datatracker.ietf.org
Sign in
Version 5.6.3.p2, 2014-09-29
Report a bug

Local Network Protection for IPv6
RFC 4864

Network Working Group                                    G. Van de Velde
Request for Comments: 4864                                       T. Hain
Category: Informational                                         R. Droms
                                                           Cisco Systems
                                                            B. Carpenter
                                                                     IBM
                                                                E. Klein
                                                     Tel Aviv University
                                                                May 2007

                   Local Network Protection for IPv6

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   Although there are many perceived benefits to Network Address
   Translation (NAT), its primary benefit of "amplifying" available
   address space is not needed in IPv6.  In addition to NAT's many
   serious disadvantages, there is a perception that other benefits
   exist, such as a variety of management and security attributes that
   could be useful for an Internet Protocol site.  IPv6 was designed
   with the intention of making NAT unnecessary, and this document shows
   how Local Network Protection (LNP) using IPv6 can provide the same or
   more benefits without the need for address translation.

Van de Velde, et al.         Informational                      [Page 1]
RFC 4864           Local Network Protection for IPv6            May 2007

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Perceived Benefits of NAT and Its Impact on IPv4 . . . . . . .  6
     2.1.  Simple Gateway between Internet and Private Network  . . .  6
     2.2.  Simple Security Due to Stateful Filter Implementation  . .  6
     2.3.  User/Application Tracking  . . . . . . . . . . . . . . . .  7
     2.4.  Privacy and Topology Hiding  . . . . . . . . . . . . . . .  8
     2.5.  Independent Control of Addressing in a Private Network . .  9
     2.6.  Global Address Pool Conservation . . . . . . . . . . . . .  9
     2.7.  Multihoming and Renumbering with NAT . . . . . . . . . . . 10
   3.  Description of the IPv6 Tools  . . . . . . . . . . . . . . . . 11
     3.1.  Privacy Addresses (RFC 3041) . . . . . . . . . . . . . . . 11
     3.2.  Unique Local Addresses . . . . . . . . . . . . . . . . . . 12
     3.3.  DHCPv6 Prefix Delegation . . . . . . . . . . . . . . . . . 13
     3.4.  Untraceable IPv6 Addresses . . . . . . . . . . . . . . . . 13
   4.  Using IPv6 Technology to Provide the Market Perceived
       Benefits of NAT  . . . . . . . . . . . . . . . . . . . . . . . 14
     4.1.  Simple Gateway between Internet and Internal Network . . . 14
     4.2.  IPv6 and Simple Security . . . . . . . . . . . . . . . . . 15
     4.3.  User/Application Tracking  . . . . . . . . . . . . . . . . 17
     4.4.  Privacy and Topology Hiding Using IPv6 . . . . . . . . . . 17
     4.5.  Independent Control of Addressing in a Private Network . . 20
     4.6.  Global Address Pool Conservation . . . . . . . . . . . . . 21
     4.7.  Multihoming and Renumbering  . . . . . . . . . . . . . . . 21
   5.  Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . 22
     5.1.  Medium/Large Private Networks  . . . . . . . . . . . . . . 22
     5.2.  Small Private Networks . . . . . . . . . . . . . . . . . . 24
     5.3.  Single User Connection . . . . . . . . . . . . . . . . . . 25
     5.4.  ISP/Carrier Customer Networks  . . . . . . . . . . . . . . 26
   6.  IPv6 Gap Analysis  . . . . . . . . . . . . . . . . . . . . . . 27
     6.1.  Simple Security  . . . . . . . . . . . . . . . . . . . . . 27
     6.2.  Subnet Topology Masking  . . . . . . . . . . . . . . . . . 28
     6.3.  Minimal Traceability of Privacy Addresses  . . . . . . . . 28
     6.4.  Site Multihoming . . . . . . . . . . . . . . . . . . . . . 28
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 29
   8.  Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 29
   9.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 29
   10. Informative References . . . . . . . . . . . . . . . . . . . . 30
   Appendix A.  Additional Benefits Due to Native IPv6 and
                Universal Unique Addressing . . . . . . . . . . . . . 32
     A.1.  Universal Any-to-Any Connectivity  . . . . . . . . . . . . 32
     A.2.  Auto-Configuration . . . . . . . . . . . . . . . . . . . . 32
     A.3.  Native Multicast Services  . . . . . . . . . . . . . . . . 33
     A.4.  Increased Security Protection  . . . . . . . . . . . . . . 33

[include full document text]