draft-ietf-ipv6-node-requirements-03.txt   draft-ietf-ipv6-node-requirements-04.txt 
IPv6 Working Group John Loughney (ed) IPv6 Working Group John Loughney (ed)
Internet-Draft Nokia Internet-Draft Nokia
March 3, 2003 June 27, 2003
Expires: September 3, 2003 Expires: December 27, 2003
IPv6 Node Requirements IPv6 Node Requirements
draft-ietf-ipv6-node-requirements-03.txt draft-ietf-ipv6-node-requirements-04.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 2, line 5 skipping to change at page 2, line 5
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract Abstract
This document defines requirements for IPv6 nodes. It is expected This document defines requirements for IPv6 nodes. It is expected
that IPv6 will be deployed in a wide range of devices and situations. that IPv6 will be deployed in a wide range of devices and situations.
Specifying the requirements for IPv6 nodes allows IPv6 to function Specifying the requirements for IPv6 nodes allows IPv6 to function
well and interoperate in a large number of situations and well and interoperate in a large number of situations and
deployments. deployments.
Internet-Draft
Table of Contents Table of Contents
1. Introduction 1. Introduction
1.1 Scope of this Document 1.1 Scope of this Document
1.2 Description of IPv6 Nodes & Conformance Groups 1.2 Description of IPv6 Nodes & Conformance Groups
2. Abbreviations Used in This Document 2. Abbreviations Used in This Document
3. Sub-IP Layer 3. Sub-IP Layer
3.1 RFC2464 - Transmission of IPv6 Packets over Ethernet Networks 3.1 RFC2464 - Transmission of IPv6 Packets over Ethernet Networks
3.2 RFC2472 - IP version 6 over PPP 3.2 RFC2472 - IP version 6 over PPP
3.3 RFC2492 - IPv6 over ATM Networks 3.3 RFC2492 - IPv6 over ATM Networks
skipping to change at page 2, line 46 skipping to change at page 2, line 48
9. Router Functionality 9. Router Functionality
9.1 General 9.1 General
10. Network Management 10. Network Management
10.1 MIBs 10.1 MIBs
11. Security Considerations 11. Security Considerations
12. References 12. References
12.1 Normative 12.1 Normative
12.2 Non-Normative 12.2 Non-Normative
13. Authors and Acknowledgements 13. Authors and Acknowledgements
14. Editor's Address 14. Editor's Address
Appendix A: Change history Notices
Appendix B: Specifications Not Included
Appendix C: Notices Internet-Draft
1. Introduction 1. Introduction
The goal of this document is to define the set of functionality The goal of this document is to define the set of functionality
required for an IPv6 node. Many IPv6 nodes will implement optional required for an IPv6 node. Many IPv6 nodes will implement optional
or additional features, but all IPv6 nodes can be expected to or additional features, but all IPv6 nodes can be expected to
implement the mandatory requirements listed in this document. implement the mandatory requirements listed in this document.
This document tries to avoid discussion of protocol details, and This document tries to avoid discussion of protocol details, and
references RFCs for this purpose. In case of any conflicting text, references RFCs for this purpose. In case of any conflicting text,
skipping to change at page 4, line 4 skipping to change at page 4, line 4
IPv6 covers many specifications. It is intended that IPv6 will be IPv6 covers many specifications. It is intended that IPv6 will be
deployed in many different situations and environments. Therefore, deployed in many different situations and environments. Therefore,
it is important to develop the requirements for IPv6 nodes, in order it is important to develop the requirements for IPv6 nodes, in order
to ensure interoperability. to ensure interoperability.
This document assumes that all IPv6 nodes meet the minimum This document assumes that all IPv6 nodes meet the minimum
requirements specified here. requirements specified here.
1.2 Description of IPv6 Nodes 1.2 Description of IPv6 Nodes
Internet-Draft
From Internet Protocol, Version 6 (IPv6) Specification [RFC-2460] we From Internet Protocol, Version 6 (IPv6) Specification [RFC-2460] we
have the following definitions: have the following definitions:
Description of an IPv6 Node Description of an IPv6 Node
- a device that implements IPv6 - a device that implements IPv6
Description of an IPv6 router Description of an IPv6 router
- a node that forwards IPv6 packets not explicitly addressed to - a node that forwards IPv6 packets not explicitly addressed to
skipping to change at page 5, line 4 skipping to change at page 5, line 4
NBMA Non-Broadcast Multiple Access NBMA Non-Broadcast Multiple Access
ND Neighbor Discovery ND Neighbor Discovery
NS Neighbor Solicitation NS Neighbor Solicitation
NUD Neighbor Unreachability Detection NUD Neighbor Unreachability Detection
PPP Point-to-Point Protocol PPP Point-to-Point Protocol
Internet-Draft
PVC Permanent Virtual Circuit PVC Permanent Virtual Circuit
SVC Switched Virtual Circuit SVC Switched Virtual Circuit
ULP Upper Layer Protocol ULP Upper Layer Protocol
3. Sub-IP Layer 3. Sub-IP Layer
An IPv6 node must follow the RFC related to the link-layer that is An IPv6 node must follow the RFC related to the link-layer that is
sending packet. By definition, these specifications are required sending packet. By definition, these specifications are required
skipping to change at page 6, line 4 skipping to change at page 6, line 4
The Internet Protocol Version 6 is specified in [RFC-2460]. This The Internet Protocol Version 6 is specified in [RFC-2460]. This
specification MUST be supported. specification MUST be supported.
Unrecognized options in Hop-by-Hop Options or Destination Options Unrecognized options in Hop-by-Hop Options or Destination Options
extensions MUST be processed as described in RFC 2460. extensions MUST be processed as described in RFC 2460.
The node MUST follow the packet transmission rules in RFC 2460. The node MUST follow the packet transmission rules in RFC 2460.
Nodes MUST always be able to receive fragment headers. However, if it Nodes MUST always be able to receive fragment headers. However, if it
Internet-Draft
does not implement path MTU discovery it may not need to send does not implement path MTU discovery it may not need to send
fragment headers. However, nodes that do not implement transmission fragment headers. However, nodes that do not implement transmission
of fragment headers need to impose limitation to payload size of of fragment headers need to impose limitation to payload size of
layer 4 protocols. layer 4 protocols.
The capability of being a final destination MUST be supported, The capability of being a final destination MUST be supported,
whereas the capability of being an intermediate destination MAY be whereas the capability of being an intermediate destination MAY be
supported (i.e. - host functionality vs. router functionality). supported (i.e. - host functionality vs. router functionality).
RFC 2460 specifies extension headers and the processing for these RFC 2460 specifies extension headers and the processing for these
skipping to change at page 7, line 4 skipping to change at page 7, line 4
Some detailed analysis of Neighbor discovery follows: Some detailed analysis of Neighbor discovery follows:
Router Discovery is how hosts locate routers that reside on an Router Discovery is how hosts locate routers that reside on an
attached link. Router Discovery MUST be supported for attached link. Router Discovery MUST be supported for
implementations. However, an implementation MAY support disabling implementations. However, an implementation MAY support disabling
this function. this function.
Prefix Discovery is how hosts discover the set of address prefixes Prefix Discovery is how hosts discover the set of address prefixes
that define which destinations are on-link for an attached link. that define which destinations are on-link for an attached link.
Prefix discovery MUST be supported for implementations. However, the Prefix discovery MUST be supported for implementations. However, the
Internet-Draft
implementation MAY support the option of disabling this function. implementation MAY support the option of disabling this function.
Neighbor Unreachability Detection (NUD) MUST be supported for all Neighbor Unreachability Detection (NUD) MUST be supported for all
paths between hosts and neighboring nodes. It is not required for paths between hosts and neighboring nodes. It is not required for
paths between routers. It is required for multicast. However, when a paths between routers. It is required for multicast. However, when a
node receives a unicast Neighbor Solicitation (NS) message (that may node receives a unicast Neighbor Solicitation (NS) message (that may
be a NUD's NS), the node MUST respond to it (i.e. send a unicast be a NUD's NS), the node MUST respond to it (i.e. send a unicast
Neighbor Advertisement). Neighbor Advertisement).
Duplicate Address Detection MUST be supported (RFC2462 section 5.4 Duplicate Address Detection MUST be supported (RFC2462 section 5.4
skipping to change at page 8, line 4 skipping to change at page 8, line 4
The IPv6 specification [RFC-2460] states in chapter 5 that "a minimal The IPv6 specification [RFC-2460] states in chapter 5 that "a minimal
IPv6 implementation (e.g., in a boot ROM) may simply restrict itself IPv6 implementation (e.g., in a boot ROM) may simply restrict itself
to sending packets no larger than 1280 octets, and omit to sending packets no larger than 1280 octets, and omit
implementation of Path MTU Discovery." implementation of Path MTU Discovery."
If Path MTU Discovery is not implemented then the sending packet size If Path MTU Discovery is not implemented then the sending packet size
is limited to 1280 octets (standard limit in [RFC-2460]). However, if is limited to 1280 octets (standard limit in [RFC-2460]). However, if
this is done, the host MUST be able to receive packets with size up this is done, the host MUST be able to receive packets with size up
to the link MTU before reassembly. This is because the node at the to the link MTU before reassembly. This is because the node at the
Internet-Draft
other side of the link has no way of knowing less than the MTU is other side of the link has no way of knowing less than the MTU is
accepted. accepted.
4.3.2 IPv6 Jumbograms - RFC2675 4.3.2 IPv6 Jumbograms - RFC2675
IPv6 Jumbograms [RFC2675] MAY be supported. IPv6 Jumbograms [RFC2675] MAY be supported.
4.4 ICMP for the Internet Protocol Version 6 (IPv6) - RFC2463 4.4 ICMP for the Internet Protocol Version 6 (IPv6) - RFC2463
ICMPv6 [RFC-2463] MUST be supported. ICMPv6 [RFC-2463] MUST be supported.
skipping to change at page 9, line 4 skipping to change at page 9, line 4
described in this document on all addresses prior to assigning described in this document on all addresses prior to assigning
them to an interface. them to an interface.
Duplicate Address Detection (DAD) MUST be supported. Duplicate Address Detection (DAD) MUST be supported.
4.5.3 Privacy Extensions for Address Configuration in IPv6 - RFC3041 4.5.3 Privacy Extensions for Address Configuration in IPv6 - RFC3041
Privacy Extensions for Stateless Address Autoconfiguration [RFC-3041] Privacy Extensions for Stateless Address Autoconfiguration [RFC-3041]
SHOULD be supported. It is recommended that this behavior be SHOULD be supported. It is recommended that this behavior be
configurable on a connection basis within each application when configurable on a connection basis within each application when
Internet-Draft
available. It is noted that a number of applications do not work available. It is noted that a number of applications do not work
with addresses generated with this method, while other applications with addresses generated with this method, while other applications
work quite well with them. work quite well with them.
4.5.4 Default Address Selection for IPv6 4.5.4 Default Address Selection for IPv6
Default Address Selection for IPv6 [DEFADDR] SHOULD be supported, if Default Address Selection for IPv6 [DEFADDR] SHOULD be supported, if
a node has more than one IPv6 address per interface or a node has a node has more than one IPv6 address per interface or a node has
more that one IPv6 interface (physical or logical) configured. more that one IPv6 interface (physical or logical) configured.
If supported, the rules specified in the document MUST be If supported, the rules specified in the document MUST be
implemented. A node needs to belong to one site, however there is no implemented. A node needs to belong to one site, however there is no
requirement that a node be able to belong to more than one site. requirement that a node be able to belong to more than one site.
This draft has been approved as a proposed standard. This draft has been approved as a proposed standard.
4.5.5 Stateful Address Autoconfiguration 4.5.5 Stateful Address Autoconfiguration
Stateful Address Autoconfiguration MAY be supported. DHCP [DHCPv6] Stateful Address Autoconfiguration MAY be supported. DHCP [DHCPv6] is
is the standard stateful address configuration protocol. See section the standard stateful address configuration protocol, see section 5.3
5.3 for details on DHCP. for DHCPv6 support.
For nodes which do not support Stateful Address Autoconfiguration,
the node may be unable to obtain any IPv6 addresses aside from link-
local addresses when it receives a router advertisement with the 'M'
flag (Managed address configuration) set and which contains no
prefixes advertised for Stateless Address Autoconfiguration (see
section 4.5.2).
4.6 Multicast Listener Discovery (MLD) for IPv6 - RFC2710 4.6 Multicast Listener Discovery (MLD) for IPv6 - RFC2710
Multicast Listener Discovery [RFC-2710] MUST be supported by nodes Multicast Listener Discovery [RFC-2710] MUST be supported by nodes
supporting multicast applications. A primary IPv6 multicast supporting multicast applications. A primary IPv6 multicast
application is Neighbor Discovery (all those solicited-node mcast application is Neighbor Discovery (all those solicited-node mcast
addresses must be joined). addresses must be joined).
When MLDv2 [MLDv2] has been completed, it SHOULD take precedence over When MLDv2 [MLDv2] has been completed, it SHOULD take precedence over
MLD. MLD.
skipping to change at page 9, line 46 skipping to change at page 10, line 5
5. Transport Layer and DNS 5. Transport Layer and DNS
5.1 Transport Layer 5.1 Transport Layer
5.1.1 TCP and UDP over IPv6 Jumbograms - RFC2147 5.1.1 TCP and UDP over IPv6 Jumbograms - RFC2147
This specification MUST be supported if jumbograms are implemented This specification MUST be supported if jumbograms are implemented
[RFC-2675]. One open issue is if this document needs to be updated, [RFC-2675]. One open issue is if this document needs to be updated,
as it refers to an obsoleted document. as it refers to an obsoleted document.
Internet-Draft
5.2 DNS 5.2 DNS
DNS, as described in [RFC-1034], [RFC-1035], [RFC-1886], [RFC-3152] DNS, as described in [RFC-1034], [RFC-1035], [RFC-1886], [RFC-3152]
and [RFC-3363] MAY be supported. Not all nodes will need to resolve and [RFC-3363] MAY be supported. Not all nodes will need to resolve
addresses. Note that RFC 1886 is currently being updated [RFC-1886- addresses. Note that RFC 1886 is currently being updated [RFC-1886-
BIS]. BIS].
5.2.2 Format for Literal IPv6 Addresses in URL's - RFC2732 5.2.2 Format for Literal IPv6 Addresses in URL's - RFC2732
RFC 2732 MUST be supported if applications on the node use URL's. RFC 2732 MUST be supported if applications on the node use URL's.
5.3 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) 5.3 Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
5.3.1 Managed Address Configuration
An IPv6 node that does not include an implementation of DHCP will be An IPv6 node that does not include an implementation of DHCP will be
unable to obtain any IPv6 addresses aside from link-local addresses unable to obtain any IPv6 addresses aside from link-local addresses
when it is connected to a link over which it receives a router when it is connected to a link over which it receives a router
advertisement with the 'M' flag (Managed address configuration) set advertisement with the 'M' flag (Managed address configuration) set
and which contains no prefixes advertised for Stateless Address and which contains no prefixes advertised for Stateless Address
Autoconfiguration (see section 4.5.2). An IPv6 node that receives a Autoconfiguration (see section 4.5.2). An IPv6 node that receives a
router advertisement with the 'M' flag set and that contains router advertisement with the 'M' flag set and that contains
advertised prefixes will configure interfaces with both stateless advertised prefixes will configure interfaces with both stateless
autoconfiguration addresses and addresses obtained through DHCP. autoconfiguration addresses and addresses obtained through DHCP.
For those IPv6 Nodes that implement DHCP, those nodes MUST use DHCP For those IPv6 Nodes that implement DHCP, those nodes MUST use DHCP
upon the receipt of a Router Advertisement with the 'M' flag set (see upon the receipt of a Router Advertisement with the 'M' flag set (see
section 5.5.3 of RFC2462). In addition, in the absence of a router, section 5.5.3 of RFC2462). In addition, in the absence of a router,
IPv6 Nodes that implement DHCP MUST attempt to use DHCP. IPv6 Nodes that implement DHCP MUST attempt to use DHCP.
For IPv6 Nodes that do not implement DHCP, the 'M' flag of a Router
Advertisement can be ignored. Furthermore, in the absence of a
router, this type of node is not required to initiate DHCP.
An IPv6 node that does not include an implementation of DHCP will be An IPv6 node that does not include an implementation of DHCP will be
unable to dynamically obtain any IPv6 addresses aside from link-local unable to dynamically obtain any IPv6 addresses aside from link-local
addresses when it is connected to a link over which it receives a addresses when it is connected to a link over which it receives a
router advertisement with the 'M' flag (Managed address router advertisement with the 'M' flag (Managed address
configuration) set and which contains no prefixes advertised for configuration) set and which contains no prefixes advertised for
Stateless Address Autoconfiguration (see section 4.5.2). In this Stateless Address Autoconfiguration (see section 4.5.2). In this
situation, the IPv6 Node will be unable to communicate with other situation, the IPv6 Node will be unable to communicate with other
off-link nodes unless a global or site-local IPv6 address is manually off-link nodes unless a global or site-local IPv6 address is manually
configured. configured.
5.3.2 Other stateful configuration
DHCP provides the ability to provide other configuration information
to the node. An IPv6 node that does not include an implementation of
DHCP will be unable to obtain other configuration information such as
the addresses of DNS servers when it is connected to a link over
which the node receives a router advertisement in which the 'O' flag
("Other stateful configuration") is set.
Internet-Draft
For those IPv6 Nodes that implement DHCP, those nodes MUST use DHCP
upon the receipt of a Router Advertisement with the 'O' flag set (see
section 5.5.3 of RFC2462). In addition, in the absence of a router,
hosts that implement DHCP MUST attempt to use DHCP. For IPv6 Nodes
that do not implement DHCP, the 'O' flag of a Router Advertisement
can be ignored. Furthermore, in the absence of a router, this type
of node is not required to initiate DHCP.
6. IPv4 Support and Transition 6. IPv4 Support and Transition
IPv6 nodes MAY support IPv4. IPv6 nodes MAY support IPv4.
6.1 Transition Mechanisms 6.1 Transition Mechanisms
IPv6 nodes SHOULD use native address instead of transition-based IPv6 nodes SHOULD use native address instead of transition-based
addressing. addressing.
6.1.1 Transition Mechanisms for IPv6 Hosts and Routers - RFC2893 6.1.1 Transition Mechanisms for IPv6 Hosts and Routers - RFC2893
If an IPv6 node implement dual stack and/or tunneling, then RFC2893 If an IPv6 node implement dual stack and/or tunneling, then RFC2893
MUST be supported. MUST be supported.
This document is currently being updated. This document is currently being updated.
7. Mobility 7. Mobility
Currently, the MIPv6 specification [MIPv6] is nearing completion.
Mobile IPv6 places some requirements on IPv6 nodes. This document is
not meant to prescribe behaviors, but to capture the consensus of
what should be done for IPv6 nodes with respect to Mobile IPv6.
7.1 Mobile IP 7.1 Mobile IP
Mobile IPv6 [MIPv6] specification defines requirements for the Mobile IPv6 [MIPv6] specification defines requirements for the
following types of nodes: following types of nodes:
- mobile nodes - mobile nodes
- correspondent nodes with support for route optimization - correspondent nodes with support for route optimization
- home agents - home agents
- all IPv6 routers - all IPv6 routers
Hosts MAY support mobile node functionality. Hosts MAY support mobile node functionality.
Hosts SHOULD support route optimization requirements for Hosts SHOULD support route optimization requirements for
correspondent nodes. Routers do not need to support route correspondent nodes. Routers do not need to support route
optimization. optimization.
Routers MAY support home agent functionality. Routers SHOULD support mobile IP requirements.
Routers SHOULD support the requirements set for all IPv6 routers.
7.2 Securing Signaling between Mobile Nodes and Home Agents 7.2 Securing Signaling between Mobile Nodes and Home Agents
The security mechanisms described in [MIPv6-HASEC] MUST be supported The security mechanisms described in [MIPv6-HASEC] MUST be supported
by nodes implementing mobile node or home agent functionality by nodes implementing mobile node or home agent functionality
Internet-Draft
specified in Mobile IP [MIPv6]. specified in Mobile IP [MIPv6].
7.3 Generic Packet Tunneling in IPv6 Specification - RFC2473 7.3 Generic Packet Tunneling in IPv6 Specification - RFC2473
Generic Packet Tunneling [RFC-2473] MUST be suppored for nodes Generic Packet Tunneling [RFC-2473] MUST be suppored for nodes
implementing mobile node functionality or Home Agent functionality of implementing mobile node functionality or Home Agent functionality of
Mobile IP [MIPv6]. Mobile IP [MIPv6].
8. Security 8. Security
skipping to change at page 12, line 23 skipping to change at page 12, line 38
ESP [RFC-2406] MUST be supported. AH [RFC-2402] MUST be supported. ESP [RFC-2406] MUST be supported. AH [RFC-2402] MUST be supported.
8.3 Transforms and Algorithms 8.3 Transforms and Algorithms
Current IPsec RFCs specify the support of certain transforms and Current IPsec RFCs specify the support of certain transforms and
algorithms, NULL encryption, DES-CBC, HMAC-SHA-1-96, and HMAC-MD5-96. algorithms, NULL encryption, DES-CBC, HMAC-SHA-1-96, and HMAC-MD5-96.
The requirements for these are discussed first, and then additional The requirements for these are discussed first, and then additional
algorithms 3DES-CBC, AES-128-CBC, and HMAC-SHA-256-96 are discussed. algorithms 3DES-CBC, AES-128-CBC, and HMAC-SHA-256-96 are discussed.
NULL encryption algorithm [RFC-2410] MUST be supported for providing NULL encryption algorithm [RFC-2410] MUST be supported for providing
integrity service and also for debugging use. The "ESP DES-CBC Cipher integrity service and also for debugging use.
Algorithm With Explicit IV" [RFC-2405] MUST be supported. Security
issues related to the use of DES are discussed in [DESDIFF], The "ESP DES-CBC Cipher Algorithm With Explicit IV" [RFC-2405] SHOULD
[DESINT], [DESCRACK]. It is currently viewed as an inherently weak NOT be supported. Security issues related to the use of DES are
algorithm, and no longer fulfills its intended role. It is still discussed in [DESDIFF], [DESINT], [DESCRACK]. It is still listed as
required by the existing IPsec RFCs, however. This document required by the existing IPsec RFCs, but as it is currently viewed as
recommends the use of ESP DES-CBC only where interoperability is an inherently weak algorithm, and no longer fulfills its intended
required with old implementations supporting DES-CBC. role.
The NULL authentication algorithm [RFC-2406] MUST be supported within The NULL authentication algorithm [RFC-2406] MUST be supported within
ESP. The use of HMAC-SHA-1-96 within AH and ESP, described in [RFC- ESP. The use of HMAC-SHA-1-96 within AH and ESP, described in [RFC-
2404] MUST be supported. The Use of HMAC-MD5-96 within AH and ESP, 2404] MUST be supported. The Use of HMAC-MD5-96 within AH and ESP,
described in [RFC-2403] MUST be supported. An implementer MUST refer described in [RFC-2403] MUST be supported. An implementer MUST refer
to Keyed-Hashing for Message Authentication [RFC-2104]. to Keyed-Hashing for Message Authentication [RFC-2104].
3DES-CBC does not suffer from the issues related to DES-CBC. 3DES-CBC 3DES-CBC does not suffer from the issues related to DES-CBC. 3DES-CBC
and ESP CBC-Mode Cipher Algorithms [RFC2451] MAY be supported. AES- and ESP CBC-Mode Cipher Algorithms [RFC2451] MAY be supported. AES-
Internet-Draft
128-CBC [ipsec-ciph-aes-cbc] MUST be supported, as it is expected to 128-CBC [ipsec-ciph-aes-cbc] MUST be supported, as it is expected to
be a widely available, secure algorithm that is required for be a widely available, secure algorithm that is required for
interoperability. It is not required by the current IPsec RFCs, interoperability. It is not required by the current IPsec RFCs,
however. however.
The "HMAC-SHA-256-96 Algorithm and Its Use With IPsec" [ipsec-ciph- The "HMAC-SHA-256-96 Algorithm and Its Use With IPsec" [ipsec-ciph-
sha-256] MAY be supported. sha-256] MAY be supported.
8.4 Key Management Methods 8.4 Key Management Methods
skipping to change at page 13, line 39 skipping to change at page 14, line 5
be supported. be supported.
10. Network Management 10. Network Management
Network Management, MAY be supported by IPv6 nodes. However, for Network Management, MAY be supported by IPv6 nodes. However, for
IPv6 nodes that are embedded devices, network management may be the IPv6 nodes that are embedded devices, network management may be the
only possibility to control these hosts. only possibility to control these hosts.
10.1 MIBs 10.1 MIBs
Internet-Draft
In a general sense, MIBs SHOULD be supported by nodes that support a In a general sense, MIBs SHOULD be supported by nodes that support a
SNMP agent. SNMP agent.
10.1.1 IP Forwarding Table MIB 10.1.1 IP Forwarding Table MIB
Support for this MIB does not imply that IPv4 or IPv4 specific Support for this MIB does not imply that IPv4 or IPv4 specific
portions of this MIB be supported. portions of this MIB be supported.
10.1.2 Management Information Base for the Internet Protocol (IP) 10.1.2 Management Information Base for the Internet Protocol (IP)
skipping to change at page 14, line 41 skipping to change at page 15, line 5
from specific security threats, compared with the same threats in from specific security threats, compared with the same threats in
unicast [MC-THREAT]. unicast [MC-THREAT].
An implementer should also consider the analysis of anycast An implementer should also consider the analysis of anycast
[ANYCAST]. [ANYCAST].
12. References 12. References
12.1 Normative 12.1 Normative
Internet-Draft
[ADDRARCHv3] Hinden, R. and Deering, S. "IP Version 6 Addressing [ADDRARCHv3] Hinden, R. and Deering, S. "IP Version 6 Addressing
Architecture", Work in progress. Architecture", RFC 3513, April 2003.
[DEFADDR] Draves, R., "Default Address Selection for IPv6", Work [DEFADDR] Draves, R., "Default Address Selection for IPv6", RFC
in progress. 3484, February 2003.
[DHCPv6] Bound, J. et al., "Dynamic Host Configuration Protocol [DHCPv6] Bound, J. et al., "Dynamic Host Configuration Protocol
for IPv6 (DHCPv6)", Work in progress. for IPv6 (DHCPv6)", Work in progress.
[MIPv6] Johnson D. and Perkins, C., "Mobility Support in [MIPv6] Johnson D. and Perkins, C., "Mobility Support in
IPv6", Work in progress. IPv6", Work in progress.
[MIPv6-HASEC] J. Arkko, V. Devarapalli, F. Dupont, "Using IPsec to [MIPv6-HASEC] J. Arkko, V. Devarapalli, F. Dupont, "Using IPsec to
Protect Mobile IPv6 Signaling betweenMobile Nodes and Protect Mobile IPv6 Signaling betweenMobile Nodes and
Home Agents", draft-ietf-mobileip-mipv6-ha-ipsec-03 Home Agents", Work in Progress.
(work in progress), February 2003.
[MLDv2] Vida, R. et al., "Multicast Listener Discovery Version [MLDv2] Vida, R. et al., "Multicast Listener Discovery Version
2 (MLDv2) for IPv6", Work in Progress. 2 (MLDv2) for IPv6", Work in Progress.
[RFC-1035] Mockapetris, P., "Domain names - implementation and [RFC-1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987. specification", STD 13, RFC 1035, November 1987.
[RFC-1886] Thomson, S. et al.and Huitema, C., "DNS Extensions to [RFC-1886] Thomson, S. et al.and Huitema, C., "DNS Extensions to
support IP version 6", RFC 1886, December 1995. support IP version 6", RFC 1886, December 1995.
skipping to change at page 15, line 43 skipping to change at page 16, line 5
Keyed-Hashing for Message Authentication", RFC 2104, Keyed-Hashing for Message Authentication", RFC 2104,
February 1997. February 1997.
[RFC-2119] Bradner, S., "Key words for use in RFCs to [RFC-2119] Bradner, S., "Key words for use in RFCs to
Indicate Requirement Levels", BCP 14, RFC 2119, March Indicate Requirement Levels", BCP 14, RFC 2119, March
1997. 1997.
[RFC-2373] Hinden, R. and Deering, S., "IP Version 6 Addressing [RFC-2373] Hinden, R. and Deering, S., "IP Version 6 Addressing
Architecture", RFC 2373, July 1998. Architecture", RFC 2373, July 1998.
Internet-Draft
[RFC-2401] Kent, S. and Atkinson, R., "Security Architecture for [RFC-2401] Kent, S. and Atkinson, R., "Security Architecture for
the Internet Protocol", RFC 2401, November 1998. the Internet Protocol", RFC 2401, November 1998.
[RFC-2402] Kent, S. and Atkinson, R., "IP Authentication [RFC-2402] Kent, S. and Atkinson, R., "IP Authentication
Header", RFC 2402, November 1998. Header", RFC 2402, November 1998.
[RFC-2403] Madson, C., and Glenn, R., "The Use of HMAC-MD5 within [RFC-2403] Madson, C., and Glenn, R., "The Use of HMAC-MD5 within
ESP and AH", RFC 2403, November 1998. ESP and AH", RFC 2403, November 1998.
[RFC-2404] Madson, C., and Glenn, R., "The Use of HMAC-SHA-1 [RFC-2404] Madson, C., and Glenn, R., "The Use of HMAC-SHA-1
skipping to change at page 16, line 25 skipping to change at page 16, line 36
Interpretation for ISAKMP", RFC 2407, November 1998. Interpretation for ISAKMP", RFC 2407, November 1998.
[RFC-2408] Maughan, D., Schertler, M., Schneider, M., and Turner, [RFC-2408] Maughan, D., Schertler, M., Schneider, M., and Turner,
J., "Internet Security Association and Key Management J., "Internet Security Association and Key Management
Protocol (ISAKMP)", RFC 2408, November 1998. Protocol (ISAKMP)", RFC 2408, November 1998.
[RFC-2409] Harkins, D., and Carrel, D., "The Internet Key [RFC-2409] Harkins, D., and Carrel, D., "The Internet Key
Exchange (IKE)", RFC 2409, November 1998. Exchange (IKE)", RFC 2409, November 1998.
[RFC-2410] Glenn, R. and Kent, S., "The NULL Encryption Algorithm [RFC-2410] Glenn, R. and Kent, S., "The NULL Encryption Algorithm
and Its Use With IPsec", RFC 2410, November 1998 and Its Use With IPsec", RFC 2410, November 1998.
[RFC-2451] Pereira, R. and Adams, R., "The ESP CBC-Mode Cipher [RFC-2451] Pereira, R. and Adams, R., "The ESP CBC-Mode Cipher
Algorithms", RFC 2451, November 1998 Algorithms", RFC 2451, November 1998.
[RFC-2460] Deering, S. and Hinden, R., "Internet Protocol, Ver- [RFC-2460] Deering, S. and Hinden, R., "Internet Protocol, Ver-
sion 6 (IPv6) Specification", RFC 2460, December 1998. sion 6 (IPv6) Specification", RFC 2460, December 1998.
[RFC-2461] Narten, T., Nordmark, E. and Simpson, W., "Neighbor [RFC-2461] Narten, T., Nordmark, E. and Simpson, W., "Neighbor
Discovery for IP Version 6 (IPv6)", RFC 2461, December Discovery for IP Version 6 (IPv6)", RFC 2461, December
1998. 1998.
[RFC-2462] Thomson, S. and Narten, T., "IPv6 Stateless Address [RFC-2462] Thomson, S. and Narten, T., "IPv6 Stateless Address
Autoconfiguration", RFC 2462. Autoconfiguration", RFC 2462.
[RFC-2463] Conta, A. and Deering, S., "ICMP for the Internet Pro- [RFC-2463] Conta, A. and Deering, S., "ICMP for the Internet Pro-
tocol Version 6 (IPv6)", RFC 2463, December 1998. tocol Version 6 (IPv6)", RFC 2463, December 1998.
[RFC-2472] Haskin, D. and Allen, E., "IP version 6 over PPP", RFC [RFC-2472] Haskin, D. and Allen, E., "IP version 6 over PPP", RFC
Internet-Draft
2472, December 1998. 2472, December 1998.
[RFC-2473] Conta, A. and Deering, S., "Generic Packet Tunneling [RFC-2473] Conta, A. and Deering, S., "Generic Packet Tunneling
in IPv6 Specification", RFC 2473, December 1998. in IPv6 Specification", RFC 2473, December 1998.
[RFC-2710] Deering, S., Fenner, W. and Haberman, B., "Multicast [RFC-2710] Deering, S., Fenner, W. and Haberman, B., "Multicast
Listener Discovery (MLD) for IPv6", RFC 2710, October Listener Discovery (MLD) for IPv6", RFC 2710, October
1999. 1999.
[RFC-2711] Partridge, C. and Jackson, A., "IPv6 Router Alert [RFC-2711] Partridge, C. and Jackson, A., "IPv6 Router Alert
skipping to change at page 17, line 26 skipping to change at page 17, line 37
sion 6 (IPv6) Addresses in the Domain Name System sion 6 (IPv6) Addresses in the Domain Name System
(DNS)", RFC 3363, August 2002. (DNS)", RFC 3363, August 2002.
12.2 Non-Normative 12.2 Non-Normative
[ANYCAST] Hagino, J and Ettikan K., "An Analysis of IPv6 Anycast" [ANYCAST] Hagino, J and Ettikan K., "An Analysis of IPv6 Anycast"
Work in Progress. Work in Progress.
[DESDIFF] Biham, E., Shamir, A., "Differential Cryptanalysis of [DESDIFF] Biham, E., Shamir, A., "Differential Cryptanalysis of
DES-like cryptosystems", Journal of Cryptology Vol 4, Jan DES-like cryptosystems", Journal of Cryptology Vol 4, Jan
1991 1991.
[DESCRACK] Cracking DES, O'Reilly & Associates, Sebastapol, CA 2000. [DESCRACK] Cracking DES, O'Reilly & Associates, Sebastapol, CA 2000.
[DESINT] Bellovin, S., "An Issue With DES-CBC When Used Without [DESINT] Bellovin, S., "An Issue With DES-CBC When Used Without
Strong Integrity", Proceedings of the 32nd IETF, Danvers, Strong Integrity", Proceedings of the 32nd IETF, Danvers,
MA, April 1995. MA, April 1995.
[MC-THREAT] Ballardie A. and Crowcroft, J.; Multicast-Specific Secu- [MC-THREAT] Ballardie A. and Crowcroft, J.; Multicast-Specific Secu-
rity Threats and Counter-Measures; In Proceedings "Sympo- rity Threats and Counter-Measures; In Proceedings "Sympo-
sium on Network and Distributed System Security", Febru- sium on Network and Distributed System Security", Febru-
ary 1995, pp.2-16. ary 1995, pp.2-16.
[SOI] C. Madson, "Son-of-IKE Requirements", Work in Progress. [SOI] C. Madson, "Son-of-IKE Requirements", Work in Progress.
[RFC-793] Postel, J., "Transmission Control Protocol", RFC 793, [RFC-793] Postel, J., "Transmission Control Protocol", RFC 793,
August 1980. August 1980.
Internet-Draft
[RFC-1034] Mockapetris, P., "Domain names - concepts and facili- [RFC-1034] Mockapetris, P., "Domain names - concepts and facili-
ties", RFC 1034, November 1987. ties", RFC 1034, November 1987.
[RFC-2147] Borman, D., "TCP and UDP over IPv6 Jumbograms", RFC 2147, [RFC-2147] Borman, D., "TCP and UDP over IPv6 Jumbograms", RFC 2147,
May 1997. May 1997.
[RFC-2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet [RFC-2464] Crawford, M., "Transmission of IPv6 Packets over Ethernet
Networks", RFC 2462, December 1998. Networks", RFC 2462, December 1998.
[RFC-2492] G. Armitage, M. Jork, P. Schulter, G. Harter, IPv6 over [RFC-2492] G. Armitage, M. Jork, P. Schulter, G. Harter, IPv6 over
skipping to change at page 18, line 44 skipping to change at page 19, line 5
Marc Blanchet Marc Blanchet
[marc.blanchet@viagenie.qc.ca] [marc.blanchet@viagenie.qc.ca]
Samita Chakrabarti Samita Chakrabarti
[samita.chakrabarti@eng.sun.com] [samita.chakrabarti@eng.sun.com]
Alain Durand Alain Durand
[alain.durand@sun.com] [alain.durand@sun.com]
Internet-Draft
Gerard Gastaud Gerard Gastaud
[gerard.gastaud@alcatel.fr] [gerard.gastaud@alcatel.fr]
Jun-ichiro itojun Hagino Jun-ichiro itojun Hagino
[itojun@iijlab.net] [itojun@iijlab.net]
Atsushi Inoue Atsushi Inoue
[inoue@isl.rdc.toshiba.co.jp] [inoue@isl.rdc.toshiba.co.jp]
Masahiro Ishiyama Masahiro Ishiyama
[masahiro@isl.rdc.toshiba.co.jp] [masahiro@isl.rdc.toshiba.co.jp]
John Loughney John Loughney
[john.loughney@nokia.com] [john.loughney@nokia.com]
Okabe Nobuo Okabe Nobuo
[nov@tahi.org] [nov@tahi.org]
Rajiv Raghunarayan Rajiv Raghunarayan
skipping to change at page 19, line 25 skipping to change at page 19, line 37
Shoichi Sakane Shoichi Sakane
[shouichi.sakane@jp.yokogawa.com] [shouichi.sakane@jp.yokogawa.com]
Dave Thaler Dave Thaler
[dthaler@windows.microsoft.com] [dthaler@windows.microsoft.com]
Juha Wiljakka Juha Wiljakka
[juha.wiljakka@Nokia.com] [juha.wiljakka@Nokia.com]
The authors would like to thank Ran Atkinson, Jim Bound, Brian Carpenter, Ralph Droms, Christian Huitema, Adam Machalek, Thomas Narten, Juha Ollila and Pekka Savola for their comments. The authors would like to thank Ran Atkinson, Jim Bound, Brian Car-
penter, Ralph Droms, Christian Huitema, Adam Machalek, Thomas Narten,
Juha Ollila and Pekka Savola for their comments.
14. Editor's Contact Information 14. Editor's Contact Information
Comments or questions regarding this document should be sent to the IPv6 Comments or questions regarding this document should be sent to the
Working Group mailing list (ipng@sunroof.eng.sun.com) or to: IPv6 Working Group mailing list (ipng@sunroof.eng.sun.com) or to:
John Loughney John Loughney
Nokia Research Center Nokia Research Center
It„merenkatu 11-13 It„merenkatu 11-13
00180 Helsinki 00180 Helsinki
Finland Finland
Phone: +358 50 483 6242 Phone: +358 50 483 6242
Email: John.Loughney@Nokia.com Email: John.Loughney@Nokia.com
Appendix A: Change history Internet-Draft
The following is a list of changes since the previous version.
- Small updates based upon feedback from the IPv6 mailing list.
- Updated information on Stateful Address Autoconfiguration & DHCP.
- Updated MIBs section.
- Updated Mobile IP section.
- Rewrote Security section.
Appendix B: Specifications Not Included
Here is a list of documents considered, but not included in this document.
In general, Information documents are not considered to place requirements
on implementations. Experimental documents are just that, experimental,
and cannot place requirements on the general behavior of IPv6 nodes.
Upper Protocols
2428 FTP Extensions For IPv6 And NATs
Compression
2507 IP Header Compression
2508 Compressing IP/UDP/RTP Headers For Low-Speed Serial Links
2509 IP Header Compression Over PPP
Informational
1752 The Recommendation For The IP Next Generation Protocol API RFCs
1881 IPv6 Address Allocation Management.
1887 An Architecture For Ipv6 Unicast Address Allocation
2104 HMAC: Keyed-Hashing For Message Authentication
2374 An IPv6 Aggregatable Global Unicast Address Format.
2450 Proposed TLA And NLA Assignment Rules.
Experimental
2874 DNS Extensions To Support Ipv6 Address Aggregation
2471 IPv6 Testing Address Allocation.
Other
2526 Reserved IPv6 Subnet Anycast
2732 Format For Literal IPv6 Addr In URLs
2894 Router Renumbering
3122 Extensions To IPv6 ND For Inverse Discovery
Appendix C: Notices Notices
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to per- intellectual property or other rights that might be claimed to per-
tain to the implementation or use of the technology described in this tain to the implementation or use of the technology described in this
document or the extent to which any license under such rights might document or the extent to which any license under such rights might
or might not be available; neither does it represent that it has made or might not be available; neither does it represent that it has made
any effort to identify any such rights. Information on the IETF's any effort to identify any such rights. Information on the IETF's
procedures with respect to rights in standards-track and standards- procedures with respect to rights in standards-track and standards-
related documentation can be found in BCP-11. Copies of claims of related documentation can be found in BCP-11. Copies of claims of
rights made available for publication and any assurances of licenses rights made available for publication and any assurances of licenses
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/