 Addressing Architecture",RFC4291, DOI 10.17487/RFC4291, February 2006. . [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,September 2007. . [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, DOI 10.17487/RFC4862, September 2007. . [RFC4941] T. Narten, R. Draves, S. Krishnan, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6",RFC4941, DOI 10.17487/RFC4941, September 2007.. [RFC4982] M. Bagnulo, J. Arkko, "Support for Multiple Hash Algorithms in Cryptographically Generated Addresses (CGAs)",RFC4982, DOI 10.17487/RFC4982, July 2007. . [RFC6275] C. Perkins, D. Johnson, and J. Arkko, "Mobility Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, July 2011. . Luo, et al. Expires December 30, 2019 [Page 7] Internet-Draft IPv6 RA Prefix Flag June 2019 [RFC6724] D. Thaler, R. Draves, and A. Matsumoto, "Default Address Selection for Internet Protocol Version 6 (IPv6)", RFC6724, DOI 10.17487/RFC6724, September 2012. . [RFC7217] F. Gont, "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)",RFC7217, DOI 10.17487/RFC7217, April 2014. . [RFC8064] F. Gont, A. Cooper, D. Thaler, W. Liu, "Recommendation on Stable IPv6 Interface Identifiers",RFC8064, DOI 10.17487/RFC8064, February 2017. . [RFC8415] T. Mrugalski, M. Siodelski, B. Volz, A. Yourtchenko, M. Richardson, S. Jiang, T. Lemon, T. Winters, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 8415, November 2018. . Luo, et al. Expires December 30, 2019 [Page 8] Internet-Draft IPv6 RA Prefix Flag June 2019 Authors' Addresses Lin Luo H3c Corporation Hangzhou, P.R.China Email: extrall@h3c.com Haihong Zhang H3c Corporation Beijing, P.R.China Email: zhanghaihong.04355@h3c.com Qianli Zhang Tsinghua University Beijing, 100086 P.R.China EMail: zhang@cernet.edu.cn Luo, et al. Expires December 30, 2019 [Page 9]