Network Working Group                                       Alain Durand 
Internet-Draft                                                      IMAG
Expire in six months                              1997/02/26 14:32:32MET

          GSE+ - An Alternate Addressing Architecture to GSE

                      <draft-durand-gse+-00.txt>

1. Status of this Memo

   This document is an Internet-Draft.  Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups. Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as ``work in progress.''

   To learn the current status of any Internet-Draft, please check the
   1id-abstracts.txt listing contained in the Internet-Drafts Shadow
   Directories on ftp.is.co.za (Africa) , nic.nordu.net (Europe),
   munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast ), or
   ftp.isi.edu (US West Coast).



2. Abstract

   This document present an alternative addressing architecture to
   the GSE proposal (draft-ipng-gseaddr-00.txt) of Mike O'Dell.
   The basic change is the introduction of a site identifier
   in the ESD.



3. Introduction

   There are several issues in the GSE proposal that remains unsolved
   in the author mind:
       A - How to allocate IETF-nodeIDs?
       B - How to make sure that the ESD is globally unique?
       C - How to prevent someone from injecting a fake ESD in the public
           topology.?
       D - How can a firewall reject packets coming from a particular site?
       E - How to do reverse DNS lookup for an ESD?

    The author believe that the source of all those issue is the lack
    of a Site Identifier in the ESD.



4. Addresses

   In the GSE proposal, an IPv6 address is split into 3 pieces:

          0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15
        +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
        |  Routing Goop    | STP| End System Designator |
        +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
                 6+ bytes   ~2 bytes       8 bytes

   This proposal suggest to split the IPv6 address in 3 other pieces:
  
          0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15
        +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
        |  Routing Goop   |    SID    |      SESD       |
        +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
        |    6  bytes     |  4 bytes  |     6 bytes     |
        |                 |           |                 |
        \----------------/ \----------------------------/
             48 bits               80 bits ESD
           Routing Goop



5. SID, Site IDentifier

   The SID is a 32 bits token. It identify a site in the global Internet.
   It is attributed by a regional registry. and belong to this registry.
   If a site is multi homed, it is allocated only one SID.
   When a site change provider or change location within the scope of
   the regional registry, it keeps the same SID.

   The SID might be split into 2 fields, a Regional Registry ID (RRID) and
   a Regional Registry SID (RRSID). The exact number of bits for each field
   is not discussed in this proposal.

   The allocation of SID is much simpler than the IETF-NodeID one.
   This greatly simplify issue A.



6. SESD, Site End System Designator

    The SESD is a 48 bit token. It identify a node within a site. The exact
    usage of the bits of this field is left to the site policy. Suggested
    structures are:

        1 - 48 bit IEEE mac address (for flat site topologies)
        2 - 8 bits local network address + 40 lower bits of IEEE mac address
        3 - 16 bits local network address + 32 lower bits of IEEE mac address
        4 - 16 bits local network address + 32 bits IPv4 address
        5 - 16 bits local network address + 32 bits token assigned by DHCP

    Using solutions 1, 2 or 3 with stateless auto configuration is possible.
    Conflicts might happen, but they will be rare and they can be detected
    with DAD.



7. ESD, END System Designator

   The ESD is the 80 bits token made of the SID and the SESD.
   By construction, it is guaranteed globally unique. This solves issue B.



8. Border router security

   The public topology router should enforce that packets coming from a
   particular site have the correct SID bits set.
   This will solve issue C.

   A border  router will do routing goop rewriting in the very same way
   as in the GSE proposal. It can also filter incoming packets on the
   SID basis. This will solve issue D.



8. Reverse DNS lookup.

   The author believes that one should be able to do reverse DNS lookup
   for an ESD. A reverse top level domain (like esd.ip6.int) could delegate
   RRID to the regional registries which could then delegate RRSID to the sites.
   This should solve issue E.



9. Comparison with the GSE proposal

   The main shift from the GSE proposal is in the introduction of
   a the SID notion. All other aspects of the GSE model remains identical.



10. Security consideration

    The SID will help firewalls to filter traffic on a site per site
    basis.  Public topology entry router should enforce that the SID bits
    of packets coming from a customer are the correct one.

    This should improve the security of the GSE model.



11. Author address

    Alain Durand
    Institut d'Informatique et de Mathematiques Appliquees de Grenoble
    IMAG  BP 53 38041 Grenoble CEDEX 9 France
    Phone : +33 4 76 63 57 03
    Fax   : +33 4 76 51 49 64
     E-Mail: Alain.Durand@imag.fr