1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
|
Internet Engineering Task Force (IETF) M. Stenberg
Request for Comments: 7788 S. Barth
Category: Standards Track Independent
ISSN: 2070-1721 P. Pfister
Cisco Systems
April 2016
Home Networking Control Protocol
Abstract
This document describes the Home Networking Control Protocol (HNCP),
an extensible configuration protocol, and a set of requirements for
home network devices. HNCP is described as a profile of and
extension to the Distributed Node Consensus Protocol (DNCP). HNCP
enables discovery of network borders, automated configuration of
addresses, name resolution, service discovery, and the use of any
routing protocol that supports routing based on both the source and
destination address.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7788.
Stenberg, et al. Standards Track [Page 1]
^L
RFC 7788 Home Networking Control Protocol April 2016
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Applicability . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. Requirements Language . . . . . . . . . . . . . . . . . . 7
3. DNCP Profile . . . . . . . . . . . . . . . . . . . . . . . . 7
4. HNCP Versioning and Router Capabilities . . . . . . . . . . . 9
5. Interface Classification . . . . . . . . . . . . . . . . . . 9
5.1. Interface Categories . . . . . . . . . . . . . . . . . . 9
5.2. DHCP-Aided Auto-Detection . . . . . . . . . . . . . . . . 10
5.3. Algorithm for Border Discovery . . . . . . . . . . . . . 11
6. Autonomous Address Configuration . . . . . . . . . . . . . . 12
6.1. Common Link . . . . . . . . . . . . . . . . . . . . . . . 12
6.2. External Connections . . . . . . . . . . . . . . . . . . 13
6.3. Prefix Assignment . . . . . . . . . . . . . . . . . . . . 14
6.3.1. Prefix Assignment Algorithm Parameters . . . . . . . 14
6.3.2. Making New Assignments . . . . . . . . . . . . . . . 16
6.3.3. Applying Assignments . . . . . . . . . . . . . . . . 17
6.3.4. DHCPv6 Prefix Delegation . . . . . . . . . . . . . . 17
6.4. Node Address Assignment . . . . . . . . . . . . . . . . . 17
6.5. Local IPv4 and ULA Prefixes . . . . . . . . . . . . . . . 18
7. Configuration of Hosts and Non-HNCP Routers . . . . . . . . . 19
7.1. IPv6 Addressing and Configuration . . . . . . . . . . . . 19
7.2. DHCPv6 for Prefix Delegation . . . . . . . . . . . . . . 20
7.3. DHCPv4 for Addressing and Configuration . . . . . . . . . 20
7.4. Multicast DNS Proxy . . . . . . . . . . . . . . . . . . . 21
8. Naming and Service Discovery . . . . . . . . . . . . . . . . 21
9. Securing Third-Party Protocols . . . . . . . . . . . . . . . 22
Stenberg, et al. Standards Track [Page 2]
^L
RFC 7788 Home Networking Control Protocol April 2016
10. Type-Length-Value Objects . . . . . . . . . . . . . . . . . . 23
10.1. HNCP-Version TLV . . . . . . . . . . . . . . . . . . . . 23
10.2. External-Connection TLV . . . . . . . . . . . . . . . . 24
10.2.1. Delegated-Prefix TLV . . . . . . . . . . . . . . . . 25
10.2.2. DHCPv6-Data TLV . . . . . . . . . . . . . . . . . . 27
10.2.3. DHCPv4-Data TLV . . . . . . . . . . . . . . . . . . 27
10.3. Assigned-Prefix TLV . . . . . . . . . . . . . . . . . . 28
10.4. Node-Address TLV . . . . . . . . . . . . . . . . . . . . 29
10.5. DNS-Delegated-Zone TLV . . . . . . . . . . . . . . . . . 30
10.6. Domain-Name TLV . . . . . . . . . . . . . . . . . . . . 31
10.7. Node-Name TLV . . . . . . . . . . . . . . . . . . . . . 31
10.8. Managed-PSK TLV . . . . . . . . . . . . . . . . . . . . 32
11. General Requirements for HNCP Nodes . . . . . . . . . . . . . 32
12. Security Considerations . . . . . . . . . . . . . . . . . . . 34
12.1. Interface Classification . . . . . . . . . . . . . . . . 34
12.2. Security of Unicast Traffic . . . . . . . . . . . . . . 35
12.3. Other Protocols in the Home . . . . . . . . . . . . . . 35
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 37
14.1. Normative References . . . . . . . . . . . . . . . . . . 37
14.2. Informative References . . . . . . . . . . . . . . . . . 39
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 40
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 40
1. Introduction
The Home Networking Control Protocol (HNCP) is designed to facilitate
the sharing of state among home routers to fulfill the needs of the
IPv6 homenet architecture [RFC7368], which assumes zero-configuration
operation, multiple subnets, multiple home routers, and (potentially)
multiple upstream service providers providing (potentially) multiple
prefixes to the home network. While RFC 7368 sets no requirements
for IPv4 support, HNCP aims to support the dual-stack mode of
operation, and therefore the functionality is designed with that in
mind. The state is shared as TLVs transported in the DNCP node state
among the routers (and potentially advanced hosts) to enable:
o Autonomic discovery of network borders (Section 5.3) based on
Distributed Node Consensus Protocol (DNCP) topology.
o Automated portioning of prefixes delegated by the service
providers as well as assigned prefixes to both HNCP and non-HNCP
routers (Section 6.3) using [RFC7695]. Prefixes assigned to HNCP
routers are used to:
* Provide addresses to non-HNCP aware nodes (using Stateless
Address Autoconfiguration (SLAAC) and DHCP).
Stenberg, et al. Standards Track [Page 3]
^L
RFC 7788 Home Networking Control Protocol April 2016
* Provide space in which HNCP nodes assign their own addresses
(Section 6.4).
o Internal and external name resolution, as well as multi-link
service discovery (Section 8).
o Other services not defined in this document that do need to share
state among homenet nodes and do not cause rapid and constant TLV
changes (see the following applicability section).
HNCP is a protocol based on DNCP [RFC7787] and includes a DNCP
profile that defines transport and synchronization details for
sharing state across nodes defined in Section 3. The rest of the
document defines behavior of the services noted above, how the
required TLVs are encoded (Section 10), as well as additional
requirements on how HNCP nodes should behave (Section 11).
1.1. Applicability
While HNCP does not deal with routing protocols directly (except
potentially informing them about internal and external interfaces if
classification specified in Section 5.3 is used), in homenet
environments where multiple IPv6 source prefixes can be present,
routing based on the source and destination address is necessary
[RFC7368]. Ideally, the routing protocol is also zero configuration
(e.g., no need to configure identifiers or metrics), although HNCP
can also be used with a manually configured routing protocol.
As HNCP uses DNCP as the actual state synchronization protocol, the
applicability statement of DNCP applies here as well; HNCP should not
be used for any data that changes rapidly and constantly. If such
data needs to be published in an HNCP network, 1) a more applicable
protocol should be used for those portions, and 2) locators to a
server of said protocol should be announced using HNCP instead. An
example for this is naming and service discovery (Section 8) for
which HNCP only transports DNS server addresses and no actual per-
name or per-service data of hosts.
HNCP TLVs specified within this document, in steady state, stay
constant, with one exception: as Delegated-Prefix TLVs
(Section 10.2.1) do contain lifetimes, they force republishing of
that data every time the valid or preferred lifetimes of prefixes are
updated (significantly). Therefore, it is desirable for ISPs to
provide large enough valid and preferred lifetimes to avoid
unnecessary HNCP state churn in homes, but even given non-cooperating
ISPs, the state churn is proportional only to the number of
externally received delegated prefixes and not to the home network
size, and it should therefore be relatively low.
Stenberg, et al. Standards Track [Page 4]
^L
RFC 7788 Home Networking Control Protocol April 2016
HNCP assumes a certain level of control over host configuration
servers (e.g., DHCP [RFC2131]) on links that are managed by its
routers. Some HNCP functionality (such as border discovery or some
aspects of naming) might be affected by existing DHCP servers that
are not aware of the HNCP-managed network and thus might need to be
reconfigured to not result in unexpected behavior.
While HNCP routers can provide configuration to and receive
configuration from non-HNCP routers, they are not able to traverse
such devices based solely on the protocol as defined in this
document, i.e., HNCP routers that are connected only by different
interfaces of a non-HNCP router will not be part of the same HNCP
network.
While HNCP is designed to be used by (home) routers, it can also be
used by advanced hosts that want to do, e.g., their own address
assignment and routing.
HNCP is link-layer agnostic; if a link supports IPv6 (link-local)
multicast and unicast, HNCP will work on it. Trickle retransmissions
and keep-alives will handle both packet loss and non-transitive
connectivity, ensuring eventual convergence.
2. Terminology
The following terms are used as they are defined in [RFC7695]:
o Advertised Prefix Priority
o Advertised Prefix
o Assigned Prefix
o Delegated Prefix
o Prefix Adoption
o Private Link
o Published Assigned Prefix
o Applied Assigned Prefix
o Shared Link
Stenberg, et al. Standards Track [Page 5]
^L
RFC 7788 Home Networking Control Protocol April 2016
The following terms are used as they are defined in [RFC7787]:
o DNCP profile
o Node identifier
o Link
o Interface
(HNCP) node a device implementing this specification.
(HNCP) router a device implementing this specification, which
forwards traffic on behalf of other devices.
Greatest node when comparing the DNCP node identifiers of
identifier multiple nodes, the one that has the greatest value
in a bitwise comparison.
Border separation point between administrative domains; in
this case, between the home network and any other
network, i.e., usually an ISP network.
Internal link a link that does not cross borders.
Internal an interface that is connected to an internal link.
interface
External an interface that is connected to a link that is
interface not an internal link.
Interface a local configuration denoting the use of a
category particular interface. The Interface category
determines how an HNCP node should treat the
particular interface. The External and Internal
categories mark the interface as out of or within
the network border; there are also a number of
subcategories of Internal that further affect local
node behavior. See Section 5.1 for a list of
interface categories and how they behave. The
Internal or External category may also be auto-
detected (Section 5.3).
Border router a router announcing external connectivity and
forwarding traffic across the network border.
Stenberg, et al. Standards Track [Page 6]
^L
RFC 7788 Home Networking Control Protocol April 2016
Common Link a set of nodes on a link that share a common view
of it, i.e., they see each other's traffic and the
same set of hosts. Unless configured otherwise,
transitive connectivity is assumed.
DHCPv4 refers to the Dynamic Host Configuration Protocol
[RFC2131] in this document.
DHCPv6 refers to the Dynamic Host Configuration Protocol
for IPv6 (DHCPv6) [RFC3315] in this document.
DHCP refers to cases that apply to both DHCPv4 and
DHCPv6 in this document.
2.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in RFC
2119 [RFC2119].
3. DNCP Profile
The DNCP profile for HNCP is defined as follows:
o HNCP uses UDP datagrams on port 8231 as a transport over link-
local scoped IPv6, using unicast and multicast
(FF02:0:0:0:0:0:0:11 is the HNCP group address). Received
datagrams where either or both of the IPv6 source or destination
addresses are not link-local scoped MUST be ignored. Replies to
multicast and unicast messages MUST be sent to the IPv6 source
address and port of the original message. Each node MUST be able
to receive (and potentially reassemble) UDP datagrams with a
payload of at least 4000 bytes.
o HNCP operates on multicast-capable interfaces only. HNCP nodes
MUST assign a non-zero 32-bit endpoint identifier to each
interface for which HNCP is enabled. The value 0 is not used in
DNCP TLVs but has a special meaning in HNCP TLVs (see Sections 6.4
and 10.3). These identifiers MUST be locally unique within the
scope of the node, and using values equivalent to the IPv6 link-
local scope identifiers for the given interfaces are RECOMMENDED.
o HNCP uses opaque 32-bit node identifiers
(DNCP_NODE_IDENTIFIER_LENGTH = 32). A node implementing HNCP
SHOULD use a random node identifier. If there is a node
identifier collision (as specified in the Node-State TLV handling
of Section 4.4 of [RFC7787]), the node MUST immediately generate
Stenberg, et al. Standards Track [Page 7]
^L
RFC 7788 Home Networking Control Protocol April 2016
and use a new random node identifier that is not used by any other
node at the time, based on the current DNCP network state.
o HNCP nodes MUST use the leading 64 bits of the MD5 message digest
[RFC1321] as the DNCP hash function H(x) used in building the DNCP
hash tree.
o HNCP nodes MUST use DNCP's per-endpoint keep-alive extension on
all endpoints. The following parameters are suggested:
* Default keep-alive interval (DNCP_KEEPALIVE_INTERVAL): 20
seconds.
* Multiplier (DNCP_KEEPALIVE_MULTIPLIER): 2.1 on virtually
lossless links works fine, as it allows for one lost keep-
alive. If used on a lossy link, a considerably higher
multiplier, such as 15, should be used instead. In that case,
an implementation might prefer shorter keep-alive intervals on
that link as well to ensure that the timeout (equal to
DNCP_KEEPALIVE_INTERVAL * DNCP_KEEPALIVE_MULTIPLIER) after
which entirely lost nodes time out is low enough.
o HNCP nodes use the following Trickle parameters for the per-
interface Trickle instances:
* k SHOULD be 1, as the timer reset when data is updated, and
further retransmissions should handle packet loss. Even on a
non-transitive lossy link, the eventual per-endpoint keep-
alives should ensure status synchronization occurs.
* Imin SHOULD be 200 milliseconds but MUST NOT be lower. Note:
earliest transmissions may occur at Imin / 2.
* Imax SHOULD be 7 doublings of Imin [RFC6206] but MUST NOT be
lower.
o HNCP unicast traffic SHOULD be secured using Datagram Transport
Layer Security (DTLS) [RFC6347] as described in DNCP if exchanged
over unsecured links. UDP on port 8232 is used for this purpose.
A node implementing HNCP security MUST support the DNCP Pre-Shared
Key (PSK) method, SHOULD support the PKI-based trust method, and
MAY support the DNCP certificate-based trust consensus method.
[RFC7525] provides guidance on how to securely utilize DTLS.
o HNCP nodes MUST ignore all Node-State TLVs received via multicast
on a link that has DNCP security enabled in order to prevent
spoofing of node state changes.
Stenberg, et al. Standards Track [Page 8]
^L
RFC 7788 Home Networking Control Protocol April 2016
4. HNCP Versioning and Router Capabilities
Multiple versions of HNCP based on compatible DNCP profiles may be
present in the same network when transitioning between HNCP versions,
and for troubleshooting purposes, it might be beneficial to identify
the HNCP agent version running. Therefore, each node MUST include an
HNCP-Version TLV (Section 10.1) indicating the currently supported
version in its node data and MUST ignore (except for DNCP
synchronization purposes) any TLVs that have a type greater than 32
and that are published by nodes that didn't also publish an HNCP-
Version TLV.
HNCP routers may also have different capabilities regarding
interactions with hosts, e.g., for configuration or service
discovery. These are indicated by M, P, H, and L values. The
combined "capability value" is a metric indicated by interpreting the
bits as an integer, i.e., (M << 12 | P << 8 | H << 4 | L). These
values are used to elect certain servers on a Common Link, as
described in Section 7. Nodes that are not routers MUST announce the
value 0 for all capabilities. Any node announcing the value 0 for a
capability is considered to not advertise said capability and thus
does not take part in the respective election.
5. Interface Classification
5.1. Interface Categories
HNCP specifies the following categories that interfaces can be
configured to be in:
Internal category: This declares an interface to be internal, i.e.,
within the borders of the HNCP network. The interface MUST
operate as a DNCP endpoint. Routers MUST forward traffic with
appropriate source addresses between their internal interfaces and
allow internal traffic to reach external networks. All nodes MUST
implement this category, and nodes not implementing any other
category implicitly use it as a fixed default.
External category: This declares an interface to be external, i.e.,
not within the borders of the HNCP network. The interface MUST
NOT operate as a DNCP endpoint. Accessing internal resources from
external interfaces is restricted, i.e., the use of Recommended
Simple Security Capabilities in Customer Premises Equipments
(CPEs) [RFC6092] is RECOMMENDED. HNCP routers SHOULD announce
acquired configuration information for use in the network as
described in Section 6.2, if the interface appears to be connected
to an external network. HNCP routers MUST implement this
category.
Stenberg, et al. Standards Track [Page 9]
^L
RFC 7788 Home Networking Control Protocol April 2016
Leaf category: This declares an interface used by client devices
only. Such an interface uses the Internal category with the
exception that it MUST NOT operate as a DNCP endpoint. This
category SHOULD be supported by HNCP routers.
Guest category: This declares an interface used by untrusted client
devices only. In addition to the restrictions of the Leaf
category, HNCP routers MUST filter traffic from and to the
interface such that connected devices are unable to reach other
devices inside the HNCP network or query services advertised by
them unless explicitly allowed. This category SHOULD be supported
by HNCP routers.
Ad Hoc category: This configures an interface to use the Internal
category, but no assumption is made about the link's transitivity.
All other interface categories assume transitive connectivity.
This affects the Common Link (Section 6.1) definition. Support
for this category is OPTIONAL.
Hybrid category: This declares an interface to use the Internal
category while still trying to acquire (external) configuration
information on it, e.g., by running DHCP clients. This is useful,
e.g., if the link is shared with a non-HNCP router under control
and still within the borders of the same network. Detection of
this category automatically in addition to manual configuration is
out of scope of this document. Support for this category is
OPTIONAL.
5.2. DHCP-Aided Auto-Detection
Auto-detection of interface categories is possible based on
interaction with DHCPv4 [RFC2131] and DHCPv6 Prefix Delegation
(DHCPv6-PD) [RFC3633] servers on connected links. HNCP defines
special DHCP behavior to differentiate its internal servers from
external ones in order to achieve this. Therefore, all internal
devices (including HNCP nodes) running DHCP servers on links where
auto-detection is used by any HNCP node MUST use the following
mechanism based on "The User Class Option for DHCP" [RFC3004] and its
DHCPv6 counterpart [RFC3315]:
o The device MUST ignore or reject DHCP-Requests containing a DHCP
user class consisting of the ASCII string "HOMENET".
Not following this rule (e.g., running unmodified DHCP servers) might
lead to false positives when auto-detection is used, i.e., HNCP nodes
assume an interface to not be internal, even though it was intended
to be.
Stenberg, et al. Standards Track [Page 10]
^L
RFC 7788 Home Networking Control Protocol April 2016
5.3. Algorithm for Border Discovery
This section defines the interface classification algorithm. It is
suitable for both IPv4 and IPv6 (single or dual stack) and detects
the category of an interface either automatically or based on a fixed
configuration. By determining the category for all interfaces, the
network borders are implicitly defined, i.e., all interfaces not
belonging to the External category are considered to be within the
borders of the network; all others are not.
The following algorithm MUST be implemented by any node implementing
HNCP. However, if the node does not implement auto-detection, only
the first and last step are required. The algorithm works as
follows, with evaluation stopping at first match:
1. If a fixed category is configured for an interface, it is used.
2. If a delegated prefix could be acquired by running a DHCPv6
client, it is considered external. The DHCPv6 client MUST have
included a DHCPv6 user class consisting of the ASCII string
"HOMENET" in all of its requests.
3. If an IPv4 address could be acquired by running a DHCPv4 client
on the interface, it is considered external. The DHCPv4 client
MUST have included a DHCP user class consisting of the ASCII
string "HOMENET" in all of its requests.
4. The interface is considered internal.
Note that as other HNCP nodes will ignore the client due to the User
Class option, any server that replies is clearly external (or a
malicious internal node).
An HNCP router SHOULD allow setting the fixed category for each
interface that may be connected to either an internal or external
device (e.g., an Ethernet port that can be connected to a modem,
another HNCP router, or a client). Note that all fixed categories
except internal and external cannot be auto-detected and can only be
selected using manual configuration.
An HNCP router using auto-detection on an interface MUST run the
appropriately configured DHCP clients as long as the interface
without a fixed category is active (including states where auto-
detection considers it to be internal) and rerun the algorithm above
to react to conditions resulting in a different interface category.
The router SHOULD wait for a reasonable time period (5 seconds as a
Stenberg, et al. Standards Track [Page 11]
^L
RFC 7788 Home Networking Control Protocol April 2016
default), during which the DHCP clients can acquire a lease, before
treating a newly activated or previously external interface as
internal.
6. Autonomous Address Configuration
This section specifies how HNCP nodes configure host and node
addresses. At first, border routers share information obtained from
service providers or local configuration by publishing one or more
External-Connection TLVs (Section 10.2). These contain other TLVs
such as Delegated-Prefix TLVs (Section 10.2.1) that are then used for
prefix assignment. Finally, HNCP nodes obtain addresses either
statelessly or using a specific stateful mechanism (Section 6.4).
Hosts and non-HNCP routers are configured using SLAAC, DHCP, or
DHCPv6-PD.
6.1. Common Link
HNCP uses the concept of Common Link both in autonomic address
configuration and naming and service discovery (Section 8). A Common
Link refers to the set of interfaces of nodes that see each other's
traffic and presumably also the traffic of all hosts that may use the
nodes to, e.g., forward traffic. Common Links are used, e.g., to
determine where prefixes should be assigned or which peers
participate in the election of a DHCP server. The Common Link is
computed separately for each local internal interface, and it always
contains the local interface. Additionally, if the local interface
is not set to the Ad Hoc category (see Section 5.1), it also contains
the set of interfaces that are bidirectionally reachable from the
given local interface; that is, every remote interface of a remote
node meeting all of the following requirements:
o The local node publishes a Peer TLV with:
* Peer Node Identifier = remote node's node identifier
* Peer Endpoint Identifier = remote interface's endpoint
identifier
* Endpoint Identifier = local interface's endpoint identifier
o The remote node publishes a Peer TLV with:
* Peer Node Identifier = local node's node identifier
* Peer Endpoint Identifier = local interface's endpoint
identifier
Stenberg, et al. Standards Track [Page 12]
^L
RFC 7788 Home Networking Control Protocol April 2016
* Endpoint Identifier = remote interface's endpoint identifier
A node MUST be able to detect whether two of its local internal
interfaces are connected, e.g., by detecting an identical remote
interface being part of the Common Links of both local interfaces.
6.2. External Connections
Each HNCP router MAY obtain external connection information such as
address prefixes, DNS server addresses, and DNS search paths from one
or more sources, e.g., DHCPv6-PD [RFC3633], NETCONF [RFC6241], or
static configuration. Each individual external connection to be
shared in the network is represented by one External-Connection TLV
(Section 10.2).
Announcements of individual external connections can consist of the
following components:
Delegated Prefixes: Address space available for assignment to
internal links announced using Delegated-Prefix TLVs
(Section 10.2.1). Some address spaces might have special
properties that are necessary to understand in order to handle
them (e.g., information similar to [RFC6603]). This information
is encoded using DHCPv6-Data TLVs (Section 10.2.2) inside the
respective Delegated-Prefix TLVs.
Auxiliary Information: Information about services such as DNS or
time synchronization regularly used by hosts in addition to
addressing and routing information. This information is encoded
using DHCPv6-Data TLVs (Section 10.2.2) and DHCPv4-Data TLVs
(Section 10.2.3).
Whenever information about reserved parts (e.g., as specified in
[RFC6603]) is received for a delegated prefix, the reserved parts
MUST be advertised using Assigned-Prefix TLVs (Section 10.3) with the
greatest priority (i.e., 15), as if they were assigned to a Private
Link.
Some connections or delegated prefixes may have a special meaning and
are not regularly used for internal or Internet connectivity;
instead, they may provide access to special services like VPNs,
sensor networks, Voice over IP (VoIP), IPTV, etc. Care must be taken
that these prefixes are properly integrated and dealt with in the
network, in order to avoid breaking connectivity for devices who are
not aware of their special characteristics or to only selectively
allow certain devices to use them. Such prefixes are distinguished
using Prefix-Policy TLVs (Section 10.2.1.1). Their contents MAY be
Stenberg, et al. Standards Track [Page 13]
^L
RFC 7788 Home Networking Control Protocol April 2016
partly opaque to HNCP nodes, and their identification and usage
depends on local policy. However, the following general rules MUST
be adhered to:
Special rules apply when making address assignments for prefixes
with Prefix-Policy TLVs with type 131, as described in
Section 6.3.2.
In the presence of any type 1 to 128 Prefix-Policy TLV, the prefix
is specialized to reach destinations denoted by any such Prefix-
Policy TLV, i.e., in absence of a type 0 Prefix-Policy TLV, it is
not usable for general Internet connectivity. An HNCP router MAY
enforce this restriction with appropriate packet filter rules.
6.3. Prefix Assignment
HNCP uses the prefix assignment algorithm [RFC7695] in order to
assign prefixes to HNCP internal links and uses some of the
terminology (Section 2) defined there. HNCP furthermore defines the
Assigned-Prefix TLV (Section 10.3), which MUST be used to announce
Published Assigned Prefixes.
6.3.1. Prefix Assignment Algorithm Parameters
All HNCP nodes running the prefix assignment algorithm use the
following values for its parameters:
Node IDs: HNCP node identifiers are used. The comparison operation
is defined as bitwise comparison.
Set of Delegated Prefixes: The set of prefixes encoded in
Delegated-Prefix TLVs that are not strictly included in prefixes
encoded in other Delegated-Prefix TLVs. Note that Delegated-
Prefix TLVs included in ignored External-Connection TLVs are not
considered. It is dynamically updated as Delegated-Prefix TLVs
are added or removed.
Set of Shared Links: The set of Common Links associated with
interfaces with the Internal, Leaf, Guest, or Ad Hoc category. It
is dynamically updated as interfaces are added, removed, or
switched from one category to another. When multiple interfaces
are detected as belonging to the same Common Link, prefix
assignment is disabled on all of these interfaces except one.
Stenberg, et al. Standards Track [Page 14]
^L
RFC 7788 Home Networking Control Protocol April 2016
Set of Private Links: This document defines Private Links as
representing DHCPv6-PD clients or as a mean to advertise prefixes
included in the DHCPv6 Exclude Prefix option. Other
implementation-specific Private Links may be defined whenever a
prefix needs to be assigned for a purpose that does not require a
consensus with other HNCP nodes.
Set of Advertised Prefixes: The set of prefixes included in
Assigned-Prefix TLVs advertised by other HNCP nodes (prefixes
advertised by the local node are not in this set). The associated
Advertised Prefix Priority is the priority specified in the TLV.
The associated Shared Link is determined as follows:
* If the Link Identifier is 0, the Advertised Prefix is not
assigned on a Shared Link.
* If the other node's interface identified by the Link Identifier
is included in one of the Common Links used for prefix
assignment, it is considered as assigned on the given Common
Link.
* Otherwise, the Advertised Prefix is not assigned on a Shared
Link.
Advertised Prefixes as well as their associated priorities and
associated Shared Links MUST be updated as Assigned-Prefix TLVs
are added, updated, or removed, and as Common Links are modified.
ADOPT_MAX_DELAY: The default value is 0 seconds (i.e., prefix
adoption is done instantly).
BACKOFF_MAX_DELAY: The default value is 4 seconds.
RANDOM_SET_SIZE: The default value is 64.
Flooding Delay: The default value is 5 seconds.
Default Advertised Prefix Priority: When a new assignment is
created or an assignment is adopted -- as specified in the prefix
assignment algorithm routine -- the default Advertised Prefix
Priority to be used is 2.
Stenberg, et al. Standards Track [Page 15]
^L
RFC 7788 Home Networking Control Protocol April 2016
6.3.2. Making New Assignments
Whenever the prefix assignment algorithm subroutine (Section 4.1 of
[RFC7695]) is run on a Common Link, and whenever a new prefix may be
assigned (case 1 of the subroutine: no Best Assignment and no Current
Assignment), the decision of whether the assignment of a new prefix
is desired MUST follow these rules in order:
If the Delegated-Prefix TLV contains a DHCPv6-Data TLV, and the
meaning of one of the DHCP options is not understood by the HNCP
node, the creation of a new prefix is not desired. This rule
applies to TLVs inside Delegated-Prefix TLVs but not to those
inside External-Connection TLVs.
If the remaining preferred lifetime of the prefix is 0 and there
is another delegated prefix of the same IP version used for prefix
assignment with a non-zero preferred lifetime, the creation of a
new prefix is not desired.
If the Delegated-Prefix TLV does not include a Prefix-Policy TLV
indicating restrictive assignment (type 131) or if local policy
exists to identify it based on, e.g., other Prefix-Policy TLV
values and allows assignment, the creation of a new prefix is
desired.
Otherwise, the creation of a new prefix is not desired.
If the considered delegated prefix is an IPv6 prefix, and whenever
there is at least one available prefix of length 64, a prefix of
length 64 MUST be selected unless configured otherwise. In case no
prefix of length 64 would be available, a longer prefix MAY be
selected even without configuration.
If the considered delegated prefix is an IPv4 prefix (Section 6.5
details how IPv4-delegated prefixes are generated), a prefix of
length 24 SHOULD be preferred.
In any case, an HNCP router making an assignment MUST support a
mechanism suitable to distribute addresses from the considered prefix
if the link is intended to be used by clients. In this case, a
router assigning an IPv4 prefix MUST announce the L-capability, and a
router assigning an IPv6 prefix with a length greater than 64 MUST
announce the H-capability as defined in Section 4.
Stenberg, et al. Standards Track [Page 16]
^L
RFC 7788 Home Networking Control Protocol April 2016
6.3.3. Applying Assignments
The prefix assignment algorithm indicates when a prefix is applied to
the respective Common Link. When that happens, each router connected
to said link:
MUST forward traffic destined to said prefix to the respective
link.
MUST participate in the client configuration election as described
in Section 7, if the link is intended to be used by clients.
MAY add an address from said prefix to the respective network
interface as described in Section 6.4, e.g., if it is to be used
as source for locally originating traffic.
6.3.4. DHCPv6 Prefix Delegation
When an HNCP router announcing the P-Capability (Section 4) receives
a DHCPv6-PD request from a client, it SHOULD assign one prefix per
delegated prefix in the network. This set of assigned prefixes is
then delegated to the client, after it has been applied as described
in the prefix assignment algorithm. Each DHCPv6-PD client MUST be
considered as an independent Private Link, and delegation MUST be
based on the same set of delegated prefixes as the one used for
Common Link prefix assignments; however, the prefix length to be
delegated MAY be smaller than 64.
The assigned prefixes MUST NOT be given to DHCPv6-PD clients before
they are applied and MUST be withdrawn whenever they are destroyed.
As an exception to this rule, in order to shorten delays of processed
requests, a router MAY prematurely give out a prefix that is
advertised but not yet applied if it does so with a valid lifetime of
not more than 30 seconds and ensures removal or correction of
lifetimes as soon as possible.
6.4. Node Address Assignment
This section specifies how HNCP nodes reserve addresses for their own
use. Nodes MAY, at any time, try to reserve a new address from any
Applied Assigned Prefix. Each HNCP node SHOULD announce an IPv6
address and -- if it supports IPv4 -- MUST announce an IPv4 address,
whenever matching prefixes are assigned to at least one of its Common
Links. These addresses are published using Node-Address TLVs and
used to locally reach HNCP nodes for other services. Nodes SHOULD
NOT create and announce more than one assignment per IP version to
avoid cluttering the node data with redundant information unless a
special use case requires it.
Stenberg, et al. Standards Track [Page 17]
^L
RFC 7788 Home Networking Control Protocol April 2016
Stateless assignment based on Semantically Opaque Interface
Identifiers [RFC7217] SHOULD be used for address assignment whenever
possible (e.g., the prefix length is 64), otherwise (e.g., for IPv4
if supported) the following method MUST be used instead: For any
assigned prefix for which stateless assignment is not used, the first
quarter of the addresses are reserved for HNCP-based address
assignments, whereas the last three quarters are left to the DHCP
elected router (Section 4 specifies the DHCP server election
process). For example, if the prefix 192.0.2.0/24 is assigned and
applied to a Common Link, addresses included in 192.0.2.0/26 are
reserved for HNCP nodes, and the remaining addresses are reserved for
the elected DHCPv4 server.
HNCP nodes assign addresses to themselves and then (to ensure
eventual lack of conflicting assignments) publish the assignments
using the Node-Address TLV (Section 10.4).
The process of obtaining addresses is specified as follows:
o A node MUST NOT start advertising an address if it is already
advertised by another node.
o An assigned address MUST be part of an assigned prefix currently
applied on a Common Link that includes the interface specified by
the endpoint identifier.
o An address MUST NOT be used unless it has been advertised for at
least ADDRESS_APPLY_DELAY consecutive seconds and is still
currently being advertised. The default value for
ADDRESS_APPLY_DELAY is 3 seconds.
o Whenever the same address is advertised by more than one node, all
but the one advertised by the node with the greatest node
identifier MUST be removed.
6.5. Local IPv4 and ULA Prefixes
HNCP routers can create a Unique Local Address (ULA) or private IPv4
prefix to enable connectivity between local devices. These prefixes
are inserted in HNCP as if they were delegated prefixes of a
(virtual) external connection (Section 6.2). The following rules
apply:
An HNCP router SHOULD create a ULA prefix if there is no other
IPv6 prefix with a preferred time greater than 0 in the network.
It MAY also do so if there are other delegated IPv6 prefixes, but
none of which is locally generated (i.e., without any Prefix-
Policy TLV) and has a preferred time greater than 0. However, it
Stenberg, et al. Standards Track [Page 18]
^L
RFC 7788 Home Networking Control Protocol April 2016
MUST NOT do so otherwise. In case multiple locally generated ULA
prefixes are present, only the one published by the node with the
greatest node identifier is kept among those with a preferred time
greater than 0 -- if there is any.
An HNCP router MUST create a private IPv4 prefix [RFC1918]
whenever it wishes to provide IPv4 Internet connectivity to the
network and no other private IPv4 prefix with Internet
connectivity currently exists. It MAY also enable local IPv4
connectivity by creating a private IPv4 prefix if no IPv4 prefix
exists but MUST NOT do so otherwise. In case multiple IPv4
prefixes are announced, only the one published by the node with
the greatest node identifier is kept among those with a Prefix-
Policy TLV of type 0 -- if there is any. The router publishing a
prefix with Internet connectivity MUST forward IPv4 traffic to the
Internet and perform NAT on behalf of the network as long as it
publishes the prefix; other routers in the network MAY choose not
to.
Creation of such ULA and IPv4 prefixes MUST be delayed by a random
time span between 0 and 10 seconds in which the router MUST scan for
others trying to do the same.
When a new ULA prefix is created, the prefix is selected based on the
configuration, using the last non-deprecated ULA prefix, or generated
based on [RFC4193].
7. Configuration of Hosts and Non-HNCP Routers
HNCP routers need to ensure that hosts and non-HNCP downstream
routers on internal links are configured with addresses and routes.
Since DHCP clients can usually only bind to one server at a time, a
per-link and per-service election takes place.
HNCP routers may have different capabilities for configuring
downstream devices and providing naming services. Each router MUST
therefore indicate its capabilities as specified in Section 4 in
order to participate as a candidate in the election.
7.1. IPv6 Addressing and Configuration
In general, Stateless Address Autoconfiguration [RFC4861] is used for
client configuration for its low overhead and fast renumbering
capabilities. Therefore, each HNCP router sends Router
Advertisements on interfaces that are intended to be used by clients
and MUST at least include a Prefix Information Option for each
Applied Assigned Prefix that it assigned to the respective link in
every such advertisement. However, stateful DHCPv6 can be used in
Stenberg, et al. Standards Track [Page 19]
^L
RFC 7788 Home Networking Control Protocol April 2016
addition by administrative choice to, e.g., collect hostnames and use
them to provide naming services or whenever stateless configuration
is not applicable.
The designated stateful DHCPv6 server for a Common Link (Section 6.1)
is elected based on the capabilities described in Section 4. The
winner is the router (connected to the Common Link) advertising the
greatest H-capability. In case of a tie, Capability Values
(Section 4) are compared, and the router with the greatest value is
elected. In case of another tie, the router with the greatest node
identifier is elected among the routers with tied Capability Values.
The elected router MUST serve stateful DHCPv6 and SHOULD provide
naming services for acquired hostnames as outlined in Section 8; all
other nodes MUST NOT. Stateful addresses SHOULD be assigned in a way
that does not hinder fast renumbering even if the DHCPv6 server or
client do not support the DHCPv6 reconfigure mechanism, e.g., by only
handing out leases from locally generated (ULA) prefixes and prefixes
with a length different from 64 and by using low renew and rebind
times (i.e., not longer than 5 minutes). In case no router was
elected, stateful DHCPv6 is not provided. Routers that cease to be
elected DHCP servers SHOULD -- when applicable -- invalidate
remaining existing bindings in order to trigger client
reconfiguration.
7.2. DHCPv6 for Prefix Delegation
The designated DHCPv6 server for prefix delegation on a Common Link
is elected based on the capabilities described in Section 4. The
winner is the router (connected to the Common Link) advertising the
greatest P-capability. In case of a tie, Capability Values
(Section 4) are compared, and the router with the greatest value is
elected. In case of another tie, the router with the greatest node
identifier is elected among the routers with tied Capability Values.
The elected router MUST provide prefix delegation services [RFC3633]
on the given link (and follow the rules in Section 6.3.4); all other
nodes MUST NOT.
7.3. DHCPv4 for Addressing and Configuration
The designated DHCPv4 server on a Common Link (Section 6.1) is
elected based on the capabilities described in Section 4. The winner
is the router (connected to the Common Link) advertising the greatest
L-capability. In case of a tie, Capability Values (Section 4) are
compared, and the router with the greatest value is elected. In case
of another tie, the router with the greatest node identifier is
elected among the routers with tied Capability Values.
Stenberg, et al. Standards Track [Page 20]
^L
RFC 7788 Home Networking Control Protocol April 2016
The elected router MUST provide DHCPv4 services on the given link;
all other nodes MUST NOT. The elected router MUST provide IP
addresses from the pool defined in Section 6.4 and MUST announce
itself as router [RFC2132] to clients.
DHCPv4 lifetimes renew and rebind times (T1 and T2) SHOULD be short
(i.e., not longer than 5 minutes) in order to provide reasonable
response times to changes. Routers that cease to be elected DHCP
servers SHOULD -- when applicable -- invalidate remaining existing
bindings in order to trigger client reconfiguration.
7.4. Multicast DNS Proxy
The designated Multicast DNS (mDNS) [RFC6762] proxy on a Common Link
is elected based on the capabilities described in Section 4. The
winner is the router (connected to the Common Link) advertising the
greatest M-capability. In case of a tie, Capability Values
(Section 4) are compared, and the router with the greatest value is
elected. In case of another tie, the router with the greatest node
identifier is elected among the routers with tied Capability Values.
The elected router MUST provide an mDNS proxy on the given link and
announce it as described in Section 8.
8. Naming and Service Discovery
Network-wide naming and service discovery can greatly improve the
user friendliness of a network. The following mechanism provides
means to setup and delegate naming and service discovery across
multiple HNCP routers.
Each HNCP router SHOULD provide and advertise a recursive name
resolving server to clients that honor the announcements made in
Delegated-Zone TLVs (Section 10.5), Domain-Name TLVs (Section 10.6),
and Node-Name TLVs (Section 10.7), i.e., delegate queries to the
designated name servers and hand out appropriate A, AAAA, and PTR
records according to the mentioned TLVs.
Each HNCP router SHOULD provide and announce an auto-generated or
user-configured name for each internal Common Link (Section 6.1) for
which it is the designated DHCPv4, stateful DHCPv6 server, mDNS
proxy, or for which it provides forward or reverse DNS services on
behalf of connected devices. This announcement is done using
Delegated-Zone TLVs (Section 10.5) and MUST be unique in the whole
network. In case of a conflict, the announcement of the node with
the greatest node identifier takes precedence, and all other nodes
MUST cease to announce the conflicting TLV. HNCP routers providing
recursive name resolving services MUST use the included DNS server
Stenberg, et al. Standards Track [Page 21]
^L
RFC 7788 Home Networking Control Protocol April 2016
address within the TLV to resolve names belonging to the zone as if
there was an NS record.
Each HNCP node SHOULD announce a node name for itself to be easily
reachable and MAY announce names on behalf of other devices.
Announcements are made using Node-Name TLVs (Section 10.7), and the
announced names MUST be unique in the whole network. In case of a
conflict, the announcement of the node with the greatest node
identifier takes precedence, and all other nodes MUST cease to
announce the conflicting TLV. HNCP routers providing recursive name
resolving services as described above MUST resolve such announced
names to their respective IP addresses as if there were corresponding
A/AAAA records.
Names and unqualified zones are used in an HNCP network to provide
naming and service discovery with local significance. A network-wide
zone is appended to all single labels or unqualified zones in order
to qualify them. ".home" is the default; however, an administrator
MAY configure the announcement of a Domain-Name TLV (Section 10.6)
for the network to use a different one. In case multiple are
announced, the domain of the node with the greatest node identifier
takes precedence.
9. Securing Third-Party Protocols
PSKs are often required to secure (for example) IGPs and other
protocols that lack support for asymmetric security. The following
mechanism manages PSKs using HNCP to enable bootstrapping of such
third-party protocols. The scheme SHOULD NOT be used unless it's in
conjunction with secured HNCP unicast transport (i.e., DTLS), as
transferring the PSK in plaintext anywhere in the network is a
potential risk, especially as the originator may not know about
security (and use of DNCP security) on all links. The following
rules define how such a PSK is managed and used:
o If no Managed-PSK TLV (Section 10.8) is currently being announced,
an HNCP node using this mechanism MUST create one after a random
delay of 0 to 10 seconds with a 32 bytes long random key and add
it to its node data.
o In case multiple nodes announce such a TLV at the same time, all
but the one with the greatest node identifier stop advertising it
and adopt the remaining one.
o The node currently advertising the Managed-PSK TLV MUST generate
and advertise a new random one whenever an unreachable node is
removed from the DNCP topology as described in Section 4.6 of
[RFC7787].
Stenberg, et al. Standards Track [Page 22]
^L
RFC 7788 Home Networking Control Protocol April 2016
PSKs for individual protocols SHOULD be derived from the random PSK
using a suitable one-way hashing algorithm (e.g., by using the HMAC-
based Key Derivation Function (HKDF) based on HMAC-SHA256 [RFC6234]
with the particular protocol name in the info field) so that
disclosure of any derived key does not impact other users of the
managed PSK. Furthermore, derived PSKs MUST be updated whenever the
managed PSK changes.
10. Type-Length-Value Objects
HNCP defines the following TLVs in addition to those defined by DNCP.
The same general rules and defaults for encoding as noted in
Section 7 of [RFC7787] apply. Note that most HNCP variable-length
TLVs also support optional nested TLVs, and they are encoded after
the variable-length content, followed by the zero padding of the
variable-length content to the next 32-bit boundary.
TLVs defined here are only valid when appearing in their designated
context, i.e., only directly within container TLVs mentioned in their
definition or -- absent any mentions -- only as top-level TLVs within
the node data set. TLVs appearing outside their designated context
MUST be ignored.
TLVs encoding IP addresses or prefixes allow encoding both IPv6 and
IPv4 addresses and prefixes. IPv6 information is encoded as is,
whereas for IPv4, the IPv4-mapped IPv6 addresses format [RFC4291] is
used, and prefix lengths are encoded as the original IPv4 prefix
length increased by 96.
10.1. HNCP-Version TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type: HNCP-Version (32) | Length: >= 5 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | M | P | H | L |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| User-agent |
This TLV is used to indicate the supported version and router
capabilities of an HNCP node as described in Section 4.
Reserved: Bits are reserved for future use. They MUST be set to 0
when creating this TLV, and their value MUST be ignored when
processing the TLV.
Stenberg, et al. Standards Track [Page 23]
^L
RFC 7788 Home Networking Control Protocol April 2016
M-capability: Priority value used for electing the on-link mDNS
[RFC6762] proxy. It MUST be set to 0 if the router is not capable
of proxying mDNS, otherwise it SHOULD be set to 4 but MAY be set
to any value from 1 to 7 to indicate a non-default priority. The
values 8-15 are reserved for future use.
P-capability: Priority value used for electing the on-link DHCPv6-PD
server. It MUST be set to 0 if the router is not capable of
providing prefixes through DHCPv6-PD (Section 6.3.4), otherwise it
SHOULD be set to 4 but MAY be set to any value from 1 to 7 to
indicate a non-default priority. The values 8-15 are reserved for
future use.
H-capability: Priority value used for electing the on-link DHCPv6
server offering non-temporary addresses. It MUST be set to 0 if
the router is not capable of providing such addresses, otherwise
it SHOULD be set to 4 but MAY be set to any value from 1 to 7 to
indicate a non-default priority. The values 8-15 are reserved for
future use.
L-capability: Priority value used for electing the on-link DHCPv4
server. It MUST be set to 0 if the router is not capable of
running a legacy DHCPv4 server offering IPv4 addresses to clients,
otherwise it SHOULD be set to 4 but MAY be set to any value from 1
to 7 to indicate a non-default priority. The values 8-15 are
reserved for future use.
User-Agent: The user-agent is a human-readable UTF-8 string that
describes the name and version of the current HNCP implementation.
10.2. External-Connection TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type: External-Connection (33)| Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (Optional nested TLVs) |
An External-Connection TLV is a container TLV used to gather network
configuration information associated with a single external
connection (Section 6.2) to be shared across the HNCP network. A
node MAY publish an arbitrary number of instances of this TLV to
share the desired number of external connections. Upon reception,
the information transmitted in any nested TLVs is used for the
purposes of prefix assignment (Section 6.3) and host configuration
(Section 7).
Stenberg, et al. Standards Track [Page 24]
^L
RFC 7788 Home Networking Control Protocol April 2016
10.2.1. Delegated-Prefix TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type: Delegated-Prefix (34) | Length: >= 9 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Valid Lifetime Since Origination |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Preferred Lifetime Since Origination |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Prefix Length | |
+-+-+-+-+-+-+-+-+ Prefix +
...
| | 0-pad if any |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (Optional nested TLVs) |
The Delegated-Prefix TLV is used by HNCP routers to advertise
prefixes that are allocated to the whole network and can be used for
prefix assignment. Delegated-Prefix TLVs are only valid inside
External-Connection TLVs, and their prefixes MUST NOT overlap with
those of other such TLVs in the same container.
Valid Lifetime Since Origination: The time in seconds the delegated
prefix was valid for at the origination time of the node data
containing this TLV. The value MUST be updated whenever the node
republishes its Node-State TLV.
Preferred Lifetime Since Origination: The time in seconds the
delegated prefix was preferred for at the origination time of the
node data containing this TLV. The value MUST be updated whenever
the node republishes its Node-State TLV.
Prefix Length: The number of significant bits in the prefix.
Prefix: Significant bits of the prefix padded with zeros up to the
next byte boundary.
Stenberg, et al. Standards Track [Page 25]
^L
RFC 7788 Home Networking Control Protocol April 2016
10.2.1.1. Prefix-Policy TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type: Prefix-Policy (43) | Length: >= 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Policy Type | |
+-+-+-+-+-+-+-+-+ Value +
| |
The Prefix-Policy TLV contains information about the policy or
applicability of a delegated prefix. This information can be used to
determine whether prefixes for a certain use case (e.g., local
reachability, Internet connectivity) do exist or are to be acquired
and to make decisions about assigning prefixes to certain links or to
fine-tune border firewalls. See Section 6.2 for a more in-depth
discussion. This TLV is only valid inside a Delegated-Prefix TLV.
Policy Type: The type of the policy identifier.
0: Internet connectivity (no value).
1-128: Explicit destination prefix with the Policy Type being
the actual length of the prefix and the value containing
significant bits of the destination prefix padded with
zeros up to the next byte boundary.
129: DNS domain. The value contains a DNS label sequence
encoded per [RFC1035]. Compression MUST NOT be used.
The label sequence MUST end with an empty label.
130: Opaque UTF-8 string (e.g., for administrative purposes).
131: Restrictive assignment (no value).
132-255: Reserved for future additions.
Value: A variable-length identifier of the given type.
Stenberg, et al. Standards Track [Page 26]
^L
RFC 7788 Home Networking Control Protocol April 2016
10.2.2. DHCPv6-Data TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type: DHCPv6-Data (37) | Length: > 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DHCPv6 option stream |
This TLV is used to encode auxiliary IPv6 configuration information
(e.g., recursive DNS servers) encoded as a stream of DHCPv6 options.
It is only valid in an External-Connection TLV or a Delegated-Prefix
TLV encoding an IPv6 prefix and MUST NOT occur more than once in any
single container. When included in an External-Connection TLV, it
contains DHCPv6 options relevant to the external connection as a
whole. When included in a delegated prefix, it contains options
mandatory to handle said prefix.
DHCPv6 option stream: DHCPv6 options encoded as specified in
[RFC3315].
10.2.3. DHCPv4-Data TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type: DHCPv4-Data (38) | Length: > 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DHCPv4 option stream |
This TLV is used to encode auxiliary IPv4 configuration information
(e.g., recursive DNS servers) encoded as a stream of DHCPv4 options.
It is only valid in an External-Connection TLV and MUST NOT occur
more than once in any single container. It contains DHCPv4 options
relevant to the external connection as a whole.
DHCPv4 option stream: DHCPv4 options encoded as specified in
[RFC2131].
Stenberg, et al. Standards Track [Page 27]
^L
RFC 7788 Home Networking Control Protocol April 2016
10.3. Assigned-Prefix TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type: Assigned-Prefix (35) | Length: >= 6 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Endpoint Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Rsv. | Prty. | Prefix Length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Prefix +
...
| | 0-pad if any |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (Optional nested TLVs) |
This TLV is used to announce Published Assigned Prefixes for the
purposes of prefix assignment (Section 6.3).
Endpoint Identifier: The endpoint identifier of the local interface
the prefix is assigned to, or 0 if it is assigned to a Private
Link (e.g., when the prefix is assigned for downstream prefix
delegation).
Rsv.: Bits are reserved for future use. They MUST be set to 0 when
creating this TLV, and their value MUST be ignored when processing
the TLV.
Prty: The Advertised Prefix Priority from 0 to 15.
0-1: Low priorities.
2: Default priority.
3-7: High priorities.
8-11: Administrative priorities. MUST NOT be used unless
configured otherwise.
12-14: Reserved for future use.
15: Provider priorities. MAY only be used by the router
advertising the corresponding delegated prefix and based
on static or dynamic configuration (e.g., for excluding a
prefix based on the DHCPv6-PD Prefix Exclude Option
[RFC6603]).
Stenberg, et al. Standards Track [Page 28]
^L
RFC 7788 Home Networking Control Protocol April 2016
Prefix Length: The number of significant bits in the Prefix field.
Prefix: The significant bits of the prefix padded with zeros up to
the next byte boundary.
10.4. Node-Address TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type: Node-Address (36) | Length: 20 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Endpoint Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| IP Address |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (Optional nested TLVs) |
This TLV is used to announce addresses assigned to an HNCP node as
described in Section 6.4.
Endpoint Identifier: The endpoint identifier of the local interface
the prefix is assigned to, or 0 if it is not assigned on an HNCP
enabled link.
IP Address: The globally scoped IPv6 address, or the IPv4 address
encoded as an IPv4-mapped IPv6 address [RFC4291].
Stenberg, et al. Standards Track [Page 29]
^L
RFC 7788 Home Networking Control Protocol April 2016
10.5. DNS-Delegated-Zone TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type: DNS-Delegated-Zone (39) | Length: >= 17 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| IP Address |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Reserved |L|B|S| |
+-+-+-+-+-+-+-+-+ Zone (DNS label sequence - variable length) |
...
| | 0-pad if any |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (Optional nested TLVs) |
This TLV is used to announce a forward or reverse DNS zone delegation
in the HNCP network. Its meaning is roughly equivalent to specifying
an NS and A/AAAA record for said zone. Details are specified in
Section 8.
IP Address: The IPv6 address of the authoritative DNS server for the
zone; IPv4 addresses are represented as IPv4-mapped addresses
[RFC4291]. The special value of :: (all zeros) means the
delegation is available in the global DNS hierarchy.
Reserved: Those bits MUST be set to 0 when creating the TLV and
ignored when parsing it unless defined in a later specification.
L-bit: (DNS-based Service Discovery (DNS-SD) [RFC6763] Legacy-
Browse) indicates that this delegated zone SHOULD be included in
the network's DNS-SD legacy browse list of domains at
lb._dns-sd._udp.(DOMAIN-NAME). Local forward zones SHOULD have
this bit set; reverse zones SHOULD NOT.
B-bit: (DNS-SD [RFC6763] Browse) indicates that this delegated zone
SHOULD be included in the network's DNS-SD browse list of domains
at b._dns-sd._udp.(DOMAIN-NAME). Local forward zones SHOULD have
this bit set; reverse zones SHOULD NOT.
S-bit: (Fully qualified DNS-SD [RFC6763] domain) indicates that this
delegated zone consists of a fully qualified DNS-SD domain, which
should be used as the base for DNS-SD domain enumeration, i.e.,
_dns-sd._udp.(Zone) exists. Forward zones MAY have this bit set;
reverse zones MUST NOT. This can be used to provision a DNS
Stenberg, et al. Standards Track [Page 30]
^L
RFC 7788 Home Networking Control Protocol April 2016
search path to hosts for non-local services (such as those
provided by an ISP or other manually configured service
providers). Zones with this flag SHOULD be added to the search
domains advertised to clients.
Zone: The label sequence encoded according to [RFC1035].
Compression MUST NOT be used. The label sequence MUST end with an
empty label.
10.6. Domain-Name TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type: Domain-Name (40) | Length: > 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Domain (DNS label sequence - variable length) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
This TLV is used to indicate the base domain name for the network as
specified in Section 8. This TLV MUST NOT be announced unless the
domain name was explicitly configured by an administrator.
Domain: The label sequence encoded according to [RFC1035].
Compression MUST NOT be used. The label sequence MUST end with an
empty label.
10.7. Node-Name TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type: Node-Name (41) | Length: > 17 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| IP Address |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | Name |
...
| (not null-terminated, variable length) | 0-pad if any |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (Optional nested TLVs) |
This TLV is used to assign the name of a node in the network to a
certain IP address as specified in Section 8.
Stenberg, et al. Standards Track [Page 31]
^L
RFC 7788 Home Networking Control Protocol April 2016
IP Address: The IP address associated with the name. IPv4
addresses are encoded using IPv4-mapped IPv6 addresses.
Length: The length of the name (0-63).
Name: The name of the node as a single DNS label.
10.8. Managed-PSK TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type: Managed-PSK (42) | Length: 32 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| |
| |
| Random 256-bit PSK |
| |
| |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| (Optional nested TLVs) |
This TLV is used to announce a PSK for securing third-party protocols
exclusively supporting symmetric cryptography as specified in
Section 9.
11. General Requirements for HNCP Nodes
Each node implementing HNCP is subject to the following requirements:
o It MUST implement HNCP versioning (Section 4) and interface
classification (Section 5).
o It MUST implement and run the method for securing third-party
protocols (Section 9) whenever it uses the security mechanism of
HNCP.
If the node is acting as a router, then the following requirements
apply in addition:
o It MUST support Autonomous Address Configuration (Section 6) and
configuration of hosts and non-HNCP routers (Section 7).
o It SHOULD implement support for naming and service discovery
(Section 8) as defined in this document.
Stenberg, et al. Standards Track [Page 32]
^L
RFC 7788 Home Networking Control Protocol April 2016
o It MAY be able to provide connectivity to IPv4 devices using
DHCPv4.
o It SHOULD be able to delegate prefixes to legacy IPv6 routers
using DHCPv6-PD (Section 6.3.4).
o In addition, the normative language of "Basic Requirements for
IPv6 Customer Edge Routers" [RFC7084] applies with the following
adjustments:
* The generic requirements G-4 and G-5 are relaxed such that any
known default router on any interface is sufficient for a
router to announce itself as the default router; similarly,
only the loss of all such default routers results in self-
invalidation.
* "WAN-Side Configuration" (Section 4.2) applies to interfaces
classified as external.
* If the Customer Edge (CE) sends a size hint as indicated in
WPD-2, the hint MUST NOT be determined by the number of LAN
interfaces of the CE but SHOULD instead be large enough to at
least accommodate prefix assignments announced for existing
delegated or ULA prefixes, if such prefixes exist and unless
explicitly configured otherwise.
* The dropping of packets with a destination address belonging to
a delegated prefix mandated in WPD-5 MUST NOT be applied to
destinations that are part of any prefix announced using an
Assigned-Prefix TLV by any HNCP router in the network.
* "LAN-Side Configuration" (Section 4.3) applies to interfaces
not classified as external.
* The requirement L-2 to assign a separate /64 to each LAN
interface is replaced by the participation in the prefix
assignment mechanism (Section 6.3) for each such interface.
* The requirement L-9 is modified, in that the M flag MUST be set
if and only if a router connected to the respective Common Link
is advertising a non-zero H-capability. The O flag SHOULD
always be set.
* The requirement L-12 to make DHCPv6 options available is
adapted, in that Canonical Encoding Rules (CER) SHOULD publish
the subset of options using the DHCPv6-Data TLV in an External-
Connection TLV. Similarly, it SHOULD do the same for DHCPv4
options in a DHCPv4-Data TLV. DHCPv6 options received inside
Stenberg, et al. Standards Track [Page 33]
^L
RFC 7788 Home Networking Control Protocol April 2016
an OPTION_IAPREFIX [RFC3633] MUST be published using a
DHCPv6-Data TLV inside the respective Delegated-Prefix TLV.
HNCP routers SHOULD make relevant DHCPv6 and DHCPv4 options
available to clients, i.e., options contained in External-
Connection TLVs that also include delegated prefixes from which
a subset is assigned to the respective link.
* The requirement L-13 to deprecate prefixes is applied to all
delegated prefixes in the network from which assignments have
been made on the respective interface. Furthermore, the Prefix
Information Options indicating deprecation MUST be included in
Router Advertisements for the remainder of the prefixes'
respective valid lifetime but MAY be omitted after at least 2
hours have passed.
12. Security Considerations
HNCP enables self-configuring networks, requiring as little user
intervention as possible. However, this zero-configuration goal
usually conflicts with security goals and introduces a number of
threats.
General security issues for existing home networks are discussed in
[RFC7368]. The protocols used to set up addresses and routes in such
networks to this day rarely have security enabled within the
configuration protocol itself. However, these issues are out of
scope for the security of HNCP itself.
HNCP is a DNCP-based state synchronization mechanism carrying
information with varying threat potential. For this consideration,
the payloads defined in DNCP and this document are reviewed:
o Network topology information such as HNCP nodes and their common
links.
o Address assignment information such as delegated and assigned
prefixes for individual links.
o Naming and service discovery information such as auto-generated or
customized names for individual links and nodes.
12.1. Interface Classification
As described in Section 5.3, an HNCP node determines the internal or
external state on a per-interface basis. A firewall perimeter is set
up for the external interfaces, and for internal interfaces, HNCP
traffic is allowed, with the exception of the Leaf and Guest
subcategories.
Stenberg, et al. Standards Track [Page 34]
^L
RFC 7788 Home Networking Control Protocol April 2016
Threats concerning automatic interface classification cannot be
mitigated by encrypting or authenticating HNCP traffic itself since
external routers do not participate in the protocol and often cannot
be authenticated by other means. These threats include propagation
of forged uplinks in the homenet in order to, e.g., redirect traffic
destined to external locations and forged internal status by external
routers to, e.g., circumvent the perimeter firewall.
It is therefore imperative to either secure individual links on the
physical or link layer or preconfigure the adjacent interfaces of
HNCP routers to an appropriate fixed category in order to secure the
homenet border. Depending on the security of the external link,
eavesdropping, man-in-the-middle, and similar attacks on external
traffic can still happen between a homenet border router and the ISP;
however, these cannot be mitigated from inside the homenet. For
example, DHCPv4 has defined [RFC3118] to authenticate DHCPv4
messages, but this is very rarely implemented in large or small
networks. Further, while PPP can provide secure authentication of
both sides of a point-to-point link, it is most often deployed with
one-way authentication of the subscriber to the ISP, not the ISP to
the subscriber.
12.2. Security of Unicast Traffic
Once the homenet border has been established, there are several ways
to secure HNCP against internal threats like manipulation or
eavesdropping by compromised devices on a link that is enabled for
HNCP traffic. If left unsecured, attackers may perform arbitrary
traffic redirection, eavesdropping, spoofing, or denial-of-service
attacks on HNCP services such as address assignment or service
discovery, and the protocols are secured using HNCP-derived keys such
as routing protocols.
Detailed interface categories like "Leaf" or "Guest" can be used to
integrate not fully trusted devices to various degrees into the
homenet by not exposing them to HNCP traffic or by using firewall
rules to prevent them from reaching homenet-internal resources.
On links where this is not practical and lower layers do not provide
adequate protection from attackers, DTLS-based secure unicast
transport MUST be used to secure traffic.
12.3. Other Protocols in the Home
IGPs and other protocols are usually run alongside HNCP; therefore,
the individual security aspects of the respective protocols must be
considered. It can, however, be summarized that many protocols to be
run in the home (like IGPs) provide -- to a certain extent -- similar
Stenberg, et al. Standards Track [Page 35]
^L
RFC 7788 Home Networking Control Protocol April 2016
security mechanisms. Most of these protocols do not support
encryption and only support authentication based on Pre-Shared Keys
natively. This influences the effectiveness of any encryption-based
security mechanism deployed by HNCP as homenet routing information is
thus usually not encrypted.
13. IANA Considerations
IANA has set up a registry for the (decimal values within range
32-511) "HNCP TLV Types" under "Distributed Node Consensus Protocol
(DNCP)". The registration procedures is 'RFC Required' [RFC5226].
The initial contents are:
32: HNCP-Version
33: External-Connection
34: Delegated-Prefix
35: Assigned-Prefix
36: Node-Address
37: DHCPv4-Data
38: DHCPv6-Data
39: DNS-Delegated-Zone
40: Domain-Name
41: Node-Name
42: Managed-PSK
43: Prefix-Policy
44-511: Unassigned.
768-1023: Reserved for Private Use. This range is used by HNCP
for per-implementation experimentation. How collisions are
avoided is outside the scope of this document.
IANA has registered the UDP port numbers 8231 (service name: hncp-
udp-port, description: HNCP) and 8232 (service name: hncp-dtls-port,
description: HNCP over DTLS), as well as an IPv6 link-local multicast
address FF02:0:0:0:0:0:0:11 (description: All-Homenet-Nodes).
Stenberg, et al. Standards Track [Page 36]
^L
RFC 7788 Home Networking Control Protocol April 2016
14. References
14.1. Normative References
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
DOI 10.17487/RFC1321, April 1992,
<http://www.rfc-editor.org/info/rfc1321>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol",
RFC 2131, DOI 10.17487/RFC2131, March 1997,
<http://www.rfc-editor.org/info/rfc2131>.
[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, DOI 10.17487/RFC2132, March 1997,
<http://www.rfc-editor.org/info/rfc2132>.
[RFC3004] Stump, G., Droms, R., Gu, Y., Vyaghrapuri, R., Demirtjis,
A., Beser, B., and J. Privat, "The User Class Option for
DHCP", RFC 3004, DOI 10.17487/RFC3004, November 2000,
<http://www.rfc-editor.org/info/rfc3004>.
[RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins,
C., and M. Carney, "Dynamic Host Configuration Protocol
for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July
2003, <http://www.rfc-editor.org/info/rfc3315>.
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
Host Configuration Protocol (DHCP) version 6", RFC 3633,
DOI 10.17487/RFC3633, December 2003,
<http://www.rfc-editor.org/info/rfc3633>.
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", RFC 4193, DOI 10.17487/RFC4193, October 2005,
<http://www.rfc-editor.org/info/rfc4193>.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, DOI 10.17487/RFC4291, February
2006, <http://www.rfc-editor.org/info/rfc4291>.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
DOI 10.17487/RFC4861, September 2007,
<http://www.rfc-editor.org/info/rfc4861>.
Stenberg, et al. Standards Track [Page 37]
^L
RFC 7788 Home Networking Control Protocol April 2016
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
DOI 10.17487/RFC5226, May 2008,
<http://www.rfc-editor.org/info/rfc5226>.
[RFC6092] Woodyatt, J., Ed., "Recommended Simple Security
Capabilities in Customer Premises Equipment (CPE) for
Providing Residential IPv6 Internet Service", RFC 6092,
DOI 10.17487/RFC6092, January 2011,
<http://www.rfc-editor.org/info/rfc6092>.
[RFC6206] Levis, P., Clausen, T., Hui, J., Gnawali, O., and J. Ko,
"The Trickle Algorithm", RFC 6206, DOI 10.17487/RFC6206,
March 2011, <http://www.rfc-editor.org/info/rfc6206>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <http://www.rfc-editor.org/info/rfc6347>.
[RFC6603] Korhonen, J., Ed., Savolainen, T., Krishnan, S., and O.
Troan, "Prefix Exclude Option for DHCPv6-based Prefix
Delegation", RFC 6603, DOI 10.17487/RFC6603, May 2012,
<http://www.rfc-editor.org/info/rfc6603>.
[RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service
Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013,
<http://www.rfc-editor.org/info/rfc6763>.
[RFC7217] Gont, F., "A Method for Generating Semantically Opaque
Interface Identifiers with IPv6 Stateless Address
Autoconfiguration (SLAAC)", RFC 7217,
DOI 10.17487/RFC7217, April 2014,
<http://www.rfc-editor.org/info/rfc7217>.
[RFC7695] Pfister, P., Paterson, B., and J. Arkko, "Distributed
Prefix Assignment Algorithm", RFC 7695,
DOI 10.17487/RFC7695, November 2015,
<http://www.rfc-editor.org/info/rfc7695>.
[RFC7787] Stenberg, M. and S. Barth, "Distributed Node Consensus
Protocol", RFC 7787, DOI 10.17487/RFC7787, April 2016,
<http://www.rfc-editor.org/info/rfc7787>.
Stenberg, et al. Standards Track [Page 38]
^L
RFC 7788 Home Networking Control Protocol April 2016
14.2. Informative References
[RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <http://www.rfc-editor.org/info/rfc1035>.
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,
and E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996,
<http://www.rfc-editor.org/info/rfc1918>.
[RFC3118] Droms, R., Ed. and W. Arbaugh, Ed., "Authentication for
DHCP Messages", RFC 3118, DOI 10.17487/RFC3118, June 2001,
<http://www.rfc-editor.org/info/rfc3118>.
[RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and SHA-based HMAC and HKDF)", RFC 6234,
DOI 10.17487/RFC6234, May 2011,
<http://www.rfc-editor.org/info/rfc6234>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<http://www.rfc-editor.org/info/rfc6241>.
[RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762,
DOI 10.17487/RFC6762, February 2013,
<http://www.rfc-editor.org/info/rfc6762>.
[RFC7084] Singh, H., Beebee, W., Donley, C., and B. Stark, "Basic
Requirements for IPv6 Customer Edge Routers", RFC 7084,
DOI 10.17487/RFC7084, November 2013,
<http://www.rfc-editor.org/info/rfc7084>.
[RFC7368] Chown, T., Ed., Arkko, J., Brandt, A., Troan, O., and J.
Weil, "IPv6 Home Networking Architecture Principles",
RFC 7368, DOI 10.17487/RFC7368, October 2014,
<http://www.rfc-editor.org/info/rfc7368>.
[RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre,
"Recommendations for Secure Use of Transport Layer
Security (TLS) and Datagram Transport Layer Security
(DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May
2015, <http://www.rfc-editor.org/info/rfc7525>.
Stenberg, et al. Standards Track [Page 39]
^L
RFC 7788 Home Networking Control Protocol April 2016
Acknowledgments
Thanks to Ole Troan, Mark Baugher, Mark Townsley, Juliusz Chroboczek,
and Thomas Clausen for their contributions to the document.
Thanks to Eric Kline for the original border discovery work.
Authors' Addresses
Markus Stenberg
Independent
Helsinki 00930
Finland
Email: markus.stenberg@iki.fi
Steven Barth
Independent
Halle 06114
Germany
Email: cyrus@openwrt.org
Pierre Pfister
Cisco Systems
Paris
France
Email: pierre.pfister@darou.fr
Stenberg, et al. Standards Track [Page 40]
^L
|
