Network Working Group Dave Thaler Internet-Draft Christian Huitema Expires: December 2002 Microsoft 29 June 2002 Multi-link Subnet Support in IPv6 <draft-ietf-ipv6-multilink-subnets-00.txt> Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. Expires December 2002 [Page 1]
Draft Multilink Subnets June 2002 Abstract Bridging multiple links into a single entity has several operational advantages. A single subnet prefix is sufficient to support multiple physical links. There is no need to allocate subnet numbers to the different networks, simplifying management. This document introduces the concept of a "multilink subnet", defined as a collection of independent links, connected by routers, but sharing a common subnet prefix. It then specifies the behavior of multilink subnet routers so that no changes to host behavior are needed. 1. Introduction Not all link-layer media can be easily bridged. Classic IEEE 802 bridging technology fails when the media does not naturally support IEEE 802 addressing. Furthermore, the operation becomes problematic when the different links don't support the same MTU size. Finally, bridging cannot be easily implemented when the network interface cannot be easily placed in "promiscuous" mode. We define a "multilink subnet" as a collection of independent links, connected by routers, but sharing a common subnet prefix. This might be used, for example, in a home network where a router connects a wired and a wireless link together to form a single subnet. A multilink subnet can be implemented in either of two ways. In a simple scenario, a router can act as an asymmetric Neighbor Discovery proxy, connecting links in a loop-free topology. In a more complex scenario, an arbitrary topology exists, and routers within the subnet communicate using some means of exchanging host routes. In this draft, we will only specify the behavior of a router in the simple scenario, while the behavior of hosts in either scenario is the same (indeed hosts need not even know which scenario they are in, or even whether they are on a multilink subnet). Appendix A will discuss some of the issues affecting routers in the complex scenario. 2. Terminology multilink subnet: a collection of independent links, connected by routers, but Expires December 2002 [Page 2]
Draft Multilink Subnets June 2002 sharing a common subnet prefix. subnet scope: multicast SCOP value 3, as specified in [ADDRARCH], which covers a (potentially multilink) subnet. This is the next larger multicast scope above link scope. multilink-subnet router (MSR): a router which has interfaces attached to different links in a multilink subnet, and which implements the rules in this document. Such interfaces are boundaries for the link scope, but not for the subnet scope. 3. Design Goals Multilink subnet functionality is designed with the following goals in mind: o Existing IPv6 end hosts should continue to work when connected to a multilink subnet, without requiring any change to their behavior. For example, the host behavior parts of Router Discovery, Neighbor Discovery [ND], and Multicast Listener Discovery [MLD], must be supported. o Leave link-local address behavior unchanged. Link-local behavior continues to function only within a link, not across a multilink subnet. That is, sending and receiving unicast, anycast, and multicast traffic within the link should be supported in the normal fashion. o Also support sending and receiving unicast and anycast traffic at the site and global scopes. o Also support sending and receiving multicast traffic at the subnet scope and above. o Prevent routing loops. o Support nodes moving between links within the subnet, with a reasonably fast convergence time (on the same order as Neighbor Unreachability Detection). Expires December 2002 [Page 3]
Draft Multilink Subnets June 2002 4. Overview This section gives an overview of multilink subnets. We describe the behavior of hosts (which is normal IPv6 host behavior with no changes), and the resulting requirements for routers. 4.1. Router Discovery Router Discovery continues to work on a per-link basis, as specified in [ND]. When sending Router Advertisements (RAs) with a Prefix Information Option, there are two possibilities for how a multilink subnet router can influence the Neighbor Discovery procedure used. 4.1.1. Making hosts not use ND If the MSR sets the A (autonomous address-configuration) flag on, and the L (on-link) flag off, then hosts on the link will attempt stateless address configuration [ADDRCONF] in the given prefix, but will not treat the prefix as being on-link. As a result, neighbor discovery is effectively disabled and packets to new destinations always go to the router first, which will then either forward them if the destination is off-link, or redirect them if the destination is on-link. In the remainder of this document, we will refer to this model as the "off-link" model, since hosts initially treat all addresses in the subnet as being off-link. 4.1.2. Making hosts use ND If the MSR sets both the A and the L flags, then hosts on the link will perform stateless address configuration and neighbor discovery as usual. However, since Neighbor Solicitations (NSs) from existing hosts are sent to a link-scoped solicited-node multicast address, they will never reach nodes on other links within the subnet. Instead, MSRs must either know the location of the destination a priori, or else be able to relay such NS's to other links. We will return to this discussion in Section 5. In the remainder of this document, we will refer to this model as the "on-link" model, since hosts treat all addresses in the subnet Expires December 2002 [Page 4]
Draft Multilink Subnets June 2002 as being on-link. 4.1.3. Effects on Duplicate Address Detection In either approach above, existing nodes will still do Duplicate Address Detection using the link-scoped solicited-node multicast address. Two important issues arise that must be addressed: 1) If two nodes on different links in the subnet simultaneously attempt DAD for the same address, care must be taken to so that the collision is detected correctly. 2) If a node moves from one link to another link in the same subnet, and performs DAD in its new location, care must be taken so that MSRs can distinguish between such a move, and a legitimate duplicate, so that after the move, the node can retain its address. Because of these issues, routers MUST NOT use cached information to respond on behalf of off-link nodes. Another problem arises from the statement in [ND] that: "the link- local address MUST be tested for uniqueness, and if no duplicate address is detected, an implementation MAY choose to skip Duplicate Address Detection for additional addresses derived from the same interface identifier". Collisions would result if the interface identifier were unique on the link, but not across the entire multilink subnet. To avoid this, MSRs must get involved in duplicate address detection even for link-local addresses, to ensure that all addresses are unique across a multilink subnet. 4.2. Neighbor Discovery Neighbor Discovery is used differently, depending on whether the on-link or off-link model is used, as described in the previous section. Expires December 2002 [Page 5]
Draft Multilink Subnets June 2002 Off-link model If the subnet is treated as being off-link, all packets are sent to a default router. It is then the default router's responsibility to figure out the next-hop of the packets. If the next-hop is on-link, it sends a Redirect to the source. On-link model If the subnet is treated as being on-link, nodes will send NS's to the solicited node multicast address. (If a node has interfaces attached to multiple links in the subnet, NS's MAY be sent on each link.) If the next-hop is off-link, a router will respond with a proxy Neighbor Advertisement (NA) containing its own link-layer address. In either case, it is the router's responsibility to determine whether a destination in the subnet is on-link. 5. ND-Proxy Behavior A simple ND-Proxy router will have one or more interfaces on which it acts as a router, and optionally an interface on which it acts as a "host", proxying for all nodes on its router interfaces. We will hereafter refer to an interface in this latter mode as a "proxy-mode" interface. (This configuration is consistent with that of an IGMP/MLD Proxy [IGMPPROXY].) An ND-Proxy MAY support automatic configuration as follows. First, it starts out as a normal host, discovering routers (if any) on each interface. Then, it switches to router-mode on all interfaces on which no routers were discovered. If any interfaces with routers were found, it chooses one and acts in proxy-mode on that interface. In Router Advertisements sent on its router-mode interfaces, the ND-Proxy advertises itself as a default router, and includes copies of the Prefix Information options it learned on its proxy-mode interface, possibly after changing the parity of the L flag, depending on whether it wants nodes to use the on-link or the off-link model. 5.1. Basic Unicast In this section, we step through an example of basic unicast communication, assuming that address configuration has already completed, and the router's routing table and neighbor cache Expires December 2002 [Page 6]
Draft Multilink Subnets June 2002 already have any required information. Section 5.2 will then explain how it obtains the required information when a cache miss occurs. In the simple scenario depicted in Figure 1 below, two links, (1) and (2) on a common subnet with global prefix G, are connected by an ND-Proxy B. Node A has link-layer address a on link 1, and has acquired global IPv6 address Ga. ND-Proxy B is in router-mode on link 1, where it has link-layer address b1, and IPv6 address Gb1. It is in either router-mode or proxy-mode (e.g., if C is a router) on link 2, where it has link-layer address b2 and IPv6 address Gb2. Node C has link-layer address c on link 2, and IPv6 address Gc. Node D has link-layer address d on link 1, and IPv6 address Gd. +---+ | C | +-+-+ | ---------------+-------------+--------------(2)-- |Router-mode or proxy-mode +-+-+ | B | +-+-+ |Router-mode --+------------+-------------+--------------(1)-- | | +-+-+ +-+-+ | A | | D | +---+ +---+ Figure 1: Simple ND-Proxy Scenario Off-link model When A wants to start communication with Gc, it finds that the destination address matches no on-link prefix, and so sends the packet directly to its default router B. B first applies its usual packet validation rules (including decrementing the Hop Count in the IPv6 header). B knows that C is on-link to link 2, with link-layer address c, and so it forwards the packet to C. When A wants to communicate with Dc, it again finds that the Expires December 2002 [Page 7]
Draft Multilink Subnets June 2002 destination address matches no on-link prefix, and so sends the packet directly to its default router B. B knows that D is on-link to the same link as A, and so responds with a Redirect. On-link model When A wants to start communication with Gc, it finds that the destination address matches an on-link prefix, and so sends an NS to the solicited-node multicast address Sc constructed from Gc. The NS message is received by the ND- Proxy B, which listens on all multicast groups. B knows that C is on-link to link 2, and responds to A with an NA containing its own link-layer address b1 as the Target Link- Layer Address. After this, A can send packets to the address Gc. The packets will be sent to the link address b1; they will be received by B, which will apply its usual validation rules (including decrementing the Hop Count in the IPv6 header), and forward them to the address c on link 2. When A wants to communicate with Gd, it again finds that the destination address matches an on-link prefix, and so sends an NS to its solicited-node multicast address. D receives the NS and responds. B also receives the NS, but knows that D is on the same link as A, and so does not respond. Note that we did not assume that the links had to use IEEE 802 addresses, or in fact any form of consistent link-layer addressing. B can also handle MTU discovery procedures, returning an ICMP messages if either A or C sends a packet that is too long. 5.2. Router Configuration The previous section assumed that the router's routing table and neighbor cache already had any required information. We now describe how this can be done. Like any other router, an MSR can acquire routes (including the subnet prefix) by using manual configuration or a routing protocol. An MSR with all interfaces in the same subnet MAY acquire its information solely based on RAs received from another Expires December 2002 [Page 8]
Draft Multilink Subnets June 2002 router (which is not an MSR), in the same way a host would. It can then advertise the same prefix/route information on other links in the subnet, using either the on-link or off-link model. To receive Neighbor Solicitations for nodes for which it is proxying, the MSR must be able to receive NS's sent to any multicast group on any of its links within the subnet (including its proxy-mode interface). When a Neighbor Solicitation is received, and a corresponding entry is not found in its neighbor cache, the MSR will attempt to resolve by sending a Neighbor Solicitation on each attached link in the subnet, except that in the on-link model one is not sent back on the link from which an NS was just received. After sending an NS, the router SHOULD suppress sending of any other NS's for the same target address for a short interval (which must be less than ND's RetransTimer), and while it is resolving a next- hop, remember each node sending an NS for the same target address. If a Neighbor Advertisement is received, a proxy NA is sent to each nodes from which the MSR received an NS. A Neighbor Advertisement would be sent in response to an NS only by (a) the actual node with the target address, or (b) an MSR which has received an NA in response to a relayed NS it sent as a result of receiving the first NS. Specifically, a Neighbor Advertisement MUST NOT be sent just because the MSR has a neighbor cache entry for the target. When an MSR receives an NA, it sends an NA to all nodes from which it received NSs above. As specified in [ND], proxy Neighbor Advertisements sent by MSR's on behalf of remote targets always have the Override bit clear. 5.3. Multicast Most current multicast routing protocols are based on a "Reverse- Path Forwarding" check. That is, they drop a packet if the packet does not arrive on the link towards a given address (e.g., the source address, or a Rendezvous Point address associated with the group address). Thus, sourcing multicast will work as long as a router can tell which link is towards any address within the subnet. Note that in particular, simply using the subnet route is not sufficient in a multilink subnet. If an MSR's longest-match RPF lookup matches the subnet route for the multilink subnet, it means the source is in the subnet, and the neighbor cache is Expires December 2002 [Page 9]
Draft Multilink Subnets June 2002 consulted (as for unicast) to find the link towards the source. To allow hosts to receive multicast data, an ND-Proxy acts as an MLD-Proxy using the rules described in [IGMPPROXY]. 5.4. Disabling ND-Proxying The above rules assume only one ND-proxy is acting as a router on each link. Consequently, an ND-Proxy MUST stop acting as a router on a given interface if it receives an RA from another device on that interface. 6. Connecting ND-Proxies ND-Proxies can be connected, either in parallel (connecting different leaf links) or in series (subject to the constraints below), using the same rules specified above. The following figure illustrates this. to Internet | +-+-+ | R | +-+-+ | | --+------------+-------------+----------+---(1)-- | +---+ | | | +--+ F | +-+-+ +-+-+ +-+-+ | +---+ | C | | A | | B +----------+ +---+ +-+-+ +-+-+ | | | | +---+ --(2)-------+-------+---- ---+-----+---(3)-- +--+ G | | | | +---+ +-+-+ +-+-+ | | D | | E | (4) +-+-+ +---+ | | --(5)---------------+---- | +-+-+ | H | +-+-+ Expires December 2002 [Page 10]
Draft Multilink Subnets June 2002 Figure 2: Multiple ND-Proxy Scenario Figure 2 shows a complex tree topology with MSRs A, B, and D connecting five links into a single subnet with hosts C, D, E, F, and G. R is a normal router that provides connectivity to an internet, and sends RAs on link 1. MSR's A and B have both discovered router R on link 1, and are acting in proxy-mode on that link, while acting in router-mode on their other links. MSR D is acting in proxy-mode on link 2, and in router-mode on link 5. In this configuration, all hosts can communicate with each other and with the Internet. However, the automatic configuration mechanism described in section X above does not always work for D. If D comes up before A, then it would act in router-mode on link 2, preventing A from doing so. As a result, chaining ND-Proxies should only be done where some means of preventing this exists. For example, D could either: o be manually configured to be in proxy-mode on link 2, or o could have one of its ports permanently labelled as being its proxy-mode port, so the correct orientation is obvious either when connecting cables (if homogenous media types are used on different interfaces) or when first obtaining the device (if its purpose is to connect heterogeneous media types). 7. Security Considerations In general, the security considerations issues and recommendations are the same as those described in Section 11 of [ND]. In addition, the following points are worth noting. In the off-link model, the source address of the relevant ICMP messages is the address of the actual source. As a result, messages can be authenticated, if some means of securing Router Discovery is used. In the on-link model, Neighbor Discovery messages are proxied, and hence Neighbor Discovery is harder to secure. As a result, when secure Neighbor Discovery is required, the off-link model should be used. Expires December 2002 [Page 11]
Draft Multilink Subnets June 2002 8. Appendix A: Complex Scenario Issues In the network depicted in Figure 2, we have now three links, and also three multilink-subnet routers (MSRs), B, E, and F. +---+ +---+ | A | | D | +-+-+ +-+-+ | | --+------------+-------------+----------+---(1)-- | | +-+-+ +-+-+ | B | | E | +-+-+ +-+-+ | | -----------+-------------+----------+---(2)-- | +-+-+ | F | +-+-+ | ------+----------+--------------(3)-- | +-+-+ | C | +---+ Figure 3: Arbitrary Topology Scenario The network is sufficiently complex to expose several problems: o If A sends an NS packet, that packet is received by both B and E. Depending on the inter-router communication mechanism, this could lead to duplicate transmissions on link 2, and possibly to random behaviors, or to loops. o If A sends a multicast packet, and that packet is relayed by both B and E, it would lead to duplicate traffic, or even potential loops. It may not be relayed at all, if neither B nor E realize there is a group member hidden behind F. There are multiple possible approaches to solving the above problems which might meet our design goals. We discuss two examples below. Expires December 2002 [Page 12]
Draft Multilink Subnets June 2002 8.1. Method 1: Flooding Neighbor Solicitations Neighbor Soliticitations and Advertisements could be proxied out all interfaces and hence flooded across the subnet. To prevent loops, some mechanism such as a new "Local Distance" option in NA's would be needed. The use of Neighbor Discovery would then be equivalent to a simple means of exchanging host routes between MSRs, and could be used regardless of which routing protocol is used. To route actual packets, an MSR's route lookup would determine that the longest matching route is on-link to multiple links. The router would consult its (conceptual) neighbor cache, and use the next-hop with the lowest Local Distance. The same procedure would apply to multicast packets as well, when the router would look up the RPF address. 8.2. Method 2: Proactively populate host routes MSR's could inject host routes into a routing protocol used within (at least) the subnet upon detecting a new node on a directly- connected link (e.g., when DAD completes on an Ethernet, or when IPv6CP completes on a PPP link). Once host routes exist, either the off-link or the on-link model could be used. In addition, multicast works with no changes, since host routes would be used for RPF checks. Another advantage is that since all resolution is done by MSR's "a priori", no additional delay is incurred when A wants to communicate with A. If the on-link model is used, no neighbor discovery delay exists at all. Packets are immediately forwarded along the correct path. This approach avoids bursty-source problems. Since host routes are cached state, they cannot, however, be used for duplicate address detection, due to the issues described in Section 4.1.3. That is, the presence of a host route does not imply a duplicate, since the node may have just moved. The lack of a host route does not imply uniqueness, since another node may be simultaneously choosing the same address. As a result, DAD requires additional mechanisms, such as flooding neighbor discovery messages as in Method 1, or provided by a specialized routing protocol. Expires December 2002 [Page 13]
Draft Multilink Subnets June 2002 Work in progress in the Mobile Ad-hoc Networks (manet) WG may provide solutions to the above problems in the future. 9. Acknowledgements Steve Deering, Brian Zill, Hesham Soliman, and Karim El-Malki participated in discussions that led to this draft. The term "multilink subnet" was coined by Steve Deering. 10. Authors' Addresses Dave Thaler Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 Phone: +1 425 703 8835 EMail: dthaler@microsoft.com Christian Huitema Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 EMail: huitema@microsoft.com 11. References [ADDRARCH] Hinden, R., and S. Deering, "IP Version 6 Addressing Architecture", RFC 2373, July 1998. [ADDRCONF] Thomson, S., and T. Narten, "IPv6 Stateless Address Autoconfiguration", RFC 2462, December 1998. [IGMPPROXY] Fenner, B., He, H., Haberman, B., and H. Sandick, "IGMP-based Multicast Forwarding (IGMP Proxying)", draft-ietf-magma-igmp- proxy-00.txt, November, 2001. [MLD] Deering, S., Fenner, W., and B. Haberman, "Multicast Listener Discovery (MLD) for IPv6", RFC 2710, October 1999. Expires December 2002 [Page 14]
Draft Multilink Subnets June 2002 [ND] Narten, T., Nordmark, E., and W. Simpson, "Neighbor Discovery for IP Version 6 (IPv6)", RFC 2461, December 1998. 12. Full Copyright Statement Copyright (C) The Internet Society (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implmentation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Expires December 2002 [Page 15]
Draft Multilink Subnets June 2002 Table of Contents 1: Introduction ............................................. 2 2: Terminology .............................................. 2 3: Design Goals ............................................. 3 4: Overview ................................................. 4 4.1: Router Discovery ....................................... 4 4.1.1: Making hosts not use ND .............................. 4 4.1.2: Making hosts use ND .................................. 4 4.1.3: Effects on Duplicate Address Detection ............... 5 4.2: Neighbor Discovery ..................................... 5 5: ND-Proxy Behavior ........................................ 6 5.1: Basic Unicast .......................................... 6 5.2: Router Configuration ................................... 8 5.3: Multicast .............................................. 9 5.4: Disabling ND-Proxying .................................. 10 6: Connecting ND-Proxies .................................... 10 7: Security Considerations .................................. 11 8: Appendix A: Complex Scenario Issues ...................... 12 8.1: Method 1: Flooding Neighbor Solicitations .............. 13 8.2: Method 2: Proactively populate host routes ............. 13 9: Acknowledgements ......................................... 14 10: Authors' Addresses ...................................... 14 11: References .............................................. 14 12: Full Copyright Statement ................................ 15 Expires December 2002 [Page 16]