--- 1/draft-ietf-ipv6-prefix-delegation-requirement-01.txt 2006-02-05 00:03:04.000000000 +0100 +++ 2/draft-ietf-ipv6-prefix-delegation-requirement-02.txt 2006-02-05 00:03:04.000000000 +0100 @@ -1,18 +1,19 @@ + Network Working Group S. Miyakawa Internet-Draft NTT Communications Corporation -Expires: Aug 25, 2003 R. Droms - Cisco Systems - Feb 2003 +Expires: December 28, 2003 R. Droms + Cisco + June 29, 2003 Requirements for IPv6 prefix delegation - draft-ietf-ipv6-prefix-delegation-requirement-01.txt + draft-ietf-ipv6-prefix-delegation-requirement-02.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. @@ -21,170 +22,176 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on Aug 25, 2003. + This Internet-Draft will expire on December 28, 2003. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract This document describes requirements for how IPv6 address prefixes should be delegated to an IPv6 subscriber's network (or "site"). 1. Introduction - With the deployment of IPv6 [2], several Internet Service Providers + With the deployment of IPv6 [1], several Internet Service Providers are ready to offer IPv6 access to the public. In conjunction with - widely deployed "always on" media as ADSL, and the expectation that - customers will be assigned a /48 IPv6 address prefix, an efficient + widely deployed "always on" media such as ADSL and the expectation + that cusomters will be assigned a /48 IPv6 unicast address prefix + (see RFC3513 [2] and section 3 of RFC3177 [3]), an efficient mechanism for delegating address prefixes to the customers sites is needed. The delegation mechanism will be intended to automate the process of informing the customer's networking equipment of the prefixes to be used at the customer's site. This document clarifies the requirements for IPv6 address prefix delegation from the ISP to the site. -2. Requirements - - The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, - SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this document are to be - interpreted as described in RFC2119 [1]. - -3. Scenario and terminology +2. Scenario and terminology The following figure illustrates a likely example for the organization of a network providing subscription IPv6 service: /------\ / \ + | / \ / +---------------+ +--------+/ \------/ |ISP Edge Router|Point-to-point|Customer+ | +--------------+ Router | Customer networks | (PE) | link | (CPE) + +---------------+ +--------+\ /------\ \ / \ + | \ / \------/ - Illustration of ISP-customer network architecture + Figure 1: Illustration of ISP-customer network architecture Terminology: - PE Provider edge device; the device at which the link to the customer - site is terminated + PE: Provider edge device; the device connected to the service + provider's network infrastructure at which the link to the + customer site is terminated - CPE Customer provided equipment; the device at the customer site at + CPE: Customer premises equipment; the device at the customer site at which the link to the ISP is terminated -4. Requirements for Prefix Delegation +3. Requirements for Prefix Delegation - The purpose of the prefix delegation mechanism is to communicate - prefixes to the CPE automatically. + The purpose of the prefix delegation mechanism is to delegate and + manage prefixes to the CPE automatically. -4.1 Number and Length of Delegated Prefixed +3.1 Number and Length of Delegated Prefixes - The prefix delegation mechanism SHOULD allow for delegation of - prefixes of length /48, /64 and other lengths, and SHOULD allow for - delegation of more than one prefix to the customer. + The prefix delegation mechanism should allow for delegation of + prefixes of lengths between /48 and /64, inclusively. Other lengths + may be supported. The mechanism should allow for delegation of more + than one prefix to the customer. -4.2 Use of Delegated Prefixes in Customer Network +3.2 Use of Delegated Prefixes in Customer Network - The prefix delegation mechanism MUST NOT prohibit or inhibit the + The prefix delegation mechanism must not prohibit or inhibit the assignment of longer prefixes, created from the delegated prefixes, to links within the customer network. It is not a requirement that the prefix delegation mechanism provide for the reporting of prefix delegation within the customer network back to the ISP. -4.3 Automated Assignment +3.3 Static and Dynamic Assignment - The prefix delegation mechanism SHOULD allow for long-lived pre- - assignment of one or more prefix(es) to a customer and for - automated, possibly short-lived assignment of a prefix to a customer - on demand. + The prefix delegation mechanism should allow for long-lived static + pre-assignment of prefixes and for automated, possibly short-lived + on-demand dynamic assignment of prefixes to a customer. -4.4 Policy-based Assignment +3.4 Policy-based Assignment - The prefix delegation mechanism SHOULD allow for the use of policy in + The prefix delegation mechanism should allow for the use of policy in assigning prefixes to a customer. For example, the customer's identity and type of subscribed service may be used to determine the address block from which the customer's prefix is selected, and the length of the prefix assigned to the customer. -4.5 Security and Authentication +3.5 Security and Authentication - The prefix delegation mechanism MUST provide for reliable + The prefix delegation mechanism must provide for reliable authentication of the identity of the customer to which the prefixes - are to be assigned, and MUST provide for reliable, secure + are to be assigned, and must provide for reliable, secure transmission of the delegated prefixes to the customer. -4.6 Accounting +3.6 Accounting - The prefix delegation mechanism MUST allow for the ISP to provide + The prefix delegation mechanism must allow for the ISP to provide accounting information about delegated prefixes. -4.7 Layer 2 Considerations +3.7 Hardware technology Considerations - The method SHOULD work on any layer 2 technologies. In other words, - it should be layer 2 technology independent. Though, at the same - time, it should be noted that now ISP would like to have a solution - for Point-to-Point link which has own authentication mechanism first. - PPP link with CHAP authentication is a good example. (Simulated) - Ethernet and IEEE802.11 (wireless LAN) should be covered in near - future, but they have low priority (just) for now. It should be - clarified that the method should work with all L2 protocols either - with authentication mechanism or without, but ISP would like to take - advantage of a L2 protocol's authentication mechanism if it exits. + The prefix delegation mechanism should work on any hardware + technology and should be hardware technology independent. The + mechanism must work on shared links. The mechanism should work with + all hardware technologies either with authentication mechanism or + without, but ISPs would like to take advantage of hardware + technology's authentication mechanism if it exits. -5. IANA Considerations +4. IANA Considerations There are no IANA considerations in this document. -6. Security considerations +5. Security considerations - Section 4.5 specifies security requirements for the prefix delegation - mechanism. + Section 3.5 specifies security requirements for the prefix delegation + mechanism. For point to point links, where one trusts that there is + no man in the middle, or one trusts layer two authentication, + authentication may not be necessary. -References + A rogue delegating router can issue bogus prefixes to a requesting + router. This may cause denial of service due to unreachability. - [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement - Levels", BCP 14, RFC 2119, March 1997. + An intruder requesting router may be able to mount a denial of + service attack by repeated requests for delegated prefixes that + exhaust the delegating router's available prefixes. - [2] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) +Informative References + + [1] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. -Author's Address + [2] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6) + Addressing Architecture", RFC 2460, December 1998. + + [3] IESG, IAB,., "IAB/IESG Recommendations on IPv6 Address", RFC + 3177, September 2001. + +Authors' Addresses Shin Miyakawa Innovative IP Architecture Center, NTT Communications Corporation - Tokyo Opera City Tower 21F, 3-20-2 Nishi-Shinjuku, Shinjuku-ku, Tokyo, + Tokyo Japan + Phone: +81-3-6800-3262 EMail: miyakawa@nttv6.jp - Ralph Droms - Cisco Systems - 300 Apollo Drive - Chelmsford, MA 01886 - Phone: +1-978-497-4733 + Cisco + 1414 Massachusetts Avenue + Boxborough, MA 01719 + USA + + Phone: +1 978.936.1674 EMail: rdroms@cisco.com Full Copyright Statement Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any