IPv6 Maintenance                                                F. Baker
Internet-Draft                                             Cisco Systems
Updates: 2460,7045 (if approved)                               R. Bonica
Intended status: Standards Track                        Juniper Networks
Expires: September 17, 2016                               March 16, 2016


                IPv6 Hop-by-Hop Options Extension Header
                 draft-ietf-6man-hbh-header-handling-03

Abstract

   This document clarifies requirements for IPv6 routers with respect to
   the Hop-by-Hop (HBH) Options Extension Header.  These requirements
   are applicable to all IPv6 routers, regardless of whether they
   maintain a strict separation between forwarding and control plane
   hardware.  In this respect, this document updates RFC 2460 and RFC
   7045.

   This document also describes forwarding plane procedures for
   processing the HBH Options Extension Header.  These procedures are
   applicable to implementations that maintain a strict separation
   between forwarding and control plane implementations.

   The procedures described herein satisfy the above mentioned
   requirements by processing HBH Options on the forwarding plane to the
   greatest degree possible.  If a packet containing HBH Options must be
   dispatched to the control plane, it is rate limited before
   dispatching.  In order to comply with the requirements of this
   specification, implementations may execute the procedures described
   herein or any other procedures that result in compliant behavior.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 17, 2016.



Baker & Bonica         Expires September 17, 2016               [Page 1]


Internet-Draft                                                March 2016


Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   4
   2.  Requirements  . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Proposed Procedures . . . . . . . . . . . . . . . . . . . . .   6
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   7
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   7
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   8
   Appendix A.  Change Log . . . . . . . . . . . . . . . . . . . . .   9
   Appendix B.  HBH Options  . . . . . . . . . . . . . . . . . . . .  10
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   In IPv6 [RFC2460], optional Internet-layer information is encoded in
   extension headers that may be placed between the IPv6 header and the
   upper-layer header.  Currently, eleven extension headers are defined.
   Among them is the Hop-by-Hop (HBH) Options Extension header.  Unlike
   any other extension header, the HBH Options Extension header is
   examined by every node that a packet visits en route to its
   destination.

   The HBH Extension Header contains one or more HBH Options.  Each HBH
   Option contains a type identifier.  Appendix B of this document
   provides a list of currently defined HBH options.

   Some HBH Options contain information that is useful to a router's
   forwarding plane.  In this document, we call these options "HBH
   forwarding options".  Among these is the Jumbo Payload Option



Baker & Bonica         Expires September 17, 2016               [Page 2]


Internet-Draft                                                March 2016


   [RFC2675].  The Jumbo Payload Option indicates the payload length of
   the packet that carries it.  While this information is required to
   forward the packet, it can be discarded as soon as the packet has
   been forwarded.

   By contrast, other HBH Options contain information that is useful to
   a router's control plane.  In this document, we call these options
   "HBH control options".  Among these is the Router Alert Option
   [RFC2711].  The Router Alert Option informs transit routers that the
   packet carrying it contains information to be consumed by the
   router's control plane.  In many cases, this information is used to
   forward subsequent packets.

   Finally, the Pad and Pad1 options contain no information at all.
   These are included to ensure word-alignment of subsequent options and
   headers.

   Many modern routers maintain a strict separation between forwarding
   plane hardware and control plane hardware.  In these routers,
   forwarding plane bandwidth is plentiful, while control plane
   bandwidth is constrained.  In order to protect scarce control plane
   resources, these routers enforce policies the restrict access from
   the from the forwarding plane to the control plane.  Effective
   policies address packets containing the HBH Options Extension header,
   because HBH control options require access from the forwarding plane
   to the control plane.

   Many network operators perceive HBH Options to be a breach of the
   separation between the forwarding and control planes
   [I-D.ietf-v6ops-ipv6-ehs-in-real-world].  Therefore, some network
   operators discard all packets containing the HBH Options Extension
   Header, while others forward the packets but ignore the HBH Options.
   Still other operators severely rate-limit packets containing the HBH
   Options Extension Header.  In addition, some (notably older)
   implementations send all packets containing a HBH header to the
   control plane even if they contain only pad options, resulting in an
   effect DoS on the router and inconsistent drops among those packets
   due to rate limiting or other factors.

   [RFC7045] legitimizes the current state of affairs, severely limiting
   the utility of HBH options.  In the words of RFC 7045:

      "The IPv6 Hop-by-Hop Options header SHOULD be processed by
      intermediate forwarding nodes as described in RFC2460.  However,
      it is to be expected that high-performance routers will either
      ignore it or assign packets containing it to a slow processing
      path.  Designers planning to use a Hop-by-Hop option need to be
      aware of this likely behaviour."



Baker & Bonica         Expires September 17, 2016               [Page 3]


Internet-Draft                                                March 2016


   This document clarifies requirements for IPv6 routers with respect to
   the HBH Options Extension Header.  These requirements are applicable
   to all IPv6 routers, regardless of whether they maintain a strict
   separation between forwarding and control plane hardware.  In this
   respect, this document updates RFC 2460 and RFC 7045.

   This document also describes forwarding plane procedures for
   processing the HBH Options Extension Header.  These procedures are
   applicable to implementations that maintain a strict separation
   between forwarding and control plane hardware.

   The procedures described herein satisfy the above mentioned
   requirements by processing HBH Options on the forwarding plane to the
   greatest degree possible.  If a packet containing HBH Options must be
   dispatched to the control plane, it is rate limited before
   dispatching.  In order to comply with the requirements of this
   specification, implementations can execute the procedures described
   herein or any other procedures that result in compliant behavior.

1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

2.  Requirements

   This section clarifies requirements for IPv6 routers with respect to
   the HBH Options Extension Header.  These requirements are applicable
   to all IPv6 routers, regardless of whether they maintain a strict
   separation between forwarding and control plane hardware.

   o  REQ1: Implementations MUST NOT discard otherwise forwardable
      packets because they contain the HBH Options Extension header.
      However, an implementation MAY be configured to discard packets
      containing the HBH Options Extension Header, so long as this is
      not the default behavior.

   o  REQ 2: Implementations MUST process unrecognized HBH Options as
      described in Section 4.2 of RFC 2460.  If an implementation
      receives a packet that contains an unrecognized HBH Option, that
      implementation MUST examine the first two bits of the HBH Option
      Type indicator.  Those bits determine whether the implementation
      a) continues to process the packet, b) discards the packet without
      sending an ICMP message or c) discards the packet and sends an
      ICMP message.





Baker & Bonica         Expires September 17, 2016               [Page 4]


Internet-Draft                                                March 2016


   o  REQ 3: Unrecognized HBH Options MUST be evaluated sequentially.
      For example, assume that an implementation receives a packet that
      carries two unrecognized HBH Options.  The Type indicator of the
      first unrecognized option begins with 01 while the Type indicator
      of the second unrecognized option begins with 10.  In this case,
      the implementation MUST discard the packet without sending an ICMP
      message to the source.  However, if the Type indicator of the
      first unrecognized option begins with 10 and the Type indicator of
      the second unrecognized option begins with 01, the implementation
      MUST discard the packet and send and ICMP Parameter Problem
      message to the source.

   o  REQ 4: Implementations MUST protect themselves against denial of
      service attacks that are propagated through HBH Options.  These
      protections MUST be enabled by default, without special
      configuration.

   o  REQ 5: The originator of a packet MAY insert the HBH Options
      Extension header between the IPv6 header and the upper-layer
      header.  It MAY also insert HBH Options inside of the HBH Options
      header.  Transit routers MUST NOT insert the HBH Options Extension
      header between the IPv6 header and the upper-layer header.
      Furthermore, they MUST NOT add or delete HBH Options inside of the
      HBH Options Extension header.

   o  REQ 6: Implementations SHOULD support a configuration option that
      limits the set of HBH Options that they recognize.  For example,
      assume that an implementation recognizes a particular HBH Option.
      Using this configuration option, an operator can cause the
      implementation to behave as if it does not recognize that option.
      This MAY be configured a side effect of other functionality.  For
      example, an implementation might not recognize the Router Alert
      Option unless a protocol that relies on the Router Alert Option
      (e.g., RSVP) is configured.

   o  REQ 7: The HBH Options Extension Header can contain as many as
      2056 bytes.  Some implementation are not capable of processing
      extension headers of that length
      [I-D.gont-v6ops-ipv6-ehs-packet-drops].  When an implementation
      receives a packet that it cannot process due to its HBH Options
      Extension Header length, the implementation MUST discard the
      packet and send an ICMP Parameter Problem message to the packet
      source.  ICMP Parameter Problem Code MUST be "Long Extension
      Header" (value TBD) and the ICMP Parameter Problem Pointer MUST
      contain the offset of HBH Options Extension Header.






Baker & Bonica         Expires September 17, 2016               [Page 5]


Internet-Draft                                                March 2016


3.  Proposed Procedures

   This section describes forwarding plane procedures for processing the
   HBH Options Extension Header.  These procedures are applicable to
   implementations that maintain a strict separation between forwarding
   and control plane hardware.

   The procedures described below process HBH Options on the forwarding
   plane to the greatest degree possible.  If a packet containing HBH
   Options must be dispatched to the control plane, it is rate limited
   before dispatching.  In order to comply with the requirements of
   Section 2, implementations can execute the procedures described
   herein or any other procedures that result in compliant behavior.

   Having received a packet containing the HBH Options Extension header,
   the forwarding plane determines whether the HBH Options Extension
   Header is too long for it to process.  If so, the forwarding plane
   discards the packet and sends an ICMP Parameter Problem message to
   the packet source.  ICMP Parameter Problem Code is set to "Long
   Extension Header" and the ICMP Parameter Problem Pointer is set to
   the offset of HBH Options Extension Header.

   If the HBH Options Extension Header is not too long to process, the
   forwarding plane hardware scans the header, assigning it to one of
   the following classes:

   o  Discard

   o  Dispatch to control plane

   o  Forward, ignoring all HBH Option

   o  Forward, processing selected HBH Options

   Forwarding plane hardware discards the packet if the HBH Options
   Extension Header contains an unrecognized option whose Type indicator
   begins with 01, 10 or 11.  Forwarding plane hardware sends an ICMP
   message if required.  See Section 2 REQ 2 and REQ 3 for details.

   If the packet is not discarded, and the HBH Options Extension header
   contains at least one recognized control option, the forwarding plane
   subjects the packet to a rate-limit and dispatches it to the control
   plane

   Otherwise, if the HBH Options Extension header contains only the
   following option types, the packet is forwarded without further HBH
   Option processing:




Baker & Bonica         Expires September 17, 2016               [Page 6]


Internet-Draft                                                March 2016


   o  Pad or Pad1

   o  Unrecognized options whose Type indicator begins with 00

   Otherwise, the forwarding plane process forwarding options and
   forwards the packet

4.  IANA Considerations

   IANA is requested to assign a new entry to the ICMP Parameter Problem
   Code registry.  The name of this code is "Long Extension Header".

5.  Security Considerations

   This document contributes to the security of IPv6 routers, by
   defining forwarding plane procedures for the processing of HBH
   Options.  These procedures are applicable to implementations that
   maintain a strict separation between forwarding and control plane
   hardware.

   The procedures described below process HBH Options on the forwarding
   plane to the greatest degree possible.  If a packet containing HBH
   Options must be dispatched to the control plane, it is rate limited
   before dispatching.

6.  Acknowledgements

   This note grew out of a discussion among the author, Ole Troan, Mark
   Townsley, Frank Brockners, and Shwetha Bhandari, and benefited from
   comments by Dennis Ferguson, Brian Carpenter, Panos Kampanakis,
   Jinmei Tatuya, and Joe Touch.  Thanks to Fernando Gont for his
   thoughtful review.

7.  References

7.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
              December 1998, <http://www.rfc-editor.org/info/rfc2460>.






Baker & Bonica         Expires September 17, 2016               [Page 7]


Internet-Draft                                                March 2016


   [RFC7045]  Carpenter, B. and S. Jiang, "Transmission and Processing
              of IPv6 Extension Headers", RFC 7045,
              DOI 10.17487/RFC7045, December 2013,
              <http://www.rfc-editor.org/info/rfc7045>.

7.2.  Informative References

   [I-D.gont-v6ops-ipv6-ehs-packet-drops]
              Gont, F., Hilliard, N., Doering, G., LIU, S., and W.
              Kumari, "Operational Implications of IPv6 Packets with
              Extension Headers", draft-gont-v6ops-ipv6-ehs-packet-
              drops-03 (work in progress), March 2016.

   [I-D.ietf-6man-rfc2460bis]
              Deering, S. and B. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", draft-ietf-6man-rfc2460bis-03 (work
              in progress), January 2016.

   [I-D.ietf-roll-trickle-mcast]
              Hui, J. and R. Kelsey, "Multicast Protocol for Low power
              and Lossy Networks (MPL)", draft-ietf-roll-trickle-
              mcast-12 (work in progress), June 2015.

   [I-D.ietf-v6ops-ipv6-ehs-in-real-world]
              Gont, F., Linkova, J., Chown, T., and S. LIU,
              "Observations on the Dropping of Packets with IPv6
              Extension Headers in the Real World", draft-ietf-v6ops-
              ipv6-ehs-in-real-world-02 (work in progress), December
              2015.

   [RFC2675]  Borman, D., Deering, S., and R. Hinden, "IPv6 Jumbograms",
              RFC 2675, DOI 10.17487/RFC2675, August 1999,
              <http://www.rfc-editor.org/info/rfc2675>.

   [RFC2711]  Partridge, C. and A. Jackson, "IPv6 Router Alert Option",
              RFC 2711, DOI 10.17487/RFC2711, October 1999,
              <http://www.rfc-editor.org/info/rfc2711>.

   [RFC4302]  Kent, S., "IP Authentication Header", RFC 4302,
              DOI 10.17487/RFC4302, December 2005,
              <http://www.rfc-editor.org/info/rfc4302>.

   [RFC4303]  Kent, S., "IP Encapsulating Security Payload (ESP)",
              RFC 4303, DOI 10.17487/RFC4303, December 2005,
              <http://www.rfc-editor.org/info/rfc4303>.






Baker & Bonica         Expires September 17, 2016               [Page 8]


Internet-Draft                                                March 2016


   [RFC4782]  Floyd, S., Allman, M., Jain, A., and P. Sarolahti, "Quick-
              Start for TCP and IP", RFC 4782, DOI 10.17487/RFC4782,
              January 2007, <http://www.rfc-editor.org/info/rfc4782>.

   [RFC5570]  StJohns, M., Atkinson, R., and G. Thomas, "Common
              Architecture Label IPv6 Security Option (CALIPSO)",
              RFC 5570, DOI 10.17487/RFC5570, July 2009,
              <http://www.rfc-editor.org/info/rfc5570>.

   [RFC6398]  Le Faucheur, F., Ed., "IP Router Alert Considerations and
              Usage", BCP 168, RFC 6398, DOI 10.17487/RFC6398, October
              2011, <http://www.rfc-editor.org/info/rfc6398>.

   [RFC6553]  Hui, J. and JP. Vasseur, "The Routing Protocol for Low-
              Power and Lossy Networks (RPL) Option for Carrying RPL
              Information in Data-Plane Datagrams", RFC 6553,
              DOI 10.17487/RFC6553, March 2012,
              <http://www.rfc-editor.org/info/rfc6553>.

   [RFC6621]  Macker, J., Ed., "Simplified Multicast Forwarding",
              RFC 6621, DOI 10.17487/RFC6621, May 2012,
              <http://www.rfc-editor.org/info/rfc6621>.

   [RFC6971]  Herberg, U., Ed., Cardenas, A., Iwao, T., Dow, M., and S.
              Cespedes, "Depth-First Forwarding (DFF) in Unreliable
              Networks", RFC 6971, DOI 10.17487/RFC6971, June 2013,
              <http://www.rfc-editor.org/info/rfc6971>.

Appendix A.  Change Log

   RFC Editor: this section need not be published in any RFC.

   Initial Version:  October 2015: text copied from draft-baker-6man-
      hbh-header-handling-03.txt and discussed in IETF 94

   IETF 94 Update:  Sections 2.2, 2..3, and 2.4 moved to an appendix
      reflecting (negative) working group viewpoint on the modification
      of packet length in flight.

      The content of this document is likely to be subsumed into 2460bis
      [I-D.ietf-6man-rfc2460bis], but is held separate for the present
      discussion.

      A new section 2.2 added detailing conceptual processing model for
      HBH options.

   version 2  Addressed editorial comments




Baker & Bonica         Expires September 17, 2016               [Page 9]


Internet-Draft                                                March 2016


Appendix B.  HBH Options

   At this writing, there are several defined Hop-by-Hop options:

   PAD Options:  The PAD1 and PADn [RFC2460]

   Router Alert Option:  The IPv6 Router Alert Option [RFC2711]
      [RFC6398]

   Jumbo Payload:  [RFC2675]

   RPL Option:  [RFC6553]

   Quickstart Option  [RFC4782]

   Common Architecture Label IPv6 Security Option:  [RFC5570]

   SMF Option:  [RFC6621]

   MPL Option:  [I-D.ietf-roll-trickle-mcast]

   DFF Option:  [RFC6971]

Authors' Addresses

   Fred Baker
   Cisco Systems
   Santa Barbara, California  93117
   USA

   Email: fred@cisco.com


   Ron Bonica
   Juniper Networks
   Herndon, Virginia  20171
   USA

   Email: rbonica@juniper.net












Baker & Bonica         Expires September 17, 2016              [Page 10]