IPv6 Working Group Michel Py INTERNET DRAFT L3T December 4, 2002 Charles E. Perkins Nokia Research Center GUSL: Globally Unique Site Local addresses draft-py-ipv6-gusl-00.txt Status of This Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at: http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at: http://www.ietf.org/shadow.html. This document is an individual submission for the IPv6 Working Group of the Internet Engineering Task Force (IETF). Comments should be Submitted to the ipng@sunroof.eng.sun.com mailing list. Distribution of this memo is unlimited. Abstract Site-local addresses (SLs) are part of the IPv6 addressing architecture [ADDRARCH]. Postings on the IPv6 mailing have identified issues with SLs. Among these issues are ambiguity (the possibility for several sites to use the same site-local prefix) and usage of SLs in multiple-site networks. This document proposes an allocation method to avoid ambiguity and clarifies the fact that site-local addresses should not be used outside the boundaries of a site. Py, Perkins Expires June 4, 2003 [Page 1] Internet Draft Globally Unique Site Local addresses Dec. 4, 2002 A. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119]. B. Goals of this document: 0. Clarify the meaning of the word "site". 1. Provide an allocation method of site-local addresses within FEC0::/10 in order to avoid ambiguity of such addresses. 2. Enforce the non-routability of site-local addresses on the public Internet. 3. Clarify the usage of site-local addresses for inter-site traffic. C. Non-goals: Change the scope or usage of site-local addresses. 0. Meaning of "site" The word "site" appears to be understood differently by the community than it is loosely defined in [ADDRARCH]: > [ADDRARCH] > A "site" is, by intent, not rigorously defined, but is typically > expected to cover a region of topology that belongs to a single > organization and is located within a single geographic location, > such as an office, an office complex, or a campus. A personal > residence may be treated as a site (for example, when the > residence obtains Internet access via a public Internet service > provider), or as a part of a site (for example, when the residence > obtains Internet access via an employer's or school's site) It appears that "site" is used by the community as a shorter form of "end site" as described in [IPV6POLICY]. By extension, "site" has largely been used as a synonymous of "/48" and assimilated to the administrative boundaries of the organization being assigned an end-site prefix. This document uses "site" having the same meaning as "end site" as described in [IPV6POLICY]. Py, Perkins Expires June 4, 2003 [Page 2] Internet Draft Globally Unique Site Local addresses Dec. 4, 2002 1. Allocation method: 1.1 Rationale. The mailing list has shown desire for three types of allocation: - Free, automated configuration, no registration, no external connection, almost unique. - Free, manual or semi-automatic configuration, no registration, Internet connection necessary for semi-automatic configuration, unique. 1.2 The site-local address space (FEC0::/10) will be divided in 3 parts: 1.2.1 Free, MAC-based allocation, for unattended/automated setups: FEC0::/11. A /48 GUSL prefix is generated by the router. The prefix is generated by a mapping function transforming the 48-bit MAC address of the first interface that features a MAC address into a 37-bit number. The choice of the MAC address has been made in order to allow devices that do not have configuration saved in permanent memory to acquire the same GUSL prefix each time they boot. Routers that do not have any physical interface that features a MAC address MUST implement a logical one that does. The mapping function discards the eight most significant bits of the OUI and the three most significant bits of the VAN. +-----------------------------------------------------+ | EUI-48 MAC address | +--------------------------+--------------------------+ | 24-bit OUI | 24-bit VAN | +--------------------------+--------------------------+ | 444444443333333333222222 | 22221111111111 | | 765432109876543210987654 | 321098765432109876543210 | | ccccccugcccccccccccccccc | mmmmmmmmmmmmmmmmmmmmmmmm | +--------------------------+--------------------------+ \\\\\\\\\\\\\\\\ ///////////////////// \\\\\\\\\\\\\\\\ ///////////////////// +---------------------------------------+ | 333333333322222221111111111 | | 9876543210987654098765432109876543210 | | ccccccccccccccccmmmmmmmmmmmmmmmmmmmmm | +---------------------------------------+ | 37-bit map | +---------------------------------------+ Py, Perkins Expires June 4, 2003 [Page 3] Internet Draft Globally Unique Site Local addresses Dec. 4, 2002 The generated /48 prefix is constructed with regard to the following: +---------------------------------+ | 48 bits GUSL prefix | +------------+------------+-------+ | 10 bits | 37 bits | 1 bit | +------------+------------+-------+ | 1111111011 | 37-bit map | 0 | +------------+------------+-------+ The generated prefix is not guaranteed to be globally unique. If the router has the capability of saving its configuration in non-volatile memory such as NVRAM, Flash, or disk file the site-local prefix MUST be saved as part of the configuration and the generation MUST happen only once; subsequent restarts MUST use the site-local prefix stored in the configuration. 1.2.2 Unregistered, free, unique, sequentially allocated: FEF0::/12 - The Communications Systems Lab of Nokia's Silicon valley Research Center provides a publicly accessible web server that assigns unique site-local /48 prefixes. - This service is provided free of charge to the IPv6 community and is accessible at: http://gusl.iprg.nokia.com. - Prefixes are assigned sequentially, starting with FEF0::/48. - Allocation is rate-limited at one prefix per day per IPv6 /64 prefix or IPv4 address. - The HTTP page contains a string that is the result of the concatenation of the string "Your unique site-local prefix is " and a string representing the prefix, following the template "FEFx:xxxx:xxxx::/48", with all the zeroes displayed. - Nokia will periodically monitor allocations and advise the community shall they reach near exhaustion of the 64 billion site-local /48 prefixes limit. 1.2.3 Reserved for future use: FEE0::/12 Py, Perkins Expires June 4, 2003 [Page 4] Internet Draft Globally Unique Site Local addresses Dec. 4, 2002 1.3 Choice of the allocation method: 1.3.1 When a router autoconfigures itself, it MAY generate a site-local prefix as described in 1.2.1. 1.3.2 When a user or administrator interactively configures the router, if s/he elects to use GUSL addresses, s/he MUST have the choice between the following three options: a) Manual entry of the site-local prefix. b) Contact Nokia's GUSL server and parse the reply for the prefix's string. c) Generate a prefix as described in 1.2.1. Options a) and b) MUST NOT be available if the router does not have the capability of saving its configuration in non-volatile memory such as NVRAM, Flash, or disk file. 2. Enforcement of global non-routability: 2.1 Rationale. Ambiguity provided a strong disincentive to announce site-local routes in the global routing table. To some extent, it also provided a fail-safe against misconfigurations that resulted in site-local routes or traffic leaking on the public Internet. This document provides additional enforcement of non-traffic and non-routability of site-local addresses on the public Internet, in order to compensate for what disappears with ambiguity. 2.2 All IPv6 capable routers MUST implement a default black hole for FEC0::/10. This black hole MUST NOT be easily removable, as it does not prevent the site from using more specific prefixes within FEC0::/10. 2.3 All IPv6 capable routers MUST discard by default any exterior gateway routing protocol (including BGP) routes matching FEC0::/10 ge 10. Accepting such routes MUST require specific permit statements in the router's configuration. 3. Multiple sites: GUSL addresses MUST NOT be used for communication with other sites. Routers MUST NOT forward any packets with GUSL source or destination addresses outside of the site. Py, Perkins Expires June 4, 2003 [Page 5] Internet Draft Globally Unique Site Local addresses Dec. 4, 2002 4. Revision History December 4,2002: Initial text. 5. Acknowledgements None of the ideas described in this document are new. Bob Hinden originally suggested the default black hole. 6. Security considerations. There are minor security benefits provided by section 2. This document does not otherwise change any security-related issues. 7. IANA considerations. As the purpose of the FEC0::/10 block is not changed, it is expected that IANA will not oppose this document. IANA will delegate FEF0::/12 to The Communications Systems Lab of Nokia's Silicon valley Research Center for the purpose of sequentially assigning globally unique site-local addresses. 8. References [RFC 2119] Bradner, S, "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, Harvard University, March 1997. [ADDRARCH] Deering, S. and R. Hinden, "IP Version 6 Addressing Architecture", http://www.ietf.org/internet-drafts/draft-ietf-ipngwg- addr-arch-v3-11.txt, October 2002. [IPV6POLICY] APNIC, ARIN, RIPE-NCC, "IPv6 Address Allocation and Assignment Assignment Policy", June 26, 2002. http://www.arin.net/policy/ipv6_policy.html 9. Author's addresses Michel Py Charles E. Perkins L3T Communications Systems Lab Nokia Research Center 2825 Marshall Way 313 Fairchild Drive Sacramento, California 95818 Mountain View, California 94043 USA USA Phone: +1-916 737-0131 Phone: +1-650 625-2986 Email: mpy@ieee.org Email: charliep@iprg.nokia.com Fax: +1-916 737-0131 Fax: +1 650 625-2502 Py, Perkins Expires June 4, 2003 [Page 6] Internet Draft Globally Unique Site Local addresses Dec. 4, 2002 10. Full Copyright Statement Copyright (C) The Internet Society (2000). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Py, Perkins Expires June 4, 2003 [Page 7]