draft-nordmark-intarea-ippl-01.txt   draft-nordmark-intarea-ippl-02.txt 
INTAREA E. Nordmark INTAREA E. Nordmark
Internet-Draft Arista Networks Internet-Draft Arista Networks
Intended status: Standards Track Oct 2015 Intended status: Standards Track Oct 2015
Expires: April 3, 2016 Expires: April 3, 2016
IP over Intentionally Partially Partitioned Links IP over Intentionally Partially Partitioned Links
draft-nordmark-intarea-ippl-01 draft-nordmark-intarea-ippl-02
Abstract Abstract
IP makes certain assumptions about the L2 forwarding behavior of a IP makes certain assumptions about the L2 forwarding behavior of a
multi-access IP link. However, there are several forms of multi-access IP link. However, there are several forms of
intentional partitioning of links ranging from split-horizon to intentional partitioning of links ranging from split-horizon to
Private VLANs that violate some of those assumptions. This document Private VLANs that violate some of those assumptions. This document
specifies that link behavior and how IP handles links with those specifies that link behavior and how IP handles links with those
properties. properties.
skipping to change at page 2, line 19 skipping to change at page 2, line 19
2. Keywords and Terminology . . . . . . . . . . . . . . . . . . . 3 2. Keywords and Terminology . . . . . . . . . . . . . . . . . . . 3
3. Private VLAN . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Private VLAN . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Bridge Behavior . . . . . . . . . . . . . . . . . . . . . 4 3.1. Bridge Behavior . . . . . . . . . . . . . . . . . . . . . 4
4. IP over IPPL . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. IP over IPPL . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. IPv6 over IPPL . . . . . . . . . . . . . . . . . . . . . . . . 6 5. IPv6 over IPPL . . . . . . . . . . . . . . . . . . . . . . . . 6
6. IPv4 over IPPL . . . . . . . . . . . . . . . . . . . . . . . . 6 6. IPv4 over IPPL . . . . . . . . . . . . . . . . . . . . . . . . 6
7. Multiple routers . . . . . . . . . . . . . . . . . . . . . . . 7 7. Multiple routers . . . . . . . . . . . . . . . . . . . . . . . 7
8. Multicast over IPPL . . . . . . . . . . . . . . . . . . . . . 8 8. Multicast over IPPL . . . . . . . . . . . . . . . . . . . . . 8
9. Security Considerations . . . . . . . . . . . . . . . . . . . 8 9. Security Considerations . . . . . . . . . . . . . . . . . . . 8
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
11. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 9 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 11.1. Normative References . . . . . . . . . . . . . . . . . . . 9
12.1. Normative References . . . . . . . . . . . . . . . . . . . 9 11.2. Informative References . . . . . . . . . . . . . . . . . . 9
12.2. Informative References . . . . . . . . . . . . . . . . . . 9
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 10 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
IPv4 and IPv6 can in general handle two forms of links; point-to- IPv4 and IPv6 can in general handle two forms of links; point-to-
point links when only have two IP nodes (self and remote), and multi- point links when only have two IP nodes (self and remote), and multi-
access links with one or more nodes attached to the link. For the access links with one or more nodes attached to the link. For the
multi-access links IP in general, and particular protocols like ARP multi-access links IP in general, and particular protocols like ARP
and IPv6 Neighbor Discovery, makes a few assumptions about transitive and IPv6 Neighbor Discovery, makes a few assumptions about transitive
and reflexive connectivity i.e., that all nodes attached to the link and reflexive connectivity i.e., that all nodes attached to the link
skipping to change at page 3, line 28 skipping to change at page 3, line 28
subnet prefix is assigned to the link, and IP routing sees it as a subnet prefix is assigned to the link, and IP routing sees it as a
regular multi-access link. But a host attached to the link might not regular multi-access link. But a host attached to the link might not
be able to send packets to all other hosts attached to the link. The be able to send packets to all other hosts attached to the link. The
motivation for this is outside the scope of this document, but in motivation for this is outside the scope of this document, but in
summary the motivation to preserve the subnet view as seen by IP summary the motivation to preserve the subnet view as seen by IP
routing is to conserve IP(v4) address space, and the motivation to routing is to conserve IP(v4) address space, and the motivation to
restrict communication on the link could be due to (security) policy restrict communication on the link could be due to (security) policy
or potentially wireless connectivity approaches. or potentially wireless connectivity approaches.
This intentional and partial partition appears in a few different This intentional and partial partition appears in a few different
forms. For DSL [TR-101] and Cable [Reference needed] the pattern is forms. For DSL [TR-101] and Cable [DOCSIS-MULPI] the pattern is to
to have a single access router on the link, and all the hosts can have a single access router on the link, and all the hosts can send
send and receive from the access router, but host-to-host and receive from the access router, but host-to-host communication is
communication is blocked. A richer set of restrictions are possible blocked. A richer set of restrictions are possible for Private VLANs
for Private VLANs (PVLAN) [RFC5517], which has a notion of three (PVLAN) [RFC5517], which has a notion of three different ports i.e.
different ports i.e. attachment points: isolated, community, and attachment points: isolated, community, and promiscuous. Note that
promiscuous. Note that other techniques operate at L2/L3 boundary other techniques operate at L2/L3 boundary like [RFC4562] but those
like [RFC4562] but those are out of scope for this document. are out of scope for this document.
The possible connectivity patterns for PVLAN appears to be a superset The possible connectivity patterns for PVLAN appears to be a superset
of the DSL and Cable use of split horizon, thus this document of the DSL and Cable use of split horizon, thus this document
specifies the PVLAN behavior, shows the impact on IP/ARP/ND, and specifies the PVLAN behavior, shows the impact on IP/ARP/ND, and
specifies how IP/ARP/ND must operate to work with PVLAN. specifies how IP/ARP/ND must operate to work with PVLAN.
If private VLANs, or the split horizon subset, has been configured at If private VLANs, or the split horizon subset, has been configured at
layer 2 for the purposes of IPv4 address conservation, then that layer 2 for the purposes of IPv4 address conservation, then that
layer 2 configuration will affect IPv6 even though IPv6 might not layer 2 configuration will affect IPv6 even though IPv6 might not
have the same need for address conservation. have the same need for address conservation.
skipping to change at page 9, line 5 skipping to change at page 8, line 47
In general DAD is subject to a Denial of Service attack since a In general DAD is subject to a Denial of Service attack since a
malicious host can claim all the IPv6 addresses [RFC3756]. Same malicious host can claim all the IPv6 addresses [RFC3756]. Same
issue applies to IPv4/ARP when Address Conflict Detection [RFC5227] issue applies to IPv4/ARP when Address Conflict Detection [RFC5227]
is implemented. is implemented.
10. IANA Considerations 10. IANA Considerations
There are no IANA actions needed for this document. There are no IANA actions needed for this document.
11. Open Issues 11. References
11.1. Normative References
o Add reference to cable standard specifying split horizon
12. References
12.1. Normative References
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
DOI 10.17487/RFC0791, September 1981, DOI 10.17487/RFC0791, September 1981,
<http://www.rfc-editor.org/info/rfc791>. <http://www.rfc-editor.org/info/rfc791>.
[RFC0826] Plummer, D., "Ethernet Address Resolution Protocol: Or [RFC0826] Plummer, D., "Ethernet Address Resolution Protocol: Or
Converting Network Protocol Addresses to 48.bit Ethernet Converting Network Protocol Addresses to 48.bit Ethernet
Address for Transmission on Ethernet Hardware", STD 37, Address for Transmission on Ethernet Hardware", STD 37,
RFC 826, DOI 10.17487/RFC0826, November 1982, RFC 826, DOI 10.17487/RFC0826, November 1982,
<http://www.rfc-editor.org/info/rfc826>. <http://www.rfc-editor.org/info/rfc826>.
skipping to change at page 9, line 47 skipping to change at page 9, line 40
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862, DOI 10.17487/ Address Autoconfiguration", RFC 4862, DOI 10.17487/
RFC4862, September 2007, RFC4862, September 2007,
<http://www.rfc-editor.org/info/rfc4862>. <http://www.rfc-editor.org/info/rfc4862>.
[RFC6957] Costa, F., Combes, J-M., Ed., Pougnard, X., and H. Li, [RFC6957] Costa, F., Combes, J-M., Ed., Pougnard, X., and H. Li,
"Duplicate Address Detection Proxy", RFC 6957, "Duplicate Address Detection Proxy", RFC 6957,
DOI 10.17487/RFC6957, June 2013, DOI 10.17487/RFC6957, June 2013,
<http://www.rfc-editor.org/info/rfc6957>. <http://www.rfc-editor.org/info/rfc6957>.
12.2. Informative References 11.2. Informative References
[DOCSIS-MULPI]
"DOCSIS 3.0: MAC and Upper Layer Protocols Interface
Specification", August 2015, <http://www.cablelabs.com/
wp-content/uploads/specdocs/
CM-SP-MULPIv3.0-I28-150827.pdf>.
[I-D.ietf-dnssd-hybrid] [I-D.ietf-dnssd-hybrid]
Cheshire, S., "Hybrid Unicast/Multicast DNS-Based Service Cheshire, S., "Hybrid Unicast/Multicast DNS-Based Service
Discovery", draft-ietf-dnssd-hybrid-00 (work in progress), Discovery", draft-ietf-dnssd-hybrid-00 (work in progress),
November 2014. November 2014.
[PVLAN-HOSTING] [PVLAN-HOSTING]
"PVLANs in a Hosting Environment", March 2010, <https:// "PVLANs in a Hosting Environment", March 2010, <https://
puck.nether.net/pipermail/cisco-nsp/2010-March/ puck.nether.net/pipermail/cisco-nsp/2010-March/
068469.html>. 068469.html>.
 End of changes. 5 change blocks. 
21 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/