draft-ietf-6man-flow-3697bis-02.txt   draft-ietf-6man-flow-3697bis-03.txt 
6MAN S. Amante 6MAN S. Amante
Internet-Draft Level 3 Internet-Draft Level 3
Obsoletes: 3697 (if approved) B. Carpenter Obsoletes: 3697 (if approved) B. Carpenter
Updates: 2205, 2460 (if approved) Univ. of Auckland Updates: 2205, 2460 (if approved) Univ. of Auckland
Intended status: Standards Track S. Jiang Intended status: Standards Track S. Jiang
Expires: September 14, 2011 Huawei Technologies Co., Ltd Expires: November 3, 2011 Huawei Technologies Co., Ltd
J. Rajahalme J. Rajahalme
Nokia-Siemens Networks Nokia Siemens Networks
March 13, 2011 May 2, 2011
IPv6 Flow Label Specification IPv6 Flow Label Specification
draft-ietf-6man-flow-3697bis-02 draft-ietf-6man-flow-3697bis-03
Abstract Abstract
This document specifies the IPv6 Flow Label field and the minimum This document specifies the IPv6 Flow Label field and the minimum
requirements for IPv6 nodes labeling flows, IPv6 nodes forwarding requirements for IPv6 nodes labeling flows, IPv6 nodes forwarding
labeled packets, and flow state establishment methods. Even when labeled packets, and flow state establishment methods. Even when
mentioned as examples of possible uses of the flow labeling, more mentioned as examples of possible uses of the flow labeling, more
detailed requirements for specific use cases are out of scope for detailed requirements for specific use cases are out of scope for
this document. this document.
skipping to change at page 1, line 44 skipping to change at page 1, line 44
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 14, 2011. This Internet-Draft will expire on November 3, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 9 skipping to change at page 3, line 9
the copyright in such materials, this document may not be modified the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other it for publication as an RFC or to translate it into languages other
than English. than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. IPv6 Flow Label Specification . . . . . . . . . . . . . . . . 5 2. IPv6 Flow Label Specification . . . . . . . . . . . . . . . . 5
3. Stateless Flow Labeling Requirements . . . . . . . . . . . . . 7 3. Stateless Flow Labeling Requirements . . . . . . . . . . . . . 6
4. Flow State Establishment Requirements . . . . . . . . . . . . 8 4. Flow State Establishment Requirements . . . . . . . . . . . . 7
5. Essential correction to RFC 2205 . . . . . . . . . . . . . . . 8 5. Essential correction to RFC 2205 . . . . . . . . . . . . . . . 8
6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8
6.1. Theft and Denial of Service . . . . . . . . . . . . . . . 8 6.1. Theft and Denial of Service . . . . . . . . . . . . . . . 8
6.2. IPsec and Tunneling Interactions . . . . . . . . . . . . . 10 6.2. IPsec and Tunneling Interactions . . . . . . . . . . . . . 10
6.3. Security Filtering Interactions . . . . . . . . . . . . . 10 6.3. Security Filtering Interactions . . . . . . . . . . . . . 10
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 7. Differences from RFC 3697 . . . . . . . . . . . . . . . . . . 11
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
9. Change log . . . . . . . . . . . . . . . . . . . . . . . . . . 11 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 10. Change log [RFC Editor: Please remove] . . . . . . . . . . . . 11
10.1. Normative References . . . . . . . . . . . . . . . . . . . 12 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
10.2. Informative References . . . . . . . . . . . . . . . . . . 12 11.1. Normative References . . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12 11.2. Informative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
1. Introduction 1. Introduction
A flow is a sequence of packets sent from a particular source to a From the viewpoint of the network layer, a flow is a sequence of
particular unicast, anycast, or multicast destination that a node packets sent from a particular source to a particular unicast,
desires to label as a flow. A flow could consist of all packets in a anycast, or multicast destination that a node desires to label as a
specific transport connection or a media stream. However, a flow is flow. From an upper layer viewpoint, a flow could consist of all
not necessarily 1:1 mapped to a transport connection. packets in a specific transport connection or a media stream.
However, a flow is not necessarily 1:1 mapped to a transport
connection.
Traditionally, flow classifiers have been based on the 5-tuple of the Traditionally, flow classifiers have been based on the 5-tuple of the
source and destination addresses, ports, and the transport protocol source and destination addresses, ports, and the transport protocol
type. However, some of these fields may be unavailable due to either type. However, some of these fields may be unavailable due to either
fragmentation or encryption, or locating them past a chain of IPv6 fragmentation or encryption, or locating them past a chain of IPv6
extension headers may be inefficient. Additionally, if classifiers extension headers may be inefficient. Additionally, if classifiers
depend only on IP layer headers, later introduction of alternative depend only on IP layer headers, later introduction of alternative
transport layer protocols will be easier. transport layer protocols will be easier.
The usage of the 3-tuple of the Flow Label and the Source and The usage of the 3-tuple of the Flow Label and the Source and
Destination Address fields enables efficient IPv6 flow Destination Address fields enables efficient IPv6 flow
classification, where only IPv6 main header fields in fixed positions classification, where only IPv6 main header fields in fixed positions
are used. are used.
The flow label could be used in both stateless and stateful The flow label could be used in both stateless and stateful
scenarios. A stateless scenario is one where a node that sets the scenarios. A stateless scenario is one where any node that processes
flow label value for all packets of a given flow does not need to the flow label in any way does not need to store any information
store any information about the flow, and any node that processes the about a flow before or after a packet has been processed. A stateful
flow label in any way also does not need to store any information scenario is one where a node that processes the flow label value
after a packet has been processed. A stateful scenario is one where needs to store information about the flow, including the flow label
a node that sets or processes the flow label value needs to store value. A stateful scenario might also require a signaling mechanism
information about the flow, including the flow label value. A to establish flow state in the network.
stateful scenario might also require a signaling mechanism to
establish flow state in the network.
The flow label can be used most simply in stateless scenarios. This The flow label can be used most simply in stateless scenarios. This
specification concentrates on the stateless model and how it can be specification concentrates on the stateless model and how it can be
used as a default mechanism. Details of stateful models, signaling, used as a default mechanism. Details of stateful models, signaling,
specific flow state establishment methods and their related service specific flow state establishment methods and their related service
models are out of scope for this specification. The basic models are out of scope for this specification. The basic
requirement for stateful models is set forth in Section 4. requirement for stateful models is set forth in Section 4.
The minimum level of IPv6 flow support consists of labeling the The minimum level of IPv6 flow support consists of labeling the
flows. A specific goal is to enable and encourage the use of the flows. A specific goal is to enable and encourage the use of the
skipping to change at page 5, line 21 skipping to change at page 5, line 21
correction to [RFC2205] concerning the flow label. correction to [RFC2205] concerning the flow label.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. IPv6 Flow Label Specification 2. IPv6 Flow Label Specification
The 20-bit Flow Label field in the IPv6 header [RFC2460] is used by a The 20-bit Flow Label field in the IPv6 header [RFC2460] is used by a
node to label packets of a flow. A Flow Label of zero is used to node to label packets of a flow. A Flow Label of zero is used to
indicate packets not part of any flow. Packet classifiers can use indicate packets that have not been labeled. Packet classifiers can
the triplet of Flow Label, Source Address, and Destination Address use the triplet of Flow Label, Source Address, and Destination
fields to identify which flow a particular packet belongs to. Address fields to identify which flow a particular packet belongs to.
Packets are processed in a flow-specific manner by nodes that are Packets are processed in a flow-specific manner by nodes that are
able to do so in a stateless manner, or that have been set up with able to do so in a stateless manner, or that have been set up with
flow-specific state. The nature of the specific treatment and the flow-specific state. The nature of the specific treatment and the
methods for flow state establishment are out of scope for this methods for flow state establishment are out of scope for this
specification. However, any node that sets flow label values specification.
according to a stateful scheme MUST ensure that packets conform to
Section 3 of the present specification if they are sent outside the
network domain using the stateful scheme.
As specified below in Section 3, the normal expectation is that flow Flow label values should be chosen such that their bits exhibit a
label values are uniformly distributed. In this specification, it is high degree of variability, making them suitable for use as part of
recommended below that a pseudo-random method should be used to the input to a hash function used in a load distribution scheme. At
achieve such a uniform distribution. Intentionally, there are no the same time, third parties should be unlikely to be able to guess
precise mathematical requirements placed on the distribution or the the next value that a source of flow labels will choose.
pseudo-random method.
Once set to a non-zero value, the Flow Label MUST be delivered In statistics, a discrete uniform distribution is defined as a
unchanged to the destination node(s). A forwarding node MUST NOT probability distribution in which each value in a given range of
change the flow label value in an arriving packet if it is non-zero. equally spaced values (such as a sequence of integers) is equally
However, there are two qualifications to this rule: likely to be chosen as the next value. The values in such a
1. Implementers are advised that forwarding nodes, especially those distribution exhibit both variability and unguessability. Thus, as
acting as domain border devices, might nevertheless be configured specified below in Section 3, an approximation to a discrete uniform
to change the flow label value in packets. This is undetectable, distribution is preferable as the source of flow label values.
unless some future version of IPsec authentication [RFC4302] Intentionally, there are no precise mathematical requirements placed
protects the flow label value. on the distribution or the method used to achieve such a
distribution.
2. To enable stateless load distribution at any point in the Once set to a non-zero value, the Flow Label MUST be delivered
Internet, a network domain should never export packets unchanged to the destination node(s). That is, a forwarding node
originating within the domain whose flow label values do not MUST NOT change the flow label value in an arriving packet if it is
conform to Section 3. However, neither domain border egress non-zero.
routers nor intermediate routers/devices (using a flow-label, for
example, as a part of an input-key for a load-distribution hash)
can determine by inspection that a value is not part of a uniform
distribution. Therefore, if nodes within a domain ignore the
recommendations of Section 3, and such packets are forwarded
outside the domain, this might result in undesirable operational
implications (e.g., congestion, reordering) for not only the
inappropriately flow-labelled packets, but also well-behaved
flow-labelled packets, during forwarding at various intermediate
devices. Thus, a domain must protect its peers by never
exporting inappropriately labelled packets originating within the
domain. This is why nodes using a stateful scheme must not set
the flow label to a non-zero and non-uniformly distributed value
if the packet will leave their domain. If it is known to a
border router that flow labels originated within the domain are
not uniformly distributed, it will need to set outgoing flow
labels in the same manner as described for forwarding nodes in
Section 3.
There is no way to verify whether a flow label has been modified en There is no way to verify whether a flow label has been modified en
route or whether it belongs to a uniform distribution. Therefore, no route or whether it belongs to a uniform distribution. Therefore, no
Internet-wide mechanism can depend mathematically on immutable and Internet-wide mechanism can depend mathematically on immutable and
uniformly distributed flow labels; they have a "best effort" quality. uniformly distributed flow labels; they have a "best effort" quality.
This leads to the following formal rules: This leads to the following formal rules:
o Implementers should be aware that the flow label is an unprotected o Implementers should be aware that the flow label is an unprotected
field that could have been accidentally or intentionally changed field that could have been accidentally or intentionally changed
en route. Implementations MUST take appropriate steps to protect en route (see Section 6).
themselves from being vulnerable to denial of service and other o Forwarding nodes such as routers and load distributors MUST NOT
types of attack that could result (see Section 6.1).
o Forwarding nodes such as routers and load balancers MUST NOT
depend only on Flow Label values being uniformly distributed. In depend only on Flow Label values being uniformly distributed. In
any usage such as a hash key for load distribution, the Flow Label any usage such as a hash key for load distribution, the Flow Label
bits MUST be combined at least with bits from other sources within bits MUST be combined at least with bits from other sources within
the packet, so as to produce a constant hash value for each flow the packet, so as to produce a constant hash value for each flow
and a suitable distribution of hash values across flows. and a suitable distribution of hash values across flows.
Typically the other fields used will be some or all components of
the usual 5-tuple.
Although uniformly distributed flow label values are recommended Although uniformly distributed flow label values are recommended
below, and will always be helpful for load balancing, it is unsafe to below, and will always be helpful for load distribution, it is unsafe
assume their presence in the general case, and the use case needs to to assume their presence in the general case, and the use case needs
work even if the flow label value is zero. to work even if the flow label value is zero.
The use of the Flow Label field does not necessarily signal any
requirement on packet reordering. Especially, the zero label does
not imply that significant reordering is acceptable.
An IPv6 node that does not set the flow label to a non-zero value, or As a general practice, packet flows should not be reordered, and the
make use of it in any way, MUST ignore it when receiving or use of the Flow Label field does not affect this. In particular, a
forwarding a packet. Flow label value of zero does not imply that reordering is
acceptable.
3. Stateless Flow Labeling Requirements 3. Stateless Flow Labeling Requirements
This section defines the minimum requirements for stateless methods This section defines the minimum requirements for stateless methods
of setting the flow label value. of setting the flow label value.
To enable Flow Label based classification, source nodes SHOULD assign To enable Flow Label based classification, source nodes SHOULD assign
each unrelated transport connection and application data stream to a each unrelated transport connection and application data stream to a
new flow. A typical definition of a flow for this purpose is any set new flow. A typical definition of a flow for this purpose is any set
of packets carrying the same 5-tuple {dest addr, source addr, of packets carrying the same 5-tuple {dest addr, source addr,
protocol, dest port, source port}. protocol, dest port, source port}.
It is desirable that flow label values should be uniformly It is desirable that flow label values should be uniformly
distributed to assist load distribution. It is therefore RECOMMENDED distributed to assist load distribution. It is therefore RECOMMENDED
that source hosts support the flow label by setting the flow label that source hosts support the flow label by setting the flow label
field for all packets of a given flow to the same uniformly field for all packets of a given flow to the same value chosen from
distributed pseudo-random value. Both stateful and stateless methods an approximation to a discrete uniform distribution. Both stateful
of assigning a pseudo-random value could be used, but it is outside and stateless methods of assigning a value could be used, but it is
the scope of this specification to mandate an algorithm. In a outside the scope of this specification to mandate an algorithm. The
stateless mechanism, the algorithm SHOULD ensure that the resulting algorithm SHOULD ensure that the resulting flow label values are
flow label values are unique with high probability. unique with high probability. However, if two flows are by chance
assigned the same flow label value, and have the same source and
destination addresses, it simply means that they will receive the
same treatment throughout the network. As long as this is a low
probability event, it will not significantly affect load
distribution.
An OPTIONAL algorithm for generating such a pseudo-random value is A possible stateless algorithm is to use a suitable 20 bit hash of
described in [I-D.gont-6man-flowlabel-security]. values from the IP packet's 5-tuple. An alternative is to to use a
pseudo-random number generator to assign a flow label value for a
given transport session; such a method will require minimal local
state to be kept at the source node. Viewed externally, either
approach will produce values that are effectively uniformly
distributed and pseudo-random.
[[ NOTE TO RFC EDITOR: The preceding sentence should be deleted, and An implementation in which flow labels are assigned sequentially is
the reference should be changed to Informative, if the cited draft is NOT RECOMMENDED, as it would then be simple for third parties to
not on the standards track at the time of publication. ]] guess the next value.
A source node which does not otherwise set the flow label MUST set A source node which does not otherwise set the flow label MUST set
its value to zero. its value to zero.
A node that forwards a flow whose flow label value in arriving A node that forwards a flow whose flow label value in arriving
packets is zero MAY set the flow label value. In that case, it is packets is zero MAY change the flow label value. In that case, it is
RECOMMENDED that the forwarding node sets the flow label field for a RECOMMENDED that the forwarding node sets the flow label field for a
flow to a uniformly distributed pseudo-random value. flow to a uniformly distributed value as just described for source
nodes.
o The same considerations apply as to source hosts setting the flow o The same considerations apply as to source hosts setting the flow
label; in particular, the normal case is that a flow is defined by label; in particular, the normal case is that a flow is defined by
the 5-tuple. the 5-tuple.
o This option, if implemented, would presumably be used by first-hop o This option, if implemented, would presumably be used by first-hop
or ingress routers. It might place a considerable per-packet or ingress routers. It might place a considerable per-packet
processing load on them, even if they adopted a stateless method processing load on them, even if they adopted a stateless method
of flow identification and label assignment. This is why the of flow identification and label assignment. This is why the
principal recommendation is that the source host should set the principal recommendation is that the source host should set the
label. label.
skipping to change at page 8, line 17 skipping to change at page 8, line 4
include routers that set flow labels on behalf of hosts that do not include routers that set flow labels on behalf of hosts that do not
do so. They also recommend that flow labels exported to the Internet do so. They also recommend that flow labels exported to the Internet
are always either zero or uniformly distributed. are always either zero or uniformly distributed.
4. Flow State Establishment Requirements 4. Flow State Establishment Requirements
A node that sets the flow label MAY also take part in a flow state A node that sets the flow label MAY also take part in a flow state
establishment method that results in assigning specific treatments to establishment method that results in assigning specific treatments to
specific flows, possibly including signaling. Any such method MUST specific flows, possibly including signaling. Any such method MUST
NOT disturb nodes taking part in the stateless model just described. NOT disturb nodes taking part in the stateless model just described.
Further details are not discussed in this document.
Thus, any node that sets flow label values according to a stateful
scheme MUST ensure that packets conform to Section 3 of the present
specification if they are sent outside the network domain using the
stateful scheme. Further details are not discussed in this document.
5. Essential correction to RFC 2205 5. Essential correction to RFC 2205
[RFC2460] reduced the size of the flow label field from 24 to 20 [RFC2460] reduced the size of the flow label field from 24 to 20
bits. The references to a 24 bit flow label field on pages 87 and 88 bits. The references to a 24 bit flow label field on pages 87 and 88
of [RFC2205] are updated accordingly. of [RFC2205] are updated accordingly.
6. Security Considerations 6. Security Considerations
This section considers security issues raised by the use of the Flow This section considers security issues raised by the use of the Flow
Label, primarily the potential for denial-of-service attacks, and the Label, primarily the potential for denial-of-service attacks, and the
related potential for theft of service by unauthorized traffic related potential for theft of service by unauthorized traffic
(Section 6.1). Section 6.2 addresses the use of the Flow Label in (Section 6.1). Section 6.2 addresses the use of the Flow Label in
the presence of IPsec including its interaction with IPsec tunnel the presence of IPsec including its interaction with IPsec tunnel
mode and other tunneling protocols. We also note that inspection of mode and other tunneling protocols. We also note that inspection of
unencrypted Flow Labels may allow some forms of traffic analysis by unencrypted Flow Labels may allow some forms of traffic analysis by
revealing some structure of the underlying communications. Even if revealing some structure of the underlying communications. Even if
the flow label were encrypted, its presence as a constant value in a the flow label were encrypted, its presence as a constant value in a
fixed position might assist traffic analysis and cryptoanalysis. fixed position might assist traffic analysis and cryptoanalysis.
The flow label is not protected in any way and can be forged by an The flow label is not protected in any way, even if IPsec
on-path attacker. On the other hand, a uniformly distributed pseudo- authentication [RFC4302] is in use, so it can be forged by an on-path
random flow label cannot be readily guessed by an off-path attacker; attacker. On the other hand, a uniformly distributed pseudo-random
see [I-D.gont-6man-flowlabel-security] for further discussion. flow label cannot be readily guessed by an off-path attacker; see
[I-D.gont-6man-flowlabel-security] for further discussion.
This specification defines the flow label as immutable once it has
been set to a non-zero value. However, implementers are advised that
forwarding nodes, especially those acting as domain border devices,
might nevertheless be configured to change the flow label value in
packets. This is undetectable.
6.1. Theft and Denial of Service 6.1. Theft and Denial of Service
Since the mapping of network traffic to flow-specific treatment is Since the mapping of network traffic to flow-specific treatment is
triggered by the IP addresses and Flow Label value of the IPv6 triggered by the IP addresses and Flow Label value of the IPv6
header, an adversary may be able to obtain unintended service by header, an adversary may be able to obtain unintended service by
modifying the IPv6 header or by injecting packets with false modifying the IPv6 header or by injecting packets with false
addresses and/or labels. Theft of service is not further discussed addresses and/or labels. Theft of service is not further discussed
in this document, since it can only be analysed for specific stateful in this document, since it can only be analysed for specific stateful
methods of using the flow label. However, a denial of service attack methods of using the flow label. However, a denial of service attack
skipping to change at page 9, line 24 skipping to change at page 9, line 20
Note that since the treatment of IP headers by nodes is typically Note that since the treatment of IP headers by nodes is typically
unverified, there is no guarantee that flow labels sent by a node are unverified, there is no guarantee that flow labels sent by a node are
set according to the recommendations in this document. A man-in-the- set according to the recommendations in this document. A man-in-the-
middle or injected-traffic denial of service attack specifically middle or injected-traffic denial of service attack specifically
directed at flow label handling would involve setting unusual flow directed at flow label handling would involve setting unusual flow
labels. For example, an attacker could set all flow labels reaching labels. For example, an attacker could set all flow labels reaching
a given router to the same arbitrary non-zero value, or could perform a given router to the same arbitrary non-zero value, or could perform
rapid cycling of flow label values such that the packets of a given rapid cycling of flow label values such that the packets of a given
flow will each have a different value. Either of these attacks would flow will each have a different value. Either of these attacks would
cause a stateless load distribution algorithm to perform badly and cause a stateless load distribution algorithm to perform badly and
would cause a stateful mechanism to behave incorrectly. For this would cause a stateful classifier to behave incorrectly. For this
reason, stateless mechanisms should not use the flow label alone to reason, stateless classifiers should not use the flow label alone to
control load distribution, and stateful mechanisms should include control load distribution, and stateful classifiers should include
explicit methods to detect and ignore suspect flow label values. explicit methods to detect and ignore suspect flow label values.
Since flows are identified by the 3-tuple of the Flow Label and the Since flows are identified by the 3-tuple of the Flow Label and the
Source and Destination Address, the risk of denial of service Source and Destination Address, the risk of denial of service
introduced by the Flow Label is closely related to the risk of denial introduced by the Flow Label is closely related to the risk of denial
of service by address spoofing. An adversary who is in a position to of service by address spoofing. An adversary who is in a position to
forge an address is also likely to be able to forge a label, and vice forge an address is also likely to be able to forge a label, and vice
versa. versa.
There are two issues with different properties: Spoofing of the Flow There are two issues with different properties: Spoofing of the Flow
skipping to change at page 11, line 10 skipping to change at page 11, line 8
6.3. Security Filtering Interactions 6.3. Security Filtering Interactions
The Flow Label does nothing to eliminate the need for packet The Flow Label does nothing to eliminate the need for packet
filtering based on headers past the IP header, if such filtering is filtering based on headers past the IP header, if such filtering is
deemed necessary for security reasons on nodes such as firewalls or deemed necessary for security reasons on nodes such as firewalls or
filtering routers. filtering routers.
However, security devices that clear or rewrite non-zero flow label However, security devices that clear or rewrite non-zero flow label
values would be in violation of this specification. values would be in violation of this specification.
7. IANA Considerations 7. Differences from RFC 3697
The main differences between this specification and its predecessor
are as follows:
o This specification encourages non-zero flow label values to be
used, and clearly defines how to set a non-zero value.
o It encourages a stateless model with uniformly distributed flow
label values.
o It does not specify any details of a stateful model.
o It retains the rule that the flow label is immutable, but allows
routers to set the label on behalf of hosts that do not do so.
For further details see [I-D.ietf-6man-flow-update].
8. IANA Considerations
This document requests no action by IANA. This document requests no action by IANA.
8. Acknowledgements 9. Acknowledgements
Steve Deering and Alex Conta were co-authors of RFC 3697, on which Steve Deering and Alex Conta were co-authors of RFC 3697, on which
this document is based. this document is based.
Valuable comments and contributions were made by Fred Baker, Steve Valuable comments and contributions were made by Fred Baker, Steve
Blake, Remi Despres, Alan Ford, Fernando Gont, Brian Haberman, Tony Blake, Remi Despres, Alan Ford, Fernando Gont, Brian Haberman, Tony
Hain, Joel Halpern, Qinwen Hu, Chris Morrow, Thomas Narten, Mark Hain, Joel Halpern, Qinwen Hu, Chris Morrow, Thomas Narten, Mark
Smith, Pascal Thubert, Iljitsch van Beijnum, and other participants Smith, Pascal Thubert, Iljitsch van Beijnum, and other participants
in the 6man working group. in the 6man working group.
Contributors to the development of RFC 3697 included Ran Atkinson, Contributors to the development of RFC 3697 included Ran Atkinson,
Steve Blake, Jim Bound, Francis Dupont, Robert Elz, Tony Hain, Robert Steve Blake, Jim Bound, Francis Dupont, Robert Elz, Tony Hain, Robert
Hancock, Bob Hinden, Christian Huitema, Frank Kastenholz, Thomas Hancock, Bob Hinden, Christian Huitema, Frank Kastenholz, Thomas
Narten, Charles Perkins, Pekka Savola, Hesham Soliman, Michael Narten, Charles Perkins, Pekka Savola, Hesham Soliman, Michael
Thomas, Margaret Wasserman, and Alex Zinin. Thomas, Margaret Wasserman, and Alex Zinin.
This document was produced using the xml2rfc tool [RFC2629]. This document was produced using the xml2rfc tool [RFC2629].
9. Change log 10. Change log [RFC Editor: Please remove]
draft-ietf-6man-flow-3697bis-03: update to resolve WGLC comments,
2011-05-02:
o Clarified that the network layer view of flows is agnostic about
transport sessions.
o Honed the definition of stateless v stateful models.
o Honed the text about using a pseudo-random function.
o Moved material about violation of immutability to Security
section, and rephrased accordingly.
o Dropped material about setting the flow label at a domain exit
router: doesn't belong here now that we have dropped almost all
the stateful text.
o Removed normative reference to draft-gont-6man-flowlabel-security.
o Removed the statement that a node that does not set or use the
flow label must ignore it: this statement appears to be a no-op.
o Added a summary of changes from RFC 3697.
o Miscellaneous editorial fixes.
draft-ietf-6man-flow-3697bis-02: update to remove most text about draft-ietf-6man-flow-3697bis-02: update to remove most text about
stateful methods, 2011-03-13 stateful methods, 2011-03-13
draft-ietf-6man-flow-3697bis-01: update after resolving 11 initial draft-ietf-6man-flow-3697bis-01: update after resolving 11 initial
issues, 2011-02-26 issues, 2011-02-26
draft-ietf-6man-flow-3697bis-00: original version, built from RFC3697 draft-ietf-6man-flow-3697bis-00: original version, built from RFC3697
and draft-ietf-6man-flow-update-01, 2011-01-31 and draft-ietf-6man-flow-update-01, 2011-01-31
10. References 11. References
10.1. Normative References
[I-D.gont-6man-flowlabel-security] 11.1. Normative References
Gont, F., "Security Assessment of the IPv6 Flow Label",
draft-gont-6man-flowlabel-security-01 (work in progress),
November 2010.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2205] Braden, B., Zhang, L., Berson, S., Herzog, S., and S. [RFC2205] Braden, B., Zhang, L., Berson, S., Herzog, S., and S.
Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1 Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1
Functional Specification", RFC 2205, September 1997. Functional Specification", RFC 2205, September 1997.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
10.2. Informative References 11.2. Informative References
[I-D.gont-6man-flowlabel-security]
Gont, F., "Security Assessment of the IPv6 Flow Label",
draft-gont-6man-flowlabel-security-01 (work in progress),
November 2010.
[I-D.ietf-6man-flow-update] [I-D.ietf-6man-flow-update]
Amante, S., Carpenter, B., and S. Jiang, "Rationale for Amante, S., Carpenter, B., and S. Jiang, "Rationale for
update to the IPv6 flow label specification", update to the IPv6 flow label specification",
draft-ietf-6man-flow-update-03 (work in progress), draft-ietf-6man-flow-update-04 (work in progress),
February 2011. March 2011.
[RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629,
June 1999. June 1999.
[RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", BCP 38, RFC 2827, May 2000. Address Spoofing", BCP 38, RFC 2827, May 2000.
[RFC3697] Rajahalme, J., Conta, A., Carpenter, B., and S. Deering, [RFC3697] Rajahalme, J., Conta, A., Carpenter, B., and S. Deering,
"IPv6 Flow Label Specification", RFC 3697, March 2004. "IPv6 Flow Label Specification", RFC 3697, March 2004.
skipping to change at page 13, line 23 skipping to change at page 14, line 4
Email: shane@level3.net Email: shane@level3.net
Brian Carpenter Brian Carpenter
Department of Computer Science Department of Computer Science
University of Auckland University of Auckland
PB 92019 PB 92019
Auckland, 1142 Auckland, 1142
New Zealand New Zealand
Email: brian.e.carpenter@gmail.com Email: brian.e.carpenter@gmail.com
Sheng Jiang Sheng Jiang
Huawei Technologies Co., Ltd Huawei Technologies Co., Ltd
Huawei Building, No.3 Xinxi Rd., Huawei Building, No.3 Xinxi Rd.,
Shang-Di Information Industry Base, Hai-Dian District, Beijing Shang-Di Information Industry Base, Hai-Dian District, Beijing
P.R. China P.R. China
Email: shengjiang@huawei.com Email: jiangsheng@huawei.com
Jarno Rajahalme Jarno Rajahalme
Nokia-Siemens Networks Nokia Siemens Networks
TBD Linnoitustie 6
TBD 02600 Espoo
Finland Finland
Email: jarno.rajahalme@nsn.com Email: jarno.rajahalme@nsn.com
 End of changes. 35 change blocks. 
124 lines changed or deleted 155 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/