Internet-Draft | Deprecate IPv6 Router Alert | February 2024 |
Bonica | Expires 22 August 2024 | [Page] |
This document deprecates the IPv6 Router Alert Option. Protocols that use the Router Alert Option may continue to do so, even in future versions. However, protocols standardized in the future must not use the Router Alert Option.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 22 August 2024.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Figure 1 models an Internet router. The router has a forwarding plane and a control plane.¶
IPv6 [RFC8200] operates on the forwarding plane. It:¶
IPv6 determines a packet's next hop by searching the Forwarding Information Base (FIB) for an entry that best matches the packet's destination address. Therefore, IPv6 requires read-only access to the FIB.¶
Routing protocols (e.g., OSPF, IS-IS, BGP) operate on a router's control plane. They create and maintain the FIB by exchanging routing protocol messages with other nodes. Therefore, the control plane requires read-write access to the FIB.¶
The forwarding and control planes communicate with one another as follows:¶
The control plane sends FIB updates to the forwarding plane so it can maintain a read-only FIB copy.¶
The control plane sends routing protocol messages through the forwarding plane to other nodes.¶
The forwarding plane sends routing protocol messages received from other nodes and addressed to the router to the control plane.¶
The forwarding plane sends messages that are not addressed to the router but include the IPv6 Router Alert Option [RFC2711] to the control plane. The control plane inspects these messages and returns them to the forwarding plane so that they can continue on to their ultimate destination.¶
Many routers maintain separation between forwarding and control plane hardware. The forwarding plain is implemented on high-performance Application Specific Integrated Circuits (ASIC) and Network Processors (NP), while the control plane is implemented on general-purpose processors. Therefore, the forwarding plane can process many more packets per second than the control plane. Given this difference in packet-handling capabilities, a router's control plane is more susceptible to a Denial-of-Service (DoS) attack than the router's forwarding plane.¶
[RFC6192] demonstrates how a network operator can deploy Access Control Lists (ACL) that protect the control plane from DoS attack. These ACLs are effective and efficient when they select packets based upon information that can be found in a fixed position in the packet header. However, they become less effective and less efficient when they must parse an IPv6 Hop-by-hop Options extension header, searching for the Router Alert Option. Therefore, many network operators drop or severely rate limit packets that contain the IPv6 Hop-by-hop Options extension header.¶
[RFC6398] identifies security considerations associated with the Router Alert Option. It provides the following recommendations:¶
"Network operators SHOULD actively protect themselves against externally generated IP Router Alert packets."¶
"Applications and protocols SHOULD NOT be deployed with a dependency on processing of the Router Alert Option (as currently specified) across independent administrative domains in the Internet."¶
"Router implementations of the IP Router Alert Option SHOULD offer the configuration option to simply ignore the presence of "IP Router Alert" in IPv4 and IPv6 packets."¶
"A router implementation SHOULD forward within the "fast path" (subject to all normal policies and forwarding rules) a packet carrying the IP Router Alert Option containing a next level protocol that is not a protocol of interest to that router."¶
NOTE: In RFC 6398, the terms "fast path" and "forwarding plane components" are used synonymously.¶
Network operators can address all of the security considerations raised in RFC 6398 by configuring their routers to ignore the Router Alert Option. However, such configuration may not be possible if protocol designers continue to design protocols that use the Router Alert Option. Alternatively, network operators will be required to deploy the operationally complex and computationally expensive ACLs described in RFC 6192. Therefore, this document deprecates the IPv6 Router Alert Option.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document deprecates the IPv6 Router Alert Option. Protocols that use the Router Alert Option MAY continue to do so, even in future versions. However, protocols standardized in the future MUST NOT use the Router Alert Option.¶
Table 1 contains a list of protocols that use the IPv6 Router Alert Option. There are no known IPv6 implementations of MPLS PING. Neither INTSERV nor NSIS are widely deployed. All NSIS protocols are EXPERIMENTAL. Pragmatic Generic Multicast (PGM) is EXPERIMENTAL and there are no known IPv6 implementations.¶
Protocol | References | Application |
---|---|---|
Multicast Listener Discovery Version 2 (MLDv2) | [RFC3810] | IPv6 Multicast |
Multicast Router Discovery (MRD) | [RFC4286] | IPv6 Multicast |
Pragmatic General Multicast (PGM) | [RFC3208] | IPv6 Multicast |
MPLS PING | [RFC7506][RFC8029] | MPLS OAM |
Resource Reservation Protocol (RSVP) | [RFC3175] [RFC5946] [RFC6016] [RFC6401] | Integrated Services (INTSERV) [RFC1633] (Not Traffic engineering or MPLS signaling) |
Next Steps In Signaling (NSIS) | [RFC5979] [RFC5971] | NSIS [RFC4080] |
This document extends the security considerations provided in RFC 2711, RFC 6192 and RFC 6398.¶
IANA is requested to mark the Router Alert Option as Deprecated in the Destination Options and Hop-by-hop Options Registry ( https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#ipv6-parameters-2) and add a pointer to this document.¶
Thanks to Brian Carpenter, Toerless Eckert, Adrian Farrel, and Bob Hinden for their reviews of this document.¶