Unique IPv6 Prefix Per Host
draft-ietf-v6ops-unique-ipv6-prefix-per-host-13

Document Type Active Internet-Draft (v6ops WG)
Last updated 2017-11-08 (latest revision 2017-10-16)
Replaces draft-jjmb-v6ops-unique-ipv6-prefix-per-host
Stream IETF
Intended RFC status Best Current Practice
Formats plain text pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication (wg milestone: Jul 2017 - File recommendation ... )
Document shepherd Ron Bonica
Shepherd write-up Show (last changed 2017-05-09)
IESG IESG state RFC Ed Queue
Consensus Boilerplate Yes
Telechat date
Responsible AD Warren Kumari
Send notices to draft-ietf-v6ops-unique-ipv6-prefix-per-host.all@ietf.org, Ron Bonica <rbonica@juniper.net>
IANA IANA review state Version Changed - Review Needed
IANA action state No IC
RFC Editor RFC Editor state AUTH48
v6ops                                                      J. Brzozowski
Internet-Draft                                             Comcast Cable
Intended status: Best Current Practice                   G. Van De Velde
Expires: April 19, 2018                                            Nokia
                                                        October 16, 2017

                      Unique IPv6 Prefix Per Host
            draft-ietf-v6ops-unique-ipv6-prefix-per-host-13

Abstract

   This document outlines an approach utilising existing IPv6 protocols
   to allow hosts to be assigned a unique IPv6 prefix (instead of a
   unique IPv6 address from a shared IPv6 prefix).  Benefits of unique
   IPv6 prefix over a unique service provider IPv6 address include
   improved host isolation and enhanced subscriber management on shared
   network segments.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 19, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of

Brzozowski & Van De VeldeExpires April 19, 2018                 [Page 1]
Internet-Draft         Unique IPv6 Prefix Per Host          October 2017

   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  Motivation and Scope of Applicability . . . . . . . . . . . .   3
   3.  Design Principles . . . . . . . . . . . . . . . . . . . . . .   4
   4.  IPv6 Unique Prefix Assignment . . . . . . . . . . . . . . . .   4
   5.  IPv6 Neighbor Discovery Best Practices  . . . . . . . . . . .   6
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   8
   9.  Normative References  . . . . . . . . . . . . . . . . . . . .   8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   9

1.  Introduction

   The concepts in this document are originally developed as part of a
   large scale, production deployment of IPv6 support for a provider
   managed shared access network service.

   A shared network service, is a service offering where a particular L2
   access network (e.g. wifi) is shared and used by multiple visiting
   devices (i.e. subscribers).  Many service providers offering shared
   access network services, have legal requirements, or find it good
   practice, to provide isolation between the connected visitor devices
   to control potential abuse of the shared access network.

   A network implementing a unique IPv6 prefix per host, can simply
   ensure that devices cannot send packets to each other except through
   the first-hop router.  This will automatically provide robust
   protection against attacks between devices that rely on link-local
   ICMPv6 packets, such as DAD reply spoofing, ND cache exhaustion,
   malicious redirects, and rogue RAs.  This form of protection is much
   more scalable and robust than alternative mechanisms such as DAD
   proxying, forced forwarding, or ND snooping.

   In this document IPv6 support does not preclude support for IPv4;
   however, the primary objectives for this work was to make it so that
   user equipment (UE) were capable of an IPv6 only experience from a
   network operators perspective.  In the context of this document, UE
   can be 'regular' end-user-equipment, as well as a server in a
   datacenter, assuming a shared network (wired or wireless).
Show full document text