One document matched: draft-ietf-mif-problem-statement-01.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc2119 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
]>
<rfc category="info" ipr="pre5378Trust200902" docName="draft-ietf-mif-problem-statement-01.txt">
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>
<?rfc compact="yes" ?>
<front>
<title>Multiple Interfaces Problem Statement</title>
<author initials="M." surname="Blanchet Ed." fullname="Marc Blanchet">
<organization>Viagenie</organization>
<address>
<postal>
<street>2600 boul. Laurier, suite 625</street>
<city>Quebec</city>
<region>QC</region>
<code>G1V 4W1</code>
<country>Canada</country>
</postal>
<email>Marc.Blanchet@viagenie.ca</email>
<uri>http://www.viagenie.ca</uri>
</address>
</author>
<author initials="P." surname="Seite" fullname="Pierrick Seite">
<organization>France Telecom</organization>
<address>
<postal>
<street>4, rue du Clos Courtel, BP 91226</street>
<city>Cesson-Sevigne</city>
<code>35512</code>
<country>France</country>
</postal>
<email>pierrick.seite@orange-ftgroup.com</email>
</address>
</author>
<date month="October" year="2009"/>
<abstract>
<t>
A multihomed host receives node configuration information from each of its provisioning domain.
Some configuration objects are global to the node, some are local to the interface.
Various issues arise when multiple conflicting node-scoped configuration objects are
received on multiple interfaces. Similar situations also happen with single interface host connected to multiple
networks. This document describes these issues.
</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>
A multihomed host have multiple provisioning domains (via physical and/or virtual interfaces). For example,
a node may be simultaneously connected to a wired Ethernet LAN, a 802.11 LAN, a 3G cell network, one or
multiple VPN connections or one or multiple automatic or manual tunnels. Current laptops and
smartphones typically have multiple access network interfaces and, thus, may be simultaneously connected to different provisioning domains.
</t>
<t>
A multihomed host receives node configuration information from each of its access
networks, through various mechanims such as DHCPv4 <xref target="RFC2131"/>, DHCPv6 <xref
target="RFC3315"/>, PPP <xref target="RFC1661"/> and IPv6 Router Advertisements <xref
target="RFC4861"/>. Some received configuration objects are specific to an interface such
as the IP address and the link prefix. Others are typically considered by implementations
as being global to the node, such as the routing information (e.g. default gateway), DNS servers IP
addresses and address selection policies.
</t>
<t>
When the received node-scoped configuration objects have different values from each provisioning domains,
such as different DNS servers IP addresses, different default gateways or different
address selection policies, the node has to decide which it will use or how it will merge them.
</t>
<t>
Several issues regarding how the node-scoped configuration objects are used
in a multihomed node environment have been
raised. The following sections define the MIF host and the scope of this document, describe related work,
list the symptoms and then the underlying problems.
</t>
<t>
A companion document
<xref target="I-D.mrw-mif-current-practices"/> discusses current practices.
</t>
</section>
<section title="Terminology">
<t>
A MIF host is defined as:
<list style='symbols'>
<t>A <xref target="RFC1122"/> IPv4 and/or <xref target="RFC4294"/> IPv6 compliant host</t>
<t>Configured with more than one IP addresses (excluding loopback, link-local)</t>
<t>On one or more provisioning domains, as presented to the IP stack. </t>
<t>The interfaces may be logical, virtual or physical. </t>
<t>The IP addresses come from more than one administrative domains.</t>
<t>The IP addresses may be from the same or from different address families, such as IPv4 and IPv6. </t>
<t>Communications using these IP addresses may happen simultaneously and independently.</t>
<t>Communications using these IP addresses may be tied on all the possible provisioning domains, or, at least, on a limited number of provisioning domains.</t>
<t>While the MIF host may forward packets between its interfaces, forwarding packets is not taken into account in this definition.</t>
</list>
</t>
<t>
When a protocol keyword such as IP, PPP, DHCP is used without any reference to a specific IP version, then it
implies both IPv4 and IPv6. A specific IP version keyword such as DHCPv4 or DHCPv6 is specific to that IP version.
</t>
</section>
<section title="Scope and Existing Work">
<t>
This section describes existing related work and defines the scope of the problem.
</t>
<section title="Below IP Interaction">
<t>
Network discovery and selection on lower layers as defined by <xref target="RFC5113"/> is out of scope of this document. Moreover, lower layer interaction
such as IEEE 802.21 is also out of scope.
</t>
<t>
Proxy MIP allows sharing a single IP address across multiple interfaces (e.g., WiMAX and CDMA, LTE and HSPA, etc) to disparate networks.
From the IP stack view on the node, there is only a single interface and single IP address. Therefore, this situation is out of scope.
Furthermore, link aggregation done under IP where a single interace is shown to the IP stack is also out of scope.
</t>
</section>
<section title="Hosts Requirements">
<t>
The requirements for Internet Hosts <xref target="RFC1122"/> describe the multihomed host as if it has multiple IP
addresses, which may be associated with one or more physical interfaces connected to the same or different networks.
</t>
<t>
The host maintains a route cache table where each entry contains the local IP address, the destination IP address,
Type-of-Service and Next-hop gateway IP address. The route cache entry would have data about the properties of the path,
such as the average round-trip delay measured by a transport protocol.
</t>
<t>
As per <xref target="RFC1122"/>, two models are defined:
<list style='symbols'>
<t>The "Strong" host model defines a multihomed host as a set of logical hosts within the same physical host. In this model a packet must be
sent on an interface that corresponds to the source address of that packet.</t>
<t>The "Weak" host model describes a host that has some embedded gateway functionality. In the weak host model, the host can send and receive
packets on any interface.</t>
</list>
</t>
<t>
The multihomed host computes routes for outgoing datagrams differently depending on the model.
Under the strong model, the route is computed based on the source IP address, the destination IP address and the Type-of-Service.
Under the weak model, the source IP address is not used, but only the destination IP address and the Type-of-Service.
</t>
</section>
<section title="Mobility and other IP protocols">
<t>
This document assumes hosts only implementing <xref target="RFC1122"/> for IPv4 and <xref target="RFC4294"/> for IPv6,
and not using any kind of new transport protocols. It is not required for the host to support additional IP mobility or multihoming protocols,
such as SHIM6, SCTP, Mobile IP, HIP, RRG, LISP or else. Moreover, the peer of the connection is also not required to use these mechanisms.
</t>
</section>
<section title="Address Selection">
<t>
The Default Address Selection <xref target="RFC3484"/> defines algorithms for source and destination IP address selections.
It is mandatory to be implemented in IPv6 nodes, which also means dual-stack nodes. A node-scoped policy table managed by the IP stack
is defined. Provisions are made to change or update the policy table, however, no mechanism is defined.
</t>
<t>
Issues on using the Default Address Selection were found <xref target="RFC5112"/> in the context of multiple prefixes on the same link.
New work <xref target="I-D.chown-addr-select-considerations"/> discusses the multiple attached networks scenarios and how to update the policy table.
</t>
</section>
<section title="Interactive Connectivity Establishment (ICE)">
<t>
Interactive Connectivity Establishment (<xref target="I-D.ietf-mmusic-ice">ICE</xref>) is
a technique for NAT traversal for UDP-based (and TCP) media streams established by the offer/answer
model. The multiplicity of IP addresses and ports in SDP offers are tested for connectivity
by peer-to-peer connectivity checks. The result is candidate IP addresses and ports for establishing
a connection with the other peer.
</t>
<t>
ICE does not solve the MIF issues, such as the incompatible configuration objects received on different interfaces.
However, ICE may be of use for address selection if the application is ICE-enabled.
</t>
</section>
<section title="Socket API">
<t>
Application Programming Interface (API) may expose objects that user applications may use for the MIF purpose.
For example, <xref target="RFC3542"/> shows how an application using the Advanced sockets API can specify the interface or the source IP address,
through simple bind() operation or IPV6_PKTINFO socket option.
</t>
<t>
An API is also defined <xref target="RFC5014"/> to influence the default address selection mechanism by specifying attributes of the source addresses
it prefers.
</t>
</section>
<section title="Above IP Layers">
<t>
The MIF issues discussed in this document assume no changes in transport protocols or applications. However, fixing the issues might involve these layers.
</t>
</section>
</section>
<section title="Symptoms">
<t>
This section describes the various symptoms found using a MIF host that has already received configuration objects from its various provisioning domains.
</t>
<t>
These situations are also described in <xref
target="I-D.savolainen-6man-fqdn-based-if-selection"/>, <xref
target="I-D.yang-mif-req"/> and <xref target="RFC4477"/>. They occur, for example, when:
<list style="numbers">
<t>one interface is on the Internet and one is on a corporate private network. The latter may be through VPN.</t>
<t>one interface is on one access network (i.e. wifi) and the other one is on another access network (3G) with specific services.</t>
</list>
</t>
<section title="DNS resolution issues">
<t>
A MIF host (H1) has an active interface(I1) connected to a network (N1) which has its DNS server (S1) and
another active interface (I2) connected to a network (N2) which has its DNS server (S2).
S1 serves with some private namespace "private.example.com". The user or the application
uses a name "a.private.example.com" which is within the private namespace of S1 and only resolvable by S1.
Any of the following situations may occur:
<list style="numbers">
<t>H1 stack, based on its routing table, uses I2 to reach S1 to resolve "a.private.example.com". H1 never reaches S1. The name is not resolved.</t>
<t>H1 keeps only one set of DNS server addresses from the received configuration objects and kept S2 address.
H1 sends the DNS A query for a.private.example.com to S2. S2 responds with an error for an non-existant domain (NXDOMAIN). The name is not resolved.</t>
<t>H1 keeps only one set of DNS server addresses from the received configuration objects and kept S2 address.
H1 sends the DNS A query for a.private.example.com to S2. S2 asks its upstream DNS and gets an IP address for a.private.example.com.
However, the IP address is not the right one S1 would have given.
Therefore, the application tries to connect to the wrong destination host, which may imply security issues.</t>
<t>S1 or S2 has been used to resolve "a.private.example.com" to an <xref target="RFC1918"/> address. Both N1 and N2 are <xref target="RFC1918"/> addressed networks.
IPv4 source address selection may face challenges, as due address overlapping the source/destination IP addresses do not necessarily provide
enough information for making proper address selection decisions.</t>
<t>H1 has resolved an FQDN to locally valid IP address when connected to N1. After movement from N1 to N2, the host tries to connect to the same IP address as earlier, but as the address was only locally valid, connection setup fails.</t>
<t>H1 requests AAAA record from a DNS server on a network that uses protocol translators and DNS64 <xref target="I-D.ietf-behave-dns64"/>.
If the H1 receives synthesized AAAA record, it is quaranteed to be valid only on the network it was learned from.
If the H1 uses synthesized AAAA on an network interface it is not valid on, the packets will be dropped by the network.</t>
</list>
</t>
</section>
<section title="Routing">
<t>
A MIF host (H1) has an active interface(I1) connected to a network (N1) and
another active interface (I2) connected to a network (N2). The user or the application
is trying to reach an IP address (IP1).
Any of the following situations may occur:
<list style='numbers'>
<t>For the IP1 address family, H1 has one default route (R1, R2) per network (N1, N2).
IP1 is only reachable by N2. H1 stack uses R1 and tries to send through I1. IP1 is never reached or is not the right target.</t>
<t>For the IP1 address family, H1 has one default route (R1, R2) per network (N1, N2).
IP1 is reachable by both networks, but N2 path has better characterictics,
such as better round-trip time, least cost, better bandwidth, etc....
These preferences could be defined by user, by the provider, by discovery or else.
H1 stack uses R1 and tries to send through I1. IP1 is reached but the service would be better by I2.</t>
<t>For the IP1 address family, H1 has a default route (R1), a specific X.0.0.0/8 route R1B (eg. RFC1918 prefix) to N1
and a default route (R2) to N2.
IP1 is reachable by N2 only, but the prefix (X.0.0.0/8) is used in both networks.
Because of the most specific route R1B, H1 stack sends through I2 and never reach the target.</t>
</list>
</t>
<t>
A MIF host may have multiple routes to a destination. However, by default, it does
not have any hint concerning which interface would be the best to use for that destination. For
example, as discussed in <xref target="I-D.savolainen-6man-fqdn-based-if-selection"/>,
<xref target="I-D.hui-ip-multiple-connections-ps"/> and <xref target="I-D.yang-mif-req"/>,
a service provider might want
to influence the routing table of the host connecting to its network.
</t>
<t>
A host usually has a node-scoped routing table. Therefore, when a MIF host is
connected to multiple provisioning domains where each service provider wants to influence the
routing table of the host, then conflicts might arise from the multiple routing information
being pushed to the host.
</t>
<t>
A user on such multihomed host might want a local policy to influence which interface will
be used based on various conditions.
</t>
<t>
On a MIF host, some source addresses are not valid if used on some interfaces. For
example, an RFC1918 source address might be appropriate on the VPN interface but not on the
public interface of the MIF host. If the source address is not chosen appropriately,
then sent packets might be filtered in the path if source address filtering is in place (<xref target="RFC2827"/>,<xref target="RFC3704"/>) and
reply packets might never come back to the source.
</t>
</section>
<section title="Address Selection Policy">
<t>
A MIF host (H1) has an active interface(I1) connected to a network (N1) and
another active interface (I2) connected to a network (N2). The user or the application
is trying to reach an IP address (IP1).
Any of the following situations may occur:
<list style='numbers'>
<t>H1 receives from both networks (N1 and N2) an update of its default address selection policy.
However, the policies are specific to each network. The policies are merged by H1 stack. Based on the merged policy, the chosen source address is from N1
but packets are sent to N2. The source address is not reachable from N2, therefore the return packet is lost. </t>
<t>TBD: add more</t>
</list>
</t>
<t>Merging address selection policies may have important impacts on routing.</t>
</section>
<section title="Single Interface on Multiple Networks">
<t>
When a MIF host using a single interface is connected to multiple networks with different default routers,
similar issues as described above happen.
</t>
</section>
</section>
<section title="Problems">
<t>
This section tries to list the underlying problems corresponding to the issues discussed in the previous section.
<list style='numbers'>
<t>Routing tables are usually node-scoped.</t>
<t>DNS server addresses and other configuration objects (NTP servers, ...) are usually node-scoped.</t>
<t>Same configuration objects (eg DNS server addresses, NTP server addresses, ..) received from multiple provisioning domains are usually overwritten.</t>
<t>Default Address Selection policies are usually node-scoped.</t>
<t>Default Address Selection policies may differ when received on different provisioning domains.</t>
<t>Host implementations usually do not implement the <xref target="RFC1122"/> strong model where the source address is in the routing table.</t>
<t>Host implementations usually do not implement the <xref target="RFC1122"/> model where the Type-of-Service are in the routing table.</t>
<t>Host implementations usually do not keep path characteristics, user or provider preferences in the routing table.</t>
<t>Applications usually do not use advanced APIs to specify the source IP address or to set preferences on the address selection policies.</t>
<t>DNS answers are usually not kept with the interface from which the answer comes from.</t>
<t>Host implementations usually do not keep separate network configuration (such as DNS server addresses) per provisioning domain.</t>
</list>
</t>
</section>
<section title="Summary">
<t>
A MIF host receives node configuration information from each of its provisioning domains.
Some configuration objects are global to the node, some are local to the interface.
Various issues arise when multiple conflicting node-scoped configuration objects are
received via multiple provisioning domains. Similar situations also happen with single interface host connected to multiple
networks. Therefore, there is a need to define
the appropriate behavior of an IP stack and possibly define protocols to manage these cases.
</t>
</section>
<section title="Security Considerations">
<t>
The problems discussed in this document have security implications, such as when the
packets sent on the wrong interface might be leaking some confidential information.
Moreover, the undetermined behavior of IP stacks in the multihomed context bring additional
threats where an interface on a multihomed host might be used to conduct attacks targeted
to the networks connected by the other interfaces.
</t>
</section>
<section title="IANA Considerations">
<t>
This document has no actions for IANA.
</t>
</section>
<section title="Authors">
<t>
This document is a joint effort with authors of the MIF requirements draft <xref target="I-D.yang-mif-req"/>.
The authors of this document, in alphabetical order, include: Marc Blanchet, Jacqni Qin, Pierrick Seite, Carl Williams and Peny Yang.
</t>
</section>
<section title="Acknowledgements">
<t>
The initial Internet-Drafts prior to the MIF working group and the discussions during the MIF BOF meeting and on the mailing list around the MIF charter scope on the mailing list brought very good input to the problem statement.
This draft steals a lot of text from these discussions and the initial drafts. Therefore, the editor would like to acknowledge the following people (in no specific order), from which some text has been taken from:
Jari Arkko, Keith Moore, Sam Hartman, George Tsirtsis, Scott Brim, Ted Lemon, Bernie Volz, Giyeong Son,
Gabriel Montenegro, Teemu Savolainen, Christian Vogt, Lars Eggert, Margaret Wasserman, Hui Deng, Ralph Droms, Ted Hardie,
Christian Huitema, Rémi Denis-Courmont.
Sorry if some contributors have not been named.
</t>
</section>
<section title="Discussion home for this draft">
<t>
This document is intended to define the problem space discussed in the mif@ietf.org mailing list.
</t>
</section>
</middle>
<back>
<references title="Informative References">
<?rfc include="reference.RFC.1122" ?>
<?rfc include="reference.RFC.1661" ?>
<?rfc include="reference.RFC.1918" ?>
<?rfc include="reference.RFC.2131" ?>
<?rfc include="reference.RFC.2827" ?>
<?rfc include="reference.RFC.3315" ?>
<?rfc include="reference.RFC.3484" ?>
<?rfc include="reference.RFC.3542" ?>
<?rfc include="reference.RFC.3704" ?>
<?rfc include="reference.RFC.4294" ?>
<?rfc include="reference.RFC.4477" ?>
<?rfc include="reference.RFC.4861" ?>
<?rfc include="reference.RFC.5014" ?>
<?rfc include="reference.RFC.5112" ?>
<?rfc include="reference.RFC.5113" ?>
<?rfc include="reference.I-D.savolainen-6man-fqdn-based-if-selection" ?>
<?rfc include="reference.I-D.hui-ip-multiple-connections-ps" ?>
<?rfc include="reference.I-D.mrw-mif-current-practices" ?>
<?rfc include="reference.I-D.ietf-mmusic-ice" ?>
<?rfc include="reference.I-D.chown-addr-select-considerations" ?>
<?rfc include="reference.I-D.yang-mif-req" ?>
<?rfc include="reference.I-D.ietf-behave-dns64" ?>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 02:53:59 |