draft-ietf-6man-addr-select-opt-10.txt   draft-ietf-6man-addr-select-opt-11.txt 
6man Working Group A.M. Matsumoto 6man Working Group A. Matsumoto
Internet-Draft T.F. Fujisaki Internet-Draft T. Fujisaki
Intended status: Standards Track NTT Intended status: Standards Track NTT
Expires: November 01, 2013 T.C. Chown Expires: February 08, 2014 T. Chown
University of Southampton University of Southampton
April 30, 2013 August 07, 2013
Distributing Address Selection Policy using DHCPv6 Distributing Address Selection Policy using DHCPv6
draft-ietf-6man-addr-select-opt-10.txt draft-ietf-6man-addr-select-opt-11.txt
Abstract Abstract
RFC 6724 defines default address selection mechanisms for IPv6 that RFC 6724 defines default address selection mechanisms for IPv6 that
allow nodes to select an appropriate address when faced with multiple allow nodes to select an appropriate address when faced with multiple
source and/or destination addresses to choose between. The RFC 6724 source and/or destination addresses to choose between. RFC 6724
allowed for the future definition of methods to administratively allows for the future definition of methods to administratively
configure the address selection policy information. This document configure the address selection policy information. This document
defines a new DHCPv6 option for such configuration, allowing a site defines a new DHCPv6 option for such configuration, allowing a site
administrator to distribute address selection policy overriding the administrator to distribute address selection policy overriding the
default address selection parameters and policy table, and thus default address selection parameters and policy table, and thus to
control the address selection behavior of nodes in their site. control the address selection behavior of nodes in their site.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 01, 2013. This Internet-Draft will expire on February 08, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 25 skipping to change at page 2, line 25
modifications of such material outside the IETF Standards Process. modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
1. Introduction 1. Introduction
RFC 3484 [RFC3484] describes default algorithms for selecting an [RFC6724] describes default algorithms for selecting an address when
address when a node has multiple destination and/or source addresses a node has multiple destination and/or source addresses to choose
to choose from by using an address selection policy. In Section 2 of from by using an address selection policy. In Section 2 of RFC 6724,
RFC 6724, it is suggested that the default policy table may be it is suggested that the default policy table may be administratively
administratively configured to suit the specific needs of a site. configured to suit the specific needs of a site. This specification
This specification defines a new DHCPv6 option for such defines a new DHCPv6 option for such configuration.
configuration.
Some problems have been identified with the default RFC 3484 address Some problems were identified with the default address selection
selection policy [RFC5220]. It is unlikely that any default policy policy as originally defined in [RFC3484]. As a result, RFC 3484 was
will suit all scenarios, and thus mechanisms to control the source updated and obsoleted by [RFC6724]. While this update corrected a
address selection policy will be necessary. Requirements for those number of issues identifed from operational experience, it is
mechanisms are described in [RFC5221], while solutions are discussed unlikely that any default policy will suit all scenarios, and thus
in [I-D.ietf-6man-addr-select-considerations]. Those documents have mechanisms to control the source address selection policy will be
necessary. Requirements for those mechanisms are described in
[RFC5221], while solutions are discussed in
[I-D.ietf-6man-addr-select-considerations]. Those documents have
helped shape the improvements in the default address selection helped shape the improvements in the default address selection
algorithm [RFC6724] as well as the DHCPv6 option defined in this algorithm in [RFC6724] as well as the requirements for the DHCPv6
specification. option defined in this specification.
1.1. Conventions Used in This Document 1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
1.2. Terminology 1.2. Terminology
This document uses the terminology defined in [RFC2460] and the This document uses the terminology defined in [RFC2460] and the
DHCPv6 specification defined in [RFC3315] DHCPv6 specification defined in [RFC3315]
2. Address Selection options 2. Address Selection options
The Address Selection option provides the address selection policy The Address Selection option provides the address selection policy
table, and some other configuration parameters. table, and some other configuration parameters.
An Address Selection option contains zero or more policy table An Address Selection option contains zero or more policy table
options. Multiple Policy Table options in an Address Selection options. Multiple policy table options in an Address Selection
option constitute a single policy table. When it does not contain option constitute a single policy table. When an Address Selection
policy table option, it is used to convey the A and P flags. option does not contain a policy table option, it may be used to just
convey the A and P flags.
The format of the Address Selection option is given below. The format of the Address Selection option is given below.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ADDRSEL | option-len | | OPTION_ADDRSEL | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved |A|P| | | Reserved |A|P| |
+-+-+-+-+-+-+-+-+ POLICY TABLE OPTIONS | +-+-+-+-+-+-+-+-+ POLICY TABLE OPTIONS |
skipping to change at page 3, line 37 skipping to change at page 3, line 41
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Address Selection option format Figure 1: Address Selection option format
option-code: OPTION_ADDRSEL (TBD). option-code: OPTION_ADDRSEL (TBD).
option-len: The total length of the Reserved field, A, P flags, and option-len: The total length of the Reserved field, A, P flags, and
POLICY TABLE OPTIONS in octets. POLICY TABLE OPTIONS in octets.
Reserved: Reserved field. Server MUST set this value to zero and Reserved: Reserved field. The server MUST set this value to zero
client MUST ignore its content. and the client MUST ignore its content.
A: Automatic Row Addition flag. This flag toggles the Automatic A: Automatic Row Addition flag. This flag toggles the Automatic
Row Addition flag at client hosts, which is described in the Row Addition flag at client hosts, which is described in section
section 2.1 in RFC 6724 [RFC6724]. If this flag is set to 1, it 2.1 of [RFC6724]. If this flag is set to 1, it does not change
does not change client host behavior, that is, a client MAY client host behavior, that is, a client MAY automatically add
automatically add additional site-specific rows to the policy additional site-specific rows to the policy table. If set to 0,
table. If set to 0, the Automatic Row Addition flag is the Automatic Row Addition flag is disabled, and a client SHOULD
disabled, and a client SHOULD NOT automatically add rows to the NOT automatically add rows to the policy table. If the option
policy table. contains a POLICY TABLE option, this flag is meaningless, and
automatic row addition SHOULD NOT be performed against the
distributed policy table.
P: Privacy Preference flag. This flag toggles the Privacy P: Privacy Preference flag. This flag toggles the Privacy
Preference flag at client hosts, which is described in the Preference flag on client hosts, which is described in section 5
section 5 in RFC 6724 [RFC6724]. If this flag is set to 1, it of [RFC6724]. If this flag is set to 1, it does not change
does not change client host behavior, that is, a client will client host behavior, that is, a client will prefer temporary
prefer temporary addresses. If set to 0, the Privacy Preference addresses [RFC4941]. If set to 0, the Privacy Preference flag
flag is disabled, and a client will prefer public addresses. is disabled, and a client will prefer public addresses.
POLICY TABLE OPTIONS: Zero or more Address Selection Policy Table POLICY TABLE OPTIONS: Zero or more Address Selection Policy Table
options described below. This option corresponds to a row in options, as described below. This option corresponds to a row
the policy table defined in the section 2.1 in RFC 6724 in the policy table defined in section 2.1 of [RFC6724].
[RFC6724].
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_ADDRSEL_TABLE | option-len | | OPTION_ADDRSEL_TABLE | option-len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| label | precedence | prefix-len | | | label | precedence | prefix-len | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| | | |
| prefix (variable length) | | prefix (variable length) |
skipping to change at page 5, line 7 skipping to change at page 4, line 43
Figure 2: Address Selection Policy Table option format Figure 2: Address Selection Policy Table option format
option-code: OPTION_ADDRSEL_TABLE (TBD). option-code: OPTION_ADDRSEL_TABLE (TBD).
option-len: The total length of the label field, precedence field, option-len: The total length of the label field, precedence field,
prefix-len field, and prefix field. prefix-len field, and prefix field.
label: An 8-bit unsigned integer; this value is for correlation of label: An 8-bit unsigned integer; this value is for correlation of
source address prefixes and destination address prefixes. This source address prefixes and destination address prefixes. This
field is used to deliver a label value in RFC 6724 policy table. field is used to deliver a label value in the [RFC6724] policy
table.
precedence: An 8-bit unsigned integer; this value is used for precedence: An 8-bit unsigned integer; this value is used for
sorting destination addresses. This field is used to to deliver sorting destination addresses. This field is used to to deliver
a precedence value in RFC 6724 policy table. a precedence value in [RFC6724] policy table.
prefix-len: An 8-bit unsigned integer; the number of leading bits in prefix-len: An 8-bit unsigned integer; the number of leading bits in
the prefix that are valid. The value ranges from 0 to 128. the prefix that are valid. The value ranges from 0 to 128.
prefix: A variable-length field containing an IP address or the prefix: A variable-length field containing an IP address or the
prefix of an IP address. An IPv4-mapped address [RFC4291] must prefix of an IP address. An IPv4-mapped address [RFC4291] must
be used to represent an IPv4 address as a prefix value. This be used to represent an IPv4 address as a prefix value. This
field is padded with zeros up to the nearest octet boundary when field is padded with zeros up to the nearest octet boundary when
prefix6-len is not divisible by 8. This can be expressed using prefix-len is not divisible by 8. This can be expressed using
the following equation: (prefix-len+7)/8 So the length of this the following equation: (prefix-len + 7)/8 So the length of this
field should be between 0 and 16 bytes. For example, the prefix field should be between 0 and 16 bytes. For example, the prefix
2001:db8::/60 would be encoded with an prefix-len of 60, the 2001:db8::/60 would be encoded with an prefix-len of 60, the
prefix would be 8 octets and would contains octets 20 01 0d b8 prefix would be 8 octets and would contains octets 20 01 0d b8
00 00 00 00. 00 00 00 00.
3. Processing the Policy Table option 3. Processing the Address Selection option
This section describes how to process received Policy Table option at This section describes how to process a received Address Selection
the DHCPv6 client. option at the DHCPv6 client.
This option's concept is to serve as a hint for a node about how to This option's concept is to serve as a hint for a node about how to
behave in the network. Ultimately, it can be controlled by the behave in the network. Ultimately, while the node's administrator
node's administrator how to deal with the received policy can control how to deal with the received policy information, the
information, but the implementation SHOULD follow the way described implementation SHOULD follow the method described below uniformly, to
below uniformly to ease diagnose brokenness and to reduce operational ease troubleshooting and to reduce operational costs.
costs.
3.1. Handling of the local policy table 3.1. Handling local configurations
RFC 6724 defines the default policy table. Also, users are usually [RFC6724] defines two flags (A, P) and the default policy table.
able to configure the policy table to satisfy their own requirements. Also, users are usually able to configure the flags and the policy
table to satisfy their own requirements.
The client implementation SHOULD provide the following choices to the The client implementation SHOULD provide the following choices to the
user. The choice a SHOULD be default, as far as the policy table is user.
not configured by the user.
a) replace the existing active policy table with the DHCPv6 (a) replace the existing flags and active policy table with the
distributed policy table. DHCPv6 distributed flags and policy table.
b) preserve the existing active policy table, whether this be the (b) preserve the existing flags and active policy table, whether
default policy table, or user configured policy. this be the default policy table, or user configured policy.
3.2. Handling of the stale policy table Choice (a) SHOULD be the default, i.e. that the policy table is not
explictly configured by the user.
3.2. Handling stale policy tables
When the information from the DHCP server goes stale, the policy When the information from the DHCP server goes stale, the policy
received form the DHCP server SHOULD be deprecated. received from the DHCP server SHOULD be deprecated.
The received information can be considered stale in several cases, The received information can be considered stale in several cases,
such as, when the interface goes down, the DHCP server does not e.g., when the interface goes down, the DHCP server does not respond
respond for a certain amount of time, and the Information Refresh for a certain amount of time, and the Information Refresh Time is
Time is expired. expired.
3.3. Multi-interface situation 3.3. Handling multiple interfaces
The policy table, and other parameters specified in this document are The policy table, and other parameters specified in this document,
node-global information by their nature. One reason being that the are node-global information by their nature. One reason being that
outbound interface is usually chosen after destination address the outbound interface is usually chosen after destination address
selection. So, a host cannot make use of multiple address selection selection. So a host cannot make use of multiple address selection
policies even if they are stored per interface. policies even if they are stored per interface.
Even if the received policy from one source is merged with one from
another source, the effect of both policy are more or less changed.
The policy table is defined as a whole, so the slightest addition/ The policy table is defined as a whole, so the slightest addition/
deletion from the policy table brings a change in semantics of the deletion from the policy table brings a change in the semantics of
policy. the policy.
It also should be noted that absence of the distributed policy from a It also should be noted that the absence of a DHCP-distributed policy
certain network interface should not be treated as absence of policy from a certain network interface should not infer that the network
itself, because it may mean preference for the default address administrator does not care about address selection policy at all,
selection policy. because it may mean there is a preference to use the default address
selection policy. So, it should be safe to assume that the default
address selection policy should be used where no overriding policy is
provided.
Under the above assumptions, how to handle received policy is Under the above assumptions, we can specify how to handle received
specified below. policy as follows.
A node SHOULD use Address Selection options by default in any of the In the absence of distributed policy for a certain network interface,
following two cases: the default address selection policy SHOULD be used. A node should
use Address Selection options by default in any of the following two
cases:
1: The host is single-homed, where the host belongs to one 1: A single-homed host SHOULD use default address selection options,
administrative network domain exclusively usually through one where the host belongs exclusively to one administrative network
active network interface. domain, usually through one active network interface.
2: The host implements some advanced heuristics to deal with multiple 2: Hosts that use advanced heuristics to deal with multiple received
received policy, which is outside the scope of this document. policies that are defined outside the scope of this document
SHOULD use Address Selection options.
The above restrictions do not preclude implementations from providing Implementations MAY provide configuration options to enable this
configuration options to enable this option on a certain network protocol on a per interface basis.
interface.
Nor, they do not preclude implementations from storing distributed Implementations MAY store distributed address selection policies per
address selection policies per interface. They can be used interface. They can be used effectively on implementations that
effectively on such implementations that adopt per-application adopt per-application interface selection.
interface selection.
4. Implementation Considerations 4. Implementation Considerations
o The value 'label' is passed as an unsigned integer, but there is o The value 'label' is passed as an unsigned integer, but there is
no special meaning for the value, that is whether it is a large or no special meaning for the value, that is whether it is a large or
small number. It is used to select a preferred source address small number. It is used to select a preferred source address
prefix corresponding to a destination address prefix by matching prefix corresponding to a destination address prefix by matching
the same label value within the DHCP message. DHCPv6 clients the same label value within the DHCP message. DHCPv6 clients
SHOULD convert this label to a representation appropriate for the SHOULD convert this label to a representation appropriate for the
local implementation (e.g., string). local implementation (e.g., string).
o Currently, the label and precedence values are defined as 8-bit
unsigned integers. In almost all cases, this value will be
enough.
o The maximum number of address selection rules that may be conveyed o The maximum number of address selection rules that may be conveyed
in one DHCPv6 message depends on the prefix length of each rule in one DHCPv6 message depends on the prefix length of each rule
and the maximum DHCPv6 message size defined in RFC 3315. It is and the maximum DHCPv6 message size defined in [RFC3315]. It is
possible to carry over 3,000 rules in one DHCPv6 message (maximum possible to carry over 3,000 rules in one DHCPv6 message (maximum
UDP message size). However, it should not be expected that DHCP UDP message size). However, it should not be expected that DHCP
clients, servers and relay agents can handle UDP fragmentation. clients, servers and relay agents can handle UDP fragmentation.
Network adiministrators SHOULD consider local limitations to the Network adiministrators SHOULD consider local limitations to the
maximum DHCPv6 message size that can be reliably transported via maximum DHCPv6 message size that can be reliably transported via
their specific local infrastructure to end nodes; and therefore their specific local infrastructure to end nodes; and therefore
they SHOULD consider the number of options, the total size of the they SHOULD consider the number of options, the total size of the
options, and the resulting DHCPv6 message size, when defining options, and the resulting DHCPv6 message size, when defining
their Policy Table. their policy table.
5. Security Considerations 5. Security Considerations
A rogue DHCPv6 server could issue bogus address selection policies to A rogue DHCPv6 server could issue bogus address selection policies to
a client. This might lead to incorrect address selection by the a client. This might lead to incorrect address selection by the
client, and the affected packets might be blocked at an outgoing ISP client, and the affected packets might be blocked at an outgoing ISP
because of ingress filtering, incur additional network charges, or be because of ingress filtering, incur additional network charges, or be
misdirected to an attacker's machine. Alternatively, an IPv6 misdirected to an attacker's machine. Alternatively, an IPv6
transition mechanism might be preferred over native IPv6, even if it transition mechanism might be preferred over native IPv6, even if it
is available. To guard against such attacks, a legitimate DHCPv6 is available. To guard against such attacks, a legitimate DHCPv6
server should communicate through a secure, trusted channel, such as server should communicate through a secure, trusted channel, such as
a channel protected by IPsec, SEND and DHCP authentication, as a channel protected by IPsec, SEND and DHCP authentication, as
described in section 21 of RFC 3315, described in section 21 of [RFC3315]. A commonly used alternative
mitigation is to employ DHCP snooping at Layer 2.
Another threat is about privacy concern. As in the security Another threat surrounds the potential privacy concern as described
consideration section of RFC 6724, at least a part of, the address in the security considerations section of [RFC6724], whereby an
selection policy stored in a host can be leaked by a packet from a attacker can send packets with different source addresses to a
remote host. This issue will not be modified by the introduction of destination to solicit different source addresses in the responses
this option, regardless of whether the host is multihomed or not. from that destination. This issue will not be modified by the
introduction of this option, regardless of whether the host is
multihomed or not.
6. IANA Considerations 6. IANA Considerations
IANA is requested to assign option codes to OPTION_ADDRSEL and IANA is requested to assign option codes to OPTION_ADDRSEL and
OPTION_ADDRSEL_TABLE from the "DHCP Option Codes" registry (http:// OPTION_ADDRSEL_TABLE from the "DHCP Option Codes" registry (http://
www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xml). www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xml).
7. References 7. References
7.1. Normative References 7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3484] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003.
[RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown, [RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown,
"Default Address Selection for Internet Protocol Version 6 "Default Address Selection for Internet Protocol Version 6
(IPv6)", RFC 6724, September 2012. (IPv6)", RFC 6724, September 2012.
7.2. Informative References 7.2. Informative References
[I-D.ietf-6man-addr-select-considerations] [I-D.ietf-6man-addr-select-considerations]
Chown, T. and A. Matsumoto, "Considerations for IPv6 Chown, T. and A. Matsumoto, "Considerations for IPv6
Address Selection Policy Changes", draft-ietf-6man-addr- Address Selection Policy Changes", draft-ietf-6man-addr-
select-considerations-05 (work in progress), April 2013. select-considerations-05 (work in progress), April 2013.
[RFC2460] Deering, S.E. and R.M. Hinden, "Internet Protocol, Version [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
6 (IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
[RFC3493] Gilligan, R., Thomson, S., Bound, J., McCann, J., and W. [RFC3484] Draves, R., "Default Address Selection for Internet
Stevens, "Basic Socket Interface Extensions for IPv6", RFC Protocol version 6 (IPv6)", RFC 3484, February 2003.
3493, February 2003.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006. Architecture", RFC 4291, February 2006.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration in Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, September 2007. IPv6", RFC 4941, September 2007.
[RFC5220] Matsumoto, A., Fujisaki, T., Hiromi, R., and K. Kanayama, [RFC5220] Matsumoto, A., Fujisaki, T., Hiromi, R., and K. Kanayama,
"Problem Statement for Default Address Selection in Multi- "Problem Statement for Default Address Selection in Multi-
skipping to change at page 9, line 29 skipping to change at page 9, line 22
July 2008. July 2008.
Appendix A. Acknowledgements Appendix A. Acknowledgements
Authors would like to thank to Dave Thaler, Pekka Savola, Remi Denis- Authors would like to thank to Dave Thaler, Pekka Savola, Remi Denis-
Courmont, Francois-Xavier Le Bail, Ole Troan, Bob Hinden, Dmitry Courmont, Francois-Xavier Le Bail, Ole Troan, Bob Hinden, Dmitry
Anipko, Ray Hunter, Rui Paulo, Brian E Carpenter, Tom Petch, and the Anipko, Ray Hunter, Rui Paulo, Brian E Carpenter, Tom Petch, and the
members of 6man's address selection design team for their invaluable members of 6man's address selection design team for their invaluable
contributions to this document. contributions to this document.
Appendix B. Examples
[RFC5220] gives several cases where address selection problems
happen. This section contains some examples for solving those cases
by using the DHCP option defined in this text to update the hosts'
policy table in a network accordingly. There is also some discussion
of example policy tables in sections 10.3 to 10.7 of RFC 6724.
B.1. Ingress Filtering Problem
In the case described in section 2.1.2 of [RFC5220], the following
policy table should be distributed, when Router performs static
routing and directs the default route to ISP1 as per Figure 2. By
putting the same label value to all IPv6 addresses (::/0) and the
local subnet (2001:db8:1000:1::/64), a host picks a source address in
this subnet to send a packet via the default route.
Prefix Precedence Label
::1/128 50 0
::/0 40 1
2001:db8:1000:1::/64 45 1
2001:db8:8000:1::/64 45 14
::ffff:0:0/96 35 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
B.2. Half-Closed Network Problem
In the case described in section 2.1.3 of [RFC5220], the following
policy table should be distributed. By splitting the closed network
prefix (2001:db8:8000::/36) from all IPv6 addresses (::/0) and giving
different labels, the closed network prefix will only be used when
packets are destined for the closed network.
Prefix Precedence Label
::1/128 50 0
::/0 40 1
2001:db8:8000::/36 45 14
::ffff:0:0/96 35 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
B.3. IPv4 or IPv6 Prioritization
In the case described in section 2.2.1 of [RFC5220], the following
policy table should be distributed to prioritize IPv6. This case is
also described in [RFC6724]
Prefix Precedence Label
::1/128 50 0
::/0 40 1
::ffff:0:0/96 100 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
B.4. ULA or Global Prioritization
In the case described in section 2.2.3 of [RFC5220], the following
policy table should be distributed, or Automatic Row Addition flag
should be set to 1. By splitting the ULA in this site
(fc12:3456:789a::/48) from all IPv6 addresses (::/0) and giving it
higher precendence, the ULA will be used to connect to servers in the
same site.
Prefix Precedence Label
::1/128 50 0
fc12:3456:789a::/48 45 14
::/0 40 1
::ffff:0:0/96 35 4
2002::/16 30 2
2001::/32 5 5
fc00::/7 3 13
::/96 1 3
fec0::/10 1 11
3ffe::/16 1 12
Authors' Addresses Authors' Addresses
Arifumi Matsumoto Arifumi Matsumoto
NTT NT Lab NTT NT Lab
3-9-11 Midori-Cho 3-9-11 Midori-Cho
Musashino-shi, Tokyo 180-8585 Musashino-shi, Tokyo 180-8585
Japan Japan
Phone: +81 422 59 3334 Phone: +81 422 59 3334
Email: arifumi@nttv6.net Email: arifumi@nttv6.net
 End of changes. 50 change blocks. 
119 lines changed or deleted 212 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/