diff --git a/draft-nbourbaki-6man-classless-ipv6.txt b/draft-nbourbaki-6man-classless-ipv6.txt index 50cbcb3..fd714bf 100644 --- a/draft-nbourbaki-6man-classless-ipv6.txt +++ b/draft-nbourbaki-6man-classless-ipv6.txt @@ -4,8 +4,8 @@ Network Working Group N. Bourbaki Internet-Draft The Intertubes -Intended status: Standards Track April 19, 2017 -Expires: October 21, 2017 +Intended status: Standards Track April 2017 +Expires: October 3, 2017 IPv6 is Classless @@ -15,7 +15,7 @@ Abstract Over the history of IPv6, various classful address models have been proposed, particularly Top-Level Aggregation (TLA) and Next-Level - Aggregation(NLA) Identifiers. They have all proved to be mistakes. + Aggregation (NLA) Identifiers. They have all proved to be mistakes. The last remnant is a rigid boundary at /64. This document removes that rigidity as far as routing is concerned. @@ -34,7 +34,7 @@ Status of This Memo time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on October 21, 2017. + This Internet-Draft will expire on October 3, 2017. Copyright Notice @@ -53,7 +53,7 @@ Copyright Notice -Bourbaki Expires October 21, 2017 [Page 1] +Bourbaki Expires October 3, 2017 [Page 1] Internet-Draft IPv6 is Classless April 2017 @@ -64,15 +64,15 @@ Table of Contents 2. Suggested Reading . . . . . . . . . . . . . . . . . . . . . . 2 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. A simple Statement . . . . . . . . . . . . . . . . . . . . . 3 - 5. Notes and Recommendations . . . . . . . . . . . . . . . . . . 3 - 6. Security Considerations . . . . . . . . . . . . . . . . . . . 3 + 5. Recommendations . . . . . . . . . . . . . . . . . . . . . . . 3 + 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 8. Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 4 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 10.1. Normative References . . . . . . . . . . . . . . . . . . 4 - 10.2. Informative References . . . . . . . . . . . . . . . . . 4 - Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 + 10.2. Informative References . . . . . . . . . . . . . . . . . 5 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction @@ -92,24 +92,24 @@ Table of Contents arguments for operational flexibility in address allocation remain compelling. - It is also assumed that the reader understands IPv6, [RFC2460], IP - Version 6 Addressing Architecture, see [RFC4291], and the proposed - changes to [RFC4291], see [I-D.hinden-6man-rfc2464bis]. - - NOTE: do we mean 4291bis (currently moribund) or 2464bis? + It is also assumed that the reader understands IPv6 [RFC2460], the IP + Version 6 Addressing Architecture [RFC4291], the proposed changes to + RFC4291 [I-D.hinden-6man-rfc4291bis], and the recent recommendations + for the generation of stable Interface Identifiers [RFC8064]. An important recent development in IPv6 is that for host computers on local area networks, the way in which interface identifiers are formed is no longer bound to layer 2 addresses (MAC addresses) - [RFC7217]. We can therefore appreciate that their length, previously - fixed at 64 bits [RFC7136], is in fact a free parameter as stated in - [RFC4862]. + [RFC7217] [RFC8064]. We can therefore appreciate that their length, + previously fixed at 64 bits [RFC7136], is in fact a free parameter as + stated in [RFC4862]. -Bourbaki Expires October 21, 2017 [Page 2] + +Bourbaki Expires October 3, 2017 [Page 2] Internet-Draft IPv6 is Classless April 2017 @@ -118,9 +118,7 @@ Internet-Draft IPv6 is Classless April 2017 Some confusion has been caused by the IP Version 6 Addressing Architecture, [RFC4291], and the proposed changes in - [I-D.hinden-6man-rfc2464bis] with respect to allowed maximum prefix - lengths and the minimum host part (sometimes known as interface - identifier) on a link. + [I-D.hinden-6man-rfc4291bis] with respect to the minimum subnet size. Meanwhile, link prefixes of varied lengths, /127, /126, /124, /120, ... /64 have been successfully deployed for many years. Having the @@ -135,15 +133,15 @@ Internet-Draft IPv6 is Classless April 2017 or Using 127-Bit IPv6 Prefixes on Inter-Router Links [RFC6164] is in use. -5. Notes and Recommendations +5. Recommendations - For historical reasons, when a prefix is needed on a link, barring - other considerations, a /64 is traditional [RFC7136]. + For backwards compatibility, when a prefix is needed on a link, + barring other considerations, a /64 is RECOMENDED [RFC7136]. - The length of the prefix identifier in Stateless Address - AutoConfiguration, [RFC4862] is a parameter; its length needs to be + The length of the Interface Identifier in Stateless Address + AutoConfiguration [RFC4862] is a parameter; its length needs to be sufficient for effective randomization for privacy reasons. For - example, a /48 might be sufficient. But operationally we recommend, + example, a /48 might be sufficient. But operationally we RECOMMEND, barring strong considerations to the contrary, using 64-bits for SLAAC in order not to discover bugs where 64-bits was hard-coded, and to favor portability of devices and operating systems. @@ -152,24 +150,43 @@ Internet-Draft IPv6 is Classless April 2017 not operate with different interface identfier lengths on different physical interfaces. Thus a correct implementation of SLAAC must in fact allow for any length of prefix, with the value being - parameterised per interface. + parameterised per interface. For instance, the Interface Identifier + length in the recommended (see [RFC8064]) algorithm for selecting + stable interface identifiers [RFC7217] is a parameter, rather than a + hardcoded value. NOTE: should we comment on the fact that at least Linux and Windows seem to assume that the default prefix is /64 in the management CLI? -6. Security Considerations - - This document has no known security impact, assuming that user - devices use an unpredictable interface identifier [RFC7721] for - privacy. -Bourbaki Expires October 21, 2017 [Page 3] + + + + +Bourbaki Expires October 3, 2017 [Page 3] Internet-Draft IPv6 is Classless April 2017 +6. Security Considerations + + Assumming that nodes employ unpredictable interface identifiers + [RFC7721], the subnet size may have an impact on some security and + privacy properties of a network. Namely, the smaller the subnet + size, the more feasible it becomes to perform IPv6 address scans + [RFC7707] [RFC7721]. However, that for some specific subnets (such + as point to point links), this may be less of an issue. + + On the other hand, we assume that a number of IPv6 implementations + fail to enforce limits on the size of some of the data structures + they employ for communicating with neighboring nodes, such as the + Neighbor Cache. In such cases, the use of smaller subnets + essentially enforces an operational limit on such data structures, + thus helping mitigate some pathological behaviors (such as Neighbor + Cache Exhaustion attacks). + 7. IANA Considerations This document has no IANA Considerations. @@ -189,42 +206,12 @@ Internet-Draft IPv6 is Classless April 2017 10.1. Normative References [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 - (IPv6) Specification", RFC 2460, December 1998. + (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, + December 1998, . [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing - Architecture", RFC 4291, February 2006. - -10.2. Informative References - - [I-D.hinden-6man-rfc2464bis] - Crawford, M. and R. Hinden, "Transmission of IPv6 Packets - over Ethernet Networks", draft-hinden-6man-rfc2464bis-02 - (work in progress), March 2017. - - [RFC3587] Hinden, R., Deering, S., and E. Nordmark, "IPv6 Global - Unicast Address Format", RFC 3587, August 2003. - - [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing - (CIDR): The Internet Address Assignment and Aggregation - Plan", BCP 122, RFC 4632, August 2006. - - [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless - Address Autoconfiguration", RFC 4862, September 2007. - - [RFC6164] Kohno, M., Nitzan, B., Bush, R., Matsuzaki, Y., Colitti, - L., and T. Narten, "Using 127-Bit IPv6 Prefixes on Inter- - Router Links", RFC 6164, April 2011. - - [RFC7136] Carpenter, B. and S. Jiang, "Significance of IPv6 - Interface Identifiers", RFC 7136, DOI 10.17487/RFC7136, - February 2014, . - - - -Bourbaki Expires October 21, 2017 [Page 4] - -Internet-Draft IPv6 is Classless April 2017 - + Architecture", RFC 4291, DOI 10.17487/RFC4291, February + 2006, . [RFC7217] Gont, F., "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address @@ -232,11 +219,69 @@ Internet-Draft IPv6 is Classless April 2017 DOI 10.17487/RFC7217, April 2014, . + + +Bourbaki Expires October 3, 2017 [Page 4] + +Internet-Draft IPv6 is Classless April 2017 + + + [RFC8064] Gont, F., Cooper, A., Thaler, D., and W. Liu, + "Recommendation on Stable IPv6 Interface Identifiers", + RFC 8064, DOI 10.17487/RFC8064, February 2017, + . + +10.2. Informative References + + [I-D.hinden-6man-rfc4291bis] + Hinden, B. and S. Deering, "IP Version 6 Addressing + Architecture", draft-hinden-6man-rfc4291bis-06 (work in + progress), October 2015. + + [RFC3587] Hinden, R., Deering, S., and E. Nordmark, "IPv6 Global + Unicast Address Format", RFC 3587, DOI 10.17487/RFC3587, + August 2003, . + + [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing + (CIDR): The Internet Address Assignment and Aggregation + Plan", BCP 122, RFC 4632, DOI 10.17487/RFC4632, August + 2006, . + + [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless + Address Autoconfiguration", RFC 4862, + DOI 10.17487/RFC4862, September 2007, + . + + [RFC6164] Kohno, M., Nitzan, B., Bush, R., Matsuzaki, Y., Colitti, + L., and T. Narten, "Using 127-Bit IPv6 Prefixes on Inter- + Router Links", RFC 6164, DOI 10.17487/RFC6164, April 2011, + . + + [RFC7136] Carpenter, B. and S. Jiang, "Significance of IPv6 + Interface Identifiers", RFC 7136, DOI 10.17487/RFC7136, + February 2014, . + + [RFC7707] Gont, F. and T. Chown, "Network Reconnaissance in IPv6 + Networks", RFC 7707, DOI 10.17487/RFC7707, March 2016, + . + [RFC7721] Cooper, A., Gont, F., and D. Thaler, "Security and Privacy Considerations for IPv6 Address Generation Mechanisms", RFC 7721, DOI 10.17487/RFC7721, March 2016, . + + + + + + + +Bourbaki Expires October 3, 2017 [Page 5] + +Internet-Draft IPv6 is Classless April 2017 + + Author's Address Nicolas Bourbaki @@ -277,4 +322,15 @@ Author's Address -Bourbaki Expires October 21, 2017 [Page 5] + + + + + + + + + + + +Bourbaki Expires October 3, 2017 [Page 6]