INTERNET-DRAFT R. Hinden, Nokia
June 23, 2004 B. Haberman, Caspian
Centrally Assigned
Unique Local IPv6 Unicast Addresses
<draft-ietf-ipv6-ula-central-00.txt>
Status of this Memo
By submitting this Internet-Draft, we certify that any applicable
patent or other IPR claims of which I am aware have been disclosed,
and any of which I become aware will be disclosed, in accordance with
RFC 3668.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than a "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This internet draft expires on November 28, 2004.
Abstract
This document defines Centrally allocated IPv6 Unique Local
addresses. These addresses are globally unique and are intended for
local communications, usually inside of a site. They are not
expected to be routable on the global Internet.
draft-ietf-ipv6-ULA-central-00.txt [Page 1]
INTERNET-DRAFT Centrally Assigned Local IPv6 Addresses June 2004
Table of Contents
1.0 Introduction....................................................2
2.0 Acknowledgments.................................................3
3.0 Local IPv6 Unicast Addresses....................................3
3.1 Format..........................................................3
3.2 Global ID.......................................................4
3.2.1 Centrally Assigned Global IDs.................................4
3.2.2 Sample Code for Pseudo-Random Global ID Algorithm.............6
4.0 Security Considerations.........................................6
5.0 IANA Considerations.............................................6
6.0 References......................................................7
6.1 Normative References............................................7
6.2 Informative References..........................................8
7.0 Authors' Addresses..............................................8
8.0 Change Log......................................................9
1.0 Introduction
This document defines an Centrally allocated IPv6 unicast address
format that is globally unique and is intended for local
communications [IPV6]. These addresses are called Unique Local IPv6
Unicast Addresses and are abbreviated in this document as Local IPv6
addresses. They are not expected to be routable on the global
Internet. They are routable inside of a more limited area such as a
site. They may also be routed between a limited set of sites.
This document defines the characteristics and technical allocation
requirements for centrally assigned Local IPv6 addresses in the
framework defined in [ULA].
Local IPv6 unicast addresses, as defined in [ULA], have the following
characteristics:
- Globally unique prefix.
- Well known prefix to allow for easy filtering at site
boundaries.
- Allows sites to be combined or privately interconnected without
creating any address conflicts or requiring renumbering of
interfaces using these prefixes.
- Internet Service Provider independent and can be used for
communications inside of a site without having any permanent or
intermittent Internet connectivity.
- If accidentally leaked outside of a site via routing or DNS,
there is no conflict with any other addresses.
- In practice, applications may treat these addresses like global
scoped addresses.
draft-ietf-ipv6-ULA-central-00.txt [Page 2]
INTERNET-DRAFT Centrally Assigned Local IPv6 Addresses June 2004
This document defines the the characteristics and technical
allocation requirements for centrally assigned Local IPv6 addresses.
Topics that are general to all Local IPv6 address can be found in the
following sections of [ULA]:
3.3 Scope Definition
4.0 Routing
5.0 Renumbering and Site Merging
6.0 Site Border Router and Firewall Packet Filtering
7.0 DNS Issues
8.0 Application and Higher Level Protocol Issues
9.0 Use of Local IPv6 Addresses for Local Communications
10.0 Use of Local IPv6 Addresses with VPNs
11.0 Advantages and Disadvantages
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119].
2.0 Acknowledgments
The underlying idea of creating Local IPv6 addresses described in
this document been proposed a number of times by a variety of people.
The authors of this draft do not claim exclusive credit. Credit goes
to Brian Carpenter, Christian Huitema, Aidan Williams, Andrew White,
Charlie Perkins, and many others. The authors would also like to
thank Brian Carpenter, Charlie Perkins, Harald Alvestrand, Keith
Moore, Margaret Wasserman, Shannon Behrens, Alan Beard, Hans Kruse,
Geoff Huston, Pekka Savola, Christian Huitema, and Tim Chown for
their comments and suggestions on this document.
3.0 Centrally Assigned Local IPv6 Unicast Addresses
3.1 Format
The Centrally assigned Local IPv6 addresses are created using a
pseudo-random global ID. They have the following format:
| 8 bits | 40 bits | 16 bits | 64 bits |
+--------+------------+-----------+-----------------------------+
| prefix | global ID | subnet ID | interface ID |
+--------+------------+-----------+-----------------------------+
Where:
draft-ietf-ipv6-ULA-central-00.txt [Page 3]
INTERNET-DRAFT Centrally Assigned Local IPv6 Addresses June 2004
prefix FC00::/8 prefix to identify centrally assigned
Local IPv6 unicast addresses.
global ID 40-bit global identifier used to create a
globally unique prefix. See section 3.2 for
additional information.
subnet ID 16-bit subnet ID is an identifier of a subnet
within the site.
interface ID 64-bit interface ID as defined in [ADDARCH].
3.2 Global ID
The allocation of global IDs should be pseudo-random [RANDOM]. They
should not be assigned sequentially or with well known numbers. This
is to ensure that there is not any relationship between allocations
and to help clarify that these prefixes are not intended to be routed
globally. Specifically, these prefixes are designed to not
aggregate.
The major difference between the locally assigned Unique local
addresses as defined in [ULA] and the centrally assigned local
addresses defined in this document is that they are uniquely assigned
and the assignments can be escrowed to resolve any disputes regarding
duplicate assignments.
It is expected that large managed sites will prefer central
assignments and small or disconnected sites will prefer local
assignments. It is recommended that sites planning to use Local IPv6
addresses for extensive inter-site communication, initially or as a
future possibility, use a centrally assigned prefix as there is no
possibility of assignment conflicts. Sites are free to choose either
approach.
3.2.1 Centrally Assigned Global IDs
Centrally assigned global IDs MUST be generated with a pseudo-random
algorithm consistent with [RANDOM]. They should not be assigned
sequentially or by locality. This is to ensure that there is no
relationship between allocations and to help clarify that these
prefixes are not intended to be routed globally by eliminating the
possibility of aggregation. Specifically, these prefixes are
designed to not aggregate.
Global IDs should be assigned under the authority of a single
draft-ietf-ipv6-ULA-central-00.txt [Page 4]
INTERNET-DRAFT Centrally Assigned Local IPv6 Addresses June 2004
allocation organization because they are pseudo-random and without
any structure. This is easiest to accomplish if there is a single
authority for the assignments.
The requirements for centrally assigned global ID allocations are:
- Available to anyone in an unbiased manner.
- Permanent with no periodic fees.
- Allocation on a permanent basis, without any need for renewal
and without any procedure for de-allocation.
- Provide mechanisms that prevent hoarding of these allocations.
- The ownership of each individual allocation should be private,
but should be escrowed.
The allocation authority should permit allocations to be obtained
without having any sort of Internet connectivity. For example in
addition to web based registration they should support some methods
like telephone, postal mail, fax, etc.
The allocation service should include sufficient provisions to avoid
hoarding of numbers. This can be accomplished by various ways, for
example, requiring an exchange of documents, a verbal contact, or a
proof that the request is on behalf of a human rather than a machine.
The service may charge a small fee in order to cover its costs, but
the fee should be low enough to not create a barrier to anyone
needing one. The precise mechanisms should be decided by the
registration authority.
The ownership of the allocations is not needed to be public since the
resulting addresses are intended to be used for local communication.
It is escrowed to ensure there are no duplicate allocations and in
case it is needed in the future (e.g., to resolve duplicate
allocation disputes, or to support a change of the central allocation
authority).
Note, there are many possible ways of of creating an allocation
authority. It is important to keep in mind when reviewing
alternatives that the goal is to pick one that can do the job. It
doesn't have to be perfect, only good enough to do the job at hand.
This document directs the IANA, in section 5.0, to delegate the
FC00::/8 prefix to an allocation authority to allocate centrally
assigned /48 prefixes consistent with the requirements defined in
this section.
draft-ietf-ipv6-ULA-central-00.txt [Page 5]
INTERNET-DRAFT Centrally Assigned Local IPv6 Addresses June 2004
3.2.2 Sample Code for Pseudo-Random Global ID Algorithm
The algorithm described below is intended to be used for centrally
assigned Global IDs. In each case the resulting global ID will be
used in the appropriate prefix as defined in section 3.2.
1) Obtain the current time of day in 64-bit NTP format [NTP].
2) Obtain an EUI-64 identifier from the system running this
algorithm. If an EUI-64 does not exist, one can be created from
a 48-bit MAC address as specified in [ADDARCH]. If an EUI-64
cannot be obtained or created, a suitably unique identifier,
local to the node, should be used (e.g. system serial number).
3) Concatenate the time of day with the system-specific identifier
creating a key.
4) Compute an MD5 digest on the key as specified in [MD5DIG].
5) Use the least significant 40 bits as the Global ID.
6) Verify that the computed global ID is not in the escrow. If it
is, discard the value and rerun the algorithm.
This algorithm will result in a global ID that is unique and can be
used as a Global ID.
4.0 Security Considerations
Local IPv6 addresses do not provide any inherent security to the
nodes that use them. They may be used with filters at site
boundaries to keep Local IPv6 traffic inside of the site, but this is
no more or less secure than filtering any other type of global IPv6
unicast addresses.
Local IPv6 addresses do allow for address-based security mechanisms,
including IPSEC, across end to end VPN connections.
5.0 IANA Considerations
The IANA is instructed to assign the FC00::/8 prefix for Centrally
assigned Unique Local IPv6 unicast addresses.
The IANA is instructed to delegate, within a reasonable time, the
prefix FC00::/8 to an allocation authority for Unique Local IPv6
Unicast prefixes of length /48. This allocation authority shall
comply with the requirements described in section 3.2 of this
document, including in particular allocation on a permanent basis and
with sufficient provisions to avoid hoarding of numbers. If deemed
appropriate, the authority may also consist of multiple organizations
performing the authority duties.
draft-ietf-ipv6-ULA-central-00.txt [Page 6]
INTERNET-DRAFT Centrally Assigned Local IPv6 Addresses June 2004
6.0 References
6.1 Normative References
[ADDARCH] Hinden, R., S. Deering, S., "IP Version 6 Addressing
Architecture", RFC 3515, April 2003.
[GLOBAL] Hinden, R., S. Deering, E. Nordmark, "IPv6 Global Unicast
Address Format", RFC 3587, August 2003.
[ICMPV6] Conta, A., S. Deering, "Internet Control Message Protocol
(ICMPv6) for the Internet Protocol Version 6 (IPv6)
Specification", RFC2463, December 1998.
[IPV6] Deering, S., R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998.
[MD5DIG] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992.
[NTP] Mills, David L., "Network Time Protocol (Version 3)
Specification, Implementation and Analysis", RFC 1305,
March 1992.
[POPUL] Population Reference Bureau, "World Population Data Sheet
of the Population Reference Bureau 2002", August 2002.
[RANDOM] Eastlake, D. 3rd, S. Crocker, J. Schiller, "Randomness
Recommendations for Security", RFC 1750, December 1994.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, BCP14, March 1997.
[ULA] Hinden, R., B. Haberman, "Unique Local IPv6 Unicast
Addresses", Internet Draft <draft-ietf-ipv6-unique-local-
addr-05.txt>, June 2004.
6.2 Informative References
[ADDAUTO] Thomson, S., T. Narten, "IPv6 Stateless Address
Autoconfiguration", RFC 2462, December 1998.
[ADDSEL] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003.
draft-ietf-ipv6-ULA-central-00.txt [Page 7]
INTERNET-DRAFT Centrally Assigned Local IPv6 Addresses June 2004
[DHCP6] Droms, R., et. al., "Dynamic Host Configuration Protocol
for IPv6 (DHCPv6)", RFC3315, July 2003.
[RTP] Schulzrinne, H., S. Casner, R. Frederick, V. Jacobson,
"RTP: A Transport Protocol for Real-Time Applications"
RFC3550, July 2003.
7.0 Authors' Addresses
Robert M. Hinden
Nokia
313 Fairchild Drive
Mountain View, CA 94043
USA
phone: +1 650 625-2004
email: bob.hinden@nokia.com
Brian Haberman
Caspian Networks
1 Park Drive, Suite 300
Research Triangle Park, NC 27709
USA
phone: +1-929-949-4828
email: brian@innovationslab.net
draft-ietf-ipv6-ULA-central-00.txt [Page 8]
INTERNET-DRAFT Centrally Assigned Local IPv6 Addresses June 2004
8.0 Change Log
Draft <draft-hinden-ipv6-global-local-addr-00.txt>
o Initial Draft created from [ULA]. This draft defines the
centrally assigned Local IPv6 addresses.
draft-ietf-ipv6-ULA-central-00.txt [Page 9]