[Search] [txt|pdf|bibtex] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03                                                   
Network Working Group                                           B. Liu
Internet Draft                                                S. Jiang
Intended status: Informational                                   Y. Bo
Expires: January 4, 2015                           Huawei Technologies
                                                          July 3, 2014

                      Running Multiple IPv6 Prefixes
              draft-liu-v6ops-running-multiple-prefixes-01.txt


Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF). Note that other groups may also distribute working
   documents as Internet-Drafts. The list of current Internet-Drafts is
   at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 4, 2015.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document. Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.









Liu, et al.            Expires January 4, 2015                [Page 1]


Internet-Draft         Running Multiple Prefixes             July 2014




Abstract

   This document discusses that multiple prefixes in one network/host
   might be common in IPv6 deployment, and describes several typical
   multiple prefixes use cases. Then some operational considerations and
   current problems of running multiple prefixes are described.

Table of Contents


   1. Introduction ................................................. 3
   2. Multiple Prefixes Use cases .................................. 4
      2.1. Multi-Scope Addresses ................................... 4
      2.2. Multihoming ............................................. 4
      2.3. Service Prefixes ........................................ 5
   3. Operational Considerations and Problems ...................... 5
      3.1. Multiple prefix provisioning ............................ 5
      3.2. Multiple addresses in one interface ..................... 6
      3.3. Address Selection ....................................... 7
      3.4. Exit-router selection ................................... 8
   4. Security Considerations ...................................... 8
   5. IANA Considerations .......................................... 8
   6. Acknowledgments .............................................. 9
   7. References ................................................... 9
      7.1. Normative References .................................... 9
      7.2. Informative References .................................. 9



















Liu, et al.           Expires  January 4, 2015                [Page 2]


Internet-Draft         Running Multiple Prefixes             July 2014




1. Introduction

   IP technology has been widely spread. More and more services are
   relying on it. As the evolution of network application, the IP
   network architecture/functions are becoming more and more
   sophisticated.

   One aspect is the requirement of multiple prefixes. There are several
   motivations as the following:

   - Multiple network provisioning, including multihoming and service
   prefixes (as described in section 2.4) etc;

   - Multiple logical planes, VPN/OAM .etc.

   In IPv6, multiple prefixes feature is naturally well-supported.
   Standard IPv6 stack is mandatory to support multiple addresses per
   interface; and there is a standard algorithm [RFC6724] defined for
   address selection. It is an important improvement comparing to IPv4.

   In practice, there might be some worry that running multiple prefixes
   would make significant operational complexity. It is apprehensible
   that most of the administrators are not be accustomed to this model,
   since it is quite different with that in IPv4. But considering
   running multiple prefixes in IPv6 might be very common,
   administrators need to adapt this new operational model regardless of
   personal prefer.

   This document introduces several multiple prefixes use cases in IPv6
   networks; and provides some operational considerations, as while as
   some current problems of running multiple prefixes.

   This document basically targets at a different scope with MIF
   (Multiple Interfaces) [RFC6418]. MIF is focusing on the problems of
   multiple interfaces in a host, typically the interfaces belong to
   different links and different provision domains (see definition in
   Section 3.1 below); while this document specifically focus on the
   multiple prefixes/addresses assigned to one interface. The scenario
   of "multiple provision domains on the same link" is overlapped in
   this document and MIF, this document only focuses the multiple
   prefixes handling part, and leaves the multiple interfaces relevant
   problems space to MIF.





Liu, et al.           Expires  January 4, 2015                [Page 3]


Internet-Draft         Running Multiple Prefixes             July 2014


2. Multiple Prefixes Use cases

2.1. Multi-Scope Addresses

   o Mandatory Link-Local Address

   IPv6 contains link-local addresses, global addresses and unique local
   addresses (which by definition are global but site-scope by practice).

   As specified in [RFC4291], all interfaces are required to have at
   least one Link-Local unicast address. When the interfaces are
   connected and managed, they might be configured with all three types
   of addresses.

   This is the basic case of running multiple prefixes. In this sense,
   multiple prefixes are almost unavoidable when running IPv6.

   o ULAs along with PA (Provider Aggregate) Addresses

   Unique Local Addresses (ULAs) are defined in [RFC4193] as provider-
   independent prefixes. Since there is a 40 bits pseudo random field in
   the ULA prefix, there is no practical risk of collision (please refer
   to section 3.2.3 in [RFC4193] for more detail).

   For either home networks or enterprise networks, the main purpose of
   using ULAs along with PA addresses is to provide a logically local
   routing plane separated from the globally routing plane. The benefit
   is to ensure stable and specific local communication regardless of
   the ISP uplink failure or change. This benefit is especially
   meaningful for the home network or private OAM function in an
   enterprise.

   In some special cases such as renumbering, enterprise administrators
   may want to avoid the need to renumber their internal-only, private
   nodes when they have to renumber the PA addresses of the whole
   network because of changing ISPs, ISPs restructure their address
   allocations, or whatever reasons. In these situations, ULA is an
   effective tool for the internal-only nodes.

2.2. Multihoming

   When a network is multihomed, the multiple upstream networks would
   assign prefixes respectively. If a network for some reason neither
   acquire a PI (Provider Independent) space nor deploys IPv6 NAT, then
   the multihoming would resulting in hosts with multiple PA (Provider
   Aggregated) IPv6 addresses with different prefixes.



Liu, et al.           Expires  January 4, 2015                [Page 4]


Internet-Draft         Running Multiple Prefixes             July 2014


   This approach in IPv4 has rarely been used, since the IPv4 doesn't
   support multiple addresses/prefixes well. But it is quite practical
   in IPv6. This approach allows the SMEs to do multihoming without
   burden from running PI address space or running IPv6 NAT. Furthermore,
   multiple PA spaces don't have the potential global routing system
   scalable issue as the PI does [RFC4894].

   However, multihoming with multiple PA prefixes has some operational
   issues which mainly include address selection, next-hop selection,
   and exit-router selection, these problems are well documented in
   [RFC7157]. Make-before-break renumbering

   [RFC4192] describes a procedure that can be used to renumber a
   network from one prefix to another smoothly through a "make-before-
   break" transition.

   In the transition period, both the old and new prefixes are available;
   it is a very good use of multiple prefixes that could avoid the
   session outage issue in most of the situations when renumbering a
   network.

2.3. Service Prefixes

   [I-D.jiang-semantic-prefix] describes a framework to embed some
   parameters into the IPv6 prefix segment. The parameters might contain
   user types, service types, applications, security requirements,
   traffic identity types, quality requirements and other criteria may
   also be relevant parameters which a network operator may wish to use
   to treat packets differently and efficiently.

   With this approach, for example, the ISPs could provision one
   subscriber multiple addresses/prefixes to access different services.

3. Operational Considerations and Problems

   Following sub-sections discuss operational considerations and
   problems in several important aspects.

3.1. Multiple prefix provisioning

   o Multiple Provisioning Domain

   In [I.D.ietf-mif-mpvd-arch], provisioning domain is defined as
   consistent set of network configuration information. Classically, the
   entire set available on a single interface is provided by a single
   source, such as network administrator, and can therefore be treated
   as a single provisioning domain.


Liu, et al.           Expires  January 4, 2015                [Page 5]


Internet-Draft         Running Multiple Prefixes             July 2014


   But in modern IPv6 networks, multihoming or service prefixes (which
   are described in the introduction section) can result in more than
   one provisioning domain being present on a single link. In these
   scenarios, current DHCP lacks support of distinguishing multiple
   provisioning domains, thus the host would not be able to associate
   configuration information with provisioning domains. There has been a
   proposed solution [I-D.kkb-mpvd-dhcp-support] to address it.

   Since the technology is still under developing, the administrators
   should avoid multiple provisioning domains on the same link for
   current deployment.

   o DHCPv6/SLAAC Co-existing

   If administrators enable both DHCPv6 and SLAAC for address
   configuration in one network, then they need to notice that there
   might be some operational problems, which are reported in [I-D.ietf-
   v6ops-dhcpv6-slaac-problem], and some operational guidelines are
   provided in [I-D.liu-v6ops-dhcpv6-slaac-guidance].

3.2. Multiple addresses in one interface

   Since it is a mandatory feature in IPv6, normally there is no problem
   in hosts' perspective.

   But in the network side, there might be problems as the following.

   o Multiple addresses to one interface mapping might have not been
      well supported by some management tools.

   o ND table space shortage in big L2 networks

   In some scenarios such as campus networks and enterprise networks,
   the "big L2 network" architecture is often used to reduce the cost
   and ease the management. In a big L2 network, a large amount of hosts
   (e.g. 10K users) are aggregated to the core at layer 2.

   The top-level core switch needs to record the MAC and IP addresses of
   all the hosts in the aggregation domain as entries in the ARP/ND
   table, so that incoming packets to the hosts could be forwarded
   directly by the line cards in a line speed. When the ARP/ND table is
   full, normally the network would not allow new hosts to access.
   Because in this situation, the switch need to instantly look up the
   destination through ARP/ND broadcast/multicast, thus the CPU needs to
   be involved in this processing. This would significantly cost the
   performance of the switch and packet loss might happen.



Liu, et al.           Expires  January 4, 2015                [Page 6]


Internet-Draft         Running Multiple Prefixes             July 2014


   According to current state of the art, the maximum amount of ARP/ND
   entries in a switch is normally under 16K (the high-end ones could
   reach to 64K, measured by per line card). In IPv4, each host only
   occupies one entry, so normally the table space is enough. However,
   when the network is in an IPv6 transition, the table would be in a
   significant shortage. In implementation, one IPv6 ND entry needs 2-4
   times of an IPv4 ARP entry; and one IPv6-enabled host might configure
   2-4 IPv6 addresses or even more. For example, an IPv6-enabled Window
   7 host would have at least three IPv6 addresses (one link-local
   address, one permanent global address and one temporary global
   address) when it connects to an IPv6 network. Finally, a dual-stack
   network would cost 5-17 times table space than the IPv4 does, so that
   the table space shortage is likely to happen.

3.3. Address Selection

   In practice, address selection has the following issues.

   o Inconsistent Behavior in Old and New Address Selection Standards

   [RFC5220] reported various potential problems with address selection
   in deployment. To address these problems, the updated standard
   [RFC6724] was developed.

   There old hosts which still use the [RFC3484] implementation might
   co-exist with the [RFC6724] hosts. Thus inconsistent behavior would
   happen. Basically, all the problems described in [RFC5220] might
   happen in the [RFC3484] hosts. This document picks two examples that
   might probably happen as the following.

   - ULA specific rules

   In [RFC6724] default policy table, ULAs are specifically treated to
   ensure one ULA address will match a given ULA address in a higher
   priority. But in the default policy table of [RFC3484], ULAs are not
   distinguished, thus a non-ULA address pairs might be sorted out to
   cause connectivity failure.

   - ULA+IPv4 address selection

   This is a special case described in section 2.2.2 of [RFC5220]. When
   an enterprise has IPv4 Internet connectivity but does not yet have
   IPv6 Internet connectivity, and the enterprise wants to provide site-
   local IPv6 connectivity, a ULA is an obvious choice for site-local
   IPv6 connectivity. Each employee host will have both an IPv4 global
   or private address and a ULA. Here, when this host tries to connect
   to an outside node that has registered both A and AAAA records in the


Liu, et al.           Expires  January 4, 2015                [Page 7]


Internet-Draft         Running Multiple Prefixes             July 2014


   DNS, the host will choose AAAA as the destination address and the ULA
   for the source address according to the IPv6 preference of the
   default address selection policy [RFC3484]. This will clearly result
   in a connection failure. [RFC6724] has added ULA specific rules to
   prefer IPv4 over ULA, but there might be hosts still under the old
   [RFC3484] specification.

   o Lack of Address Pair Failover

   Currently there isn't a good mechanism for triggering an application
   to switch over to a different SA/DA pair when the current one fails.
   The only mechanism we have today is signaling with ICMP destination
   unreachable/wrong source address, but those messages might not been
   passed up to the application in implementations.

   Shim6 has the address-pair failover ability [RFC5534], but it is only
   applicable for the specific shim6 communication.

3.4. Exit-router selection

   In multiple PA multihoming networks, if the ISPs enable ingress
   filtering at the edge, then the administrators need to deal with the
   the exit router selection issues. Currently there is no well-used
   solution, so the administrator might need to communicate with the ISP
   for not filtering the prefixes.

   If a site has multiple PA prefixes, complexities in routing
   configuration will appear. In particular, source-based routing rules
   might be needed to ensure that outgoing packets are routed to the
   appropriate border router and ISP link. Normally, a packet sourced
   from an address assigned by ISP X should not be sent via ISP Y, to
   avoid ingress filtering by Y [RFC2827] [RFC3704]. Additional
   considerations can be found in [RFC7157].

   Note that, source-base routing mechanisms proposed in
   [I-D.troan-homenet-sadr] might become solutions to deal with the
   exit-router selection problem in the future.

4. Security Considerations

   TBD.

5. IANA Considerations

   This draft does not request any IANA actions.




Liu, et al.           Expires  January 4, 2015                [Page 8]


Internet-Draft         Running Multiple Prefixes             July 2014


6. Acknowledgments

   Some inputs of the texts/ideas were from Ole Troan.

   Useful comments were received from Brian Carpenter, Victor Kuarsingh
   and Roberta Maglione.

   This document was prepared using 2-Word-v2.0.template.dot.

7. References

7.1. Normative References

   [RFC3315] R. Droms, Bound, J., Volz, B., Lemon, T., Perkins, C., and
             M. Carney, "Dynamic Host Configuration Protocol for IPv6
             (DHCPv6)", RFC 3315, July 2003.

   [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
             "Neighbor Discovery for IP version 6 (IPv6)", RFC
             4861,September 2007.

   [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
             Address Autoconfiguration", RFC 4862, September 2007.

7.2. Informative References

   [RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for
             Renumbering an IPv6 Network without a Flag Day", RFC 4192,
             September 2005.

   [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
             Architecture", RFC 4291, February 2006.

   [RFC4984] Meyer, D., Ed., Zhang, L., Ed., and K. Fall, Ed., "Report
             from the IAB Workshop on Routing and Addressing", RFC 4984,
             September 2007.

   [RFC5220] Matsumoto, A., Fujisaki, T., Hiromi, R., and K. Kanayama,
             "Problem Statement for Default Address Selection in Multi-
             Prefix Environments: Operational Issues of RFC 3484 Default
             Rules", RFC 5220, July 2008.

   [RFC6418] Blanchet, M. and P. Seite, "Multiple Interfaces and
             Provisioning Domains Problem Statement", RFC 6418, November
             2011.




Liu, et al.           Expires  January 4, 2015                [Page 9]


Internet-Draft         Running Multiple Prefixes             July 2014


   [RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with
             Dual-Stack Hosts", RFC 6555, April 2012.

   [RFC6724] Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown,
             "Default Address Selection for Internet Protocol Version 6
             (IPv6)", RFC 6724, September 2012.

   [RFC6731] Savolainen, T., Kato, J., and T. Lemon, "Improved Recursive
             DNS Server Selection for Multi-Interfaced Nodes", RFC 6731,
             December 2012.

   [RFC7157] Troan, O., Ed., Miles, D., Matsushima, S., Okimoto, T., and
             D. Wing, "IPv6 Multihoming without Network Address
             Translation", RFC 7157, March 2014.

   [I-D.ietf-6man-addr-select-opt]
             Matsumoto, A.M., Fujisaki T.F., and T. Chown, "Distributing
             Address Selection Policy using DHCPv6", Working in Progress,
             April 2013.

   [I-D.ietf-v6ops-dhcpv6-slaac-problem]
             Liu, B., Bonica, R., Jiang, S., Gong, X., and W., Wang,
             "DHCPv6/SLAAC Address Configuration Interaction Problem
             Statement", Working in Progress, June 2014.

   [I-D.liu-v6ops-dhcpv6-slaac-guidance]
             Liu, B., Bonica, R., and T. Yang, "DHCPv6/SLAAC Interaction
             Operational Guidance", Working in Progress, February 2014.

   [I-D.ietf-mif-mpvd-arch]
             D. Anipko, "Mutiple Provisioning Domain Architecture",
             Working in Progress, May 2014.

   [I-D.troan-homenet-sadr]
             Troan, O., and L. Colitti, "IPv6 Multihoming with Source
             Address Dependent Routing (SADR)", Work in Progress,
             September 2013.











Liu, et al.           Expires  January 4, 2015               [Page 10]


Internet-Draft         Running Multiple Prefixes             July 2014


Authors' Addresses

   Bing Liu
   Huawei Technologies Co., Ltd
   Q14, Huawei Campus
   No.156 Beiqing Rd.
   Hai-Dian District, Beijing  100095
   P.R. China

   Email: leo.liubing@huawei.com

   Sheng Jiang
   Huawei Technologies Co., Ltd
   Q14 Building, No.156 Beiqing Rd.,
   Zhong-Guan-Cun Environmental Protection Park, Beijing
   P.R. China

   EMail: jiangsheng@huawei.com

   Yang Bo
   Huawei Technologies Co., Ltd
   Q21, Huawei Campus
   No.156 Beiqing Rd.
   Hai-Dian District, Beijing  100095
   P.R. China

   Email: boyang.bo@huawei.com





















Liu, et al.           Expires  January 4, 2015               [Page 11]