IPv6 Maintenance Working Group                              A. Matsumoto
Internet-Draft                                               T. Fujisaki
Intended status: Informational                                       NTT
Expires: September 9, 2010                                     R. Hiromi
                                                           Intec Netcore
                                                           March 8, 2010


          Considerations of address selection policy conflicts
             draft-arifumi-6man-addr-select-conflict-02.txt

Abstract

   This document examines how policy conflicts happen, and how to
   address the conflicts.  After making it clear what kind of address
   selection policy should be necessary, we proposed how to merge the
   possibily conflicting policies for each of the destination address
   selection policy and source address selection policy.

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on September 9, 2010.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal



Matsumoto, et al.       Expires September 9, 2010               [Page 1]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the BSD License.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.































Matsumoto, et al.       Expires September 9, 2010               [Page 2]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.  Motivations for Address Selection Control  . . . . . . . . . .  4
   3.  Conflicts and Solution Analysis  . . . . . . . . . . . . . . .  5
     3.1.  Source Address Selection . . . . . . . . . . . . . . . . .  5
     3.2.  Destination Address Selection  . . . . . . . . . . . . . .  7
   4.  Cenceptual Policy Processing Model . . . . . . . . . . . . . .  9
     4.1.  The Whole Picture of Policy Merging Process  . . . . . . .  9
     4.2.  Example of Address Selection Policy Merging  . . . . . . . 10
       4.2.1.  Processing Source Address Selection Policy . . . . . . 10
       4.2.2.  Processing Destination Address Selection Policy  . . . 11
       4.2.3.  Precedence and Label Values Adjustment . . . . . . . . 12
   5.  Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 13
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 13
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 13
   8.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
     9.1.  Normative References . . . . . . . . . . . . . . . . . . . 14
     9.2.  Informative References . . . . . . . . . . . . . . . . . . 14
   Appendix A.  Revision History  . . . . . . . . . . . . . . . . . . 14
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14





























Matsumoto, et al.       Expires September 9, 2010               [Page 3]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


1.  Introduction

   RFC 5220 [RFC5220] describes several cases where problems are caused
   by using multiple prefixes at hosts and sites.  The address selection
   design team is working on this issue and summarizes their work in the
   considerations document [I-D.ietf-6man-addr-select-considerations].
   Their solution mechanism is going to be an update mechanism of the
   address selection policy table at a host from the network.  As one of
   the possible solutions, a DHCPv6 option
   [I-D.fujisaki-dhc-addr-select-opt] is proposed.

   As mentioned in RFC 5220 [RFC5220], a host or a site belongs to
   multiple upstream networks in some environments.  For example, a host
   with multiple interfaces, such as wireless and wired interfaces, can
   easily belong to multiple networks.  A site may have connectivity to
   ISP and a corporate network through a VPN link.

   In these cases, if two or more of the upstream networks want to
   control address selection behavior of his network's customer host,
   those address selection policies have to be merged at the host, and
   they may collide there.

   Note that this document does not assume the address selection policy
   transmitted by an upstream network provider is in the form of RFC
   3484 [RFC3484] policy table itself.  Rather, it sorts out the
   motivation for address selection control in Section 2, and
   accordingly defines the form of policy.  Then, this document
   describes how policy conflicts happen, and how they can be merged in
   the Section 4.

   Some of the problems described in RFC 5220 are specific to and
   resulted from the address selection mechanism defined in RFC 3484
   [RFC3484].  However, above mentioned policy collision is an intrinsic
   problem of address selection policy merging, and not specific to the
   RFC 3484 mechanism.


2.  Motivations for Address Selection Control

   As in RFC 5220, there are various motivations for network
   administrator to control address selection behavior of his customers'
   hosts.  We can classify these policies into the following two groups.

   - Source address selection behavior control:







Matsumoto, et al.       Expires September 9, 2010               [Page 4]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


      "When accessing to PREFIX-1, use ADDRESS-1 as the source address."
      A lot of ISPs have this policy and they usually implement it by
      adopting ingress filtering to incoming packets from their
      customers.  Another example is a multi-prefix network that makes
      use of multiple address blocks in the network and assigns multiple
      addresses/prefixes to its customers for different purpose, such as
      a prefix for the Internet access and a prefix for telephone call.

   - Destination address selection behavior control:

      "When accessing to PREFIX-1 or PREFIX-2, prefer PREFIX-1 rather
      than PREFIX-2."  This kind of control policy is usually intended
      for optimization of the customers' traffic.  It is not usually
      intended for on-off switch manner of control, but rather control
      of preference degree.  For example, this is useful when a
      destination site has both PREFIX-1 and PREFIX-2, and the network
      administrator knows connectivity to PREFIX-1 is better than
      PREFIX-2.  The typical use case is IPv4 and IPv6 prioritization as
      mentioned in RFC 5220.

      On-off switch manner of destination address selection control is
      not in scope of RFC 3484 address selection behavior, but it can be
      implemented by some other means, such as routing table
      manipulation and DNS resolution.

      As it is intrinsiclly intended for optimization, it should not be
      used for any other purpose like security .

   Here, PREFIX-* is used to denote both IPv4 and IPv6 prefixes.  In the
   following part, policy conflict and its solution for these two kinds
   of control policy are discussed individually.


3.  Conflicts and Solution Analysis

3.1.  Source Address Selection

   As mentioned above, source address selection policy have following
   meaning:

   "When accessing to PREFIX-1, use ADDRESS-1 as the source address."

   The upstream network that has this kind of policy usually assigns an
   address block that includes ADDRESS-1, and also provides reachability
   to the network that is specified by PREFIX-1.

   Source address selection policy conflict can happen when different
   network have a policy for the same prefix.  For example, in the



Matsumoto, et al.       Expires September 9, 2010               [Page 5]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


   following figure, Network-1 have a policy: "To PREFIX-1, use
   ADDRESS-1", and Network-2: "To PREFIX-1 and PREFIX-2, use ADDRESS-2".


                    PREFIX-1 -----+    PREFIX-2
                          |        \     |
                          |         \    |
                    +-----+-----+  +-+---+-----+
                    | Network-1 |  | Network-2 |
                    +------+----+  +----+------+
                            \          /
                             \        /
                    ADDRESS-1 \      / ADDRESS-2
                           +---+----+---+
                           | Host/Site  |
                           +------------+

   In this case, the solution is straightforward.  As documented in RFC
   3484, the destination address is determined before source address
   selection policy is used.  Thus, the outgoing route, such as the
   next-hop node and the network interface, is determined by looking up
   the routing table at a host.  In other words, the outgoing network
   that carries the packet to the destination is determined without the
   source address selection policy.

   So, the bottom line is that the source address selection policy that
   matches routing table's behavior should be chosen.  There is no point
   adopting the source address selection policy of a network where a
   packet does not go through.

   In other words, if the routing table is fixed before the source
   address selection policy is fixed, then the source address selection
   policy should be implemented while avoiding contradiction with the
   routing table.  If not, the routing table should be coordinated to
   match the source address selection policy.

   In a case where a site is connected to the multiple ISPs, like the
   figure above, and receives policies from the ISPs and re-distribute
   policies to the downstream hosts, the hosts cannot know which ISP are
   chosen for transit to PREFIX-1.  So, in this case, the entity who
   knows which way is chosen have to address the policy conflict.

   For example, Network-1 and Network-2 advertise the following policy
   to the customers,


           Network-1: to PREFIX-1, use ADDRESS-1
           Network-2: to PREFIX-1, use ADDRESS-2



Matsumoto, et al.       Expires September 9, 2010               [Page 6]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


                      to PREFIX-2, use ADDRESS-2

   The policy for PREFIX-1 is conflicted in this case.  And when the
   routing table of the Host/Site is like below,


           Destination     Gateway
           PREFIX-1        Gateway Address of Network-1
           PREFIX-2        Gateway Address of Network-2

   the merging process should choose a policy from Network-1 for the
   conflicting PREFIX-1.  By this process, the merged policy table will
   be:


           to PREFIX-1, use ADDRESS-1
           to PREFIX-2, use ADDRESS-2

3.2.  Destination Address Selection

   As mentioned in section 2, destination address selection policy have
   following meaning: "When accessing to a destination site that has
   PREFIX-1 and PREFIX-2, prefer PREFIX-1 rather than PREFIX-2."  The
   upstream network that has this kind of policy should provides
   reachability to both networks that are specified by PREFIX-1 and
   PREFIX-2.

   Destination address selection policy conflict can happen when a
   network has a policy that has inverse effect of another network's
   policy.  That is, in the figure below, Network-1 prefers PREFIX-1
   rather than PREFIX-2, and Network-2 prefers PREFIX-2 rather than
   PREFIX-1.


                             bad   bad
                    PREFIX-1 ---- ---- PREFIX-2
                          |      X      |
                     good |     / \     | good
                    +-----+-----+ +-----+-----+
                    | Network-1 | | Network-2 |
                    +------+----+ +----+------+
                            \         /
                             \       /
                    ADDRESS-1 \     / ADDRESS-2
                           +---+---+---+
                           | Host/Site |
                           +-----------+




Matsumoto, et al.       Expires September 9, 2010               [Page 7]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


   In routing mechanism, a router advertises a route A to a certain
   destination, another advertises a route B to the same destination,
   and the receiver decides which route to take by looking at the cost
   of the routes and other information.

   In destination address selection policy, a network advertises prefix
   A and the precedence degree.  The destination address selection
   policy conflict happens when multiple entities provide policies for
   the same or the overlapping destination prefix with different costs.
   This is the same situation as the routing mechanism in that there can
   be multiple "routes" for the same destination.

   Here, we can choose the better, that is, higher precedence "route"
   for the destination prefix, but there is no point if the route is not
   actually used by the routing mechainism.  Even if we choose a policy
   for prefix A provided from Network-1, a packet destined for the
   prefix A does not always go through Network-1.  This is what the
   routing mechianism of the host or the site router decides.

   So, we propose to adopt the policy that is provided from the network
   the routing mechanism selected and thus a packet goes through,
   because the routing mechanism is already there and performs routing
   decisions by making use of the routing protocols metrics and also
   implementation dependent information.

   For example, Network-1 router advertises the following policy to the
   customers:

      to PREFIX-1, precedence 20
      to PREFIX-2, precedence 10

   Network-2 advertises:

      to PREFIX-1, precedence 30
      to PREFIX-2, precedence 40

   And when the routing table is:

      PREFIX-1 via Network-1
      PREFIX-2 via Network-2

   Then, the receiving host should have the following merged destination
   address selection policy:








Matsumoto, et al.       Expires September 9, 2010               [Page 8]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


      to PREFIX-1, precedence 20 via Network-1
      to PREFIX-2, precedence 40 via Network-2


4.  Cenceptual Policy Processing Model

4.1.  The Whole Picture of Policy Merging Process

   The merging process in Section 3 describes how conflicting source
   address selection policies can be merged, and how conflicting
   destination address selection policies can be merged.  The output of
   these merged process is not in the form of RFC 3484 policy table.

   However, we can get these merged policies into the RFC 3484 policy
   table by the following processing of the merged policies.  By
   processing the policies this way, we do not need to modify the form
   of RFC 3484 policy table.


           +-------------+ +-------------+
           |  Network-1  | |  Network-2  |
           +-------------+ +-------------+
                  |      \ /      |
                  |       X       |
                  v      v v      v
           +-------------+ +-------------+
           | Dst Address | | Src Address |
           | Policy Pool | | Policy Pool |
           +-------------+ +-------------+
                      |       |             +---------------+
                      |<------|<------------| Routing Table |
                      v       v             +---------------+
                 +-----------------+
                 | RFC3484 Default |
                 |  Policy Table   |
                 +-----------------+
                          |
                          v
           +-----------------------------+
           |     RFC 3484 Policy Table   |
           +-----------------------------+

   In the figure above, Network-1 and Network-2 provide both destination
   address selection poilcies and source address selection policies.
   The policy receiver should keep the received policies as they are in
   policy pools.  Also, the default policy table define in RFC 3484 has
   to be kept.




Matsumoto, et al.       Expires September 9, 2010               [Page 9]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


   The conflicts in policy pools can be solved by looking up the routing
   table by the process of Section 3.  The outputs from this process are
   injected into the RFC 3484 default policy table so that the injecting
   policies should least change the effects of the default policy.

   This process should be performed every time the received policy
   changes.  This is because the change cannot alway be made
   incrementally.

   In the sub-sections below, the detailed merging process are
   described.  The merging process begins with the merging of source
   address selection policies.  The merging of destination address
   policies comes after that.  And it ends with adjustment of the
   inserted entries' precedence and label values in accordance with the
   default policy table.

4.2.  Example of Address Selection Policy Merging


                   ::ffff:0:0/96
                        ::/0 -----+
                          |        \
                          |         \
                    +-----+-----+ +--+--------+
                    | Network-1 | | Network-2 +---- fd00:2::/48
                    +------+----+ +-----+-----+
                            \          /
                             \        /
              2001:db8:1::/64 \      / 2001:db8:2::/64
                           +---+----+---+
                           |    Host    |
                           +------------+

4.2.1.  Processing Source Address Selection Policy

   The two ISPs, Network-1 and Network-2, provide the source address
   selection policy below,

   Network-1 "if dst ::/0, then src 2001:db8:1::/64"
   Network-2 "if dst ::/0 or fd00:2::/48, then src 2001:db8:2::/64"

   and the Host's routing table looks like below,


                   Prefix              Nexthop
                   ::/0                Network-1
                   fd00:2::/48         Network-2




Matsumoto, et al.       Expires September 9, 2010              [Page 10]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


   As mentioned in the previous section, the policy that came from the
   selected entity in the routing table should be selected in the policy
   table also.  In this case, the routing table selected Network-1 for
   the nexthop for the prefix ::/0, so the Network-1's policy should be
   selected in the policy table.


                   Prefix        Precedence Label
                   ::/0                   ?     1
                   2001:db8:1::/64        ?     1
                   fd00:2::/48            ?     5
                   2001:db8:2::/64        ?     5

   Next comes the merging with the default policy table, which is pasted
   below from the RFC 3484,


                   Prefix        Precedence Label
                   ::1/128               50     0
                   ::/0                  40     1
                   2002::/16             30     2
                   ::/96                 20     3
                   ::ffff:0:0/96         10     4

   We can have the following merged table.


                   Prefix        Precedence Label
                   ::1/128               50     0
                   ::/0                  40     1
                *S 2001:db8:1::/64        ?     1
                *S fd00:2::/48            ?     5
                *S 2001:db8:2::/64        ?     5
                   2002::/16             30     2
                   ::/96                 20     3
                   ::ffff:0:0/96         10     4

   There are unresolved values in the table, which should be resolved in
   accordance with other policies below.

4.2.2.  Processing Destination Address Selection Policy

   The above mentioned two ISPs, Network-1 and Network-2, also want to
   provide the destination address selection policy below,

   Network-1 "::/0 Precedence 20, ::ffff:0:0/96 Precedence 10"
   Network-2 "::/0 Precedence 30, ::ffff:0:0/96 Precedence 40"




Matsumoto, et al.       Expires September 9, 2010              [Page 11]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


   and the routing table of the Host is like below.


                   Prefix              Nexthop
                   ::/0                Network-1
                   ::ffff:0:0/96       Network-2
                   fd00:2::/48         Network-2

   Here, the merging process selects the Precedence value of the policy
   that is selected in the routing table.  That is, the routing table
   above selects Network-1 for the prefix ::/0, so the Precedence value
   for the prefix ::/0 should be the value of the Network-1's policy.
   The resulf of this merging process is below.


                   Prefix        Precedence Label
                   ::/0                  20     ?
                   ::ffff:0:0/96         40     ?

   Next comes the merging with the policy table that is merged with the
   source address selection policy.


                   Prefix        Precedence Label
                   ::1/128               50     0
                *D ::/0                  20     1
                *S 2001:db8:1::/64        ?     1
                *S fd00:2::/48            ?     5
                *S 2001:db8:2::/64        ?     5
                   2002::/16             30     2
                   ::/96                 20     3
                *D ::ffff:0:0/96         40     4

4.2.3.  Precedence and Label Values Adjustment

   Regarding the unresolved value in the previous unfinished policy
   table, the merging process should choose the most harmless Precedence
   value.  That means, the Precedence value that does not spoil or
   change the other policy table entries' effects.

   The process should find a prefix that best includes or matches the
   prefix with the unresolved value in this policy table, and use the
   Precedence value of the selected prefix.  In this example, the prefix
   2001:db8:1::/64 longestly matches with the existing prefix ::/0, so
   the Precedence value 20 was used for the merged entries.  The same
   value goes to the entries with 2001:db8:2::/64 and fd00:2::/48.





Matsumoto, et al.       Expires September 9, 2010              [Page 12]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


                   Prefix        Precedence Label
                   ::1/128               50     0
                *D ::/0                  20     1
                *S 2001:db8:1::/64       20     1
                *S fd00:2::/48           20     5
                *S 2001:db8:2::/64       20     5
                   2002::/16             30     2
                   ::/96                 20     3
                *D ::ffff:0:0/96         40     4

   Though not ducumented in this example, almost the same process as the
   Precedence value adjustment should be applied to the Label value.
   That is, the merging process should choose the most harmless Label
   value, which does not spoil or change the other policy table entries'
   effects.  Hense, it should use the same Label value as the existing
   entry that longestly matches the prefix of the unresolved Label
   value.


5.  Discussion

   In this document, we examined and classified address selection
   policies.  For each kind, we proposed how to solve the merging
   conflicting policies.

   As documented here, the merging process has close relationship with
   the routing table.  It should be noted that the address selection
   policy distribution has to be considered and used along with the
   routing mechanism.


6.  IANA Considerations

   This document has no actions for IANA.


7.  Security Considerations

   TBD


8.  Acknowledgements

   Dave Thaler and Aleksi Suhonen has given invaluable advice and
   feedback on this document.


9.  References



Matsumoto, et al.       Expires September 9, 2010              [Page 13]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


9.1.  Normative References

   [I-D.fujisaki-dhc-addr-select-opt]
              Fujisaki, T., Matsumoto, A., and R. Hiromi, "Distributing
              Address Selection Policy using DHCPv6",
              draft-fujisaki-dhc-addr-select-opt-09 (work in progress),
              March 2010.

   [RFC3484]  Draves, R., "Default Address Selection for Internet
              Protocol version 6 (IPv6)", RFC 3484, February 2003.

   [RFC5220]  Matsumoto, A., Fujisaki, T., Hiromi, R., and K. Kanayama,
              "Problem Statement for Default Address Selection in Multi-
              Prefix Environments: Operational Issues of RFC 3484
              Default Rules", RFC 5220, July 2008.

9.2.  Informative References

   [I-D.ietf-6man-addr-select-considerations]
              Chown, T., "Considerations for IPv6 Address Selection
              Policy Changes",
              draft-ietf-6man-addr-select-considerations-00 (work in
              progress), October 2009.


Appendix A.  Revision History

   02:
      The document structure was changed.
      Detailed the whole picture of merging process implementation in
      Section 4.
      Documented how the source address policy merging and destination
      address policy merging interacts in Section 4.

   01:
      The section 4 was made clearer.
      The section 5 "Conceptual processing model" was added.
      The section "Conclusions" was renamed to "Discussion".













Matsumoto, et al.       Expires September 9, 2010              [Page 14]


Internet-Draft     Address-Selection Poloicy Conflict         March 2010


Authors' Addresses

   Arifumi Matsumoto
   NTT PF Lab
   Midori-Cho 3-9-11
   Musashino-shi, Tokyo  180-8585
   Japan

   Phone: +81 422 59 3334
   Email: arifumi@nttv6.net


   Tomohiro Fujisaki
   NTT PF Lab
   Midori-Cho 3-9-11
   Musashino-shi, Tokyo  180-8585
   Japan

   Phone: +81 422 59 7351
   Email: fujisaki@syce.net


   Ruri Hiromi
   Intec Netcore, Inc.
   Shinsuna 1-3-3
   Koto-ku, Tokyo  136-0075
   Japan

   Phone: +81 3 5665 5069
   Email: hiromi@inetcore.com





















Matsumoto, et al.       Expires September 9, 2010              [Page 15]