<?xmlversion="1.0" encoding="US-ASCII"?>version='1.0' encoding='utf-8'?> <!DOCTYPE rfcSYSTEM "rfc2629.dtd"> <?rfc toc="yes"?> <?rfc tocompact="yes"?> <?rfc tocdepth="3"?> <?rfc tocindent="yes"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes"?> <?rfc comments="yes"?> <?rfc inline="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?>[ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="std" docName="draft-ietf-6man-deprecate-router-alert-13" number="9805" consensus="true" ipr="trust200902"updates="2711">updates="2711" obsoletes="" submissionType="IETF" xml:lang="en" tocInclude="true" tocDepth="3" symRefs="true" sortRefs="true" version="3"> <front> <title abbrev="Deprecate IPv6 Router AlertForfor NewProtocols"> Deprecation Of TheProtocols">Deprecation of the IPv6 Router Alert OptionForfor NewProtocols </title>Protocols</title> <seriesInfo name="RFC" value="9805"/> <author fullname="Ron Bonica" initials="R." surname="Bonica"> <organization>Juniper Networks</organization> <address> <postal><country>USA</country><country>United States of America</country> </postal> <email>rbonica@juniper.net</email> </address> </author> <dateday="29" month="April"month="June" year="2025"/><area>INT Area</area><area>INT</area> <workgroup>6man</workgroup> <keyword>IPv6</keyword> <abstract> <t>This document deprecates the IPv6 Router AlertOption.option. Protocols that use the IPv6 Router AlertOptionoption may continue to do so, even in future versions. However, new protocols that are standardized in the future must not use the IPv6 Router AlertOption.</t>option.</t> <t>This document updates RFC 2711. </t> </abstract> </front> <middle> <sectiontitle="Introduction">numbered="true" toc="default"> <name>Introduction</name> <t>In IPv6 <xreftarget="RFC8200">IPv6</xref>,target="RFC8200" format="default"></xref>, optional internet-layer information is encoded in separate headers that may be placed between the IPv6 header and the upper-layer header in a packet. There is a small number of such extension headers, each one identified by a distinct Next Header value.</t> <t>One of these extension headers is called the Hop-by-Hop Options header. The Hop-by-Hop Options header is used to carry optional information that may be examined and processed by every node along a packet's delivery path.</t> <t>The Hop-by-Hop Options header can carry one or more options. Among these is the<xref target="RFC2711">RouterIPv6 Router AlertOption </xref>.</t>option <xref target="RFC2711" format="default"></xref>. </t> <t>The IPv6 Router AlertOptionoption provides a mechanism whereby routers can know when to intercept datagrams not addressed to them without having to extensively examine every datagram. The semantic of the IPv6 Router AlertOption is,option is that "routers should examine this datagram more closely". Excluding this option tells the router that there is no need to examine this datagram more closely.</t> <t>As explained below, the IPv6 Router AlertOptionoption introduces many issues.</t> <t>This document updates <xreftarget="RFC2711"/>.</t> <t>Implementerstarget="RFC2711" format="default"/>. Implementers of protocols that continue to use the IPv6 RouterOptionAlert option can continue to reference <xreftarget="RFC2711"/>target="RFC2711" format="default"/> for IPv6 Router AlertOptionoption details. </t> </section> <section anchor="ReqLang"title="Requirements Language"> <t>Thenumbered="true" toc="default"> <name>Requirements Language</name> <t> The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xreftarget="RFC2119">BCP 14</xref>target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shownhere.</t>here. </t> </section> <sectiontitle= "Issuesnumbered="true" toc="default"> <name>Issues AssociatedWith Thewith the IPv6 Router AlertOption">Option</name> <t><xreftarget="RFC6398"/>target="RFC6398" format="default"/> identifies security considerations associated with the IPv6 Router AlertOption.option. In a nutshell, the IP Router Alert Option does not provide a universal mechanism to accurately and reliably distinguish between IP Router Alert packets of interest and unwanted IP Router Alerts. This creates a securityconcern,concern because, short of appropriate router-implementation-specific mechanisms, the router's control plane is at risk of being flooded by unwanted traffic.</t> <aside> <t>NOTE: Many routers maintain separation between forwarding and control plane hardware. The forwarding plane is implemented on high-performanceApplication SpecificApplication-Specific Integrated Circuits(ASIC)(ASICs) and Network Processors(NP),(NPs), while the control plane is implemented on general-purpose processors. Given this difference, the control plane is more susceptible to a Denial-of-Service (DoS) attack than the forwarding plane.</t> </aside> <t><xreftarget="RFC6192"/>target="RFC6192" format="default"/> demonstrates how a network operator can deploy Access Control Lists(ACL)(ACLs) that protect the control plane from DoSattack.attacks. These ACLs are effective and efficient when they select packets based upon information that can be found in a fixed position. However, they become less effective and less efficient when they must parsean IPv6a Hop-by-Hop Options header, searching for the IPv6 Router AlertOption.</t> <t>So, networkoption.</t> <t>Network operators can address the security considerations raised in <xreftarget="RFC6398"/>target="RFC6398" format="default"/> by:</t><t><list style="symbols"><ul spacing="normal"> <li> <t>Deploying the operationally complex and computationally expensive ACLs described in <xreftarget="RFC6192"/>.</t>target="RFC6192" format="default"/>.</t> </li> <li> <t>Configuring their routers to ignore the IPv6 Router AlertOption.</t>option.</t> </li> <li> <t>Dropping or severely rate limiting packets that contain theIPv6 Hop-by-hopHop-by-Hop Options header at the network edge.</t></list></t></li> </ul> <t>These options become less viable as protocol designers continue to design protocols that use the IPv6 Router AlertOption.</t>option.</t> <t><xreftarget="RFC9673"></xref>target="RFC9673" format="default"/> seeks to eliminateHop-by-Hophop-by-hop processing on the control plane. However, because of its unique function, the IPv6 Router Alert option is granted an exception to this rule. One approach would be to deprecate the IPv6 Router Alert option, because current usage beyond the local network appears to belimited,limited and packets containing Hop-by-Hop options are frequently dropped. Deprecation would allow current implementations to continue using it, but its use could be phased out over time.</t> </section> <sectiontitle= "Deprecate Thenumbered="true" toc="default"> <name>Deprecation of the IPv6 Router AlertOption">Option</name> <t>This document deprecates the IPv6 Router AlertOption.option. Protocols that use the IPv6 Router AlertOption MAYoption <bcp14>MAY</bcp14> continue to do so, even in future versions. However, new protocols that are standardized in the futureMUST NOT<bcp14>MUST NOT</bcp14> use the IPv6 Router AlertOption.option. <xreftarget="Legacy"/>target="Legacy" format="default"/> contains an exhaustive list of protocols thatmay<bcp14>MAY</bcp14> continue to use the IPv6 Router AlertOption.option. </t> <t>This document updates <xreftarget="RFC2711"/>.</t>target="RFC2711" format="default"/>.</t> </section> <sectiontitle="Future Work">numbered="true" toc="default"> <name>Future Work</name> <t>As listed in <xref target="Legacy"/>, there are aA number of protocolsthatuse the IPv6 Router Alertoption.option; these are listed in <xref target="Legacy" format="default"/>. The only protocols inthe Appendix<xref target="Legacy" format="default"/> that havewide spreadwidespread deployment are<xref target="RFC3810">MulticastMulticast Listener Discovery Version 2 (MLDv2)</xref> and<xreftarget="RFC4286">Multicasttarget="RFC9777" format="default"></xref> and Multicast Router Discovery (MRD)</xref>.<xref target="RFC4286" format="default"></xref>. The other protocolshaveeither have limited deployment, areExperimental,experimental, or have no known implementation. </t> <t> It is left for future work to develop new versions of MLDv2 and MRD that do not rely on the IPv6 Router Alert option. That task is out of scope for this document. </t> </section> <section anchor="Security"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t>This document mitigates all security considerations associated with the IPv6 Router AlertOption.option. These security considerations can be found in <xreftarget="RFC2711"></xref>,target="RFC2711" format="default"/>, <xreftarget="RFC6192"></xref>target="RFC6192" format="default"/>, and <xreftarget="RFC6398"></xref>.</t>target="RFC6398" format="default"/>.</t> </section> <sectiontitle="IANA Considerations">numbered="true" toc="default"> <name>IANA Considerations</name> <t>IANAis requested to markhas marked the IPv6 Router AlertOptionoption as"Deprecated"DEPRECATED for New Protocols" in theDestination<eref brackets="angle" target="https://www.iana.org/assignments/ipv6-parameters">"Destination Options andHop-by-hop Options Registry (https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#ipv6-parameters-2)Hop-by-Hop Options" registry</eref> andadd a pointer toadded thisdocument.</t>document as a reference.</t> <t> IANAishas alsorequested to makemade a note in theIPv6<eref brackets ="angle" target="https://www.iana.org/assignments/ipv6-routeralert-values">"IPv6 Router Alert OptionValues Registry (https://www.iana.org/assignments/ipv6-routeralert-values/ipv6-routeralert-values.xhtml?)Values" registry</eref> stating thatthisthe registry is closed for allocationsalong withand added a reference to this document.Please change allThe experimental codepoints in this registryas "reserved"have been changed to "Reserved" (i.e., they are no longer available for experimentation). </t> </section><section title="Acknowledgements"> <t>Thanks to Zafar Ali, Brian Carpenter, Toerless Eckert, David Farmer, Adrian Farrel, Bob Hinden and Jen Linkova for their reviews of this document.</t> </section></middle> <back><references title="Normative References"> <?rfc include="reference.RFC.2711"?> <?rfc include="reference.RFC.6398"?> <?rfc include="reference.RFC.2119"?> <?rfc include='reference.RFC.8174'?> <?rfc include='reference.RFC.8200'?> <?rfc include='reference.RFC.9673'?><references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2711.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6398.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8200.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9673.xml"/> </references> <references> <name>Informative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6192.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.1633.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9777.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3031.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4286.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5946.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5979.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6016.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8029.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5971.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6401.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3175.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4080.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7506.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3208.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9570.xml"/> </references><references title="Informative References"> <?rfc include="reference.RFC.6192"?> <?rfc include='reference.RFC.1633"?> <?rfc include='reference.RFC.3810'?> <?rfc include='reference.RFC.3031'?> <?rfc include='reference.RFC.4286'?> <?rfc include='reference.RFC.5946'?> <?rfc include='reference.RFC.5979'?> <?rfc include='reference.RFC.6016'?> <?rfc include='reference.RFC.8029'?> <?rfc include='reference.RFC.5971'?> <?rfc include='reference.RFC.6401'?> <?rfc include='reference.RFC.3175'?> <?rfc include='reference.RFC.4080'?> <?rfc include='reference.RFC.7506'?> <?rfc include='reference.RFC.3208'?> <?rfc include='reference.RFC.9570'?></references> <section anchor="Legacy"title="Protocolsnumbered="true" toc="default"> <name>Protocols That UseThethe IPv6 Router AlertOption">Option</name> <t><xreftarget="Depend"/>target="Depend" format="default"/> contains an exhaustive list of protocols that use the IPv6 Router AlertOption.option. There are no known IPv6 implementations of MPLSPING.Ping. NeitherINTSERVIntegrated Services (Intserv) norNSISNext Steps in Signaling (NSIS) are widely deployed. All NSIS protocols areEXPERIMENTAL.experimental. Pragmatic Generic Multicast (PGM) isEXPERIMENTALexperimental, and there are no known IPv6 implementations.</t><texttable<table anchor="Depend"style="full" title="Protocolsalign="center"> <name>Protocols That UseThethe IPv6 Router AlertOption"> <ttcol>Protocol</ttcol> <ttcol>References</ttcol> <ttcol>Application</ttcol> <c>MulticastOption</name> <thead> <tr> <th align="left">Protocol</th> <th align="left">References</th> <th align="left">Application</th> </tr> </thead> <tbody> <tr> <td align="left">Multicast Listener Discovery Version 2(MLDv2)</c> <c><xref target="RFC3810"/></c> <c>IPv6 Multicast</c> <c/> <c/> <c/> <c>Multicast(MLDv2)</td> <td align="left"><xref target="RFC9777" format="default"/></td> <td align="left">IPv6 Multicast</td> </tr> <tr> <td align="left">Multicast Router Discovery(MRD)</c> <c><xref target="RFC4286"/></c> <c>IPv6 Multicast</c> <c/> <c/> <c/> <c>Pragmatic(MRD)</td> <td align="left"><xref target="RFC4286" format="default"/></td> <td align="left">IPv6 Multicast</td> </tr> <tr> <td align="left">Pragmatic General Multicast(PGM)</c> <c><xref target="RFC3208"/></c> <c>IPv6 Multicast</c> <c/> <c/> <c/> <c>MPLS PING(PGM)</td> <td align="left"><xref target="RFC3208" format="default"/></td> <td align="left">IPv6 Multicast</td> </tr> <tr> <td align="left">MPLS Ping (Use ofrouter alert deprecated)</c> <c><xref target="RFC7506"/><xref target="RFC8029"/><xref target="RFC9570"/></c> <c>MPLS OAM</c> <c/> <c/> <c/> <c>Resourcethe IPv6 Router Alert option is deprecated)</td> <td align="left"><xref target="RFC7506" format="default"/><xref target="RFC8029" format="default"/><xref target="RFC9570" format="default"/></td> <td align="left">MPLS Operations, Administration, and Maintenance (OAM)</td> </tr> <tr> <td align="left">Resource Reservation Protocol (RSVP): Both IPv4 and IPv6implementations</c> <c><xref target="RFC3175"/> <xref target="RFC5946"/> <xref target="RFC6016"/> <xref target="RFC6401"/></c> <c><xref target="RFC1633">Integratedimplementations</td> <td align="left"><xref target="RFC3175" format="default"/> <xref target="RFC5946" format="default"/> <xref target="RFC6016" format="default"/> <xref target="RFC6401" format="default"/></td> <td align="left">Integrated Services(INTSERV) </xref> and(Intserv) <xreftarget="RFC3031">Multiprotocoltarget="RFC1633" format="default"></xref> and Multiprotocol Label Switching(MPLS)</xref></c> <c/> <c/> <c/> <c>Next(MPLS) <xref target="RFC3031" format="default"></xref></td> </tr> <tr> <td align="left">Next StepsInin Signaling(NSIS)</c> <c><xref target="RFC5979"/> <xref target="RFC5971"/></c> <c><xref target="RFC4080">NSIS </xref></c> </texttable>(NSIS)</td> <td align="left"><xref target="RFC5979" format="default"/> <xref target="RFC5971" format="default"/></td> <td align="left">NSIS <xref target="RFC4080" format="default"></xref></td> </tr> </tbody> </table> </section> <section numbered="false" toc="default"> <name>Acknowledgements</name> <t>Thanks to <contact fullname="Zafar Ali"/>, <contact fullname="Brian Carpenter"/>, <contact fullname="Toerless Eckert"/>, <contact fullname="David Farmer"/>, <contact fullname="Adrian Farrel"/>, <contact fullname="Bob Hinden"/>, and <contact fullname="Jen Linkova"/> for their reviews of this document.</t> </section> </back> </rfc>