Internet-Draft draft-mcbride-v6ops-eh-use-cases-00 July 2023
McBride, et al. Expires 7 January 2024 [Page]
Workgroup:
Internet Engineering Task Force
Internet-Draft:
draft-mcbride-v6ops-eh-use-cases-00
Published:
Intended Status:
Informational
Expires:
Authors:
M. McBride
Futurewei
N. Elkins
Inside Products, Inc
N. Buraglio
Forwarding Plane
X. Geng
Huawei Technologies
M. Ackermann
BCBS Michigan

Extension Header Use Cases

Abstract

This document outlines IPv6 extension header use cases including those intended to be deployed in limited domains and those intended for the global Internet. We specify use cases are deployed today and those which may be of use in the future. The hope is that through understanding these various extension header use cases, we can then better understand how best to implement any necessary limits on their use.

About This Document

This note is to be removed before publishing as an RFC.

Status information for this document may be found at https://datatracker.ietf.org/doc/draft-mcbride-v6ops-eh-use-cases/.

Discussion of this document takes place on the IPv6 Operations Working Group mailing list (mailto:[email protected]), which is archived at https://mailarchive.ietf.org/arch/browse/v6ops/. Subscribe at https://www.ietf.org/mailman/listinfo/v6ops/.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 7 January 2024.

Table of Contents

1. Introduction

Extension headers have been specified since original 1995 IPv6 Specification [RFC2460] and maintained in the more recently updated [RFC8200]. In the nearly 30 years since extension headers were specified, there have been many documents which have specified how to limit, block and deprecate their use. What we haven't had is a document to show how extension headers are being deployed nor how related innovations are being proposed. This document outlines IPv6 extension header use cases including those intended to be deployed in limited domains and those deployed across the Internet. By understanding these various use cases we can better understand how best to improve upon, and perhaps limit, extension header deployment.

2. Glossary

EH: IPv6 Extension Header

Hop-by-Hop Optioners Header: Used to carry optional information intended for every node along the path.

Routing Header: Used to list one or more nodes to be visited on the way to a packet's destination.

Fragment Header: Used to send a packet larger than would fit in the path MTU to its destination.

Encapsulating Security Payload: The Encapsulating Security Payload (ESP) extension header provides confidentiality, integrity, and authentication for IPv6 packets.

Authentication Header: The IPv6 Authentication Header (AH) extension provides data integrity, authentication, and anti-replay protection for IPv6 packets.

Destination Options Header: Used to carry optional information for destination nodes.

Mobility Header: The Mobility Header enables mobility support for network nodes in IPv6 networks.

Host Identity Protocol: The Host Identity Protocol (HIP) provides a cryptographic identity-based solution for secure communication and mobility management in IPv6 networks.

Shim6 Protocol: The Shim6 IPv6 extension header enables multihoming by providing source and destination address selection for efficient routing.

Single Administrative Domain: The EH is limited to one administrative domain.

Limited Domain: The EH is limited to a group of administrative domains.

Unlimited Domain: The EH is not limited to any group of domains.

3. IPv6 Extension Header Types

 Protocol         Description                 Reference
  Number

0         IPv6 Hop-by-Hop Option              [RFC8200]
43        Routing Header for IPv6             [RFC8200][RFC5095]
44        Fragment Header for IPv6            [RFC8200]
50        Encapsulating Security Payload      [RFC4303]
51        Authentication Header               [RFC4302]
60        Destination Options for IPv6        [RFC8200]
135       Mobility Header                     [RFC6275]
139       Host Identity Protocol              [RFC7401]
140       Shim6 Protocol                      [RFC5533]
253       Use for experimentation and testing [RFC3692][RFC4727]
254       Use for experimentation and testing [RFC3692][RFC4727]

4. Existing IPv6 Extension Header Use Cases

In this section we list and describe, several extension header use cases. We will specify if the use case is intended for a limited domain and the status of its deployment. We further categorize the EH into a category. The categories are the following:

Quality of Service
Network Security
Network Management
Application Specific
Internet of Things
Content Delivery Networks
Routing

Another crucial aspect in characterizing extension header usage is to determine whether the EH is intended for a single administrative domain, a limited domain, or an unlimited domain.

Furthermore, it is important to consider the potential consequences if the EH is modified, which could be a result of transmission errors or intentional alterations. It is also necessary to assess whether the EH contains private data that, if exposed, could lead to a data leak.
This evaluation may prompt a deeper discussion on the additional safeguards that should be implemented, such as incorporating a checksum, a signature, or encryption mechanisms for the EH.

4.1. Detailed Description of Categories

  1. Quality of Service (QoS) Extension Headers: These extension headers can be used to prioritize and manage traffic based on different quality of service parameters such as latency, bandwidth, packet loss, or reliability. They allow for fine-grained control over QoS policies within an IPv6 network.
  2. Network Security Extension Headers: These extension headers provide enhanced security features for IPv6, such as authentication, integrity checks, encryption, or firewall rules. They can be used to enforce network security policies at the IP layer, complementing higher-layer security protocols.
  3. Network Management Extension Headers: These extension headers facilitate network management operations by including information related to network monitoring, performance measurement, or configuration management. They enable administrators to efficiently manage and troubleshoot IPv6 networks.
  4. Application-Specific Extension Headers: These extension headers cater to specific application requirements by carrying application-specific metadata or instructions. They can be used to enable application-specific optimizations or provide additional context to the network for better application performance.
  5. Internet of Things (IoT) Extension Headers: These extension headers include information about device capabilities, power management, sensor data, or IoT-specific protocols to enable efficient communication and management of IoT devices over IPv6.
  6. Content Delivery Networks (CDN) Extension Headers: These extension headers optimize content delivery over IPv6 by including information related to content caching, replication, or load balancing within a content delivery network. They allow for efficient content distribution and improved performance for CDN-enabled services.
  7. Routing Extension Headers: These extension headers supplement existing information about routing policies, traffic engineering, or multicast routing to enhance the routing capabilities of IPv6.

4.2. Existing Destination and Hop-by-Hop Options

The following is the list of Destination Options and Hop-by-Hop Options which have an option number at IANA. Note, we will describe use cases, if any, for options which do not have an option number at IANA.

[ToBeDone: Separate these into Destination Options and Hop-by-hop options]

Hex
Value   Description    RFC Number

0x00    Pad1                                      [RFC2460]
0x01    PadN                                      [RFC2460]
0xC2    Jumbo Payload                             [RFC2675]
0x23    RPL Option                                [RFC9008]
0x63    RPL Option (DEPRECATED)                   [RFC6553]
0x04    Tunnel Encapsulation Limit                [RFC2473]
0x05    Router Alert                              [RFC2711]
0x26    Quick-Start                               [RFC4782]
0x07    CALIPSO                                   [RFC5570]
0x08    SMF_DPD                                   [RFC6621]
0xC9    Home Address                              [RFC6275]
0x8A    Endpoint Identification (DEPRECATED) [[CHARLES LYNN]]
0x8B    ILNP Nonce                                [RFC6744]
0x8C    Line-Identification Option                [RFC6788]
0x4D    Deprecated                                [RFC7731]
0x6D    MPL Option                                [RFC7731]
0xEE    IP_DFF                                    [RFC6971]
0x0F    Performance and Diagnostic Metrics (PDM)  [RFC8250]
0x30    Minimum Path MTU Hop-by-Hop Option        [RFC9268]
0x11    IOAM Destination Option and IOAM Hop-by-Hop Option
                                    [RFC-ietf-ippm-ioam-ipv6-options-12]
0x31    IOAM Destination Option and IOAM Hop-by-Hop Option
                                    [RFC-ietf-ippm-ioam-ipv6-options-12]
0x12    AltMark                                   [RFC9343]
10011-11101  Unassigned
0x1E    RFC3692-style Experiment                  [RFC4727]
0x3E    RFC3692-style Experiment                  [RFC4727]
0x5E    RFC3692-style Experiment                  [RFC4727]
0x7E    RFC3692-style Experiment                  [RFC4727]
0x9E    RFC3692-style Experiment                  [RFC4727]
0xBE    RFC3692-style Experiment                  [RFC4727]
0xDE    RFC3692-style Experiment                  [RFC4727]
0xFE    RFC3692-style Experiment                  [RFC4727]

4.3. Existing Routing Types

The following is the list of Routing Types which are defined at IANA. Note, we will describe use cases, if any, for options which do not have an option number at IANA.

Value              Description          Reference
--------------------------------------------------
0   Source Route (DEPRECATED)            [RFC2460][RFC5095]
1   Nimrod (DEPRECATED 2009-05-06)
2   Type 2 Routing Header                [RFC6275]
3   RPL Source Route Header              [RFC6554]
4   Segment Routing Header (SRH)         [RFC8754]
5   CRH-16 (TEMPORARY)                   [draft-bonica-6man-comp
                                         -rtg-hdr-30]
6   CRH-32 (TEMPORARY                    [draft-bonica-6man-comp
                                         -rtg-hdr-30]
7-252 Unassigned
253  RFC3692-style Experiment 1          [RFC4727]
254  RFC3692-style Experiment 2          [RFC4727]
255  Reserved

Segment Routing Header TLVs

 Value        Description        Reference
 --------------------------------------------------
      0    Pad1 TLV                 [RFC8754]
      1    Reserved                 [RFC8754]
      2    Reserved                 [RFC8754]
      3    Reserved                 [RFC8754]
      4    PadN TLV                 [RFC8754]
      5    HMAC TLV                 [RFC8754]
      6    Reserved                 [RFC8754]
    7-123  Unassigned
   124-126 Experimentation and Test [RFC8754]
     127   Reserved                 [RFC8754]
   128-251 Unassigned
   252-254 Experimentation and Test [RFC8754]
     255   Reserved                 [RFC8754]

5. Quality of Service (QoS) Extension Headers

6. Network Management Extension Headers

6.1. Existing Network Management Extension Headers

6.1.1. RFC8250: Performance and Diagnostic Metrics (PDM)

RFC 8250 specifies the Performance and Diagnostic Metrics (PDM) Destination Options header, which is used to measure the performance of IPv6 networks. The PDM header contains sequence numbers and timing information that can be used to calculate metrics such as round-trip delay and server delay.

The PDM header is embedded in each packet, and the information it contains is combined with the 5-tuple (source IP address, source port, destination IP address, destination port, and upper-layer protocol) to calculate the metrics. The PDM header also includes fields for storing time scaling factors, which can be used to adjust the measurements for different network conditions.

The PDM header can be used to assess performance problems in real time or after the fact. The measurements can be used to troubleshoot network problems, identify bottlenecks, and optimize network performance.

7. Network Security Extension Headers

8. Application Specific Extension Headers

9. Internet of Things (IoT) Extension Headers

10. Content Delivery Networks (CDN) Extension Headers

11. Routing Extension Headers

11.1. Existing Routing Extension Headers

11.1.1. Segment Routing Header (SRH)

Segment Routing (SR) can be applied to the IPv6 data plane using a routing header called the Segment Routing Header (SRH). [RFC8754] specifies the encoding of IPv6 segments in an SRH. SRv6 uses this IPv6 Routing Extension Header to forward IPv6 packets using the source routing model. It implements hop-by-hop forwarding by adding a Segment Routing header (SRH) into IPv6 packets, encapsulating an explicit IPv6 address stack into the SRH, and continuously updating IPv6 destination addresses while offsetting the address stack on transit nodes. According to [I-D.matsushima-spring-srv6-deployment-status], there have been over 10 announced deployments of an SRH based data plane and over 20 additional deployments without public announcements.

11.1.2. Mobility Header

[RFC6275] specifies Mobile IPv6, a protocol that allows nodes to remain reachable while moving around in the IPv6 Internet.The Mobility Header is an extension header used by mobile nodes, correspondent nodes, and home agents in all messaging related to the creation and management of mobile bindings. The Mobility Header is identified by a Next Header value of 135.

11.1.3. MLD Messages

Multicast Listener Discovery (MLD) is used today by IPv6 routers for discovering multicast listeners on a directly attached link, much like Internet Group Management Protocol (IGMP) is used in IPv4. MLD uses ICMPv6 (IP Protocol 58) message types, rather than IGMP (IP Protocol 2) message types. MLD messages are identified in IPv6 packets by a preceding Next Header value of 58. MLD messages are sent with an IPv6 Router Alert option in a Hop-by-Hop Options header as defined in RFC 2710.

11.2. Potential Routing Extension Headers

11.2.1. Integrated Multicast Bitstring

There's a potential deployment of using a bitstring (such as used in BIER) as part of the IPv6 data plane using an EH.

         |<<-----(BIER-based multicast overlay)----->>|
         |                                            |
         |<----------(L3 BIER(P2MP) tunnel)---------->|
         |                                            |
         |  SEP                 SEP       SEP    SEP  |
         |    +******************+          +****+    |
         |   /                    \        /      \   |
     +------+       +-------+       +-----+        +------+
     | BFIR |-------|Non-BFR|-------| BFR |--------| BFER |
     +------+       +-------+       +-----+        +------+

     ------- L2 link

     ******* IPv6(P2P) segment (SEP = Segment EndPoint)

     <-----> BIER(P2MP) tunnel

In this deployment, BIER works as part of the IPv6 data plane. The BFIR and BFERs work as IPv6 (P2MP) tunnel endpoints, and BFRs work as IPv6 segment endpoints. The BIER header is processed on each segment endpoint and there is no decapsulation, or re-encapsulation, on the segment endpoints.

This deployment typically needs an IPv6 extension header to carry the BIER header and processing of the BIER header (e.g., the bitstring) will be implemented as part of the IPv6 extension header processing. The IPv6 source address is the BIER packet source-origin identifier, and is unchanged through the BIER domain from BFIR to BFERs.

12. Security Considerations

None.

13. Privacy Considerations

None.

14. IANA Considerations

None.

15. Contributors

Thanks to Dr. Tommaso Pecorella and Dhruv Dhody for their comments.

16. Change Log

Note to RFC Editor: if this document does not obsolete an existing RFC, please remove this appendix before publication as an RFC

17. Open Issues

Note to RFC Editor: please remove this appendix before publication as an RFC

18. Normative References

[I-D.matsushima-spring-srv6-deployment-status]
Matsushima, S., Filsfils, C., Ali, Z., Li, Z., Rajaraman, K., and A. Dhamija, "SRv6 Implementation and Deployment Status", Work in Progress, Internet-Draft, draft-matsushima-spring-srv6-deployment-status-15, , <https://datatracker.ietf.org/doc/html/draft-matsushima-spring-srv6-deployment-status-15>.
[RFC1421]
Linn, J., "Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures", RFC 1421, DOI 10.17487/RFC1421, , <https://www.rfc-editor.org/info/rfc1421>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC2236]
Fenner, W., "Internet Group Management Protocol, Version 2", RFC 2236, DOI 10.17487/RFC2236, , <https://www.rfc-editor.org/info/rfc2236>.
[RFC2460]
Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, , <https://www.rfc-editor.org/info/rfc2460>.
[RFC2473]
Conta, A. and S. Deering, "Generic Packet Tunneling in IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473, , <https://www.rfc-editor.org/info/rfc2473>.
[RFC2675]
Borman, D., Deering, S., and R. Hinden, "IPv6 Jumbograms", RFC 2675, DOI 10.17487/RFC2675, , <https://www.rfc-editor.org/info/rfc2675>.
[RFC2711]
Partridge, C. and A. Jackson, "IPv6 Router Alert Option", RFC 2711, DOI 10.17487/RFC2711, , <https://www.rfc-editor.org/info/rfc2711>.
[RFC2780]
Bradner, S. and V. Paxson, "IANA Allocation Guidelines For Values In the Internet Protocol and Related Headers", BCP 37, RFC 2780, DOI 10.17487/RFC2780, , <https://www.rfc-editor.org/info/rfc2780>.
[RFC2858]
Bates, T., Rekhter, Y., Chandra, R., and D. Katz, "Multiprotocol Extensions for BGP-4", RFC 2858, DOI 10.17487/RFC2858, , <https://www.rfc-editor.org/info/rfc2858>.
[RFC3692]
Narten, T., "Assigning Experimental and Testing Numbers Considered Useful", BCP 82, RFC 3692, DOI 10.17487/RFC3692, , <https://www.rfc-editor.org/info/rfc3692>.
[RFC3810]
Vida, R., Ed. and L. Costa, Ed., "Multicast Listener Discovery Version 2 (MLDv2) for IPv6", RFC 3810, DOI 10.17487/RFC3810, , <https://www.rfc-editor.org/info/rfc3810>.
[RFC4271]
Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, DOI 10.17487/RFC4271, , <https://www.rfc-editor.org/info/rfc4271>.
[RFC4302]
Kent, S., "IP Authentication Header", RFC 4302, DOI 10.17487/RFC4302, , <https://www.rfc-editor.org/info/rfc4302>.
[RFC4303]
Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 4303, DOI 10.17487/RFC4303, , <https://www.rfc-editor.org/info/rfc4303>.
[RFC4607]
Holbrook, H. and B. Cain, "Source-Specific Multicast for IP", RFC 4607, DOI 10.17487/RFC4607, , <https://www.rfc-editor.org/info/rfc4607>.
[RFC4727]
Fenner, B., "Experimental Values In IPv4, IPv6, ICMPv4, ICMPv6, UDP, and TCP Headers", RFC 4727, DOI 10.17487/RFC4727, , <https://www.rfc-editor.org/info/rfc4727>.
[RFC4782]
Floyd, S., Allman, M., Jain, A., and P. Sarolahti, "Quick-Start for TCP and IP", RFC 4782, DOI 10.17487/RFC4782, , <https://www.rfc-editor.org/info/rfc4782>.
[RFC5095]
Abley, J., Savola, P., and G. Neville-Neil, "Deprecation of Type 0 Routing Headers in IPv6", RFC 5095, DOI 10.17487/RFC5095, , <https://www.rfc-editor.org/info/rfc5095>.
[RFC5533]
Nordmark, E. and M. Bagnulo, "Shim6: Level 3 Multihoming Shim Protocol for IPv6", RFC 5533, DOI 10.17487/RFC5533, , <https://www.rfc-editor.org/info/rfc5533>.
[RFC5570]
StJohns, M., Atkinson, R., and G. Thomas, "Common Architecture Label IPv6 Security Option (CALIPSO)", RFC 5570, DOI 10.17487/RFC5570, , <https://www.rfc-editor.org/info/rfc5570>.
[RFC6275]
Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, , <https://www.rfc-editor.org/info/rfc6275>.
[RFC6554]
Hui, J., Vasseur, JP., Culler, D., and V. Manral, "An IPv6 Routing Header for Source Routes with the Routing Protocol for Low-Power and Lossy Networks (RPL)", RFC 6554, DOI 10.17487/RFC6554, , <https://www.rfc-editor.org/info/rfc6554>.
[RFC6744]
Atkinson, RJ. and SN. Bhatti, "IPv6 Nonce Destination Option for the Identifier-Locator Network Protocol for IPv6 (ILNPv6)", RFC 6744, DOI 10.17487/RFC6744, , <https://www.rfc-editor.org/info/rfc6744>.
[RFC6788]
Krishnan, S., Kavanagh, A., Varga, B., Ooghe, S., and E. Nordmark, "The Line-Identification Option", RFC 6788, DOI 10.17487/RFC6788, , <https://www.rfc-editor.org/info/rfc6788>.
[RFC6971]
Herberg, U., Ed., Cardenas, A., Iwao, T., Dow, M., and S. Cespedes, "Depth-First Forwarding (DFF) in Unreliable Networks", RFC 6971, DOI 10.17487/RFC6971, , <https://www.rfc-editor.org/info/rfc6971>.
[RFC7401]
Moskowitz, R., Ed., Heer, T., Jokela, P., and T. Henderson, "Host Identity Protocol Version 2 (HIPv2)", RFC 7401, DOI 10.17487/RFC7401, , <https://www.rfc-editor.org/info/rfc7401>.
[RFC8200]
Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/RFC8200, , <https://www.rfc-editor.org/info/rfc8200>.
[RFC8250]
Elkins, N., Hamilton, R., and M. Ackermann, "IPv6 Performance and Diagnostic Metrics (PDM) Destination Option", RFC 8250, DOI 10.17487/RFC8250, , <https://www.rfc-editor.org/info/rfc8250>.
[RFC8279]
Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., Przygienda, T., and S. Aldrin, "Multicast Using Bit Index Explicit Replication (BIER)", RFC 8279, DOI 10.17487/RFC8279, , <https://www.rfc-editor.org/info/rfc8279>.
[RFC8754]
Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header (SRH)", RFC 8754, DOI 10.17487/RFC8754, , <https://www.rfc-editor.org/info/rfc8754>.
[RFC9008]
Robles, M.I., Richardson, M., and P. Thubert, "Using RPI Option Type, Routing Header for Source Routes, and IPv6-in-IPv6 Encapsulation in the RPL Data Plane", RFC 9008, DOI 10.17487/RFC9008, , <https://www.rfc-editor.org/info/rfc9008>.
[RFC9180]
Barnes, R., Bhargavan, K., Lipp, B., and C. Wood, "Hybrid Public Key Encryption", RFC 9180, DOI 10.17487/RFC9180, , <https://www.rfc-editor.org/info/rfc9180>.
[RFC9268]
Hinden, R. and G. Fairhurst, "IPv6 Minimum Path MTU Hop-by-Hop Option", RFC 9268, DOI 10.17487/RFC9268, , <https://www.rfc-editor.org/info/rfc9268>.
[RFC9343]
Fioccola, G., Zhou, T., Cociglio, M., Qin, F., and R. Pang, "IPv6 Application of the Alternate-Marking Method", RFC 9343, DOI 10.17487/RFC9343, , <https://www.rfc-editor.org/info/rfc9343>.

Authors' Addresses

Mike McBride
Futurewei
Nalini Elkins
Inside Products, Inc
Nick Buraglio
Forwarding Plane
Xuesong Geng
Huawei Technologies
Michael Ackermann
BCBS Michigan