| rfc9805v2.txt | rfc9805.txt | |||
|---|---|---|---|---|
| skipping to change at line 12 ¶ | skipping to change at line 12 ¶ | |||
| Internet Engineering Task Force (IETF) R. Bonica | Internet Engineering Task Force (IETF) R. Bonica | |||
| Request for Comments: 9805 Juniper Networks | Request for Comments: 9805 Juniper Networks | |||
| Updates: 2711 June 2025 | Updates: 2711 June 2025 | |||
| Category: Standards Track | Category: Standards Track | |||
| ISSN: 2070-1721 | ISSN: 2070-1721 | |||
| Deprecation of the IPv6 Router Alert Option for New Protocols | Deprecation of the IPv6 Router Alert Option for New Protocols | |||
| Abstract | Abstract | |||
| This document deprecates the IPv6 Router Alert Option. Protocols | This document deprecates the IPv6 Router Alert option. Protocols | |||
| that use the Router Alert Option may continue to do so, even in | that use the IPv6 Router Alert option may continue to do so, even in | |||
| future versions. However, new protocols that are standardized in the | future versions. However, new protocols that are standardized in the | |||
| future must not use the Router Alert Option. | future must not use the IPv6 Router Alert option. | |||
| This document updates RFC 2711. | This document updates RFC 2711. | |||
| Status of This Memo | Status of This Memo | |||
| This is an Internet Standards Track document. | This is an Internet Standards Track document. | |||
| This document is a product of the Internet Engineering Task Force | This document is a product of the Internet Engineering Task Force | |||
| (IETF). It represents the consensus of the IETF community. It has | (IETF). It represents the consensus of the IETF community. It has | |||
| received public review and has been approved for publication by the | received public review and has been approved for publication by the | |||
| skipping to change at line 60 ¶ | skipping to change at line 60 ¶ | |||
| 1. Introduction | 1. Introduction | |||
| 2. Requirements Language | 2. Requirements Language | |||
| 3. Issues Associated with the IPv6 Router Alert Option | 3. Issues Associated with the IPv6 Router Alert Option | |||
| 4. Deprecation of the IPv6 Router Alert Option | 4. Deprecation of the IPv6 Router Alert Option | |||
| 5. Future Work | 5. Future Work | |||
| 6. Security Considerations | 6. Security Considerations | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| 8. References | 8. References | |||
| 8.1. Normative References | 8.1. Normative References | |||
| 8.2. Informative References | 8.2. Informative References | |||
| Appendix A. Protocols That Use the Router Alert Option | Appendix A. Protocols That Use the IPv6 Router Alert Option | |||
| Acknowledgements | Acknowledgements | |||
| Author's Address | Author's Address | |||
| 1. Introduction | 1. Introduction | |||
| In IPv6 [RFC8200], optional internet-layer information is encoded in | In IPv6 [RFC8200], optional internet-layer information is encoded in | |||
| separate headers that may be placed between the IPv6 header and the | separate headers that may be placed between the IPv6 header and the | |||
| upper-layer header in a packet. There is a small number of such | upper-layer header in a packet. There is a small number of such | |||
| extension headers, each one identified by a distinct Next Header | extension headers, each one identified by a distinct Next Header | |||
| value. | value. | |||
| One of these extension headers is called the Hop-by-Hop Options | One of these extension headers is called the Hop-by-Hop Options | |||
| header. The Hop-by-Hop Options header is used to carry optional | header. The Hop-by-Hop Options header is used to carry optional | |||
| information that may be examined and processed by every node along a | information that may be examined and processed by every node along a | |||
| packet's delivery path. | packet's delivery path. | |||
| The Hop-by-Hop Options header can carry one or more options. Among | The Hop-by-Hop Options header can carry one or more options. Among | |||
| these is the Router Alert Option [RFC2711]. | these is the IPv6 Router Alert option [RFC2711]. | |||
| The Router Alert Option provides a mechanism whereby routers can know | The IPv6 Router Alert option provides a mechanism whereby routers can | |||
| when to intercept datagrams not addressed to them without having to | know when to intercept datagrams not addressed to them without having | |||
| extensively examine every datagram. The semantic of the Router Alert | to extensively examine every datagram. The semantic of the IPv6 | |||
| Option is that "routers should examine this datagram more closely". | Router Alert option is that "routers should examine this datagram | |||
| Excluding this option tells the router that there is no need to | more closely". Excluding this option tells the router that there is | |||
| examine this datagram more closely. | no need to examine this datagram more closely. | |||
| As explained below, the Router Alert Option introduces many issues. | As explained below, the IPv6 Router Alert option introduces many | |||
| issues. | ||||
| This document updates [RFC2711]. Implementers of protocols that | This document updates [RFC2711]. Implementers of protocols that | |||
| continue to use the Router Alert Option can continue to reference | continue to use the IPv6 Router Alert option can continue to | |||
| [RFC2711] for Router Alert Option details. | reference [RFC2711] for IPv6 Router Alert option details. | |||
| 2. Requirements Language | 2. Requirements Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
| BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| 3. Issues Associated with the IPv6 Router Alert Option | 3. Issues Associated with the IPv6 Router Alert Option | |||
| [RFC6398] identifies security considerations associated with the | [RFC6398] identifies security considerations associated with the IPv6 | |||
| Router Alert Option. In a nutshell, the IP Router Alert Option does | Router Alert option. In a nutshell, the IP Router Alert Option does | |||
| not provide a universal mechanism to accurately and reliably | not provide a universal mechanism to accurately and reliably | |||
| distinguish between IP Router Alert packets of interest and unwanted | distinguish between IP Router Alert packets of interest and unwanted | |||
| IP Router Alerts. This creates a security concern because, short of | IP Router Alerts. This creates a security concern because, short of | |||
| appropriate router-implementation-specific mechanisms, the router's | appropriate router-implementation-specific mechanisms, the router's | |||
| control plane is at risk of being flooded by unwanted traffic. | control plane is at risk of being flooded by unwanted traffic. | |||
| | NOTE: Many routers maintain separation between forwarding and | | NOTE: Many routers maintain separation between forwarding and | |||
| | control plane hardware. The forwarding plane is implemented on | | control plane hardware. The forwarding plane is implemented on | |||
| | high-performance Application-Specific Integrated Circuits | | high-performance Application-Specific Integrated Circuits | |||
| | (ASICs) and Network Processors (NPs), while the control plane | | (ASICs) and Network Processors (NPs), while the control plane | |||
| | is implemented on general-purpose processors. Given this | | is implemented on general-purpose processors. Given this | |||
| | difference, the control plane is more susceptible to a Denial- | | difference, the control plane is more susceptible to a Denial- | |||
| | of-Service (DoS) attack than the forwarding plane. | | of-Service (DoS) attack than the forwarding plane. | |||
| [RFC6192] demonstrates how a network operator can deploy Access | [RFC6192] demonstrates how a network operator can deploy Access | |||
| Control Lists (ACLs) that protect the control plane from DoS attacks. | Control Lists (ACLs) that protect the control plane from DoS attacks. | |||
| These ACLs are effective and efficient when they select packets based | These ACLs are effective and efficient when they select packets based | |||
| upon information that can be found in a fixed position. However, | upon information that can be found in a fixed position. However, | |||
| they become less effective and less efficient when they must parse a | they become less effective and less efficient when they must parse a | |||
| Hop-by-Hop Options header, searching for the Router Alert Option. | Hop-by-Hop Options header, searching for the IPv6 Router Alert | |||
| option. | ||||
| Network operators can address the security considerations raised in | Network operators can address the security considerations raised in | |||
| [RFC6398] by: | [RFC6398] by: | |||
| * Deploying the operationally complex and computationally expensive | * Deploying the operationally complex and computationally expensive | |||
| ACLs described in [RFC6192]. | ACLs described in [RFC6192]. | |||
| * Configuring their routers to ignore the Router Alert Option. | * Configuring their routers to ignore the IPv6 Router Alert option. | |||
| * Dropping or severely rate limiting packets that contain the Hop- | * Dropping or severely rate limiting packets that contain the Hop- | |||
| by-Hop Options header at the network edge. | by-Hop Options header at the network edge. | |||
| These options become less viable as protocol designers continue to | These options become less viable as protocol designers continue to | |||
| design protocols that use the Router Alert Option. | design protocols that use the IPv6 Router Alert option. | |||
| [RFC9673] seeks to eliminate hop-by-hop processing on the control | [RFC9673] seeks to eliminate hop-by-hop processing on the control | |||
| plane. However, because of its unique function, the Router Alert | plane. However, because of its unique function, the IPv6 Router | |||
| option is granted an exception to this rule. One approach would be | Alert option is granted an exception to this rule. One approach | |||
| to deprecate the Router Alert option, because current usage beyond | would be to deprecate the IPv6 Router Alert option, because current | |||
| the local network appears to be limited and packets containing Hop- | usage beyond the local network appears to be limited and packets | |||
| by-Hop options are frequently dropped. Deprecation would allow | containing Hop-by-Hop options are frequently dropped. Deprecation | |||
| current implementations to continue using it, but its use could be | would allow current implementations to continue using it, but its use | |||
| phased out over time. | could be phased out over time. | |||
| 4. Deprecation of the IPv6 Router Alert Option | 4. Deprecation of the IPv6 Router Alert Option | |||
| This document deprecates the IPv6 Router Alert Option. Protocols | This document deprecates the IPv6 Router Alert option. Protocols | |||
| that use the Router Alert Option MAY continue to do so, even in | that use the IPv6 Router Alert option MAY continue to do so, even in | |||
| future versions. However, new protocols that are standardized in the | future versions. However, new protocols that are standardized in the | |||
| future MUST NOT use the Router Alert Option. Appendix A contains an | future MUST NOT use the IPv6 Router Alert option. Appendix A | |||
| exhaustive list of protocols that MAY continue to use the Router | contains an exhaustive list of protocols that MAY continue to use the | |||
| Alert Option. | IPv6 Router Alert option. | |||
| This document updates [RFC2711]. | This document updates [RFC2711]. | |||
| 5. Future Work | 5. Future Work | |||
| A number of protocols use the Router Alert option; these are listed | A number of protocols use the IPv6 Router Alert option; these are | |||
| in Appendix A. The only protocols in Appendix A that have widespread | listed in Appendix A. The only protocols in Appendix A that have | |||
| deployment are Multicast Listener Discovery Version 2 (MLDv2) | widespread deployment are Multicast Listener Discovery Version 2 | |||
| [RFC9777] and Multicast Router Discovery (MRD) [RFC4286]. The other | (MLDv2) [RFC9777] and Multicast Router Discovery (MRD) [RFC4286]. | |||
| protocols either have limited deployment, are experimental, or have | The other protocols either have limited deployment, are experimental, | |||
| no known implementation. | or have no known implementation. | |||
| It is left for future work to develop new versions of MLDv2 and MRD | It is left for future work to develop new versions of MLDv2 and MRD | |||
| that do not rely on the Router Alert option. That task is out of | that do not rely on the IPv6 Router Alert option. That task is out | |||
| scope for this document. | of scope for this document. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| This document mitigates all security considerations associated with | This document mitigates all security considerations associated with | |||
| the IPv6 Router Alert Option. These security considerations can be | the IPv6 Router Alert option. These security considerations can be | |||
| found in [RFC2711], [RFC6192], and [RFC6398]. | found in [RFC2711], [RFC6192], and [RFC6398]. | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| IANA has marked the Router Alert Option as "DEPRECATED for New | IANA has marked the IPv6 Router Alert option as "DEPRECATED for New | |||
| Protocols" in the "Destination Options and Hop-by-Hop Options" | Protocols" in the "Destination Options and Hop-by-Hop Options" | |||
| registry <https://www.iana.org/assignments/ipv6-parameters> and added | registry <https://www.iana.org/assignments/ipv6-parameters> and added | |||
| this document as a reference. | this document as a reference. | |||
| IANA has also made a note in the "IPv6 Router Alert Option Values" | IANA has also made a note in the "IPv6 Router Alert Option Values" | |||
| registry <https://www.iana.org/assignments/ipv6-routeralert-values> | registry <https://www.iana.org/assignments/ipv6-routeralert-values> | |||
| stating that the registry is closed for allocations and added a | stating that the registry is closed for allocations and added a | |||
| reference to this document. The experimental codepoints in this | reference to this document. The experimental codepoints in this | |||
| registry have been changed to "Reserved" (i.e., they are no longer | registry have been changed to "Reserved" (i.e., they are no longer | |||
| available for experimentation). | available for experimentation). | |||
| skipping to change at line 306 ¶ | skipping to change at line 308 ¶ | |||
| [RFC9570] Kompella, K., Bonica, R., and G. Mirsky, Ed., "Deprecating | [RFC9570] Kompella, K., Bonica, R., and G. Mirsky, Ed., "Deprecating | |||
| the Use of Router Alert in LSP Ping", RFC 9570, | the Use of Router Alert in LSP Ping", RFC 9570, | |||
| DOI 10.17487/RFC9570, May 2024, | DOI 10.17487/RFC9570, May 2024, | |||
| <https://www.rfc-editor.org/info/rfc9570>. | <https://www.rfc-editor.org/info/rfc9570>. | |||
| [RFC9777] Haberman, B., Ed., "Multicast Listener Discovery Version 2 | [RFC9777] Haberman, B., Ed., "Multicast Listener Discovery Version 2 | |||
| (MLDv2) for IPv6", STD 101, RFC 9777, | (MLDv2) for IPv6", STD 101, RFC 9777, | |||
| DOI 10.17487/RFC9777, March 2025, | DOI 10.17487/RFC9777, March 2025, | |||
| <https://www.rfc-editor.org/info/rfc9777>. | <https://www.rfc-editor.org/info/rfc9777>. | |||
| Appendix A. Protocols That Use the Router Alert Option | Appendix A. Protocols That Use the IPv6 Router Alert Option | |||
| Table 1 contains an exhaustive list of protocols that use the IPv6 | Table 1 contains an exhaustive list of protocols that use the IPv6 | |||
| Router Alert Option. There are no known IPv6 implementations of MPLS | Router Alert option. There are no known IPv6 implementations of MPLS | |||
| Ping. Neither Integrated Services (Intserv) nor Next Steps in | Ping. Neither Integrated Services (Intserv) nor Next Steps in | |||
| Signaling (NSIS) are widely deployed. All NSIS protocols are | Signaling (NSIS) are widely deployed. All NSIS protocols are | |||
| experimental. Pragmatic Generic Multicast (PGM) is experimental, and | experimental. Pragmatic Generic Multicast (PGM) is experimental, and | |||
| there are no known IPv6 implementations. | there are no known IPv6 implementations. | |||
| +=================+=============================+==================+ | +=================+=============================+==================+ | |||
| | Protocol | References | Application | | | Protocol | References | Application | | |||
| +=================+=============================+==================+ | +=================+=============================+==================+ | |||
| | Multicast | [RFC9777] | IPv6 Multicast | | | Multicast | [RFC9777] | IPv6 Multicast | | |||
| | Listener | | | | | Listener | | | | |||
| skipping to change at line 333 ¶ | skipping to change at line 335 ¶ | |||
| +-----------------+-----------------------------+------------------+ | +-----------------+-----------------------------+------------------+ | |||
| | Multicast | [RFC4286] | IPv6 Multicast | | | Multicast | [RFC4286] | IPv6 Multicast | | |||
| | Router | | | | | Router | | | | |||
| | Discovery (MRD) | | | | | Discovery (MRD) | | | | |||
| +-----------------+-----------------------------+------------------+ | +-----------------+-----------------------------+------------------+ | |||
| | Pragmatic | [RFC3208] | IPv6 Multicast | | | Pragmatic | [RFC3208] | IPv6 Multicast | | |||
| | General | | | | | General | | | | |||
| | Multicast (PGM) | | | | | Multicast (PGM) | | | | |||
| +-----------------+-----------------------------+------------------+ | +-----------------+-----------------------------+------------------+ | |||
| | MPLS Ping (Use | [RFC7506][RFC8029][RFC9570] | MPLS Operations, | | | MPLS Ping (Use | [RFC7506][RFC8029][RFC9570] | MPLS Operations, | | |||
| | of the Router | | Administration, | | | of the IPv6 | | Administration, | | |||
| | Alert Option is | | and Maintenance | | | Router Alert | | and Maintenance | | |||
| | deprecated) | | (OAM) | | | option is | | (OAM) | | |||
| | deprecated) | | | | ||||
| +-----------------+-----------------------------+------------------+ | +-----------------+-----------------------------+------------------+ | |||
| | Resource | [RFC3175] [RFC5946] | Integrated | | | Resource | [RFC3175] [RFC5946] | Integrated | | |||
| | Reservation | [RFC6016] [RFC6401] | Services | | | Reservation | [RFC6016] [RFC6401] | Services | | |||
| | Protocol | | (Intserv) | | | Protocol | | (Intserv) | | |||
| | (RSVP): Both | | [RFC1633] and | | | (RSVP): Both | | [RFC1633] and | | |||
| | IPv4 and IPv6 | | Multiprotocol | | | IPv4 and IPv6 | | Multiprotocol | | |||
| | implementations | | Label Switching | | | implementations | | Label Switching | | |||
| | | | (MPLS) [RFC3031] | | | | | (MPLS) [RFC3031] | | |||
| +-----------------+-----------------------------+------------------+ | +-----------------+-----------------------------+------------------+ | |||
| | Next Steps in | [RFC5979] [RFC5971] | NSIS [RFC4080] | | | Next Steps in | [RFC5979] [RFC5971] | NSIS [RFC4080] | | |||
| End of changes. 21 change blocks. | ||||
| 46 lines changed or deleted | 49 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||