| Internet-Draft | MultAddrr | November 2022 |
| Linkova | Expires 11 May 2023 | [Page] |
This document provides recommendations to network infrastructure vendors on how to deal with multiple IPv6 addresses per host.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 11 May 2023.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
One of the fundamental differences between IPv4 and IPv6 is that an IPv6 host can, and almost always does have multiple IPv6 addresses. RFC7934 discusses this aspect and explicitly states that IPv6 deployments SHOULD NOT limit number of IPv6 addresses a host can have. RFC7934 is mostly focuses on various methods of address assignment and how those methods should provide multiple addresses per host. However network devices, especially wireless ones performing Neighbor Discovery proxy, often have hardcoded limits on how many IPv6 addresses are allowed per a single MAC. When that limit is exceeded, traffic to/from the affected IPv6 addresses is blocked. Such failure mode is rather hard to diagnoze (as IPv6 addresses on a device may obtain and lose connectivity randomly) and leads to poor user experience. This document provides recommendations to network infrastructure device vendors on how to deal with multiple IPv6 addresses per device.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The most common scenario of network-imposed limitations is Neighbor Discovery (ND) proxy. Many enterprise-scale wireless solutions implement ND proxy to reduce amount of broadcast and multicast downstream (AP to clients) traffic. To perform ND proxy a device usually maintains a table, containing IPv6 and MAC addresses of connected clients. At least some implementations have hardcoded limits on how many IPv6 addresses per a single MAC such a table can contain. When the limit is exceeded the behaviour is implementation-dependent. Some vendors just fail to install N+1 address to the table. Other delete the oldest entry for this MAC and replace it with the new address. In any case the affected addresses lose network connectivity. The problem is exacerbated by the following:¶
As internal implementation details might require a vendor to limit the number of IPv6 addresses per host, it's crucial to provide some recommendations on how to minimize the negative impact of imposing such a limit, especially as virtualiztion on endpoints and IPv6-only WiFi networks are gaining momentum.¶
If a network equipment manufacturer deems it necessary to impose any limit to a number of IPv6 addresses per host (or MAC address):¶
This memo includes no request to IANA.¶
TBA - I guess there is a risk of a host to create a lot of addresses and exhaust device memory.¶
Thanks to Lorenzo Colitti for the discussions, the input and all contribution.¶