Internet DRAFT - draft-arifumi-ipv6-rfc3484-revise

draft-arifumi-ipv6-rfc3484-revise






Network Working Group                                       A. Matsumoto
Internet-Draft                                               T. Fujisaki
Intended status: Standards Track                                     NTT
Expires: August 5, 2007                                         Feb 2007


             Things To Be Considered for RFC 3484 Revision
                draft-arifumi-ipv6-rfc3484-revise-00.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on August 5, 2007.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   RFC 3484 has several known descriptions to be modified mainly because
   of the deprecation of IPv6 site-local unicast address and the coming
   of ULA.  This document covers these essential points to be modified
   and also possible useful changes to be included in the revision of
   RFC 3484.






Matsumoto & Fujisaki     Expires August 5, 2007                 [Page 1]

Internet-Draft               RFC3484 Revise                     Feb 2007


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
     1.1.  Problem Example . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Proposed Changes to RFC 3484  . . . . . . . . . . . . . . . . . 4
     2.1.  To remove site-local unicast address  . . . . . . . . . . . 4
     2.2.  To change default policy table  . . . . . . . . . . . . . . 4
     2.3.  To add ULA related considerations . . . . . . . . . . . . . 5
     2.4.  To make address type dependent control possible . . . . . . 5
   3.  Security Considerations . . . . . . . . . . . . . . . . . . . . 6
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 6
     5.1.  Normative References  . . . . . . . . . . . . . . . . . . . 6
     5.2.  Informative References  . . . . . . . . . . . . . . . . . . 6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 6
   Intellectual Property and Copyright Statements  . . . . . . . . . . 8



































Matsumoto & Fujisaki     Expires August 5, 2007                 [Page 2]

Internet-Draft               RFC3484 Revise                     Feb 2007


1.  Introduction

   RFC 3484 [RFC3484] defines default address selection rules for IPv6
   and partly for IPv4.  Because of the deprecation of IPv6 site-local
   unicast address and the coming of ULA, [RFC4193] these rules in RFC
   3484 are known to cause serious communication failure problems.

1.1.  Problem Example

   When an enterprise has IPv4 Internet connectivity but does not yet
   have IPv6 Internet connectivity, and the enterprise wants to provide
   site-local IPv6 connectivity, ULA is the best choice for site-local
   IPv6 connectivity.  Each employee host will have both an IPv4 global
   or private address and a ULA.  Here, when this host tries to connect
   to Host-C that has registered both A and AAAA records in the DNS, the
   host will choose AAAA as the destination address and ULA for the
   source address.  This will clearly result in a connection failure.

                           +--------+
                           | Host-C | AAAA = 2001:db8::80
                           +-----+--+ A    = 192.47.163.1
                                 |
                        ============
                        | Internet |
                        ============
                             |  no IPv6 connectivity
                        +----+----+
                        | Gateway |
                        +----+----+
                             |
                             | fd01:2:3::/48 (ULA)
                             | 192.0.2.0/24
                            ++--------+
                            | Router  |
                            +----+----+
                                 |  fd01:2:3:4::/64 (ULA)
                                 |  192.0.2.240/28
                       ------+---+----------
                             |
                           +-+----+ fd01:2:3:4::100 (ULA)
                           | Host | 192.0.2.245
                           +------+

                                [Fig. 1]

   This problem can be solved by adding one entry to the default policy
   table.  The changed table looks like this.




Matsumoto & Fujisaki     Expires August 5, 2007                 [Page 3]

Internet-Draft               RFC3484 Revise                     Feb 2007


           Prefix                         Pref   Label
           ::1/128                        50     0
           ::/0                           40     1
           2002::/16                      30     2
           fc00::/7                       35     5   (added for ULA)
           ::/96                          20     3
           ::ffff:0:0/96                  10     4

   This problem was mentioned at ipv6 mailing lists by Pekka Savola.


2.  Proposed Changes to RFC 3484

2.1.  To remove site-local unicast address

   RFC3484 contains a few "site-local unicast" and "fec::" description.
   It's better to remove examples related to site-local unicast address,
   or change examples to use ULA.  Possible points to be re-written are
   below.
      - 2nd paragraph in Section 3.1 describes scope comparison
      mechanism.
      - Section 10 contains examples for site-local address.

2.2.  To change default policy table

   The default rule today is:

         Prefix        Precedence Label
         ::1/128               50     0
         ::/0                  40     1
         2002::/16             30     2
         ::/96                 20     3
         ::ffff:0:0/96         10     4

   The changes we should consider for the default policy table are,
      - IPv4-compatible IPv6 address is deprecated.  [RFC4291] (However,
      should we keep this entry for the sake of backward compatibility
      ?)
      - Teredo [RFC4380] is defined and has 2001::/32.  Teredo's
      priority should be less or equal to 6to4, considering its
      characteristic of tunnel mechanism.  About Windows, this point is
      already in the implementation.
      - ULA should have less precedence than Global IPv6 unicast
      address.  As described in Section 1.1, ULA is a possible cause of
      connection failure.  Things will worsen as IPv6 deployment
      proceeds and more FQDNs have both A and AAAA records.

   When we apply these changes, the default policy table looks like



Matsumoto & Fujisaki     Expires August 5, 2007                 [Page 4]

Internet-Draft               RFC3484 Revise                     Feb 2007


   this.

         Prefix        Precedence Label
         ::1/128               50     0
         ::/0                  40     1
         2002::/16             30     2
         fc00::/7              20     3   (For ULA)
         ::ffff:0:0/96         10     4
         2001::/32              5     5   (For Teredo)

   Teredo has the worst precedence.  This means that, for IPv4-IPv6
   dual-stack host, Teredo address will be used only when the
   destination host has an IPv6 address only.

   ULA has its own label and higher precedence than IPv4 address.  This
   means ULA will be used when the destination host also uses ULA.  If a
   host has a ULA and a IPv4 address, the host will not use ULA when
   connecting to a dual-stack host in the Internet.

2.3.  To add ULA related considerations

   For example, we have to pay attention to source address selection for
   a multicast packet.  By default, ULA will be chosen for a multicast
   packet of any scope.

   This issue cannot be solved by changing a RFC 3484 rule.  THis is
   because, multicast and unicast have different sets of scope and it is
   site-dependent which unicast address scope is appropriate for the
   site's multicast scope.

2.4.  To make address type dependent control possible

   It is hard to define default preferences for these address types, RA-
   based, DHCP-based, manual-based, and privacy extention address,
   because the appropriate preference value depends on the usage of
   these addresses, but not on address types themselves.  It is the
   policy table where you can control host's address selection behavior.

   For example, You can set priority on RFC 3041 [RFC3041] address by
   putting a line in policy table specifying RFC 3041 address by 128-bit
   prefixlen and continuing to update policy table according to RFC 3041
   address re-generation.  But, this is surely troublesome for users and
   implementers.

   One idea is to update RFC 3484 policy table definition so that it can
   handle meta addresses like privacy, DHCPv6 generated, RA generated,
   manually generated (and even Home Address ?)




Matsumoto & Fujisaki     Expires August 5, 2007                 [Page 5]

Internet-Draft               RFC3484 Revise                     Feb 2007


   To prefer privacy address by default, and to prefer RA-generated
   address for site internal, the policy table will look like this.

           Prefix                         Pref   Label
           2001:db8:1234::(PRIVACY)/128   30     2
           ::/0                           10     2
           2001:db8:1234::(RA):/128       30     1
           2001:db8::/48                  20     1


3.  Security Considerations

   No security risk is found that degrades RFC 3484.


4.  IANA Considerations

   Address type number for the policy table may have to be assigned by
   IANA.


5.  References

5.1.  Normative References

   [RFC3484]  Draves, R., "Default Address Selection for Internet
              Protocol version 6 (IPv6)", RFC 3484, February 2003.

   [RFC4193]  Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
              Addresses", RFC 4193, October 2005.

5.2.  Informative References

   [RFC3041]  Narten, T. and R. Draves, "Privacy Extensions for
              Stateless Address Autoconfiguration in IPv6", RFC 3041,
              January 2001.

   [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing
              Architecture", RFC 4291, February 2006.

   [RFC4380]  Huitema, C., "Teredo: Tunneling IPv6 over UDP through
              Network Address Translations (NATs)", RFC 4380,
              February 2006.








Matsumoto & Fujisaki     Expires August 5, 2007                 [Page 6]

Internet-Draft               RFC3484 Revise                     Feb 2007


Authors' Addresses

   Arifumi Matsumoto
   NTT PF Lab
   Midori-Cho 3-9-11
   Musashino-shi, Tokyo  180-8585
   Japan

   Phone: +81 422 59 3334
   Email: arifumi@nttv6.net


   Tomohiro Fujisaki
   NTT PF Lab
   Midori-Cho 3-9-11
   Musashino-shi, Tokyo  180-8585
   Japan

   Phone: +81 422 59 7351
   Email: fujisaki@syce.net































Matsumoto & Fujisaki     Expires August 5, 2007                 [Page 7]

Internet-Draft               RFC3484 Revise                     Feb 2007


Full Copyright Statement

   Copyright (C) The IETF Trust (2007).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Acknowledgment

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).





Matsumoto & Fujisaki     Expires August 5, 2007                 [Page 8]