| Internet Engineering Task Force | M. Smith |
| Internet-Draft | October 22, 2018 |
| Updates: RFC4291, RFC4443, RFC6724 (if | |
| approved) | |
| Intended status: Standards Track | |
| Expires: April 25, 2019 |
IPv6 Formal Anycast Addresses and Functional Anycast Addresses
draft-smith-6man-form-func-anycast-addresses-00
IPv6 anycast addresses are chosen from within the existing IPv6 unicast address space, with the addresses nominated as anycast addresses through configuration. An alternative scheme is to have a special class of addresses for use as anycast addresses. This memo proposes a distinct general anycast addressing class and a more specific scheme for functional anycast addresses.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 25, 2019.
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
[RFC1546] was the first description of host anycast services, and proposed two ways of supporting them in terms of addressing:
The first method of supporting anycast addresses, by using parts of the existing (unicast) address space, could be described as informal. From the address itself, it is not possible to determine that the apparent unicast address is actually being used as an anycast address.
As the second method would create a special class of addresses for anycast use, it could be described as formal. Encoded within the addresses would be a value and perhaps other attributes that indicates they are anycast addresses, regardless of context.
In terms of a spectrum of delivery ranging from to a single or to multiple destinations, anycast addresses are a distinct class of addresses when compared to unicast and multicast addresses. Packets sent to a unicast destination are intended to be delivered to one and only one unique destination host. Packets sent to a multicast destination are intended to be delivered to a group of interested destination hosts, with the interested group consisting of one or more members, and the packets being duplicated by the network when and where necessary. Packets sent to an anycast destination are intended to be delivered to only one of a set of hosts sharing the same anycast address. As a type of address, anycast addresses can be imagined to fall between unicast and multicast address types on the delivery spectrum.
IPv6 anycast addresses [RFC4291] are currently from within the existing unicast address address space. Therefore, this memo gives these IPv6 anycast addresses the name "Informal Anycast" addresses.
This memo proposes a special and formal class of IPv6 addresses for anycast use, calling them "Formal Anycast" addresses.
The described IPv6 Formal Anycast address class can support a total of 16 sub-classes of anycast address formats and structures. Following the description of Formal Anycast address class, this memo then proposes the first sub-class called "Functional Anycast" addresses.
There are some existing reserved and well known anycast addresses within the existing Informal Anycast address space. While well known, they do not have any of the formal attributes that the proposed formal Functional Anycast addresses have, other than having specified and well known values; they could be described as semi-formal. Well known Functional Anycast addresses are proposed that correspond to these existing semi-formal anycast addresses.
Anycast Domain
Formal Anycast Address
Functional Anycast Address
Informal Anycast Address
Semi-Formal Anycast Address
There are drawbacks and limitions of IPv6 Informal Anycast addresses:
The following diagram shows the structure of an IPv6 Formal Anycast address.
A 8 bit prefix value of TBD (aa00::/8 preferred, indicating a Anycast Address; fa00::/8 an alternative, indicating a Formal Anycast address), identifying this address as a Formal Anycast address.
A 4 bit Visible Scope field used to express and enforce visibility and assumed reachability of the Formal Anycast address. The values and meanings of the values of this field are the same as those for the IPv6 multicast address scope field [RFC4291][RFC7346].
When packets with a Formal Anycast destinaton address are being forwarded, this field's value takes precedence over a non-zero Hop Limit field value, meaning the packet MUST be discarded at the edge of the indicated visibility domain even though it may have a non-zero Hop Limit value. A specific ICMPv6 Destination Unreachable [RFC4443] message, described below, SHOULD be generated and returned to the packet's sender indicating the packet was discarded as it reached the edge of its Visible Scope.
A 4 bit field identifying the format of the following Anycast Identifier field, holding digits in the range of 0x0 through 0xf in hexidecimal.
The first assigned value is 0, specifying that the following Anycast Identifier Format is that of a Functional Anycast addresses, which is described later in this memo.
Other values will be assigned by IANA as future Anycast Identifier Formats are specified.
A 112 bit field holding the Anycast Identifier value. The format and structure of this field is encoded in the previous Anycast Identifier Format field.
One of the possible Visible Scope values is the Link-Local scope, specifying that the Formal Anycast address's visibility is limited to a link that the host is directly attached to.
Nodes on the link will need to consider Formal Anycast addresses with a Link-Local Visible Scope on-link, so that they perform Neighbor Discovery [RFC4861] for these addresses.
Similar to the unicast Link-Local prefix [RFC5942], IPv6 implementations SHOULD BE updated to consider the Formal Anycast prefix with a Link-Local Visible Scope on-link. Using the (preferred, IANA TBA) aa00::/8 Formal Anycast prefix, this means IPv6 implementations will consider aa02::/16 to be on-link.
Unlike the unicast Link-Local prefix, updated IPv6 implemenations MUST NOT use SLAAC [RFC4862] to generate an automatic address from within this Formal Anycast Link-Local Visible Scope prefix (MRS: Need to further consider this, is there a case I've missed where this could be useful? Hmm, what about, for example, the router subnet anycast address? Perhaps anycast providing applications could/should resister their anycast addresses similar to multicast. Hmm, there really needs to be any "Anycast Listener Discovery" protocol similar or same as MLD.).
Note that unlike the unicast Link-Local prefix, IPv6 nodes may not and typically would not have an address from within the Formal Anycast Link-Local Visible Scope prefix. One of the node's Link-Local addresses on the same link should be used as a source address when sending to a Formal Anycast Link-Local Visible Scope destination. This does not preclude using other greater scope unicast source addresses. (MRS: probably need to update source/destinaton address selection RFC - I think that is already somewhere in this draft?)
In the interrim IPv6 implementation update period, IPv6 nodes can be informed that the Formal Anycast Link-Local Visible Scope prefix is on-link in one of two ways:
As mentioned prevously, if a packet with a Formal Anycast destination address reaches the edge of the Visible Scope for the address, a ICMPv6 Destination Unreachable [RFC4443] message SHOULD be generated and sent back to trigger packet's sender.
Note that if the router at the edge of the visibility domain is also assigned the Formal Anycast address, the packet is host processed locally rather than being discarded, and an ICMPv6 Destination Unreachable message IS NOT generated and returned to the packet's sender.
When a router implementation formally supports Formal Anycast addresses, the ICMPv6 Code for the Destination Unreachble message is IANA-TBD, indicating that the Edge of the Visible Scope [was] Reached.
If a router implementation does not formally support Formal Anycast addresses an operator should use packet filters to enforce the Visible Scope boundary. A packet failing to pass the packet filter should cause the router to generate a Destination Unreachable Communication with destination administratively prohibited message [RFC4443] (Code 1) message, which is semantically similar to the formal Edge of Visibile Scope Reached message.
Note that ICMPv6 messages are not sent reliably, so Formal Anycast packet senders will need to be able to handle not receiving a ICMPv6 Destination Unreachable message in response to a packet reaching the edge of the visibility domain.
There may be situations where silently discarding Formal Anycast packets at the Visible Scope boundary may be preferred. In this case, a packet discard route, covering the Visible Scope prefix can be installed in a router's forwarding table.
An IPv6 implementation may be presented with a candidate set of destination addresses that consists of both Formal Anycast and unicast addresses. The implementation needs to make a choice or choices as to which of these candidate addresses to attempt to use.
The decision to use a Formal Anycast address instead of a unicast address is an active and conscious one. Therefore, when a choice needs to be made between a Formal Anycast address and a unicast address, the Formal Anycast address should always be preferred.
In terms of the Destinaton Address Selection algorithm described in [RFC6724], this preference of Formal Anycast over unicast addresses introduces a new rule between Rule 1 ("Avoid unusable destinations") and Rule 2 ("Prefer matching scope"), specifically (using "1.5" here to indicate the position):
Note that there may be instances where an application would prefer to use a unicast address over a Formal Anycast address. In this case, Formal Anycast addresses can be identified and ignored using the well known 8 bit Formal Anycast prefix.
As the Formal Anycast address scopes are defined to be the same as Multicast address scopes, the same Multicast scope comparison methods, described in [RFC6724], are used with Formal Anycast address scopes.
The Anycast Identifier Format field within a Formal Anycast address specifies the format and structure of the 112 bit Anycast Identifier field. The following is advice and guidelines to use when developing a new Anycast Identifier field format and structure.
Forwarding towards anycast addresses is the same as forwarding towards unicast addresses, which uses the longest match rule BCP 198 [RFC7608]. Longest match forwarding facilitates summarisation of forwarding information, where a single more general forwarding route can summarise a number of more specific forwarding routes. Summarisation saves entries in forwarding tables outside of the summarised forwarding domain, provides simpler destination based filtering for security purposes, and facilitates easier destination address based traffic analysis.
The use of route summarisation with anycast addresses effectively creates an anycast domain that is being identified and summarised by the anycast summary route. Outside of the anycast domain, a single summary route exists, covering all anycast addresses within the domain. Within the anycast domain, individual routes for individual anycast addresses exist.
When designing a new Anycast Identifier field format and structure, the following guidelines should be followed. These guidelines should allow a set of more specific anycast routes to be summarised as well as improving operator usability.
The first defined sub-class or sub-format of Formal Anycast addresses is the Functional Anycast address sub-class.
The following are the features of Functional Anycast addresses. In many cases they're inspired by and mirror IPv6 multicast address features [RFC4291][RFC3306].
The format of Functional Anycast addresses is modelled on the IPv6 multicast address format [RFC4291].
The format of an Functional Anycast address is as follows:
[diagram to come]
The address fields are as follows:
In the history of the Internet, it has been common to conflate a function or service with a protocol.
For example, historically, the telnet protocol [RFCxxxx] had been the most popular remote virtual terminal protocol. In more recent times, the SSH protocol [RFCxxx] has become the de facto remote virtual terminal protocol. Accessing the remote virtual terminal service has either been referred to as "telnet in" or "SSH in" to the host providing the service, using the protocol being used to refer to the service being accessed.
In either case, telnet and SSH protocols are being used to access a remote virtual terminal service. Functionally, from the perspective of remote virtual terminal access, the differences are relatively minor; data security and integrity via encryption and authentication is where the primary differences between telnet and SSH are - in telnet encryption of the data stream is optional [RFCxxx], where as with SSH it is mandatory.
When both IANA and local anycast domain operators assign Anycast Function Identifiers, it is recommended that they're allocated and identified by protocol agnostic function or service type rather than to a specific protocol that provides that function or service. As the particular protocol being used to access the function or service will be encoded in the upper transport layer protocols and ports in the IPv6 packet, service or function based Anycast Function Identifers can support and stay constant across the use and evolution of different function or service access protocols.
For example, with a well-known Anycast Function Identifier specifically allocated to a Network Virtual Terminal service (NVT) [RF852?], the hosts providing the NVT service could initially support both telnet (assuming telnet is considered secure enough) and SSH. If both telnet and SSH become deprecated, and a new NVT access protocol is developed, the same Anycast Function Identifier for the NVT service could be used to reach a node supporting this new access protocol.
Another example is the domain name service. Currently domain name resolution takes place using the Domain Name Service protocol [RFCxxx], natively carried over UDP and TCP, using port 53. More recently, work has been taking place to operate DNS over TLS [RFCxxx] and HTTP [RFCxxx] to enhance the security of the domain name resolution function. The use of multiple protocols to access fundamentally the same domain name resolution function suggests a protocol agnostic domain name resolution Anycast Function Identifier.
This doesn't preclude Anycast Function Identifiers being used to support and identify specific protocols (examples of this occur later). There may be current and future cases where the allocation and use of an Anycast Function Identifier for a specific protocol is the better choice. This should be considered and evaluated on a case by case basis.
A number of past RFCs have reserved anycast addresses and identifiers. These addresses and indentifiers are mapped to the following corresponding and well known Anycast Function Identifiers, and are to be listed in the IANA Anycast Function Address Identifier registery if it is created.
[RFC2526] reserves the highest 127 values of a subnet prefix Interface Identifier for anycast addresses. The equivalent values for Functional Anycast addresses are the highest 127 values of the 32 bit Anycast Function Identifier, a range of (in IPv6 address format, excluding the high order 96 bits) :ffff:fff8 through :ffff:ffff. The IANA Internet Protocol Version 6 (IPv6) Anycast Addresses registry [IANA-IPV6ANYC] records assignments for subnet prefix anycast addresses within the Interface Identifier space. The current and future values of these anycast subnet prefix Interface Identifier values are to also be recorded in the Anycast Function Address Identifier registry.
[RFC4291] reserves an Interface Identifer of all zeros within a unicast prefix as the Subnet-Router anycast address. The equivalent 32 bit Anycast Function Identifier value for Functional Anycast addresses is also all-zeros.
[RFC7723] reserves the IPv6 address 2001:1::1/128 for the use as the Port Control Protocol Anycast address. The equivalent 32 bit Anycast Function Identifier value is (in IPv6 address format, excluding the high order 96 bits) :0001:0001.
[RFC8155] reserves the IPv6 address 2001:1::2/128 for the use as the Traversal Using Relays around NAT Anycast address. The equivalent 32 bit Anycast Function Identifier value is (in IPv6 address format, excluding the high order 96 bits) :0001:0002.
A future possible source of inspiraton for well known assigned Anycast Function Identifiers could be DHCPv6 [RFC3315] options that encode IPv6 addresses for services. A number of these options encode multiple IPv6 addresses as candidates for access to the service (for example, the SIP Servers IPv6 Address List option [RFC3310]). The use of anycast for service resiliance would allow a single Anycast Function Identifier value to provide equivalent service, although this wouldn't preclude defining multiple different Anycast Function Identifiers to the service to provide the service client concurrent access to multiple service instances. For example, 3 Functional Anycast addresses could be allocated for DNS resolvers, providing a client with verifiable DNS resolver services from up to 3 different resolvers, and allowing the client to distribute requests across all 3 resolvers.
Another source of inspiration for well known assigned Anycast Function Identifiers could be the IANA IPv6 Multicast Address Space [IANA-IPV6MCAST] registry, where some of the multicast addresses represent services that could also be useful when provided via anycast.
While using these possible source of inspiration, the recommendation to choose protocol agnostic function or service identifiers still stands. DHCPv6 or multicast groups can be used to inspire more generic function or service identifiers.
Functonal Anycast addresses could be used to provide anycast services across the Internet, by using the the Global scope.
When being used on the Internet, many of the possible values of the Prefix field are ambiguous, meaning that they wouldn't unambiguously identify the party using the Functional Anycast address to provide the service or function. Examples of ambiguous prefixes are the all-zeros unspecified prefix, any ULA [RFC4193] prefixes, and the Link-Local [RFC4291] prefix. Other ambiguous prefixes are those in the IPv6 reserved address registry [IANA-IPV6RESA] that are not valid on the Internet.
To overcome this ambiguity, if Global scope Functional Addresses are used over the Internet, the Prefix field MUST be set to a GUA [RFC4291] prefix value assigned to the party providing the anycast service to Internet clients. A network either accepting or originating a Global scope Functional Address prefix for announcement from a downstream stub autonomous system for announcement onto the Internet MUST only accept or originate a route announcement for a Global scope Functional Anycast prefix that includes an explicitly identified GUA prefix. All other Global scope Functional Anycast prefix announcements with ambiguous or non-explicitly identified GUA prefixes MUST be ignored.
As forwarding towards anycast addresses is functionally the same as forwarding towards unicast addresses, Functional Anycast prefixes would be announced into the Internet's unicast forwarding route table.
It is common practice today to limit the prefix length of unicast IPv6 Internet routes accepted to a length of no more than 48 bits i.e. a /48. This is a blunt and simple way to attempt to somewhat limit the number of IPv6 routes in the Internt route table. It is imposing this limit by enforcing a minimal level of aggregation at the /48 boundary. Networks using prefix lengths longer than /48 are expected to aggregate those networks into a route advertisement that is /48 or shorter.
This practice of limiting advertised unicast route prefix lengths to 48 bits will limit the size of the Prefix included in Global scope Functional Anycast announcements to 32 bits, as the high order 16 bits of the Functional Anycast prefix are used to encode the Functional Address type prefix and address scope. This would limit the use of Global scope Functional Anycast addresses to provide global Internet anycast services to those organisations who have a /32 or shorter assignment from an RIR.
As Functional Anycast addresses are a separate class of addresses, and are all identified by a unique /8 prefix, this /48 prefix length limit could be specifically relaxed for Functional Anycast routes. A /48 prefix, when included in a Functional Anycast, results in a Functional Anycast prefix length of /64. Imposing a /64 prefix length limit on Functional Anycast routes, identified by a high order prefix of aa0e::/16, and a GUA anycast domain Prefix, would achieve the same outcome of attempting to reducing the number of entries in the IPv6 Internet route table.
Wide acceptance of Functional Anycast prefixes of up to 64 bits in length on the Internet may take same time to occur. Use of Global scope Functional Anycast addresses by organisations who have RIR /32 assignments, which will be accepted by unicast /48 prefix filters present today, would raise awareness of Functional Anycast addresses. This increased awareness could be leveraged to motivate the changing of prefix filters to accept Global scope Functional Anycast prefixes up to 64 bits in length.
This section provides some example use cases of Functional Anycast addresses that would suit the described scenarios.
Assume IANA has allocated a set of well-known Anycast Function Identifier values of 0x004440, 0x004441, 0x004442 and 0x004443 for use with the Network Time Protocol [RFCxxxx], to facilitate meeting the NTP best practice of having a minimum of 4 NTP time sources [NTP best practices ID].
A device manufacturer uses this set of well-known Anycast Function Identifier to set factory default Functional Anycast addresses for access to a device customer's NTP servers.
The corresponding Functional Anycast address is constructed as follows:
All of the above mean that the NTP server Functional Anycast addresses the device manufacturer sets as the defaults would be (in IPv6 address compressed format):
An enterprise network operator decides to use Functional Anycast addresses to provide DNS resolver service to end-user devices, located in various corporate offices.
Specifically for a single mid-sized branch office, with in the order of 200 staff, the operator decides to provide two DNS resolvers located in the office. This will provide lower latency DNS resolution through DNS caching, reducing perceiveable application response time [NORMNEIL]. Access to a third, geographically close, off-site DNS resolver is provided for redundancy. This off-site DNS resolver will be one of the other branch office's local DNS resolvers.
All three DNS resolvers will provide their services to clients via Functional Anycast addresses. Different clients will receive the on-site DNS resolver addresses in alternating order, both before the off-site DNS resolver address. This provides rudimentry on-site DNS resolver load balancing and keeps both DNS resolvers' lookup caches populated to reduce the client visible performance impact of the fail-over to the remaining on-site DNS resolver, should its sibling fail. The on-site DNS resolvers will watch each others' availablility, taking over its sibling's Functional Anycast address if the sibling becomes unavailable. Should both on-site DNS resolvers become unavailable, clients will resort to using the remaining off-site DNS resolver.
Assume IANA have allocated the well known Anycast Function Identifier values of 5300, 5301 and 5302 for use with anycast DNS resolvers.
The operator allocates decimal identifiers of 703, 9556, 4739, 38809 and 2764 to the corporate offices, with the order reflecting geographic proximity. Each office will have its own unicast /48 from within a globally unique address space of 2001:db8::/32, meaning that the office prefixes are 2001:db8:2bf::/48, 2001:db8:2554::/48, 2001:db8:9779::/48 and 2001:db8:acc::/48.
The corresponding Functional Anycast address is constructed as follows:
The Visibiliity Scope for for these DNS resolvers' Functional Anycast addresses will be Organization-Local (8).
For office 9556, using offic 4739 as an off-site backup, the Functional Anycast addresses for the three DNS resolvers will be:
Assume IANA has allocated a well-known Anycast Function Identifier value of 0x000179 for use with automatic eBGP [RFC4271?] session establishement.
Smaller, stub site routers are preconfigured with a Functional Anycast address to attempt to automatically establish an eBGP session with a one or two upstream eBGP peer aggregation routers over one or two different designated ("WAN") links upon initialisation.
The eBGP Functional Anycast address would be a Link-Local Visible scope address. The stub router would use its link's, SLAAC generated [RFC4861] and link unique Link-Local address [RFC4291] as the source address to reach the eBGP Functional Anycast address. Using Link-Local scope Formal Anycast and unicast addresses for this eBGP session would provide a basic level of eBGP access security.
The stub site router will need to also be preconfigured or somehow automatically generate an Autonomous System Number (ASN) to use for establishing the eBGP session or sessions. How the ASN is preconfigured or generated is out of scope for this memo, and is left to future work.
Once the eBGP session is established, the peer eBGP routers trade routes. These traded routes could include the upstream eBGP providing a default route or other more specific routes, and the downstream stub site router providing a route to its downstream prefix or prefixes.
The downstream prefix or prefixes could be those the stub site router has learned via DHCPv6 Prefix Delegation (DHCPv6-PD) [RFC3633]. An advantage of having the stub site router inject DHCPv6-PD prefixes into the BGP routing domain is that the route information for this or these prefixes within the BGP routing domain would more accurately reflect the state and therefore the availability of the prefixes at the site they've been assigned and are being used it. Stub site routers announcing their own prefixes would also distribute the announcement processing load across the stub site routers rather than concentrating it at the upstream aggregation router(s). This also avoids the upstream aggregation router having to process the DHCPv6-PD response to determine the assigned delegated prefix for subsequent BGP announcement [RFC about doing this?], meaning it can act as a much simpler and pure DHCPv6 relay [RFC3315].
The upstream link(s) that a stub site is attached to does not have to be limitied to being a true link-layer point-to-point link, meaning that the link only supports a single router pair of a stub and upstream aggregation router. The link could be a multi-access link, with the single link supporting many stub site routers and a number of upstream aggregation routers.
As the eBGP Functional Anycast address is a Link-Local Visible Scope address, the address is configured as an anycast address on the upstream aggregation routers' stub site facing network interface. This results in the receiver of the Neighbor Advertisements for this address using the information received in the first received Neighbor Advertisement to update its neighbor cache, rather than the last and most recently received Neighbor Advertisement. These types of Neighbor Advertisements are known as "Anycast Neighbor Advertisements" in [RFC4861].
[RFC4861] says that Anycast Neighbor Advertisements should be delayed a random amount of time between 0 and MAX_ANYCAST_DELAY_TIME, a variable with a default value of 1 second. This random delay is to reduce the probability of loss of the Neighbor Advertisement due to network congestion.
Specific to this eBGP use case, the Anycast Neighbor Advertisements delay could include other metrics in the calculation to more intelligently distribute the eBGP sessions across the set of upstream aggregation routers. For example, the number of existing eBGP sessions could be a metric, where an upstream aggregation router delays its Anycast Neighbor Advertisement longer when it has more established eBGP sessions.
An operator set router preference metric could be considered, allowing the operator to more gracefully phase out a legacy upstream aggregation router by setting it preference lower than the newer upstream aggregation routers. The operator would then manually terminate the eBGP sessions individually on the legacy upstream aggregation router, at a rate of something like one ever 3 seconds, causing them to be restablished on the higher preference and newer upstream aggregation routers. This would be more graceful than terminating all eBGP sessions at once on the legacy upstream aggregation router by, for example, switching it off.
Branch office stub router, automatically attempts to establish a BGP session with a well-known functional anycast address "out of the box" over the default WAN interface.
IANA assigned well-known BGP Anycast Function Identifier
Link-local scope Functional Anycast address. Provides a minimum level of security, as only possible to establish BGP sessions between direct link peers.
Use unspecified prefix (comment that fe80::/64 could be used, although unnecessary)
Well-known AS Number used by all stub routers. This makes the BGP sessions eBGP sessions. Routers will reject routes from other stub routers using the same ASN, however this is both fine and ideal as this is a stub router - default only plus announcing its local prefix(es).
Sub router acquires a delegated prefix via DHCPv6-PD
The delegated prefix is announced via the BGP session. Stops the upstream aggregation router needing to observe a DHCPv6 server's relayed response to then announce the delegated prefix into the network.
Upstrem router accepts and establishes BGP sessions with any link-local address from the well known ASN, to the Functional Anycast BGP address.
There are potential trust issues here. BGPsec? Use the first BGP session to bootstrap connectivity to then establish a more trusted connection of some sort via PKI. Requirement for being link-local peers adds a minimal level of security and trust, but not much.
ISP DNS anycast resolvers
Don't want it to be globally reachable across the Internet to mitigate DDoS attacks on the DNS resolver i.e. don't use GUA address(es)
Can't use a prefix that has the possibility of colliding with any of the customers' prefixes. ULA addresses would meet this requirement.
However, per [RFC4193], ULAs have a site scope. The boundaries of customers' networks correspond to site boundaries, and therefore the ISP's ULA prefix is not reachable from customers' networks unless customers' network boundary routers are explicitly configured to provide ISP ULA prefix access.
Organisation Local Functional Anycast address meets all of the requirements.
We Have The Time Company (WHTT) are an enterprise who specialise in providing accurate time to global clients across the Internet, via the Network Time Protocol.
To provide robust time across they Internet, they provide access to their NTP servers via Functional Anycast addresses.
WHTT have a GUA /32 assignment from their Regional Internet Registry. They provide time to clients via the following Global scope Functional Anycast address, with a Global scope, an anycast domain Prefix of 2001:db8::/32, a Prefix Length of 32 (0x20), and the well known NTP Anycast Function Identifier of 0x101.
Functional Anycast addresses should not introduce any new security concerns in comparison to the use of addresses from within the unicast address space as anycast addresses. [RFC7094] provides considerable anycast related security discussion and references.
The ability to identify a Functional Anycast address using its well known 8 bit prefix, and the inclusion of forwarding scopes in the addresses, provide opportunies to enhance security of anycast services.
IANA are requested to register the aa00::/8 prefix in the Internet Protocol Version 6 Address Space registry for use with Formal Anycast addresses. If aa00::/8 is not chosen, then fa00::/8 is a proposed alternative.
IANA are requested to register a new ICMPv6 Destination Unreachble code for Edge of Visible Scope Reached.
IANA are requested to establish a registry for the Flags field of Functional Anycast addresses, and to reserve the T flag to indicate transient Anycast Function Identifiers.
IANA are requested to establish a registry for well known Anycast Function Identifiers, and to reserve the values described previously in the "Assigned Anycast Function Identifers" section of this memo.
Review and comments were provided by YOUR NAME HERE!
This memo was prepared using the xml2rfc tool.
draft-smith-6man-form-func-anycast-addresses-00, initial version, 2017-02-XX