--- 1/draft-ietf-ipv6-prefix-delegation-requirement-03.txt 2006-02-05 00:03:06.000000000 +0100 +++ 2/draft-ietf-ipv6-prefix-delegation-requirement-04.txt 2006-02-05 00:03:06.000000000 +0100 @@ -1,58 +1,58 @@ Network Working Group S. Miyakawa Internet-Draft NTT Communications Corporation -Expires: February 21, 2004 R. Droms +Expires: August 9, 2004 R. Droms Cisco - August 23, 2003 + February 9, 2004 Requirements for IPv6 prefix delegation - draft-ietf-ipv6-prefix-delegation-requirement-03.txt + draft-ietf-ipv6-prefix-delegation-requirement-04.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - The list of current Internet-Drafts can be accessed at - http://www.ietf.org/ietf/1id-abstracts.txt. + The list of current Internet-Drafts can be accessed at http:// + www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on February 21, 2004. + This Internet-Draft will expire on August 9, 2004. Copyright Notice - Copyright (C) The Internet Society (2003). All Rights Reserved. + Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract This document describes requirements for how IPv6 address prefixes should be delegated to an IPv6 subscriber's network (or "site"). 1. Introduction With the deployment of IPv6 [1], several Internet Service Providers are ready to offer IPv6 access to the public. In conjunction with widely deployed "always on" media such as ADSL and the expectation that customers will be assigned a /48 IPv6 unicast address prefix - (see RFC3513 [2] and section 3 of RFC3177 [3]), an efficient + (see RFC3513 [3] and section 3 of RFC3177 [2]), an efficient mechanism for delegating address prefixes to the customers sites is needed. The delegation mechanism will be intended to automate the process of informing the customer's networking equipment of the prefixes to be used at the customer's site. This document clarifies the requirements for IPv6 address prefix delegation from the ISP to the site. 2. Scenario and terminology @@ -86,22 +86,22 @@ 3. Requirements for Prefix Delegation The purpose of the prefix delegation mechanism is to delegate and manage prefixes to the CPE automatically. 3.1 Number and Length of Delegated Prefixes The prefix delegation mechanism should allow for delegation of prefixes of lengths between /48 and /64, inclusively. Other lengths - may be supported. The mechanism should allow for delegation of more - than one prefix to the customer. + should also be supported. The mechanism should allow for delegation + of more than one prefix to the customer. 3.2 Use of Delegated Prefixes in Customer Network The prefix delegation mechanism must not prohibit or inhibit the assignment of longer prefixes, created from the delegated prefixes, to links within the customer network. The prefix delegation mechanism is not required to report any prefix delegations within the customer's network back to the ISP. 3.3 Static and Dynamic Assignment @@ -111,88 +111,100 @@ on-demand dynamic assignment of prefixes to a customer. 3.4 Policy-based Assignment The prefix delegation mechanism should allow for the use of policy in assigning prefixes to a customer. For example, the customer's identity and type of subscribed service may be used to determine the address block from which the customer's prefix is selected, and the length of the prefix assigned to the customer. -3.5 Security and Authentication +3.5 Expression of Requirements or Preferences by the CPE + + The CPE must be able to express requirements or preferences in its + request to the PE. For example, the CPE should be able to express a + preference for a prefix length. + +3.6 Security and Authentication The prefix delegation mechanism must provide for reliable authentication of the identity of the customer to which the prefixes are to be assigned, and must provide for reliable, secure transmission of the delegated prefixes to the customer. -3.6 Accounting + The prefix delegation should provide for reliable authentication of + the identity of the service provider's edge router. - The prefix delegation mechanism must allow for the ISP to provide - accounting information about delegated prefixes. +3.7 Accounting -3.7 Hardware technology Considerations + The prefix delegation mechanism must allow for the ISP to obtain + accounting information about delegated prefixes from the PE. - The prefix delegation mechanism should work on any hardware - technology and should be hardware technology independent. The - mechanism must work on shared links. The mechanism should work with - all hardware technologies either with an authentication mechanism or - without, but ISPs would like to take advantage of the hardware - technology's authentication mechanism if it exists. +3.8 Hardware technology Considerations + + The prefix delegation mechanism should work on any hardware link + technology between the PE and the CPE and should be hardware + technology independent. The mechanism must work on shared links. The + mechanism should work with all hardware technologies either with an + authentication mechanism or without, but ISPs would like to take + advantage of the hardware technology's authentication mechanism if it + exists. 4. IANA Considerations There are no IANA considerations in this document. 5. Security considerations - Section 3.5 specifies security requirements for the prefix delegation + Section 3.6 specifies security requirements for the prefix delegation mechanism. For point to point links, where one trusts that there is no man in the middle, or one trusts layer two authentication, authentication may not be necessary. - A rogue delegating router can issue bogus prefixes to a requesting - router. This may cause denial of service due to unreachability. + A rogue PE can issue bogus prefixes to a requesting router. This may + cause denial of service due to unreachability. - A rogue requesting router (CPE) may be able to mount a denial of - service attack by repeated requests for delegated prefixes that - exhaust the delegating router's available prefixes. + A rogue CPE may be able to mount a denial of service attack by + repeated requests for delegated prefixes that exhaust the PE's + available prefixes. 6. Acknowledgments - The authors would like to express our thanks to Pekka Savola, Dave - Thaler, Micheal Py and other members of the IPv6 working group for - their review and constructive comnents and to the people in the IPv6 - operation group of the Internet Association of Japan and NTT - Communications IPv6 project, especially Toshi Yamasaki and Yasuhiro - Shirasaki for their original discussion and suggestions. + The authors would like to express our thanks to Randy Bush, Thomas + Narten, Micheal Py, Pekka Savola, Dave Thaler, as well as other + members of the IPv6 working group and the IESG for their review and + constructive comnents and to the people in the IPv6 operation group + of the Internet Association of Japan and NTT Communications IPv6 + project, especially Toshi Yamasaki and Yasuhiro Shirasaki for their + original discussion and suggestions. Informative References [1] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. - [2] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6) - Addressing Architecture", RFC 2460, December 1998. - - [3] IAB/IESG, "IAB/IESG Recommendations on IPv6 Address", RFC + [2] IAB and IESG, "IAB/IESG Recommendations on IPv6 Address", RFC 3177, September 2001. + [3] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6) + Addressing Architecture", RFC 3513, April 2003. + Authors' Addresses Shin Miyakawa NTT Communications Corporation Tokyo Japan Phone: +81-3-6800-3262 EMail: miyakawa@nttv6.jp + Ralph Droms Cisco 1414 Massachusetts Avenue Boxborough, MA 01719 USA Phone: +1 978.936.1674 EMail: rdroms@cisco.com Intellectual Property Statement @@ -212,21 +224,21 @@ be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. Full Copyright Statement - Copyright (C) The Internet Society (2003). All Rights Reserved. + Copyright (C) The Internet Society (2004). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of