Network Working Group V. Manral Internet-Draft M. Dutta Expires: December 01, 2007 IP Infusion June 01, 2007 Detecting loops in the IPv6 Routing Header Type 0 draft-manral-ipv6-detecting-loops-rh-01 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on December 01, 2007. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract [RFC2460] defines an IPv6 extension header called "Routing Header", identified by a Next Header value of 43 in the immediately preceding header. A particular Routing Header subtype denoted as "Type 0" is Manral, et al. Expires December 01, 2007 [Page 1] Internet-Draft Routing Header Type0 Protection June 2007 also defined. Type 0 Routing Headers are referred to as "RH0" in this document. Use of RH0 has been shown to have unpleasant security implications. Many of these attacks are caused by loops in the routing header. This document lists checks which need to be done in the intermediate routers in order to prevent such routing loops in the Routing Header Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Table of Contents 1. Problem Statement . . . . . . . . . . . . . . . . . . . . . 3 2. Forwarding loop in IPV6 packet . . . . . . . . . . . . . . . 3 3. Preventing Forwarding loops . . . . . . . . . . . . . . . 3 3.1. Cases that get solved by the check . . . . . . . . . . 4 3.2. Cases which still remain even after the check . . . . 4 4. Additional checks required . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 8.1 Normative References . . . . . . . . . . . . . . . . . . 8 8.2 Informative References . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 9 Intellectual Property and Copyright Statements . . . . . . . 10 Manral, et al. Expires December 01, 2007 [Page 2] Internet-Draft Routing Header Type0 Protection June 2007 1. Problem Statement Potential problems with Routing Headers were identified in 2001 [I-D.savola-ipv6-rh-ha-security]. In 2002 a proposal was made to restrict Routing Header processing in hosts [I-D.savola-ipv6-rh-hosts]. In January 2006, further attacks to the routing header were identified, which were later included in the [I-D.ietf-v6ops-security-overview]. Many of the problems listed are caused by routing loops that can be caused by sending doctored packets. This document describes the checks that need to be added to the intermediate router, to prevent such checks and in turn prevent such attacks from happenning. Though there are drafts that are trying to obsolete the RH0, there are still some uses of the functionality, especially for management and debugging. The document can be used for the routing header or any such future header. 2. Forwarding loop in IPV6 packet This document defines a forwarding loop to have occured for an IPv6 packet, when a packet during any part of its journey from the source to ultimate destination travels through the same router twice. 3. Preventing Forwarding loops A simple check that needs to be done in order to prevent a forwarding loop is to see that a packet traverses the same router twice. IPV6 however does not have the concept of a router identifier for the dataplane. Besides there is no provision to add a router identifier to the existing routing header. A similar but more tedious way to get to the same solution is to check for the outgoing IP address when forwarding a packet. If the one of the routers interface address is there in the routing header, in the segments that have been traversed or are to be traversed by the IPV6 packet, this will signal a loop is being caused by the routing header. If such a packet is found, it is silently discarded, without any ICMP packet being sent. Manral, et al. Expires December 01, 2007 [Page 3] Internet-Draft Routing Header Type0 Protection June 2007 This check works perfectly for a strict source routed, routing header. However there are a few cases that can still escape when check and still can cause forwarding loops. 3.1. Cases that get solved by the check For all cases where there is a strict source route listed in the routing header, the check effectively checks routing loops and prevents such loops by dropping erroring packets. For loose source routes, for cases where a link address of the router where the loop occurs is listed in the routing header, the check suffices in catching all such loops. 3.2. Cases which still remain even after the check For loose source routes, for cases where a link address of the router where the loop occurs is not listed in the routing header, the check does not suffice in detecting all such loop packets. 4. Additional checks required Link local address should not exist in the routing header. The scope of the link local address is the link itself. Manral, et al. Expires December 01, 2007 [Page 4] Internet-Draft Routing Header Type0 Protection June 2007 5. IANA Considerations This document makes no request of IANA. Note to RFC Editor: this section may be removed on publication as an RFC. Manral, et al. Expires December 01, 2007 [Page 5] Internet-Draft Routing Header Type0 Protection June 2007 6. Security Considerations This draft outlines security issues arising from the use of routing header and checks to mitigate such attacks. No change other than a check in the routing header are proposed in this draft, and no new security requirements result from such proposals. Manral, et al. Expires December 01, 2007 [Page 6] Internet-Draft Routing Header Type0 Protection June 2007 7. Acknowledgements A large part of the text in the draft is included from the draft, by Joe Abley. Potential problems with Routing Headers were identified in 2001 [I-D.savola-ipv6-rh-ha-security]. In 2002 a proposal was made to restrict Routing Header processing in hosts [I-D.savola-ipv6-rh-hosts]. These efforts did not gain sufficient momentum to change the IPv6 specification, but resulted in the modification of the Mobile IPv6 specification to use the type 2 Routing Header instead of RH0 [RFC3775]. Routing Header issues were later documented in [I-D.ietf-v6ops-security-overview]. An eloquent and useful description of the operational security implications of RH0 was presented by Philippe Biondi and Arnaud Ebalard at the CanSecWest conference in Vancouver, 2007 [CanSecWest07]. This presentation resulted in widespread publicity for the risks associated with RH0. Manral, et al. Expires December 01, 2007 [Page 7] Internet-Draft Routing Header Type0 Protection June 2007 8. References 8.1 Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. 8.2 Informative References [CanSecWest07] BIONDI, P. and A. EBALARD, "IPv6 Routing Header Security", April 2007. http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf [I-D.ietf-v6ops-security-overview] Davies, E., "IPv6 Transition/Co-existence Security Considerations", draft-ietf-v6ops-security-overview-06 (work in progress), October 2006. [I-D.savola-ipv6-rh-ha-security] Savola, P., "Security of IPv6 Routing Header and Home Address Options", draft-savola-ipv6-rh-ha-security-02 (work in progress), March 2002. [I-D.savola-ipv6-rh-hosts] Savola, P., "Note about Routing Header Processing on IPv6 Hosts", draft-savola-ipv6-rh-hosts-00 (work in progress), February 2002. [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in IPv6", RFC 3775, June 2004. Manral, et al. Expires December 01, 2007 [Page 8] Internet-Draft Routing Header Type0 Protection June 2007 Contributors Address Authors' Addresses Vishwas Manral IP Infusion Almora, Uttarakhand India Phone: Fax: Email: vishwas@ipinfusion.com Manoj Dutta IPInfusion San Jose, CA USA Phone: Fax: Email: manoj@ipinfusion.com URI: Manral, et al. Expires December 01, 2007 [Page 9] Internet-Draft Routing Header Type0 Protection June 2007 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Manral, et al. Expires December 01, 2007 [Page 10] Internet-Draft Routing Header Type0 Protection June 2007 Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- ipr@ietf.org. Manral, et al. Expires December 01, 2007 [Page 10]