draft-ietf-opsec-lla-only-03.txt   draft-ietf-opsec-lla-only-04.txt 
Operational Security Capabilities for M. Behringer OPsec Working Group M. Behringer
IP Network Infrastructure E. Vyncke Internet-Draft E. Vyncke
Internet-Draft Cisco Intended status: Informational Cisco
Intended status: Informational February 12, 2013 Expires: April 23, 2014 October 20, 2013
Expires: August 16, 2013
Using Only Link-Local Addressing Inside an IPv6 Network Using Only Link-Local Addressing Inside an IPv6 Network
draft-ietf-opsec-lla-only-03 draft-ietf-opsec-lla-only-04
Abstract Abstract
In an IPv6 network it is possible to use only link-local addresses on In an IPv6 network it is possible to use only link-local addresses on
infrastructure links between routers. This document discusses the infrastructure links between routers. This document discusses the
advantages and disadvantages of this approach to help the decision advantages and disadvantages of this approach to help the decision
process for a given network. process for a given network.
Status of this Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 16, 2013. This Internet-Draft will expire on April 23, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . . 3 2. Using Link-Local Address on Infrastructure Links . . . . . . 2
2. Using Link-Local Address on Infrastructure Links . . . . . . . 3 2.1. The Approach . . . . . . . . . . . . . . . . . . . . . . 3
2.1. The Approach . . . . . . . . . . . . . . . . . . . . . . . 3 2.2. Advantages . . . . . . . . . . . . . . . . . . . . . . . 3
2.2. Advantages . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3. Caveats . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.3. Caveats . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.4. Internet Exchange Points . . . . . . . . . . . . . . . . 5
2.4. Internet Exchange Points . . . . . . . . . . . . . . . . . 6 2.5. Summary . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.5. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3. Security Considerations . . . . . . . . . . . . . . . . . . . 7
3. Security Considerations . . . . . . . . . . . . . . . . . . . . 8 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8 6. Informative References . . . . . . . . . . . . . . . . . . . 7
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
6.1. Normative References . . . . . . . . . . . . . . . . . . . 8
6.2. Informative References . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
An infrastructure link between a set of routers typically does not An infrastructure link between a set of routers typically does not
require global or even unique local addressing [RFC4193]. Using require global or even unique local addressing [RFC4193]. Using only
link-local addressing on such links has a number of advantages, for link-local addressing on such links has a number of advantages, for
example that routing tables do not need to carry link addressing, and example that routing tables do not need to carry link addressing, and
can therefore be significantly smaller. This helps to decrease can therefore be significantly smaller. This helps to decrease
failover times in certain routing convergence events. An interface failover times in certain routing convergence events. An interface
of a router is also not reachable beyond the link boundaries, of a router is also not reachable beyond the link boundaries,
therefore reducing the attack horizon. therefore reducing the attack horizon.
We propose to configure neither globally routable IPv6 addresses nor
unique local addresses on infrastructure links of routers, wherever
possible. We recommend to use exclusively link-local addresses on
such links.
This document discusses the advantages and caveats of this approach. This document discusses the advantages and caveats of this approach.
Note: [I-D.ietf-ospf-prefix-hiding] describes another approach for Note: [RFC6860] describes another approach for OPSFv2 and OSPFv3 by
OPSFv2 and OSPFv3 by modifying the existing protocols while this modifying the existing protocols while this document does not modify
document does not modify any protocol but works only for IPv6. any protocol but works only for IPv6.
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC2119 [RFC2119] when
they appear in ALL CAPS. These words may also appear in this
document in lower case as plain English words, absent their normative
meanings.
2. Using Link-Local Address on Infrastructure Links 2. Using Link-Local Address on Infrastructure Links
This document proposes to use only link-local addresses (LLA) on all This document discusses the approach of using only link-local
router interfaces on infrastructure links. Routers typically do not addresses (LLA) on all router interfaces on infrastructure links.
need to be reached from nodes of the network, nor from outside the Routers typically need to receive packets neither from hosts, nor
network. For an network operator there may be reasons to send from nodes outside the network. For an network operator there may be
packets to an infrastructure link for certain monitoring tasks; many reasons to use greater than link-local scope addresses on
of those tasks could also be handled differently, not requiring infrastructure interfaces for certain operational tasks, for example
routable address space on infrastructure links. pings to an interface or traceroutes across the network. This
document discusses such cases and proposes alternative procedures.
2.1. The Approach 2.1. The Approach
Neither global IPv6 addresses nor unique local addresses are Neither global IPv6 addresses nor unique local addresses are
configured on infrastructure links. In the absence of specific configured on infrastructure links. In the absence of specific
global or unique local address definitions, the default behavior of global or unique local address definitions, the default behavior of
routers is to use link-local addresses notably for routing protocols. routers is to use link-local addresses notably for routing protocols.
These link-local addresses SHOULD be hard-coded to prevent the change The sending of ICMPv6 [RFC4443] error messages (packet-too-big, time-
of EUI-64 addresses when changing of MAC address (such as after exceeded...) is required for routers, therefore another interface
changing a network interface card). must be configured with an IPv6 address with a greater scope than
link-local. This will usually be a loopback interface with a global
ICMPv6 [RFC4443] error messages (packet-too-big, time-exceeded...) scope address belonging to the operator and part of an announced
are required for routers, therefore a loopback interface must be prefix (with a suitable prefix length) to avoid being dropped by
configured with an IPv6 address with a greater scope than link-local other routers implementing [RFC3704]. For the remainder of this
(this will usually be a global scope). This greater than link-local document we will refer to this interface as a "loopback interface".
scope IPv6 address must be used as the source IPv6 address for all [RFC6724] mandates that greater than link-local scope IPv6 addresses
generated ICMPv6 messages sent to a non link-local address and must must be used as the source IPv6 address for all generated ICMPv6
belong to the operator and be part of an announced prefix (with a messages sent to a non link-local address.
suitable prefix length) to avoid being dropped by other routers
implementing [RFC3704].
The effect on specific traffic types is as follows: The effect on specific traffic types is as follows:
o Control plane protocols, such as BGP, ISIS, OSPFv3, RIPng, PIM o Control plane protocols, such as BGP [RFC4271], ISIS [IS-IS],
work by default or can be configured to work with link-local OSPFv3 [RFC5340], RIPng [RFC2080], PIM [RFC4609] work by default
addresses. or can be configured to work with link-local addresses.
o Management plane traffic, such as SSH, Telnet, SNMP, ICMP echo o Management plane traffic, such as SSH [RFC4251], Telnet [RFC0495],
request ... can be addressed to loopback addresses of routers with SNMP [RFC1157], and ICMP echo request [RFC4443], can use as
a greater than link-local scope address. Router management can destination address the address of the router loopback interface.
also be done over out-of-band channels. Router management can also be done over out-of-band channels.
o ICMP error message can be sourced from a loopback address. They o ICMP error message can be sourced from a loopback interface. They
must not be sourced from link-local addresses when the destination must not be sourced from link-local addresses when the destination
is non link-local. is non link-local. See [RFC6724].
o Data plane traffic is forwarded independently of the link address o Data plane traffic is forwarded independently of the link address
type. type.
o Neighbor discovery (neighbor solicitation and neighbor o Neighbor discovery (neighbor solicitation and neighbor
advertisement) is done by using link-local unicast and multicast advertisement) is done by using link-local unicast and multicast
addresses, therefore neighbor discovery is not affected. addresses, therefore neighbor discovery is not affected.
We therefore conclude that it is possible to construct a working We therefore conclude that it is possible to construct a working
network in this way. network in this way.
2.2. Advantages 2.2. Advantages
Smaller routing tables: Since the routing protocol only needs to Smaller routing tables: Since the routing protocol only needs to
carry one loopback address per router, it is smaller than in the carry one global address (the loopback interface) per router, it is
traditional approach where every infrastructure link addresses are smaller than the traditional approach where every infrastructure link
carried in the routing protocol. This reduces memory consumption, addresses are carried in the routing protocol. This reduces memory
and increases the convergence speed in some routing failover cases consumption, and increases the convergence speed in some routing
(notably because the Forwarding Information Base to be downloaded to failover cases (notably because the Forwarding Information Base to be
line cards are smaller but also because there are less prefixes in downloaded to line cards is smaller but also because there are less
the Routing Information Base hence accelerating the routing prefixes in the Routing Information Base hence accelerating the
algorithm). Note: smaller routing tables can also be achieved by routing algorithm). Note: smaller routing tables can also be
putting interfaces in passive mode for the IGP. achieved by putting interfaces in passive mode for the IGP.
Reduced attack surface: Every routable address on a router Reduced attack surface: Every routable address on a router
constitutes a potential attack point: a remote attacker can send constitutes a potential attack point: a remote attacker can send
traffic to that address, for example a TCP SYN flood, or he can traffic to that address, for example a TCP SYN flood (see [RFC4987]),
intent SSH brute force password attacks. If a network only uses or can attempt SSH brute force password attacks. If a network only
loopback addresses for the routers, only those loopback addresses uses the addresses of the router loopback interface(s), only those
need to be protected from outside the network. This may ease need to be protected from outside the network. This may ease
protection measures, such as infrastructure access control lists. If protection measures, such as infrastructure access control lists.
the addressing scheme is set up such that all link addresses and all
loopback addresses are aggregatable, and if the infrastructure access
list covers that entire aggregated space, then changing to link-local
addresses does not reduce the attack surface significantly. See also
[I-D.ietf-grow-private-ip-sp-cores] for further discussion on this
topic.
Lower configuration complexity: LLAs require no specific Without using link-local addresses, it is still possible to achieve
configuration (except when they are statically configured), thereby the same result if the network addressing scheme is set up such that
lowering the complexity and size of router configurations. This also all link and loopback interfaces have greater than link-local
reduces the likelihood of configuration mistakes. addresses and are aggregatable, and if the infrastructure access list
covers that entire aggregated space. See also [RFC6752] for further
discussion on this topic.
Simpler DNS: Less routable address space in use also means less DNS Lower configuration complexity: link-local addresses require no
mappings to maintain. specific configuration, thereby lowering the complexity and size of
router configurations. This also reduces the likelihood of
configuration mistakes.
Simpler DNS: Less routable address space in use also means less
reverse and forward mapping DNS resource records to maintain.
2.3. Caveats 2.3. Caveats
Interface ping: If an interface doesn't have a routable address, it Interface ping: if an interface doesn't have a routable address, it
can only be pinged from a node on the same link. Therefore it is not can only be pinged from a node on the same link. Therefore it is not
possible to ping a specific link interface remotely. A possible possible to ping a specific link interface remotely. A possible
workaround is to ping the loopback address of a router instead. In workaround is to ping the loopback address of a router instead. In
most cases today it is not possible to see which link the packet was most cases today it is not possible to see which link the packet was
received on; however, RFC5837 [RFC5837] suggests to include the received on; however, RFC5837 [RFC5837] suggests to include the
interface identifier of the interface a packet was received on in the interface identifier of the interface a packet was received on in the
ICMP response; it must be noted that there are little implemention of ICMP response; it must be noted that there are few implementions of
this ICMP extension. With this approach it would be possible to ping this ICMP extension. With this approach it would be possible to ping
a router on the loopback address, yet see which interface the packet a router on the addresses of loopback interfaces, yet see which
was received on. To check liveliness of a specific interface it may interface the packet was received on. To check liveliness of a
be necessary to use other methods, for example to connect to the specific interface it may be necessary to use other methods, for
router via SSH and to check locally or use SNMP. example to connect to the router via SSH and to check locally or use
SNMP.
Traceroute: Similar to the ping case, a reply to a traceroute packet Traceroute: similar to the ping case, a reply to a traceroute packet
would come from a loopback address with a greater than link-local would come from the address of a loopback interface, and current
address. Today this does not display the specific interface the implementations do not display the specific interface the packets
packets came in on. Also here, RFC5837 [RFC5837] provides a came in on. Also here, RFC5837 [RFC5837] provides a solution.
solution.
Hardware dependency: LLAs are usually EUI-64 based, hence, they Hardware dependency: LLAs are usually EUI-64 based, hence, they
change when the MAC address is changed. This could pose problem in a change when the MAC address is changed. This could pose problem in a
case where the routing neighbor must be configured explicitly (e.g. case where the routing neighbor must be configured explicitly (e.g.
BGP) and a line card needs to be physically replaced hence changing BGP) and a line card needs to be physically replaced hence changing
the EUI-64 LLA and breaking the routing neighborship. But, LLAs can the EUI-64 LLA and breaking the routing neighborship. But, LLAs can
be statically configured such as fe80::1 and fe80::2 which can be be statically configured such as fe80::1 and fe80::2 which can be
used to configure any required static routing neighborship. This used to configure any required static routing neighborship. This
static configuration is similar in complexity to statically static configuration is similar in complexity to statically
configured greater than link-local addresses, however, it is only configured greater than link-local addresses, however, it is only
required where routing peers are explicitly configured. required where routing peers are explicitly configured.
Network Management System (NMS) toolkits: If there is any NMS tool Network Management System (NMS) toolkits: if there is any NMS tool
that makes use of interface IP address of a router to carry out any that makes use of interface IP address of a router to carry out any
of NMS functions, then it would no longer work, if the interface is of NMS functions, then it would no longer work, if the interface is
missing routable address. A possible workaround for such tools is to missing routable address. A possible workaround for such tools is to
use the routable loopback address of the router instead. Most vendor use the routable address of the router loopback interface instead.
implementations allow the specification of the loopback address for Most vendor implementations allow the specification of the address of
SYSLOG, IPfix, SNMP. LLDP (IEEE 802.1AB-2009) runs directly over the loopback interfaces for SYSLOG, IPfix, SNMP. LLDP (IEEE
Ethernet and does not require any IPv6 address so dynamic network 802.1AB-2009) runs directly over Ethernet and does not require any
discovery is not hindered when using LLDP. But, network discovery IPv6 address so dynamic network discovery is not hindered when using
based on NDP cache content will only display the link-local addresses LLDP. But, network discovery based on NDP cache content will only
and not the loopback global address; therefore, network discovery display the link-local addresses and not the addresses of the
should rather be based on the Route Information Base to detect loopback interfaces; therefore, network discovery should rather be
adjacent nodes. based on the Route Information Base to detect adjacent nodes.
MPLS and RSVP-TE [RFC3209] allows establishing MPLS LSP on a path MPLS and RSVP-TE [RFC3209] allows establishing MPLS LSP on a path
that is explicitly identified by a strict sequence of IP prefixes or that is explicitly identified by a strict sequence of IP prefixes or
addresses (each pertaining to an interface or a router on the path). addresses (each pertaining to an interface or a router on the path).
This is commonly used for Fast Re-Route (FRR). However, if an This is commonly used for Fast Re-Route (FRR). However, if an
interface uses only a link-local address, then such LSPs cannot be interface uses only a link-local address, then such LSPs cannot be
established. At the time of writing this document, there is no established. At the time of writing this document, there is no
workaround for this case; therefore where RSVP-TE is being used, the workaround for this case; therefore where RSVP-TE is being used, the
approach proposed in this document does not work. approach described in this document does not work.
2.4. Internet Exchange Points 2.4. Internet Exchange Points
Internet Exchange Points (IXPs) have a special importance in the Internet Exchange Points (IXPs) have a special importance in the
global Internet, because they connect a high number of networks in a global Internet, because they connect a high number of networks in a
single location, and because significant part of Internet traffic single location, and because significant part of Internet traffic
pass through at least one IXP. An IXP with all the service provider pass through at least one IXP. An IXP with all the service provider
nodes requires therefore a very high level of security. The address nodes requires therefore a very high level of security. The address
space used on an IXP is generally known, as it is registered in the space used on an IXP is generally known, as it is registered in the
global Internet Route Registry, or it is easily discoverable through global Internet Route Registry, or it is easily discoverable through
traceroute. The IXP prefix is especially critical, because traceroute. The IXP prefix is especially critical, because
practically all addresses on this prefix are critical systems in the practically all addresses on this prefix are critical systems in the
Internet. Internet.
Apart from general device security guidelines, there are generally Apart from general device security guidelines, there are generally
two additional ways to raise security (see also two additional ways to raise security (see also
[I-D.jdurand-bgp-security]): [I-D.ietf-opsec-bgp-security]):
1. Not to announce the prefix in question, and 1. Not to announce the prefix in question, and
2. To drop all traffic destined to the IXP prefixes from traffic 2. To drop all traffic destined to the IXP prefixes from traffic
from remote locations. from remote locations.
Not announcing the prefix of the IXP however would frequently result Not announcing the prefix of the IXP however would frequently result
in traceroute and similar packets (required for PMTUd) to be dropped in traceroute and similar packets (required for PMTUd) to be dropped
due to uRPF checks. Given that PMTUd is critical, this is generally due to uRPF checks. Given that PMTUd is critical, this is generally
not acceptable. Dropping all external traffic to the IXP prefix is not acceptable. Dropping all external traffic to the IXP prefix is
skipping to change at page 7, line 30 skipping to change at page 6, line 35
As the prefix used in IXP is usually longer than a /48 it is As the prefix used in IXP is usually longer than a /48 it is
frequently dropped by route filters on the Internet having the same frequently dropped by route filters on the Internet having the same
net effect as not announced the prefix. net effect as not announced the prefix.
Using link-local addresses on the IXP may help in this scenario. In Using link-local addresses on the IXP may help in this scenario. In
this case, the generated ICMP packets would be generated from this case, the generated ICMP packets would be generated from
loopback interfaces or from any other interfaces with globally loopback interfaces or from any other interfaces with globally
routable sources without any configuration. However in this case, routable sources without any configuration. However in this case,
each service provider would use his own address space, making a each service provider would use his own address space, making a
generic attack against all devices on the IXP harder. Also all the generic attack against all devices on the IXP harder. Also all the
loopback addresses on the IXP can be discovered by a potential addresses of the loopback interfaces on the IXP can be discovered by
attacker by a simple traceroute; a generic attack is therefore still a potential attacker by a simple traceroute; a generic attack is
possible, but it would require significantly more work. therefore still possible, but it would require more work.
In some cases service providers carry the IXP addresses in their IGP In some cases service providers carry the IXP addresses in their IGP
for certain forms of traffic engineering across multiple exit points. for certain forms of traffic engineering across multiple exit points.
If link local addresses are used, these cannot be used for this If link-local addresses are used, these cannot be used for this
purpose; in this case, the service provider would have to employ purpose; in this case, the service provider would have to employ
other methods of traffic engineering. other methods of traffic engineering.
2.5. Summary If an Internet Exchange Point is using a global prefix registered for
this purpose, a traceroute will indicate whether the trace crosses an
IXP rather than a private interconnect. If link local addressing is
used instead, a traceroute will not provide this distinction.
2.5. Summary
Using link-local addressing only on infrastructure links has a number Using link-local addressing only on infrastructure links has a number
of advantages, such as a smaller routing table size and a reduced of advantages, such as a smaller routing table size and a reduced
attack surface. It also simplifies router configurations. However, attack surface. It also simplifies router configurations. However,
the way certain network management tasks are carried out today has to the way certain network management tasks are carried out today has to
be adapted to provide the same level of detail, for example interface be adapted to provide the same level of detail, for example interface
identifiers in traceroute. identifiers in traceroute.
3. Security Considerations 3. Security Considerations
Using LLAs only on infrastructure links reduces the attack surface of Using LLAs only on infrastructure links reduces the attack surface of
a router: loopback addresses with routed addresses are still a router: addresses of loopback interfaces with routed addresses are
reachable and must be secured, but infrastructure links can only be still reachable and must be secured, but infrastructure links can
attacked from the local link. This simplifies security of control only be attacked from the local link. This simplifies security of
and management planes. The proposal does not impact the security of control and management planes. The approach does not impact the
the data plane. This proposal does not address control plane security of the data plane. This approach does not address control
[RFC6192] attacks generated by data plane packets (such as hop-limit plane [RFC6192] attacks generated by data plane packets (such as hop-
expiration or packets containing a hop-by-hop extension header). limit expiration or packets containing a hop-by-hop extension
header).
As in the traditional approach, this approach relies on the As in the traditional approach, this approach relies on the
assumption that all routers can be trusted due to physical and assumption that all routers can be trusted due to physical and
operational security. operational security.
4. IANA Considerations 4. IANA Considerations
There are no IANA considerations or implications that arise from this There are no IANA considerations or implications that arise from this
document. document.
5. Acknowledgements 5. Acknowledgements
The authors would like to thank Salman Asadullah, Brian Carpenter, The authors would like to thank Salman Asadullah, Brian Carpenter,
Benoit Claise, Simon Eng, Wes George, Janos Mohacsi, Alvaro Retana, Benoit Claise, Rama Darbha, Simon Eng, Wes George, Fernando Gont,
Ivan Pepelnjak, and Harald Michl for their useful comments about this Harald Michl, Janos Mohacsi, Alvaro Retana and Ivan Pepelnjak for
work. their useful comments about this work.
6. References 6. Informative References
6.1. Normative References [I-D.ietf-opsec-bgp-security]
Durand, J., Pepelnjak, I., and G. Doering, "BGP operations
and security", draft-ietf-opsec-bgp-security-01 (work in
progress), July 2013.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [IS-IS] ISO/IEC 10589, ., "Intermediate System to Intermediate
Requirement Levels", BCP 14, RFC 2119, March 1997. System Intra-Domain Routing Exchange Protocol for use in
Conjunction with the Protocol for Providing the
Connectionless-mode Network Service (ISO 8473)", June
1992.
6.2. Informative References [RFC0495] McKenzie, A., "Telnet Protocol specifications", RFC 495,
May 1973.
[I-D.ietf-grow-private-ip-sp-cores] [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
Kirkham, A., "Issues with Private IP Addressing in the RFC 792, September 1981.
Internet", draft-ietf-grow-private-ip-sp-cores-07 (work in
progress), July 2012.
[I-D.ietf-ospf-prefix-hiding] [RFC1157] Case, J., Fedor, M., Schoffstall, M., and J. Davin,
Yang, Y., Retana, A., and A. Roy, "Hiding Transit-only "Simple Network Management Protocol (SNMP)", STD 15, RFC
Networks in OSPF", draft-ietf-ospf-prefix-hiding-07 (work 1157, May 1990.
in progress), December 2012.
[I-D.jdurand-bgp-security] [RFC2080] Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080,
Durand, J., Pepelnjak, I., and G. Doering, "BGP operations January 1997.
and security", draft-jdurand-bgp-security-02 (work in
progress), September 2012.
[RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V., [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V.,
and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP
Tunnels", RFC 3209, December 2001. Tunnels", RFC 3209, December 2001.
[RFC3704] Baker, F. and P. Savola, "Ingress Filtering for Multihomed [RFC3704] Baker, F. and P. Savola, "Ingress Filtering for Multihomed
Networks", BCP 84, RFC 3704, March 2004. Networks", BCP 84, RFC 3704, March 2004.
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", RFC 4193, October 2005. Addresses", RFC 4193, October 2005.
[RFC4251] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH)
Protocol Architecture", RFC 4251, January 2006.
[RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway
Protocol 4 (BGP-4)", RFC 4271, January 2006.
[RFC4443] Conta, A., Deering, S., and M. Gupta, "Internet Control [RFC4443] Conta, A., Deering, S., and M. Gupta, "Internet Control
Message Protocol (ICMPv6) for the Internet Protocol Message Protocol (ICMPv6) for the Internet Protocol
Version 6 (IPv6) Specification", RFC 4443, March 2006. Version 6 (IPv6) Specification", RFC 4443, March 2006.
[RFC4609] Savola, P., Lehtonen, R., and D. Meyer, "Protocol
Independent Multicast - Sparse Mode (PIM-SM) Multicast
Routing Security Issues and Enhancements", RFC 4609,
October 2006.
[RFC4987] Eddy, W., "TCP SYN Flooding Attacks and Common
Mitigations", RFC 4987, August 2007.
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", RFC 5340, July 2008.
[RFC5837] Atlas, A., Bonica, R., Pignataro, C., Shen, N., and JR. [RFC5837] Atlas, A., Bonica, R., Pignataro, C., Shen, N., and JR.
Rivers, "Extending ICMP for Interface and Next-Hop Rivers, "Extending ICMP for Interface and Next-Hop
Identification", RFC 5837, April 2010. Identification", RFC 5837, April 2010.
[RFC6192] Dugal, D., Pignataro, C., and R. Dunn, "Protecting the [RFC6192] Dugal, D., Pignataro, C., and R. Dunn, "Protecting the
Router Control Plane", RFC 6192, March 2011. Router Control Plane", RFC 6192, March 2011.
[RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown,
"Default Address Selection for Internet Protocol Version 6
(IPv6)", RFC 6724, September 2012.
[RFC6752] Kirkham, A., "Issues with Private IP Addressing in the
Internet", RFC 6752, September 2012.
[RFC6860] Yang, Y., Retana, A., and A. Roy, "Hiding Transit-Only
Networks in OSPF", RFC 6860, January 2013.
Authors' Addresses Authors' Addresses
Michael Behringer Michael Behringer
Cisco Cisco
Building D, 45 Allee des Ormes Building D, 45 Allee des Ormes
Mougins, 06250 Mougins 06250
France France
Email: mbehring@cisco.com Email: mbehring@cisco.com
Eric Vyncke Eric Vyncke
Cisco Cisco
De Kleetlaan, 6A De Kleetlaan, 6A
Diegem, 1831 Diegem 1831
Belgium Belgium
Email: evyncke@cisco.com Email: evyncke@cisco.com
 End of changes. 45 change blocks. 
152 lines changed or deleted 168 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/