| draft-ietf-ipv6-node-requirements-02.txt | draft-ietf-ipv6-node-requirements-03.txt | |||
|---|---|---|---|---|
| IPv6 Working Group John Loughney (ed) | IPv6 Working Group John Loughney (ed) | |||
| Internet-Draft Nokia | Internet-Draft Nokia | |||
| October 31, 2002 | March 3, 2003 | |||
| Expires: April 31, 2003 | Expires: September 3, 2003 | |||
| IPv6 Node Requirements | IPv6 Node Requirements | |||
| draft-ietf-ipv6-node-requirements-02.txt | draft-ietf-ipv6-node-requirements-03.txt | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of RFC2026. | all provisions of Section 10 of RFC2026. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| skipping to change at page 1, line 33 | skipping to change at page 1, line 33 | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on April 31, 2003 | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (2002). All Rights Reserved. | Copyright (C) The Internet Society (2003). All Rights Reserved. | |||
| Abstract | Abstract | |||
| This document defines requirements for IPv6 nodes. It is expected | This document defines requirements for IPv6 nodes. It is expected | |||
| that IPv6 will be deployed in a wide range of devices and situations. | that IPv6 will be deployed in a wide range of devices and situations. | |||
| Specifying the requirements for IPv6 nodes allows IPv6 to function | Specifying the requirements for IPv6 nodes allows IPv6 to function | |||
| well and interoperate in a large number of situations and | well and interoperate in a large number of situations and | |||
| deployments. | deployments. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction | 1. Introduction | |||
| 1.1 Scope of this Document | 1.1 Scope of this Document | |||
| 1.2 Description of IPv6 Nodes | 1.2 Description of IPv6 Nodes & Conformance Groups | |||
| 2. Abbreviations Used in This Document | 2. Abbreviations Used in This Document | |||
| 3. Sub-IP Layer | 3. Sub-IP Layer | |||
| 3.1 RFC2464 - Transmission of IPv6 Packets over Ethernet Networks | 3.1 RFC2464 - Transmission of IPv6 Packets over Ethernet Networks | |||
| 3.2 RFC2472 - IP version 6 over PPP | 3.2 RFC2472 - IP version 6 over PPP | |||
| 3.3 RFC2492 - IPv6 over ATM Networks | 3.3 RFC2492 - IPv6 over ATM Networks | |||
| 4. IP Layer | 4. IP Layer | |||
| 4.1 General | 4.1 Internet Protocol Version 6 - RFC2460 | |||
| 4.2 Neighbor Discovery | 4.2 Neighbor Discovery for IPv6 - RFC2461 | |||
| 4.3 Path MTU Discovery & Packet Size | 4.3 Path MTU Discovery & Packet Size | |||
| 4.4 RFC2463 - ICMP for the Internet Protocol Version 6 (IPv6) | 4.4 ICMP for the Internet Protocol Version 6 (IPv6) - RFC2463 | |||
| 4.5 Addressing | 4.5 Addressing | |||
| 4.6 Other | 4.6 Multicast Listener Discovery (MLD) for IPv6 - RFC2710 | |||
| 5. Transport and DNS | 5. Transport and DNS | |||
| 5.1 Transport Layer | 5.1 Transport Layer | |||
| 5.2 DNS | 5.2 DNS | |||
| 5.3 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) | 5.3 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) | |||
| 6. IPv4 Support and Transition | 6. IPv4 Support and Transition | |||
| 6.1 Transition Mechanisms | 6.1 Transition Mechanisms | |||
| 7. Mobility | 7. Mobility | |||
| 7.1 Mobile IP | ||||
| 7.2 Generic Packet Tunneling in IPv6 Specification - RFC2473 | ||||
| 8. Security | 8. Security | |||
| 8.1 Basic Architecture | 8.1 Basic Architecture | |||
| 8.2 Security Protocols | 8.2 Security Protocols | |||
| 8.3 Transforms and Algorithms | 8.3 Transforms and Algorithms | |||
| 8.4 Key Management Method | 8.4 Key Management Methods | |||
| 9. Router Functionality | 9. Router Functionality | |||
| 9.1 General | 9.1 General | |||
| 10. Network Management | 10. Network Management | |||
| 10.1 MIBs | 10.1 MIBs | |||
| 11. Security Considerations | 11. Security Considerations | |||
| 12. References | 12. References | |||
| 12.1 Normative | 12.1 Normative | |||
| 12.2 Non-Normative | 12.2 Non-Normative | |||
| 13. Authors and Acknowledgements | 13. Authors and Acknowledgements | |||
| 14. Editor's Address | 14. Editor's Address | |||
| Appendix A: Change history | Appendix A: Change history | |||
| Appendix B: List of Specifications Included | Appendix B: Specifications Not Included | |||
| Appendix C: Specifications Not Included | Appendix C: Notices | |||
| 1. Introduction | 1. Introduction | |||
| The goal of this document is to define a minimal set of functionality | The goal of this document is to define the set of functionality | |||
| required for an IPv6 node. Many IPv6 nodes will implement optional | required for an IPv6 node. Many IPv6 nodes will implement optional | |||
| or additional features, but all IPv6 nodes can be expected to | or additional features, but all IPv6 nodes can be expected to | |||
| implement the requirements listed in this document. | implement the mandatory requirements listed in this document. | |||
| The document is written to minimize protocol discussion in this | This document tries to avoid discussion of protocol details, and | |||
| document but instead make pointers to RFCs. In case of any | references RFCs for this purpose. In case of any conflicting text, | |||
| conflicting text, this document takes less precedence than the | this document takes less precedence than the normative RFCs, unless | |||
| normative RFCs, unless additional clarifying text is included in this | additional clarifying text is included in this document. | |||
| document. | ||||
| During the process of writing this document, any issue raised | During the process of writing this document, any issue raised | |||
| regarding the normative RFCs, the consensus is, whenever possible, to | regarding the normative RFCs, the consensus is, whenever possible, to | |||
| fix the RFCs and not to add text in this document. However, it may be | fix the RFCs and not to add text in this document. However, it may be | |||
| useful to include this information in an appendix for informative | useful to include this information in an appendix for informative | |||
| purposes. | purposes. | |||
| Although the document points to different specifications, it should | Although the document points to different specifications, it should | |||
| be noted that in most cases, the granularity of requirements are | be noted that in most cases, the granularity of requirements are | |||
| smaller than a single specification, as many specifications define | smaller than a single specification, as many specifications define | |||
| multiple, independent pieces, some of which may not be mandatory. | multiple, independent pieces, some of which may not be mandatory. | |||
| As it is not always possible for an implementer to know the exact | As it is not always possible for an implementer to know the exact | |||
| usage of IPv6 in a node, an overriding requirement for IPv6 nodes is | usage of IPv6 in a node, an overriding requirement for IPv6 nodes is | |||
| that they should adhere to John Postel's Robustness Principle: | that they should adhere to John Postel's Robustness Principle: | |||
| Be conservative in what you do, be liberal in what you accept from | Be conservative in what you do, be liberal in what you accept from | |||
| others. [RFC793]. | others. [RFC793]. | |||
| 1.1 Scope of this Document | 1.1 Requirement Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | ||||
| document are to be interpreted as described in RFC 2119 [RFC-2119]. | ||||
| 1.2 Scope of this Document | ||||
| IPv6 covers many specifications. It is intended that IPv6 will be | IPv6 covers many specifications. It is intended that IPv6 will be | |||
| deployed in many different situations and environments. Therefore, | deployed in many different situations and environments. Therefore, | |||
| it is important to develop the requirements for IPv6 nodes, in order | it is important to develop the requirements for IPv6 nodes, in order | |||
| to ensure interoperability. | to ensure interoperability. | |||
| This document assumes that all IPv6 nodes meet the minimum | This document assumes that all IPv6 nodes meet the minimum | |||
| requirements specified here. | requirements specified here. | |||
| 1.2 Description of IPv6 Nodes | 1.2 Description of IPv6 Nodes | |||
| skipping to change at page 4, line 27 | skipping to change at page 4, line 32 | |||
| ATM Asynchronous Transfer Mode | ATM Asynchronous Transfer Mode | |||
| AH Authentication Header | AH Authentication Header | |||
| DAD Duplicate Address Detection | DAD Duplicate Address Detection | |||
| ESP Encapsulating Security Payload | ESP Encapsulating Security Payload | |||
| ICMP Internet Control Message Protocol | ICMP Internet Control Message Protocol | |||
| IKE Internet Key Exchange | ||||
| MIB Management Information Base | MIB Management Information Base | |||
| MLD Multicast Listener Discovery | ||||
| MTU Maximum Transfer Unit | MTU Maximum Transfer Unit | |||
| NA Neighbor Advertisement | NA Neighbor Advertisement | |||
| NBMA Non-Broadcast Multiple Access | NBMA Non-Broadcast Multiple Access | |||
| ND Neighbor Discovery | ND Neighbor Discovery | |||
| NS Neighbor Solicitation | NS Neighbor Solicitation | |||
| NUD Neighbor Unreachability Detection | NUD Neighbor Unreachability Detection | |||
| PPP Point-to-Point Protocol | PPP Point-to-Point Protocol | |||
| PVC Permanent Virtual Circuit | ||||
| SVC Switched Virtual Circuit | ||||
| ULP Upper Layer Protocol | ULP Upper Layer Protocol | |||
| 3. Sub-IP Layer | 3. Sub-IP Layer | |||
| An IPv6 node must follow the RFC related to the link-layer that is | An IPv6 node must follow the RFC related to the link-layer that is | |||
| sending packet. By definition, these specifications are required | sending packet. By definition, these specifications are required | |||
| based upon what layer-2 is used. In general, it is reasonable to be | based upon what layer-2 is used. In general, it is reasonable to be | |||
| a conformant IPv6 node and NOT support some legacy interfaces. | a conformant IPv6 node and NOT support some legacy interfaces. | |||
| As IPv6 is run over new layer 2 technologies, it is expected that new | As IPv6 is run over new layer 2 technologies, it is expected that new | |||
| specifications will be issued. This section highlights some major | specifications will be issued. This section highlights some major | |||
| layer 2 technologies and is not intended to be complete. | layer 2 technologies and is not intended to be complete. | |||
| 3.1 RFC2464 - Transmission of IPv6 Packets over Ethernet Networks | 3.1 Transmission of IPv6 Packets over Ethernet Networks - RFC2464 | |||
| Transmission of IPv6 Packets over Ethernet Networks [RFC-2464] MUST | Transmission of IPv6 Packets over Ethernet Networks [RFC-2464] MUST | |||
| be supported for nodes supporting Ethernet interfaces. | be supported for nodes supporting Ethernet interfaces. | |||
| 3.2 RFC2472 - IP version 6 over PPP | 3.2 IP version 6 over PPP - RFC2472 | |||
| IPv6 over PPP [RFC-2472] is MUST be supported for nodes that use PPP. | IPv6 over PPP [RFC-2472] MUST be supported for nodes that use PPP. | |||
| 3.3 RFC2492 - IPv6 over ATM Networks | 3.3 IPv6 over ATM Networks - RFC2492 | |||
| IPv6 over ATM Networks [RFC2492] is MUSt be supported for nodes | IPv6 over ATM Networks [RFC2492] MUST be supported for nodes | |||
| supporting ATM interfaces. Additionally, the specification states: | supporting ATM interfaces. Additionally, the specification states: | |||
| A minimally conforming IPv6/ATM driver SHALL support the PVC mode | A minimally conforming IPv6/ATM driver SHALL support the PVC mode | |||
| of operation. An IPv6/ATM driver that supports the full SVC mode | of operation. An IPv6/ATM driver that supports the full SVC mode | |||
| SHALL also support PVC mode of operation. | SHALL also support PVC mode of operation. | |||
| 4. IP Layer | 4. IP Layer | |||
| 4.1 General | 4.1 Internet Protocol Version 6 - RFC2460 | |||
| 4.1.1 RFC2460 - Internet Protocol Version 6 | ||||
| The Internet Protocol Version 6 is specified in [RFC-2460]. This | The Internet Protocol Version 6 is specified in [RFC-2460]. This | |||
| specification MUST be supported. | specification MUST be supported. | |||
| Unrecognized options in Hop-by-Hop Options or Destination Options | Unrecognized options in Hop-by-Hop Options or Destination Options | |||
| extensions MUST be processed as described in RFC 2460. | extensions MUST be processed as described in RFC 2460. | |||
| The node MUST follow the packet transmission rules in RFC 2460. | The node MUST follow the packet transmission rules in RFC 2460. | |||
| Nodes MUST always be able to receive fragment headers. However, if it | Nodes MUST always be able to receive fragment headers. However, if it | |||
| does not implement path MTU discovery it may not need to send | does not implement path MTU discovery it may not need to send | |||
| fragment headers. However, nodes that do not implement transmission | fragment headers. However, nodes that do not implement transmission | |||
| of fragment headers need to impose limitation to payload size of | of fragment headers need to impose limitation to payload size of | |||
| layer 4 protocols. | layer 4 protocols. | |||
| The capability of being a final destination MUST be supported, | The capability of being a final destination MUST be supported, | |||
| whereas the capability of being an intermediate destination is MAY be | whereas the capability of being an intermediate destination MAY be | |||
| supported(i.e. - host functionality vs. router functionality). | supported(i.e. - host functionality vs. router functionality). | |||
| RFC 2460 specifies extension headers and the processing for these | RFC 2460 specifies extension headers and the processing for these | |||
| headers. | headers. | |||
| A full implementation of IPv6 includes implementation of the | A full implementation of IPv6 includes implementation of the | |||
| following extension headers: Hop-by-Hop Options, Routing (Type 0), | following extension headers: Hop-by-Hop Options, Routing (Type 0), | |||
| Fragment, Destination Options, Authentication and Encapsulating | Fragment, Destination Options, Authentication and Encapsulating | |||
| Security Payload. [RFC2460] | Security Payload. [RFC2460] | |||
| An IPv6 node MUST be able to process these headers. It should be | An IPv6 node MUST be able to process these headers. It should be | |||
| noted that there is some discussion about the use of Routing Headers | noted that there is some discussion about the use of Routing Headers | |||
| and possible security threats [IPv6-RH] caused by them. | and possible security threats [IPv6-RH] caused by them. | |||
| 4.2 Neighbor Discovery | 4.2 Neighbor Discovery for IPv6 - RFC2461 | |||
| 4.2.1 RFC2461 - Neighbor Discovery for IPv6 | ||||
| Neighbor Discovery is SHOULD be supported. RFC 2461 states: | Neighbor Discovery SHOULD be supported. RFC 2461 states: | |||
| "Unless specified otherwise (in a document that covers operating | "Unless specified otherwise (in a document that covers operating | |||
| IP over a particular link type) this document applies to all link | IP over a particular link type) this document applies to all link | |||
| types. However, because ND uses link-layer multicast for some of | types. However, because ND uses link-layer multicast for some of | |||
| its services, it is possible that on some link types (e.g., NBMA | its services, it is possible that on some link types (e.g., NBMA | |||
| links) alternative protocols or mechanisms to implement those | links) alternative protocols or mechanisms to implement those | |||
| services will be specified (in the appropriate document covering | services will be specified (in the appropriate document covering | |||
| the operation of IP over a particular link type). The services | the operation of IP over a particular link type). The services | |||
| described in this document that are not directly dependent on | described in this document that are not directly dependent on | |||
| multicast, such as Redirects, Next-hop determination, Neighbor | multicast, such as Redirects, Next-hop determination, Neighbor | |||
| Unreachability Detection, etc., are expected to be provided as | Unreachability Detection, etc., are expected to be provided as | |||
| specified in this document. The details of how one uses ND on | specified in this document. The details of how one uses ND on | |||
| NBMA links is an area for further study." | NBMA links is an area for further study." | |||
| Some detailed analysis of Neighbor discovery follows: | Some detailed analysis of Neighbor discovery follows: | |||
| Router Discovery is how hosts locate routers that reside on an | Router Discovery is how hosts locate routers that reside on an | |||
| attached link. Router Discovery is MUST be supported for | attached link. Router Discovery MUST be supported for | |||
| implementations. However, an implementation MAY support disabling | implementations. However, an implementation MAY support disabling | |||
| this function. | this function. | |||
| Prefix Discovery is how hosts discover the set of address prefixes | Prefix Discovery is how hosts discover the set of address prefixes | |||
| that define which destinations are on-link for an attached link. | that define which destinations are on-link for an attached link. | |||
| Prefix discovery is MUST be supported for implementations. However, | Prefix discovery MUST be supported for implementations. However, the | |||
| the implementation MAY support the option of disabling this function. | implementation MAY support the option of disabling this function. | |||
| Neighbor Unreachability Detection (NUD) MUST be supported for all | Neighbor Unreachability Detection (NUD) MUST be supported for all | |||
| paths between hosts and neighboring nodes. It is not required for | paths between hosts and neighboring nodes. It is not required for | |||
| paths between routers. It is required for multicast. However, when a | paths between routers. It is required for multicast. However, when a | |||
| node receives a unicast Neighbor Solicitation (NS) message (that may | node receives a unicast Neighbor Solicitation (NS) message (that may | |||
| be a NUD's NS), the node MUST respond to it (i.e. send a unicast | be a NUD's NS), the node MUST respond to it (i.e. send a unicast | |||
| Neighbor Advertisement). | Neighbor Advertisement). | |||
| Duplicate Address Detection is MUST be supported (RFC2462 section 5.4 | Duplicate Address Detection MUST be supported (RFC2462 section 5.4 | |||
| specifies DAD MUST take place on all unicast addresses). | specifies DAD MUST take place on all unicast addresses). | |||
| Sending Router Solicitation MUST be supported for host | Sending Router Solicitation MUST be supported for host | |||
| implementation, but MAY support a configuration option to disable | implementation, but MAY support a configuration option to disable | |||
| this functionality. | this functionality. | |||
| Receiving and processing Router Advertisements MUST be supported for | Receiving and processing Router Advertisements MUST be supported for | |||
| host implementation s. However, the implementation MAY support the | host implementation s. However, the implementation MAY support the | |||
| option of disabling this function. The ability to understand specific | option of disabling this function. The ability to understand specific | |||
| Router Advertisements is dependent on supporting the specification | Router Advertisements is dependent on supporting the specification | |||
| skipping to change at page 7, line 25 | skipping to change at page 7, line 35 | |||
| Sending and Receiving Neighbor Solicitation (NS) and Neighbor | Sending and Receiving Neighbor Solicitation (NS) and Neighbor | |||
| Advertisement (NA) MUST be supported. NS and NA messages are required | Advertisement (NA) MUST be supported. NS and NA messages are required | |||
| for Duplicate Address Detection (DAD). | for Duplicate Address Detection (DAD). | |||
| Redirect Function SHOULD be supported. If the node is a router, | Redirect Function SHOULD be supported. If the node is a router, | |||
| Redirect Function MUST be supported. | Redirect Function MUST be supported. | |||
| 4.3 Path MTU Discovery & Packet Size | 4.3 Path MTU Discovery & Packet Size | |||
| 4.3.1 RFC1981 - Path MTU Discovery | 4.3.1 Path MTU Discovery - RFC1981 | |||
| Path MTU Discovery [RFC-1981] MAY be supported. Nodes with a link | Path MTU Discovery [RFC-1981] MAY be supported. Nodes with a link | |||
| MTU larger than the minimum IPv6 link MTU (1280 octets) can use Path | MTU larger than the minimum IPv6 link MTU (1280 octets) can use Path | |||
| MTU Discovery in order to discover the real path MTU. The relative | MTU Discovery in order to discover the real path MTU. The relative | |||
| overhead of IPv6 headers is minimized through the use of longer | overhead of IPv6 headers is minimized through the use of longer | |||
| packets, thus making better use of the available bandwidth. | packets, thus making better use of the available bandwidth. | |||
| The IPv6 specification [RFC-2460] states in chapter 5 that "a minimal | The IPv6 specification [RFC-2460] states in chapter 5 that "a minimal | |||
| IPv6 implementation (e.g., in a boot ROM) may simply restrict itself | IPv6 implementation (e.g., in a boot ROM) may simply restrict itself | |||
| to sending packets no larger than 1280 octets, and omit | to sending packets no larger than 1280 octets, and omit | |||
| implementation of Path MTU Discovery." | implementation of Path MTU Discovery." | |||
| If Path MTU Discovery is not implemented then the sending packet size | If Path MTU Discovery is not implemented then the sending packet size | |||
| is limited to 1280 octets (standard limit in [RFC-2460]). However, if | is limited to 1280 octets (standard limit in [RFC-2460]). However, if | |||
| this is done, the host MUST be able to receive packets with size up | this is done, the host MUST be able to receive packets with size up | |||
| to the link MTU before reassembly. This is because the node at the | to the link MTU before reassembly. This is because the node at the | |||
| other side of the link has no way of knowing less than the MTU is | other side of the link has no way of knowing less than the MTU is | |||
| accepted. | accepted. | |||
| 4.3.2 RFC2675 - IPv6 Jumbograms | 4.3.2 IPv6 Jumbograms - RFC2675 | |||
| IPv6 Jumbograms [RFC2675] MAY be supported. | IPv6 Jumbograms [RFC2675] MAY be supported. | |||
| 4.4 RFC2463 - ICMP for the Internet Protocol Version 6 (IPv6) | 4.4 ICMP for the Internet Protocol Version 6 (IPv6) - RFC2463 | |||
| ICMPv6 [RFC-2463] MUST be supported. | ICMPv6 [RFC-2463] MUST be supported. | |||
| 4.5 Addressing | 4.5 Addressing | |||
| Currently, there is discussion on-going on support for site-local | Currently, there is discussion on-going on support for site-local | |||
| addressing. | addressing. | |||
| 4.5.1 RFC2373 - IP Version 6 Addressing Architecture | 4.5.1 IP Version 6 Addressing Architecture - RFC2373 | |||
| The IPv6 Addressing Architecture [RFC-2373] MUST be supported. | The IPv6 Addressing Architecture [RFC-2373] MUST be supported. | |||
| Currently, this specification is being updated by [ADDRARCHv3]. | Currently, this specification is being updated by [ADDRARCHv3]. | |||
| 4.5.2 RFC2462 - IPv6 Stateless Address Autoconfiguration | 4.5.2 IPv6 Stateless Address Autoconfiguration - RFC2462 | |||
| IPv6 Stateless Address Autoconfiguration is defined in [RFC-2462]. | IPv6 Stateless Address Autoconfiguration is defined in [RFC-2462]. | |||
| This specification MUST be supported for nodes that are hosts. | This specification MUST be supported for nodes that are hosts. | |||
| Nodes that are routers MUST be able to generate link local addresses | Nodes that are routers MUST be able to generate link local addresses | |||
| as described in this specification. | as described in this specification. | |||
| From 2462: | From 2462: | |||
| The autoconfiguration process specified in this document applies | The autoconfiguration process specified in this document applies | |||
| skipping to change at page 8, line 37 | skipping to change at page 8, line 47 | |||
| information advertised by routers, routers will need to be | information advertised by routers, routers will need to be | |||
| configured by some other means. However, it is expected that | configured by some other means. However, it is expected that | |||
| routers will generate link-local addresses using the mechanism | routers will generate link-local addresses using the mechanism | |||
| described in this document. In addition, routers are expected to | described in this document. In addition, routers are expected to | |||
| successfully pass the Duplicate Address Detection procedure | successfully pass the Duplicate Address Detection procedure | |||
| described in this document on all addresses prior to assigning | described in this document on all addresses prior to assigning | |||
| them to an interface. | them to an interface. | |||
| Duplicate Address Detection (DAD) MUST be supported. | Duplicate Address Detection (DAD) MUST be supported. | |||
| 4.5.3 RFC3041 - Privacy Extensions for Address Configuration in IPv6 | 4.5.3 Privacy Extensions for Address Configuration in IPv6 - RFC3041 | |||
| Privacy Extensions for Stateless Address Autoconfiguration [RFC-3041] | Privacy Extensions for Stateless Address Autoconfiguration [RFC-3041] | |||
| MAY be supported. Currently, there is discussion of the | SHOULD be supported. It is recommended that this behavior be | |||
| applicability of temporary addresses. | configurable on a connection basis within each application when | |||
| available. It is noted that a number of applications do not work | ||||
| with addresses generated with this method, while other applications | ||||
| work quite well with them. | ||||
| 4.5.4 Default Address Selection for IPv6 | 4.5.4 Default Address Selection for IPv6 | |||
| Default Address Selection for IPv6 [DEFADDR] SHOULD be supported, if | Default Address Selection for IPv6 [DEFADDR] SHOULD be supported, if | |||
| a node has more than one IPv6 address per interface or a node has | a node has more than one IPv6 address per interface or a node has | |||
| more that one IPv6 interface (physical or logical) configured. | more that one IPv6 interface (physical or logical) configured. | |||
| The rules specified in the document are the only MUST to implement | If supported, the rules specified in the document MUST be | |||
| portion of the architecture. A node MUST belong to one site. There | implemented. A node needs to belong to one site, however there is no | |||
| is no requirement that a node be able to belong to more than one. | requirement that a node be able to belong to more than one site. | |||
| This draft has been approved as a proposed standard. | This draft has been approved as a proposed standard. | |||
| 4.5.5 Stateful Address Autoconfiguration | 4.5.5 Stateful Address Autoconfiguration | |||
| Stateful Address Autoconfiguration MAY be supported. For those IPv6 | Stateful Address Autoconfiguration MAY be supported. DHCP [DHCPv6] | |||
| Nodes that implement a stateful configuration mechanism such as | is the standard stateful address configuration protocol. See section | |||
| [DHCPv6], those nodes MUST initiate stateful address | 5.3 for details on DHCP. | |||
| autoconfiguration upon the receipt of a Router Advertisement with the | ||||
| Managed address flag set. In addition, as defined in [RFC2462], in | ||||
| the absence of a router, hosts that implement a stateful | ||||
| configuration mechanism such as [DHCPv6] MUST attempt to use stateful | ||||
| address autoconfiguration. | ||||
| For IPv6 Nodes that do not implement the optional stateful | ||||
| configuration mechanisms such as [DHCPv6], the Managed Address flag | ||||
| of a Router Advertisement can be ignored. Furthermore, in the | ||||
| absence of a router, this type of node is not required to initiate | ||||
| stateful address autoconfiguration as specified in [RFC2462]. | ||||
| 4.6 Other | ||||
| 4.6.1 RFC2473 - Generic Packet Tunneling in IPv6 Specification | ||||
| Generic Packet Tunneling [RFC-2473] MUST be suppored for nodes | ||||
| implementing mobile node functionality or Home Agent functionality of | ||||
| Mobile IP [MIPv6]. | ||||
| 4.6.2 RFC2710 - Multicast Listener Discovery (MLD) for IPv6 | 4.6 Multicast Listener Discovery (MLD) for IPv6 - RFC2710 | |||
| Multicast Listener Discovery [RFC-2710] MUST be supported by nodes | Multicast Listener Discovery [RFC-2710] MUST be supported by nodes | |||
| supporting multicast applications. A primary IPv6 multicast | supporting multicast applications. A primary IPv6 multicast | |||
| application is Neighbor Discovery (all those solicited-node mcast | application is Neighbor Discovery (all those solicited-node mcast | |||
| addresses must be joined). | addresses must be joined). | |||
| When MLDv2 [MLDv2] has been completed, it SHOULD take precedence over | When MLDv2 [MLDv2] has been completed, it SHOULD take precedence over | |||
| MLD. | MLD. | |||
| 5. Transport Layer and DNS | 5. Transport Layer and DNS | |||
| 5.1 Transport Layer | 5.1 Transport Layer | |||
| 5.1.1 RFC2147 - TCP and UDP over IPv6 Jumbograms | 5.1.1 TCP and UDP over IPv6 Jumbograms - RFC2147 | |||
| This specification is MUST be supported if jumbograms are implemented | This specification MUST be supported if jumbograms are implemented | |||
| [RFC-2675]. One open issue is if this document needs to be updated, | [RFC-2675]. One open issue is if this document needs to be updated, | |||
| as it refers to an obsoleted document. | as it refers to an obsoleted document. | |||
| 5.2 DNS | 5.2 DNS | |||
| DNS, as described in [RFC-1034], [RFC-1035] and [RFC-1886] MAY be | ||||
| supported. Not all nodes will need to resolve addresses. | ||||
| 5.2.1 RFC2874 - DNS Extensions to Support IPv6 Address Aggregation and | DNS, as described in [RFC-1034], [RFC-1035], [RFC-1886], [RFC-3152] | |||
| Renumbering | and [RFC-3363] MAY be supported. Not all nodes will need to resolve | |||
| addresses. Note that RFC 1886 is currently being updated [RFC-1886- | ||||
| DNS Extensions to Support IPv6 Address Aggregation and Renumbering | BIS]. | |||
| MAY be supported. | ||||
| 5.2.2 RFC2732 - Format for Literal IPv6 Addresses in URL's | 5.2.2 Format for Literal IPv6 Addresses in URL's - RFC2732 | |||
| RFC 2732 is MUST be supported if applications on the node use URL's. | RFC 2732 MUST be supported if applications on the node use URL's. | |||
| 5.3 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) | 5.3 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) | |||
| The Dynamic Host Configuration Protocol for IPv6 [DHCPv6] is MAY be | An IPv6 node that does not include an implementation of DHCP will be | |||
| supported. | unable to obtain any IPv6 addresses aside from link-local addresses | |||
| when it is connected to a link over which it receives a router | ||||
| advertisement with the 'M' flag (Managed address configuration) set | ||||
| and which contains no prefixes advertised for Stateless Address | ||||
| Autoconfiguration (see section 4.5.2). An IPv6 node that receives a | ||||
| router advertisement with the 'M' flag set and that contains | ||||
| advertised prefixes will configure interfaces with both stateless | ||||
| autoconfiguration addresses and addresses obtained through DHCP. | ||||
| For those IPv6 Nodes that implement DHCP, those nodes MUST use DHCP | ||||
| upon the receipt of a Router Advertisement with the 'M' flag set (see | ||||
| section 5.5.3 of RFC2462). In addition, in the absence of a router, | ||||
| IPv6 Nodes that implement DHCP MUST attempt to use DHCP. | ||||
| For IPv6 Nodes that do not implement DHCP, the 'M' flag of a Router | ||||
| Advertisement can be ignored. Furthermore, in the absence of a | ||||
| router, this type of node is not required to initiate DHCP. | ||||
| An IPv6 node that does not include an implementation of DHCP will be | ||||
| unable to dynamically obtain any IPv6 addresses aside from link-local | ||||
| addresses when it is connected to a link over which it receives a | ||||
| router advertisement with the 'M' flag (Managed address | ||||
| configuration) set and which contains no prefixes advertised for | ||||
| Stateless Address Autoconfiguration (see section 4.5.2). In this | ||||
| situation, the IPv6 Node will be unable to communicate with other | ||||
| off-link nodes unless a global or site-local IPv6 address is manually | ||||
| configured. | ||||
| 6. IPv4 Support and Transition | 6. IPv4 Support and Transition | |||
| IPv6 nodes MAY support IPv4. However, this document should consider | IPv6 nodes MAY support IPv4. | |||
| the following cases: native IPv6 only; native IPv6 with IPv4 | ||||
| supported only via tunneling over IPv6; and native IPv6 and native | ||||
| IPv4 both fully supported. | ||||
| 6.1 Transition Mechanisms | 6.1 Transition Mechanisms | |||
| IPv6 nodes SHOULD use native address instead of transition-based | IPv6 nodes SHOULD use native address instead of transition-based | |||
| addressing. | addressing. | |||
| 6.1.1 RFC2893 - Transition Mechanisms for IPv6 Hosts and Routers | 6.1.1 Transition Mechanisms for IPv6 Hosts and Routers - RFC2893 | |||
| If an IPv6 node implement dual stack and/or tunneling, then RFC2893 | If an IPv6 node implement dual stack and/or tunneling, then RFC2893 | |||
| MUST be supported. | MUST be supported. | |||
| This document is currently being updated. | This document is currently being updated. | |||
| 7. Mobility | 7. Mobility | |||
| Currently, the MIPv6 specification [MIPv6] is nearing completion. | Currently, the MIPv6 specification [MIPv6] is nearing completion. | |||
| Mobile IPv6 places some requirements on IPv6 nodes. This document is | Mobile IPv6 places some requirements on IPv6 nodes. This document is | |||
| not meant to prescribe behaviors, but to capture the consensus of | not meant to prescribe behaviors, but to capture the consensus of | |||
| what should be done for IPv6 nodes with respect to Mobile IPv6. | what should be done for IPv6 nodes with respect to Mobile IPv6. | |||
| Mobile Node functionality MAY be supported. | 7.1 Mobile IP | |||
| Route Optimization functionality SHOULD be supported for hosts. | Mobile IPv6 [MIPv6] specification defines requirements for the | |||
| Route Optimization is not required for routers. | following types of nodes: | |||
| Home Agent functionality is MAY be supported. | - mobile nodes | |||
| - correspondent nodes with support for route optimization | ||||
| - home agents | ||||
| - all IPv6 routers | ||||
| Hosts MAY support mobile node functionality. | ||||
| Hosts SHOULD support route optimization requirements for | ||||
| correspondent nodes. Routers do not need to support route | ||||
| optimization. | ||||
| Routers MAY support home agent functionality. | ||||
| Routers SHOULD support the requirements set for all IPv6 routers. | ||||
| 7.2 Securing Signaling between Mobile Nodes and Home Agents | ||||
| The security mechanisms described in [MIPv6-HASEC] MUST be supported | ||||
| by nodes implementing mobile node or home agent functionality | ||||
| specified in Mobile IP [MIPv6]. | ||||
| 7.3 Generic Packet Tunneling in IPv6 Specification - RFC2473 | ||||
| Generic Packet Tunneling [RFC-2473] MUST be suppored for nodes | ||||
| implementing mobile node functionality or Home Agent functionality of | ||||
| Mobile IP [MIPv6]. | ||||
| 8. Security | 8. Security | |||
| This section describes the specification of IPsec for the IPv6 node. | This section describes the specification of IPsec for the IPv6 node. | |||
| Other issues that IPsec cannot resolve are described in the security | Other issues that IPsec cannot resolve are described in the security | |||
| considerations. | considerations. | |||
| 8.1 Basic Architecture | 8.1 Basic Architecture | |||
| Security Architecture for the Internet Protocol [RFC-2401] MUST be | Security Architecture for the Internet Protocol [RFC-2401] MUST be | |||
| supported. IPsec transport mode MUST be supported. IPsec tunnel mode | supported. | |||
| MUST be supoorted. | ||||
| Applying single security association of ESP [RFC-2406] to a packet is | ||||
| MUST, although RFC-2401 defines four types of combination of security | ||||
| associations that must be supported by compliant IPsec hosts. | ||||
| Applying single security association of AH is MUST be supported, if | ||||
| AH [RFC-2402] is implemented. | ||||
| The following packet type MUST be supported if AH is combined with | ||||
| ESP: IP|AH|ESP|ULP. | ||||
| The summary of Basic Combinations of Security Associations in section | ||||
| 4.5 of RFC-2401 is: | ||||
| case 1-2 MUST be supported. | ||||
| case 1-1 and 1-3 MUST be supported if AH is implemented. | ||||
| case 1-4, 1-5, 2-5 and 4 MUST be supported if IPsec tunnel mode is | ||||
| implemented. | ||||
| case 2-4 is MUST be supported if IPsec tunnel mode and AH is | ||||
| implemented. | ||||
| case 3 is not applicable to this document. | ||||
| 8.2 Security Protocols | 8.2 Security Protocols | |||
| ESP [RFC-2406] MUST be supported. | ESP [RFC-2406] MUST be supported. AH [RFC-2402] MUST be supported. | |||
| AH [RFC-2402] MUST be supported. AH is needed if there is data in IP | 8.3 Transforms and Algorithms | |||
| header to be protected, for example, an extension header. | ||||
| However, in practice, ESP can provide the same security services as | Current IPsec RFCs specify the support of certain transforms and | |||
| AH as well as confidentiality, thus there is no real need for AH. | algorithms, NULL encryption, DES-CBC, HMAC-SHA-1-96, and HMAC-MD5-96. | |||
| The requirements for these are discussed first, and then additional | ||||
| algorithms 3DES-CBC, AES-128-CBC, and HMAC-SHA-256-96 are discussed. | ||||
| 8.3 Transforms and Algorithms | NULL encryption algorithm [RFC-2410] MUST be supported for providing | |||
| integrity service and also for debugging use. The "ESP DES-CBC Cipher | ||||
| Algorithm With Explicit IV" [RFC-2405] MUST be supported. Security | ||||
| issues related to the use of DES are discussed in [DESDIFF], | ||||
| [DESINT], [DESCRACK]. It is currently viewed as an inherently weak | ||||
| algorithm, and no longer fulfills its intended role. It is still | ||||
| required by the existing IPsec RFCs, however. This document | ||||
| recommends the use of ESP DES-CBC only where interoperability is | ||||
| required with old implementations supporting DES-CBC. | ||||
| The ESP DES-CBC Cipher Algorithm With Explicit IV [RFC-2405] is MUST | The NULL authentication algorithm [RFC-2406] MUST be supported within | |||
| be supported if interoperability is required with old implementations | ESP. The use of HMAC-SHA-1-96 within AH and ESP, described in [RFC- | |||
| supported DES-CBC. Note, however, the IPsec WG recommends not using | 2404] MUST be supported. The Use of HMAC-MD5-96 within AH and ESP, | |||
| this algorithm. 3DES-CBC is SHOULD be supported, so that ESP CBC-Mode | described in [RFC-2403] MUST be supported. An implementer MUST refer | |||
| Cipher Algorithms [RFC-2451] MUST be supported. Note that the IPsec | to Keyed-Hashing for Message Authentication [RFC-2104]. | |||
| WG also recommends not using this algorithm. | ||||
| AES-128-CBC [ipsec-ciph-aes-cbc] is MUST be supported. NULL | 3DES-CBC does not suffer from the issues related to DES-CBC. 3DES-CBC | |||
| Encryption algorithm [RFC-2410] MUST be supported for providing | and ESP CBC-Mode Cipher Algorithms [RFC2451] MAY be supported. AES- | |||
| integrity service and also for debugging use. | 128-CBC [ipsec-ciph-aes-cbc] MUST be supported, as it is expected to | |||
| be a widely available, secure algorithm that is required for | ||||
| interoperability. It is not required by the current IPsec RFCs, | ||||
| however. | ||||
| The use of HMAC-SHA-1-96 within ESP, described in [RFC-2404] MUST be | The "HMAC-SHA-256-96 Algorithm and Its Use With IPsec" [ipsec-ciph- | |||
| supported. This MUST be used if AH is implemented. The Use of HMAC- | sha-256] MAY be supported. | |||
| MD5-96 within ESP, described in [RFC-2403] MUST be supported. This | ||||
| MUST be used if AH is implemented. The "HMAC-SHA-256-96 Algorithm and | ||||
| Its Use With IPsec" [ipsec-ciph-sha-256] MUST be supported, but it is | ||||
| being discussed in the IPsec WG. An implementer MUST refer to Keyed- | ||||
| Hashing for Message Authentication [RFC-2104]. | ||||
| 8.4 Key Management Methods | 8.4 Key Management Methods | |||
| Manual keying MUST be supported | Manual keying MUST be supported | |||
| IKE [RFC-2407] [RFC-2408] [RFC-2409] MAY be supported for unicast | ||||
| Automated SA and Key Management SHOULD be supported for the use of | traffic. Where key refresh, anti-replay features of AH and ESP, or | |||
| the anti-replay features of AH and ESP, and to accommodate on-demand | on-demand creation of SAs is required, automated keying MUST be | |||
| creation of SAs, session-oriented keying. | supported. Note that the IPsec WG is working on the successor to IKE | |||
| [SOI]. Key management methods for multicast traffic are also being | ||||
| IKE [RFC-2407, RFC-2408, RFC-2409] MAY be supported for unicast | worked on by the MSEC WG. | |||
| traffic. Note that the IPsec WG is working on the successor to IKE | ||||
| [SOI]. | ||||
| 9. Router Functionality | 9. Router Functionality | |||
| This section defines general considerations for IPv6 nodes that act | This section defines general considerations for IPv6 nodes that act | |||
| as routers. It is for future study if this document, or a separate | as routers. It is for future study if this document, or a separate | |||
| document is needed to fully define IPv6 router requirements. | document is needed to fully define IPv6 router requirements. | |||
| Currently, this section does not discuss routing protocols. | Currently, this section does not discuss routing protocols. | |||
| 9.1 General | 9.1 General | |||
| 9.1.1 RFC2711 - IPv6 Router Alert Option | 9.1.1 IPv6 Router Alert Option - RFC2711 | |||
| The Router Alert Option [RFC-2711] is MUST be supported by nodes that | The Router Alert Option [RFC-2711] MUST be supported by nodes that | |||
| perform packet forwarding at the IP layer (i.e. - the node is a | perform packet forwarding at the IP layer (i.e. - the node is a | |||
| router). | router). | |||
| 9.1.2 RFC2461 - Neighbor Discovery for IPv6 | 9.1.2 Neighbor Discovery for IPv6 - RFC2461 | |||
| Sending Router Advertisements and processing Router Solicitation MUST | Sending Router Advertisements and processing Router Solicitation MUST | |||
| be supported. | be supported. | |||
| 10. Network Management | 10. Network Management | |||
| Network Management, MAY be supported by IPv6 nodes. However, for | Network Management, MAY be supported by IPv6 nodes. However, for | |||
| IPv6 nodes that are embedded devices, network management may be the | IPv6 nodes that are embedded devices, network management may be the | |||
| only possibility to control these hosts. | only possibility to control these hosts. | |||
| 10.1 MIBs | 10.1 MIBs | |||
| In a general sense, MIBs are required by the nodes that support a | In a general sense, MIBs SHOULD be supported by nodes that support a | |||
| SNMP agent. It should be also noted that these specifications are | SNMP agent. | |||
| being updated. | ||||
| 10.1.1 RFC2452 - IPv6 Management Information Base for the Transmission | ||||
| Control Protocol | ||||
| TBA | ||||
| 10.1.2 RFC2454 - IPv6 Management Information Base for the User Datagram | ||||
| Protocol | ||||
| TBA | ||||
| 10.1.3 RFC2465 - Management Information Base for IP Version 6: Textual | ||||
| Conventions and General Group | ||||
| TBA | ||||
| 10.1.4 RFC2466 - Management Information Base for IP Version 6: ICMPv6 | ||||
| Group | ||||
| TBA | ||||
| 10.1.5 RFC2851 - Textual Conventions for Internet Network Addresses | 10.1.1 IP Forwarding Table MIB | |||
| TBA | Support for this MIB does not imply that IPv4 or IPv4 specific | |||
| portions of this MIB be supported. | ||||
| 10.1.6 RFC3019 - IP Version 6 Management Information Base for the | 10.1.2 Management Information Base for the Internet Protocol (IP) | |||
| Multicast Listener Discovery Protocol | ||||
| TBA | Support for this MIB does not imply that IPv4 or IPv4 specific | |||
| portions of this MIB be supported. | ||||
| 11. Security Considerations | 11. Security Considerations | |||
| This draft does not affect the security of the Internet, but | This draft does not affect the security of the Internet, but | |||
| implementations of IPv6 are expected to support a minimum set of | implementations of IPv6 are expected to support a minimum set of | |||
| security features to ensure security on the Internet. "IP Security | security features to ensure security on the Internet. "IP Security | |||
| Document Roadmap" [RFC-2411] is important for everyone to read. | Document Roadmap" [RFC-2411] is important for everyone to read. | |||
| The security considerations in RFC2401 describes, | The security considerations in RFC2460 describes the following: | |||
| The security features of IPv6 are described in the Security | The security features of IPv6 are described in the Security | |||
| Architecture for the Internet Protocol [RFC-2401]. | Architecture for the Internet Protocol [RFC-2401]. | |||
| IPsec cannot cover all of security requirement for IPv6 node. For | For example, specific protocol documents and applications may require | |||
| example, IPsec cannot protect the node from some kinds of DoS attack. | the use of additional security mechanisms. | |||
| The node may need a mechanism of IPv6 packet filtering functionality, | ||||
| and also may need a mechanism of rate limitation. | ||||
| The use of ICMPv6 without IPsec can expose the nodes in question to | The use of ICMPv6 without IPsec can expose the nodes in question to | |||
| various kind of attacks including Denial-of-Service, Impersonation, | various kind of attacks including Denial-of-Service, Impersonation, | |||
| Man-in-the-Middle, and others. Note that only manually keyed IPsec | Man-in-the-Middle, and others. Note that only manually keyed IPsec | |||
| can protect some of the ICMPv6 messages that are related to | can protect some of the ICMPv6 messages that are related to | |||
| establishing communications. This is due to chick en-and-egg problems | establishing communications. This is due to chick en-and-egg problems | |||
| on running automated key management protocols on top of IP. However, | on running automated key management protocols on top of IP. However, | |||
| manually keyed IPsec may require a large number of SAs in order to | manually keyed IPsec may require a large number of SAs in order to | |||
| run on a large network due to the use of many addresses during ICMPv6 | run on a large network due to the use of many addresses during ICMPv6 | |||
| Neighbor Discovery. | Neighbor Discovery. | |||
| The use of wide-area multicast communications has an increased risk | ||||
| from specific security threats, compared with the same threats in | ||||
| unicast [MC-THREAT]. | ||||
| An implementer should also consider the analysis of anycast | An implementer should also consider the analysis of anycast | |||
| [ANYCAST]. | [ANYCAST]. | |||
| 12. References | 12. References | |||
| 12.1 Normative | 12.1 Normative | |||
| [ADDRARCHv3] Hinden, R. and Deering, S. "IP Version 6 Addressing | [ADDRARCHv3] Hinden, R. and Deering, S. "IP Version 6 Addressing | |||
| Architecture", Work in progress. | Architecture", Work in progress. | |||
| [DEFADDR] Draves, R., "Default Address Selection for IPv6", Work in | [DEFADDR] Draves, R., "Default Address Selection for IPv6", Work | |||
| progress. | in progress. | |||
| [DHCPv6] Bound, J. et al., "Dynamic Host Configuration Protocol | [DHCPv6] Bound, J. et al., "Dynamic Host Configuration Protocol | |||
| for IPv6 (DHCPv6)", Work in progress. | for IPv6 (DHCPv6)", Work in progress. | |||
| [MIPv6] Johnson D. and Perkins, C., "Mobility Support in IPv6", | [MIPv6] Johnson D. and Perkins, C., "Mobility Support in | |||
| Work in progress. | IPv6", Work in progress. | |||
| [MLDv2] Vida, R. et al., "Multicast Listener Discovery Version 2 | [MIPv6-HASEC] J. Arkko, V. Devarapalli, F. Dupont, "Using IPsec to | |||
| (MLDv2) for IPv6", Work in Progress. | Protect Mobile IPv6 Signaling betweenMobile Nodes and | |||
| Home Agents", draft-ietf-mobileip-mipv6-ha-ipsec-03 | ||||
| (work in progress), February 2003. | ||||
| [RFC-1035] Mockapetris, P., "Domain names - implementation and specˇ | [MLDv2] Vida, R. et al., "Multicast Listener Discovery Version | |||
| ification", STD 13, RFC 1035, November 1987. | 2 (MLDv2) for IPv6", Work in Progress. | |||
| [RFC-1886] Thomson, S. and Huitema, C., "DNS Extensions to support | [RFC-1035] Mockapetris, P., "Domain names - implementation and | |||
| IP version 6, RFC 1886, December 1995. | specification", STD 13, RFC 1035, November 1987. | |||
| [RFC-1981] McCann, J., Mogul, J. and Deering, S., "Path MTU Discovˇ | [RFC-1886] Thomson, S. et al.and Huitema, C., "DNS Extensions to | |||
| ery for IP version 6", RFC 1981, August 1996. | support IP version 6", RFC 1886, December 1995. | |||
| [RFC-2104] Krawczyk, K., Bellare, M., and Canetti, R., "HMAC: Keyed- | [RFC-1886-BIS] Thomson, S., et al., "DNS Extensions to support IP | |||
| Hashing for Message Authentication", RFC 2104, February | version 6" Work In Progress. | |||
| [RFC-1981] McCann, J., Mogul, J. and Deering, S., "Path MTU | ||||
| Discovery for IP version 6", RFC 1981, August 1996. | ||||
| [RFC-2096-BIS] Wasserman, M. (ed), "IP Forwarding Table MIB", Work in | ||||
| Progress. | ||||
| [RFC-2011-BIS] Routhier, S (ed), "Management Information Base for the | ||||
| Internet Protocol (IP)", Work in progress. | ||||
| [RFC-2104] Krawczyk, K., Bellare, M., and Canetti, R., "HMAC: | ||||
| Keyed-Hashing for Message Authentication", RFC 2104, | ||||
| February 1997. | ||||
| [RFC-2119] Bradner, S., "Key words for use in RFCs to | ||||
| Indicate Requirement Levels", BCP 14, RFC 2119, March | ||||
| 1997. | 1997. | |||
| [RFC-2373] Hinden, R. and Deering, S., "IP Version 6 Addressing | [RFC-2373] Hinden, R. and Deering, S., "IP Version 6 Addressing | |||
| Architecture", RFC 2373, July 1998. | Architecture", RFC 2373, July 1998. | |||
| [RFC-2401] Kent, S. and Atkinson, R., "Security Architecture for the | [RFC-2401] Kent, S. and Atkinson, R., "Security Architecture for | |||
| Internet Protocol", RFC 2401, November 1998. | the Internet Protocol", RFC 2401, November 1998. | |||
| [RFC-2402] Kent, S. and Atkinson, R., "IP Authentication Header", | [RFC-2402] Kent, S. and Atkinson, R., "IP Authentication | |||
| RFC 2402, November 1998. | Header", RFC 2402, November 1998. | |||
| [RFC-2403] Madson, C., and Glenn, R., "The Use of HMAC-MD5 within | [RFC-2403] Madson, C., and Glenn, R., "The Use of HMAC-MD5 within | |||
| ESP and AH", RFC 2403, November 1998. | ESP and AH", RFC 2403, November 1998. | |||
| [RFC-2404] Madson, C., and Glenn, R., "The Use of HMAC-SHA-1 within | [RFC-2404] Madson, C., and Glenn, R., "The Use of HMAC-SHA-1 | |||
| ESP and AH", RFC 2404, November 1998. | within ESP and AH", RFC 2404, November 1998. | |||
| [RFC-2405] Madson, C. and Doraswamy, N., "The ESP DES-CBC Cipher | [RFC-2405] Madson, C. and Doraswamy, N., "The ESP DES-CBC Cipher | |||
| Algorithm With Explicit IV", RFC 2405, November 1998. | Algorithm With Explicit IV", RFC 2405, November 1998. | |||
| [RFC-2406] Kent, S. and Atkinson, R., "IP Encapsulating Security | [RFC-2406] Kent, S. and Atkinson, R., "IP Encapsulating Security | |||
| Protocol (ESP)", RFC 2406, November 1998. | Protocol (ESP)", RFC 2406, November 1998. | |||
| [RFC-2407] Piper, D., "The Internet IP Security Domain of Interpreˇ | [RFC-2407] Piper, D., "The Internet IP Security Domain of | |||
| tation for ISAKMP", RFC 2407, November 1998. | Interpretation for ISAKMP", RFC 2407, November 1998. | |||
| [RFC-2408] Maughan, D., Schertler, M., Schneider, M., and Turner, | [RFC-2408] Maughan, D., Schertler, M., Schneider, M., and Turner, | |||
| J., "Internet Security Association and Key Management | J., "Internet Security Association and Key Management | |||
| Protocol (ISAKMP)", RFC 2408, November 1998. | Protocol (ISAKMP)", RFC 2408, November 1998. | |||
| [RFC-2409] Harkins, D., and Carrel, D., "The Internet Key Exchange | [RFC-2409] Harkins, D., and Carrel, D., "The Internet Key | |||
| (IKE)", RFC 2409, November 1998. | Exchange (IKE)", RFC 2409, November 1998. | |||
| [RFC-2410] Glenn, R. and Kent, S., "The NULL Encryption Algorithm | [RFC-2410] Glenn, R. and Kent, S., "The NULL Encryption Algorithm | |||
| and Its Use With IPsec", RFC 2410, November 1998 | and Its Use With IPsec", RFC 2410, November 1998 | |||
| [RFC-2451] Pereira, R. and Adams, R., "The ESP CBC-Mode Cipher Algoˇ | [RFC-2451] Pereira, R. and Adams, R., "The ESP CBC-Mode Cipher | |||
| rithms", RFC 2451, November 1998 | Algorithms", RFC 2451, November 1998 | |||
| [RFC-2460] Deering, S. and Hinden, R., "Internet Protocol, Version 6 | [RFC-2460] Deering, S. and Hinden, R., "Internet Protocol, Ver- | |||
| (IPv6) Specification", RFC 2460, December 1998. | sion 6 (IPv6) Specification", RFC 2460, December 1998. | |||
| [RFC-2461] Narten, T., Nordmark, E. and Simpson, W., "Neighbor Disˇ | [RFC-2461] Narten, T., Nordmark, E. and Simpson, W., "Neighbor | |||
| covery for IP Version 6 (IPv6)", RFC 2461, December 1998. | Discovery for IP Version 6 (IPv6)", RFC 2461, December | |||
| 1998. | ||||
| [RFC-2462] Thomson, S. and Narten, T., "IPv6 Stateless Address Autoˇ | [RFC-2462] Thomson, S. and Narten, T., "IPv6 Stateless Address | |||
| configuration", RFC 2462. | Autoconfiguration", RFC 2462. | |||
| [RFC-2463] Conta, A. and Deering, S., "ICMP for the Internet Protoˇ | [RFC-2463] Conta, A. and Deering, S., "ICMP for the Internet Pro- | |||
| col Version 6 (IPv6)", RFC 2463, December 1998. | tocol Version 6 (IPv6)", RFC 2463, December 1998. | |||
| [RFC-2472] Haskin, D. and Allen, E., "IP version 6 over PPP", RFC | [RFC-2472] Haskin, D. and Allen, E., "IP version 6 over PPP", RFC | |||
| 2472, December 1998. | 2472, December 1998. | |||
| [RFC-2473] Conta, A. and Deering, S., "Generic Packet Tunneling in | [RFC-2473] Conta, A. and Deering, S., "Generic Packet Tunneling | |||
| IPv6 Specification", RFC 2473, December 1998. | in IPv6 Specification", RFC 2473, December 1998. | |||
| [RFC-2710] Deering, S., Fenner, W. and Haberman, B., "Multicast Lisˇ | [RFC-2710] Deering, S., Fenner, W. and Haberman, B., "Multicast | |||
| tener Discovery (MLD) for IPv6", RFC 2710, October 1999. | Listener Discovery (MLD) for IPv6", RFC 2710, October | |||
| 1999. | ||||
| [RFC-2711] Partridge, C. and Jackson, A., "IPv6 Router Alert | [RFC-2711] Partridge, C. and Jackson, A., "IPv6 Router Alert | |||
| Option", RFC 2711, October 1999. | Option", RFC 2711, October 1999. | |||
| [RFC-3041] Narten, T. and Draves, R., "Privacy Extensions for | ||||
| Stateless Address Autoconfiguration in IPv6", RFC | ||||
| 3041, January 2001. | ||||
| [RFC-3152] Bush, R., "Delegation of IP6.ARPA", RFC 3152, August | ||||
| 2001. | ||||
| [RFC-3363] Bush, R., et al., "Representing Internet Protocol ver- | ||||
| sion 6 (IPv6) Addresses in the Domain Name System | ||||
| (DNS)", RFC 3363, August 2002. | ||||
| 12.2 Non-Normative | 12.2 Non-Normative | |||
| [ANYCAST] Hagino, J and Ettikan K., "An Analysis of IPv6 Anycast" | [ANYCAST] Hagino, J and Ettikan K., "An Analysis of IPv6 Anycast" | |||
| Work in Progress. | Work in Progress. | |||
| [DESDIFF] Biham, E., Shamir, A., "Differential Cryptanalysis of | ||||
| DES-like cryptosystems", Journal of Cryptology Vol 4, Jan | ||||
| 1991 | ||||
| [DESCRACK] Cracking DES, O'Reilly & Associates, Sebastapol, CA 2000. | ||||
| [DESINT] Bellovin, S., "An Issue With DES-CBC When Used Without | ||||
| Strong Integrity", Proceedings of the 32nd IETF, Danvers, | ||||
| MA, April 1995. | ||||
| [MC-THREAT] Ballardie A. and Crowcroft, J.; Multicast-Specific Secu- | ||||
| rity Threats and Counter-Measures; In Proceedings "Sympo- | ||||
| sium on Network and Distributed System Security", Febru- | ||||
| ary 1995, pp.2-16. | ||||
| [SOI] C. Madson, "Son-of-IKE Requirements", Work in Progress. | [SOI] C. Madson, "Son-of-IKE Requirements", Work in Progress. | |||
| [RFC-793] Postel, J., "Transmission Control Protocol", RFC 793, | [RFC-793] Postel, J., "Transmission Control Protocol", RFC 793, | |||
| August 1980. | August 1980. | |||
| [RFC-1034] Mockapetris, P., "Domain names - concepts and faciliˇ | [RFC-1034] Mockapetris, P., "Domain names - concepts and facili- | |||
| ties", RFC 1034, November 1987. | ties", RFC 1034, November 1987. | |||
| [RFC-2147] Borman, D., "TCP and UDP over IPv6 Jumbograms", RFC 2147, | [RFC-2147] Borman, D., "TCP and UDP over IPv6 Jumbograms", RFC 2147, | |||
| May 1997. | May 1997. | |||
| [RFC-2452] M. Daniele, "IPv6 Management Information Base for the | ||||
| Transmission Control Protocol", RFC2452, December 1998. | ||||
| [RFC-2454] M. Daniele, "IPv6 Management Information Base for the | ||||
| User Datagram Protocol, RFC2454", December 1998. | ||||
| [RFC-2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet | [RFC-2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet | |||
| Networks", RFC 2462, December 1998. | Networks", RFC 2462, December 1998. | |||
| [RFC-2465] D. Haskin, S. Onishi, "Management Information Base for IP | ||||
| Version 6: Textual Conventions and General Group", | ||||
| RFC2465, December 1998. | ||||
| [RFC-2466] D. Haskin, S. Onishi, "Management Information Base for IP | ||||
| Version 6: ICMPv6 Group", RFC2466, December 1998. | ||||
| [RFC-2470] M. Crawford, T. Narten, S. Thomas, "A Method for the | ||||
| Tranmission of IPv6 Packets over Token Ring Networks", | ||||
| RFC2470, December 1998. | ||||
| [RFC-2491] G. Armitage, P. Schulter, M. Jork, G. Harter, "IPv6 over | ||||
| Non-Broadcast Multiple Access (NBMA) networks", RFC2491, | ||||
| January 1999. | ||||
| [RFC-2492] G. Armitage, M. Jork, P. Schulter, G. Harter, IPv6 over | [RFC-2492] G. Armitage, M. Jork, P. Schulter, G. Harter, IPv6 over | |||
| ATM Networks", RFC2492, January 1999. | ATM Networks", RFC2492, January 1999. | |||
| [RFC-2497] I. Souvatzis, "A Method for the Transmission of IPv6 | [RFC-2675] Borman, D., Deering, S. and Hinden, B., "IPv6 Jumbo- | |||
| Packets over ARCnet Networks", RFC2497, January 1999. | ||||
| [RFC-2529] Carpenter, B. and Jung, C., "Transmission of IPv6 over | ||||
| IPv4 Domains without Explicit Tunnels", RFC 2529, March | ||||
| 1999. | ||||
| [RFC-2590] A. Conta, A. Malis, M. Mueller, "Transmission of IPv6 | ||||
| Packets over Frame Relay Networks Specification", RFC | ||||
| 2590, May 1999. | ||||
| [RFC-2675] Borman, D., Deering, S. and Hinden, B., "IPv6 Jumboˇ | ||||
| grams", RFC 2675, August 1999. | grams", RFC 2675, August 1999. | |||
| [RFC-2732] R. Hinden, B. Carpenter, L. Masinter, "Format for Literal | [RFC-2732] R. Hinden, B. Carpenter, L. Masinter, "Format for Literal | |||
| IPv6 Addresses in URL's", RFC 2732, December 1999. | IPv6 Addresses in URL's", RFC 2732, December 1999. | |||
| [RFC-2851] M. Daniele, B. Haberman, S. Routhier, J. Schoenwaelder, | [RFC-2851] M. Daniele, B. Haberman, S. Routhier, J. Schoenwaelder, | |||
| "Textual Conventions for Internet Network Addresses", | "Textual Conventions for Internet Network Addresses", | |||
| RFC2851, June 2000. | RFC2851, June 2000. | |||
| [RFC-2874] Crawford, M. and Huitema, C., "DNS Extensions to Support | ||||
| IPv6 Address Aggregation and Renumbering", RFC 2874, July | ||||
| 2000. | ||||
| [RFC-2893] Gilligan, R. and Nordmark, E., "Transition Mechanisms for | [RFC-2893] Gilligan, R. and Nordmark, E., "Transition Mechanisms for | |||
| IPv6 Hosts and Routers", RFC 2893, August 2000. | IPv6 Hosts and Routers", RFC 2893, August 2000. | |||
| [RFC-3019] B. Haberman, R. Worzella, "IP Version 6 Management Inforˇ | [RFC-3019] B. Haberman, R. Worzella, "IP Version 6 Management Infor- | |||
| mation Base for the Multicast Listener Discovery Protoˇ | mation Base for the Multicast Listener Discovery Proto- | |||
| col", RFC3019, January 2001. | col", RFC3019, January 2001. | |||
| [RFC-3041] Narten, T. and Draves, R., "Privacy Extensions for Stateˇ | ||||
| less Address Autoconfiguration in IPv6", RFC 3041, Janˇ | ||||
| uary 2001. | ||||
| [IPv6-RH] P. Savola, "Security of IPv6 Routing Header and Home | [IPv6-RH] P. Savola, "Security of IPv6 Routing Header and Home | |||
| Address Options", Work in Progress, March 2002. | Address Options", Work in Progress, March 2002. | |||
| 13. Authors and Acknowledgements | 13. Authors and Acknowledgements | |||
| This document was written by the IPv6 Node Requirements design team: | This document was written by the IPv6 Node Requirements design team: | |||
| Jari Arkko | Jari Arkko | |||
| [jari.arkko@ericsson.com] | [jari.arkko@ericsson.com] | |||
| Marc Blanchet | Marc Blanchet | |||
| [Marc.Blanchet@viagenie.qc.ca] | [marc.blanchet@viagenie.qc.ca] | |||
| Samita Chakrabarti | Samita Chakrabarti | |||
| [Samita.Chakrabarti@eng.sun.com] | [samita.chakrabarti@eng.sun.com] | |||
| Alain Durand | Alain Durand | |||
| [Alain.Durand@Sun.com] | [alain.durand@sun.com] | |||
| Gerard Gastaud | Gerard Gastaud | |||
| [Gerard.Gastaud@alcatel.fr] | [gerard.gastaud@alcatel.fr] | |||
| Jun-ichiro itojun Hagino | Jun-ichiro itojun Hagino | |||
| [itojun@iijlab.net] | [itojun@iijlab.net] | |||
| Atsushi Inoue | Atsushi Inoue | |||
| [inoue@isl.rdc.toshiba.co.jp] | [inoue@isl.rdc.toshiba.co.jp] | |||
| Masahiro Ishiyama | Masahiro Ishiyama | |||
| [masahiro@isl.rdc.toshiba.co.jp] | [masahiro@isl.rdc.toshiba.co.jp] | |||
| John Loughney | John Loughney | |||
| [John.Loughney@Nokia.com] | [john.loughney@nokia.com] | |||
| Okabe Nobuo | Okabe Nobuo | |||
| [nov@tahi.org] | [nov@tahi.org] | |||
| Rajiv Raghunarayan | Rajiv Raghunarayan | |||
| [raraghun@cisco.com] | [raraghun@cisco.com] | |||
| Shoichi Sakane | Shoichi Sakane | |||
| [shouichi.sakane@jp.yokogawa.com ] | [shouichi.sakane@jp.yokogawa.com ] | |||
| Dave Thaler | Dave Thaler | |||
| [dthaler@windows.microsoft.com] | [dthaler@windows.microsoft.com] | |||
| Juha Wiljakka | Juha Wiljakka | |||
| [juha.wiljakka@Nokia.com] | [juha.wiljakka@Nokia.com] | |||
| The authors would like to thank Adam Machalek, Juha Ollila and Pekka Savola for their comments. | The authors would like to thank Ran Atkinson, Jim Bound, Brian Carpenter, Ralph Droms, Christian Huitema, Adam Machalek, Thomas Narten, Juha Ollila and Pekka Savola for their comments. | |||
| 14. Editor's Contact Information | 14. Editor's Contact Information | |||
| Comments or questions regarding this document should be sent to the IPv6 | Comments or questions regarding this document should be sent to the IPv6 | |||
| Working Group mailing list (ipng@sunroof.eng.sun.com) or to: | Working Group mailing list (ipng@sunroof.eng.sun.com) or to: | |||
| John Loughney | John Loughney | |||
| Nokia Research Center | Nokia Research Center | |||
| It„merenkatu 11-13 | It„merenkatu 11-13 | |||
| 00180 Helsinki | 00180 Helsinki | |||
| Finland | Finland | |||
| Phone: +358 50 483 6242 | Phone: +358 50 483 6242 | |||
| Email: John.Loughney@Nokia.com | Email: John.Loughney@Nokia.com | |||
| Appendix A: Change history | Appendix A: Change history | |||
| The following is a list of changes since the previous version. | The following is a list of changes since the previous version. | |||
| - Small updates based upon feedback from the IPv6 mailing list. | - Small updates based upon feedback from the IPv6 mailing list. | |||
| - Refomated chapters. | - Updated information on Stateful Address Autoconfiguration & DHCP. | |||
| - Added Appendix B - List of RFCs. | - Updated MIBs section. | |||
| - Updated Mobile IP section. | ||||
| TBD | - Rewrote Security section. | |||
| Appendix B: Specifications Not Included | Appendix B: Specifications Not Included | |||
| Here is a list of documents considered, but not included in this document. | Here is a list of documents considered, but not included in this document. | |||
| In general, Information documents are not considered to place requirements on | In general, Information documents are not considered to place requirements | |||
| implementations. Experimental documents are just that, experimental, and | on implementations. Experimental documents are just that, experimental, | |||
| cannot place requirements on the general behavior of IPv6 nodes. | and cannot place requirements on the general behavior of IPv6 nodes. | |||
| Upper Protocols | Upper Protocols | |||
| 2428 FTP Extensions For IPv6 And NATs | 2428 FTP Extensions For IPv6 And NATs | |||
| Compression | Compression | |||
| 2507 IP Header Compression | 2507 IP Header Compression | |||
| 2508 Compressing IP/UDP/RTP Headers For Low-Speed Serial Links | 2508 Compressing IP/UDP/RTP Headers For Low-Speed Serial Links | |||
| 2509 IP Header Compression Over PPP | 2509 IP Header Compression Over PPP | |||
| Informational | Informational | |||
| skipping to change at line 923 | skipping to change at page 20, line 37 | |||
| Experimental | Experimental | |||
| 2874 DNS Extensions To Support Ipv6 Address Aggregation | 2874 DNS Extensions To Support Ipv6 Address Aggregation | |||
| 2471 IPv6 Testing Address Allocation. | 2471 IPv6 Testing Address Allocation. | |||
| Other | Other | |||
| 2526 Reserved IPv6 Subnet Anycast | 2526 Reserved IPv6 Subnet Anycast | |||
| 2732 Format For Literal IPv6 Addr In URLs | 2732 Format For Literal IPv6 Addr In URLs | |||
| 2894 Router Renumbering | 2894 Router Renumbering | |||
| 3122 Extensions To IPv6 ND For Inverse Discovery | 3122 Extensions To IPv6 ND For Inverse Discovery | |||
| Appendix C: Notices | ||||
| The IETF takes no position regarding the validity or scope of any | ||||
| intellectual property or other rights that might be claimed to per- | ||||
| tain to the implementation or use of the technology described in this | ||||
| document or the extent to which any license under such rights might | ||||
| or might not be available; neither does it represent that it has made | ||||
| any effort to identify any such rights. Information on the IETF's | ||||
| procedures with respect to rights in standards-track and standards- | ||||
| related documentation can be found in BCP-11. Copies of claims of | ||||
| rights made available for publication and any assurances of licenses | ||||
| to be made available, or the result of an attempt made to obtain a | ||||
| general license or permission for the use of such proprietary rights | ||||
| by implementors or users of this specification can be obtained from | ||||
| the IETF Secretariat. | ||||
| The IETF invites any interested party to bring to its attention any | ||||
| copyrights, patents or patent applications, or other proprietary | ||||
| rights, which may cover technology that may be required to practice | ||||
| this standard. Please address the information to the IETF Executive | ||||
| Director. | ||||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||