Extension Header Use Cases

Internet-Draft	draft-mcbride-v6ops-eh-use-cases-00	July 2023
McBride, et al.	Expires 7 January 2024	[Page]

Abstract

This document outlines IPv6 extension header use cases including those intended to be deployed in limited domains and those intended for the global Internet. We specify use cases are deployed today and those which may be of use in the future. The hope is that through understanding these various extension header use cases, we can then better understand how best to implement any necessary limits on their use.¶

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶

This Internet-Draft will expire on 7 January 2024.¶

Copyright Notice

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶

1. Introduction

Extension headers have been specified since original 1995 IPv6 Specification [RFC2460] and maintained in the more recently updated [RFC8200]. In the nearly 30 years since extension headers were specified, there have been many documents which have specified how to limit, block and deprecate their use. What we haven't had is a document to show how extension headers are being deployed nor how related innovations are being proposed. This document outlines IPv6 extension header use cases including those intended to be deployed in limited domains and those deployed across the Internet. By understanding these various use cases we can better understand how best to improve upon, and perhaps limit, extension header deployment.¶

2. Glossary

EH: IPv6 Extension Header¶

Hop-by-Hop Optioners Header: Used to carry optional information intended for every node along the path.¶

Routing Header: Used to list one or more nodes to be visited on the way to a packet's destination.¶

Fragment Header: Used to send a packet larger than would fit in the path MTU to its destination.¶

Encapsulating Security Payload: The Encapsulating Security Payload (ESP) extension header provides confidentiality, integrity, and authentication for IPv6 packets.¶

Authentication Header: The IPv6 Authentication Header (AH) extension provides data integrity, authentication, and anti-replay protection for IPv6 packets.¶

Destination Options Header: Used to carry optional information for destination nodes.¶

Mobility Header: The Mobility Header enables mobility support for network nodes in IPv6 networks.¶

Host Identity Protocol: The Host Identity Protocol (HIP) provides a cryptographic identity-based solution for secure communication and mobility management in IPv6 networks.¶

Shim6 Protocol: The Shim6 IPv6 extension header enables multihoming by providing source and destination address selection for efficient routing.¶

Single Administrative Domain: The EH is limited to one administrative domain.¶

Limited Domain: The EH is limited to a group of administrative domains.¶

Unlimited Domain: The EH is not limited to any group of domains.¶

3. IPv6 Extension Header Types

 Protocol         Description                 Reference
  Number

0         IPv6 Hop-by-Hop Option              [RFC8200]
43        Routing Header for IPv6             [RFC8200][RFC5095]
44        Fragment Header for IPv6            [RFC8200]
50        Encapsulating Security Payload      [RFC4303]
51        Authentication Header               [RFC4302]
60        Destination Options for IPv6        [RFC8200]
135       Mobility Header                     [RFC6275]
139       Host Identity Protocol              [RFC7401]
140       Shim6 Protocol                      [RFC5533]
253       Use for experimentation and testing [RFC3692][RFC4727]
254       Use for experimentation and testing [RFC3692][RFC4727]

4. Existing IPv6 Extension Header Use Cases

In this section we list and describe, several extension header use cases. We will specify if the use case is intended for a limited domain and the status of its deployment. We further categorize the EH into a category. The categories are the following:¶

Quality of Service
Network Security
Network Management
Application Specific
Internet of Things
Content Delivery Networks
Routing

Another crucial aspect in characterizing extension header usage is to determine whether the EH is intended for a single administrative domain, a limited domain, or an unlimited domain.¶

Furthermore, it is important to consider the potential consequences if the EH is modified, which could be a result of transmission errors or intentional alterations. It is also necessary to assess whether the EH contains private data that, if exposed, could lead to a data leak.
This evaluation may prompt a deeper discussion on the additional safeguards that should be implemented, such as incorporating a checksum, a signature, or encryption mechanisms for the EH.¶

4.1. Detailed Description of Categories

Quality of Service (QoS) Extension Headers: These extension headers can be used to prioritize and manage traffic based on different quality of service parameters such as latency, bandwidth, packet loss, or reliability. They allow for fine-grained control over QoS policies within an IPv6 network.¶
Network Security Extension Headers: These extension headers provide enhanced security features for IPv6, such as authentication, integrity checks, encryption, or firewall rules. They can be used to enforce network security policies at the IP layer, complementing higher-layer security protocols.¶
Network Management Extension Headers: These extension headers facilitate network management operations by including information related to network monitoring, performance measurement, or configuration management. They enable administrators to efficiently manage and troubleshoot IPv6 networks.¶
Application-Specific Extension Headers: These extension headers cater to specific application requirements by carrying application-specific metadata or instructions. They can be used to enable application-specific optimizations or provide additional context to the network for better application performance.¶
Internet of Things (IoT) Extension Headers: These extension headers include information about device capabilities, power management, sensor data, or IoT-specific protocols to enable efficient communication and management of IoT devices over IPv6.¶
Content Delivery Networks (CDN) Extension Headers: These extension headers optimize content delivery over IPv6 by including information related to content caching, replication, or load balancing within a content delivery network. They allow for efficient content distribution and improved performance for CDN-enabled services.¶
Routing Extension Headers: These extension headers supplement existing information about routing policies, traffic engineering, or multicast routing to enhance the routing capabilities of IPv6.¶

4.2. Existing Destination and Hop-by-Hop Options

The following is the list of Destination Options and Hop-by-Hop Options which have an option number at IANA. Note, we will describe use cases, if any, for options which do not have an option number at IANA.¶

[ToBeDone: Separate these into Destination Options and Hop-by-hop options]¶

Hex
Value   Description    RFC Number

0x00    Pad1                                      [RFC2460]
0x01    PadN                                      [RFC2460]
0xC2    Jumbo Payload                             [RFC2675]
0x23    RPL Option                                [RFC9008]
0x63    RPL Option (DEPRECATED)                   [RFC6553]
0x04    Tunnel Encapsulation Limit                [RFC2473]
0x05    Router Alert                              [RFC2711]
0x26    Quick-Start                               [RFC4782]
0x07    CALIPSO                                   [RFC5570]
0x08    SMF_DPD                                   [RFC6621]
0xC9    Home Address                              [RFC6275]
0x8A    Endpoint Identification (DEPRECATED) [[CHARLES LYNN]]
0x8B    ILNP Nonce                                [RFC6744]
0x8C    Line-Identification Option                [RFC6788]
0x4D    Deprecated                                [RFC7731]
0x6D    MPL Option                                [RFC7731]
0xEE    IP_DFF                                    [RFC6971]
0x0F    Performance and Diagnostic Metrics (PDM)  [RFC8250]
0x30    Minimum Path MTU Hop-by-Hop Option        [RFC9268]
0x11    IOAM Destination Option and IOAM Hop-by-Hop Option
                                    [RFC-ietf-ippm-ioam-ipv6-options-12]
0x31    IOAM Destination Option and IOAM Hop-by-Hop Option
                                    [RFC-ietf-ippm-ioam-ipv6-options-12]
0x12    AltMark                                   [RFC9343]
10011-11101  Unassigned
0x1E    RFC3692-style Experiment                  [RFC4727]
0x3E    RFC3692-style Experiment                  [RFC4727]
0x5E    RFC3692-style Experiment                  [RFC4727]
0x7E    RFC3692-style Experiment                  [RFC4727]
0x9E    RFC3692-style Experiment                  [RFC4727]
0xBE    RFC3692-style Experiment                  [RFC4727]
0xDE    RFC3692-style Experiment                  [RFC4727]
0xFE    RFC3692-style Experiment                  [RFC4727]

4.3. Existing Routing Types

The following is the list of Routing Types which are defined at IANA. Note, we will describe use cases, if any, for options which do not have an option number at IANA.¶

Value              Description          Reference
--------------------------------------------------
0   Source Route (DEPRECATED)            [RFC2460][RFC5095]
1   Nimrod (DEPRECATED 2009-05-06)
2   Type 2 Routing Header                [RFC6275]
3   RPL Source Route Header              [RFC6554]
4   Segment Routing Header (SRH)         [RFC8754]
5   CRH-16 (TEMPORARY)                   [draft-bonica-6man-comp
                                         -rtg-hdr-30]
6   CRH-32 (TEMPORARY                    [draft-bonica-6man-comp
                                         -rtg-hdr-30]
7-252 Unassigned
253  RFC3692-style Experiment 1          [RFC4727]
254  RFC3692-style Experiment 2          [RFC4727]
255  Reserved

Segment Routing Header TLVs¶

 Value        Description        Reference
 --------------------------------------------------
      0    Pad1 TLV                 [RFC8754]
      1    Reserved                 [RFC8754]
      2    Reserved                 [RFC8754]
      3    Reserved                 [RFC8754]
      4    PadN TLV                 [RFC8754]
      5    HMAC TLV                 [RFC8754]
      6    Reserved                 [RFC8754]
    7-123  Unassigned
   124-126 Experimentation and Test [RFC8754]
     127   Reserved                 [RFC8754]
   128-251 Unassigned
   252-254 Experimentation and Test [RFC8754]
     255   Reserved                 [RFC8754]

6. Network Management Extension Headers

6.1. Existing Network Management Extension Headers

6.1.1. RFC8250: Performance and Diagnostic Metrics (PDM)

RFC 8250 specifies the Performance and Diagnostic Metrics (PDM) Destination Options header, which is used to measure the performance of IPv6 networks. The PDM header contains sequence numbers and timing information that can be used to calculate metrics such as round-trip delay and server delay.¶

The PDM header is embedded in each packet, and the information it contains is combined with the 5-tuple (source IP address, source port, destination IP address, destination port, and upper-layer protocol) to calculate the metrics. The PDM header also includes fields for storing time scaling factors, which can be used to adjust the measurements for different network conditions.¶

The PDM header can be used to assess performance problems in real time or after the fact. The measurements can be used to troubleshoot network problems, identify bottlenecks, and optimize network performance.¶

6.2. Potential Network Management Extension Headers

11. Routing Extension Headers

11.1. Existing Routing Extension Headers

11.1.1. Segment Routing Header (SRH)

Segment Routing (SR) can be applied to the IPv6 data plane using a routing header called the Segment Routing Header (SRH). [RFC8754] specifies the encoding of IPv6 segments in an SRH. SRv6 uses this IPv6 Routing Extension Header to forward IPv6 packets using the source routing model. It implements hop-by-hop forwarding by adding a Segment Routing header (SRH) into IPv6 packets, encapsulating an explicit IPv6 address stack into the SRH, and continuously updating IPv6 destination addresses while offsetting the address stack on transit nodes. According to [I-D.matsushima-spring-srv6-deployment-status], there have been over 10 announced deployments of an SRH based data plane and over 20 additional deployments without public announcements.¶

11.1.2. Mobility Header

[RFC6275] specifies Mobile IPv6, a protocol that allows nodes to remain reachable while moving around in the IPv6 Internet.The Mobility Header is an extension header used by mobile nodes, correspondent nodes, and home agents in all messaging related to the creation and management of mobile bindings. The Mobility Header is identified by a Next Header value of 135.¶

11.1.3. MLD Messages

Multicast Listener Discovery (MLD) is used today by IPv6 routers for discovering multicast listeners on a directly attached link, much like Internet Group Management Protocol (IGMP) is used in IPv4. MLD uses ICMPv6 (IP Protocol 58) message types, rather than IGMP (IP Protocol 2) message types. MLD messages are identified in IPv6 packets by a preceding Next Header value of 58. MLD messages are sent with an IPv6 Router Alert option in a Hop-by-Hop Options header as defined in RFC 2710.¶

11.2. Potential Routing Extension Headers

11.2.1. Integrated Multicast Bitstring

There's a potential deployment of using a bitstring (such as used in BIER) as part of the IPv6 data plane using an EH.¶

         |<<-----(BIER-based multicast overlay)----->>|
         |                                            |
         |<----------(L3 BIER(P2MP) tunnel)---------->|
         |                                            |
         |  SEP                 SEP       SEP    SEP  |
         |    +******************+          +****+    |
         |   /                    \        /      \   |
     +------+       +-------+       +-----+        +------+
     | BFIR |-------|Non-BFR|-------| BFR |--------| BFER |
     +------+       +-------+       +-----+        +------+

     ------- L2 link

     ******* IPv6(P2P) segment (SEP = Segment EndPoint)

     <-----> BIER(P2MP) tunnel

In this deployment, BIER works as part of the IPv6 data plane. The BFIR and BFERs work as IPv6 (P2MP) tunnel endpoints, and BFRs work as IPv6 segment endpoints. The BIER header is processed on each segment endpoint and there is no decapsulation, or re-encapsulation, on the segment endpoints.¶

This deployment typically needs an IPv6 extension header to carry the BIER header and processing of the BIER header (e.g., the bitstring) will be implemented as part of the IPv6 extension header processing. The IPv6 source address is the BIER packet source-origin identifier, and is unchanged through the BIER domain from BFIR to BFERs.¶

[I-D.matsushima-spring-srv6-deployment-status]: Matsushima, S., Filsfils, C., Ali, Z., Li, Z., Rajaraman, K., and A. Dhamija, "SRv6 Implementation and Deployment Status", Work in Progress, Internet-Draft, draft-matsushima-spring-srv6-deployment-status-15, 5 April 2022, <https://datatracker.ietf.org/doc/html/draft-matsushima-spring-srv6-deployment-status-15>.
[RFC1421]: Linn, J., "Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures", RFC 1421, DOI 10.17487/RFC1421, February 1993, <https://www.rfc-editor.org/info/rfc1421>.
[RFC2119]: Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.
[RFC2236]: Fenner, W., "Internet Group Management Protocol, Version 2", RFC 2236, DOI 10.17487/RFC2236, November 1997, <https://www.rfc-editor.org/info/rfc2236>.
[RFC2460]: Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, December 1998, <https://www.rfc-editor.org/info/rfc2460>.
[RFC2473]: Conta, A. and S. Deering, "Generic Packet Tunneling in IPv6 Specification", RFC 2473, DOI 10.17487/RFC2473, December 1998, <https://www.rfc-editor.org/info/rfc2473>.
[RFC2675]: Borman, D., Deering, S., and R. Hinden, "IPv6 Jumbograms", RFC 2675, DOI 10.17487/RFC2675, August 1999, <https://www.rfc-editor.org/info/rfc2675>.
[RFC2711]: Partridge, C. and A. Jackson, "IPv6 Router Alert Option", RFC 2711, DOI 10.17487/RFC2711, October 1999, <https://www.rfc-editor.org/info/rfc2711>.
[RFC2780]: Bradner, S. and V. Paxson, "IANA Allocation Guidelines For Values In the Internet Protocol and Related Headers", BCP 37, RFC 2780, DOI 10.17487/RFC2780, March 2000, <https://www.rfc-editor.org/info/rfc2780>.
[RFC2858]: Bates, T., Rekhter, Y., Chandra, R., and D. Katz, "Multiprotocol Extensions for BGP-4", RFC 2858, DOI 10.17487/RFC2858, June 2000, <https://www.rfc-editor.org/info/rfc2858>.
[RFC3692]: Narten, T., "Assigning Experimental and Testing Numbers Considered Useful", BCP 82, RFC 3692, DOI 10.17487/RFC3692, January 2004, <https://www.rfc-editor.org/info/rfc3692>.
[RFC3810]: Vida, R., Ed. and L. Costa, Ed., "Multicast Listener Discovery Version 2 (MLDv2) for IPv6", RFC 3810, DOI 10.17487/RFC3810, June 2004, <https://www.rfc-editor.org/info/rfc3810>.
[RFC4271]: Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, DOI 10.17487/RFC4271, January 2006, <https://www.rfc-editor.org/info/rfc4271>.
[RFC4302]: Kent, S., "IP Authentication Header", RFC 4302, DOI 10.17487/RFC4302, December 2005, <https://www.rfc-editor.org/info/rfc4302>.
[RFC4303]: Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 4303, DOI 10.17487/RFC4303, December 2005, <https://www.rfc-editor.org/info/rfc4303>.
[RFC4607]: Holbrook, H. and B. Cain, "Source-Specific Multicast for IP", RFC 4607, DOI 10.17487/RFC4607, August 2006, <https://www.rfc-editor.org/info/rfc4607>.
[RFC4727]: Fenner, B., "Experimental Values In IPv4, IPv6, ICMPv4, ICMPv6, UDP, and TCP Headers", RFC 4727, DOI 10.17487/RFC4727, November 2006, <https://www.rfc-editor.org/info/rfc4727>.
[RFC4782]: Floyd, S., Allman, M., Jain, A., and P. Sarolahti, "Quick-Start for TCP and IP", RFC 4782, DOI 10.17487/RFC4782, January 2007, <https://www.rfc-editor.org/info/rfc4782>.
[RFC5095]: Abley, J., Savola, P., and G. Neville-Neil, "Deprecation of Type 0 Routing Headers in IPv6", RFC 5095, DOI 10.17487/RFC5095, December 2007, <https://www.rfc-editor.org/info/rfc5095>.
[RFC5533]: Nordmark, E. and M. Bagnulo, "Shim6: Level 3 Multihoming Shim Protocol for IPv6", RFC 5533, DOI 10.17487/RFC5533, June 2009, <https://www.rfc-editor.org/info/rfc5533>.
[RFC5570]: StJohns, M., Atkinson, R., and G. Thomas, "Common Architecture Label IPv6 Security Option (CALIPSO)", RFC 5570, DOI 10.17487/RFC5570, July 2009, <https://www.rfc-editor.org/info/rfc5570>.
[RFC6275]: Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, July 2011, <https://www.rfc-editor.org/info/rfc6275>.
[RFC6554]: Hui, J., Vasseur, JP., Culler, D., and V. Manral, "An IPv6 Routing Header for Source Routes with the Routing Protocol for Low-Power and Lossy Networks (RPL)", RFC 6554, DOI 10.17487/RFC6554, March 2012, <https://www.rfc-editor.org/info/rfc6554>.
[RFC6744]: Atkinson, RJ. and SN. Bhatti, "IPv6 Nonce Destination Option for the Identifier-Locator Network Protocol for IPv6 (ILNPv6)", RFC 6744, DOI 10.17487/RFC6744, November 2012, <https://www.rfc-editor.org/info/rfc6744>.
[RFC6788]: Krishnan, S., Kavanagh, A., Varga, B., Ooghe, S., and E. Nordmark, "The Line-Identification Option", RFC 6788, DOI 10.17487/RFC6788, November 2012, <https://www.rfc-editor.org/info/rfc6788>.
[RFC6971]: Herberg, U., Ed., Cardenas, A., Iwao, T., Dow, M., and S. Cespedes, "Depth-First Forwarding (DFF) in Unreliable Networks", RFC 6971, DOI 10.17487/RFC6971, June 2013, <https://www.rfc-editor.org/info/rfc6971>.
[RFC7401]: Moskowitz, R., Ed., Heer, T., Jokela, P., and T. Henderson, "Host Identity Protocol Version 2 (HIPv2)", RFC 7401, DOI 10.17487/RFC7401, April 2015, <https://www.rfc-editor.org/info/rfc7401>.
[RFC8200]: Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/RFC8200, July 2017, <https://www.rfc-editor.org/info/rfc8200>.
[RFC8250]: Elkins, N., Hamilton, R., and M. Ackermann, "IPv6 Performance and Diagnostic Metrics (PDM) Destination Option", RFC 8250, DOI 10.17487/RFC8250, September 2017, <https://www.rfc-editor.org/info/rfc8250>.
[RFC8279]: Wijnands, IJ., Ed., Rosen, E., Ed., Dolganow, A., Przygienda, T., and S. Aldrin, "Multicast Using Bit Index Explicit Replication (BIER)", RFC 8279, DOI 10.17487/RFC8279, November 2017, <https://www.rfc-editor.org/info/rfc8279>.
[RFC8754]: Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J., Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, <https://www.rfc-editor.org/info/rfc8754>.
[RFC9008]: Robles, M.I., Richardson, M., and P. Thubert, "Using RPI Option Type, Routing Header for Source Routes, and IPv6-in-IPv6 Encapsulation in the RPL Data Plane", RFC 9008, DOI 10.17487/RFC9008, April 2021, <https://www.rfc-editor.org/info/rfc9008>.
[RFC9180]: Barnes, R., Bhargavan, K., Lipp, B., and C. Wood, "Hybrid Public Key Encryption", RFC 9180, DOI 10.17487/RFC9180, February 2022, <https://www.rfc-editor.org/info/rfc9180>.
[RFC9268]: Hinden, R. and G. Fairhurst, "IPv6 Minimum Path MTU Hop-by-Hop Option", RFC 9268, DOI 10.17487/RFC9268, August 2022, <https://www.rfc-editor.org/info/rfc9268>.
[RFC9343]: Fioccola, G., Zhou, T., Cociglio, M., Qin, F., and R. Pang, "IPv6 Application of the Alternate-Marking Method", RFC 9343, DOI 10.17487/RFC9343, December 2022, <https://www.rfc-editor.org/info/rfc9343>.