softwire                                                R. Maglione, Ed.
Internet-Draft                                                    W. Dec
Intended status: Informational                             Cisco Systems
Expires: April 16, 2016                                         I. Leung
                                                   Rogers Communications
                                                             E. Mallette
                                                   Bright House Networks
                                                        October 14, 2015


                          Use cases for MAP-T
               draft-maglione-softwire-map-t-scenarios-06

Abstract

   The Softwire working group standardized both encapsulation and
   translation based stateless IPv4/IPv6 solutions in order to be able
   to provide IPv4 connectivity to customers in an IPv6-Only
   environment.

   The purpose of this document is to describe some operational use
   cases that would benefit from a translation based approach and
   highlights the operational benefits that a translation based solution
   would allow.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 16, 2016.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.





Maglione, et al.         Expires April 16, 2016                 [Page 1]


Internet-Draft              MAP-T uses cases                October 2015


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Operational Service Policy Use Cases  . . . . . . . . . . . .   3
     2.1.  Network/Transport Layer Classification classifiers  . . .   4
     2.2.  Device Configuration (DOCSIS) . . . . . . . . . . . . . .   5
     2.3.  Service Flow management using Deep Packet Inspection  . .   5
     2.4.  Service Flow Redirection Policies (Web-redirection) . . .   6
     2.5.  Service Flow Caching  . . . . . . . . . . . . . . . . . .   7
   3.  Technological Considerations  . . . . . . . . . . . . . . . .   7
     3.1.  Encapsulation and Translation Overhead  . . . . . . . . .   8
     3.2.  Efficient Utilization of the Access Network . . . . . . .   8
       3.2.1.  Jumbo Frame Support in the Access . . . . . . . . . .   8
       3.2.2.  Operator Added Packet Overhead and Service Level
               Agreements  . . . . . . . . . . . . . . . . . . . . .   9
   4.  Conclusions . . . . . . . . . . . . . . . . . . . . . . . . .  10
   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  10
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  10
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
   8.  Informative References  . . . . . . . . . . . . . . . . . . .  10
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   The Softwire working group standardized both encapsulation [RFC7597]
   and translation [RFC7599] based stateless IPv4/IPv6 solutions
   developed for the purposes of offering IPv4 connectivity to the
   customers in an IPv6-Only environment.

   There are deployment scenarios that may benefit equally from an
   encapsulated or translated form of an IPv4/IPv6 stateless addressing
   solution.  There are, however, use cases where using a translation
   approach could lead to significant operational benefits and potential
   savings for the operators.

   This document describes some use cases that would take advantage of a
   translation based solution, by highlighting the operational benefits
   that a translation based approach would allow.



Maglione, et al.         Expires April 16, 2016                 [Page 2]


Internet-Draft              MAP-T uses cases                October 2015


2.  Operational Service Policy Use Cases

   In Broadband Networks it is common practice for Operators to apply
   per-subscriber policies on subscriber traffic at the network edge
   such as a BNG ( Broadband Network Gateway), CMTS (Cable Modem
   Termination System), PGW (PDN Gateway) or like device.  Various
   services may require the application of different policies at these
   services edges.

   Typically a policy would include a classification function and an
   action function.

   o  Service flow classification may occur based on any combination of
      the following:

      *  Layer-3 identifiers such as source, destination address,
         protocol or next header, DSCP or Traffic Class;

      *  Layer-4 identifiers such as source or destination port;

      *  service type/destination (i.e.  Internet, network service, or
         other service)

   o  Actions may be provisioned against the classified traffic; the
      following are some examples of actions:

      *  application of different QoS treatment (could be rate-limit,
         drop, redirect,.. etc) based on Layer 3 or higher layer (Layer
         4-7) classification from devices like deep packet inspection
         appliances;

      *  Service flow redirection on selected types of traffic (i.e.
         Web portal);

      *  Service flow caching on selected types of traffic.

   The rationale for applying such policy at the network edge is based
   on how tightly coupled this layer of the network is with many key
   systems within the operators network such as RADIUS, DHCP, access
   technology awareness and ability to implement subscriber awareness.

   In many common deployments today, the customer's policies are
   maintained in RADIUS server or enforced through other provisioned
   data in co-operation with service activation such as DHCP and
   bootstrap configuration.  In a cable operator network, while much of
   the heavily lifting of subscriber management is embedded on the CMTS
   or OLT, the reality is that classification is shared across CMTS and
   cable-modem (CM) or across OLT and optical network unit (ONU.)  The



Maglione, et al.         Expires April 16, 2016                 [Page 3]


Internet-Draft              MAP-T uses cases                October 2015


   CM and ONU classification capabilities are not as robust and flexible
   as the upstream CMTS, OLT and/or assisting edge router.  The
   implications of that are that the CPE may need to be replaced with a
   device that has the capability to classify on a larger packet header.

   An additional point to consider is that the edge network nodes are
   also often fitted with, or co-located with higher functioning
   appliances that employ Deep Packet Inspection and distributed caches
   used to enhance service performance.

2.1.  Network/Transport Layer Classification classifiers

   Most of the policies described in Section 2 require the use of
   network and transport layer classification and filtering mechanisms
   such as classifiers at the network edge.  The application of
   classifiers and other network layer classification functions on
   selected subscriber flows are often applied by a AAA server, gleaned
   from configuration information, provisioned from per-CM DOCSIS
   configuration files generated from the operator OSS, or sent by a
   policy control function (PCRF, PCMM, etc).

   This section will explain why the application of some types of
   classifiers (like Layer 3 destination based classifiers and - Layer 3
   plus Layer 4 - classifiers,) can be deployed in a more simplistic
   fashion when using a translated form of a stateless IPv4/IPv6
   transition technology such as MAP-T [RFC7599].

   A key characteristic of MAP-T is the mapping of the IPv4 address of
   any destination into the IPv6 destination address, by means of IPv4
   to IPv6 mapping rules.  This mapping means that the subscriber flows
   are native IPv6 flows within the operators network.  The ability to
   use a standard IPv6 classifier to identify interesting traffic for
   classification is well aligned with traditional traffic
   identification capabilities using IPv4 based classifiers.  Such
   classifiers can be easily applied at the access edge as a standard
   function commonly available on most platforms deployed.

   In contrast, a solution utilizing an IP tunnel based transport (MAP-E
   [RFC7597] or DS-Lite [RFC6333]), effectively hides the payload's IP
   layer information, making it difficult to identify by means of an
   IPv6 classifier . The operator in the latter case (tunneled option)
   would need additional functionality to classify the same subscriber
   flows which may not be available on the deployed platforms.

   The classifier use case is further extended when considering that
   many traffic classifications are made using transport layer (Layer 4)
   information.  This is common in operator networks that often apply
   differential traffic treatment to different services that typically



Maglione, et al.         Expires April 16, 2016                 [Page 4]


Internet-Draft              MAP-T uses cases                October 2015


   operate using well defined TCP/UDP ports.  In the MAP-T deployment
   case, these ports are available for classification matching using the
   same standard access edge node capabilities using IPv6 classifiers.
   In the case where tunneled forms of a solution are used, these higher
   layer ports are hidden from the network (base IP layer) and special
   functionality to correctly classify these service flows is required.

   The ability to apply classifiers at the access edge node allows the
   operator to not only use standard IPv6 classifier functionality, but
   also use same mechanisms (RADIUS interface parameters/system, or
   DOCSIS configuration classifier parameters) for applying such
   classifiers.  I.e. custom RADIUS interface extensions or custom
   DOCSIS classifier extensions to deal with the classifier semantics of
   an IP tunnel based transport are not required.

2.2.  Device Configuration (DOCSIS)

   Some access technologies, like DOCSIS, require a modem configuration
   file for network operation.  These configuration files often contain
   access control and classification information that uses IPv4 and/or
   IPv6 network and transport layer information.

   MAP-T allows use of standard IPv6 classifiers within these
   configuration files permitting the continued use of the well-known
   service architecture.  Translation technologies which use tunneling
   may require the operator to update how services are managed as
   information needed to enforce policy is not longer viewable by the
   Cable Modem or upstream CMTS.  The operator in this case may need to
   build new service capabilities higher up in the network after the
   network translator to apply the full range of polices for the
   subscriber base.

2.3.  Service Flow management using Deep Packet Inspection

   Several Service Providers today use Deep Packet Inspection devices
   located at the network edge (such as a BNG) in order to inspect the
   subscriber's traffic for different purposes: profiling the user's
   behavior, and classifying the traffic based on higher layer
   information and/or traffic signatures.

   Deep packet inspection devices available today in the market and,
   more importantly, those already deployed in operator's network may
   not be able to analyze encapsulated traffic, like IPinIP, and to
   correlate the inner packet's contents to the outer packet's
   "subscriber" context - this limitation is consistent across multiple
   vendors.  In order to overcome this limitation when using IP tunnel
   based transports, without resorting to costly network upgrades,
   dedicated DPI devices need to be applied at a point in the network



Maglione, et al.         Expires April 16, 2016                 [Page 5]


Internet-Draft              MAP-T uses cases                October 2015


   where the IP tunnel transport has been stripped and the payload is
   directly available for native processing.  This not only changes the
   network architecture, but it increases the number of DPI's devices
   required: one for IPv6 traffic at the access edge, the other at a
   location where the IPv4 traffic is exposed (typically a separate
   Location).  In addition the operator would need to enforce policies
   at two architecturally separate places in the network.  Furthermore,
   even with these changes enacted, there remains a critical problem of
   correlating traffic to a given subscriber: in encapsulation based
   solutions, the IPv4 address information in the payload is not
   sufficient to uniquely identify a subscriber given that an IPv4
   address will not be unique.  As such, additional mechanisms and
   changes to the accounting infrastructure need to be introduced which
   when combined with all the previous aspects makes this solution
   operationally complex.

   With MAP-T operators can continue using the current architectural
   model with DPI devices installed at the access edge; the only
   requirement would be to have the same device able to recognize
   specific applications on the native IPv6 transport, which DPI devices
   based on application signatures are capable of doing.  Thus with
   MAP-T it doesn't matter that an operator might provision the same
   IPv4 address across multiple subscribers.  In addition with MAP-T the
   access edge would remain the single enforcement point for all user's
   policies for all traffic.  This would allow the operators to continue
   using a consistent architecture and set of accounting tools for their
   network.

2.4.  Service Flow Redirection Policies (Web-redirection)

   Redirecting the user's traffic to web portal is a common practice in
   Service Provider networks.  For example, it is common for operators
   to inform users about new services, service advisories and/or access
   to account changes using web-reduction techniques activated on http
   traffic.  In current deployments web-redirection occurs at the Edge
   node level, where the subscriber's traffic first hits the IP network.
   The activation/de- activation of redirection policy on selected
   subscribers may be driven by the AAA/RADIUS through specific RADIUS
   attributes.  In current deployments web-redirection occurs at the
   Edge node level, where the subscriber's traffic first hits the IP
   network.  The activation/de- activation of redirection policy on
   selected subscribers may be driven by the AAA/RADIUS through specific
   RADIUS attributes.

   If MAP-T is used the redirection of both IPv6 and IPv4 traffic can be
   kept at the Edge of the network with the same configuration currently
   used and by simply translating the Server's address in IPv6 with
   known mapping rules.  In case of tunnel based solution the



Maglione, et al.         Expires April 16, 2016                 [Page 6]


Internet-Draft              MAP-T uses cases                October 2015


   redirection of IPv6 and IPv4 cannot occur in a single place, because
   the redirection of IPv4 traffic must be implemented at or after the
   v4/v6 gateway responsible for de-encapsulating the traffic.  This
   approach not only would require deploying two separate
   infrastructures located in different places in order to achieve the
   redirection for both IPv6 and IPv4 traffic, but also it would not
   allow continuing using the AAA/RADIUS Server infrastructure in order
   to enforce the redirect policy at the subscriber's session.

2.5.  Service Flow Caching

   With the continuing growing of video traffic, especially considering
   the increase of http video traffic (YouTube like,) it is useful for
   the Service Providers to be able to cache the video stream at the
   Edge of the network in order to save bandwidth on upstream links.
   Using cache devices together with tunnel solutions would introduce
   similar challenges/issues as the ones described for DPI scenarios, in
   particular it would require applying caching functionality after the
   decapsulation point.  Obviously this would not eliminate the benefits
   of the cache.  Instead a MAP-T approach would allow caching the
   subscriber traffic at the edge of the network and gaining the
   bandwidth savings introduced by the caching.  Crucially, any native
   IPv6 web-caches would be capable of processing IPv6 MAP-T traffic as
   fully native traffic.

   In addition in some deployments today, Web Cache Control Protocol
   (WCCP) feature is used in order to redirect subscriber's traffic to
   the cache devices.  When a subscriber requests a page from a web
   server (located in the Internet, in this case), the network node
   where the WCCP is active, sends the request to a Cache Engine.  If
   the cache engine has a copy of the requested page in storage, the
   engine sends the user that page.  Otherwise, the engine gets the
   requested page and the objects on that page from the web server,
   stores a copy of the page and its objects (caches them), and forwards
   the page and objects to the user.  WCCP is another example of web
   redirect thus, the same considerations described in section
   Section 2.4 and the benefits introduced by MAP-T also apply here.

3.  Technological Considerations

   There are additional technological considerations which need to be
   analyzed by the operator when choosing which transition technology
   option they would like to deploy.  This section describes some of
   those considerations.







Maglione, et al.         Expires April 16, 2016                 [Page 7]


Internet-Draft              MAP-T uses cases                October 2015


3.1.  Encapsulation and Translation Overhead

   MAP-E adds an encapsulation tax of 40 bytes, while MAP-T adds a
   translation tax of 20 bytes (translating from a 20-byte IPv4 header
   to a 40-byte IPv6 header.)  In the downstream direction (from network
   toward the CPE), with an average packet size of 1000-1100 bytes, the
   added encapsulation is under 4% in the case of MAP-E.  In the case of
   MAP-T that encapsulation tax drops to about 2%.

   In the upstream direction, with an average packet size of ~400 bytes,
   the effects of the encapsulation tax is more pronounced with an added
   10% overhead for MAP-E and 5% additional overhead for MAP-T.  As the
   upstream direction tends to be both (a) more heavily oversubscribed
   than is the downstream and (b) of lower performance, the greater the
   header tax the more it upsets the precariously balanced upstream/
   downstream network loading models.

3.2.  Efficient Utilization of the Access Network

   Point-to-Multipoint access networks are common across network
   operators - DOCSIS (1.0, 1.1, 2.0, 3.0), EPON, 10G-EPON, GPON,
   XGPON,XGPON2, etc.  This network type has been incredibly successful,
   as attested to by all the variants of point-to-multipoint networks
   deployed, primarily because of their cost effectiveness.

   There are a couple challenges that are introduced by adding a
   significant amount of encapsulation overhead.  These challenges
   affect MAP-T and MAP-E similarly; the effects from MAP-E are simply
   more pronounced.

   The first challenge is that, commonly, point-to-multipoint networks
   have limited support for jumbo frames.  The second challenge is one
   that results in reduction in effective capacity on the wire, which
   yields higher cost.

3.2.1.  Jumbo Frame Support in the Access

   Some access technologies natively support fragmentation, and as a
   result, can support "jumbo frames" up to a point.  A max size IPv4
   packet that fits into the payload of a standard-compliant Ethernet
   frame is 1500 bytes.  In the context of this discussion a "jumbo
   frame" is any Ethernet frame that has more than 1500 bytes in the
   Ethernet payload.  IEEE Std. 802.3 now specifies a larger frame size
   of up to 2000 bytes, referred to as an envelope frame, where the
   envelope frame, quoting from IEEE Std.802.3-2012 "is intended to
   allow inclusion of additional prefixes and suffixes required by
   higher layer encapsulation protocols.  The encapsulation protocols
   may use up to 482 octets."



Maglione, et al.         Expires April 16, 2016                 [Page 8]


Internet-Draft              MAP-T uses cases                October 2015


   In the network access space, particularly one filled with legacy
   access products which may be 10 years old (or perhaps older), it is
   not uncommon to find products that just only support a max 1500 byte
   Ethernet payload.  Some may support up to 1532 byte payload (1550
   byte Ethernet frame), some 1582 byte payload (1600 byte Ethernet
   frame), though there's certainly not a uniform supported frame size
   past the 1500 byte payload.

   Since MTU discovery isn't typically used for IPv4 in operator
   networks and since MTU discovery for IPv6 is not implemented on the
   IPv4 host stack requesting the communication, there's no effective
   way to tell the host stack to reduce the size of its IPv4 frame to
   accommodate the MAP-T or MAP-E overhead with the MTU frame size
   limitation of the specific access products.  There are tools like
   Maximum Segment Size rewrite that can be implemented to help address
   the issue for a TCP payload but UDP payload will continue to be
   impaired.

   Thus MAP-T is preferred as there are more deployed access products
   that could support a 1534-byte or 1538-byte Ethernet frame than can
   support a 1554-byte or 1558-byte Ethernet frame, which mandates fewer
   access product replacements.

3.2.2.  Operator Added Packet Overhead and Service Level Agreements

   One of the traditional challenges with adding additional packet
   overhead to a customer frame is that it becomes more challenging to
   provide customer the last-mile bandwidth in their SLA.  This is a
   very simple overprovisioning problem when the maximum size frame is
   used, as the overhead in that case is a fixed ~1.5% or ~3% for MAP-T
   and MAP-E respectively.

   However in the case of variable packet sizes, the added overhead from
   either MAP-T or MAP-E can become very significant - from a worse case
   of ~31% (MAP-T) and ~63% (MAP-E) to the ~1.5% or ~3%.  This means
   that to provide the customer what they purchased operators will
   either provision more than the customer SLA to account for the added
   overhead or abide by the "not guaranteed" bandwidth response.

   With the average upstream packet sizes being smaller, the 5% (MAP-T)
   or 10% (MAP-E) added overhead for the average upstream packet size
   could find itself in an overprovisioned QoS profile.

   Many customers, particularly business customers, are very savvy and
   have a strong belief that when a network operator offers them an SLA,
   it's not an SLA at a specific packet size.  This can be a significant
   operational difficulty for network operators, one with a real
   operational cost.



Maglione, et al.         Expires April 16, 2016                 [Page 9]


Internet-Draft              MAP-T uses cases                October 2015


4.  Conclusions

   The use cases described in this document have highlighted a clear
   need for a MAP-T solution based on Service Providers' operational
   requirements.

   This document showed that a MAP-T approach is not a duplication of
   any other existing IPv4/IPv6 migration mechanisms based on IP
   tunneling, but actually has capabilities to solve Service Provider's
   problems.

5.  Acknowledgements

   The authors would like to thank Victor Kuarsingh for his valuable
   comments and inputs to this document.

6.  IANA Considerations

   This document does not require any action from IANA.

7.  Security Considerations

   This document has no additional security considerations beyond those
   already identified in section 11 of [RFC7599]

8.  Informative References

   [RFC6333]  Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
              Stack Lite Broadband Deployments Following IPv4
              Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011,
              <http://www.rfc-editor.org/info/rfc6333>.

   [RFC7597]  Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S.,
              Murakami, T., and T. Taylor, Ed., "Mapping of Address and
              Port with Encapsulation (MAP-E)", RFC 7597,
              DOI 10.17487/RFC7597, July 2015,
              <http://www.rfc-editor.org/info/rfc7597>.

   [RFC7599]  Li, X., Bao, C., Dec, W., Ed., Troan, O., Matsushima, S.,
              and T. Murakami, "Mapping of Address and Port using
              Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July
              2015, <http://www.rfc-editor.org/info/rfc7599>.

Authors' Addresses







Maglione, et al.         Expires April 16, 2016                [Page 10]


Internet-Draft              MAP-T uses cases                October 2015


   Roberta Maglione (editor)
   Cisco Systems
   Via Torri Bianche 8
   Vimercate  20871
   Italy

   Email: robmgl@cisco.com


   Wojciech Dec
   Cisco Systems
   Haarlerbergweg 13-19
   1101 CH Amsterdam
   The Netherlands

   Email: wdec@cisco.com


   Ida Leung
   Rogers Communications
   8200 Dixie Road
   Brampton, ON  L6T 0C1
   CANADA

   Email: Ida.Leung@rci.rogers.com


   Edwin Mallette
   Bright House Networks
   4145 S. Faulkenburg Road
   Riverview, Florida  33578
   USA

   Email: edwin.mallette@gmail.com

















Maglione, et al.         Expires April 16, 2016                [Page 11]