Operations Area T. Chown
Internet-Draft University of Southampton
Expires: April 19, 2004 October 20, 2003
Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks
draft-chown-v6ops-vlan-usage-00
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http://
www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 19, 2004.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
Ethernet VLANs are quite commonly used in enterprise networks for the
purposes of traffic segregation. This document describes how such
VLANs can be readily used to deploy IPv6 networking in an enterprise,
including the most likely scenario of subnets running IPv6 in
parallel with the existing IPv4 subnets in the enterprise. The IPv6
connectivity to the enterprise may or may not enter the site via the
same physical link.
Chown Expires April 19, 2004 [Page 1]
Internet-Draft Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks October 2003
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Enabling IPv6 per subnet . . . . . . . . . . . . . . . . . . . 4
2.1 One VLAN per router interface . . . . . . . . . . . . . . . . 4
2.2 Collapsed VLANs on a single interface . . . . . . . . . . . . 4
2.3 Congruent IPv4 and IPv6 subnets . . . . . . . . . . . . . . . 4
3. Example VLAN topology . . . . . . . . . . . . . . . . . . . . 6
4. Security Considerations . . . . . . . . . . . . . . . . . . . 7
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8
Normative References . . . . . . . . . . . . . . . . . . . . . 9
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 9
Intellectual Property and Copyright Statements . . . . . . . . 10
Chown Expires April 19, 2004 [Page 2]
Internet-Draft Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks October 2003
1. Introduction
Ethernet VLANs are quite commonly used in enterprise networks for the
purposes of traffic segregation. This document describes how such
VLANs can be readily used to deploy IPv6 networking in subnets in an
enterprise, including the most likely scenario of subnets running
IPv6 in parallel with the existing IPv4 subnets in the enterprise.
The IEEE 802.1Q VLAN standard allows separate LANs to be implemented
over a single bridged LAN, by inserting "Virtual LAN" tagging or
membership information into Ethernet frames. Hosts and switches
that support VLANs effectively allow software-based reconfiguration
of LANs through configuration of the tagging parameters. The
software control means it is possible to bring in VLANs from separate
places in the infrastructure without having to physically alter the
wiring between the LAN segments and the IPv6 router.
Many IPv4 enterprise networks will utilise VLAN technology. If such
a site wishes to introduce IPv6, it may do so as described below, by
"overlaying" IPv6 subnets onto existing IPv4 subnets, without needing
any changes to the IPv4 configuration.
The IPv6 connectivity to the enterprise may or may not enter the site
via the same physical link.
Chown Expires April 19, 2004 [Page 3]
Internet-Draft Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks October 2003
2. Enabling IPv6 per subnet
The precise method by which IPv6 would be "injected" into the
existing IPv4 network is implementation specific. The general
principle is that the IPv6 router device (e.g. performing IPv6 Router
Advertisements [1] in the case of stateless autoconfiguration) is
connected to the target subnet through the use of VLAN capable Layer
2 equipment.
2.1 One VLAN per router interface
In one case, an IPv6 router could be set up with an external
interface connecting to the wider IPv6 internet, and any number of
(IPv6-only) interfaces facing the internal network. The external
interface may be dual-stack if some tunnel mechanism is used for
external connectivity, or IPv6-only if a native connection is
available.
By connecting the internal interfaces directly to a VLAN-capable
switch, VLAN tagging on each port of that switch can be used to
create virtual LANs that will carry that traffic internally to IPv6
subnets that may be dispered widely across the internal network.
The internal facing interfaces on the IPv6 edge router may feed other
IPv6 routers over IPv6-only links which in turn inject the IPv6
connectivity (the /64 subnets and associated Router Advertisements)
into the VLANs.
It is not necessary to do VLAN tagging in all cases. On some Layer 3
switches, IPv6 traffic can directly be distributed to specific ports
by adding them to the same protocol-based VLAN (in this case
IPv6-based VLANs).
2.2 Collapsed VLANs on a single interface
Many devices now support VLAN tagging based on virtual interfaces
such that multiple IPv6 VLANs could be assigned from one physical
router interface port. Thus it is possible to use just one router
interface for "aggregated" VLAN trunking from a switch.
2.3 Congruent IPv4 and IPv6 subnets
The VLAN technology can be used to deploy IPv6-only VLANs in an
enterprise network. However most enterprises will be interested in
dual-stack IPv4-IPv6 networking in the early stages of IPv6
deployment.
In such a case the IPv6 connectivity may be injected into the
Chown Expires April 19, 2004 [Page 4]
Internet-Draft Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks October 2003
existing IPv4 VLANs, such that the IPv4 and IPv6 subnets or links are
congruent (i.e. they coincide exactly when superimposed). Such a
method may have desirable administrative properties, e.g. the devices
in each IPv4 subnet will be in the same IPv6 subnets also.
Further, IPv6-only devices may be gradually added into the subnet
without any need to resize the IPv6 subnet (which may hold in effect
an infinite number of hosts in a /64 in contrast to IPv4 where the
subnet size is often relatively limited). The lack of requirement to
periodically resize an IPv6 subnet is a useful administrative
advantage.
Chown Expires April 19, 2004 [Page 5]
Internet-Draft Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks October 2003
3. Example VLAN topology
The following figure shows how a VLAN topology may be used to
introduce IPv6 in an enterprise network.
(Subnet1) (Subnet2) (SubnetN)
\ / |
[Switch1] [SwitchN]
\ /
\ /
( VLAN infrastructure in the enterprise )
|
[ Ethernet switch with VLAN support ]
|
FE/GE w/ VLAN tagging
[ IPv6-router ]
|
( connections to other IPv6 routers or the Internet )
( also possibly the IPv4 connectivity )
Figure 1: IPv6 deployment using VLANs
Chown Expires April 19, 2004 [Page 6]
Internet-Draft Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks October 2003
4. Security Considerations
There are no additional security considerations particular to this
method of enabling IPv6 on a subnet.
Where the IPv6 connectivity is delivered into the enterprise network
by a different path from the IPv4 connectivity, care should be given
that equivalent application of security policy (e.g. firewalling) is
made to the IPv6 path.
Chown Expires April 19, 2004 [Page 7]
Internet-Draft Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks October 2003
5. Acknowledgements
The author would like to thank colleagues on the 6NET project, where
this technique for IPv4-IPv6 coexistence is widely deployed,
including Janos Mohacsi (Hungarnet), Martin Dunmore and Chris Edwards
(Lancaster University), Christian Strauf (JOIN Project, University of
Muenster), Stig Venaas (UNINETT) and Pekka Savola (CSC/FUNET).
Chown Expires April 19, 2004 [Page 8]
Internet-Draft Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks October 2003
Normative References
[1] Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery for
IP Version 6 (IPv6)", RFC 2461, December 1998.
Author's Address
Tim Chown
University of Southampton
Southampton, Hampshire SO17 1BJ
United Kingdom
EMail: tjc@ecs.soton.ac.uk
Chown Expires April 19, 2004 [Page 9]
Internet-Draft Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks October 2003
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
Chown Expires April 19, 2004 [Page 10]
Internet-Draft Use of VLANs for IPv4-IPv6 Coexistence in Enterprise Networks October 2003
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Chown Expires April 19, 2004 [Page 11]