1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
|
Network Working Group S. Miyakawa
Request for Comments: 3769 NTT Communications Corporation
Category: Informational R. Droms
Cisco
June 2004
Requirements for IPv6 Prefix Delegation
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004).
Abstract
This document describes requirements for how IPv6 address prefixes
should be delegated to an IPv6 subscriber's network (or "site").
1. Introduction
With the deployment of IPv6 [1], several Internet Service Providers
are ready to offer IPv6 access to the public. In conjunction with
widely deployed "always on" media such as ADSL and the expectation
that customers will be assigned a /48 IPv6 unicast address prefix
(see RFC 3513 [3] and section 3 of RFC 3177 [2]), an efficient
mechanism for delegating address prefixes to the customer's sites is
needed. The delegation mechanism will be intended to automate the
process of informing the customer's networking equipment of the
prefixes to be used at the customer's site.
This document clarifies the requirements for IPv6 address prefix
delegation from the ISP to the site.
Miyakawa & Droms Informational [Page 1]
^L
RFC 3769 Requirements IPv6 Prefix Delegation June 2004
2. Scenario and terminology
The following figure illustrates a likely example for the
organization of a network providing subscription IPv6 service:
/------\
/ \
+ |
/ \ /
+---------------+ +--------+/ \------/
|ISP Edge Router|Point-to-point|Customer+
| +--------------+ Router | Customer networks
| (PE) | link | (CPE) +
+---------------+ +--------+\ /------\
\ / \
+ |
\ /
\------/
Figure 1: Illustration of ISP-customer network architecture
Terminology:
PE: Provider edge device; the device connected to the service
provider's network infrastructure at which the link to the
customer site is terminated
CPE: Customer premises equipment; the device at the customer site at
which the link to the ISP is terminated
3. Requirements for Prefix Delegation
The purpose of the prefix delegation mechanism is to delegate and
manage prefixes to the CPE automatically.
3.1. Number and Length of Delegated Prefixes
The prefix delegation mechanism should allow for delegation of
prefixes of lengths between /48 and /64, inclusively. Other lengths
should also be supported. The mechanism should allow for delegation
of more than one prefix to the customer.
Miyakawa & Droms Informational [Page 2]
^L
RFC 3769 Requirements IPv6 Prefix Delegation June 2004
3.2. Use of Delegated Prefixes in Customer Network
The prefix delegation mechanism must not prohibit or inhibit the
assignment of longer prefixes, created from the delegated prefixes,
to links within the customer network. The prefix delegation
mechanism is not required to report any prefix delegations within the
customer's network back to the ISP.
3.3. Static and Dynamic Assignment
The prefix delegation mechanism should allow for long-lived static
pre-assignment of prefixes and for automated, possibly short-lived,
on-demand, dynamic assignment of prefixes to a customer.
3.4. Policy-based Assignment
The prefix delegation mechanism should allow for the use of policy in
assigning prefixes to a customer. For example, the customer's
identity and type of subscribed service may be used to determine the
address block from which the customer's prefix is selected, and the
length of the prefix assigned to the customer.
3.5. Expression of Requirements or Preferences by the CPE
The CPE must be able to express requirements or preferences in its
request to the PE. For example, the CPE should be able to express a
preference for a prefix length.
3.6. Security and Authentication
The prefix delegation mechanism must provide for reliable
authentication of the identity of the customer to which the prefixes
are to be assigned, and must provide for reliable, secure
transmission of the delegated prefixes to the customer.
The prefix delegation should provide for reliable authentication of
the identity of the service provider's edge router.
3.7. Accounting
The prefix delegation mechanism must allow for the ISP to obtain
accounting information about delegated prefixes from the PE.
3.8. Hardware technology Considerations
The prefix delegation mechanism should work on any hardware link
technology between the PE and the CPE and should be hardware
technology independent. The mechanism must work on shared links.
Miyakawa & Droms Informational [Page 3]
^L
RFC 3769 Requirements IPv6 Prefix Delegation June 2004
The mechanism should work with all hardware technologies with either
an authentication mechanism or without, but ISPs would like to take
advantage of the hardware technology's authentication mechanism if it
exists.
4. Security considerations
Section 3.6 specifies security requirements for the prefix delegation
mechanism. For point to point links, where one trusts that there is
no man in the middle, or one trusts layer two authentication,
authentication may not be necessary.
A rogue PE can issue bogus prefixes to a requesting router. This may
cause denial of service due to unreachability.
A rogue CPE may be able to mount a denial of service attack by
repeated requests for delegated prefixes that exhaust the PE's
available prefixes.
5. Acknowledgments
The authors would like to express thanks to Randy Bush, Thomas
Narten, Micheal Py, Pekka Savola, Dave Thaler, as well as other
members of the IPv6 working group and the IESG for their review and
constructive comments. The authors would also like to thank the
people in the IPv6 operation group of the Internet Association of
Japan and NTT Communications IPv6 project, especially Toshi Yamasaki
and Yasuhiro Shirasaki for their original discussion and suggestions.
6. Informative References
[1] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6)
Specification", RFC 2460, December 1998.
[2] IAB and IESG, "IAB/IESG Recommendations on IPv6 Address", RFC
3177, September 2001.
[3] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6)
Addressing Architecture", RFC 3513, April 2003.
Miyakawa & Droms Informational [Page 4]
^L
RFC 3769 Requirements IPv6 Prefix Delegation June 2004
7. Authors' Addresses
Shin Miyakawa
NTT Communications Corporation
Tokyo
Japan
Phone: +81-3-6800-3262
EMail: miyakawa@nttv6.jp
Ralph Droms
Cisco
1414 Massachusetts Avenue
Boxborough, MA 01719
USA
Phone: +1 978.936.1674
EMail: rdroms@cisco.com
Miyakawa & Droms Informational [Page 5]
^L
RFC 3769 Requirements IPv6 Prefix Delegation June 2004
8. Full Copyright Statement
Copyright (C) The Internet Society (2004). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Miyakawa & Droms Informational [Page 6]
^L
|