[Search] [pdf|bibtex] [Tracker] [Email] [Nits]

Versions: 00 01 02                                                      
Network Working Group                                             C. Liu
Internet-Draft                                                    Q. Sun
Intended status: Informational                                     J. Wu
Expires: January 7, 2016                             Tsinghua University
                                                               I. Farrer
                                                     Deutsche Telekom AG
                                                            July 6, 2015


            Dynamic IPv4 Provisioning for Lightweight 4over6
          draft-liu-softwire-lw4over6-dynamic-provisioning-00

Abstract

   Lightweight 4over6 [I-D.ietf-softwire-lw4over6] is an IPv4 over IPv6
   hub and spoke mechanism that provides overlay IPv4 services in an
   IPv6-only access network.  Provisioning IPv4 addresses and port sets
   to customers is the core function of the Lightweight 4over6 control
   plane.  [I-D.ietf-softwire-lw4over6] describes the use of DHCPv6 for
   deterministic IPv4 provisioning.  This document describes a dynamic
   IPv4 provisioning mode for Lightweight 4over6 that based on DHCPv4
   over DHCPv6 [RFC7341].

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 7, 2016.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of



Liu, et al.              Expires January 7, 2016                [Page 1]


Internet-Draft        lw4over6 dynamic provisioning            July 2015


   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Architecture Overview . . . . . . . . . . . . . . . . . . . .   4
   4.  Lightweight4over6 Dynamic Provisioning Process  . . . . . . .   5
     4.1.  IP Addressing . . . . . . . . . . . . . . . . . . . . . .   5
     4.2.  DHCPv6 Configuration  . . . . . . . . . . . . . . . . . .   5
     4.3.  DHCPv4 over DHCPv6 Function . . . . . . . . . . . . . . .   5
     4.4.  lwAFTR Binding Table Maintenance  . . . . . . . . . . . .   5
       4.4.1.  Co-located lwAFTR/DHCP4o6 Binding Table Maintenance .   6
       4.4.2.  lwAFTR Binding Table Maintenance with NETCONF . . . .   6
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   7
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   7
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   Lightweight 4over6 [I-D.ietf-softwire-lw4over6] provides IPv4 access
   over IPv6 network in hub-and-spoke softwire architecture.  In
   Lightweight 4over6, each Lightweight B4 (lwB4) is assigned with a
   port-restricted public IPv4 address or a full public IPv4 address to
   be used for IPv4 communication.  Provisioning IPv4 address, port set
   and other IPv4 parameters to lwB4 is the core function of the
   Lightweight 4over6 control plane.  It can be achieved by several
   protocols, such as DHCPv6 [RFC3315], [I-D.ietf-softwire-map-dhcp],
   DHCPv4 over DHCPv6 [RFC7341], and PCP [RFC6887].

   [I-D.ietf-softwire-lw4over6] describes the use of DHCPv6 for
   deterministic IPv4 provisioning.  The IPv4 address and port set ID
   (PSID) are carried in DHCPv6 options defined in
   [I-D.ietf-softwire-map-dhcp].

   However, the deterministic IPv4 provisioning imposes some
   restrictions for addressing and deployment:

   o  The IPv4 address's life time is bound to the IPv6 tunnel endpoint
      life time



Liu, et al.              Expires January 7, 2016                [Page 2]


Internet-Draft        lw4over6 dynamic provisioning            July 2015


   o  The tunnel must be initiated from a predictable /64 prefix in the
      home network

   o  The IPv4 address and PSID need to be embedded into the IID of the
      clients' /128 IPv6 address

   o  IPv4 address resources are permanently allocated to a client
      whether it is active or not resulting in less efficient address
      usage

   This document describes how to deploy Lightweight 4over6 using DHCPv4
   over DHCPv6 for dynamic IPv4 address provisioning.  The main
   advantages of using a dynamic provisioning model over a deterministic
   model are as follows:

   o  No inherent restrictions on the IPv6 source address within the
      homenet topology that the client uses for sourcing its tunneled
      traffic

   o  Lifetimes of IPv6 and IPv4 addresses are decoupled, allowing for
      more flexibility in addressing policy

   o  Inactive clients' addresses can be released/reclaimed for
      allocation to active clients, so more efficient address usage is
      possible

   Since DHCPv4 over IPv4 is unable to directly work in native IPv6
   network, DHCPv4 over DHCPv6 [RFC7341] allows DHCPv4 functionality to
   be trasported over a pure in IPv6 network.  This is achieved by
   transporting DHCPv4 messages within DHCPv6 messages.

   [I-D.fsc-softwire-dhcp4o6-saddr-opt] defines options for lwB4 to
   report its IPv6 tunnel source address to the server.  This document
   does not define a new provisioning method, but describes how these
   existing specifications are organized to support IPv4 provisioning
   for Lightweight 4over6.

   The architecture which is described in this document can be
   implemented with or without the sharing of IPv4 addresses between
   multiple clients.  If IPv4 address sharing is required, then
   [I-D.ietf-dhc-dynamic-shared-v4allocation] describes the changes
   necessary extensions to the DHCPv4 server and client provisioning for
   the allocation and lease management of shared IPv4 addresses.








Liu, et al.              Expires January 7, 2016                [Page 3]


Internet-Draft        lw4over6 dynamic provisioning            July 2015


2.  Terminology

   Terminology defined in [RFC7341] and [I-D.ietf-softwire-lw4over6] is
   used extensively in this document.

3.  Architecture Overview

   There are four functional elements which make up the architecture.

                 ________       __________
                |        |     |          |
                | DHCPv6 |     | DHCPv4o6 |
                | Server |     |  Server  |
                |________|     |__________|
                    |         /           \
                 1,2|     3,4/             \ 5
                    |       /               \
                 ___|_____ /                 \ _________
                |         |                   |         |
                |  lw4o6  |<----------------->| lwAFTR  |
                |  Client |     Data Plane    |         |
                |_________|                   |_________|

    The numbers in each of the provisioning flows are described in more
                               detail below.

                Figure 1: Dynamic lw4o6 Provisioning Model

   The Lightweight 4over6 provisioning process with DHCPv4o6 proceeds as
   follows:

   1.  lwB4 runs DHCPv6[RFC3315] to get the IPv6 address of the DHCP4o6
       server

   2.  IPv4 address of lwB4 is provisioned by the DHCP4o6 server through
       DHCPv4 over DHCPv6[RFC7341]

   3.  lwB4 port set is allocated through DHCPv4 over DHCPv6 using
       Dynamic Allocation of Shared IPv4
       Addresses[I-D.ietf-dhc-dynamic-shared-v4allocation]

   4.  IPv6 Tunnel source address of the lwB4 is sent to the DHCP4o6
       server using DHCPv4 over DHCPv6 Source Address
       Option[I-D.fsc-softwire-dhcp4o6-saddr-opt]

   5.  lwAFTR binding table maintenance is achieved by using DHCP4o6
       Bulk/Active
       Leasequery[I-D.cui-dhc-dhcp4o6-bulk-active-leasequery] (or other



Liu, et al.              Expires January 7, 2016                [Page 4]


Internet-Draft        lw4over6 dynamic provisioning            July 2015


       provisioning protocol)

4.  Lightweight4over6 Dynamic Provisioning Process

   This section describes the dynamic provisioning process of
   Lightweight 4over6 in more detail.  For the remainder of this
   document, "lwB4" should be understood to mean a stateful lwB4 using
   DHCPv4 over DHCPv6 for dynamic IPv4 provisioning.

4.1.  IP Addressing

   Before begining the DHCPv4 over DHCPv6 to obtain IPv4 configuration,
   the lwB4 MUST be configured with an IPv6 address.  There are no
   restrictions on how the IPv6 address is provisioned, (e.g.  SLAAC,
   DHCPv6 or some other mechanisms).  However, the prefix selected by
   the lwB4 MUST be routable to the lwAFTR (e.g. a link-local address
   must not be used).  The operator can use the
   OPTION_DHCP4O6_SADDR_HINT option defined in
   [I-D.fsc-softwire-dhcp4o6-saddr-opt] to indicate to the client a
   suitable prefix to select the tunnel endpoint address from.

4.2.  DHCPv6 Configuration

   Before stateful lwB4 runs DHCPv4 over DHCPv6 to acquire IPv4 address
   and port set, lwB4 MUST run DHCPv6 to achieve the DHCP 4o6 server's
   IPv6 address.  The DHCPv6 server provides the DHCP 4o6 server's IPv6
   address by OPTION_DHCP4_O_DHCP6_SERVER as defined in [RFC7341].

4.3.  DHCPv4 over DHCPv6 Function

   Once the lwB4 has acquired the IPv6 address of the DHCP4o6 server,
   stateful configuration using DHCPv4 over DHCPv6 is performed to
   obtain an IPv4 address and port set.
   [I-D.ietf-dhc-dynamic-shared-v4allocation] describes how the PSID is
   conveyed in this mechanism.  The lwB4 includes one of its IPv6
   address as the IPv6 tunnel source address in this message flow with
   the DHCP 4o6 server, and receives the lwAFTR's tunnel address through
   DHCPv4 over DHCPv6, as described in section 4 of
   [I-D.fsc-softwire-dhcp4o6-saddr-opt].

4.4.  lwAFTR Binding Table Maintenance

   In figure 1 above, the lwAFTR is not co-located with the DHCP 4o6
   server.  With this architecture, the DHCP 4o6 server informs the
   lwAFTR about changes in IPv4 leases and the bound tunnel endpoint
   addresses using the DHCP4o6 Bulk and Active Leasequery process
   (described in [I-D.cui-dhc-dhcp4o6-bulk-active-leasequery]).




Liu, et al.              Expires January 7, 2016                [Page 5]


Internet-Draft        lw4over6 dynamic provisioning            July 2015


   The lwAFTR functions as a requestor, requesting every active lwB4's
   IPv4 address + PSID, and bound tunnel endpoint IPv6 address.  The
   lwAFTR can use DHCP4o6 Bulk Leasequery to initialize its binding
   table with current lwB4 binding information, or recover missing lease
   information from failure.  The lwAFTR can use DHCP4o6 Active
   Leasequery to get real-time lwB4 binding information.

4.4.1.  Co-located lwAFTR/DHCP4o6 Binding Table Maintenance

   lwAFTR maintains its binding table as per section 6.1 of
   [I-D.ietf-softwire-lw4over6].  Unless the binding table is fixed and
   pre-determined, it is synchronized with DHCPv4 over DHCPv6 process.
   The following DHCPv4 over DHCPv6 messages trigger binding table
   modification:

   o  DHCPACK: Generated by DHCP 4o6 server, triggers lwAFTR to add a
      new entry or modify an existing entry.

   o  DHCPRELEASE: Generated by lwB4, triggers lwAFTR to delete an
      existing entry.

   When lwAFTR receives a DHCPACK event, it looks up the binding table
   using the lwB4's IPv4 address and PSID as index.  If there is an
   existing entry found, the lwAFTR updates the IPv6 address and
   lifetime fields of the entry; otherwise the lwAFTR creates a new
   entry accordingly.  When lwAFTR receives a DHCPRELEASE event, it
   looks up the binding table using the lwB4's IPv6 address, IPv4
   address and PSID as index.  The lwAFTR deletes the entry either by
   removing it from the binding table or mark the lifetime field to an
   invalid value (e.g. 0).

   When lwAFTR is co-located with the DHCP 4o6 server, it listens all
   DHCPv4 over DHCPv6 messages generated or received by the DHCP 4o6
   server and updates the bindings through valid messages.

4.4.2.  lwAFTR Binding Table Maintenance with NETCONF

   NETCONF [RFC6241] can also be used for lwAFTR binding table
   maintenance.  The data model for lw4o6 is defined in
   [I-D.sun-softwire-yang].  When NETCONF is used, the DHCP 4o6 server
   is integrated with NETCONF client and the lwAFTR is integrated with
   NETCONF server.  When the address allocation state is changed due to
   the DHCPACK/DHCPRELEASE, the DHCP 4o6 server initiates NETCONF edit-
   config operations to the lwAFTR to send notifications of binding
   table modification.






Liu, et al.              Expires January 7, 2016                [Page 6]


Internet-Draft        lw4over6 dynamic provisioning            July 2015


5.  Security Considerations

   Security considerations in [I-D.ietf-softwire-lw4over6] and [RFC7341]
   should be considered.

   The DHCP message triggered binding table maintenance may be used by
   an attacker to send fake DHCP messages to lwAFTR.  The operator
   network should deploy [RFC2827] to prevent this kind of attack.

6.  IANA Considerations

   This document does not include an IANA request.

7.  References

7.1.  Normative References

   [I-D.cui-dhc-dhcp4o6-bulk-active-leasequery]
              Cui, Y., Liu, Z., Liu, C., and Y. Lee, "DHCP4o6 Bulk and
              Active Leasequery", draft-cui-dhc-dhcp4o6-bulk-active-
              leasequery-01 (work in progress), March 2015.

   [I-D.fsc-softwire-dhcp4o6-saddr-opt]
              Farrer, I., Sun, Q., and Y. Cui, "DHCPv4 over DHCPv6
              Source Address Option", draft-fsc-softwire-dhcp4o6-saddr-
              opt-01 (work in progress), September 2014.

   [I-D.ietf-dhc-dynamic-shared-v4allocation]
              Cui, Y., Qiong, Q., Farrer, I., Lee, Y., Sun, Q., and M.
              Boucadair, "Dynamic Allocation of Shared IPv4 Addresses",
              draft-ietf-dhc-dynamic-shared-v4allocation-09 (work in
              progress), May 2015.

   [I-D.ietf-softwire-lw4over6]
              Cui, Y., Qiong, Q., Boucadair, M., Tsou, T., Lee, Y., and
              I. Farrer, "Lightweight 4over6: An Extension to the DS-
              Lite Architecture", draft-ietf-softwire-lw4over6-13 (work
              in progress), November 2014.

   [RFC2827]  Ferguson, P. and D. Senie, "Network Ingress Filtering:
              Defeating Denial of Service Attacks which employ IP Source
              Address Spoofing", BCP 38, RFC 2827, May 2000.

   [RFC7341]  Sun, Q., Cui, Y., Siodelski, M., Krishnan, S., and I.
              Farrer, "DHCPv4-over-DHCPv6 (DHCP 4o6) Transport", RFC
              7341, August 2014.





Liu, et al.              Expires January 7, 2016                [Page 7]


Internet-Draft        lw4over6 dynamic provisioning            July 2015


7.2.  Informative References

   [I-D.ietf-softwire-map-dhcp]
              Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec,
              W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for
              configuration of Softwire Address and Port Mapped
              Clients", draft-ietf-softwire-map-dhcp-12 (work in
              progress), March 2015.

   [I-D.sun-softwire-yang]
              Sun, Q., Wang, H., Cui, Y., Farrer, I., Boucadair, M., and
              R. Asati, "YANG Data Model for IPv4-in-IPv6 Softwire",
              draft-sun-softwire-yang-03 (work in progress), April 2015.

   [RFC3315]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
              and M. Carney, "Dynamic Host Configuration Protocol for
              IPv6 (DHCPv6)", RFC 3315, July 2003.

   [RFC6241]  Enns, R., Bjorklund, M., Schoenwaelder, J., and A.
              Bierman, "Network Configuration Protocol (NETCONF)", RFC
              6241, June 2011.

   [RFC6887]  Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P.
              Selkirk, "Port Control Protocol (PCP)", RFC 6887, April
              2013.

Authors' Addresses

   Cong Liu
   Tsinghua University
   Department of Computer Science, Tsinghua University
   Beijing  100084
   P.R.China

   Phone: +86-10-6278-5822
   Email: gnocuil@gmail.com


   Qi Sun
   Tsinghua University
   Department of Computer Science, Tsinghua University
   Beijing  100084
   P.R.China

   Phone: +86-10-6278-5822
   Email: sunqi@csnet1.cs.tsinghua.edu.cn





Liu, et al.              Expires January 7, 2016                [Page 8]


Internet-Draft        lw4over6 dynamic provisioning            July 2015


   Jianping Wu
   Tsinghua University
   Department of Computer Science, Tsinghua University
   Beijing  100084
   P.R.China

   Phone: +86-10-6278-5983
   Email: jianping@cernet.edu.cn


   Ian Farrer
   Deutsche Telekom AG
   CTO-ATI,Landgrabenweg 151
   Bonn, NRW  53227
   Germany

   Email: ian.farrer@telekom.de


































Liu, et al.              Expires January 7, 2016                [Page 9]