| 6man | R. Bonica |
| Internet-Draft | Juniper Networks |
| Intended status: Standards Track | J. Halpern |
| Expires: September 24, 2019 | Ericsson |
| N. So | |
| F. Xu | |
| Reliance Jio | |
| G. Chen | |
| Baidu | |
| Y. Zhu | |
| G. Yang | |
| China Telecom | |
| Y. Zhou | |
| ByteDance | |
| March 23, 2019 |
The IPv6 Segment Endpoint Option
draft-bonica-6man-seg-end-opt-03
This document defines the IPv6 Segment Endpoint Option. Source nodes can use this option to convey internet-layer information to selected segment endpoints along a packet's delivery path.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 24, 2019.
Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
IPv6 options convey optional internet-layer information to selected nodes along a packets delivery path. IPv6 options can be encoded as follows:
If an option is encoded in a Hop-by-hop Options header, it conveys information to every node along the packet's delivery path, including the destination node. (See NOTE 1). If an option is encoded in a Destination Options header that precedes a Routing header, it conveys information to every segment endpoint along the packet's delivery path, including the destination node. If an option is encoded in a Destination Options header that precedes an upper-layer header, it conveys information to the destination node only. (See Section 4.3.4 of
This document defines the IPv6 Segment Endpoint option. The IPv6 Segment Endpoint option provides a mechanism through which a source node can convey optional internet-layer information to selected segment endpoints. For example, assume that a packet's delivery path contains three segments. The source node can use the Segment Endpoint option to convey one piece of information to the first segment endpoint, another piece of information to the second segment endpoint, and no information to the third segment endpoint.
NOTE 1: As per IPv6, it is now expected that nodes along a packet's delivery path only examine and process the Hop-by-Hop Options header if explicitly configured to do so.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC8174] when, and only when, they appear in all capitals, as shown here.
The Segment Endpoint option MAY appear in a Destination Options header, regardless of whether that Destination Options header precedes a Routing header or an upper-layer header. The Segment Endpoint option MUST NOT appear in a Hop-by-hop Options header.
Figure 1 depicts the Segment Endpoint option.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Type | Opt Data Len | Option Data
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Figure 1: Segment Endpoint Option
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Segments Left | Containers | Container List
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Figure 2: Option Data
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Segment ID | IPv6 Options
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Figure 3: A Container
Each element of Container List contains the following fields:
Within a Container list, Containers MUST be sorted in descending order by Segment ID. A Segment ID MUST NOT appear more than once in the Container list.
NOTE 1: The highest-order two bits of the Option Type (i.e., the "act" bits) are 10. These bits specify the action taken by a destination node that does not recognize Segment Endpoint option. The required action is to discard the packet and send an ICMPv6 Parameter Problem, Code 2, message to the packet's Source Address, pointing to the Segment Endpoint option Type.
NOTE 2: The third highest-order bit of the Option Type (i.e., the "chg" bit) is 1. This indicates that Option Data can be modified along the path between the packet's source and its destination.
If the option appears in a Hop-by-hop Options header, the processing node discards the packet and sends an ICMPv6 Parameter Problem, Code 2, message to the packet's Source Address, pointing to the Segment Endpoint option Type.
If the option appears in a Destination Options header, the processing node locates the following fields in Option Data:
It then processes each member of the Container List as follows:
Finally, decrement the Segment ID field and process the next option or header.
The Segments Left field of the Segment Endpoint option is mutable. Intermediate nodes MAY change the value of this field.
All other fields in the Segment Endpoint option are immutable. Intermediate nodes MUST NOT change the values of these fields.
The Segment Endpoint Option shares many security concerns with IPv6 routing headers. In particular, any boundary filtering protecting a domain from external routing headers should also protect against external Segment Endpoint Options being processed inside a domain. This occurs naturally if encapsulation is used to add routing headers to a packet. If external routing headers are allowed, then protections must also include ensuring that any provided Segment Endpoint option before the routing header is properly protect, e.g. with an IPSEC AH header or other suitable means.
As with Routing headers, the security assumption within a domain is that the domain is trusted to provide, and to avoid improperly modifying, the Segment Endpoint Option.
IANA is requested to allocate a codepoint from the Destination Options and Hop-by-hop Options registry (https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#ipv6-parameters-2). This option is called "Segment Endpoint". The "act" bits are 10 and the "chg" bit is 1.
Thanks to Fred Baker and Shizhang Bi for their careful review of this document.
| [RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. |
| [RFC4443] | Conta, A., Deering, S. and M. Gupta, "Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification", STD 89, RFC 4443, DOI 10.17487/RFC4443, March 2006. |
| [RFC8174] | Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017. |
| [RFC8200] | Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/RFC8200, July 2017. |
| [IPv6-OPT] | , ""Destination Options and Hop-by-Hop Options"", August 1987. |