IPv6 SiteLocal Discussion

1
IPv6 Site-Local Discussion

• Bob Hinden Margaret Wasserman
• IETF 56 San Francisco
• March 2003

2
Goals for Site-Local Discussion

• Analyze options available for site-local usage
  and reach consensus on an approach
• Chairs both believe that it is more important to
  make a decision and move forward than it is to
  pursue any particular approach
• Chairs will both support any proposal that
  reaches WG consensus

3
Range of Use Cases

• No site-local addresses
• Only on disconnected networks (limited)
• Nodes exclusively global or site-local
• Nodes do not have both global SL addresses
• No multi-sited nodes (moderate)
• A node may be in, at most, one site
• Full usage, including site-border nodes

4
Current Documents

• Limited usage document in SL impact appendix
• Exclusive model is not documented
• Moderate usage proposal
• Full usage documented in scoped addressing
  architecture (WG I-D)
• Site local impact draft documents issues with
  full usage -- no longer directly applicable
• Already have WG consensus not to support

5
Limited Model

• Site-locals used only on disconnected sites
• Non-Internet connected sites
• Sites behind NAT
• IPv4ltgtIPv6, IPv6ltgtIPv6
• Site-locals treated exactly like globals
• Transition from disconnected to connected
  requires renumbering

6
Exclusive Model

• Site-local and global addresses are never
  configured on the same node
• Nodes must be explicitly configured to use
  site-locals
• Simplifies address selection
• Use what you have
• Specifies rules for simple SBRs and firewalls to
  enforce site boundaries
• Requires no site concept, similar to moderate
  proposal
• Site-local addresses not in global DNS
• Eliminates possibility of hosts leaking
  site-locals globally

7
Moderate Model

• Site-local addresses must be explicitly
  configured
• In Router Advertisements and DNS
• Nodes may have site-local and/or global addresses
• No requirement for nodes to be multi-sited
• Specifies rules for simple SBRs and firewalls to
  enforce site boundaries
• Introduces no site concept
• No routing protocol changes required
• Prefer global over site-local in address
  selection
• Site-local addresses not in global DNS
• Only create site-local address using Autoconf or
  Privacy

8
Limited Model Benefits

• Addressing for disconnected sites
• Addressing behind NATs

9
Exclusive Model Benefits

• Limited model benefits, plus
• Stable addressing for local nodes
• Global nodes do not have stable addresses in
  newly connected, intermittently connected or
  renumbered networks
• Connections between local nodes survive address
  prefix changes
• Prevents global access to/from local nodes and
  services

10
Moderate Model Benefits

• Exclusive model benefits, plus
• Stable addressing
• Site-local addresses remain stable in newly
  connected, intermittently connected or renumbered
  networks
• Potential for applications to choose site-local
  addressing to allow local connections to survive
  address prefix changes

11
Issues List

• IP Layer Address Leaking
• DNS Address Leaking
• Address Leaking by Upper-Layers
• Routing Protocol Issues
• Forwarding Table Issues
• Mobile IP Issues

12
IP Layer Address Leaking

• Site-local IP source/destination addresses
  leaking outside of the site
• None of the proposals have this problem
• Limited proposal doesnt send packets outside
  the site (isolated)
• Exclusive and Moderate enforce at site
  boundaries

13
IP Address Selection Issues

• Changes required to existing IPv6 address
  selection rules and implementations
• Limited and Exclusive do not require changes
• Moderate requires change to prefer global over
  site-local

14
DNS Address Leaking

• Need to keep site-local addresses out of the
  global DNS
• Limited proposal doesnt have this problem
  because there is no global DNS access
• Exlusive and Moderate require some mechanism
  to enforce (i. e. split DNS)

15
Address Leaking by Upper-Layers

• Addresses leaked by application, session and
  transport layer protocols that exchange addresses
  with other nodes
• Limited doesnt have problem
• Exclusive eliminates problem because global
  nodes dont have local addresses to leak
• Moderate requires upper layers to have address
  selection rules

16
Routing Protocol Issues

• Routing protocols shouldnt exchange site-local
  routes across site boundaries
• All of the proposals eliminate this problem
• Limited doesnt connect to outside routers
• Exclusive and Moderate introduce no site
  concept at site borders and BGP filters

17
Forwarding Table Issues

• Need to maintain multiple site-local forwarding
  table and select between them
• All proposals eliminate this problem
• None support nodes in more than one site

18
Mobile IP Issues

• Nodes may move between sites
• Site local addresses from the first site are not
  valid (and may be ambiguous) in the new site
• Limited doesnt have problem
• Exclusive and Moderate requires mobile nodes
  to use only global addresses

19
Major Differences

• Differences between Exclusive and Moderate
• Exclusive does not require address selection in
  upper-layer protocols nor at IP layer
• Exclusive does not require changes to IPv6
  address selection rules and implementations
• Limited proposal eliminate all issues and
  virtually all benefits

20
Moving Forward

• Can we reach consensus on an approach to pursue?
• Do we have enough information to decide?
• Limited, Exclusive or Moderate
• If not, can we progress parts of Scoped
  Addressing Architecture without site-local?
• Multicast and link-local