--- 1/draft-nordmark-intarea-ippl-01.txt 2015-10-19 17:15:26.798839046 -0700 +++ 2/draft-nordmark-intarea-ippl-02.txt 2015-10-19 17:15:26.826839712 -0700 @@ -1,18 +1,18 @@ INTAREA E. Nordmark Internet-Draft Arista Networks Intended status: Standards Track Oct 2015 Expires: April 3, 2016 IP over Intentionally Partially Partitioned Links - draft-nordmark-intarea-ippl-01 + draft-nordmark-intarea-ippl-02 Abstract IP makes certain assumptions about the L2 forwarding behavior of a multi-access IP link. However, there are several forms of intentional partitioning of links ranging from split-horizon to Private VLANs that violate some of those assumptions. This document specifies that link behavior and how IP handles links with those properties. @@ -54,24 +54,23 @@ 2. Keywords and Terminology . . . . . . . . . . . . . . . . . . . 3 3. Private VLAN . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Bridge Behavior . . . . . . . . . . . . . . . . . . . . . 4 4. IP over IPPL . . . . . . . . . . . . . . . . . . . . . . . . . 5 5. IPv6 over IPPL . . . . . . . . . . . . . . . . . . . . . . . . 6 6. IPv4 over IPPL . . . . . . . . . . . . . . . . . . . . . . . . 6 7. Multiple routers . . . . . . . . . . . . . . . . . . . . . . . 7 8. Multicast over IPPL . . . . . . . . . . . . . . . . . . . . . 8 9. Security Considerations . . . . . . . . . . . . . . . . . . . 8 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 - 11. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 9 - 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 - 12.1. Normative References . . . . . . . . . . . . . . . . . . . 9 - 12.2. Informative References . . . . . . . . . . . . . . . . . . 9 + 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 + 11.1. Normative References . . . . . . . . . . . . . . . . . . . 9 + 11.2. Informative References . . . . . . . . . . . . . . . . . . 9 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 10 1. Introduction IPv4 and IPv6 can in general handle two forms of links; point-to- point links when only have two IP nodes (self and remote), and multi- access links with one or more nodes attached to the link. For the multi-access links IP in general, and particular protocols like ARP and IPv6 Neighbor Discovery, makes a few assumptions about transitive and reflexive connectivity i.e., that all nodes attached to the link @@ -83,28 +82,28 @@ subnet prefix is assigned to the link, and IP routing sees it as a regular multi-access link. But a host attached to the link might not be able to send packets to all other hosts attached to the link. The motivation for this is outside the scope of this document, but in summary the motivation to preserve the subnet view as seen by IP routing is to conserve IP(v4) address space, and the motivation to restrict communication on the link could be due to (security) policy or potentially wireless connectivity approaches. This intentional and partial partition appears in a few different - forms. For DSL [TR-101] and Cable [Reference needed] the pattern is - to have a single access router on the link, and all the hosts can - send and receive from the access router, but host-to-host - communication is blocked. A richer set of restrictions are possible - for Private VLANs (PVLAN) [RFC5517], which has a notion of three - different ports i.e. attachment points: isolated, community, and - promiscuous. Note that other techniques operate at L2/L3 boundary - like [RFC4562] but those are out of scope for this document. + forms. For DSL [TR-101] and Cable [DOCSIS-MULPI] the pattern is to + have a single access router on the link, and all the hosts can send + and receive from the access router, but host-to-host communication is + blocked. A richer set of restrictions are possible for Private VLANs + (PVLAN) [RFC5517], which has a notion of three different ports i.e. + attachment points: isolated, community, and promiscuous. Note that + other techniques operate at L2/L3 boundary like [RFC4562] but those + are out of scope for this document. The possible connectivity patterns for PVLAN appears to be a superset of the DSL and Cable use of split horizon, thus this document specifies the PVLAN behavior, shows the impact on IP/ARP/ND, and specifies how IP/ARP/ND must operate to work with PVLAN. If private VLANs, or the split horizon subset, has been configured at layer 2 for the purposes of IPv4 address conservation, then that layer 2 configuration will affect IPv6 even though IPv6 might not have the same need for address conservation. @@ -337,27 +336,22 @@ In general DAD is subject to a Denial of Service attack since a malicious host can claim all the IPv6 addresses [RFC3756]. Same issue applies to IPv4/ARP when Address Conflict Detection [RFC5227] is implemented. 10. IANA Considerations There are no IANA actions needed for this document. -11. Open Issues - - o Add reference to cable standard specifying split horizon - -12. References - -12.1. Normative References +11. References +11.1. Normative References [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981, . [RFC0826] Plummer, D., "Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware", STD 37, RFC 826, DOI 10.17487/RFC0826, November 1982, . @@ -379,21 +373,27 @@ [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, DOI 10.17487/ RFC4862, September 2007, . [RFC6957] Costa, F., Combes, J-M., Ed., Pougnard, X., and H. Li, "Duplicate Address Detection Proxy", RFC 6957, DOI 10.17487/RFC6957, June 2013, . -12.2. Informative References +11.2. Informative References + + [DOCSIS-MULPI] + "DOCSIS 3.0: MAC and Upper Layer Protocols Interface + Specification", August 2015, . [I-D.ietf-dnssd-hybrid] Cheshire, S., "Hybrid Unicast/Multicast DNS-Based Service Discovery", draft-ietf-dnssd-hybrid-00 (work in progress), November 2014. [PVLAN-HOSTING] "PVLANs in a Hosting Environment", March 2010, .