Internet Engineering Task Force (IETF) S. Jiang, Ed. Request for Comments: 8992 Huawei Technologies Co., Ltd Category: Informational Z. Du ISSN: 2070-1721 China Mobile B. Carpenter Univ. of Auckland Q. Sun China Telecom May 2021 Autonomic IPv6 Edge Prefix Management in Large-Scale Networks Abstract This document defines two autonomic technical objectives for IPv6 prefix management at the edge of large-scale ISP networks, with an extension to support IPv4 prefixes. An important purpose of this document is to use it for validation of the design of various components of the Autonomic Networking Infrastructure. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8992. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction 2. Terminology 3. Problem Statement 3.1. Intended User and Administrator Experience 3.2. Analysis of Parameters and Information Involved 3.2.1. Parameters Each Device Can Define for Itself 3.2.2. Information Needed from Network Operations 3.2.3. Comparison with Current Solutions 3.3. Interaction with Other Devices 3.3.1. Information Needed from Other Devices 3.3.2. Monitoring, Diagnostics, and Reporting 4. Autonomic Edge Prefix Management Solution 4.1. Behavior of a Device Requesting a Prefix 4.2. Behavior of a Device Providing a Prefix 4.3. Behavior after Successful Negotiation 4.4. Prefix Logging 5. Autonomic Prefix Management Objectives 5.1. Edge Prefix Objective Option 5.2. IPv4 Extension 6. Prefix Management Parameters 6.1. Example of Prefix Management Parameters 7. Security Considerations 8. IANA Considerations 9. References 9.1. Normative References 9.2. Informative References Appendix A. Deployment Overview A.1. Address and Prefix Management with DHCP A.2. Prefix Management with ANI/GRASP Acknowledgements Authors' Addresses 1. Introduction The original purpose of this document was to validate the design of the Autonomic Networking Infrastructure (ANI) for a realistic use case. It shows how the ANI can be applied to IP prefix delegation, and it outlines approaches to build a system to do this. A fully standardized solution would require more details, so this document is informational in nature. This document defines two autonomic technical objectives for IPv6 prefix management in large-scale networks, with an extension to support IPv4 prefixes. The background to Autonomic Networking is described in [RFC7575] and [RFC7576]. The GeneRic Autonomic Signaling Protocol (GRASP) is specified by [RFC8990] and can make use of the technical objectives to provide a solution for autonomic prefix management. An important purpose of the present document is to use it for validation of the design of GRASP and other components of the ANI as described in [RFC8993]. This document is not a complete functional specification of an autonomic prefix management system, and it does not describe all detailed aspects of the GRASP objective parameters and Autonomic Service Agent (ASA) procedures necessary to build a complete system. Instead, it describes the architectural framework utilizing the components of the ANI, outlines the different deployment options and aspects, and defines GRASP objectives for use in building the system. It also provides some basic parameter examples. This document is not intended to solve all cases of IPv6 prefix management. In fact, it assumes that the network's main infrastructure elements already have addresses and prefixes. This document is dedicated to how to make IPv6 prefix management at the edges of large-scale networks as autonomic as possible. It is specifically written for Internet Service Provider (ISP) networks. Although there are similarities between ISPs and large enterprise networks, the requirements for the two use cases differ. In any case, the scope of the solution is expected to be limited, like any Autonomic Network, to a single management domain. However, the solution is designed in a general way. Its use for a broader scope than edge prefixes, including some or all infrastructure prefixes, is left for future discussion. A complete solution has many aspects that are not discussed here. Once prefixes have been assigned to routers, they need to be communicated to the routing system as they are brought into use. Similarly, when prefixes are released, they need to be removed from the routing system. Different operators may have different policies regarding prefix lifetimes, and they may prefer to have centralized or distributed pools of spare prefixes. In an Autonomic Network, these are properties decided upon by the design of the relevant ASAs. The GRASP objectives are simply building blocks. A particular risk of distributed prefix allocation in large networks is that over time, it might lead to fragmentation of the address space and an undesirable increase in the size of the interior routing protocol tables. The extent of this risk depends on the algorithms and policies used by the ASAs. Mitigating this risk might even become an autonomic function in itself. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. This document uses terminology defined in [RFC7575]. 3. Problem Statement The Autonomic Networking use case considered here is autonomic IPv6 prefix management at the edge of large-scale ISP networks. Although DHCPv6-PD (DHCPv6 Prefix Delegation) [RFC8415] supports automated delegation of IPv6 prefixes from one router to another, prefix management still largely depends on human planning. In other words, there is no basic information or policy to support autonomic decisions on the prefix length that each router should request or be delegated, according to its role in the network. Roles could be defined separately for individual devices or could be generic (edge router, interior router, etc.). Furthermore, IPv6 prefix management by humans tends to be rigid and static after initial planning. The problem to be solved by Autonomic Networking is how to dynamically manage IPv6 address space in large-scale networks, so that IPv6 addresses can be used efficiently. Here, we limit the problem to assignment of prefixes at the edge of the network, close to access routers that support individual fixed-line subscribers, mobile customers, and corporate customers. We assume that the core infrastructure of the network has already been established with appropriately assigned prefixes. The Autonomic Networking approach discussed in this document is based on the assumption that there is a generic discovery and negotiation protocol that enables direct negotiation between intelligent IP routers. GRASP [RFC8990] is intended to be such a protocol. 3.1. Intended User and Administrator Experience The intended experience is, for the administrators of a large-scale network, that the management of IPv6 address space at the edge of the network can be run with minimum effort, as devices at the edge are added and removed and as customers of all kinds join and leave the network. In the ideal scenario, the administrators only have to specify a single IPv6 prefix for the whole network and the initial prefix length for each device role. As far as users are concerned, IPv6 prefix assignment would occur exactly as it does in any other network. The actual prefix usage needs to be logged for potential offline management operations, including audit and security incident tracing. 3.2. Analysis of Parameters and Information Involved For specific purposes of address management, each edge device will implement several parameters. (Some of them can be preconfigured before they are connected.) They include the following: * Identity, authentication, and authorization of this device. This is expected to use the Autonomic Networking secure bootstrap process [RFC8995], following which the device could safely take part in autonomic operations. * Role of this device. Some example roles are discussed in Section 6.1. * An IPv6 prefix length for this device. * An IPv6 prefix that is assigned to this device and its downstream devices. The network as a whole will implement the following parameters: * Identity of a trust anchor, which is a certification authority (CA) maintained by the network administrators, used during the secure bootstrap process. * Total IPv6 address space available for edge devices. It is a pool of one or several IPv6 prefixes. * The initial prefix length for each device role. 3.2.1. Parameters Each Device Can Define for Itself This section identifies those of the above parameters that do not need external information in order for the devices concerned to set them to a reasonable default value after bootstrap or after a network disruption. They are as follows: * Default role of this device. * Default IPv6 prefix length for this device. * Cryptographic identity of this device, as needed for secure bootstrapping [RFC8995]. The device may be shipped from the manufacturer with a preconfigured role and default prefix length, which could be modified by an autonomic mechanism. Its cryptographic identity will be installed by its manufacturer. 3.2.2. Information Needed from Network Operations This section identifies those parameters that might need operational input in order for the devices concerned to set them to a non-default value. * Non-default value for the IPv6 prefix length for this device. This needs to be decided based on the role of this device. * The initial prefix length for each device role. * Whether to allow the device to request more address space. * The policy regarding when to request more address space -- for example, if the address usage reaches a certain limit or percentage. 3.2.3. Comparison with Current Solutions This section briefly compares the above use case with current solutions. Currently, the address management is still largely dependent on human planning. It is rigid and static after initial planning. Address requests will fail if the configured address space is used up. Some autonomic and dynamic address management functions may be achievable by extending the existing protocols -- for example, extending DHCPv6-PD [RFC8415] to request IPv6 prefixes according to the device role. However, defining uniform device roles may not be a practical task, as some functions cannot be configured on the basis of role using existing prefix delegation protocols. Using a generic autonomic discovery and negotiation protocol instead of specific solutions has the advantage that additional parameters can be included in the autonomic solution without creating new mechanisms. This is the principal argument for a generic approach. 3.3. Interaction with Other Devices 3.3.1. Information Needed from Other Devices This section identifies those of the above parameters that need external information from neighbor devices (including the upstream devices). In many cases, two-way dialogue with neighbor devices is needed to set or optimize them. * Information regarding the identity of a trust anchor is needed. * The device will need to discover another device from which it can acquire IPv6 address space. * Information regarding the initial prefix length for the role of each device is needed, particularly for its own downstream devices. * The default value of the IPv6 prefix length may be overridden by a non-default value. * The device will need to request and acquire one or more IPv6 prefixes that can be assigned to this device and its downstream devices. * The device may respond to prefix delegation requests from its downstream devices. * The device may require the assignment of more IPv6 address space if it used up its assigned IPv6 address space. 3.3.2. Monitoring, Diagnostics, and Reporting This section discusses what role devices should play in monitoring, fault diagnosis, and reporting. * The actual address assignments need to be logged for potential offline management operations. * In general, the usage situation regarding address space should be reported to the network administrators in an abstract way -- for example, statistics or a visualized report. * A forecast of address exhaustion should be reported. 4. Autonomic Edge Prefix Management Solution This section introduces the building blocks for an autonomic edge prefix management solution. As noted in Section 1, this is not a complete description of a solution, which will depend on the detailed design of the relevant Autonomic Service Agents (ASAs). It uses the generic discovery and negotiation protocol defined by [RFC8990]. The relevant GRASP objectives are defined in Section 5. The procedures described below are carried out by an ASA in each device that participates in the solution. We will refer to this as the PrefixManager ASA. 4.1. Behavior of a Device Requesting a Prefix If the device containing a PrefixManager ASA has used up its address pool, it can request more space according to its requirements. It should decide the length of the requested prefix and request it via the mechanism described in Section 6. Note that although the device's role may define certain default allocation lengths, those defaults might be changed dynamically, and the device might request more, or less, address space due to some local operational heuristic. A PrefixManager ASA that needs additional address space should firstly discover peers that may be able to provide extra address space. The ASA should send out a GRASP Discovery message that contains a PrefixManager Objective option (see Section 2 of [RFC8650] and Section 5.1) in order to discover peers also supporting that option. Then, it should choose one such peer, most likely the first to respond. If the GRASP Discovery Response message carries a Divert option pointing to an off-link PrefixManager ASA, the requesting ASA may initiate negotiation with that ASA-diverted device to find out whether it can provide the requested length of the prefix. In any case, the requesting ASA will act as a GRASP negotiation initiator by sending a GRASP Request message with a PrefixManager Objective option. The ASA indicates in this option the length of the requested prefix. This starts a GRASP negotiation process. During the subsequent negotiation, the ASA will decide at each step whether to accept the offered prefix. That decision, and the decision to end the negotiation, are implementation choices. The ASA could alternatively initiate GRASP discovery in rapid mode with an embedded negotiation request, if it is implemented. 4.2. Behavior of a Device Providing a Prefix At least one device on the network must be configured with the initial pool of available prefixes mentioned in Section 3.2. Apart from that requirement, any device may act as a provider of prefixes. A device that receives a Discovery message with a PrefixManager Objective option should respond with a GRASP Response message if it contains a PrefixManager ASA. Further details of the discovery process are described in [RFC8990]. When this ASA receives a subsequent Request message, it should conduct a GRASP negotiation sequence, using Negotiate, Confirm Waiting, and Negotiation End messages as appropriate. The Negotiate messages carry a PrefixManager Objective option, which will indicate the prefix and its length offered to the requesting ASA. As described in [RFC8990], negotiation will continue until either end stops it with a Negotiation End message. If the negotiation succeeds, the ASA that provides the prefix will remove the negotiated prefix from its pool, and the requesting ASA will add it. If the negotiation fails, the party sending the Negotiation End message may include an error code string. During the negotiation, the ASA will decide at each step how large a prefix to offer. That decision, and the decision to end the negotiation, are implementation choices. The ASA could alternatively negotiate in response to GRASP discovery in rapid mode, if it is implemented. This specification is independent of whether the PrefixManager ASAs are all embedded in routers, but that would be a rather natural scenario. In a hierarchical network topology, a given router typically provides prefixes for routers below it in the hierarchy, and it is also likely to contain the first PrefixManager ASA discovered by those downstream routers. However, the GRASP discovery model, including its redirection feature, means that this is not an exclusive scenario, and a downstream PrefixManager ASA could negotiate a new prefix with a device other than its upstream router. A resource shortage may cause the gateway router to request more resources in turn from its own upstream device. This would be another independent GRASP discovery and negotiation process. During the processing time, the gateway router should send a Confirm Waiting message to the initial requesting router, to extend its timeout. When the new resource becomes available, the gateway router responds with a GRASP Negotiate message with a prefix length matching the request. The algorithm used to choose which prefixes to assign on the devices that provide prefixes is an implementation choice. 4.3. Behavior after Successful Negotiation Upon receiving a GRASP Negotiation End message that indicates that an acceptable prefix length is available, the requesting device may use the negotiated prefix without further messages. There are use cases where the ANI/GRASP-based prefix management approach can work together with DHCPv6-PD [RFC8415] as a complement. For example, the ANI/GRASP-based method can be used intra-domain, while the DHCPv6-PD method works inter-domain (i.e., across an administrative boundary). Also, ANI/GRASP can be used inside the domain, and DHCP/DHCPv6-PD can be used on the edge of the domain to clients (non-ANI devices). Another similar use case would be ANI/ GRASP inside the domain, with RADIUS [RFC2865] providing prefixes to client devices. 4.4. Prefix Logging Within the autonomic prefix management system, all prefix assignments are done by devices without human intervention. It may be required that all prefix assignment history be recorded -- for example, to detect or trace lost prefixes after outages or to meet legal requirements. However, the logging and reporting process is out of scope for this document. 5. Autonomic Prefix Management Objectives This section defines the GRASP technical objective options that are used to support autonomic prefix management. 5.1. Edge Prefix Objective Option The PrefixManager Objective option is a GRASP Objective option conforming to the GRASP specification [RFC8990]. Its name is "PrefixManager" (see Section 8), and it carries the following data items as its value: the prefix length and the actual prefix bits. Since GRASP is based on CBOR (Concise Binary Object Representation) [RFC8949], the format of the PrefixManager Objective option is described in the Concise Data Definition Language (CDDL) [RFC8610] as follows: objective = ["PrefixManager", objective-flags, loop-count, [length, ?prefix]] loop-count = 0..255 ; as in the GRASP specification objective-flags /= ; as in the GRASP specification length = 0..128 ; requested or offered prefix length prefix = bytes .size 16 ; offered prefix in binary format The use of the "dry run" mode of GRASP is NOT RECOMMENDED for this objective, because it would require both ASAs to store state information about the corresponding negotiation, to no real benefit -- the requesting ASA cannot base any decisions on the result of a successful dry-run negotiation. 5.2. IPv4 Extension This section presents an extended version of the PrefixManager objective that supports IPv4 by adding an extra flag: objective = ["PrefixManager", objective-flags, loop-count, prefval] loop-count = 0..255 ; as in the GRASP specification objective-flags /= ; as in the GRASP specification prefval /= pref6val pref6val = [version6, length, ?prefix] version6 = 6 length = 0..128 ; requested or offered prefix length prefix = bytes .size 16 ; offered prefix in binary format prefval /= pref4val pref4val = [version4, length4, ?prefix4] version4 = 4 length4 = 0..32 ; requested or offered prefix length prefix4 = bytes .size 4 ; offered prefix in binary format Prefix and address management for IPv4 is considerably more difficult than for IPv6, due to the prevalence of NAT, ambiguous addresses [RFC1918], and address sharing [RFC6346]. These complexities might require further extending the objective with additional fields that are not defined by this document. 6. Prefix Management Parameters An implementation of a prefix manager MUST include default settings of all necessary parameters. However, within a single administrative domain, the network operator MAY change default parameters for all devices with a certain role. Thus, it would be possible to apply an intended policy for every device in a simple way, without traditional configuration files. As noted in Section 4.1, individual autonomic devices may also change their own behavior dynamically. For example, the network operator could change the default prefix length for each type of role. A prefix management parameters objective, which contains mapping information of device roles and their default prefix lengths, MAY be flooded in the network, through the Autonomic Control Plane (ACP) [RFC8994]. The objective is defined in CDDL as follows: objective = ["PrefixManager.Params", objective-flags, any] loop-count = 0..255 ; as in the GRASP specification objective-flags /= ; as in the GRASP specification The "any" object would be the relevant parameter definitions (such as the example below) transmitted as a CBOR object in an appropriate format. This could be flooded to all nodes, and any PrefixManager ASA that did not receive it for some reason could obtain a copy using GRASP unicast synchronization. Upon receiving the prefix management parameters, every device can decide its default prefix length by matching its own role. 6.1. Example of Prefix Management Parameters The parameters comprise mapping information of device roles and their default prefix lengths in an autonomic domain. For example, suppose an IPRAN (IP Radio Access Network) operator wants to configure the prefix length of a Radio Network Controller Site Gateway (RSG) as 34, the prefix length of an Aggregation Site Gateway (ASG) as 44, and the prefix length of a Cell Site Gateway (CSG) as 56. This could be described in the value of the PrefixManager.Params objective as: [ [["role", "RSG"],["prefix_length", 34]], [["role", "ASG"],["prefix_length", 44]], [["role", "CSG"],["prefix_length", 56]] ] This example is expressed in JSON [RFC8259], which is easy to represent in CBOR. An alternative would be to express the parameters in YANG [RFC7950] using the YANG-to-CBOR mapping [CORE-YANG-CBOR]. For clarity, the background of the example is introduced below and can also be regarded as a use case for the mechanism defined in this document. An IPRAN is used for mobile backhaul, including radio stations, RNCs (Radio Network Controllers) (in 3G) or the packet core (in LTE), and the IP network between them, as shown in Figure 1. The eNB (Evolved Node B) entities, the RNC, the SGW (Serving Gateway), and the MME (Mobility Management Entity) are mobile network entities defined in 3GPP. The CSGs, ASGs, and RSGs are entities defined in the IPRAN solution. The IPRAN topology shown in Figure 1 includes Ring1, which is the circle following ASG1->RSG1->RSG2->ASG2->ASG1; Ring2, following CSG1->ASG1->ASG2->CSG2->CSG1; and Ring3, following CSG3->ASG1->ASG2->CSG3. In a real deployment of an IPRAN, there may be more stations, rings, and routers in the topology, and normally the network is highly dependent on human design and configuration, which is neither flexible nor cost-effective. +------+ +------+ | eNB1 |---| CSG1 |\ +------+ +------+ \ +-------+ +------+ +-------+ | \ | ASG1 |-------| RSG1 |-----------|SGW/MME| | Ring2 +-------+ +------+ \ /+-------+ +------+ +------+ / | | \ / | eNB2 |---| CSG2 | \ / | Ring1 | \/ +------+ +------+ \ Ring3| | /\ / \ | | / \ +------+ +------+ / \ +-------+ +------+/ \+-------+ | eNB3 |---| CSG3 |--------| ASG2 |------| RSG2 |---------| RNC | +------+ +------+ +-------+ +------+ +-------+ Figure 1: IPRAN Topology Example If ANI/GRASP is supported in the IPRAN, the network nodes should be able to negotiate with each other and make some autonomic decisions according to their own status and the information collected from the network. The prefix management parameters should be part of the information they communicate. The routers should know the role of their neighbors, the default prefix length for each type of role, etc. An ASG should be able to request prefixes from an RSG, and a CSG should be able to request prefixes from an ASG. In each request, the ASG/CSG should indicate the required prefix length, or its role, which implies what length it needs by default. 7. Security Considerations Relevant security issues are discussed in [RFC8990]. The preferred security model is that devices are trusted following the secure bootstrap procedure [RFC8995] and that a secure Autonomic Control Plane (ACP) [RFC8994] is in place. It is RECOMMENDED that DHCPv6-PD, if used, should be implemented using DHCPv6 authentication or Secure DHCPv6. 8. IANA Considerations This document defines two new GRASP Objective option names: "PrefixManager" and "PrefixManager.Params". The IANA has added these to the "GRASP Objective Names" registry defined by [RFC8990]. 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", RFC 7950, DOI 10.17487/RFC7950, August 2016, <https://www.rfc-editor.org/info/rfc7950>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange Format", STD 90, RFC 8259, DOI 10.17487/RFC8259, December 2017, <https://www.rfc-editor.org/info/rfc8259>. [RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A., Richardson, M., Jiang, S., Lemon, T., and T. Winters, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 8415, DOI 10.17487/RFC8415, November 2018, <https://www.rfc-editor.org/info/rfc8415>. [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, June 2019, <https://www.rfc-editor.org/info/rfc8610>. [RFC8990] Bormann, C., Carpenter, B., Ed., and B. Liu, Ed., "GeneRic Autonomic Signaling Protocol (GRASP)", RFC 8990, DOI 10.17487/RFC8990, May 2021, <https://www.rfc-editor.org/info/rfc8990>. [RFC8994] Eckert, T., Ed., Behringer, M., Ed., and S. Bjarnason, "An Autonomic Control Plane (ACP)", RFC 8994, DOI 10.17487/RFC8994, May 2021, <https://www.rfc-editor.org/info/rfc8994>. [RFC8995] Pritikin, M., Richardson, M., Eckert, T., Behringer, M., and K. Watsen, "Bootstrapping Remote Secure Key Infrastructure (BRSKI)", RFC 8995, DOI 10.17487/RFC8995, May 2021, <https://www.rfc-editor.org/info/rfc8995>. 9.2. Informative References [CORE-YANG-CBOR] Veillette, M., Ed., Petrov, I., Ed., and A. Pelov, "CBOR Encoding of Data Modeled with YANG", Work in Progress, Internet-Draft, draft-ietf-core-yang-cbor-15, 24 January 2021, <https://tools.ietf.org/html/draft-ietf-core-yang- cbor-15>. [DHCP-YANG-MODEL] Liu, B., Ed., Lou, K., and C. Chen, "Yang Data Model for DHCP Protocol", Work in Progress, Internet-Draft, draft- liu-dhc-dhcp-yang-model-07, 12 October 2018, <https://tools.ietf.org/html/draft-liu-dhc-dhcp-yang- model-07>. [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G. J., and E. Lear, "Address Allocation for Private Internets", BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996, <https://www.rfc-editor.org/info/rfc1918>. [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, DOI 10.17487/RFC2865, June 2000, <https://www.rfc-editor.org/info/rfc2865>. [RFC3046] Patrick, M., "DHCP Relay Agent Information Option", RFC 3046, DOI 10.17487/RFC3046, January 2001, <https://www.rfc-editor.org/info/rfc3046>. [RFC6221] Miles, D., Ed., Ooghe, S., Dec, W., Krishnan, S., and A. Kavanagh, "Lightweight DHCPv6 Relay Agent", RFC 6221, DOI 10.17487/RFC6221, May 2011, <https://www.rfc-editor.org/info/rfc6221>. [RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to the IPv4 Address Shortage", RFC 6346, DOI 10.17487/RFC6346, August 2011, <https://www.rfc-editor.org/info/rfc6346>. [RFC7575] Behringer, M., Pritikin, M., Bjarnason, S., Clemm, A., Carpenter, B., Jiang, S., and L. Ciavaglia, "Autonomic Networking: Definitions and Design Goals", RFC 7575, DOI 10.17487/RFC7575, June 2015, <https://www.rfc-editor.org/info/rfc7575>. [RFC7576] Jiang, S., Carpenter, B., and M. Behringer, "General Gap Analysis for Autonomic Networking", RFC 7576, DOI 10.17487/RFC7576, June 2015, <https://www.rfc-editor.org/info/rfc7576>. [RFC8650] Voit, E., Rahman, R., Nilsen-Nygaard, E., Clemm, A., and A. Bierman, "Dynamic Subscription to YANG Events and Datastores over RESTCONF", RFC 8650, DOI 10.17487/RFC8650, November 2019, <https://www.rfc-editor.org/info/rfc8650>. [RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object Representation (CBOR)", STD 94, RFC 8949, DOI 10.17487/RFC8949, December 2020, <https://www.rfc-editor.org/info/rfc8949>. [RFC8993] Behringer, M., Ed., Carpenter, B., Eckert, T., Ciavaglia, L., and J. Nobre, "A Reference Model for Autonomic Networking", RFC 8993, DOI 10.17487/RFC8993, May 2021, <https://www.rfc-editor.org/info/rfc8993>. Appendix A. Deployment Overview This appendix includes logical deployment models and explanations of the target deployment models. Its purpose is to help in understanding the mechanism described in this document. This appendix includes two subsections: Appendix A.1 for the two most common DHCP deployment models and Appendix A.2 for the PD deployment model described in this document. It should be noted that these are just examples, and there are many more deployment models. A.1. Address and Prefix Management with DHCP Edge DHCP server deployment requires every edge router connecting to a Customer Premises Equipment (CPE) device to be a DHCP server assigning IPv4/IPv6 addresses to CPEs -- and, optionally, IPv6 prefixes via DHCPv6-PD for IPv6-capable CPEs that are routers and have LANs behind them. edge dynamic, "NETCONF/YANG" interfaces <---------------> +-------------+ +------+ <- telemetry | edge router/|-+ ----- +-----+ |config| .... domain ... | DHCP server | | ... | CPE |+ LANs |server| +-------------+ | ----- +-----+| (---| ) +------+ +--------------+ DHCP/ +-----+ DHCPv6-PD Figure 2: DHCP Deployment Model without a Central DHCP Server This requires various coordination functions via some backend system (depicted as the "config server" in Figure 2): the address prefixes on the edge interfaces should be slightly larger than required for the number of CPEs connected so that the overall address space is best used. The config server needs to provision edge interface address prefixes and DHCP parameters for every edge router. If prefixes that are too fine-grained are used, this will result in large routing tables across the domain shown in the figure. If prefixes that are too coarse-grained are used, address space is wasted. (This is less of a concern for IPv6, but if the model includes IPv4, it is a very serious concern.) There is no standard that describes algorithms for how configuration servers would best perform this ongoing dynamic provisioning to optimize routing table size and address space utilization. There are currently no complete YANG data models that a config server could use to perform these actions (including telemetry of assigned addresses from such distributed DHCP servers). For example, a YANG data model for controlling DHCP server operations is still being developed [DHCP-YANG-MODEL]. Due to these and other problems related to the above model, the more common DHCP deployment model is as follows: +------+ edge |config| initial, "CLI" interfaces |server| ----------------> +-------------+ +------+ | edge router/|-+ ----- +-----+ | .... domain ... | DHCP relay | | ... | CPE |+ LANs +------+ +-------------+ | ----- +-----+| (---| ) |DHCP | +--------------+ DHCP/ +-----+ |server| DHCPv6-PD +------+ Figure 3: DHCP Deployment Model with a Central DHCP Server Dynamic provisioning changes to edge routers are avoided by using a central DHCP server and reducing the edge router from DHCP server to DHCP relay. The "configuration" on the edge routers is static. The DHCP relay function inserts an "edge interface" and/or subscriber- identifying options into DHCP requests from CPEs (e.g., [RFC3046] [RFC6221]), and the DHCP server has complete policies for address assignments and prefixes usable on every edge router / interface / subscriber group. When the DHCP relay sees the DHCP reply, it inserts static routes for the assigned address / address prefix into the routing table of the edge router; these routes are then to be distributed by the IGP (or BGP) inside the domain to make the CPE and LANs reachable across the domain shown in the figure. There is no comprehensive standardization of these solutions. For example, [RFC8415], Section 19.1.3 simply refers to "a [non-defined] protocol or other out-of-band communication to configure routing information for delegated prefixes on any router through which the client may forward traffic." A.2. Prefix Management with ANI/GRASP Using the ANI and prefix management ASAs (PM-ASAs) using GRASP, the deployment model is intended to look as follows: |<............ ANI domain / ACP............>| (...) ........-> Roles | v "Edge routers" GRASP parameter +----------+ Network-wide | PM-ASA | downstream parameters/policies | (DHCP | interfaces | |functions)| ------ v "central device" +----------+ +------+ ^ +--------+ |PM-ASA| <............GRASP .... .... | CPE |-+ (LANs) +------+ . v |(PM-ASA)| | ---| . +........+ +----------+ +--------+ | +...........+ . PM-ASA . | PM-ASA | ------ +---------+ .DHCP server. +........+ | (DHCP | SLAAC/ +...........+ "intermediate |functions)| DHCP/DHCP-PD router" +----------+ Figure 4: Deployment Model Using ANI/GRASP The network runs an ANI domain with an ACP [RFC8994] between some central device (e.g., a router or an ANI-enabled management device) and the edge routers. ANI/ACP provides a secure, zero-touch communication channel between the devices and enables the use of GRASP [RFC8990] not only for peer-to-peer communication but also for distribution/flooding. The central devices and edge routers run software in the form of ASAs to support this document's autonomic IPv6 edge prefix management. PM-ASAs as discussed below together comprise the Autonomic Prefix Management Function. Edge routers can have different roles based on the type and number of CPEs attaching to them. Each edge router could be an RSG, ASG, or CSG in mobile aggregation networks (see Section 6.1). Mechanisms outside the scope of this document make routers aware of their roles. Some considerations related to the deployment model are as follows. 1. In a minimum prefix management solution, the central device uses the PrefixManager.Params GRASP objective introduced in this document to disseminate network-wide, per-role parameters to edge routers. The PM-ASA uses the parameters that apply to its own role to locally configure preexisting addressing functions. Because the PM-ASA does not manage the dynamic assignment of actual IPv6 address prefixes in this case, the following options can be considered: 1.a The edge router connects via downstream interfaces to each (host) CPE that requires an address. The PM-ASA sets up for each such interface a DHCP requesting router (according to [RFC8415]) to request an IPv6 prefix for the interface. The router's address on the downstream interface can be another parameter from the GRASP objective. The CPEs assign addresses in the prefix via Router Advertisements (RAs), or the PM-ASA manages a local DHCPv6 server to assign addresses to the CPEs. A central DHCP server acting as the DHCP delegating router (according to [RFC8415]) is required. Its address can be another parameter from the GRASP objective. 1.b The edge router also connects via downstream interfaces to (customer managed) CPEs that are routers and act as DHCPv6 requesting routers. The need to support this could be derived from role or GRASP parameters, and the PM-ASA sets up a DHCP relay function to pass on requests to the central DHCP server as in point 1.a. 2. In a solution without a central DHCP server, the PM-ASA on the edge routers not only learns parameters from PrefixManager.Params but also utilizes GRASP to request/negotiate actual IPv6 prefix delegation via the GRASP PrefixManager objective, as described in more detail below. In the simplest case, these prefixes are delegated via this GRASP objective from the PM-ASA in the central device. This device must be provisioned initially with a large pool of prefixes. The delegated prefixes are then used by the PM-ASA on the edge routers to configure prefixes on their downstream interfaces to assign addresses via RA/SLAAC to host CPEs. The PM-ASA may also start local DHCP servers (as in point 1.a) to assign addresses via DHCP to the CPEs from the prefixes it received. This includes both host CPEs requesting IPv6 addresses and router CPEs that request IPv6 prefixes. The PM-ASA needs to manage the address pool(s) it has requested via GRASP and allocate sub-address pools to interfaces and the local DHCP servers it starts. It needs to monitor the address utilization and accordingly request more address prefixes if its existing prefixes are exhausted, or return address prefixes when they are unneeded. This solution is quite similar to the previous IPv6 DHCP deployment model without a central DHCP server, and ANI/ACP/GRASP and the PM-ASA do provide the automation to make this approach work more easily than is possible today. 3. The address pools from which prefixes are allocated do not all need to be taken from one central location. An edge-router PM-ASA that received a big (short) prefix from a central PM-ASA could offer smaller sub-prefixes to a neighboring edge-router PM-ASA. GRASP could be used in such a way that the PM-ASA would find and select the objective from the closest neighboring PM-ASA, therefore allowing aggregation to be maximized: a PM-ASA would only request further smaller prefixes when it exhausts its own pool (from the central location) and cannot get further large prefixes from that central location anymore. Because the overflow prefixes taken from a topologically nearby PM-ASA, the number of longer prefixes that have to be injected into the routing tables is limited and the topological proximity increases the chances that aggregation of prefixes in the IGP can most likely limit the geography in which the longer prefixes need to be routed. 4. Instead of peer-to-peer optimization of prefix delegation, a hierarchy of PM-ASAs can be built (indicated in Figure 4 via a dotted intermediate router). This would require additional parameters in the PrefixManager objective to allow the creation of a hierarchy of PM-ASAs across which the prefixes can be delegated. 5. In cases where CPEs are also part of the ANI domain (e.g., "managed CPEs"), then GRASP will extend into the actual customer sites and can also run a PM-ASA. All the options described in points 1 to 4 above would then apply to the CPE as the edge router, with the major changes being that (a) a CPE router will most likely not need to run DHCPv6-PD itself, but only DHCP address assignment and (b) the edge routers to which the CPE connects would most likely become ideal places on which to run a hierarchical instance of PD-ASAs, as outlined in point 1. Acknowledgements Valuable comments were received from William Atwood, Fred Baker, Michael Behringer, Ben Campbell, Laurent Ciavaglia, Toerless Eckert, Joel Halpern, Russ Housley, Geoff Huston, Warren Kumari, Dan Romascanu, and Chongfeng Xie. Authors' Addresses Sheng Jiang (editor) Huawei Technologies Co., Ltd Q14, Huawei Campus No. 156 Beiqing Road Hai-Dian District, Beijing 100095 China Email: jiangsheng@huawei.com Zongpeng Du China Mobile 32 Xuanwumen West St Xicheng District, Beijing 100053 China Email: duzongpeng@chinamobile.com Brian Carpenter University of Auckland School of Computer Science PB 92019 Auckland 1142 New Zealand Email: brian.e.carpenter@gmail.com Qiong Sun China Telecom 118 Xizhimennei St Beijing 100035 China Email: sunqiong@chinatelecom.cn