v6ops                                                  V. Kuarsingh, Ed.
Internet-Draft                                     Rogers Communications
Intended status: Informational                                 L. Howard
Expires: May 30, 2012                                  Time Warner Cable
                                                       November 27, 2011

                       Wireline Incremental IPv6


   Operators worldwide are in various stages of preparing for, or
   deploying IPv6 into their networks.  The operators often face
   challenges related to both IPv6 introduction along with a growing
   risk of IPv4 run out within their organizations.  The overall problem
   for many operators will be to meet the simultaneous needs of IPv6
   connectivity and continue support for IPv4 connectivity for legacy
   devices and systems with a depleting supply of IPv4 addresses.  The
   overall transition will take most networks from an IPv4-Only
   environment to a dual stack network environment and potentially an
   IPv6-Only operating mode.  This document helps provide a framework
   for Wireline providers who may be faced with many of these challenges
   as they consider what IPv6 transition technologies to use, how to use
   the selected technologies and when to use them.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on May 30, 2012.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Kuarsingh & Howard        Expires May 30, 2012                  [Page 1]

Internet-Draft          Wireline Incremental IPv6          November 2011

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Kuarsingh & Howard        Expires May 30, 2012                  [Page 2]

Internet-Draft          Wireline Incremental IPv6          November 2011

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.  Operator Assumptions . . . . . . . . . . . . . . . . . . . . .  4
   3.  Reasons and Considerations for a Phased Approach . . . . . . .  5
     3.1.  Relevance of IPv6 and IPv4 . . . . . . . . . . . . . . . .  5
     3.2.  IPv4 Resource Challenges . . . . . . . . . . . . . . . . .  6
     3.3.  IPv6 Introduction and Maturity . . . . . . . . . . . . . .  6
     3.4.  Service Management . . . . . . . . . . . . . . . . . . . .  7
     3.5.  Sub-Optimal Operation of Transition Technologies . . . . .  7
   4.  IPv6 Transition Technology Analysis  . . . . . . . . . . . . .  8
     4.1.  Automatic Tunnelling using 6to4 and Teredo . . . . . . . .  8
     4.2.  Carrier Grade NAT (NAT444) . . . . . . . . . . . . . . . .  8
     4.3.  6RD  . . . . . . . . . . . . . . . . . . . . . . . . . . .  9
     4.4.  Native Dual Stack  . . . . . . . . . . . . . . . . . . . .  9
     4.5.  DS-Lite  . . . . . . . . . . . . . . . . . . . . . . . . . 10
     4.6.  NAT64  . . . . . . . . . . . . . . . . . . . . . . . . . . 10
   5.  IPv6 Transition Phases . . . . . . . . . . . . . . . . . . . . 11
     5.1.  Phase 0 - Foundation . . . . . . . . . . . . . . . . . . . 11
       5.1.1.  Phase 0 - Foundation: Training . . . . . . . . . . . . 11
       5.1.2.  Phase 0 - Foundation: Routing  . . . . . . . . . . . . 12
       5.1.3.  Phase 0 - Foundation: Network Policy and Security  . . 12
       5.1.4.  Phase 0 - Foundation: Transition Architecture  . . . . 12
       5.1.5.  Phase 0- Foundation: Tools and Management  . . . . . . 13
     5.2.  Phase 1 - Tunnelled IPv6 . . . . . . . . . . . . . . . . . 13
       5.2.1.  6RD Deployment Considerations  . . . . . . . . . . . . 14
     5.3.  Phase 2: Native Dual Stack . . . . . . . . . . . . . . . . 16
       5.3.1.  Native Dual Stack Deployment Considerations  . . . . . 16
     5.4.  Intermediate Phase for CGN . . . . . . . . . . . . . . . . 17
       5.4.1.  CGN Deployment Considerations  . . . . . . . . . . . . 18
     5.5.  Phase 3 - Tunnelled IPv4 . . . . . . . . . . . . . . . . . 19
       5.5.1.  DS-Lite Deployment Considerations  . . . . . . . . . . 20
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 21
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 21
   8.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 21
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 21
     9.1.  Normative References . . . . . . . . . . . . . . . . . . . 21
     9.2.  Informative References . . . . . . . . . . . . . . . . . . 21
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 23

Kuarsingh & Howard        Expires May 30, 2012                  [Page 3]

Internet-Draft          Wireline Incremental IPv6          November 2011

1.  Introduction

   This draft sets out to help wireline operators in planning their IPv6
   deployments, while ensuring continued support for IPv6-incapable
   consumer devices and applications.  We will identify which
   technologies can be used incrementally to transition from IPv4-only
   to an efficient IPv6/IPv4 dual stack environment.  Some plans may
   also include IPv6-Only end state targets, but there is not clear
   consensus on how long IPv4 support is required, and IPv6-Only
   generally means withdrawing IPv4 mechanisms.  Although no single plan
   will work for for all operators, options listed herein provide a
   baseline which can be included in many plans.

   This draft is intended for wireline environments including Cable, DSL
   and/or Fibre as the access method to the end consumer.  This draft
   also attempts to follow the methodologies set out in [I-D.ietf-v6ops-
   v4v6tran-framework] to identify how the technologies can be used
   individually and in combination.  This document also attempts to
   follow the principles laid out in [RFC6180] which provides guidance
   on using IPv6 transition mechanisms.  This document will show how
   well defined technologies such as 6RD [RFC5969], DS-Lite [RFC6333]
   and Carrier Grade NAT (NAT44 without tunnelling as distinct from DS-
   Lite) used with native dual stack to deliver effective IPv4 and IPv6
   services in an evolving wireline network.

2.  Operator Assumptions

   For the purposes of this document, assume:

      - The operator is considering deploying IPv6

      - The operator has a legacy IPv4 customer base which will continue
      to exist

      - The operator will want to minimize the level of disruption to
      the existing and new customers by minimizing number of
      technologies and functions that are needed to mediate any given
      set of customer flows (overall preference for Native IP flows)

      - The operator is able to run Dual Stack on their own core network
      and to transition their own services to support IPv6

   Based on these assumptions, an operator will want to use technologies
   which minimize the number of flows being tunnelled, translated or
   intercepted at any given time.  Technology selections would be made
   to manage the non dominant flows and allow Native IP routing (IPv4
   and/or IPv6) for the dominant traffic.  This allows the operator to

Kuarsingh & Howard        Expires May 30, 2012                  [Page 4]

Internet-Draft          Wireline Incremental IPv6          November 2011

   minimize the cost of IPv6 transition technologies by containing the
   scale required by the relevant systems.

3.  Reasons and Considerations for a Phased Approach

   When faced with the challenges described in the Introduction,
   operators may need to consider a phased approach when adding IPv6 to
   an existing IPv4 service.  A phased approach addresses many

      - IPv4 exhaustion may occur long before most traffic is able to
      delivered over IPv6

      - IPv6 will pose operational challenges, since much of the
      software, and in some cases the hardware to run it at scale, will
      be new.  Further, the operational processes will be relatively new

      - Connectivity modes will move from single stack to dual stack in
      the Home Changing functional behaviours in the home network add
      complexity to user support

   These challenges will likely occur over time which means the
   operator's plans need to address the every changing requirements of
   the network and customer demand.  The following few sections
   highlight some of the key reasons why a phased approach to IPv6
   transition may be warranted and desired.

   Although phases will be presented in this document, not all operators
   may need to enable each desecrate phase.  It is possible that
   characteristics in individual networks may allow certain operators to
   skip various phases.

3.1.  Relevance of IPv6 and IPv4

   Over the next few years, both IPv4 and IPv6 will play a role in the
   Internet experience.  Many customers use older operating systems and
   hardware which support IPv4-Only.  Internet customers don't buy IPv4
   or IPv6 connections, they buy Internet connections, which demands the
   need to support both IPv4 and IPv6 for as long at the customer's home
   network demands such support.

   The Internet is made of of many interconnecting systems, networks,
   hardware, software and content sources - all of which will move to
   IPv6 at different rates.  The Operator's mandate during this time of
   transition will be to support connectivity to both IPv6 and IPv4
   through various technological means.  The operator may be able to
   leverage one or the other protocol to help bridge connectivity, but

Kuarsingh & Howard        Expires May 30, 2012                  [Page 5]

Internet-Draft          Wireline Incremental IPv6          November 2011

   the home network will demand both IPv4 and IPv6 for some time.

3.2.  IPv4 Resource Challenges

   Since connectivity to IPv4-Only endpoints and/or content will remain
   common, IPv4 resource challenges are of key concern to operators.
   The lack of new IPv4 addressees for additional endpoints means that
   growth in demand of IPv4 connections in some networks will be based
   on address sharing.

   Networks are growing at different rates based on emerging markets
   and/or proliferation of Internet based services and endpoints: growth
   on the Internet will continue.  IPv4 address constraints will likely
   affect many if not most operators at some point.  IPv4 exhaustion is
   a primary consideration for technologies which rely on IPv4 to supply
   IPv6 services, such as 6RD.  Also, if Native Dual Stack is considered
   by the operator, challenges on the IPv4 path is also of concern.

   Some operators may be able to reclaim some IPv4 addresses through
   efficiency in the network and replacement of globally-unique IPv4
   assignments with private addresses [RFC1918].  These measures are
   tactical and do not support a longer term strategic option.  The lack
   of new IPv4 addresses will therefore force operators to support some
   form of IPv4 address sharing and may impact technological options for
   transition once the operator runs out of new IPv4 addresses for

3.3.  IPv6 Introduction and Maturity

   The introduction of IPv6 will require the operationalization of IPv6.
   The IPv4 environment we have today was built over many years and
   matured by experience.  Although many of these experiences are
   transferable from IPv4 to IPv6, new experience specific to IPv6 will
   be needed.

   Engineering and Operational staff will need to develop experience
   with IPv6.  Inexperience may lead to instability, and Operators
   should consider this when selecting technologies for early
   transition.  Operators may not want to subject their mature IPv4
   service to a "new IPv6" path initially while it may be going through
   growing pains.  DS-Lite is one such technology, which requires IPv6
   to support IPv4.

   Further, some of these technologies are new and require refinement
   within running code and support.  Deployment experience may be needed
   to expose bugs and stabilize software in production environments.
   Many supporting systems are also under development and have newly
   developed IPv6 functionality including vendor implementations of

Kuarsingh & Howard        Expires May 30, 2012                  [Page 6]

Internet-Draft          Wireline Incremental IPv6          November 2011

   DHCPv6, Management Tools, Monitoring Systems, Diagnostic systems,
   along with other systems.

   Although the base technological capabilities exist to enable and run
   IPv6 in most environments, it may not be as robust as IPv4, and until
   such time as each key technical member of an operator's organization
   can identify IPv6, understand its relevance to the IP Service
   offering, how it operates and how to troubleshoot it - it's still

3.4.  Service Management

   Services are managed within most networks and are often based on the
   gleaning and monitoring of IPv4 addresses.  Operators will need to
   address such management tools, troubleshooting methods and storage
   facilities (such as databases) to deal with not just a new address
   type containing 128-bits, but often both IPv4 and IPv6 at the same
   time.  Examination of address type, and recording CIDR blocks instead
   of single addresses, may require additional development.

   With any Dual Stack service - whether Native, 6RD based, DS-Lite
   based or otherwise - two address families need to be managed
   simultaneously to help provide for the full Internet experience.  In
   the early transition phases, it's quite likely that many systems will
   be missed and that IPv6 services will go un-monitored and impairments

   These issues may be of consideration when selecting technologies
   which require IPv6 as the base protocol to delivery IPv4.
   Instability on the IPv6 service in such case would impact IPv4

3.5.  Sub-Optimal Operation of Transition Technologies

   When considering native dual-stack versus a transition technology,
   note that native paths are well understood and networks are optimized
   to send traffic efficiently.  Transition technologies may alter the
   normal path of traffic.  Tunnel servers or translation relays may not
   be located on the shortest path, may increase latency, and may add a
   single point of failure.

   To minimize risk, an operator should use transition technologies for
   the lesser-used address family.  During earlier phases of transition,
   IPv6 traffic volumes may be lower, so tunnelling of IPv6 traffic may
   be reasonable.  Over time, these traffic volumes will increase,
   raising the benefits of native delivery of this traffic.  Then, as
   IPv4 content diminishes, translation and tunnelling of IPv4 may be

Kuarsingh & Howard        Expires May 30, 2012                  [Page 7]

Internet-Draft          Wireline Incremental IPv6          November 2011

   When IPv6 tunnelling is used, an operator may not want to enable IPv6
   for their services, especially high traffic services.  Likewise, when
   CGN is deployed, the operation may wish to promote IPv6 access.

4.  IPv6 Transition Technology Analysis

   Operators should understand the main transition technologies for IPv6
   deployment and IPv4 runout.  This draft provides a brief description
   of some of the mainstream options.  This analysis is focused on the
   applicability of technologies to deliver residential services and
   less focused on commercial access or infrastructure support.

   The technologies in focus for this document are targeted on those
   commercially available and in deployment.

4.1.  Automatic Tunnelling using 6to4 and Teredo

   Even when operators may not be actively deploying IPv6, automatic
   mechanisms exist on customer operating systems and hardware .  Such
   technologies include 6to4 [RFC3056] which is most commonly used with
   anycast relays [RFC3068].  Teredo [RFC4380] is also used widely by
   many Internet hosts.

   Documents such as [RFC6343] have been written to help operators
   understand observed problems and provide guidelines on how to manage
   such protocols.  An Operator may want to provide local relays for
   6to4 and/or Teredo to help improve the protocol's performance for
   ambient traffic utilizing these IPv6 connectivity methods.
   Experiences such as those described in [I-D.jjmb-v6ops-comcast-ipv6-
   experiences] show that local relays have proved beneficial to 6to4
   protocol performance.

   Operators should also be aware of breakage cases for 6to4 if non-
   RFC1918 address are used for CGN zones.  Many off the shelf CPEs and
   operating systems may turn on 6to4 without a valid return path to the
   originating (local) host.  This particular use is likely to occur if
   any space other than [RFC1918] is used, including Shared CGN Space[I-
   D.weil-shared-transition-space-request] or space registered to
   another organization (squatted space).  The operator can use 6to4-PMT
   [I-D.kuarsingh-v6ops-6to4-provider-managed-tunnel] or attempt to
   block 6to4 operation entirely by blocking 2002::/16 at its edges.

4.2.  Carrier Grade NAT (NAT444)

   Carrier Grade NAT (GGN), specifically as deployed in a NAT444
   scenario [I-D.ietf-behave-lsn-requirements], may prove beneficial for
   those operators who offer Dual Stack services to customer endpoints

Kuarsingh & Howard        Expires May 30, 2012                  [Page 8]

Internet-Draft          Wireline Incremental IPv6          November 2011

   once they exhaust their pools of IPv4 addresses.  CGNs, and address
   sharing overall, are known to cause certain challenges for the IPv4
   service [RFC6269], but will often be necessary for a time.

   In a network where IPv4 address availability is low, CGN may provide
   continued access to IPv4 endpoints.  Other technologies (4rd, IVI)
   may also be used in place of the NAT444 model with CGN.  Some of the
   advantages of using CGN include the similarities in provisioning and
   activation of IPv4 hosts within a network and operational procedures
   in managing such hosts or CPEs (i.e.  DHCPv6, DNSv4, TFTP, TR-069

   When considered in the overall IPv6 transition, CGN may play a vital
   role in the delivery of Internet services.

4.3.  6RD

   6RD [RFC5969] does provide a quick and effective way to deliver IPv6
   services to customers who do not yet support Native. 6RD provides
   tunnelled connectivity for IPv6 over the existing IPv4 path.  As the
   access edge is upgraded and customer premise equipment is replaced,
   6RD can be superseded by Native IPv6 access. 6RD can be delivered
   along with CGN, but then no traffic would be native; all traffic
   would be intermediated.

   6RD may also be advantageous during the early transition while IPv6
   traffic volumes are low.  During this period, the operator can gain
   experience with IPv6 on the core and improve their peering framework
   to match those of the IPv4 service. 6RD scales easily by adding
   relays.  As IPv6 traffic volume grows, the operator can gradually
   replace 6RD with native IPv6.

   6RD client support is required, but most currently deployed CPEs do
   not have 6RD client functionality built into them and may not be
   upgradable. 6RD deployments would most likely require the replacement
   of the home CPE.  An advantage of this technology over DS-Lite is
   that the WAN side interface does not need to implement IPv6 to
   function correctly which may make it easier to deploy to field
   hardware which is restricted in memory footprint, processing power
   and storage space. 6RD will also require parameter configuration
   which can be powered by the operator through DHCPv4, manually
   provisioned on the CPE or automatically through some other means.
   Manual provisioning would likely limit deployment scale.

4.4.  Native Dual Stack

   Native Dual Stack is often referred to as the "Gold Standard" of IPv6
   and IPv4 delivery.  It is a method of service delivery which is

Kuarsingh & Howard        Expires May 30, 2012                  [Page 9]

Internet-Draft          Wireline Incremental IPv6          November 2011

   already used in many existing IPv6 deployments.  Native Dual Stack
   does however require that Native IPv6 be delivered to the customer
   premise.  This technology option is desirable in many cases and can
   be used immediately if the access network and customer premise
   equipment supports Native IPv6 to the operator's access network.

   An operator who runs out of IPv4 addresses to assign to customers
   will not be able to provide Native Dual Stack.  For a sub-set of the
   IPv6 Native Customers, operators may include IPv4 through a CGN.

   Delivering Native Dual Stack would require the operator's core and
   access network support IPv6.  Additionally, other systems like
   DHCPv6, DNS, and diagnostic/management facilities need to be upgraded
   to support IPv6.  The upgrade of such systems may often not be

4.5.  DS-Lite

   Dual-Stack Lite (DS-Lite, [RFC6333]) provides IPv4 services to
   customer networks which are only addressed with IPv6.  DS-Lite
   provides tunnelled connectivity for IPv4 over an IPv6 path between
   the customer's network device and a provider managed gateway (AFTR).

   DS-Lite can only be used where there is native IPv6 connectivity
   between the AFTR and the customer premise endpoint.  This may mean
   that the technology's use may not be viable during early transition.
   The operator may also not want to subject the customers' IPv4
   connection to the IPv6 path.  The provider may also want to make sure
   that most of their internal services, and external content is
   available over IPv6 before deploying DS-Lite.  This would lower the
   overall load on the AFTR devices helping reduce.

   By sharing IPv4 addresses among multiple endpoints, like a CGN, DS-
   Lite can facilitate continued growth of IPv4 services even at runout.
   There are some functional considerations

   Similar to 6RD, DS-Lite requires client support on the CPE to
   function.  Client functionality is likely to be more prevalent in the
   future as IPv6 capable (WAN side) CPEs begin to penetrate the market.
   This includes both retail and operator provided gateways.

4.6.  NAT64

   NAT64 [RFC6146] provides the ability to connect IPv6-Only connected
   clients and hosts to IPv4 Servers (or other like hosts).  NAT64
   requires that the host and home network supports IPv6-Only modes of
   operation.  This type of environment is not considered typical in

Kuarsingh & Howard        Expires May 30, 2012                 [Page 10]

Internet-Draft          Wireline Incremental IPv6          November 2011

   most traditional Wireline connections.

   In the future, NAT64 may become more viable for Wireline providers as
   home networking environments support IPv6-Only.  In the meantime, DS-
   Lite provides in-home IPv4 services over an IPv6-Only network (WAN).

5.  IPv6 Transition Phases

   The Phases described in this document are not provided as a rigid set
   of steps, but are considered a guideline which should be analyzed by
   an operator planning their IPv6 transition.  Operators may choose to
   skip steps based on technological capabilities within their specific

   The phases are based on an expectation that IPv6 traffic volume will
   initially be low, and operator staff will gain experience with IPv6
   over time.  As volume of IPv6 increases, IPv4 traffic volume will
   correspondingly decrease, until IPv6 is predominant.  For each phase,
   the predominant address family should be native, while mediation
   (tunnelling or translation) may be acceptable for the smaller traffic

   Additional guidance and information on utilizing IPv6 transition
   mechanisms can be found in [RFC6180].  Also, guidance on incremental
   CGN for IPv6 transition can also be found in [RFC6264].

5.1.  Phase 0 - Foundation

5.1.1.  Phase 0 - Foundation: Training

   Training is one of the most important steps in preparing an
   organization to support IPv6.  Most people have little experience
   with IPv6, and many do not even have a solid grounding in IPv4.
   Since there are likely to be challenges with implementing IPv6 - due
   to immature code on hardware, and the evolution of many applications
   and systems to support IPv6 - organizations must train their staff on

   Training should also be provided within reasonable timelines from
   actual IPv6 deployment.  This means the operator needs to plan in
   advance as they train the various parts of their organization.  New
   Technology and Engineering staff often receive little training
   because of their depth of knowledge, but must at least be provided
   opportunities to read documentation, architectural white papers, and
   RFCs.  Operations staff who support the network and other systems
   need to be trained closer to the deployment timeframes, so they
   immediately use their new-found knowledge before forgetting.

Kuarsingh & Howard        Expires May 30, 2012                 [Page 11]

Internet-Draft          Wireline Incremental IPv6          November 2011

   Customer support staff would require much more basic, but large scale
   training as many organizations have massive call centres to support
   the customer base.

5.1.2.  Phase 0 - Foundation: Routing

   The network infrastructure will need to be in place to support IPv6.
   This includes the routed infrastructure along with addressing
   principles, routing principles, peering policy and related network
   functions.  Since IPv6 is quite different from IPv4 in number of ways
   including the number of addresses which are made available, careful
   attention to a scalable and manageable architecture needs to be made.
   Also, given that home networks environments will no longer receive a
   token single address as is common in IPv4, operators will need to
   understand the impacts of delegating larges sums of addresses
   (prefixes) to consumer endpoints.  Delegating prefixes can be of
   specific importance in access network environments where downstream
   customers often move between access nodes, raising the concern of
   frequent renumbering and/or managing movement of routed prefixes
   within the network (common in cable based networks).

5.1.3.  Phase 0 - Foundation: Network Policy and Security

   Many, but not all, security policies will map easily from IPv4 to
   IPv6.  Some new policies may be required for issues specific to IPv6
   operation.  This document does not highlight these specific issues,
   but raises the awareness they are of consideration and should be
   addressed when delivering IPv6 services.  Other IETF documents
   ([RFC4942], [RFC6092], [RFC6169], for instance) are excellent

5.1.4.  Phase 0 - Foundation: Transition Architecture

   The operator should plan out their transition architecture in advance
   (with room for flexibility) to help optimize how they will build out
   and scale their networks.  If the operator should want to use
   multiple technologies like CGN, DS-Lite and 6RD, they may want to
   plan out where such equipment may be located and potentially choose
   locations which can be used for all three functional roles (i.e.
   placement of NAT44 translator, AFTR and 6RD relays).  This would
   allow for the least disruption as the operator evolves the transition
   environment to meet the needs of the network.  This approach may also
   prove beneficial if traffic patterns change rapidly in the future and
   the operator may need to evolve their network faster than originally

   Operators should inform their vendors of what technologies they plan
   to support over the course of the transition to make sure the

Kuarsingh & Howard        Expires May 30, 2012                 [Page 12]

Internet-Draft          Wireline Incremental IPv6          November 2011

   equipment is suited to support those modes of operation.  This is
   important for both network gear and customer premise equipment.

5.1.5.  Phase 0- Foundation: Tools and Management

   The operator should thoroughly analyze all provisioning and
   operations systems to develop requirements for each phase.  This will
   include address concepts related to the 128-bit addressing field, the
   notation of an assigned IPv6 prefix (PD) and the ability to detect
   either or both address families when determining if a customer has
   full Internet service.

   If an operator stores usage information, this would need to be
   aggregated to include both the IPv4 and IPv6 traffic flows.  Also,
   tools that verify connectivity may need to query the IPv4 and IPv6

5.2.  Phase 1 - Tunnelled IPv6

   Many network operators can deploy native IPv6 from access edge to
   peering edge fairly quickly.  Others, may want to support IPv6
   services before they can support native IPv6.  During this period of
   time, tunnelled access to IPv6 is a viable alternative to Native
   IPv6.  Even while slowly rolling out native IPv6, operators can
   deploy relays for automatic tunnelling technologies like 6to4 and
   Teredo.  Where native IPv6 is a longer-term project, operators can
   consider 6RD [RFC5969].  Note that 6to4 and Teredo have different
   address selection behaviours from 6RD [RFC3484].  Additional
   guidelines on deploying and supporting 6to4 can be found in

   The operator can deploy 6RD relays easily and scale them as needed to
   meet the early customer needs of IPv6.  Since 6RD requires the
   upgrade or replacement of CPE gateways, the operator may want ensure
   that the gateways support not just 6RD but Native Dual Stack and
   other tunnelling technologies if possible. 6RD clients are now
   available in some retail channel products and within the OEM market.
   Retail availability of 6RD is important since not all operators
   control or have influence over what equipment is deployed in the
   consumer home network.

Kuarsingh & Howard        Expires May 30, 2012                 [Page 13]

Internet-Draft          Wireline Incremental IPv6          November 2011

                                       +--------+         -----
                                       |        |       /       \
                       Encap IPv6 Flow |  6RD   |      |  IPv6   |
                                - - -> |  BR    | <- > |   Net   |
          +---------+         /        |        |       \       /
          |         |        /         +--------+         -----
          |   6RD   + <-----                              -----
          |         |                                   /       \
          |  Client |         IPv4 Flow                |  IPv4   |
          |         + < - - - - - - - - - - - - - - -> |   Net   |
          |         |                                   \       /
          +---------+                                     -----

                         Figure 1: 6RD Basic Model

   6RD used as an initial phase technology also provides the added
   benefit of a deterministic IPv6 prefix which is based on the IPv4
   assigned address.  Many operational tools are available or have been
   built to identify what IPv4 (often dynamic) address was assigned to a
   customer host/CPE.  So a simple tool and/or method can be built to
   help the operational staff in an organization know that the IPv6
   prefix is for 6RD based on knowledge of the IPv4 address.

   An operator may choose to not offer internal services over IPv6 if
   such services generate a large amount of traffic.  This mode of
   operation should avoid the need to greatly increase the scale of the
   6RD Relay environment.

5.2.1.  6RD Deployment Considerations

   Deploying 6RD can greatly speed up an operator's ability to support
   IPv6 to the customer network.  Consider by whom the system would be
   deployed, provisioned, scaled and managed.

   The first core consideration is deployment models. 6RD requires the
   CPE (6RD client) to send traffic to a 6RD relay.  These relays can
   share a common anycast address, or can use unique addresses.  Using
   an anycast model, the operator can deploy all the 6RD relays using
   the same IPv4 interior service address.  As the load increases on the
   deployed relays, the operator can deploy more relays into the
   network.  The one drawback here is that it may be difficult manage
   the traffic volume among additional relays, since all 6RD traffic
   will find the nearest (in terms of IGP cost) relay.  Use of specific
   addresses can help provide more control but has the disadvantage of
   being more complex to provision as CPEs will contain different
   information.  An alternative approach is to use a hybrid model using
   multiple anycast service IPs for clusters of 6RD relays should the

Kuarsingh & Howard        Expires May 30, 2012                 [Page 14]

Internet-Draft          Wireline Incremental IPv6          November 2011

   operator anticipate massive scaling of the environment.  This way,
   the operator has multiple vectors by which to scale the service.

                                              |        |
                                IPv4 Addr.X   |  6RD   |
                                     - - - >  |   BR   |
               +-----------+        /         |        |
               | Client A  | <- - -           +--------+
                             Separate IPv4 Service Addresses
               | Client B  | < - -            +--------+
               +-----------+       \          |        |
                                     - - - >  |  6RD   |
                                IPv4 Addr.Y   |   BR   |
                                              |        |

             Figure 2: 6RD Multiple IPv4 Service Address Model

                                            |        |
                              IPv4 Addr.X   |  6RD   |
                                   - - - >  |   BR   |
             +-----------+        /         |        |
             | Client A  |- - - -           +--------+
                       Common (Anycast) IPv4 Service Addresses
             | Client B  | - - -            +--------+
             +-----------+       \          |        |
                                   - - - >  |  6RD   |
                              IPv4 Addr.X   |   BR   |
                                            |        |

             Figure 3: 6RD Anycast IPv4 Service Address Model

   Provisioning of the endpoints is affected by the deployment model
   chosen (i.e. anycast vs. specific service IPs).  Using multiple IPs
   may require more planning and management as customer equipment will
   have different sets of data to be provisioned into the devices.  The

Kuarsingh & Howard        Expires May 30, 2012                 [Page 15]

Internet-Draft          Wireline Incremental IPv6          November 2011

   operator may use DHCPv4, manual provisioning or other mechanisms to
   provide parameters to customer equipment.

   If the operator manages the CPE, support personnel will need tools
   able to report the status of the 6RD tunnel.  Usage information can
   be counted on the operator edge, but if it requires source/
   destination flow details, data must be collected after the 6RD relay
   (IPv6 side of connection).

       +---------+  IPv4 Encapsulation  +------------+
       |         +- - - - - - - - - - - +            |
       |   6RD   +----------------------+     6RD    +---------
       |         |   IPv6 Packet        |    Relay   | IPv6 Packet
       | Client  +----------------------+            +---------
       |         +- - - - - - - - - - - +            |      ^
       +---------+  ^                   +------------+      |
                    |                                       |
                    |                                       |
                IPv4 IP (Tools/Mgmt)               IPv6 Flow Analysis

                  Figure 4: 6RD Tools and Flow Management

5.3.  Phase 2: Native Dual Stack

   Either as a follow-up phase to "Tunnelled IPv6" or as an initial
   step, the operator may deploy Native IPv6 to the customer premise.
   This phase would then allow for both IPv6 and IPv4 to be natively
   accessed by the customer home gateway/CPE.  The Native Dual Stack
   phase be rolled out across the network while the tunnelled IPv6
   service remains running.  As areas begin to support Native IPv6,
   customer home equipment can be set to use it in place of technologies
   like 6RD.  Hosts using 6to4 and/or Teredo will automatically prefer
   [RFC3484] the IPv6 address delivered via Native IPv6 (assumed to be a
   Delegated Prefix as per [RFC3769]).

   Native Dual Stack is the best option, and should be sought as soon as
   possible.  During this phase, the operator can confidently move both
   internal and external services to IPv6.  Since there are no
   translation devices needed for this mode of operation, it transports
   both protocols (IPv6 and IPv4) efficiently within the network.

5.3.1.  Native Dual Stack Deployment Considerations

   Native Dual Stack is a very desirable option for deployment.  The
   operator must enable IPv6 at the network core and peering before they
   attempt to turn on Native IPv6 services.  Additionally, provisioning

Kuarsingh & Howard        Expires May 30, 2012                 [Page 16]

Internet-Draft          Wireline Incremental IPv6          November 2011

   and support systems such as DHCPv6, DNS and other functions which
   support the customer's IPv6 Internet connection need to be in place.

   The operator must treat IPv6 connectivity as seriously as IPv4.  Poor
   IPv6 service may be worse than not offering an IPv6 service at all,
   since users will disable IPv6, which will be difficult for the
   operator to reverse.  New code and IPv6 functionality may cause
   instability at first.  The operator will need to monitor,
   troubleshoot and resolve issues promptly.

   Prefix assignment and routing are new for common residential
   services.  Prefix assignment is straightforward (DHCPv6 using
   IA_PDs), but installation and propagation of routing information for
   the prefix, especially during access layer instability, is often
   poorly understood.  The Operator should develop processes for
   renumbering customers who they move to a new Access nodes.

   Operators need to keep track of both the dynamically assigned IPv4
   and IPv6 addresses.  Any additional dynamic elements, such as auto-
   generated DNS names, need to be considered and planned for.

5.4.  Intermediate Phase for CGN

   At some point during the first two phases, acquiring more IPv4
   addresses may become challenging or impossible, therefore CGN may be
   required on the IPv4 path.  The CGN infrastructure can be enabled if
   needed during either phase.  CGN is less optimal in a 6RD deployment
   (if used with 6RD to a given endpoint) since all traffic must
   transverse some type of operator service node (relay and translator).

                                       +--------+         -----
                                       |        |       /       \
                             IPv4 Flow |  CGN   |      |         |
                                - - -> +        + < -> |         |
          +---------+         /        |        |      |         |
          |   CPE   | <- - - /         +--------+      |  IPv4   |
          |---------+                                  |   Net   |
                                                       |         |
          +---------+         IPv4 Flow                |         |
          |   CPE   | <- - - - - - - - - - - - - - - > |         |
          |---------+                                   \       /

                     Figure 5: Overlay CGN Deployment

   In the case of Native Dual Stack, CGN can be used to assist in

Kuarsingh & Howard        Expires May 30, 2012                 [Page 17]

Internet-Draft          Wireline Incremental IPv6          November 2011

   extending connectivity for the IPv4 path while the IPv6 path remains
   native.  For endpoints operating in a IPv6+CGN model the Native IPv6
   path is available for higher quality connectivity helping host
   operation over the network while the CGN path may offer a less then
   optimal performance.

                                       +--------+         -----
                                       |        |       /       \
                             IPv4 Flow |  CGN   |      |  IPv4   |
                                - - -> +        + < -> |   Net   |
          +---------+         /        |        |       \       /
          |         | <- - - /         +--------+        -------
          |   Dual  |
          |  Stack  |                                     -----
          |   CPE   |         IPv6 Flow                 / IPv6  \
          |         | <- - - - - - - - - - - - - - - > |   Net   |
          |---------+                                   \       /

                       Figure 6: Dual Stack with CGN

   CGN deployments may make use of a number of address options which
   include RFC1918 or Shared CGN Address Space [I-D.weil-shared-
   transition-space-request].  It is also possible that operators may
   use part of their own RIR assigned address space for CGN zone
   addressing if RFC918 addresses pose technical challenges in their
   network.  It is not recommended that operators use squat space as it
   may pose additional challenges with filtering and policy control.

5.4.1.  CGN Deployment Considerations

   CGN is often considered undesirable by operators but required in many
   cases.  An operator who needs to deploy CGN services should consider
   it's impacts to the network.  CGN is often deployed in addition to
   running IPv4 services and should not negatively impact the already
   working Native IPv4 service.  CGNs will also be needed at low scale
   at first and grown to meet future demands based on traffic and
   connection dynamics of the customer, content and network peers.

   The operator may want to deploy CGNs more centrally at first and then
   scale the system as needed.  This approach can help conserve costs of
   the system and only spend money on equipment with the actual growth
   of traffic (demand on CGN system).  The operator will need a
   deployment model and architecture which allows the system to scale as

Kuarsingh & Howard        Expires May 30, 2012                 [Page 18]

Internet-Draft          Wireline Incremental IPv6          November 2011

                                       +--------+         -----
                                       |        |       /       \
                                       |  CGN   |      |         |
                                - - -> +        + < -> |         |
          +---------+         /        |        |      |         |
          |   CPE   | <- - - /         +--------+      |  IPv4   |
          |         |                      ^           |         |
          |---------+                      |           |   Net   |
                           +--------+    Centralized   |         |
          +---------+      |        |       CGN        |         |
          |         |      |  CGN   |                  |         |
          |   CPE   | <- > +        + <- - - - - - - > |         |
          |---------+      |        |                   \       /
                           +--------+                     -----
                           Distributed CGN

           Figure 7: CGN Deployment: Centralized vs. Distributed

   The operator may be required to log translation information
   [draft-sivakumar-behave-nat-logging].  This logging may require
   significant investment in external systems which ingest, aggregate
   and report on such information

   Since CGN has impacts on some applications
   [draft-donley-nat444-impacts], operators may deploy CGN only for
   those customers who do not use affected applications.  Affected
   customers could be selected by observing usage, or by offering CGN
   and Native IPv4 for different prices.

5.5.  Phase 3 - Tunnelled IPv4

   Once Native IPv6 is ubiquitous, and well-supported by tools, staff,
   and processes, an operator may consider Dual-Stack Lite.  DS-Lite
   allows growth of the IPv4 customer base using IPv4 address sharing
   for IPv4 Internet connectivity, but with only a single layer of
   translation, compared to CGN (NAT44).  This mode of operation also
   removes the need to directly address customer endpoints with an IPv4
   address simplifying the connectivity to the customer (single address

   The operator can also move IPv4 endpoints (Dual Stack) to DS-Lite
   retroactively to reclaim IPv4 addresses for redeployment.  To
   minimize traffic needing translation, the operator should have
   already moved most content to IPv6 before this phase.

Kuarsingh & Howard        Expires May 30, 2012                 [Page 19]

Internet-Draft          Wireline Incremental IPv6          November 2011

                                        +--------+      -----
                                        |        |    /       \
                        Encap IPv4 Flow |  AFTR  |   |  IPv4   |
                                 -------+        +---+   Net   |
           +---------+         /        |        |    \       /
           |         |        /         +--------+      -----
           | DS-Lite +-------                           -----
           |         |                                /       \
           |  Client |         IPv6 Flow             |  IPv6   |
           |         +-------------------------------|   Net   |
           |         |                                \       /
           +---------+                                  -----

                       Figure 8: DS-Lite Basic Model

   If the operator was forced to enable CGN for a NAT444 deployment,
   they may be able to co-locate the AFTR and CGN functions within the
   network to simplify capacity management and the engineering of flows.
   DS-Lite however requires configuration of the CPE and the
   implementation of the AFTR.

5.5.1.  DS-Lite Deployment Considerations

   The same deployment considerations associated with Native IPv6
   deployments apply to DS-LIte.  IPv4 will now be dependent on IPv6
   service quality, so the IPv6 network and service must be running well
   to ensure a quality experience for the end customer.  Tools and
   processes will be needed to manage the encapsulated IPv4 service.  If
   flow analysis is required for IPv4 traffic, this should be enabled at
   a point beyond the AFTR (after de-capsulation).

     +---------+  IPv4 Encapsulation  +------------+
     |         + - - - - - - - - - - -+            |
     |  AFTR   +----------------------+    AFTR    +---------
     |         |   IPv4 Packet        |            | IPv4 Packet
     | Client  +----------------------+            +---------
     |         + - - - - - - - - - - -+            |      ^
     +---------+  ^                   +------------+      |
                  |                                       |
                  |                                       |
           IPv6 IP (Tools/Mgmt)               IPv4 Packet Flow Analysis

                 Figure 9: DS-Lite Tools and Flow Analysis

   DS-Lite also requires client support.  The operator must clearly
   articulate to vendors which technologies will be used at which

Kuarsingh & Howard        Expires May 30, 2012                 [Page 20]

Internet-Draft          Wireline Incremental IPv6          November 2011

   points, how they interact with each other at the CPE, and how they
   will be provisioned.  As an example, an operator may use 6RD in the
   outset of the transition, then move to Native Dual Stack followed by

6.  IANA Considerations

   No IANA considerations are defined at this time.

7.  Security Considerations

   No Additional Security Considerations are made in this document.

8.  Acknowledgements

   Thanks to the following people for their textual contributions and/or
   guidance on IPv6 deployment considerations: John Brzozowski, Jason
   Weil, Nik Lavorato, John Cianfarani, Chris Donley, Wesley George and
   Tina TSOU.

9.  References

9.1.  Normative References

              Carpenter, B., Jiang, S., and V. Kuarsingh, "Framework for
              IP Version Transition Scenarios",
              draft-ietf-v6ops-v4v6tran-framework-02 (work in progress),
              July 2011.

   [RFC6180]  Arkko, J. and F. Baker, "Guidelines for Using IPv6
              Transition Mechanisms during IPv6 Deployment", RFC 6180,
              May 2011.

9.2.  Informative References

              Donley, C., Howard, L., Kuarsingh, V., Berg, J., and U.
              Colorado, "Assessing the Impact of Carrier-Grade NAT on
              Network Applications", draft-donley-nat444-impacts-03
              (work in progress), November 2011.

              Perreault, S., Yamagata, I., Miyakawa, S., Nakagawa, A.,

Kuarsingh & Howard        Expires May 30, 2012                 [Page 21]

Internet-Draft          Wireline Incremental IPv6          November 2011

              and H. Ashida, "Common requirements for Carrier Grade NAT
              (CGN)", draft-ietf-behave-lsn-requirements-04 (work in
              progress), October 2011.

              Brzozowski, J. and C. Griffiths, "Comcast IPv6 Trial/
              Deployment Experiences",
              draft-jjmb-v6ops-comcast-ipv6-experiences-02 (work in
              progress), October 2011.

              Kuarsingh, V., Lee, Y., and O. Vautrin, "6to4 Provider
              Managed Tunnels",
              (work in progress), September 2011.

              Weil, J., Kuarsingh, V., Donley, C., Liljenstolpe, C., and
              M. Azinger, "IANA Reserved IPv4 Prefix for Shared CGN
              Space", draft-weil-shared-transition-space-request-09
              (work in progress), October 2011.

   [RFC1918]  Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
              E. Lear, "Address Allocation for Private Internets",
              BCP 5, RFC 1918, February 1996.

   [RFC3056]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains
              via IPv4 Clouds", RFC 3056, February 2001.

   [RFC3068]  Huitema, C., "An Anycast Prefix for 6to4 Relay Routers",
              RFC 3068, June 2001.

   [RFC3484]  Draves, R., "Default Address Selection for Internet
              Protocol version 6 (IPv6)", RFC 3484, February 2003.

   [RFC3769]  Miyakawa, S. and R. Droms, "Requirements for IPv6 Prefix
              Delegation", RFC 3769, June 2004.

   [RFC4380]  Huitema, C., "Teredo: Tunneling IPv6 over UDP through
              Network Address Translations (NATs)", RFC 4380,
              February 2006.

   [RFC4942]  Davies, E., Krishnan, S., and P. Savola, "IPv6 Transition/
              Co-existence Security Considerations", RFC 4942,
              September 2007.

   [RFC5969]  Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4
              Infrastructures (6rd) -- Protocol Specification",

Kuarsingh & Howard        Expires May 30, 2012                 [Page 22]

Internet-Draft          Wireline Incremental IPv6          November 2011

              RFC 5969, August 2010.

   [RFC6092]  Woodyatt, J., "Recommended Simple Security Capabilities in
              Customer Premises Equipment (CPE) for Providing
              Residential IPv6 Internet Service", RFC 6092,
              January 2011.

   [RFC6146]  Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
              NAT64: Network Address and Protocol Translation from IPv6
              Clients to IPv4 Servers", RFC 6146, April 2011.

   [RFC6169]  Krishnan, S., Thaler, D., and J. Hoagland, "Security
              Concerns with IP Tunneling", RFC 6169, April 2011.

   [RFC6264]  Jiang, S., Guo, D., and B. Carpenter, "An Incremental
              Carrier-Grade NAT (CGN) for IPv6 Transition", RFC 6264,
              June 2011.

   [RFC6269]  Ford, M., Boucadair, M., Durand, A., Levis, P., and P.
              Roberts, "Issues with IP Address Sharing", RFC 6269,
              June 2011.

   [RFC6333]  Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
              Stack Lite Broadband Deployments Following IPv4
              Exhaustion", RFC 6333, August 2011.

   [RFC6343]  Carpenter, B., "Advisory Guidelines for 6to4 Deployment",
              RFC 6343, August 2011.

Authors' Addresses

   Victor Kuarsingh (editor)
   Rogers Communications
   8200 Dixie Road
   Brampton, Ontario  L6T 0C1

   Email: victor.kuarsingh@gmail.com
   URI:   http://www.rogers.com

Kuarsingh & Howard        Expires May 30, 2012                 [Page 23]

Internet-Draft          Wireline Incremental IPv6          November 2011

   Lee Howard
   Time Warner Cable
   13820 Sunrise Valley Drive
   Herndon, VA  20171

   Email: lee.howard@twcable.com
   URI:   http://www.timewarnercable.com

Kuarsingh & Howard        Expires May 30, 2012                 [Page 24]