rfc8781xml2.original.xml   rfc8781.xml 
<?xml version="1.0" encoding="US-ASCII"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC1918 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.1918.xml">
<!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.2119.xml">
<!ENTITY RFC4033 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.4033.xml">
<!ENTITY RFC4861 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.4861.xml">
<!ENTITY RFC6052 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.6052.xml">
<!ENTITY RFC6104 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.6104.xml">
<!ENTITY RFC6105 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.6105.xml">
<!ENTITY RFC6146 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.6146.xml">
<!ENTITY RFC6147 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.6147.xml">
<!ENTITY RFC6877 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.6877.xml">
<!ENTITY RFC7050 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.7050.xml">
<!ENTITY RFC7225 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.7225.xml">
<!ENTITY RFC7556 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.7556.xml">
<!ENTITY RFC7858 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.7858.xml">
<!ENTITY RFC8174 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.8174.xml">
<!ENTITY RFC8305 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.8305.xml">
<!ENTITY RFC8484 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC
.8484.xml">
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<!-- used by XSLT processors -->
<!-- For a complete list and description of processing instructions (PIs),
please see http://xml.resource.org/authoring/README.html. -->
<!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds
might want to use.
(Here they are set differently than their defaults in xml2rfc v1.32) -->
<?rfc strict="yes" ?>
<!-- give errors regarding ID-nits and DTD validation -->
<!-- control the table of contents (ToC) -->
<?rfc toc="yes"?>
<!-- generate a ToC -->
<?rfc tocdepth="4"?>
<!-- the number of levels of subsections in ToC. default: 3 -->
<!-- control references -->
<?rfc symrefs="yes"?>
<!-- use symbolic references tags, i.e, [RFC2119] instead of [1] -->
<?rfc sortrefs="yes" ?>
<!-- sort the reference entries alphabetically -->
<!-- control vertical white space
(using these PIs as follows is recommended by the RFC Editor) -->
<?rfc compact="yes" ?>
<!-- do not start each main section on a new page -->
<?rfc subcompact="no" ?>
<!-- keep one blank line between list items -->
<!-- end of list of popular I-D processing instructions -->
<rfc ipr="trust200902"
obsoletes=""
category="std"
docName="draft-ietf-6man-ra-pref64-09">
<!-- category values: std, bcp, info, exp, and historic --> <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent">
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" obsoletes=""
category="std" consensus="true" docName="draft-ietf-6man-ra-pref64-09"
number="8781" updates="" submissionType="IETF" xml:lang="en"
tocInclude="true" tocDepth="4" symRefs="true" sortRefs="true"
version="3">
<!-- xml2rfc v2v3 conversion 2.39.0 -->
<!-- ***** FRONT MATTER ***** --> <!-- ***** FRONT MATTER ***** -->
<front> <front>
<!-- The abbreviated title is used in the page header - it is only necessary
if the
full title is longer than 39 characters -->
<title>Discovering PREF64 in Router Advertisements</title> <title>Discovering PREF64 in Router Advertisements</title>
<seriesInfo name="RFC" value="8781"/>
<!-- add 'role="editor"' below for the editors if appropriate -->
<author fullname="Lorenzo Colitti" initials="L." surname="Colitti"> <author fullname="Lorenzo Colitti" initials="L." surname="Colitti">
<organization>Google</organization> <organization>Google</organization>
<address> <address>
<postal> <postal>
<street>Shibuya 3-21-3</street> <street>Shibuya 3-21-3</street>
<city>Shibuya</city> <city>Shibuya</city>
<region>Tokyo</region> <region>Tokyo</region>
<code>150-0002</code> <code>150-0002</code>
<country>JP</country> <country>Japan</country>
</postal> </postal>
<phone/>
<phone></phone>
<email>lorenzo@google.com</email> <email>lorenzo@google.com</email>
</address> </address>
</author> </author>
<author fullname="Jen Linkova" initials="J." surname="Linkova"> <author fullname="Jen Linkova" initials="J." surname="Linkova">
<organization>Google</organization> <organization>Google</organization>
<address> <address>
<postal> <postal>
<street>1 Darling Island Rd</street> <street>1 Darling Island Rd</street>
<city>Pyrmont</city> <city>Pyrmont</city>
<region>NSW</region> <region>NSW</region>
<code>2009</code> <code>2009</code>
<country>AU</country> <country>Australia</country>
</postal> </postal>
<phone/>
<phone></phone>
<email>furry@google.com</email> <email>furry@google.com</email>
</address> </address>
</author> </author>
<date year="2020" month="April" />
<date/>
<!-- If the month and year are both specified and are the current ones, xml2
rfc will fill
in the current day for you. If only the current year is specified, xml2
rfc will fill
in the current day and month for you. If the year is not the current one
, it is
necessary to specify at least a month (xml2rfc assumes day="1" if not sp
ecified for the
purpose of calculating the expiry date). With drafts it is normally suf
ficient to
specify just the year. -->
<!-- Meta-data Declarations -->
<area>Internet</area> <area>Internet</area>
<workgroup>IPv6 Maintenance</workgroup> <workgroup>IPv6 Maintenance</workgroup>
<!-- WG name at the upperleft corner of the doc,
IETF is fine for individual submissions.
If this element is not present, the default is "Network Working Group",
which is used by the RFC Editor as a nod to the history of the IETF. --
>
<keyword>template</keyword>
<!-- Keywords will be incorporated into HTML output
files in a meta tag but they have no effect on text or nroff
output. If you submit your draft to the RFC Editor, the
keywords will be used for the search engine. -->
<abstract> <abstract>
<t>This document specifies a Neighbor Discovery option to be used in <t>This document specifies a Neighbor Discovery option to be used in
Router Advertisements to communicate NAT64 prefixes to hosts.</t> Router Advertisements (RAs) to communicate prefixes of Network Address and
Protocol
Translation from IPv6 clients to IPv4 servers (NAT64) to hosts.</t>
</abstract> </abstract>
</front> </front>
<middle> <middle>
<section title="Introduction"> <section numbered="true" toc="default">
<name>Introduction</name>
<t>NAT64 <xref target="RFC6146"/> with DNS64 <xref target="RFC6147"/> <t>NAT64 <xref target="RFC6146" format="default"/> with DNS Extensions
is a widely-deployed mechanism to provide IPv4 access on IPv6-only networks. In for Network Address Translation from IPv6 clients to IPv4 servers (DNS64)
various scenarios, the host must be aware of the NAT64 prefix in use by the net <xref
work. This document specifies a Neighbor Discovery <xref target="RFC4861"/> opti target="RFC6147" format="default"/> is a widely deployed mechanism to
on to be used in Router Advertisements to communicate NAT64 prefixes to hosts.</ provide IPv4 access on IPv6-only networks. In various scenarios, the
t> host must be aware of the NAT64 prefix in use by the network. This
document specifies a Neighbor Discovery <xref target="RFC4861"
<section title="Requirements Language"> format="default"/> option to be used in Router Advertisements
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL (RAs) to
NOT", communicate NAT64 prefixes to hosts.</t>
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED" <section numbered="true" toc="default">
, "MAY", and <name>Requirements Language</name>
"OPTIONAL" in this document are to be interpreted as des <t>
cribed in The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU
BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
when, and only when, they appear in all capitals, as show NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>
n here.</t> RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
be interpreted as
described in BCP&nbsp;14 <xref target="RFC2119"/> <xref target="RFC8174"/>
when, and only when, they appear in all capitals, as shown here.
</t>
</section> </section>
<section title="Terminology"> <section numbered="true" toc="default">
<t> <name>Terminology</name>
PREF64 (or NAT64 prefix): an IPv6 prefix used for IPv6 addr <dl>
ess synthesis <xref target="RFC6146"/>; <dt>PREF64 (or NAT64 prefix):</dt><dd>An IPv6 prefix used for IPv6 addr
</t> ess
<t> synthesis <xref target="RFC6146" format="default"/>;
NAT64: Network Address and Protocol Translation from IPv6 C </dd>
lients to IPv4 Servers <xref target="RFC6146"/>; <dt>NAT64:</dt><dd>Network Address and Protocol Translation from IPv6 cl
</t> ients to
<t> IPv4 servers <xref target="RFC6146" format="default"/>;
RA: Router Advertisement, a message used by IPv6 routers </dd>
to advertise their presence together <dt>Router Advertisement (RA):</dt><dd>A message used by IPv6 routers to
with various link and Internet parameters <xref target="RFC advertise their presence together
4861"/>; with various link and Internet parameters <xref target="RFC4861" format
</t> ="default"/>;
<t> </dd></dl>
DNS64: a mechanism for synthesizing AAAA records from A rec <t>
ords <xref target="RFC6147"/>; DNS64: a mechanism for synthesizing AAAA records from A records
</t> <xref target="RFC6147" format="default"/>;
</t>
</section> </section>
</section> </section>
<section numbered="true" toc="default">
<section title="Use cases for communicating the NAT64 prefix to hosts"> <name>Use Cases for Communicating the NAT64 Prefix to Hosts</name>
<t> <t>
On networks employing NAT64, it is useful for hosts to know the N AT64 prefix for several reasons, including the following: On networks employing NAT64, it is useful for hosts to know the N AT64 prefix for several reasons, including the following:
<list style="symbols"> </t>
<t>Enabling DNS64 functions on end hosts. In particular: <ul spacing="normal">
<list style="symbols"> <li>
<t>Local DNSSEC validation (DNS64 in stub-resolver mode). As discuss <t>Enabling DNS64 functions on end hosts. In particular:
ed in <xref target="RFC6147"/> section 2, the stub resolver in the host "will tr </t>
y to obtain (real) AAAA RRs, and in case they are not available, the DNS64 funct <ul spacing="normal">
ion will synthesize AAAA RRs for internal usage." Therefore to perform the DNS64
function the stub resolver needs to know the NAT64 prefix. This is required in
order to use DNSSEC on a NAT64 network.</t>
<t>Trusted DNS server. AAAA synthesis is required for the host to be
able to use a DNS server not provided by the network (e.g., a DNS-over-TLS <xref
target="RFC7858"/> or DNS-over-HTTPS <xref target="RFC8484"/> server with which
the host has an existing trust relationship).</t>
<t>Networks with no DNS64 server. Hosts that support AAAA synthesis a
nd that are aware of the NAT64 prefix in use do not need the network to perform
the DNS64 function at all.</t>
</list></t>
<t> Enabling NAT64 address translation functions on end hosts. For example:
<list style="symbols">
<t>IPv4 address literals on an IPv6-only host. As described in <xref
target="RFC8305"/> section 7.1, IPv6-only hosts connecting to IPv4 address lite
rals can translate the IPv4 literal to an IPv6 literal.</t>
<t>464XLAT <xref target="RFC6877"/>. 464XLAT requires the host be aw
are of the NAT64 prefix.</t>
</list>
</t>
</list>
</t>
</section>
<section title="Why include the NAT64 prefix in Router Advertisements"> <li>Local DNSSEC validation (DNS64 in stub-resolver mode). As
<t>Fate sharing: NAT64 requires routing to be configured. IPv6 routin discussed in <xref target="RFC6147" sectionFormat="comma" section="2"
g configuration requires receiving an IPv6 Router Advertisement <xref target="RF />,
C4861"/>. Therefore using Router Advertisements to provide hosts with NAT64 pref the stub resolver in the host "will try to obtain (real)
ix ensures that NAT64 reachability information shares fate with the rest of netw AAAA RRs,
ork configuration on the host.</t> and in case they are not available, the DNS64 function will
<t>Atomic configuration: including the NAT64 prefix in the Router Adv synthesize AAAA RRs for internal usage." Therefore, to perform the
ertisement minimizes the number of packets required to configure a host. Only on DNS64 function, the stub resolver needs to know the NAT64
e packet (a Router Advertisement) is required to complete the network configurat prefix. This is required in order to use DNSSEC on a NAT64
ion. This speeds up the process of connecting to a network that supports NAT64/D network.</li>
NS64, and simplifies host implementation by removing the possibility that the ho <li>Trusted DNS server. AAAA synthesis is required for the host to
st can have an incomplete layer 3 configuration (e.g., IPv6 addresses and prefix be able to use a DNS server not provided by the network (e.g., a
es, but no NAT64 prefix).</t> DNS-over-TLS <xref target="RFC7858" format="default"/> or
<t>Updatability: it is possible to change the NAT64 prefix at any time, be DNS-over-HTTPS <xref target="RFC8484" format="default"/> server
cause when it changes, it is possible to notify hosts by sending a new Router Ad with which the host has an existing trust relationship).</li>
vertisement.</t> <li>Networks with no DNS64 server. Hosts that support AAAA
<t>Deployability: all IPv6 hosts and networks are required to support Neig synthesis and are aware of the NAT64 prefix in use do not need the
hbor Discovery <xref target="RFC4861"/> so just a minor extension to the existin network to perform the DNS64 function at all.</li>
g implementation is required. Other options such as <xref target="RFC7225"/> req </ul>
uire implementing other protocols (e.g. PCP <xref target="RFC7225"/>) which coul </li>
d be considered an obstacle for deployment.</t> <li>
<t> Enabling NAT64 address-translation functions on end hosts. For exa
mple:
</t>
<ul spacing="normal">
<li>IPv4 address literals on an IPv6-only host. As described in
<xref target="RFC8305" sectionFormat="comma" section="7.1"/>, IPv6-on
ly
hosts connecting to IPv4 address literals can translate the IPv4
literal to an IPv6 literal.</li>
<li>464XLAT <xref target="RFC6877" format="default"/>. 464XLAT
requires the host be aware of the NAT64 prefix.</li>
</ul>
</li>
</ul>
</section> </section>
<section numbered="true" toc="default">
<section anchor="Format" title="Option format"> <name>Why Include the NAT64 Prefix in Router Advertisements?</name>
<figure align="center" anchor="fig_Option" <dl><dt>Fate sharing:</dt><dd>NAT64 requires routing to be configured. IPv
title="NAT64 Prefix Option Format"> 6 routing
<artwork align="center"><![CDATA[ configuration requires receiving an IPv6 RA <xref
target="RFC4861" format="default"/>. Therefore, using RAs to provide hosts
with the NAT64 prefix ensures that NAT64
reachability information shares the fate of the rest of the network
configuration on the host.</dd>
<dt>Atomic configuration:</dt><dd>Including the NAT64 prefix in the RA min
imizes the number of packets required to configure a
host. Only one packet (an RA) is required to complete
the network configuration. This speeds up the process of connecting to a
network that supports NAT64/DNS64. It also simplifies host implementation
by
removing the possibility that the host can have an incomplete
Layer 3
configuration (e.g., IPv6 addresses and prefixes, but no NAT64
prefix).</dd>
<dt>Updatability:</dt><dd>It is possible to change the NAT64 prefix at any
time,
because when it changes, it is possible to notify hosts by sending a new
RA.</dd>
<dt>Deployability:</dt><dd>All IPv6 hosts and networks are required to sup
port
Neighbor Discovery <xref target="RFC4861" format="default"/> so just a
minor extension to the existing implementation is required. Other
options, such as <xref target="RFC7225" format="default"/>, require
implementing other protocols (e.g., Port Control Protocol (PCP) <xref targ
et="RFC7225"
format="default"/>), which could be considered an obstacle for
deployment.</dd></dl>
</section>
<section anchor="Format" numbered="true" toc="default">
<name>Option Format</name>
<figure anchor="fig_Option">
<name>NAT64 Prefix Option Format</name>
<artwork align="center" name="" type="" alt=""><![CDATA[
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Scaled Lifetime | PLC | | Type | Length | Scaled Lifetime | PLC |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| Highest 96 bits of the Prefix | | Highest 96 bits of the Prefix |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
]]></artwork> ]]></artwork>
</figure> </figure>
<t>Fields:</t>
<t>Fields:</t>
<texttable style="none">
<ttcol></ttcol>
<ttcol></ttcol>
<c>Type</c> <c>8-bit identifier of the PREF64 optio
n type as assigned by IANA: TBD</c>
<c>Length</c> <c> 8-bit unsigned integer.
The length of the option
(including the Type and Length fiel
ds) is in units of 8 octets. The sender MUST set the length to 2. The receiver
MUST ignore the PREF64 option if the length field value is not 2.</c>
<c></c><c></c>
<c>Scaled Lifetime</c> <c>13-bit unsigned
integer. The maximum time in units of 8 seconds over which this NAT64 prefix MAY
be used. See <xref target="lifetime"/> for the Scaled Lifetime field processing
rules.
</c>
<c></c><c></c>
<c>PLC (Prefix Length Code)</c><c>3-bit unsigned integer. This field enco
des the NAT64 Prefix Length defined in <xref target="RFC6052"/>. The PLC field v
alues 0, 1, 2, 3, 4 and 5 indicate the NAT64 prefix length of 96, 64, 56, 48, 40
and 32 bits respectively. The receiver MUST ignore the PREF64 option if the pre
fix length code field is not set to one of those values. </c>
<c></c><c></c>
<c>Highest 96 bits of the prefix</c> <c>96-bit unsigned integer. Contai
ns bits 0 - 95 of the NAT64 prefix.</c>
</texttable>
<section anchor="lifetime" title="Scaled Lifetime Processing"> <table align="center">
<t> <name>NAT64 Prefix Option Format Fields</name>
It would be highly undesirable for the NAT64 prefix to hav <tbody>
e a lifetime shorter than the Router Lifetime, which is defined in the Section 4 <tr>
.2 of <xref target="RFC4861"/> as 16-bit unsigned integer. <td align="left">Type</td>
If the NAT64 prefix lifetime is not at least equal to the <td align="left">8-bit identifier of the PREF64 option
default router lifetime it might lead to scenarios when the NAT64 prefix lifetim type (38)</td>
e expires before the arrival of the next unsolicited RA. </tr>
Therefore the Scaled Lifetime encodes the NAT64 prefix lif
etime in units of 8 seconds.
The receiver MUST multiply the Scaled Lifetime value by 8
(for example, by logical left shift) to calculate the maximum time in seconds th
e prefix MAY be used.
The maximum lifetime of the NAT64 prefix is thus 65528 sec
onds.
To ensure that the NAT64 prefix does not expire before the
default router, when using this option it is NOT RECOMMENDED to configure defau
lt router lifetimes greater than 65528 seconds.
Lifetime of 0 indicates that the prefix SHOULD NOT be used
anymore.
</t>
<t>
The value of the Scaled Lifetime field SHOULD by default b
e set to the lesser of 3 x MaxRtrAdvInterval (<xref target="RFC4861"/>) divided
by 8, or 8191.
</t>
<t>
Router vendors SHOULD allow administrators to specify non-
zero lifetime values which are not divisible by 8.
In such cases the router SHOULD round the provided value u
p to the nearest integer that is divisible by 8 and smaller than 65536, then div
ide the result by 8 (or perform a logical right-shift by 3), and set the Scaled
Lifetime field to the resulting value.
If such a non-zero lifetime value to be divided by 8 (to b
e subjected to a logical right-shift by 3) is less than 8 then the Scaled Lifeti
me field SHOULD be set to 1.
This last step ensures that lifetimes under 8 seconds are
encoded as a non-zero Scaled Lifetime.
</t>
</section>
</section> <tr>
<section title="Usage Guidelines"> <td align="left">Length</td>
<t>This option specifies exactly one NAT64 prefix for all IPv4 destin <td align="left">8-bit unsigned integer. The length of the
ations. If the network operator desires to route different parts of the IPv4 add option (including the Type and Length fields) is in units of 8
ress space to different NAT64 devices, this can be accomplished by routing more octets. The sender <bcp14>MUST</bcp14> set the length to 2. The
specific sub-prefixes of the NAT64 prefix to those devices. receiver <bcp14>MUST</bcp14> ignore the PREF64 option if the
For example, suppose an operator is using the <xref target="R Length field value is not 2.</td>
FC1918"/> address space 10.0.0.0/8 internally. </tr>
That operator might want to route 10.0.0.0/8 through NAT64 de
vice A, and the rest of the IPv4 space through NAT64 device B.
If the operator's NAT64 prefix is 2001:db8:a:b::/96, then the
operator can route 2001:db8:a:b::a00:0/104 to NAT64 A and 2001:db8:a:b::/96 to
NAT64 B.
</t>
<t>This option may appear more than once in a Router Advertisement ( <tr>
e.g. in case of graceful renumbering the network from one NAT64 prefix to anothe <td align="left">Scaled Lifetime</td>
r). Host behaviour with regards to synthesizing IPv6 addresses from IPv4 address <td align="left">13-bit unsigned integer. The maximum time in
es SHOULD follow the recommendations given in Section 3 of <xref target="RFC7050 units of 8 seconds over which this NAT64 prefix <bcp14>MAY</bcp14>
"/>, limited to the NAT64 prefixes that have non-zero lifetime.</t> be used. See <xref target="lifetime" format="default"/> for the
Scaled Lifetime field processing rules.</td>
</tr>
<t>In a network (or a provisioning domain) that provides both IPv4 an <tr>
d NAT64, it may be desirable for certain IPv4 addresses not to be translated. An <td align="left">PLC (Prefix Length Code)</td>
example might be private address ranges that are local to the network/provision <td align="left">3-bit unsigned integer. This field encodes the
ing domain and should not be reached through the NAT64. This type of configurati NAT64 Prefix Length defined in <xref target="RFC6052"
on cannot be conveyed to hosts using this option, or through other NAT64 prefix format="default"/>. The PLC field values 0, 1, 2, 3, 4, and 5
provisioning mechanisms such as <xref target="RFC7050"/> or <xref target="RFC722 indicate the NAT64 prefix length of 96, 64, 56, 48, 40, and 32 bits,
5"/>. This problem does not apply in IPv6-only networks, because in such network respectively. The receiver <bcp14>MUST</bcp14> ignore the PREF64
s, the host does not have an IPv4 address and cannot reach any IPv4 destinations option if the Prefix Length Code field is not set to one of those
without the NAT64.</t> values.</td>
</tr>
<section anchor="mult_src" title="Handling Multiple NAT64 Prefixes"> <tr>
<t> <td align="left">Highest 96 bits of the Prefix</td>
In some cases a host may receive multiple NAT64 prefi <td align="left">96-bit unsigned integer. Contains bits 0 - 95 of th
xes from different sources. Possible scenarios include (but are not limited to): e NAT64 prefix.</td>
</t> </tr>
<t><list style="symbols"> </tbody>
<t> the host is using multiple mechanisms to discover </table>
PREF64 prefixes (e.g. by using PCP <xref target="RFC7225"/>) and/or by resolvin <section anchor="lifetime" numbered="true" toc="default">
g IPv4-only fully qualified domain name <xref target="RFC7050"/> in addition to <name>Scaled Lifetime Processing</name>
receiving the PREF64 RA option);</t> <t>
<t> the PREF64 option presents in a single RA more th It would be highly undesirable for the NAT64 prefix to
an once;</t> have a lifetime shorter than the Router Lifetime, which
<t> the host receives multiple RAs with different PRE is defined in <xref target="RFC4861"
F64 prefixes on a given interface.</t> sectionFormat="of" section="4.2"/> as a 16-bit unsigned integer.
</list> If the NAT64 prefix lifetime is not at least equal to
</t> the default Router Lifetime, it might lead to scenarios
<t>When multiple PREF64 were discovered via RA PREF64 Option (the Opt in which the NAT64 prefix lifetime expires before the
ion presents more than once in a single RA or multiple RAs were received), host arrival of the next unsolicited RA. Therefore, the
behaviour with regards to synthesizing IPv6 addresses from IPv4 addresses SHOULD Scaled Lifetime encodes the NAT64 prefix lifetime in
follow the recommendations given in Section 3 of <xref target="RFC7050"/>, limi units of 8 seconds. The receiver <bcp14>MUST</bcp14>
ted to the NAT64 prefixes that have non-zero lifetime.</t> multiply the Scaled Lifetime value by 8 (for example,
<t> by a logical left shift) to calculate the maximum time in
When different PREF64 are discovered by using multiple mechanisms, ho seconds the prefix <bcp14>MAY</bcp14> be used.
sts SHOULD select one source of information only. The RECOMMENDED order is: The maximum lifetime of the NAT64 prefix is thus 65528
<list style="symbols"> seconds.
<t>PCP-discovered prefixes <xref target="RFC7225"/>, if suppo
rted;</t>
<t>PREF64 discovered via RA Option;</t>
<t>PREF64 resolving IPv4-only fully qualified domain name <xr
ef target="RFC7050"/> </t>
</list>
</t>
<t>Note that if the network provides PREF64 both via this RA option and <xre
f target="RFC7225"/>, hosts that receive the PREF64 via RA option may choose to
use it immediately before waiting for PCP to complete, and therefore some traffi
c may not reflect any more detailed configuration provided by PCP.</t>
<t> To ensure that the NAT64 prefix does not expire before the default
The host SHOULD treat the PREF64 as being specific to the network int router, it is <bcp14>NOT RECOMMENDED</bcp14>
erface it was received on. to configure default Router Lifetimes greater than 65528
Provisioning Domain (PvD, <xref target="RFC7556"/>) aware hosts MUST seconds when using this option.
treat the PREF64 as being scoped to the implicit or explicit PvD. A lifetime of 0 indicates that the prefix <bcp14>SHOULD NOT</bcp14> be
</t> used anymore.
</t>
<t>
By default, the value of the Scaled Lifetime field <bcp14>SHOULD</bcp14
> be set
to the lesser of 3 x MaxRtrAdvInterval <xref
target="RFC4861" format="default"/> divided by 8, or 8191.
</t>
<t>
Router vendors <bcp14>SHOULD</bcp14> allow administrators to specify
nonzero lifetime values that are not divisible by 8.
In such cases, the router <bcp14>SHOULD</bcp14> round the provided
value up to the nearest integer that is divisible by 8 and smaller
than 65536, then divide the result by 8 (or perform a logical
right shift by 3) and set the Scaled Lifetime field to the
resulting value.
If a nonzero lifetime value that is to be divided by 8 (or
subjected to a logical right shift by 3) is less than 8, then the
Scaled Lifetime field <bcp14>SHOULD</bcp14> be set to 1.
This last step ensures that lifetimes under 8 seconds are encoded as
a nonzero Scaled Lifetime.
</t>
</section>
</section> </section>
<section numbered="true" toc="default">
<name>Usage Guidelines</name>
<t>This option specifies exactly one NAT64 prefix for all IPv4
destinations. If the network operator wants to route different parts
of the IPv4 address space to different NAT64 devices, this can be
accomplished by routing more specific subprefixes of the NAT64 prefix
to those devices.
For example, suppose an operator is using the <xref target="RFC1918"
format="default"/> address space 10.0.0.0/8 internally.
That operator might want to route 10.0.0.0/8 through NAT64 device A, and
the rest of the IPv4 space through NAT64 device B.
If the operator's NAT64 prefix is 2001:db8:a:b::/96, then the operator
can route 2001:db8:a:b::a00:0/104 to NAT64 A and 2001:db8:a:b::/96 to
NAT64 B.
</t>
<t>This option may appear more than once in an RA
(e.g., when gracefully renumbering the network from one NAT64 prefix
to another). Host behavior with regard to synthesizing IPv6 addresses
from IPv4 addresses <bcp14>SHOULD</bcp14> follow the recommendations
given in <xref target="RFC7050" sectionFormat="of" section="3"/>, limited
to the NAT64 prefixes that have a nonzero lifetime.</t>
<section anchor="cons" title="PREF64 Consistency"> <t>In a network (or a provisioning domain) that provides both IPv4 and
<t> NAT64, it may be desirable for certain IPv4 addresses not to be
Section 6.2.7 of <xref target="RFC4861"/> recommends that routers ins translated. An example might be private address ranges that are local to
pect RAs sent by other routers to ensure that all routers onlink advertise consi the network/provisioning domain and that should not be reached through the
stent information. Routers SHOULD inspect valid PREF64 options received on a giv NAT64. This type of configuration cannot be conveyed to hosts using this
en link and verify the consistency. Detected inconsistencies indicate that one o option, or through other NAT64 prefix provisioning mechanisms such as
r more routers might be misconfigured. Routers SHOULD log such cases to system o <xref target="RFC7050" format="default"/> or <xref target="RFC7225"
r network management. format="default"/>. This problem does not apply in IPv6-only
Routers SHOULD check and compare the following information: networks: the host in an IPv6-only network does not have an IPv4 address a
<list style="symbols"> nd
<t>set of PREF64 with non-zero lifetime;</t> cannot reach any IPv4 destinations without the NAT64.
<t>set of PREF64 with zero lifetime.</t>
</list>
Provisioning Domain (PvD, <xref target="RFC7556"/>) aware routers MUST only comp are information scoped to the same implicit or explicit PvD.
</t> </t>
<section anchor="mult_src" numbered="true" toc="default">
<name>Handling Multiple NAT64 Prefixes</name>
<t>
In some cases, a host may receive multiple NAT64 prefixes from
different sources. Possible scenarios include (but are not limited
to):
</t>
<ul spacing="normal">
<li> the host is using multiple mechanisms to discover PREF64
prefixes (e.g., by using PCP <xref target="RFC7225"
format="default"/>) and/or resolving an IPv4-only fully qualified
domain name <xref target="RFC7050" format="default"/> in addition to
receiving the PREF64 RA option);</li>
<li> the PREF64 option presents in a single RA more than once;</li>
<li> the host receives multiple RAs with different PREF64 prefixes
on a given interface.</li>
</ul>
<t>When multiple PREF64s are discovered via the RA PREF64 Option (either
the
Option presents more than once in a single RA or multiple RAs are
received), host behavior with regard to synthesizing IPv6 addresses
from IPv4 addresses <bcp14>SHOULD</bcp14> follow the recommendations
given in <xref target="RFC7050" section="3" sectionFormat="of"/>,
limited to the NAT64 prefixes that have a nonzero lifetime.</t>
<t>
When different PREF64s are discovered using multiple mechanisms,
hosts <bcp14>SHOULD</bcp14> select one source of information
only. The <bcp14>RECOMMENDED</bcp14> order is:
</t>
<ul spacing="normal">
<li>PCP-discovered prefixes <xref target="RFC7225" format="default"/>,
if supported;</li>
<li>PREF64s discovered via the RA Option;</li>
<li>PREF64s resolving an IPv4-only fully qualified domain name <xref
target="RFC7050" format="default"/> </li>
</ul>
<t>Note: If the network provides PREF64s via both this RA Option
and <xref target="RFC7225" format="default"/>, hosts that receive the
PREF64 via the RA Option may choose to use it immediately (before waiting
for the PCP to complete); therefore, some traffic may not reflect any
more detailed configuration provided by the PCP.</t>
<t>
The host <bcp14>SHOULD</bcp14> treat the PREF64 as being specific
to the network interface it was received on. Hosts that are aware
of Provisioning Domain (PvD, <xref target="RFC7556" format="default"/
>)
<bcp14>MUST</bcp14> treat the PREF64 as being scoped to the
implicit or explicit PvD.
</t>
</section>
<section anchor="cons" numbered="true" toc="default">
<name>PREF64 Consistency</name>
<t>
<xref target="RFC4861" sectionFormat="of" section="6.2.7"/>
recommends that routers inspect RAs sent by other routers to
ensure that all routers onlink advertise consistent
information. Routers <bcp14>SHOULD</bcp14> inspect valid PREF64
options received on a given link and verify the
consistency. Detected inconsistencies indicate that one or more
routers might be misconfigured. Routers <bcp14>SHOULD</bcp14> log
such cases to system or network management. Routers
<bcp14>SHOULD</bcp14> check and compare the following information:
</t>
<ul spacing="normal">
<li>set of PREF64s with a nonzero lifetime;</li>
<li>set of PREF64s with a zero lifetime.</li>
</ul>
<t>
Routers that are aware of PvD (<xref target="RFC7556"
format="default"/>) <bcp14>MUST</bcp14> only compare information scoped to the
same
implicit or explicit PvD.
</t>
</section>
</section> </section>
</section> <section anchor="IANA-con" numbered="true" toc="default">
<name>IANA Considerations</name>
<section anchor="IANA" title="IANA Considerations"> <t>IANA has assigned a new IPv6 Neighbor Discovery Option
<t>The IANA is requested to assign a new IPv6 Neighbor Discovery Option ty type for the PREF64 option defined in this document in the
pe for the PREF64 option defined in this document.</t> &quot;IPv6 Neighbor Discovery Option Formats&quot; registry <xref target="
IANA" />.</t>
<texttable anchor="option_table">
<ttcol align="left">Option Name</ttcol>
<ttcol align="left">Type</ttcol>
<c>PREF64 option</c>
<c>(TBD)</c>
</texttable>
<t>The IANA registry for these options is:
<list><t>
<eref target="https://www.iana.org/assignments/icmpv6-parameters">
https://www.iana.org/assignments/icmpv6-parameters</eref>
</t></list></t>
</section>
<section anchor="Security" title="Security Considerations">
<t>Because Router Advertisements are required in all IPv6 configurati
on scenarios, on IPv6-only networks, Router Advertisements must already be secur
ed, e.g., by deploying RA guard <xref target="RFC6105"/>. Providing all configur
ation in Router Advertisements reduces the attack surface to be targeted by mali
cious attackers to provide hosts with invalid configuration as compared to distr
ibuting the configuration through multiple different mechanisms that need to be
secured independently.</t>
<t>
If a host is provided with an incorrect NAT64 prefix the IPv6-only host might no
t be able to communicate with IPv4-only destinations.
Connectivity to destinations reachable over IPv6 would not be impacted just by p
roviding a host with an incorrect prefix (however if attackers are capable of se
nding rogue RAs they can perform denial-of-service or man-in-the-middle attacks,
as described in <xref target="RFC6104"/>).
</t>
<t>The security measures that must already be in place to ensure that <table anchor="option_table" align="center">
Router Advertisements are only received from legitimate sources eliminate the p <name>New IANA Registry Assignment</name>
roblem of NAT64 prefix validation described in section 3.1 of <xref target="RFC7 <thead>
050"/>.</t> <tr>
<th align="left">Description</th>
<th align="left">Type</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">PREF64 option</td>
<td align="left">38</td>
</tr>
</tbody>
</table>
</section> </section>
<section anchor="Acknowledgements" title="Acknowledgements"> <section anchor="Security" numbered="true" toc="default">
<t> <name>Security Considerations</name>
Thanks to the following people (in alphabetical order) for th <t>Because RAs are required in all IPv6 configuration
eir review and feedback: scenarios, on IPv6-only networks, RAs must already be
Mikael Abrahamsson, Mark Andrews, Brian E Carpenter, David Fa secured -- e.g., by deploying an RA-Guard <xref target="RFC6105"
rmer, Nick Heatley, Robert Hinden, Martin Hunek, Tatuya Jinmei, Benjamin Kaduk, format="default"/>. Providing all configuration in RAs
Erik Kline, Suresh Krishnan, Warren Kumari, David Lamparter, Barry Leiba, Jordi reduces the attack surface to be targeted by malicious attackers trying to
Palet Martinez, Tommy Pauly, Alexandre Petrescu, Michael Richardson, David Schin provide hosts with invalid configuration, as compared to distributing the
azi, Ole Troan, Eric Vynke, Bernie Volz. configuration through multiple different mechanisms that need to be
</t> secured independently.</t>
<t>
If a host is provided with an incorrect NAT64 prefix, the IPv6-only host might
not be able to communicate with IPv4-only destinations.
Connectivity to destinations reachable over IPv6 would not be impacted just by
providing a host with an incorrect prefix; however, if attackers are capable
of sending rogue RAs, they can perform denial-of-service or man-in-the-middle
attacks, as described in <xref target="RFC6104" format="default"/>.
</t>
<t>The security measures that must already be in place to ensure that
RAs are only received from legitimate sources
eliminate the problem of NAT64 prefix validation described in <xref
target="RFC7050" sectionFormat="of" section="3.1"/>.</t>
</section> </section>
</middle> </middle>
<!-- *****BACK MATTER ***** --> <!-- *****BACK MATTER ***** -->
<back> <back>
<references title="Normative References"> <references>
&RFC2119; <name>References</name>
&RFC4861; <references>
&RFC6052; <name>Normative References</name>
&RFC7050; <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
&RFC8174; ence.RFC.2119.xml"/>
</references> <xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.4861.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.6052.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.7050.xml"/>
<xi:include
href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.
8174.xml"/>
<references title="Informative References"> <reference anchor="IANA"
&RFC1918; target="https://www.iana.org/assignments/icmpv6-parameters">
&RFC6104; <front>
&RFC6105; <title>Internet Control Message Protocol version 6 (ICMPv6) Parameters</titl
&RFC6146; e>
&RFC6147; <author><organization>IANA</organization></author>
&RFC6877; </front>
&RFC7225; </reference>
&RFC7556;
&RFC7858; </references>
&RFC8305; <references>
&RFC8484; <name>Informative References</name>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.1918.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.6104.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.6105.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.6146.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.6147.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.6877.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.7225.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.7556.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.7858.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.8305.xml"/>
<xi:include href="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/refer
ence.RFC.8484.xml"/>
</references>
</references> </references>
<section anchor="Acknowledgements" numbered="false" toc="default">
<name>Acknowledgements</name>
<t>
Thanks to the following people (in alphabetical order) for their review a
nd feedback:
<contact fullname="Mikael Abrahamsson"/>, <contact fullname="Mark Andrews
"/>, <contact fullname="Brian E Carpenter"/>, <contact fullname="David Farmer"/>
,
<contact fullname="Nick Heatley"/>, <contact fullname="Robert Hinden"/>,
<contact fullname="Martin Hunek"/>, <contact fullname="Tatuya Jinmei"/>, <contac
t fullname="Benjamin
Kaduk"/>, <contact fullname="Erik Kline"/>, <contact fullname="Suresh Kri
shnan"/>, <contact fullname="Warren Kumari"/>, <contact fullname="David Lamparte
r"/>,
<contact fullname="Barry Leiba"/>, <contact fullname="Jordi Palet Martine
z"/>, <contact fullname="Tommy Pauly"/>, <contact fullname="Alexandre Petrescu"/
>,
<contact fullname="Michael Richardson"/>, <contact fullname="David Schina
zi"/>, <contact fullname="Ole Troan"/>, <contact fullname="Eric Vynke"/>, <conta
ct fullname="Bernie
Volz"/>.
</t>
</section>
</back> </back>
</rfc> </rfc>
 End of changes. 43 change blocks. 
437 lines changed or deleted 458 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/