RFC 9096 | CE Requirements for Renumbering Events | August 2021 |
Gont, et al. | Best Current Practice | [Page] |
This document specifies improvements to Customer Edge routers that help mitigate the problems that may arise when network configuration information becomes invalid without any explicit signaling of that condition to the local nodes. This document updates RFC 7084.¶
This memo documents an Internet Best Current Practice.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9096.¶
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
In scenarios where network configuration information becomes invalid without any explicit signaling of that condition (such as when a Customer Edge (CE) router crashes and reboots without knowledge of the previously employed configuration information), hosts on the local network will continue using stale information for an unacceptably long period of time, thus resulting in connectivity problems. This problem is documented in detail in [RFC8978].¶
This document specifies improvements to CE routers that help mitigate the aforementioned problem for residential and small office scenarios. It specifies recommendations for the default behavior of CE routers but does not preclude the availability of configuration knobs that might allow an operator or user to manually configure the CE router to deviate from these recommendations. This document updates RFC 7084.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This section specifies and clarifies requirements for CE routers that can help mitigate the problem discussed in Section 1, particularly when they employ prefixes learned via DHCPv6 Prefix Delegation (DHCPv6-PD) [RFC8415] on the WAN side with Stateless Address Autoconfiguration (SLAAC) [RFC4862] or DHCPv6 [RFC8415] on the LAN side. The recommendations in this document help improve robustness at the CE router (on which the user or ISP may have no control) and do not preclude implementation of host-side improvements such as those specified in [6MAN-SLAAC-RENUM].¶
This document specifies additional WAN-side prefix-delegation (WPD) requirements to those specified in [RFC7084]:¶
This document also replaces LAN-side requirement L-13 from [RFC7084] with:¶
Finally, this document specifies the following additional LAN-side requirements to those from [RFC7084]:¶
Some CE routers are known to automatically send DHCPv6-PD RELEASE messages upon restart events. However, this may inadvertently trigger a flash-renumbering scenario, along with the associated problems discussed in [RFC8978], that this document attempts to mitigate.¶
As a result, requirement WPD-9 from Section 3 specifies that CE routers SHOULD NOT automatically send DHCPv6-PD RELEASE messages upon restart events.¶
[RFC8415] requires that the IAID for an IA MUST be consistent across restarts of the DHCP client. However, some popular CE routers are known to select new random IAIDs, e.g., every time the underlying PPP session is established or when the device is rebooted. This could be the result of extrapolating the behavior described in [RFC7844] or simply a consequence of not storing IAIDs on stable storage along with failure to employ an algorithm that consistently generates the same IAID upon reboots. Thus, requirement WPD-10 from Section 3 prevents CE routers from inadvertently triggering flash-renumbering events on the local network.¶
The "Preferred Lifetime" and "Valid Lifetime" of Prefix Information Options (PIOs) [RFC4861] corresponding to prefixes learned via DHCPv6-PD on the WAN side MUST NOT span past the remaining preferred and valid lifetimes of the corresponding DHCPv6-PD prefixes. This means that the "Preferred Lifetime" and the "Valid Lifetime" advertised in PIOs by the CE router MUST be dynamically adjusted such that they never span past the remaining preferred and valid lifetimes of the corresponding prefixes delegated via DHCPv6-PD on the WAN side.¶
Similarly, the "preferred-lifetime" and "valid-lifetime" of DHCPv6 IA Address options and DHCPv6 IA Prefix options employed with DHCPv6 on the LAN side MUST NOT span past the remaining preferred and valid lifetimes of the corresponding prefixes learned via DHCPv6-PD on the WAN side. This means that the "preferred-lifetime" and "valid-lifetime" of DHCPv6 IA Address options and DHCPv6 IA Prefix options employed with DHCPv6 on the LAN side MUST be dynamically adjusted such that they never span past the remaining preferred and valid lifetimes of the corresponding prefixes delegated to the CE router on the WAN side via DHCPv6-PD.¶
RATIONALE:¶
In particular, if the delegated prefix or a prefix derived from it is advertised for stateless address autoconfiguration [RFC4862], the advertised preferred and valid lifetimes MUST NOT exceed the corresponding remaining lifetimes of the delegated prefix.¶
CE routers SHOULD override the default lifetime values of Neighbor Discovery options that depend in any way on changes in the prefix employed for address configuration on the LAN side, and employ shorter lifetime values to improve the robustness to renumbering events, while complying with the requirements from Section 3.3 of this document and the recommendations in [RFC7772].¶
CE routers SHOULD set the "Router Lifetime" of Router Advertisement (RA) messages to ND_PREFERRED_LIMIT.¶
CE routers SHOULD also set the PIO "Preferred Lifetime" to the lesser of the remaining preferred lifetime of the corresponding prefix (see Section 3.3) and ND_PREFERRED_LIMIT, and set the PIO "Valid Lifetime" to the lesser of the remaining valid lifetime of the corresponding prefix and ND_VALID_LIMIT. Additionally, the "Route Lifetime" of Route Information Options (RIOs) [RFC4191], the "Lifetime" of Recursive DNS Server (RDNSS) options [RFC8106], and the "Lifetime" of DNS Search List (DNSSL) options [RFC8106] SHOULD be set to the lesser of the longest remaining valid lifetime of a prefix (leased via DHCPv6 on the WAN side) and ND_VALID_LIMIT, if any of these options are included in Router Advertisement messages.¶
NOTE: In scenarios where the valid lifetime and the preferred lifetime of prefixes learned via DHCPv6 on the WAN side are always larger than ND_VALID_LIMIT and ND_PREFERRED_LIMIT, respectively, the lifetime values advertised on the LAN side will not experience actual changes.¶
The above text refers to the Neighbor Discovery options that are typically employed by CE routers. A CE router may need to apply the same policy for setting the lifetime of other Neighbor Discovery options it employs, if and where applicable.¶
CE routers providing stateful address configuration via DHCPv6 SHOULD set the "preferred-lifetime" of a DHCPv6 IA Address option to the lesser of the remaining preferred lifetime of the corresponding prefix (see Section 3.3) and ND_PREFERRED_LIMIT, and set the "valid-lifetime" of the same option to the lesser of the remaining valid lifetime of the corresponding prefix and ND_VALID_LIMIT.¶
CE routers providing DHCPv6-PD on the LAN side SHOULD set the "preferred-lifetime" of a DHCPv6 IA Prefix option to the lesser of the remaining preferred lifetime of the corresponding prefix (see Section 3.3) and ND_PREFERRED_LIMIT, and set the "valid-lifetime" of the same option to the lesser of the remaining valid lifetime of the corresponding prefix and ND_VALID_LIMIT.¶
RATIONALE:¶
The "Valid Lifetime" and "Preferred Lifetime" of PIOs have a direct impact on three different aspects:¶
When a CE router provides LAN-side address-configuration information via SLAAC:¶
Upon changes to the advertised prefixes, and after bootstrapping, the CE router advertising prefix information via SLAAC proceeds as follows:¶
The aforementioned advertisements MUST be performed for at least the "Valid Lifetime" previously employed for such prefixes. The CE router MUST advertise this information with unsolicited Router Advertisement messages, as described in Section 6.2.4 of [RFC4861], and MAY advertise this information via unicast Router Advertisement messages when possible and applicable.¶
When a CE router provides LAN-side DHCPv6 (address assignment or prefix delegation), then:¶
If the CE router finds that the prefix to be employed for address assignment and/or prefix delegation has changed (e.g., upon a crash-and-reboot event) or the CE router receives DHCPv6 IA Prefix options with 0 lifetimes, the CE router MUST:¶
Initiate sending Reconfigure messages, if possible (i.e., client requests Reconfigure support and the CE router offers it), to those clients with address assignments or prefix delegations for the stale prefixes.¶
RATIONALE:¶
RATIONALE:¶
This document has no IANA actions.¶
This document discusses a problem that may arise, e.g., in scenarios where dynamic IPv6 prefixes are employed, and it proposes improvements to CE routers [RFC7084] to mitigate the problem for residential or small office scenarios. It does not introduce new security issues; thus, the same security considerations as for [RFC4861], [RFC4862], [RFC7084], and [RFC8415] apply.¶
The authors would like to thank Owen DeLong, Philip Homburg, Erik Kline, and Ted Lemon for their valuable help in improving this document via successive detailed reviews.¶
The authors would like to thank Mikael Abrahamsson, Luis Balbinot, Brian Carpenter, Tim Chown, Lorenzo Colitti, Alejandro D'Egidio, Gert Doering, Fernando Frediani, Guillermo Gont, Steinar Haug, Nick Hilliard, Lee Howard, Christian Huitema, Sheng Jiang, Benjamin Kaduk, Suresh Krishnan, Warren Kumari, Albert Manfredi, Olorunloba Olopade, Jordi Palet Martinez, Pete Resnick, Michael Richardson, Mark Smith, Job Snijders, Sander Steffann, Tarko Tikan, Ole Troan, Loganaden Velvindron, Éric Vyncke, Robert Wilton, Timothy Winters, Christopher Wood, and Chongfeng Xie for providing valuable comments on earlier draft versions of this document.¶
Fernando would also like to thank Brian Carpenter who, over the years, has answered many questions and provided valuable comments that have benefited his protocol-related work.¶