| draft-ietf-vrrp-ipv6-spec-04.txt | draft-ietf-vrrp-ipv6-spec-05.txt | |||
|---|---|---|---|---|
| INTERNET-DRAFT R. Hinden/Nokia | INTERNET-DRAFT R. Hinden/Nokia | |||
| May 20, 2003 | June 29, 2003 | |||
| Virtual Router Redundancy Protocol for IPv6 | Virtual Router Redundancy Protocol for IPv6 | |||
| <draft-ietf-vrrp-ipv6-spec-04.txt> | <draft-ietf-vrrp-ipv6-spec-05.txt> | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of [RFC2026]. | all provisions of Section 10 of [RFC2026]. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| To view the list Internet-Draft Shadow Directories, see | To view the list Internet-Draft Shadow Directories, see | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This internet draft expires on November 20, 2003. | This internet draft expires on January 4, 2004. | |||
| Abstract | Abstract | |||
| This memo defines the Virtual Router Redundancy Protocol (VRRP) for | This memo defines the Virtual Router Redundancy Protocol (VRRP) for | |||
| IPv6. It is version three (3) of the protocol. It is based on the | IPv6. It is version three (3) of the protocol. It is based on the | |||
| original version of VRRP (version 2) for IPv4 that is defined in | original version of VRRP (version 2) for IPv4 that is defined in | |||
| RFC2338. | RFC2338. | |||
| VRRP specifies an election protocol that dynamically assigns | VRRP specifies an election protocol that dynamically assigns | |||
| responsibility for a virtual router to one of the VRRP routers on a | responsibility for a virtual router to one of the VRRP routers on a | |||
| skipping to change at page 7, line 4 | skipping to change at page 7, line 4 | |||
| Each VRRP virtual router has a single well-known MAC address | Each VRRP virtual router has a single well-known MAC address | |||
| allocated to it. This document currently only details the mapping to | allocated to it. This document currently only details the mapping to | |||
| networks using the IEEE 802 48-bit MAC address. The virtual router | networks using the IEEE 802 48-bit MAC address. The virtual router | |||
| MAC address is used as the source in all periodic VRRP messages sent | MAC address is used as the source in all periodic VRRP messages sent | |||
| by the Master router to enable bridge learning in an extended LAN. | by the Master router to enable bridge learning in an extended LAN. | |||
| A virtual router is defined by its virtual router identifier (VRID) | A virtual router is defined by its virtual router identifier (VRID) | |||
| and an IPv6 address. A VRRP router may associate a virtual router | and an IPv6 address. A VRRP router may associate a virtual router | |||
| with its real address on an interface, and may also be configured | with its real address on an interface, and may also be configured | |||
| with additional virtual router mappings and priority for virtual | with additional virtual router mappings and priority for virtual | |||
| routers it is willing to backup. The mapping between VRID and it's | routers it is willing to backup. The mapping between VRID and its | |||
| IPv6 address must be coordinated among all VRRP routers on a LAN. | IPv6 address must be coordinated among all VRRP routers on a LAN. | |||
| However, there is no restriction against reusing a VRID with a | However, there is no restriction against reusing a VRID with a | |||
| different address mapping on different LANs. The scope of each | different address mapping on different LANs. The scope of each | |||
| virtual router is restricted to a single LAN. | virtual router is restricted to a single LAN. | |||
| To minimize network traffic, only the Master for each virtual router | To minimize network traffic, only the Master for each virtual router | |||
| sends periodic VRRP Advertisement messages. A Backup router will not | sends periodic VRRP Advertisement messages. A Backup router will not | |||
| attempt to preempt the Master unless it has higher priority. This | attempt to preempt the Master unless it has higher priority. This | |||
| eliminates service disruption unless a more preferred path becomes | eliminates service disruption unless a more preferred path becomes | |||
| available. It's also possible to administratively prohibit all | available. It's also possible to administratively prohibit all | |||
| skipping to change at page 9, line 22 | skipping to change at page 9, line 22 | |||
| hosts. | hosts. | |||
| Note that in this example IPv6 B is not backed up, it is only used by | Note that in this example IPv6 B is not backed up, it is only used by | |||
| Rtr2 as its interface address. In order to backup IPv6 B, a second | Rtr2 as its interface address. In order to backup IPv6 B, a second | |||
| virtual router must be configured. This is shown in the next | virtual router must be configured. This is shown in the next | |||
| section. | section. | |||
| 4.2 Sample Configuration 2 | 4.2 Sample Configuration 2 | |||
| The following figure shows a configuration with two virtual routers | The following figure shows a configuration with two virtual routers | |||
| with the hosts spitting their traffic between them. This example is | with the hosts splitting their traffic between them. This example is | |||
| expected to be common in actual practice. | expected to be common in actual practice. | |||
| +-----------+ +-----------+ | +-----------+ +-----------+ | |||
| | Rtr1 | | Rtr2 | | | Rtr1 | | Rtr2 | | |||
| |(MR VRID=1)| |(BR VRID=1)| | |(MR VRID=1)| |(BR VRID=1)| | |||
| |(BR VRID=2)| |(MR VRID=2)| | |(BR VRID=2)| |(MR VRID=2)| | |||
| VRID=1 +-----------+ +-----------+ VRID=2 | VRID=1 +-----------+ +-----------+ VRID=2 | |||
| IPv6 A -------->* *<---------- IPv6 B | IPv6 A -------->* *<---------- IPv6 B | |||
| | | | | | | |||
| | | | | | | |||
| skipping to change at page 18, line 21 | skipping to change at page 18, line 21 | |||
| - MUST verify that the IPv6 Hop Limit is 255. | - MUST verify that the IPv6 Hop Limit is 255. | |||
| - MUST verify the VRRP version is 3 | - MUST verify the VRRP version is 3 | |||
| - MUST verify that the received packet contains the complete VRRP | - MUST verify that the received packet contains the complete VRRP | |||
| packet (including fixed fields, and IPv6 Address. | packet (including fixed fields, and IPv6 Address. | |||
| - MUST verify the VRRP checksum | - MUST verify the VRRP checksum | |||
| - MUST verify that the VRID is configured on the receiving | - MUST verify that the VRID is configured on the receiving | |||
| interface and the local router is not the IPv6 Address owner | interface and the local router is not the IPv6 Address owner | |||
| (Priority equals 255 (decimal)). | (Priority equals 255 (decimal)). | |||
| If any one of the above checks fails, the receiver MUST discard the | If any one of the above checks fails, the receiver MUST discard the | |||
| packet, SHOULD log the event and MAY indicate via network management | packet, SHOULD log the event and SHOULD indicate via network | |||
| that an error occurred. | management that an error occurred. | |||
| - MAY verify that the IPv6 Address matches the IPv6_Address | - MAY verify that the IPv6 Address matches the IPv6_Address | |||
| configured for the VRID. | configured for the VRID. | |||
| If the above check fails, the receiver SHOULD log the event and MAY | If the above check fails, the receiver SHOULD log the event and | |||
| indicate via network management that a misconfiguration was detected. | SHOULD indicate via network management that a misconfiguration was | |||
| If the packet was not generated by the address owner (Priority does | detected. If the packet was not generated by the address owner | |||
| not equal 255 (decimal)), the receiver MUST drop the packet, | (Priority does not equal 255 (decimal)), the receiver MUST drop the | |||
| otherwise continue processing. | packet, otherwise continue processing. | |||
| - MUST verify that the Adver Interval in the packet is the same as | - MUST verify that the Adver Interval in the packet is the same as | |||
| the locally configured for this virtual router | the locally configured for this virtual router | |||
| If the above check fails, the receiver MUST discard the packet, | If the above check fails, the receiver MUST discard the packet, | |||
| SHOULD log the event and MAY indicate via network management that a | SHOULD log the event and SHOULD indicate via network management that | |||
| misconfiguration was detected. | a misconfiguration was detected. | |||
| 7.2 Transmitting VRRP Packets | 7.2 Transmitting VRRP Packets | |||
| The following operations MUST be performed when transmitting a VRRP | The following operations MUST be performed when transmitting a VRRP | |||
| packet. | packet. | |||
| - Fill in the VRRP packet fields with the appropriate virtual | - Fill in the VRRP packet fields with the appropriate virtual | |||
| router configuration state | router configuration state | |||
| - Compute the VRRP checksum | - Compute the VRRP checksum | |||
| - Set the source MAC address to Virtual Router MAC Address | - Set the source MAC address to Virtual Router MAC Address | |||
| skipping to change at page 19, line 14 | skipping to change at page 19, line 14 | |||
| Note: VRRP packets are transmitted with the virtual router MAC | Note: VRRP packets are transmitted with the virtual router MAC | |||
| address as the source MAC address to ensure that learning bridges | address as the source MAC address to ensure that learning bridges | |||
| correctly determine the LAN segment the virtual router is attached | correctly determine the LAN segment the virtual router is attached | |||
| to. | to. | |||
| 7.3 Virtual Router MAC Address | 7.3 Virtual Router MAC Address | |||
| The virtual router MAC address associated with a virtual router is an | The virtual router MAC address associated with a virtual router is an | |||
| IEEE 802 MAC Address in the following format: | IEEE 802 MAC Address in the following format: | |||
| 00-00-5E-00-01-{VRID} (in hex in internet standard bit-order) | 00-00-5E-00-02-{VRID} (in hex in internet standard bit-order) | |||
| The first three octets are derived from the IANA's OUI. The next two | The first three octets are derived from the IANA's OUI. The next two | |||
| octets (00-01) indicate the address block assigned to the VRRP | octets (00-02) indicate the address block assigned to the VRRP for | |||
| protocol. {VRID} is the VRRP Virtual Router Identifier. This | IPv6 protocol. {VRID} is the VRRP Virtual Router Identifier. This | |||
| mapping provides for up to 255 VRRP routers on a network. | mapping provides for up to 255 VRRP routers on a network. | |||
| 7.4 IPv6 Interface Identifiers | 7.4 IPv6 Interface Identifiers | |||
| IPv6 Routers running VRRP MUST create their Interface Identifiers in | IPv6 Routers running VRRP MUST create their Interface Identifiers in | |||
| the normal manner (e.g., RFC2464 "Transmission of IPv6 Packets over | the normal manner (e.g., RFC2464 "Transmission of IPv6 Packets over | |||
| Ethernet"). They MUST NOT use the Virtual Router MAC address to | Ethernet"). They MUST NOT use the Virtual Router MAC address to | |||
| create the Modified EUI-64 identifiers. | create the Modified EUI-64 identifiers. | |||
| This VRRP specification describes how to advertise and resolve the | This VRRP specification describes how to advertise and resolve the | |||
| VRRP routers IPv6 link local address into the Virtual Router MAC | VRRP routers IPv6 link local address into the Virtual Router MAC | |||
| address. | address. | |||
| 8. Operational Issues | 8. Operational Issues | |||
| 8.1 ICMPv6 Redirects | 8.1 ICMPv6 Redirects | |||
| ICMPv6 Redirects may be used normally when VRRP is running between a | ICMPv6 Redirects may be used normally when VRRP is running between a | |||
| group of routers [ICMPv6]. This allows VRRP to be used in | group of routers [ICMPv6]. This allows VRRP to be used in | |||
| environments where the topology is not symmetric. | environments where the topology is not symmetric (e.g., the VRRP | |||
| routers do not connect to the same destinations). | ||||
| The IPv6 source address of an ICMPv6 redirect should be the address | The IPv6 source address of an ICMPv6 redirect should be the address | |||
| the end host used when making its next hop routing decision. If a | the end host used when making its next hop routing decision. If a | |||
| VRRP router is acting as Master for virtual router(s) containing | VRRP router is acting as Master for virtual router(s) containing | |||
| addresses it does not own, then it must determine which virtual | addresses it does not own, then it must determine which virtual | |||
| router the packet was sent to when selecting the redirect source | router the packet was sent to when selecting the redirect source | |||
| address. One method to deduce the virtual router used is to examine | address. One method to deduce the virtual router used is to examine | |||
| the destination MAC address in the packet that triggered the | the destination MAC address in the packet that triggered the | |||
| redirect. | redirect. | |||
| It may be useful to disable Redirects for specific cases where VRRP | ||||
| is being used to load share traffic between a number of routers in a | ||||
| symmetric topology. | ||||
| 8.2 ND Neighbor Solicitation | 8.2 ND Neighbor Solicitation | |||
| When a host sends an ND Neighbor Solicitation message for the virtual | When a host sends an ND Neighbor Solicitation message for the virtual | |||
| router IPv6 address, the Master virtual router MUST respond to the ND | router IPv6 address, the Master virtual router MUST respond to the ND | |||
| Neighbor Solicitation message with the virtual MAC address for the | Neighbor Solicitation message with the virtual MAC address for the | |||
| virtual router. The Master virtual router MUST NOT respond with its | virtual router. The Master virtual router MUST NOT respond with its | |||
| physical MAC address. This allows the client to always use the same | physical MAC address. This allows the client to always use the same | |||
| MAC address regardless of the current Master router. | MAC address regardless of the current Master router. | |||
| When a Master virtual routers sends an ND Neighbor Solicitation | When a Master virtual router sends an ND Neighbor Solicitation | |||
| message for a hosts IPv6 address, the Master virtual router MUST | message for a host's IPv6 address, the Master virtual router MUST | |||
| include the virtual MAC address for the virtual router if it sends a | include the virtual MAC address for the virtual router if it sends a | |||
| source link-layer address option in the neighbor solicitation | source link-layer address option in the neighbor solicitation | |||
| message. It MUST NOT use its physical MAC address in the source | message. It MUST NOT use its physical MAC address in the source | |||
| link-layer address option. | link-layer address option. | |||
| When a VRRP router restarts or boots, it SHOULD not send any ND | When a VRRP router restarts or boots, it SHOULD not send any ND | |||
| messages with its physical MAC address for the IPv6 address it owns, | messages with its physical MAC address for the IPv6 address it owns, | |||
| it should only send ND messages that include Virtual MAC addresses. | it should only send ND messages that include Virtual MAC addresses. | |||
| This may entail: | This may entail: | |||
| skipping to change at page 24, line 42 | skipping to change at page 24, line 36 | |||
| information in the VRRP messages that must be kept secret from other | information in the VRRP messages that must be kept secret from other | |||
| nodes on the LAN. | nodes on the LAN. | |||
| 11. Acknowledgments | 11. Acknowledgments | |||
| This specification is based on RFC2238. The authors of RFC2238 are | This specification is based on RFC2238. The authors of RFC2238 are | |||
| S. Knight, D. Weaver, D. Whipple, R. Hinden, D. Mitzel, P. Hunt, P. | S. Knight, D. Weaver, D. Whipple, R. Hinden, D. Mitzel, P. Hunt, P. | |||
| Higginson, M. Shand, and A. Lindem. | Higginson, M. Shand, and A. Lindem. | |||
| The author of this document would also like to thank Erik Nordmark, | The author of this document would also like to thank Erik Nordmark, | |||
| Thomas Narten, and Steve Deering for their his helpful suggestions. | Thomas Narten, Steve Deering, Radia Perlman, and Danny Mitzel for | |||
| their helpful suggestions. | ||||
| 12. IANA Considerations | 12. IANA Considerations | |||
| VRRP for IPv6 needs an IPv6 link-local scope multicast address | VRRP for IPv6 needs an IPv6 link-local scope multicast address | |||
| assigned by the IANA for this specification. The IPv6 multicast | assigned by the IANA for this specification. The IPv6 multicast | |||
| address should be of the following form: | address should be of the following form: | |||
| FF02:0:0:0:0:0:XXXX:XXXX | FF02:0:0:0:0:0:XXXX:XXXX | |||
| The values assigned address should be entered into section 5.2.2. | The values assigned address should be entered into section 5.2.2. | |||
| A convenient assignment of this link-local scope multicast would be: | A convenient assignment of this link-local scope multicast would be: | |||
| FF02:0:0:0:0:0:0:12 | FF02:0:0:0:0:0:0:12 | |||
| as this would be consistent with the IPv4 assignment for VRRP. | as this would be consistent with the IPv4 assignment for VRRP. | |||
| The IANA should also reserve a block of IANA Ethernet unicast | ||||
| addresses from: | ||||
| 00-00-5E-00-02-00 to 00-00-5E-00-02-FF in hex | ||||
| for VRRP for IPv6. Similar assignments are documented in: | ||||
| http://www.iana.org/assignments/ethernet-numbers | ||||
| 13. Normative References | 13. Normative References | |||
| [802.1D] International Standard ISO/IEC 10038: 1993, ANSI/IEEE Std | [802.1D] International Standard ISO/IEC 10038: 1993, ANSI/IEEE Std | |||
| 802.1D, 1993 edition. | 802.1D, 1993 edition. | |||
| [ADD-ARH] Hinden, R., S. Deering, "IP Version 6 Addressing | [ADD-ARH] Hinden, R., S. Deering, "IP Version 6 Addressing | |||
| Architecture", Internet Draft, <draft-ietf-ipngwg-addr- | Architecture", RFC3513, April 2003. | |||
| arch-v3-11.txt>, October 2002. | ||||
| [CKSM] Braden, R., D. Borman, C. Partridge, "Computing the | [CKSM] Braden, R., D. Borman, C. Partridge, "Computing the | |||
| Internet Checksum", RFC1071, September 1988. | Internet Checksum", RFC1071, September 1988. | |||
| [ICMPv6] Conta, A., S. Deering, "Internet Control Message Protocol | [ICMPv6] Conta, A., S. Deering, "Internet Control Message Protocol | |||
| (ICMPv6) for the Internet Protocol Version 6 (IPv6)", | (ICMPv6) for the Internet Protocol Version 6 (IPv6)", | |||
| RFC2463, December 1998. | RFC2463, December 1998. | |||
| [IPv6] Deering, S., R. Hinden, "Internet Protocol, Version 6 | [IPv6] Deering, S., R. Hinden, "Internet Protocol, Version 6 | |||
| (IPv6) Specification", RFC2460, December 1998. | (IPv6) Specification", RFC2460, December 1998. | |||
| skipping to change at page 26, line 32 | skipping to change at page 26, line 36 | |||
| Nokia | Nokia | |||
| 313 Fairchild Drive | 313 Fairchild Drive | |||
| Mountain View, CA 94043 | Mountain View, CA 94043 | |||
| USA | USA | |||
| Phone: +1 650 625-2004 | Phone: +1 650 625-2004 | |||
| EMail: hinden@iprg.nokia.com | EMail: hinden@iprg.nokia.com | |||
| 16. Changes from RFC2338 | 16. Changes from RFC2338 | |||
| - Changed VMAC assignements to a separate block of IANA Ethernet | ||||
| addresses and added this to the IANA considerations section. | ||||
| - Removed different authentication methods, header fields, and | - Removed different authentication methods, header fields, and | |||
| updated the security considerations section. | updated the security considerations section. | |||
| - General rewrite to change protocol to provide virtual router | - General rewrite to change protocol to provide virtual router | |||
| functionality from IPv4 to IPv6. Specific changes include: | functionality from IPv4 to IPv6. Specific changes include: | |||
| o Increment VRRP version to 3. | o Increment VRRP version to 3. | |||
| o Change packet format to support an 128-bit IPv6 address. | o Change packet format to support an 128-bit IPv6 address. | |||
| o Change to only support one router address (instead of multiple | o Change to only support one router address (instead of multiple | |||
| addresses). This included removing address count field from | addresses). This included removing address count field from | |||
| header. | header. | |||
| o Rewrote text to specify IPv6 Neighbor Discovery mechanisms | o Rewrote text to specify IPv6 Neighbor Discovery mechanisms | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||