One document matched: draft-ietf-6man-ug-01.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- This is built from a template for a generic Internet Draft. Suggestions for
improvement welcome - write to Brian Carpenter, brian.e.carpenter @ gmail.com -->
<!-- This can be converted using the Web service at http://xml.resource.org/experimental.html
(which supports the latest, sometimes undocumented and under-tested, features.) -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!-- You need one entry like the following for each RFC referenced -->
<!ENTITY RFC2119 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
<!ENTITY RFC2629 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2629.xml'>
<!ENTITY RFC2460 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2460.xml'>
<!ENTITY RFC4291 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4291.xml'>
<!ENTITY RFC5453 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5453.xml'>
<!ENTITY RFC4941 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4941.xml'>
<!ENTITY RFC5342 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5342.xml'>
<!ENTITY RFC6741 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.6741.xml'>
<!ENTITY RFC3306 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3306.xml'>
<!ENTITY RFC3307 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3307.xml'>
<!ENTITY RFC3972 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3972.xml'>
<!ENTITY RFC2526 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2526.xml'>
<!ENTITY RFC6164 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.6164.xml'>
<!ENTITY RFC4862 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4862.xml'>
<!ENTITY RFC5535 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5535.xml'>
<!ENTITY RFC6052 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.6052.xml'>
<!-- You need one entry like the following for each I-D referenced -->
<!ENTITY DRAFT-stable SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-6man-stable-privacy-addresses.xml">
<!ENTITY DRAFT-4rd SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-softwire-4rd.xml">
<!ENTITY DRAFT-dadproxy SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-6man-dad-proxy.xml">
]>
<?rfc toc="yes"?> <!-- You want a table of contents -->
<?rfc symrefs="yes"?> <!-- Use symbolic labels for references -->
<?rfc sortrefs="yes"?> <!-- This sorts the references -->
<?rfc iprnotified="no" ?> <!-- Change to "yes" if someone has disclosed IPR for the draft -->
<?rfc compact="yes"?>
<!-- This defines the specific filename and version number of your draft (and inserts the appropriate IETF boilerplate -->
<rfc ipr="trust200902" docName="draft-ietf-6man-ug-01" category="std" updates="4291" >
<front>
<title abbrev="IPv6 IID significance">Significance of IPv6 Interface Identifiers</title>
<author initials="B. E." surname="Carpenter" fullname="Brian Carpenter">
<organization abbrev="Univ. of Auckland"></organization>
<address>
<postal>
<street>Department of Computer Science</street>
<street>University of Auckland</street>
<street>PB 92019</street>
<city>Auckland</city>
<region></region>
<code>1142</code>
<country>New Zealand</country>
</postal>
<email>brian.e.carpenter@gmail.com</email>
</address>
</author>
<author fullname="Sheng Jiang" initials="S." surname="Jiang">
<organization>Huawei Technologies Co., Ltd</organization>
<address>
<postal>
<street>Q14, Huawei Campus</street>
<street>No.156 Beiqing Road</street>
<city>Hai-Dian District, Beijing</city>
<code>100095</code>
<country>P.R. China</country>
</postal>
<email>jiangsheng@huawei.com</email>
</address>
</author>
<date day="25" month="May" year="2013" />
<area>Internet</area>
<workgroup>6MAN</workgroup>
<abstract>
<t>
The IPv6 addressing architecture includes a unicast interface identifier that
is used in the creation of many IPv6 addresses. Interface identifiers are formed
by a variety of methods. This document clarifies that the bits in an interface
identifier have no generic meaning and that the identifier should be treated
as an opaque value. In particular, RFC 4291 defines a method by which the Universal
and Group bits of an IEEE link-layer address are mapped into an IPv6 unicast interface identifier.
This document clarifies that those bits apply only to interface identifiers that are
derived from an IEEE link-layer address. It updates RFC 4291 accordingly.
</t>
</abstract>
</front>
<middle>
<section anchor="intro" title="Introduction">
<t>IPv6 unicast addresses consist of a subnet prefix followed by an Interface Identifier (IID), the
latter supposedly unique on the links reached by routing to that prefix.
According to the IPv6 addressing architecture <xref target="RFC4291"/>, when a 64-bit IPv6 unicast
IID is formed on the basis of an IEEE EUI-64 address, usually itself
expanded from a 48-bit MAC address, a particular format must be used:</t>
<figure><artwork>
"For all unicast addresses, except those that start with the binary
value 000, Interface IDs are required to be 64 bits long and to be
constructed in Modified EUI-64 format."
</artwork></figure>
<t>Thus the specification assumes that that the normal case is to transform an
Ethernet-style address into an IID, but in practice, there are various
methods of forming such an interface identifier. </t>
<t>The Modified EUI-64 format preserves the
information provided by two particular bits in the MAC address:</t>
<t><list style="symbols">
<t>The "u" bit in an IEEE address is set to 0 to indicate universal scope
(implying uniqueness) or to 1 to indicate local scope (without implying uniqueness).
In an IID this bit is inverted, i.e., 1 for universal scope and 0 for local
scope. According to RFC 4291 and <xref target="RFC5342"/>, the reason for this was to make
it easier for network operators to manually configure local-scope IIDs.
<vspace blankLines="1"/>
In an IID, this bit is in position 6, i.e., position 70 in the complete IPv6 address.
</t>
<t>The "g" bit in an IEEE address is set to 1 to indicate group addressing
(link-layer multicast). The value of this bit is preserved in an IID.
<vspace blankLines="1"/>
In an IID, this bit is in position 7, i.e., position 71 in the complete IPv6 address.
</t>
</list></t>
<t>This document discusses problems observed with the "u" and "g" bits as a
result of the above requirements and the fact that various other methods
of forming an IID have been defined, quite independently of the method
described in Appendix A of RFC 4291. It then discusses the usefulness of these
two bits and the significance of the bits in an IID in general. Finally it
updates RFC 4291 accordingly. </t>
<section title="Terminology">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <xref target="RFC2119"/>.</t>
</section>
</section> <!-- intro -->
<section anchor="problem" title="Problem statement">
<t>In addition to IIDs formed from IEEE EUI-64 addresses, various new forms
of IID have been defined or proposed, such as temporary addresses <xref target="RFC4941"/>,
Cryptographically Generated Addresses (CGAs) <xref target="RFC3972"/>,
Hash-Based Addresses (HBAs) <xref target="RFC5535"/>,
stable privacy addresses <xref target="I-D.ietf-6man-stable-privacy-addresses"/>, or mapped addresses
for 4rd <xref target="I-D.ietf-softwire-4rd"/>.
In each case, the question of how to set the "u" and "g" bits
has to be decided. For example, RFC 3972 specifies that they are both zero in CGAs,
and the same applies to HBAs. On the other hand, RFC 4941 specifies that "u" must be zero
but leaves "g" variable. The NAT64 addressing format <xref target="RFC6052"/> sets the whole
byte containing "u" and "g" to zero. </t>
<t>Another case where the "u" and "g" bits are specified is in the
Reserved IPv6 Subnet Anycast Address format <xref target="RFC2526"/>, which states
that "for interface identifiers in EUI-64 format, the universal/local bit in the
interface identifier MUST be set to 0" (i.e., local) and requires that "g" bit
to be set to 1. However, the text neither states nor implies any semantics for these
bits in anycast addresses. </t>
<t>A common operational practice for well-known servers is to manually assign
a small number as the IID, in which case "u" and "g" are both zero. </t>
<t>These cases illustrate that the statement quoted above from RFC 4291 requiring
"Modified EUI-64 format" is rather meaningless when applied to forms of IID that
are not in fact based on an underlying EUI-64 address. In practice, the IETF
has chosen to assign some 64-bit IIDs that have nothing to do with EUI-64. </t>
<t>A particular case is that of /127 prefixes for point-to-point links between
routers, as standardised by <xref target="RFC6164"/>. The addresses on these links
are undoubtedly global unicast addresses, but they do not have a 64-bit IID.
The bits in the positions named "u" and "g" in such an IID have no special
significance and their values are not specified. </t>
<t>Each time a new IID format is proposed, the question arises whether these bits have any
meaning. Section 2.2.1 of RFC 5342 discusses the mechanics of the bit
allocations but does not explain the purpose or usefulness of these bits in an IID.
There is an IANA registry for reserved IID values <xref target="RFC5453"/> but again
there is no explanation of the purpose of the "u" and "g" bits. </t>
<t>There was a presumption when IPv6 was designed and the IID format was first
specified that a universally unique IID might prove to be very useful, for
example to contribute to solving the multihoming problem. Indeed, the addressing
architecture <xref target="RFC4291"/> states this explicitly: </t>
<figure><artwork>
"The use of the universal/local bit in the Modified EUI-64 format
identifier is to allow development of future technology that can take
advantage of interface identifiers with universal scope."
</artwork></figure>
<t>However, this has not so far proved to be the case. Also, there is evidence from
the field that IEEE MAC addresses with "u" = 0 are sometime incorrectly assigned to
multiple MAC interfaces. Firstly, there are recurrent reports of manufacturers
assigning the same MAC address to multiple devices.
<!-- (for example, see slides 63 and 64 at <eref target="https://speakerdeck.com/hdm/derbycon-2012-the-wild-west"/>). -->
Secondly, significant re-use
of the same virtual MAC address is reported in virtual machine environments.
<!-- (for example, <eref target="http://enterpriseadmins.org/blog/scripting/virtual-machines-with-duplicate-mac-addresses"/>) -->
Once transformed into IID format (with "u" = 1) these
identifiers would purport to be universally unique but would in fact be
ambiguous. This has no known harmful effect as long as the replicated MAC addresses
and IIDs are used on different layer 2 links. If they are used on the same link,
of course there will be a problem, to be detected by duplicate address detection
<xref target="RFC4862"/>, but such a problem can usually only be resolved by human intervention. </t>
<t>The conclusion from this is that the "u" bit is not a reliable indicator
of universal uniqueness. </t>
<t>We note that Identifier-Locator Network Protocol (ILNP), a multihoming solution that might
be expected to benefit from universally unique IIDs in modified EUI-64 format,
does not in fact rely on them. ILNP uses its own format, defined as a Node Identifier
<xref target="RFC6741"/>. ILNP has the constraint that a given Node Identifier
must be unique within the context of a given Locator (i.e. within a single given IPv6
subnetwork). As we have just shown, the state of the "u" bit
does not in any way guarantee such uniqueness, but duplicate address detection
is available. </t>
<t>Thus, we can conclude that the value of the "u" bit in IIDs has no
particular meaning. In the case of an IID created from a MAC address according
to RFC 4291, its value is determined by the MAC address, but that is all. </t>
<t>An IPv6 IID should not be created from a MAC group address, so the "g" bit will
normally be zero, but this value also has no particular meaning.
Additionally, the "u" and the "g" bits are both meaningless in the format
of an IPv6 multicast group ID <xref target="RFC3306"/>, <xref target="RFC3307"/>. </t>
<t>None of the above implies that there is a problem with using the "u" and "g" bits
in MAC addresses as part of the process of generating IIDs from MAC addresses, or with specifying
their values in other methods of generating IIDs. What it does imply is that, after an IID
is generated by any method, no reliable deductions can be made from the state of
the "u" and "g" bits; in other words, these bits have no useful semantics in an IID. </t>
<t>Once this is recognised, we can avoid the problematic confusion caused by these
bits each time that a new form of IID is proposed. </t>
</section> <!-- problem -->
<section anchor="value" title="Usefulness of the U and G Bits">
<t>Given that the "u" and "g" bits do not have a reliable meaning in an IID, it is relevant to
consider what usefulness they do have. </t>
<t>If an IID is known or guessed to have been created according
to RFC 4291, it could be transformed back into a MAC address. This can be very
helpful during operational fault diagnosis. For that reason, mapping the IEEE "u" and "g"
bits into the IID has operational usefulness. However, it should be stressed that
"u" = "g" = 0 does not prove that an IID was formed from a MAC address; on the contrary,
it might equally result from another method. With other methods,
there is no reverse transformation available. </t>
<t>To the extent that each method of IID creation specifies the values of the "u"
and "g" bits, and that each new method is carefully designed in the light of
its predecessors, these bits tend to reduce the chances of duplicate IIDs. </t>
</section> <!-- value -->
<section anchor="dad" title="The Role of Duplicate Address Detection">
<t>As mentioned above, Duplicate Address Detection (DAD) <xref target="RFC4862"/> is
able to detect any case where a collision of two IIDs on the same link
leads to a duplicated IPv6 address. The scope of DAD may be extended to a set of links
by a DAD proxy <xref target="I-D.ietf-6man-dad-proxy"/>. Since DAD is mandatory for all nodes,
there will be no case in which an IID collision, however unlikely it may be,
is not detected. It is out of scope of most existing specifications to define
the recovery action after a DAD failure, which is an implementation issue.
The best procedure to follow will depend on the IID formation method in use.
For example, if an IID is formed by some pseudo-random process, that process
could simply be repeated. If a manually created IID, or an IID derived from a
MAC address according to RFC 4291, leads to a DAD failure, human intervention
will most likely be required. </t>
<t>There is one case in RFC 4862 that requires additional consideration:</t>
<figure><artwork>
"On the other hand, if the duplicate link-local address is not formed
from an interface identifier based on the hardware address, which is
supposed to be uniquely assigned, IP operation on the interface MAY
be continued."
</artwork></figure>
<t>However, as mentioned above, some methods of IID formation might produce IID values with
"u" = "g" = 0 that are not based on a MAC (hardware) address. With very low probability, such a value
might collide with an IID based on a MAC address. There is no algorithm for determining
whether this case has arisen, rather than a genuine MAC address collision. Implementers
should carefully consider the consequences of continuing IPv6 operation on the interface
in this unlikely situation. </t>
</section> <!-- dad -->
<section anchor="solution" title="Clarification of Specifications">
<t>This section describes clarifications to the IPv6 specifications that result from
the above discussion. Their aim is to reduce confusion while retaining the useful
aspects of the "u" and "g" bits in IIDs. </t>
<t>The EUI-64 to IID transformation defined in the IPv6 addressing architecture
<xref target="RFC4291"/> MUST be used for all cases
where an IPv6 IID is derived from an IEEE MAC or EUI-64 address. With any other form
of link layer address, an equivalent transformation SHOULD be used. </t>
<t>Specifications of other forms of 64-bit IID MUST specify how all 64 bits are set,
but need not treat the "u" and "g" bits in any special way.
A general semantic meaning for these bits MUST NOT be defined. However, the method of
generating IIDs for specific link types MAY define some local significance
for certain bits.</t>
<t> In all cases, the bits in an IID have no general semantics; in other words,
they have opaque values. In fact, the whole IID value MUST be viewed as an opaque bit string
by third parties, except possibly in the local context.</t>
<t>The following statement in section 2.5.1 of the IPv6 addressing architecture <xref target="RFC4291"/>:
</t>
<figure><artwork>
"For all unicast addresses, except those that start with the binary
value 000, Interface IDs are required to be 64 bits long and to be
constructed in Modified EUI-64 format."
</artwork></figure>
<t>is replaced by:</t>
<figure><artwork>
"For all unicast addresses, except those that start with the binary
value 000, Interface IDs are required to be 64 bits long. If derived
from an IEEE MAC-layer address, they must be constructed in Modified
EUI-64 format."
</artwork></figure>
<t>The following statement in section 2.5.1 of the IPv6 addressing architecture <xref target="RFC4291"/>
is obsoleted: </t>
<figure><artwork>
"The use of the universal/local bit in the Modified EUI-64 format
identifier is to allow development of future technology that can take
advantage of interface identifiers with universal scope."
</artwork></figure>
<t>As far as is known, no existing implementation will be affected by these changes.
The benefit is that future design discussions are simplified. </t>
</section> <!-- solution -->
<section anchor="security" title="Security Considerations">
<t>No new security exposures or issues are raised by this document. </t>
</section> <!-- security -->
<section anchor="iana" title="IANA Considerations">
<t>This document requests no immediate action by IANA. However, the following should be noted
when considering future proposed additions to the registry of reserved IID values,
which requires Standards Action according to <xref target="RFC5453"/>. </t>
<t>Full deployment of a new reserved IID value would require
updates to IID generation code in every deployed IPv6 stack, so the technical justification
for such a Standards Action would need to be extremely strong. </t>
<t>OPEN ISSUE: Alternatively, we could decide to close the reserved IID registry
completely (which would also mean formally updating RFC 5453). If we choose this
approach, the following point can be deleted. Comments welcome. </t>
<t>A reserved IID, or a range of reserved IIDs, will most likely specify values for
both "u" and "g", since they are among the high-order bits. At the present time,
none of the known methods of generating IIDs will generate "u" = "g" = 1.
Reserved IIDs with "u" = "g" = 1 are therefore unlikely to collide with automatically
generated IIDs. </t>
</section> <!-- iana -->
<section anchor="ack" title="Acknowledgements">
<t>
Valuable comments were received from
Ran Atkinson,
Remi Despres,
Fernando Gont,
Brian Haberman,
Joel Halpern,
Bob Hinden,
Christian Huitema,
Ray Hunter,
Mark Smith,
and other participants in the 6MAN working group.
</t>
<t>Brian Carpenter was a visitor at the Computer Laboratory, Cambridge University during part of this work. </t>
<t>This document was produced using the xml2rfc tool
<xref target="RFC2629"/>.</t>
</section> <!-- ack -->
<section anchor ="changes" title="Change log [RFC Editor: Please remove]">
<t>draft-ietf-6man-ug-01: emphasised "opaque" nature of IID, added text about DAD failures,
expanded IANA considerations, 2013-05-25.</t>
<t>draft-ietf-6man-ug-00: first WG version, text clarified, added possibility of link-local significance, 2013-03-28.</t>
<t>draft-carpenter-6man-ug-01: numerous clarifications following WG comments, discussed DAD, added new section
on the usefulness of the u/g bits, expanded IANA considerations, set intended status, 2013-02-21.</t>
<t>draft-carpenter-6man-ug-00: original version, 2013-01-31.</t>
</section> <!-- changes -->
</middle>
<back>
<references title="Normative References">
&RFC2119;
&RFC4291;
&RFC4862;
&RFC5342;
&RFC5453;
</references>
<references title="Informative References">
&RFC2629;
&RFC4941;
&RFC6741;
&RFC3306;
&RFC3307;
&RFC3972;
&RFC2526;
&RFC5535;
&RFC6164;
&RFC6052;
&DRAFT-stable;
&DRAFT-4rd;
&DRAFT-dadproxy;
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 20:42:51 |