draft-ietf-6man-addr-select-opt-03.txt   draft-ietf-6man-addr-select-opt-04.txt 
6man Working Group A. Matsumoto 6man Working Group A. Matsumoto
Internet-Draft T. Fujisaki Internet-Draft T. Fujisaki
Intended status: Standards Track J. Kato Intended status: Standards Track J. Kato
Expires: August 24, 2012 NTT Expires: January 17, 2013 NTT
T. Chown T. Chown
University of Southampton University of Southampton
February 21, 2012 July 16, 2012
Distributing Address Selection Policy using DHCPv6 Distributing Address Selection Policy using DHCPv6
draft-ietf-6man-addr-select-opt-03.txt draft-ietf-6man-addr-select-opt-04.txt
Abstract Abstract
RFC 3484 defines default address selection mechanisms for IPv6 that RFC 3484 defines default address selection mechanisms for IPv6 that
allow nodes to select appropriate address when faced with multiple allow nodes to select appropriate address when faced with multiple
source and/or destination addresses to choose between. The RFC 3484 source and/or destination addresses to choose between. The RFC 3484
allowed for the future definition of methods to administratively allowed for the future definition of methods to administratively
configure the address selection policy information. This document configure the address selection policy information. This document
defines a new DHCPv6 option for such configuration, allowing a site defines a new DHCPv6 option for such configuration, allowing a site
administrator to distribute address selection policy overriding the administrator to distribute address selection policy overriding the
default address selection policy table, and thus control the address default address selection parameters and policy table, and thus
selection behavior of nodes in their site. control the address selection behavior of nodes in their site.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 24, 2012. This Internet-Draft will expire on January 17, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 42 skipping to change at page 2, line 42
configuration. configuration.
Some problems have been identified with the default RFC 3484 address Some problems have been identified with the default RFC 3484 address
selection policy [RFC5220]. It is unlikely that any default policy selection policy [RFC5220]. It is unlikely that any default policy
will suit all scenarios, and thus mechanisms to control the source will suit all scenarios, and thus mechanisms to control the source
address selection policy will be necessary. Requirements for those address selection policy will be necessary. Requirements for those
mechanisms are described in [RFC5221], while solutions are discussed mechanisms are described in [RFC5221], while solutions are discussed
in [I-D.ietf-6man-addr-select-sol] and in [I-D.ietf-6man-addr-select-sol] and
[I-D.ietf-6man-addr-select-considerations]. Those documents have [I-D.ietf-6man-addr-select-considerations]. Those documents have
helped shape the improvements in the default address selection helped shape the improvements in the default address selection
algorithm [I-D.ietf-6man-rfc3484-revise] as well as the DHCPv6 option algorithm [I-D.ietf-6man-rfc3484bis] as well as the DHCPv6 option
defined in this specification. defined in this specification.
1.1. Conventions Used in This Document 1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
1.2. Terminology 1.2. Terminology
This document uses the terminology defined in [RFC2460] and the This document uses the terminology defined in [RFC2460] and the
DHCPv6 specification defined in [RFC3315] DHCPv6 specification defined in [RFC3315]
2. Address Selection Policy option 2. Address Selection options
The Address Selection Policy option provides the policy table for The Address Selection option provides the address selection policy
address selection rules as described in RFC 3484 and in table, and some other configuration parameters.
[I-D.ietf-6man-rfc3484-revise].
Each end node is expected to configure its policy table, as described A address selection option contains zero or more policy table
in RFC 3484, using the Address Selection Policy option as described options. Multiple policy table options in a Policy Table option
in the section below on processing the option. constitute a single policy table.
Multiple Address Selection Policy options MAY appear in a DHCPv6 The format of the Address Selection option is given below.
message. They constitute a single policy table.
The format of the Address Selection Policy option is given below. 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ADDRSEL | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved |A|P| |
+-+-+-+-+-+-+-+-+ POLICY TABLE OPTIONS |
| (variable length) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Address Selection option format
option-code: OPTION_ADDRSEL (TBD).
option-len: The total length of the Reserved field, A, P flags, and
POLICY TABLE OPITONS in octets.
Reserved: Reserved field. Server MUST set this value to zero and
client MUST ignore its content.
A: Automatic Row Addition flag. This flag toggles the Automatic
Row Addition flag at client hosts, which is described in the
section 2.1 in RFC 3484 revision [I-D.ietf-6man-rfc3484bis]. If
this flag is set to 1, it does not change client host behavior,
that is, a client MAY automatically add additional site-specific
rows to the policy table. If set to 0, the Automatic Row
Addition flag is disabled, and a client MAY NOT automatically
add rows to the policy table.
P: Privacy Preference flag. This flag toggles the Privacy
Preference flag at client hosts, which is described in the
section 5 in RFC 3484 revision [I-D.ietf-6man-rfc3484bis]. If
this flag is set to 1, it does not change client host behavior,
that is, a client SHOULD prefer temporary addresses. If set to
0, the Privacy Preference flag is disabled, and a client SHOULD
prefer public addresses.
POLICY TABLE OPTIONS: Zero or more Address Selection Policy Table
options described below.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_DASP | option-len | | OPTION_ADDRSEL_TABLE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| label | precedence | prefix-len | | | label | precedence | prefix-len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| | | |
| prefix (variable length) | | prefix (variable length) |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. DASP options . . Prefix Specific options .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Address Selection Policy option format Figure 2: Address Selection Policy Table option format
option-code: OPTION_DASP (TBD). option-code: OPTION_ADDRSEL_TABLE (TBD).
option-len: The total length of the label field, precedence field, option-len: The total length of the label field, precedence field,
prefix-len field, prefix field, and DASP options field in prefix-len field, prefix field, and DASP options field in
octets. octets.
label: An 8-bit unsigned integer; this value is used to make a label: An 8-bit unsigned integer; this value is used to make a
combination of source address prefixes and destination address combination of source address prefixes and destination address
prefixes. prefixes.
precedence: An 8-bit unsigned integer; this value is used for precedence: An 8-bit unsigned integer; this value is used for
skipping to change at page 4, line 21 skipping to change at page 5, line 14
prefix-len: An 8-bit unsigned integer; the number of leading bits in prefix-len: An 8-bit unsigned integer; the number of leading bits in
the prefix that are valid. The value ranges from 0 to 128. the prefix that are valid. The value ranges from 0 to 128.
prefix: A variable-length field containing an IP address or the prefix: A variable-length field containing an IP address or the
prefix of an IP address. An IPv4-mapped address [RFC4291] must prefix of an IP address. An IPv4-mapped address [RFC4291] must
be used to represent an IPv4 address as a prefix value. The be used to represent an IPv4 address as a prefix value. The
Prefix should be truncated on the byte boundary. So the length Prefix should be truncated on the byte boundary. So the length
of this field should be between 0 and 16 bytes. of this field should be between 0 and 16 bytes.
DASP options: Options specific to this particular Address Selection Prefix Specific options: Options specific to this particular Address
Policy option. This includes, but not limited to, zero or one Selection Policy option. This includes, but not limited to,
PREFIX_ZONE option that specify the zone index of the prefix in zero or one Zone Index option that specify the zone index of the
this option. prefix in this option.
The format of the Zone Index option is given below. The format of the Zone Index option is given below.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ZONE_INDEX | option-len | | OPTION_ADDRSEL_ZONE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| zone-index | | zone-index |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Zone Index option format Figure 3: Zone Index option format
option-code: OPTION_ZONE_INDEX (TBD). option-code: OPTION_ADDRSEL_ZONE (TBD).
option-len: 4. option-len: 4.
zone-index: The zone-index field is an 32-bit unsigned integer, and zone-index: The zone-index field is an 32-bit unsigned integer, and
used to specify the zone for scoped addresses. The zone-index used to specify the zone for scoped addresses. The zone-index
is defined in RFC 3493 [RFC3493] as 'scope ID'. is defined in RFC 3493 [RFC3493] as 'scope ID'.
3. Appearance of the Address Selection Policy option 3. Appearance of the Address Selection options
The Address Selection Policy option MUST NOT appear in any messages
other than the following ones: Solicit, Advertise, Request, Renew,
Rebind, Reconfigure, Information-Request, and Reply.
4. Processing the Address Selection Policy option The Address Selection options MUST NOT appear in any messages other
than the following ones: Solicit, Advertise, Request, Renew, Rebind,
Reconfigure, Information-Request, and Reply.
This section describes how to process received Address Selection 4. Processing the Policy Table option
Policy options at the DHCPv6 client.
When a host receives a DHCPv6 message that includes multiple Address This section describes how to process received Policy Table option at
Selection Policy options, they MUST be treated as a single policy the DHCPv6 client.
table.
This option's concept is to serve as a hint for a node about how to This option's concept is to serve as a hint for a node about how to
behave in the network. So, basically, it should be up to the node's behave in the network. So, basically, it should be up to the node's
administrator how to make use of or even ignore the received policy administrator how to deal with the received policy information in the
information. way described below.
4.1. Handling of the local policy table 4.1. Handling of the local policy table
RFC 3484 defines the default policy table. Also, a user is usually RFC 3484 defines the default policy table. Also, a user is usually
able to configure the policy table to satisfy his requirement. able to configure the policy table to satisfy his requirement.
The client node SHOULD provide the following choices: The client implementation SHOULD provide the following choices to the
user:
a) It receives distributed policy table, and replaces the existing a) It receives distributed policy table, and replaces the existing
policy tables with that. policy tables with that.
b) It preserves the default policy table, or manually configured b) It preserves the default policy table, or manually configured
policy. policy.
4.2. Handling of the stale policy table 4.2. Handling of the stale policy table
When the information from the DHCP server goes stale, the policy When the information from the DHCP server goes stale, the policy
received form the DHCP server should be removed and the default received form the DHCP server should be removed and the default
policy should be restored. policy should be restored.
The received information can be considered stale in several cases, The received information can be considered stale in several cases,
such as, when the interface goes down, the DHCP server does not such as, when the interface goes down, the DHCP server does not
respond for a certain amount of time, and the Information Refresh respond for a certain amount of time, and the Information Refresh
Time is expired. Time is expired.
4.3. Processing multiple received policy tables 4.3. Processing multiple received policies
The policy table is node-global information by its nature. So, the The policy table, and other parameters specified in this document are
node cannot use multiple received policy tables at the same time. In node-global information by its nature. So, the node cannot use
other words, once the received policy from one source is merged with multiple received policies at the same time. In other words, once
another source, the policy is more or less changed. The policy table the received policy from one source is merged with another source,
is defined as a whole, so the slightest addition/deletion from the the policy is more or less changed. The policy table is defined as a
policy table brings a change in semantics of the policy. whole, so the slightest addition/deletion from the policy table
brings a change in semantics of the policy.
It also should be noted that, when a node is single-homed and has It also should be noted that, when a node is single-homed and has
only one upstream line, adopting a received policy table does not only one upstream line, adopting a received policy table does not
degrade the security level. degrade the security level.
Under the above assumptions, we specify how to handle multiple Under the above assumptions, how to handle multiple received policies
received policy tables below. is specified below.
A node MAY use OPTION_DASP in any of the following two cases: A node MAY use Address Selection options in any of the following two
cases:
1: The address selection option is delivered across the only secure, 1: The Address Selection option is delivered across the only secure,
trusted channel. trusted channel.
2: The address selection option delivery is not secured, but the node 2: The Address Selection option delivery is not secured, but the node
is single-homed. is single-homed.
In other cases the node MUST NOT use OPTION_DASP unless the node is In other cases the node MUST NOT use Policy Table options unless the
specifically configured to do so. node is specifically configured to do so.
Discussion: The secure trusted channel does not necessarily mean a
prioritized route in the routing table. So, such a situation
could happen that the traffic goes through a non-secure, non-
trusted channel and the host follows the delivered policy from a
secure, truested channel. However, this policy is not for
optimization of traffic and resources at the local network and the
hosts, but for implementing the network policy to the hosts in the
network.
5. Implementation Considerations 5. Implementation Considerations
o The value 'label' is passed as an unsigned integer, but there is o The value 'label' is passed as an unsigned integer, but there is
no special meaning for the value, that is whether it is a large or no special meaning for the value, that is whether it is a large or
small number. It is used to select a preferred source address small number. It is used to select a preferred source address
prefix corresponding to a destination address prefix by matching prefix corresponding to a destination address prefix by matching
the same label value within the DHCP message. DHCPv6 clients need the same label value within the DHCP message. DHCPv6 clients need
to convert this label to a representation specified by each to convert this label to a representation specified by each
implementation (e.g., string). implementation (e.g., string).
skipping to change at page 7, line 26 skipping to change at page 8, line 26
Another threat is about privacy concern. As in the security Another threat is about privacy concern. As in the security
consideration section of RFC 3484, at least a part of, the address consideration section of RFC 3484, at least a part of, the address
selection policy stored in a host can be leaked by a packet from a selection policy stored in a host can be leaked by a packet from a
remote host. This issue will not be degraded regardless of the remote host. This issue will not be degraded regardless of the
introduction of this option, or regardless of whether the host is introduction of this option, or regardless of whether the host is
multihomed or not. multihomed or not.
7. IANA Considerations 7. IANA Considerations
IANA is requested to assign option codes to OPTION_DASP from the IANA is requested to assign option codes to OPTION_ADDRSEL ,
option-code space as defined in section "DHCPv6 Options" of RFC 3315. OPTION_ADDRSEL_TABLE, and OPTION_ADDRSEL_ZONE from the option-code
space as defined in section "DHCPv6 Options" of RFC 3315.
8. References 8. References
8.1. Normative References 8.1. Normative References
[I-D.ietf-6man-rfc3484bis]
Thaler, D., Draves, R., Matsumoto, A., and T. Chown,
"Default Address Selection for Internet Protocol version 6
(IPv6)", draft-ietf-6man-rfc3484bis-06 (work in progress),
June 2012.
[I-D.ietf-6man-stable-privacy-addresses]
Gont, F., "A method for Generating Stable Privacy-Enhanced
Addresses with IPv6 Stateless Address Autoconfiguration
(SLAAC)", draft-ietf-6man-stable-privacy-addresses-00
(work in progress), May 2012.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3484] Draves, R., "Default Address Selection for Internet [RFC3484] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003. Protocol version 6 (IPv6)", RFC 3484, February 2003.
skipping to change at page 8, line 11 skipping to change at page 9, line 23
Address Selection Policy Changes", Address Selection Policy Changes",
draft-ietf-6man-addr-select-considerations-04 (work in draft-ietf-6man-addr-select-considerations-04 (work in
progress), October 2011. progress), October 2011.
[I-D.ietf-6man-addr-select-sol] [I-D.ietf-6man-addr-select-sol]
Matsumoto, A., Fujisaki, T., and R. Hiromi, "Solution Matsumoto, A., Fujisaki, T., and R. Hiromi, "Solution
approaches for address-selection problems", approaches for address-selection problems",
draft-ietf-6man-addr-select-sol-03 (work in progress), draft-ietf-6man-addr-select-sol-03 (work in progress),
March 2010. March 2010.
[I-D.ietf-6man-rfc3484-revise]
Matsumoto, A., Kato, J., Fujisaki, T., and T. Chown,
"Update to RFC 3484 Default Address Selection for IPv6",
draft-ietf-6man-rfc3484-revise-05 (work in progress),
October 2011.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
[RFC3493] Gilligan, R., Thomson, S., Bound, J., McCann, J., and W. [RFC3493] Gilligan, R., Thomson, S., Bound, J., McCann, J., and W.
Stevens, "Basic Socket Interface Extensions for IPv6", Stevens, "Basic Socket Interface Extensions for IPv6",
RFC 3493, February 2003. RFC 3493, February 2003.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006. Architecture", RFC 4291, February 2006.
 End of changes. 35 change blocks. 
64 lines changed or deleted 116 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/