rfc9631.original   rfc9631.txt 
6man R. Bonica Internet Engineering Task Force (IETF) R. Bonica
Internet-Draft Juniper Networks Request for Comments: 9631 Juniper Networks
Intended status: Experimental Y. Kamite Category: Experimental Y. Kamite
Expires: 1 December 2024 NTT Communications Corporation ISSN: 2070-1721 NTT Communications Corporation
A. Alston A. Alston
Alston Networks
D. Henriques D. Henriques
Liquid Telecom Liquid Telecom
L. Jalil L. Jalil
Verizon Verizon
30 May 2024 August 2024
The IPv6 Compact Routing Header (CRH) The IPv6 Compact Routing Header (CRH)
draft-ietf-6man-comp-rtg-hdr-10
Abstract Abstract
This document describes an experiment in which two new IPv6 Routing This document describes an experiment in which two new IPv6 Routing
headers are implemented and deployed. Collectively, they are called headers are implemented and deployed. Collectively, they are called
the Compact Routing Headers (CRH). Individually, they are called the Compact Routing Header (CRH). Individually, they are called
CRH-16 and CRH-32. CRH-16 and CRH-32.
One purpose of this experiment is to demonstrate that the CRH can be One purpose of this experiment is to demonstrate that the CRH can be
implemented and deployed in a production network. Another purpose is implemented and deployed in a production network. Another purpose is
to demonstrate that the security considerations, described in this to demonstrate that the security considerations described in this
document, can be addressed with access control lists. Finally, this document can be addressed with Access Control Lists (ACLs). Finally,
document encourages replication of the experiment. this document encourages replication of the experiment.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This document is not an Internet Standards Track specification; it is
provisions of BCP 78 and BCP 79. published for examination, experimental implementation, and
evaluation.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document defines an Experimental Protocol for the Internet
and may be updated, replaced, or obsoleted by other documents at any community. This document is a product of the Internet Engineering
time. It is inappropriate to use Internet-Drafts as reference Task Force (IETF). It represents the consensus of the IETF
material or to cite them other than as "work in progress." community. It has received public review and has been approved for
publication by the Internet Engineering Steering Group (IESG). Not
all documents approved by the IESG are candidates for any level of
Internet Standard; see Section 2 of RFC 7841.
This Internet-Draft will expire on 1 December 2024. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9631.
Copyright Notice Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Revised BSD License text as to this document. Code Components extracted from this document must
described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Revised BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language
3. The Compact Routing Headers (CRH) . . . . . . . . . . . . . . 3 3. The Compact Routing Header (CRH)
4. The CRH Forwarding Information Base (CRH-FIB) . . . . . . . . 5 4. The CRH Forwarding Information Base (CRH-FIB)
5. Processing Rules . . . . . . . . . . . . . . . . . . . . . . 6 5. Processing Rules
5.1. Computing Minimum CRH Length . . . . . . . . . . . . . . 6 5.1. Computing Minimum CRH Length
6. Mutability . . . . . . . . . . . . . . . . . . . . . . . . . 7 6. Mutability
7. Applications And SIDs . . . . . . . . . . . . . . . . . . . . 7 7. Applications and CRH SIDs
8. Operational Considerations . . . . . . . . . . . . . . . . . 8 8. Operational Considerations
9. Textual Representation . . . . . . . . . . . . . . . . . . . 8 9. Textual Representations
10. Security Considerations . . . . . . . . . . . . . . . . . . . 9 10. Security Considerations
11. Implementation and Deployment Status . . . . . . . . . . . . 10 11. Experimental Results
12. Experimental Results . . . . . . . . . . . . . . . . . . . . 10 12. IANA Considerations
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 13. References
14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 13.1. Normative References
15. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 11 13.2. Informative References
16. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 Appendix A. CRH Processing Examples
16.1. Normative References . . . . . . . . . . . . . . . . . . 12 A.1. The CRH SID list contains one entry for each segment in the
16.2. Informative References . . . . . . . . . . . . . . . . . 13 path.
Appendix A. CRH Processing Examples . . . . . . . . . . . . . . 14 A.2. The CRH SID list omits the first entry in the path.
A.1. The CRH SID List Contains One Entry For Each Segment In The Acknowledgements
Path . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Contributors
A.2. The CRH SID List Omits The First Entry In The Path . . . 15 Authors' Addresses
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
IPv6 [RFC8200] source nodes use Routing headers to specify the path IPv6 [RFC8200] source nodes use Routing headers to specify the path
that a packet takes to its destination(s). The IETF has defined that a packet takes to its destination(s). The IETF has defined
several Routing types [IANA-RH]. This document defines two new several Routing Types; see [IANA-RT]. This document defines two new
Routing types. Collectively, they are called the Compact Routing Routing Types. Collectively, they are called the Compact Routing
Headers (CRH). Individually, they are called CRH-16 and CRH-32. Header (CRH). Individually, they are called CRH-16 and CRH-32.
The CRH allows IPv6 source nodes to specify the path that a packet The CRH allows IPv6 source nodes to specify the path that a packet
takes to its destination. The CRH can be encoded in relatively few takes to its destination. The CRH can be encoded in relatively few
bytes. The following are reasons for encoding the CRH in as few bytes. The following are reasons for encoding the CRH in as few
bytes as possible: bytes as possible:
* Many ASIC-based forwarders copy headers from buffer memory to on- * Many forwarders based on Application-Specific Integrated Circuits
chip memory. As header sizes increase, so does the cost of this (ASICs) copy headers from buffer memory to on-chip memory. As
copy. header sizes increase, so does the cost of this copy.
* Because Path MTU Discovery (PMTUD) [RFC8201] is not entirely * Because Path MTU Discovery (PMTUD) [RFC8201] is not entirely
reliable, many IPv6 hosts refrain from sending packets larger than reliable, many IPv6 hosts refrain from sending packets larger than
the IPv6 minimum link MTU (i.e., 1280 bytes). When packets are the IPv6 minimum link MTU (i.e., 1280 bytes). When packets are
small, the overhead imposed by large Routing Headers is excessive. small, the overhead imposed by large Routing headers is excessive.
This document describes an experiment whose purposes are: This document describes an experiment with the following purposes:
* To demonstrate that the CRH can be implemented and deployed. * To demonstrate that the CRH can be implemented and deployed
* To demonstrate that the security considerations, described in this * To demonstrate that the security considerations described in this
document, can be addressed with access control lists. document can be addressed with ACLs
* To encourage replication of the experiment. * To encourage replication of the experiment
2. Requirements Language 2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
3. The Compact Routing Headers (CRH) 3. The Compact Routing Header (CRH)
Both CRH versions (i.e., CRH-16 and CRH-32) contain the following Both CRH versions (i.e., CRH-16 and CRH-32) contain the following
fields: fields:
* Next Header - Defined in [RFC8200]. * Next Header, as defined in [RFC8200]
* Hdr Ext Len - Defined in [RFC8200]. * Hdr Ext Len, as defined in [RFC8200]
* Routing Type - Defined in [RFC8200]. (CRH-16 value is 5. CRH-32 * Routing Type, as defined in [RFC8200] (CRH-16 value is 5, and
value is 6). CRH-32 value is 6.)
* Segments Left - Defined in [RFC8200]. * Segments Left, as defined in [RFC8200]
* Type-specific Data - Described in [RFC8200]. * type-specific data, as described in [RFC8200]
In the CRH, the Type-specific data field contains a list of CRH In the CRH, the type-specific data field contains a list of CRH
Segment Identifiers (CRH SIDs). Each CRH SID identifies an entry in Segment Identifiers (CRH SIDs). Each CRH SID identifies an entry in
the CRH Forwarding Information Base (CRH-FIB) (Section 4). Each CRH- the CRH Forwarding Information Base (CRH-FIB) (Section 4). Each CRH-
FIB entry identifies an interface on the path that the packet takes FIB entry identifies an interface on the path that the packet takes
to its destination. to its destination.
CRH SIDs are listed in reverse order. So, the first CRH SID in the CRH SIDs are listed in reverse order. So, the first CRH SID in the
list represents the final interface in the path. Because CRH SIDs list represents the final interface in the path. Because CRH SIDs
are listed in reverse order, the Segments Left field can be used as are listed in reverse order, the Segments Left field can be used as
an index into the CRH SID list. In this document, the "current CRH an index into the CRH SID list. In this document, the "current CRH
SID" is the CRH SID list entry referenced by the Segments Left field. SID" is the CRH SID list entry referenced by the Segments Left field.
The first CRH SID in the path is omitted from the list unless there The first CRH SID in the path is omitted from the list unless there
is some reason to preserve it. See Appendix A for an example. is some reason to preserve it. See Appendix A for an example.
In the CRH-16 (Figure 1), each CRH SID is encoded in 16-bits. In the In the CRH-16 (Figure 1), each CRH SID is encoded in 16 bits. In the
CRH-32 (Figure 2), each CRH SID is encoded in 32-bits. CRH-32 (Figure 2), each CRH SID is encoded in 32 bits.
In all cases, the CRH MUST end on a 64-bit boundary. So, the Type- In all cases, the CRH MUST end on a 64-bit boundary. So, the type-
specific data field MUST be padded with zeros if the CRH would specific data field MUST be padded with zeros if the CRH would
otherwise not end on a 64-bit boundary. otherwise not end on a 64-bit boundary.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Hdr Ext Len | Routing Type | Segments Left | | Next Header | Hdr Ext Len | Routing Type | Segments Left |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SID[0] | SID[1] | | SID[0] | SID[1] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
skipping to change at page 5, line 11 skipping to change at line 197
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Figure 2: CRH-32 Figure 2: CRH-32
4. The CRH Forwarding Information Base (CRH-FIB) 4. The CRH Forwarding Information Base (CRH-FIB)
Each CRH SID identifies a CRH-FIB entry. Each CRH SID identifies a CRH-FIB entry.
Each CRH-FIB entry contains: Each CRH-FIB entry contains:
* An IPv6 address. * An IPv6 address
* A topological function. * A topological function
* Arguments for the topological function. (Optional). * Arguments for the topological function (optional)
The IPv6 address can be a Global Unicast Address (GUA), a Link Local The IPv6 address can be a Global Unicast Address (GUA), a Link-Local
Unicast address (LLU), or a Unique Local Address (ULA). When the Unicast (LLU) address, or a Unique Local Address (ULA). When the
IPv6 address is the final address in a path, it can also be a IPv6 address is the final address in a path, it can also be a
multicast address. multicast address.
The topological function specifies how the processing node forwards The topological function specifies how the processing node forwards
the packet to the interface identified by the IPv6 address. The the packet to the interface identified by the IPv6 address. The
following are examples: following are examples:
* Forward the packet through the least-cost path to the interface * Forward the packet through the least-cost path to the interface
identified by the IPv6 address (i.e., loose source routing). identified by the IPv6 address (i.e., loose source routing).
* Forward the packet through a specified interface to the interface * Forward the packet through a specified interface to the interface
identified by the IPv6 address (i.e.,strict source routing) identified by the IPv6 address (i.e., strict source routing).
Some topological functions require parameters. For example, a Some topological functions require parameters. For example, a
topological function might require a parameter that identifies the topological function might require a parameter that identifies the
interface through which the packet is forwarded. interface through which the packet is forwarded.
The CRH-FIB can be populated: The CRH-FIB can be populated by:
* By an operator, using a Command Line Interface (CLI). * An operator, using a Command Line Interface (CLI)
* By a controller, using the Path Computation Element (PCE) * A controller, using the Path Computation Element Communication
Communication Protocol (PCEP) [RFC5440] or the Network Protocol (PCEP) [RFC5440] or the Network Configuration Protocol
Configuration Protocol (NETCONF) [RFC6241]. (NETCONF) [RFC6241]
* By a distributed routing protocol [ISO10589-Second-Edition], * A distributed routing protocol, such as those defined in
[RFC5340], [RFC4271]. [ISO10589-Second-Edition], [RFC5340], and [RFC4271]
The above-mentioned mechanisms are not defined here and are beyond The above-mentioned mechanisms are not defined here and are beyond
the scope of this document the scope of this document.
5. Processing Rules 5. Processing Rules
The following rules describe CRH processing: The following rules describe CRH processing:
* If Hdr Ext Len indicates that the CRH is larger than the * If Hdr Ext Len indicates that the CRH is larger than the
implementation can process, discard the packet and send an ICMPv6 implementation can process, discard the packet and send an ICMPv6
[RFC4443] Parameter Problem, Code 0, message to the Source [RFC4443] Parameter Problem, Code 0, message to the Source
Address, pointing to the Hdr Ext Len field. Address, pointing to the Hdr Ext Len field.
* Compute L, the minimum CRH length ( Section 5.1). * Compute L, the minimum CRH length (Section 5.1).
* If L is greater than Hdr Ext Len, discard the packet and send an * If L is greater than Hdr Ext Len, discard the packet and send an
ICMPv6 Parameter Problem, Code 6, message to the Source Address, ICMPv6 Parameter Problem, Code 6, message to the Source Address,
pointing to the Segments Left field. pointing to the Segments Left field.
* Decrement Segments Left. * Decrement Segments Left.
* Search for the current CRH SID in the CRH-FIB. In this document, * Search for the current CRH SID in the CRH-FIB. In this document,
the "current CRH SID" is the CRH SID list entry referenced by the the "current CRH SID" is the CRH SID list entry referenced by the
Segments Left field. Segments Left field.
skipping to change at page 6, line 38 skipping to change at line 269
Source Address, pointing to the current SID. Source Address, pointing to the current SID.
* If Segments Left is greater than 0 and the CRH-FIB entry contains * If Segments Left is greater than 0 and the CRH-FIB entry contains
a multicast address, discard the packet and send an ICMPv6 a multicast address, discard the packet and send an ICMPv6
Parameter Problem, Code 0, message to the Source Address, pointing Parameter Problem, Code 0, message to the Source Address, pointing
to the current SID. (This prevents packet storms.) to the current SID. (This prevents packet storms.)
* Copy the IPv6 address from the CRH-FIB entry to the Destination * Copy the IPv6 address from the CRH-FIB entry to the Destination
Address field in the IPv6 header. Address field in the IPv6 header.
* Submit the packet, its topological function and its parameters to * Submit the packet, its topological function, and its parameters to
the IPv6 module. See NOTE. the IPv6 module.
NOTE: By default, the IPv6 module determines the next-hop and | NOTE: By default, the IPv6 module determines the next hop and
forwards the packet. However, the topological function may elicit | forwards the packet. However, the topological function may
another behavior. For example, the IPv6 module may forward the | elicit another behavior. For example, the IPv6 module may
packet through a specified interface. | forward the packet through a specified interface.
5.1. Computing Minimum CRH Length 5.1. Computing Minimum CRH Length
The algorithm described in this section accepts the following CRH The algorithm described in this section accepts the following CRH
fields as its input parameters: fields as its input parameters:
* Routing Type (i.e., CRH-16 or CRH-32). * Routing Type (i.e., CRH-16 or CRH-32)
* Segments Left. * Segments Left
It yields L, the minimum CRH length. The minimum CRH length is It yields L, the minimum CRH length. The minimum CRH length is
measured in 8-octet units, not including the first 8 octets. measured in 8-octet units, not including the first 8 octets.
<CODE BEGINS> <CODE BEGINS>
switch(Routing Type) { switch(Routing Type) {
case CRH-16: case CRH-16:
if (Segments Left <= 2) if (Segments Left <= 2)
return(0) return(0)
sidsBeyondFirstWord = Segments Left - 2; sidsBeyondFirstWord = Segments Left - 2;
skipping to change at page 7, line 38 skipping to change at line 317
words++; words++;
return(words) return(words)
<CODE ENDS> <CODE ENDS>
6. Mutability 6. Mutability
In the CRH, the Segments Left field is mutable. All remaining fields In the CRH, the Segments Left field is mutable. All remaining fields
are immutable. are immutable.
7. Applications And SIDs 7. Applications and CRH SIDs
A CRH contains one or more CRH SIDs. Each CRH SID is processed by A CRH contains one or more CRH SIDs. Each CRH SID is processed by
exactly one CRH-configured router whose one address matches the exactly one CRH-configured router whose one address matches the
packet destination address. packet Destination Address.
Therefore, a CRH SID is not required to have domain-wide Therefore, a CRH SID is not required to have domain-wide
significance. Applications can: significance. Applications can allocate CRH SIDs so that they have
either domain-wide or node-local significance.
* Allocate CRH SIDs so that they have domain-wide significance.
* Allocate CRH SIDs so that they have node-local significance.
8. Operational Considerations 8. Operational Considerations
PING and TRACEROUTE [RFC2151] both operate correctly in the presence PING and Traceroute [RFC2151] both operate correctly in the presence
of the CRH. TCPDUMP and Wireshark have been extended to support the of the CRH. TCPDUMP and Wireshark have been extended to support the
CRH. CRH.
PING and TRACEROUTE report 16-bit CRH SIDs for CRH-16, and 32-bit CRH PING and Traceroute report 16-bit CRH SIDs for CRH-16 and 32-bit CRH
SIDs for CRH-32. It is recommended that the experimental versions of SIDs for CRH-32. It is recommended that the experimental versions of
PING use the text representations described in Section 9. PING use the textual representations described in Section 9.
9. Textual Representation 9. Textual Representations
A 16-bit CRH SID can be represented by four lower-case hexadecimal A 16-bit CRH SID can be represented by four lowercase hexadecimal
digits. Leading zeros SHOULD be omitted. However, the all-zeros CRH digits. Leading zeros SHOULD be omitted. However, the all-zeros CRH
SID MUST be represented by a single 0. The following are examples: SID MUST be represented by a single 0. The following are examples:
* beef * beef
* eef * eef
* 0 * 0
A 16-bit CRH SID also can be represented in dotted-decimal notation. A 16-bit CRH SID also can be represented in dotted-decimal notation.
The following are examples: The following are examples:
* 192.0 * 192.0
* 192.51 * 192.51
A 32-bit CRH SID can be represented by four lower-case hexadecimal A 32-bit CRH SID can be represented by four lowercase hexadecimal
digits, a colon (:), and another four lower-case hexadecimal digits. digits, a colon (:), and another four lowercase hexadecimal digits.
Leading zeros MUST be omitted. The following are examples: Leading zeros MUST be omitted. The following are examples:
* dead:beef * dead:beef
* ead:eef * ead:eef
* :beef * :beef
* beef: * beef:
* : * :
A 32-bit CRH SID can also be represent in dotted-decimal notation. A 32-bit CRH SID can also be represented in dotted-decimal notation.
The following are examples: The following are examples:
* 192.0.2.1 * 192.0.2.1
* 192.0.2.2 * 192.0.2.2
* 192.0.2.3 * 192.0.2.3
10. Security Considerations 10. Security Considerations
In this document, one node trusts another only if both nodes are In this document, one node trusts another only if both nodes are
operated by the same party. A node determines whether it trusts operated by the same party. A node determines whether it trusts
another node by examining its IP address. In many networks, another node by examining its IP address. In many networks,
operators number their nodes from a small number of prefixes. This operators number their nodes using a small number of prefixes. This
facilitates identification of trusted nodes. facilitates identification of trusted nodes.
A node can encounter security vulnerabilities when it processes a A node can encounter security vulnerabilities when it processes a
Routing Header that originated on an untrusted node [RFC5095]. Routing header that originated on an untrusted node [RFC5095].
Therefore, nodes MUST deploy ACLs that discard packets containing the Therefore, nodes MUST deploy ACLs that discard packets containing the
CRH when both of the following conditions are true: CRH when both of the following conditions are true:
* The Source Address does not identify an interface on a trusted * The Source Address does not identify an interface on a trusted
node. node.
* The Destination Address identifies an interface on the local node. * The Destination Address identifies an interface on the local node.
The above-mentioned ACLs do not protect the node from attack packets The above-mentioned ACLs do not protect the node from attack packets
that contain a forged (i.e., spoofed) Source Address. In order to that contain a forged (i.e., spoofed) Source Address. In order to
mitigate this risk, nodes MAY also discard packets containing the CRH mitigate this risk, nodes MAY also discard packets containing the CRH
when all of the following conditions are true: when all of the following conditions are true:
* The Source Address identifies an interface on a trusted node. * The Source Address identifies an interface on a trusted node.
* The Destination Address identifies an interface on the local node. * The Destination Address identifies an interface on the local node.
* The packet does not pass an Enhanced Feasible-Path Unicast Reverse * The packet does not pass an Enhanced Feasible-Path Unicast Reverse
Path Forwarding (RPF) [RFC8704], Path Forwarding (EFP-uRPF) [RFC8704] check.
The RPF check eliminates some, but not all packets with forged source The EFP-uRPF check eliminates some, but not all, packets with forged
addresses. Therefore, a network operator that deploys CRH MUST Source Addresses. Therefore, a network operator that deploys CRH
implement Access Control Lists (ACL) on each of its edge nodes. The MUST implement ACLs on each of its edge nodes. The ACL discards
ACL discards packets whose source address identifies an interface on packets whose Source Address identifies an interface on a trusted
a trusted node. node.
The CRH is compatible with end-to-end IPv6 Authentication Header (AH) The CRH is compatible with end-to-end IPv6 Authentication Header (AH)
[RFC4302] processing. This is becasue the source node calculates the [RFC4302] processing. This is because the source node calculates the
Integrity Check Value (ICV) over the packet as it arrives at the Integrity Check Value (ICV) over the packet as it arrives at the
destination node. destination node.
11. Implementation and Deployment Status 11. Experimental Results
Juniper Networks has produced experimental implementations of the CRH
on the MX-series (ASIC-based) router
Liquid Telecom has produced experimental implementations of the CRH
on software based routers.
The CRH has carried non-production traffic in CERNET and Liquid
Telecom.
Interoperability among these implementations has not yet been
demonstrated.
12. Experimental Results
Parties participating in this experiment should publish experimental Parties participating in this experiment should publish experimental
results within one year of the publication of this document. results within one year of the publication of this document.
Experimental results should address the following: Experimental results should address the following:
* Effort required to deploy * Effort required to deploy
- Was deployment incremental or network-wide? - Was deployment incremental or network-wide?
- Was there a need to synchronize configurations at each node or - Was there a need to synchronize configurations at each node, or
could nodes be configured independently could nodes be configured independently?
- Did the deployment require hardware upgrade? - Did the deployment require a hardware upgrade?
- Did the CRH SIDs have domain-wide or node-local significance? - Did the CRH SIDs have domain-wide or node-local significance?
* Effort required to secure * Effort required to secure
* Performance impact * Performance impact
* Effectiveness of risk mitigation with ACLs * Effectiveness of risk mitigation with ACLs
* Cost of risk mitigation with ACLs * Cost of risk mitigation with ACLs
* Mechanism used to populate the FIB * Mechanism used to populate the CRH-FIB
* Scale of deployment * Scale of deployment
* Interoperability * Interoperability
- Did you deploy two inter-operable implementations? - Did you deploy two interoperable implementations?
- Did you experience interoperability problems? - Did you experience interoperability problems?
- Did implementations generally implement the same topological - Did implementations generally implement the same topological
functions with identical arguments? functions with identical arguments?
- Were topological function semantics identical on each - Were topological function semantics identical on each
implementation? implementation?
* Effectiveness and sufficiency of OAM mechanism * Effectiveness and sufficiency of Operations, Administration, and
Maintenance (OAM) mechanisms
- Did PING work? - Did PING work?
- Did TRACEROUTE work? - Did Traceroute work?
- Did Wireshark work? - Did Wireshark work?
- Did TCPDUMP work? - Did TCPDUMP work?
13. IANA Considerations 12. IANA Considerations
This document makes the following registrations in the "Internet
Protocol Version 6 (IPv6) Parameters" "Routing Types" subregistry
maintained by IANA:
+-------+------------------------------+---------------+
| Value | Description | Reference |
+=======+==============================+===============+
| 5 | CRH-16 | This document |
+-------+------------------------------+---------------+
| 6 | CRH-32 | This document |
+-------+------------------------------+---------------+
14. Acknowledgements
Thanks to Dr. Vanessa Ameen, Dale Carder, Brian Carpenter, Adrian
Farrel, Fernando Gont, Naveen Kottapalli, Joel Halpern, Mark Smith,
Reji Thomas, Tony Li, Xing Li, Gerald Schmidt, Nancy Shaw, Ketan
Talaulikar, and Chandra Venkatraman for their contributions to this
document.
15. Contributors
Gang Chen
Baidu
No.10 Xibeiwang East Road Haidian District
Beijing 100193 P.R. China
Email: phdgang@gmail.com
Yifeng Zhou
ByteDance
Building 1, AVIC Plaza, 43 N 3rd Ring W Rd Haidian District
Beijing 100000 P.R. China
Email: yifeng.zhou@bytedance.com
Gyan Mishra
Verizon IANA has registered the following in the "Routing Types" subregistry
within the "Internet Protocol Version 6 (IPv6) Parameters" registry:
Silver Spring, Maryland, USA +=======+=============+===========+
| Value | Description | Reference |
+=======+=============+===========+
| 5 | CRH-16 | RFC 9631 |
+-------+-------------+-----------+
| 6 | CRH-32 | RFC 9631 |
+-------+-------------+-----------+
Email: hayabusagsm@gmail.com Table 1
16. References 13. References
16.1. Normative References 13.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4302] Kent, S., "IP Authentication Header", RFC 4302, [RFC4302] Kent, S., "IP Authentication Header", RFC 4302,
DOI 10.17487/RFC4302, December 2005, DOI 10.17487/RFC4302, December 2005,
<https://www.rfc-editor.org/info/rfc4302>. <https://www.rfc-editor.org/info/rfc4302>.
skipping to change at page 13, line 14 skipping to change at line 520
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200, (IPv6) Specification", STD 86, RFC 8200,
DOI 10.17487/RFC8200, July 2017, DOI 10.17487/RFC8200, July 2017,
<https://www.rfc-editor.org/info/rfc8200>. <https://www.rfc-editor.org/info/rfc8200>.
16.2. Informative References 13.2. Informative References
[IANA-RH] IANA, "Routing Headers", [IANA-RT] IANA, "Routing Types",
<https://www.iana.org/assignments/ipv6-parameters/ <https://www.iana.org/assignments/ipv6-parameters>.
ipv6-parameters.xhtml#ipv6-parameters-3>.
[ISO10589-Second-Edition] [ISO10589-Second-Edition]
International Organization for Standardization, ISO/IEC, "Information technology - Telecommunications and
""Intermediate system to Intermediate system intra-domain information exchange between systems - Intermediate System
routeing information exchange protocol for use in to Intermediate System intra-domain routeing information
conjunction with the protocol for providing the exchange protocol for use in conjunction with the protocol
connectionless-mode Network Service (ISO 8473)", ISO/IEC for providing the connectionless-mode network service (ISO
10589:2002, Second Edition,", November 2001. 8473)", Second Edition, ISO/IEC 10589:2002, November 2002,
<https://www.iso.org/standard/30932.html>.
[RFC2151] Kessler, G. and S. Shepard, "A Primer On Internet and TCP/ [RFC2151] Kessler, G. and S. Shepard, "A Primer On Internet and TCP/
IP Tools and Utilities", FYI 30, RFC 2151, IP Tools and Utilities", FYI 30, RFC 2151,
DOI 10.17487/RFC2151, June 1997, DOI 10.17487/RFC2151, June 1997,
<https://www.rfc-editor.org/info/rfc2151>. <https://www.rfc-editor.org/info/rfc2151>.
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
Border Gateway Protocol 4 (BGP-4)", RFC 4271, Border Gateway Protocol 4 (BGP-4)", RFC 4271,
DOI 10.17487/RFC4271, January 2006, DOI 10.17487/RFC4271, January 2006,
<https://www.rfc-editor.org/info/rfc4271>. <https://www.rfc-editor.org/info/rfc4271>.
skipping to change at page 14, line 24 skipping to change at line 577
Appendix A. CRH Processing Examples Appendix A. CRH Processing Examples
This appendix demonstrates CRH processing in the following scenarios: This appendix demonstrates CRH processing in the following scenarios:
* The CRH SID list contains one entry for each segment in the path * The CRH SID list contains one entry for each segment in the path
(Appendix A.1). (Appendix A.1).
* The CRH SID list omits the first entry in the path (Appendix A.2). * The CRH SID list omits the first entry in the path (Appendix A.2).
Figure 3 provides a reference topology that is used in all examples,
and Table 2 describes two entries that appear in each node's CRH-FIB.
----------- ----------- ----------- ----------- ----------- -----------
|Node: S | |Node: I1 | |Node: I2 | |Node: S | |Node: I1 | |Node: I2 |
|Loopback: |---------------|Loopback: |---------------|Loopback: | |Loopback: |---------------|Loopback: |---------------|Loopback: |
|2001:db8::a| |2001:db8::1| |2001:db8::2| |2001:db8::a| |2001:db8::1| |2001:db8::2|
----------- ----------- ----------- ----------- ----------- -----------
| | | |
| ----------- | | ----------- |
| |Node: D | | | |Node: D | |
---------------------|Loopback: |--------------------- ---------------------|Loopback: |---------------------
|2001:db8::b| |2001:db8::b|
----------- -----------
Figure 3: Reference Topology Figure 3: Reference Topology
Figure 3 provides a reference topology that is used in all examples.
+=====+==============+===================+ +=====+==============+===================+
| SID | IPv6 Address | Forwarding Method | | SID | IPv6 Address | Forwarding Method |
+=====+==============+===================+ +=====+==============+===================+
| 2 | 2001:db8::2 | Least-cost path | | 2 | 2001:db8::2 | Least-cost path |
+-----+--------------+-------------------+ +-----+--------------+-------------------+
| 11 | 2001:db8::b | Least-cost path | | 11 | 2001:db8::b | Least-cost path |
+-----+--------------+-------------------+ +-----+--------------+-------------------+
Table 1: Node SIDs Table 2: Node SIDs
Table 1 describes two entries that appear in each node's CRH-FIB. A.1. The CRH SID list contains one entry for each segment in the path.
A.1. The CRH SID List Contains One Entry For Each Segment In The Path In this example, Node S sends a packet to Node D via I2, and I2
appears in the CRH segment list.
In this example, Node S sends a packet to Node D, via I2. In this +-----------------------------------+-------------------+
example, I2 appears in the CRH segment list. | Source Address = 2001:db8::a | Segments Left = 1 |
+-----------------------------------+-------------------+
| Destination Address = 2001:db8::2 | SID[0] = 11 |
+-----------------------------------+-------------------+
| | SID[1] = 2 |
+-----------------------------------+-------------------+
+=====================================+===================+ Table 3: Packet Travels from S to I2
| As the packet travels from S to I2: | |
+=====================================+===================+
| Source Address = 2001:db8::a | Segments Left = 1 |
+-------------------------------------+-------------------+
| Destination Address = 2001:db8::2 | SID[0] = 11 |
+-------------------------------------+-------------------+
| | SID[1] = 2 |
+-------------------------------------+-------------------+
Table 2 +-----------------------------------+-------------------+
| Source Address = 2001:db8::a | Segments Left = 0 |
+-----------------------------------+-------------------+
| Destination Address = 2001:db8::b | SID[0] = 11 |
+-----------------------------------+-------------------+
| | SID[1] = 2 |
+-----------------------------------+-------------------+
+=====================================+===================+ Table 4: Packet Travels from I2 to D
| As the packet travels from I2 to D: | |
+=====================================+===================+
| Source Address = 2001:db8::a | Segments Left = 0 |
+-------------------------------------+-------------------+
| Destination Address = 2001:db8::b | SID[0] = 11 |
+-------------------------------------+-------------------+
| | SID[1] = 2 |
+-------------------------------------+-------------------+
Table 3 A.2. The CRH SID list omits the first entry in the path.
A.2. The CRH SID List Omits The First Entry In The Path In this example, Node S sends a packet to Node D via I2, and I2 does
not appear in the CRH segment list.
In this example, Node S sends a packet to Node D, via I2. In this +-----------------------------------+-------------------+
example, I2 does not appear in the CRH segment list. | Source Address = 2001:db8::a | Segments Left = 1 |
+-----------------------------------+-------------------+
| Destination Address = 2001:db8::2 | SID[0] = 11 |
+-----------------------------------+-------------------+
+=====================================+===================+ Table 5: Packet Travels from S to I2
| As the packet travels from S to I2: | |
+=====================================+===================+
| Source Address = 2001:db8::a | Segments Left = 1 |
+-------------------------------------+-------------------+
| Destination Address = 2001:db8::2 | SID[0] = 11 |
+-------------------------------------+-------------------+
Table 4 +-----------------------------------+-------------------+
| Source Address = 2001:db8::a | Segments Left = 0 |
+-----------------------------------+-------------------+
| Destination Address = 2001:db8::b | SID[0] = 11 |
+-----------------------------------+-------------------+
+=====================================+===================+ Table 6: Packet Travels from I2 to D
| As the packet travels from I2 to D: | |
+=====================================+===================+
| Source Address = 2001:db8::a | Segments Left = 0 |
+-------------------------------------+-------------------+
| Destination Address = 2001:db8::b | SID[0] = 11 |
+-------------------------------------+-------------------+
Table 5 Acknowledgements
Thanks to Dr. Vanessa Ameen, Dale Carder, Brian Carpenter, Adrian
Farrel, Fernando Gont, Joel Halpern, Naveen Kottapalli, Tony Li, Xing
Li, Gerald Schmidt, Nancy Shaw, Mark Smith, Ketan Talaulikar, Reji
Thomas, and Chandra Venkatraman for their contributions to this
document.
Contributors
Gang Chen
Baidu
No.10 Xibeiwang East Road
Haidian District
Beijing
100193
China
Email: phdgang@gmail.com
Yifeng Zhou
ByteDance
Building 1, AVIC Plaza
43 N 3rd Ring W Rd
Haidian District
Beijing
100000
China
Email: yifeng.zhou@bytedance.com
Gyan Mishra
Verizon
Silver Spring, MD
United States of America
Email: hayabusagsm@gmail.com
Authors' Addresses Authors' Addresses
Ron Bonica Ron Bonica
Juniper Networks Juniper Networks
2251 Corporate Park Drive 2251 Corporate Park Drive
Herndon, Virginia 20171 Herndon, VA 20171
United States of America United States of America
Email: rbonica@juniper.net Email: rbonica@juniper.net
Yuji Kamite Yuji Kamite
NTT Communications Corporation NTT Communications Corporation
3-4-1 Shibaura, Minato-ku, 3-4-1 Shibaura, Minato-ku, Tokyo
108-8118 108-8118
Japan Japan
Email: y.kamite@ntt.com Email: y.kamite@ntt.com
Andrew Alston Andrew Alston
Liquid Telecom Alston Networks
Nairobi Nairobi
Kenya Kenya
Email: Andrew.Alston@liquidtelecom.com Email: aa@alstonnetworks.net
Daniam Henriques Daniam Henriques
Liquid Telecom Liquid Telecom
Johannesburg Johannesburg
South Africa South Africa
Email: daniam.henriques@liquidtelecom.com Email: daniam.henriques@liquidtelecom.com
Luay Jalil Luay Jalil
Verizon Verizon
Richardson, Texas Richardson, TX
United States of America United States of America
Email: luay.jalil@one.verizon.com Email: luay.jalil@one.verizon.com
 End of changes. 97 change blocks. 
257 lines changed or deleted 234 lines changed or added

This html diff was produced by rfcdiff 1.48.