Unique IPv6 Prefix per Host
RFC 8273

Document Type RFC - Informational (December 2017; No errata)
Last updated 2017-12-04
Replaces draft-jjmb-v6ops-unique-ipv6-prefix-per-host
Stream IETF
Formats plain text pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication (wg milestone: Jul 2017 - File recommendation ... )
Document shepherd Ron Bonica
Shepherd write-up Show (last changed 2017-05-09)
IESG IESG state RFC 8273 (Informational)
Consensus Boilerplate Yes
Telechat date
Responsible AD Warren Kumari
Send notices to draft-ietf-v6ops-unique-ipv6-prefix-per-host.all@ietf.org, Ron Bonica <rbonica@juniper.net>
IANA IANA review state Version Changed - Review Needed
IANA action state No IC
Internet Engineering Task Force (IETF)                     J. Brzozowski
Request for Comments: 8273                                 Comcast Cable
Category: Informational                                  G. Van de Velde
ISSN: 2070-1721                                                    Nokia
                                                           December 2017

                      Unique IPv6 Prefix per Host

Abstract

   This document outlines an approach utilizing existing IPv6 protocols
   to allow hosts to be assigned a unique IPv6 prefix (instead of a
   unique IPv6 address from a shared IPv6 prefix).  Benefits of using a
   unique IPv6 prefix over a unique service-provider IPv6 address
   include improved host isolation and enhanced subscriber management on
   shared network segments.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8273.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Brzozowski & Van de Velde     Informational                     [Page 1]
RFC 8273               Unique IPv6 Prefix per Host         December 2017

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  Motivation and Scope of Applicability . . . . . . . . . . . .   3
   3.  Design Principles . . . . . . . . . . . . . . . . . . . . . .   4
   4.  Assignment of IPv6 Unique Prefixes  . . . . . . . . . . . . .   4
   5.  Best Practices for IPv6 Neighbor Discovery  . . . . . . . . .   6
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   8.  Normative References  . . . . . . . . . . . . . . . . . . . .   8
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .   9
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   The concepts in this document were originally developed as part of a
   large-scale production deployment of IPv6 support for a provider-
   managed shared-access network service.

   A shared-access network service is a service offering in which a
   particular Layer 2 (L2) access network (e.g., Wi-Fi) is shared and
   used by multiple visiting devices (i.e., subscribers).  Many service
   providers offering shared-access network services have legal
   requirements, or find it good practice, to provide isolation between
   the connected visitor devices to control potential abuse of the
   shared-access network.

   A network implementing a unique IPv6 prefix per host can simply
   ensure that devices cannot send packets to each other except through
   the first-hop router.  This will automatically provide robust
   protection against attacks between devices that rely on link-local
   ICMPv6 packets, such as Duplicate Address Detection (DAD) reply
   spoofing, Neighbor Discovery (ND) cache exhaustion, malicious
   redirects, and rogue Router Advertisements (RAs).  This form of
   protection is much more scalable and robust than alternative
   mechanisms such as DAD proxying, forced forwarding, or ND snooping.

   In this document IPv6 support does not preclude support for IPv4;
   however, the primary objective for this work was to make it so that
   user equipment (UE) were capable of an IPv6-only experience from a
   network operator's perspective.  In the context of this document, UE
   can be 'regular' end-user equipment as well as a server in a data
   center, assuming a shared network (wired or wireless) exists.

   Details of IPv4 support are out of scope for this document.  This
   document will also, in general, outline the requirements that must be
   satisfied by UE to allow for an IPv6-only experience.
Show full document text