]> Juniper Networks

United States of America rbonica@juniper.net

INT 6man IPv6 This document deprecates the IPv6 Router Alert option. Protocols that use the IPv6 Router Alert option may continue to do so, even in future versions. However, new protocols that are standardized in the future must not use the IPv6 Router Alert option. This document updates RFC 2711.

Introduction In IPv6 , optional internet-layer information is encoded in separate headers that may be placed between the IPv6 header and the upper-layer header in a packet. There is a small number of such extension headers, each one identified by a distinct Next Header value. One of these extension headers is called the Hop-by-Hop Options header. The Hop-by-Hop Options header is used to carry optional information that may be examined and processed by every node along a packet's delivery path. The Hop-by-Hop Options header can carry one or more options. Among these is the IPv6 Router Alert option . The IPv6 Router Alert option provides a mechanism whereby routers can know when to intercept datagrams not addressed to them without having to extensively examine every datagram. The semantic of the IPv6 Router Alert option is that "routers should examine this datagram more closely". Excluding this option tells the router that there is no need to examine this datagram more closely. As explained below, the IPv6 Router Alert option introduces many issues. This document updates . Implementers of protocols that continue to use the IPv6 Router Alert option can continue to reference for IPv6 Router Alert option details.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Issues Associated with the IPv6 Router Alert Option identifies security considerations associated with the IPv6 Router Alert option. In a nutshell, the IP Router Alert Option does not provide a universal mechanism to accurately and reliably distinguish between IP Router Alert packets of interest and unwanted IP Router Alerts. This creates a security concern because, short of appropriate router-implementation-specific mechanisms, the router's control plane is at risk of being flooded by unwanted traffic. demonstrates how a network operator can deploy Access Control Lists (ACLs) that protect the control plane from DoS attacks. These ACLs are effective and efficient when they select packets based upon information that can be found in a fixed position. However, they become less effective and less efficient when they must parse a Hop-by-Hop Options header, searching for the IPv6 Router Alert option. Network operators can address the security considerations raised in by:

• Deploying the operationally complex and computationally expensive ACLs described in .
• Configuring their routers to ignore the IPv6 Router Alert option.
• Dropping or severely rate limiting packets that contain the Hop-by-Hop Options header at the network edge.

These options become less viable as protocol designers continue to design protocols that use the IPv6 Router Alert option. seeks to eliminate hop-by-hop processing on the control plane. However, because of its unique function, the IPv6 Router Alert option is granted an exception to this rule. One approach would be to deprecate the IPv6 Router Alert option, because current usage beyond the local network appears to be limited and packets containing Hop-by-Hop options are frequently dropped. Deprecation would allow current implementations to continue using it, but its use could be phased out over time.

Deprecation of the IPv6 Router Alert Option This document deprecates the IPv6 Router Alert option. Protocols that use the IPv6 Router Alert option MAY continue to do so, even in future versions. However, new protocols that are standardized in the future MUST NOT use the IPv6 Router Alert option. contains an exhaustive list of protocols that MAY continue to use the IPv6 Router Alert option. This document updates .

Future Work A number of protocols use the IPv6 Router Alert option; these are listed in . The only protocols in that have widespread deployment are Multicast Listener Discovery Version 2 (MLDv2) and Multicast Router Discovery (MRD) . The other protocols either have limited deployment, are experimental, or have no known implementation. It is left for future work to develop new versions of MLDv2 and MRD that do not rely on the IPv6 Router Alert option. That task is out of scope for this document.

Security Considerations This document mitigates all security considerations associated with the IPv6 Router Alert option. These security considerations can be found in , , and .

IANA Considerations IANA has marked the IPv6 Router Alert option as "DEPRECATED for New Protocols" in the "Destination Options and Hop-by-Hop Options" registry and added this document as a reference. IANA has also made a note in the "IPv6 Router Alert Option Values" registry stating that the registry is closed for allocations and added a reference to this document. The experimental codepoints in this registry have been changed to "Reserved" (i.e., they are no longer available for experimentation).

References Normative References Informative References

Protocols That Use the IPv6 Router Alert Option contains an exhaustive list of protocols that use the IPv6 Router Alert option. There are no known IPv6 implementations of MPLS Ping. Neither Integrated Services (Intserv) nor Next Steps in Signaling (NSIS) are widely deployed. All NSIS protocols are experimental. Pragmatic Generic Multicast (PGM) is experimental, and there are no known IPv6 implementations. Protocols That Use the IPv6 Router Alert Option

Protocol	References	Application
Multicast Listener Discovery Version 2 (MLDv2)		IPv6 Multicast
Multicast Router Discovery (MRD)		IPv6 Multicast
Pragmatic General Multicast (PGM)		IPv6 Multicast
MPLS Ping (Use of the IPv6 Router Alert option is deprecated)		MPLS Operations, Administration, and Maintenance (OAM)
Resource Reservation Protocol (RSVP): Both IPv4 and IPv6 implementations		Integrated Services (Intserv) and Multiprotocol Label Switching (MPLS)
Next Steps in Signaling (NSIS)		NSIS

Acknowledgements Thanks to , , , , , , and for their reviews of this document.