Network Working Group                                              X. Li
Internet-Draft                                                    C. Bao
Intended status: BCP                              CERNET Center/Tsinghua
Expires: January 27, 2012                                     University
                                                                 D. Wing
                                                        R. Vaithianathan
                                                                   Cisco
                                                               G. Huston
                                                                   APNIC
                                                           July 26, 2011


          Stateless Source Address Mapping for ICMPv6 Packets
                  draft-xli-v6ops-ivi-icmp-address-00

Abstract

   A stateless IPv4/IPv6 translator may receive ICMPv6 packets
   containing non IPv4-translatable addresses as the source that should
   be passed across the translator as an ICMP packet directed to the the
   IPv4-translatable destination.  This document discusses the
   considerations and the stateless address mapping algorithms for
   source address translation in ICMPv6 headers for such cases.

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 27, 2012.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents



Li, et al.              Expires January 27, 2012                [Page 1]


Internet-Draft      Source Address Mapping for ICMPv6          July 2011


   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Notational Conventions  . . . . . . . . . . . . . . . . . . . . 3
   3.  Problem Statement and Considerations  . . . . . . . . . . . . . 3
   4.  Routing Considerations  . . . . . . . . . . . . . . . . . . . . 4
   5.  Possible Stateless Address Mapping Algorithms . . . . . . . . . 4
   6.  Security Considerations . . . . . . . . . . . . . . . . . . . . 5
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
   8.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 6
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 6
     9.1.  Normative References  . . . . . . . . . . . . . . . . . . . 6
     9.2.  Informative References  . . . . . . . . . . . . . . . . . . 6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 6




























Li, et al.              Expires January 27, 2012                [Page 2]


Internet-Draft      Source Address Mapping for ICMPv6          July 2011


1.  Introduction

   The IP/ICMP translation document of IPv4/IPv6 translation [RFC6145]
   states that "the IPv6 addresses in the ICMPv6 header may not be IPv4-
   translatable addresses and there will be no corresponding IPv4
   addresses represented of this IPv6 address.  In this case, the
   translator can do stateful translation.  A mechanism by which the
   translator can instead do stateless translation is left for future
   work."  This document defines such a stateless translation mechanism.


2.  Notational Conventions

   The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
   document, are to be interpreted as described in [RFC2119].


3.  Problem Statement and Considerations

   When a stateless IPv4/IPv6 translator receives an ICMPv6 message (for
   example "Packet Too Big") sourced from an non-IPv4-translatable IPv6
   address, directed to an IPv4-translatable IPv6 address, it needs to
   generate an ICMP message.  For the reasons discussed below, choosing
   the source IPv4 address of this ICMP message is problematic.

   The address used should not cause the ICMP packet to be a candidate
   for discarding, particularly in the contest of uRPF filters
   [RFC3704].  This consideration precludes the use of private IPv4
   address space [RFC1918] in this context.

   It is also a consideration that the IPv4/IPv6 translation is intended
   for use in contexts where IPv4 addresses may not be readily
   available, so it is not considered to be appropriate to use IPv4-
   translatable IPv6 addresses for all internal points in the IPv6
   network that may originate ICMPv6 messages.

   It is also an objective that it is possible for the IPv4 recipient of
   the ICMP message be able to distinguish between different IPv6 ICMPv6
   originations (for example, to support a traceroute diagnostic utility
   that provides some limited network level visibility across the IPv4/
   IPv6 translator).  This implies that a IPv4/IPv6 translator needs to
   have a pool of IPv4 addresses to be used for mapping the source
   address of ICMPv6 packets generated from different originations.

   These addresses are for use in the source address of ICMP packets,
   and therefore are not intended to be used as a destination address
   for any packet.  It is therefore possible to use a common address



Li, et al.              Expires January 27, 2012                [Page 3]


Internet-Draft      Source Address Mapping for ICMPv6          July 2011


   pool for the IPv4/IPv6 translation protocol, and, considering an
   objective of constraining the use of these IPv4 addresses in this
   application, it is feasible to use a common address pool for mapping
   the source addresses of non-translatable ICMPv6 packets as a part of
   the protocol specification.

   These considerations leads to the recommendation of drawing an IPv4
   /24 prefix from the IANA Special Purpose Address Registry as a "Well-
   Known Prefix" for use by IPv4/IPv6 translators for the purpose of
   mapping otherwise untranslatable IPv6 source addresses of ICMPv6
   messages to IPv4 ICMP messages.


4.  Routing Considerations

   Addresses from the assigned address prefix are intended to be used as
   source addresses and not as destination addresses in the context of
   the public network.  As packets passing through the public network
   need to pass through conventional packet filters, including uRPF
   filters [RFC3704], this implies that the assigned address may be used
   in routing advertisements.  Such routing advertisements are non-
   exclusive and should be accepted from any originating AS in an
   anycast fashion.


5.  Possible Stateless Address Mapping Algorithms

   When an IPv4 /24 prefix is allocated to represent the source address
   of ICMP, the Last Octet can be generated using one of the following
   algorithms.

   o  The translator can randomly generates the Last Octet of the /24
      prefix for different non IPv4-translatable addresses.  However, in
      this case the translator may need to maintain states to ensure
      same non IPv4-translatable IPv6 address maps to same IPv4 address.

   o  The translator can copy the "Hop Count" in the IPv6 header of the
      ICMPv6 to the Last Octet.  Routers typically emit ICMPv6 packets
      with the same hop count, thus as the ICMPv6 packet is routed
      through the network its hop count is decreased.  However, if the
      routers emit ICMPv6 packets with different hop counts, it may give
      the appearance of a routing loop to tools such as traceroute.
      That minor side-effect in that particular case cannot be avoided
      while still being stateless.

   o  Hashing of the IPv6 address to generate a 8 bit value which will
      be used to generate the last octet.  In this case, there is no
      need to maintain expensive states, except hashing table which



Li, et al.              Expires January 27, 2012                [Page 4]


Internet-Draft      Source Address Mapping for ICMPv6          July 2011


      should be simple with minimal memory usage and consume minimal CPU
      cycles.  If the hashing function is good and there are limited
      number of IPv6 routers (< 256) on the IPv6 side of the network, we
      will get unique IPv4 addresses to map the addresses of the IPv6
      routers with O(1) lookup.

   The selection of the algorithm SHOULD be a configuration function in
   the IPv4/IPv6 translator.


6.  Security Considerations

   The use of an address for source addresses in ICMP packets is
   considered "safe" in so far as ICMP packets are not intended to
   generate responses directed to the source address.

   However it is possible to use this address as a means of gaining
   anonymity when launching a denial of service attacks by using this
   address as the source address for other forms of malicious traffic.
   Packet firewall filters should be configured to treat addresses in
   the IANA-assigned /24 network as martian addresses by discarding all
   non-ICMP packets that use the IANA-assigned /24 network as a source
   address, and all packets that use the IANA-assigned /24 network as a
   destination address.


7.  IANA Considerations

   IANA is requested to make a permanent assignment of a /24 from the
   IPv4 Special Purpose Address Registry [RFC5736].  The assigned
   address is to be used in the context of generating an IPv4 source
   address for mapped ICMPv6 packets being passed through a stateless
   IPv4/IPv6 translator.  The assignment is under the category of a
   specialized use of a designated address block in an anycast context
   associated with an Internet Standards Track protocol.

   The IANA IPv4 Special Purpose Address Registry records are:

   o  Prefix 192.70.192.0/24

   o  Description: To be used in the context of generating an IPv4
      source address for mapped ICMPv6 packets being passed through a
      stateless IPv4/IPv6 translator.

   o  Begin: 2011-06-01

   o  End: Never




Li, et al.              Expires January 27, 2012                [Page 5]


Internet-Draft      Source Address Mapping for ICMPv6          July 2011


   o  Purpose: Stateless ICMPv6/ICMP translation

   o  Contact: See RFC

   o  Scope: Addresses from the assigned address prefix are intended to
      be used as source addresses and not as destination addresses in
      the context of the public network.

   o  RFC: This draft.


8.  Acknowledgments

   The authors would like to acknowledge the following contributors of
   this document: Kevin Yin, Chris Metz and Neeraj Gupta.


9.  References

9.1.  Normative References

   [RFC1918]  Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
              E. Lear, "Address Allocation for Private Internets",
              BCP 5, RFC 1918, February 1996.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3704]  Baker, F. and P. Savola, "Ingress Filtering for Multihomed
              Networks", BCP 84, RFC 3704, March 2004.

   [RFC6145]  Li, X., Bao, C., and F. Baker, "IP/ICMP Translation
              Algorithm", RFC 6145, April 2011.

9.2.  Informative References

   [RFC5736]  Huston, G., Cotton, M., and L. Vegoda, "IANA IPv4 Special
              Purpose Address Registry", RFC 5736, January 2010.













Li, et al.              Expires January 27, 2012                [Page 6]


Internet-Draft      Source Address Mapping for ICMPv6          July 2011


Authors' Addresses

   Xing Li
   CERNET Center/Tsinghua University
   Room 225, Main Building, Tsinghua University
   Beijing  100084
   CN

   Phone: +86 10-62785983
   Email: xing@cernet.edu.cn


   Congxiao Bao
   CERNET Center/Tsinghua University
   Room 225, Main Building, Tsinghua University
   Beijing  100084
   CN

   Phone: +86 10-62785983
   Email: congxiao@cernet.edu.cn


   Dan Wing
   Cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, CA  95134
   USA

   Email: dwing@cisco.com


   Ramji Vaithianathan
   Cisco Systems, Inc.
   A 5-2, BGL 12-4, SEZ Unit,
   Cessna Business Park, Varthur Hobli
   Sarjapur Outer Ring Road
   BANGALORE  KARNATAKA 560 103
   INDIA

   Phone: +91 80 4426 0895
   Email: rvaithia@cisco.com


   Geoff Huston
   APNIC

   Email: gih@apnic.net




Li, et al.              Expires January 27, 2012                [Page 7]