Network Working Group H. Singh
Internet-Draft W. Beebee
Intended status: BCP Cisco Systems, Inc.
Expires: January 15, 2009 July 14, 2008
IPv6 CPE Router Recommendations
draft-wbeebee-ipv6-cpe-router-02
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 15, 2009.
Abstract
This document recommends IPv6 behavior for Customer Premises
Equipment (CPE) routers in Internet-enabled homes and small offices.
The CPE Router may be a standalone device. The CPE Router may also
be embedded in a device such as a cable modem, DSL modem, cellular
phone, etc. This document describes the router portion of such a
device.
Singh & Beebee Expires January 15, 2009 [Page 1]
Internet-Draft CPE Router Recommendations July 2008
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 3
3. Operational Behavior . . . . . . . . . . . . . . . . . . . . . 4
3.1. Conceptual Configuration Variables . . . . . . . . . . . . 4
4. Router Initialization . . . . . . . . . . . . . . . . . . . . 4
5. Basic IPv6 Provisioning . . . . . . . . . . . . . . . . . . . 5
5.1. Acquire Link-Local Address . . . . . . . . . . . . . . . . 5
5.2. Process RAs . . . . . . . . . . . . . . . . . . . . . . . 6
5.3. Acquire IPv6 address and other configuration parameters . 6
5.3.1. Numbered Model . . . . . . . . . . . . . . . . . . . . 6
5.3.2. Unnumbered Model . . . . . . . . . . . . . . . . . . . 6
5.4. Details for DHCPv6 Address Acquisition . . . . . . . . . . 6
5.5. IPv6 Provisioning of Home Devices . . . . . . . . . . . . 7
5.5.1. LAN initialization before WAN initialization . . . . . 8
5.5.2. WAN initialization before LAN initialization . . . . . 9
5.6. IPv6 over PPP . . . . . . . . . . . . . . . . . . . . . . 9
5.6.1. Softwire support . . . . . . . . . . . . . . . . . . . 9
5.7. Stateful DHCPv6 Server . . . . . . . . . . . . . . . . . . 10
6. Cascading of Routers behind the CPE Router . . . . . . . . . . 10
7. IPv6 Data forwarding . . . . . . . . . . . . . . . . . . . . . 10
7.1. IPv6 Multicast . . . . . . . . . . . . . . . . . . . . . . 11
8. Other IPv6 Features . . . . . . . . . . . . . . . . . . . . . 12
8.1. Path MTU Discovery Support . . . . . . . . . . . . . . . . 12
8.2. Optional support for RIPv6 . . . . . . . . . . . . . . . . 13
8.3. Firewall . . . . . . . . . . . . . . . . . . . . . . . . . 13
8.3.1. Packet filters . . . . . . . . . . . . . . . . . . . . 13
9. Quality Of Service(QoS) . . . . . . . . . . . . . . . . . . . 13
10. Security Considerations . . . . . . . . . . . . . . . . . . . 13
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
13.1. Normative References . . . . . . . . . . . . . . . . . . . 14
13.2. Informative References . . . . . . . . . . . . . . . . . . 14
Appendix A. CHANGE HISTORY . . . . . . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 17
Intellectual Property and Copyright Statements . . . . . . . . . . 19
Singh & Beebee Expires January 15, 2009 [Page 2]
Internet-Draft CPE Router Recommendations July 2008
1. Introduction
This document defines IPv6 features for a residential or small office
router referred to as a CPE Router. This device also needs to
support IPv4, but that work is beyond the scope of this document.
Also, this document does not go into configuration details for the
CPE Router.
The document discusses IPv6 implications for the attached Service
Provider network. The document notes that the CPE Router may be
deployed in home in one of two ways. Either the Service Provider or
the home user may manage this device. When the CPE Router is managed
by the Service Provider, the router may need additional management
and routing properties like a new MIB definition and routing
protocols communicating between the CPE Router and the Service
Provider network. The CPE router has one WAN interface to connect to
the Service Provider and one or more LAN interfaces to the home
network devices. The WAN interface is preferred to be Ethernet
encapsulated but it may support other encapsulations such as PPP.
Each LAN interface is Ethernet encapsulated.
2. Terminology and Abbreviations
Host - this is a personal computer or any other network device in
a home that connects to the Internet via the CPE Router.
LAN interface(s) - a set of network interfaces on the CPE Router
that are used to connect hosts in the home. This set of ports
could be switched, bridged, or routed.
WLAN interface - an optional wireless access point interface on
the CPE Router used to connect wireless hosts in the home in
either managed or ad-hoc modes.
WAN interface - a single network interface on the CPE Router that
is used to connect the router to the access network of the Service
Provider.
GRE tunnel - Generic Routing Encapsulation tunnel.
SLAAC - StateLess Address Auto Configuration.
IPTV - Internet Protocol TeleVision.
Singh & Beebee Expires January 15, 2009 [Page 3]
Internet-Draft CPE Router Recommendations July 2008
3. Operational Behavior
The CPE Router is a gateway to the Internet for a home. The router
is also intended to provide home networking functionality. The CPE
Router may have a console or web interface for configuration. This
document defines the core set of features that are supported by the
CPE Router, however individual implementations may include value-
added features such as WLAN capability.
The core set of IPv6 features for the CPE Router includes
provisioning the CPE Router for IPv6, IPv6 data forwarding including
IPv6 multicast, CPE Router provisioning hosts on its LAN
interface(s), firewall, and QoS behavior. An IPv6 firewall is
discussed briefly in the Firewall section where the section refers
the draft-ietf-v6ops-cpe-simple-security
[I-D.ietf-v6ops-cpe-simple-security] for more details.
3.1. Conceptual Configuration Variables
The CPE Router maintains such a list of conceptual optional
configuration variables.
1. Loopback interface enable.
2. PPPOE enable.
3. Softwire enable
4. RIPv6 enable.
5. If DHCPv6 fails, the CPE Router may initiate PPPOE or L2TPv2
Softwire tunnel.
4. Router Initialization
Before the CPE Router is initialized, the device must have IPv6
enabled. The CPE Router should support the ability to disable its
IPv6 stack. The CPE Router also has the ability to block or forward
IPv6 traffic to and from the router's LAN interface(s). [RFC2669]
includes a MIB definition to block the IPv4 or IPv6 Ethertype in the
upstream or downstream interface(s) of a device such as the CPE
Router. Some portion of this MIB may need to be modified for use
with the CPE Router.
The CPE Router supports at least one of two modes of initialization:
either the LAN interface(s) become operational first or the WAN
interface becomes operational first. More details have been provided
Singh & Beebee Expires January 15, 2009 [Page 4]
Internet-Draft CPE Router Recommendations July 2008
in the Basic IPv6 Provisioning section.
5. Basic IPv6 Provisioning
The CPE Router needs to support two WAN interface models, one of
which will be active on the CPE Router at any given time. In one
model called as the numbered model the WAN interface of the CPE
Router must acquire a global IPv6 address. In another model called
as the unnumbered model, the WAN interface only acquires a link-local
address. Further, in this unnumbered model, the CPE router enables
an optional Loopback network interface, facing the Service Provider
upstream, which initiates stateless DHCPv6 for IA_PD option and other
IPv6 configuration. On completing DHCPv6, the Loopback interface
will be assigned an IPv6 address sub-delegated from the IA_PD. In
the numbered model, we recommend the CPE Router WAN interface acquire
its global IPv6 address using stateful DHCPv6 for administrative
control of the router. DHCPv6 IA_PD option can be used as described
in [RFC3633]. Any of stateful DHCPv6, stateless autoconfiguration,
or manual configuration may be supported by the CPE router for IPv6
address configuration of the WAN interface. Manual configuration is
beyond the scope of this document.
The CPE Router acquires its IPv6 addresses from the Service Provider
along with any other IPv6 configuration any time the WAN interface is
connected to the Service Provider network. Thereafter the CPE Router
provisions its LAN interface(s) for IPv6 router functionality
including provisioning global IPv6 addresses on the LAN interface(s).
Even if LAN interface(s) have been operational and provisioned
earlier, the global IPv6 configuration of LAN interface(s) is still
required. More details for provisioning the CPE Router are given in
the following sections.
5.1. Acquire Link-Local Address
If an interface of the CPE Router is configured for IPv6, when the
interface initializes itself, as per [RFC4862], the CPE Router must
create a link-local address for the interface. We recommend the CPE
Router use the EUI-64 identifier as a link-local address for each of
its interfaces. Refer to EUI-64 details in [RFC4291]. Further, as
per section 5.4 of [RFC4862], since the CPE Router supports link-
layer multicast on all of its interfaces draft-ietf-6man-node-req-bis
[I-D.ietf-6man-node-req-bis], it must perform Duplicate Address
Detection (DAD) on all unicast addresses unless a layer 2-specific
document specifies that DupAddrDetectTransmits is zero for that
linktype. If the CPE Router detects a duplicate address assigned to
an interface, the CPE Router must not send IPv6 packets from the
interface.
Singh & Beebee Expires January 15, 2009 [Page 5]
Internet-Draft CPE Router Recommendations July 2008
5.2. Process RAs
The CPE Router must process incoming RAs received on the WAN
interface as specified in section 6.3 of [RFC4861]. The CPE Router
locates routers that reside on the attached WAN link from the
received RAs.
5.3. Acquire IPv6 address and other configuration parameters
The CPE Router must process RAs received on the WAN interface. As
per [RFC4861] if the M bit is set in the RA, the WAN interface must
perform stateful DHCPv6- if the O bit is set in the RA, the WAN
interface acquires other configuration information using stateless
DHCPv6 [RFC3736]. If the A bit in the RA is clear or the RA does not
include any Prefix Information Option (PIO), the WAN interface must
not perform SLAAC. IPv6 deployments that configure RA to not include
any PIO are discussed in draft-ietf-6man-ipv6-subnet-model
[I-D.ietf-6man-ipv6-subnet-model]. If SLAAC is used to acquire a
global IPv6 address, then subsequently, the WAN interface must
initiate stateless DHCPv6 to obtain other parameters like Domain Name
Server(s) IPv6 addresses and IA_PD DHCPv6 option.
5.3.1. Numbered Model
As instructed by the RA message, the WAN interface acquires global
IPv6 address using SLAAC or stateful DHCPv6.
5.3.2. Unnumbered Model
When the CPE router is configured for Unnumbered model, after the WAN
and Loopback interfaces have acquired a link-local address, the
Loopback interface initiates SLAAC or stateful DHCPv6 to obtain IA_PD
option and other configuration information. On receiving the DHCPv6
REPLY with IA_PD option, the CPE Router sub-delegates one global IPv6
address from the IA_PD option to the Loopback interface.
At any instance in time of the CPE Router operation, the router does
not forward any traffic between its WAN and LAN interface(s) if the
router has not completed IPv6 provisioning process that involves the
acquisition of a global IPv6 address by the WAN or loopback interface
and the acquisition of a global or Unique Local Address (ULA) by the
LAN interface(s).
5.4. Details for DHCPv6 Address Acquisition
If the WAN interface uses stateful DHCPv6, the interface sends a
DHCPv6 Solicit message as described in section 17.1.1 of [RFC3315].
The Solicit message must include an IA_NA option as specified by
Singh & Beebee Expires January 15, 2009 [Page 6]
Internet-Draft CPE Router Recommendations July 2008
[RFC3315]. If the WAN interfaces uses stateless DHCPv6, the WAN
interface sends an Information Request. Both the DHCPv6 SOLICIT and
Information Request also include other option like an IA_PD option as
specified by [RFC3633], a Reconfigure Accept option to inform the
server that client is willing to accept Reconfigure message from
server, and the Options Request option that includes the DNS
Recursive Name server option as specified in [RFC3646]. The Solicit
may also include the Rapid Commit option if the CPE Router is willing
to accept a 2-message DHCPv6 exchange with the server.
When the CPE Router processes a DHCPv6 response from the server, if
the response message (e.g. ADVERTISE or REPLY) received does not
include an IA_PD option, or Reconfigure Accept option, then the CPE
Router has failed DHCPv6 address acquisition. For stateful DHCPv6,
the response message must also include an IA_NA option or stateful
DHCPv6 address acquisition has failed. If stateful DHCPv6 succeeds,
the CPE Router must perform DAD with the IPv6 address acquired from
DHCPv6. If the CPE Router detects a duplicate, the CPE Router must
send a DHCPv6 Decline message to the DHCPv6 server.
The CPE Router may support the Reconfigure Key Authentication
Protocol, as described in section 21.5 of [RFC3315]. The CPE Router
may also support prefix sub-delegation. Prefix sub-delegation
involves DHCPv6 server support with IA_PD on the CPE router and the
ability to provision the server from a DHCPv6 REPLY with IA_PD option
received on the WAN interface.
5.5. IPv6 Provisioning of Home Devices
The CPE Router may include a stateful DHCPv6 server to assign
addresses to home devices connected via the LAN interface(s) of the
CPE Router. However, we recommend that the CPE Router use SLAAC for
home devices.
If the LAN interface(s) are switched or bridged ports, then the CPE
Router assigns a single global IPv6 address to a conceptual virtual
interface serving all the LAN interface(s). If each LAN interface is
a routed port, then the CPE router will assign a global IPv6 address
and unique subnet to each LAN interface. In either case, when the
CPE Router needs to assign a single IPv6 address to LAN interface(s)
or multiple IPv6 addresses, the CPE Router redistributes the
addresses and subnets from the prefix received in IA_PD option by the
WAN interface. If the IA_PD changes, the CPE Router must reconfigure
the LAN interface(s) with new IPv6 addresses derived from the new
IA_PD and then also renumber the IPv6 ND RA configuration on the LAN
interface(s).
This document recommends the RA sent out by LAN Interface(S) to be
Singh & Beebee Expires January 15, 2009 [Page 7]
Internet-Draft CPE Router Recommendations July 2008
configured for stateless autoconfiguration so that the prefix
advertised in the RA is derived from the IA_PD assigned to the CPE
Router by the Service Provider; the O-bit is also set so that the CPE
Router can pass Domain Name Server(s) IPv6 address(es) to home
devices. The CPE Router obtained the Domain Name Server(s) in
OPTION_DNS_SERVERS option from the DHCPv6 server when the CPE Router
WAN interface completed DHCPv6.
5.5.1. LAN initialization before WAN initialization
On power up, the LAN interface(s) of the CPE Router may become
operational before the WAN interface. This mode is appropriate for
manual user configuration of the CPE Router. After any LAN interface
has acquired a link-local address, the address can be used for user
configuration via the network. The interface can assign itself a
Unique Local Address automatically through the pseudo-random number
generation algorithm described in [RFC4193]. Note that the ULA needs
to have a larger subnet than a /64 if multiple routers are cascaded
behind the CPE router and prefix sub-delegation is used (see the
Cascading of Routers behind the CPE Router section below). Once the
IPv6 address configuration of the LAN interface(s) is complete with a
ULA, as per [RFC4862], the CPE Router sends Router Advertisements
(RA) to devices in the home. Hosts receiving the RA from LAN
interface(s) will process the RA and perform IPv6 address
acquisition. After all the LAN interface(s) have become operational,
if the WAN interface is connected to the Service Provider network,
then the WAN interface provisions itself and may acquire an IA_PD.
If an IA_PD is acquired, it may be sub-delegated to any cascaded
routers or used for SLAAC provisioning of hosts in the home. Based
on the IA_PD, the CPE Router configures global address(es) on the LAN
interface(s) and sends an RA containing the global address and unique
local prefixes out the LAN interface(s). After this process, every
LAN interface has a link-local unicast address, a ULA, and a global
unicast address (GUA). Therefore, the interface has to apply source
address selection to determine which address to use as a source for
outgoing packets. Since the GUA has a larger scope than the link-
local address, or the ULA (rule #2 of [RFC3484]), the GUA will be
used as a source address of outgoing packets that are not subject to
rule #1. If a user desires to keep CPE Router configuration traffic
local to the home network, the user can do the following:
Use the ULA of the CPE Router as the destination of the
configuration traffic.
Use access control lists (ACL)s to block any ULA sourced packet
from being sent out the WAN interface.
Rule #1 of [RFC3484] and the ACLs ensure that the traffic does not
Singh & Beebee Expires January 15, 2009 [Page 8]
Internet-Draft CPE Router Recommendations July 2008
escape the home network.
After the WAN interface initializes, then the LAN interface(s) can
acquire global unicast addresses.
5.5.2. WAN initialization before LAN initialization
On power up, the WAN interface of the CPE Router may become
operational before the LAN interface(s). This mode is appropriate
for Service Provider configuration of the CPE Router. After the IPv6
address configuration for WAN interface is completed, the CPE Router
configures IPv6 address for LAN interface(s).
Once IPv6 address configuration of the LAN interface(s) is complete,
as per [RFC4862], the CPE Router sends Router Advertisements (RA) to
devices in the home. Hosts receiving the RA from LAN interface(s)
will process the RA and perform IPv6 address acquisition.
5.6. IPv6 over PPP
In some deployments IPv6 over PPP is preferred to connect the home to
the Service Provider. For such a deployment, another configuration
variable on the CPE Router enables optional IPv6 over PPP support.
After IPv6CP negotiates IPv6 over PPP and the WAN interface acquires
an IA_PD option via stateless DHCPv6, the CPE Router assigns global
address(es) to its LAN interface(s) and sub-delegates the IA_PD to
hosts connected to the LAN interface(s). IPv6 over PPP follows
[RFC5072]. As per [RFC5072], the CPE router does not initiate any
DAD for unicast IPv6 addresses since DupAddrDetectTransmits variable
from [RFC4862] is zero for IPv6 over PPP.
If the Service Provider deployment supports dual-stack PPP support,
then the CPE Router WAN interface may initiate one PPP logical
channel and support NCP IPv4 and IPv6 control protocols over one PPP
logical channel. [RFC4241] describes such behavior. The IPv4 and
IPv6 NCP's are independent of each other and start and terminate
independently.
5.6.1. Softwire support
If the CPE Router is deployed in a deployment where the home includes
IPv6 hosts but the Service Provider network does not support IPv6, an
optional softwire feature must be enabled on the CPE Router. The
softwire draft-ietf-softwire-hs-framework-l2tpv2
[I-D.ietf-softwire-hs-framework-l2tpv2] initiates L2TPv2 tunnel from
the CPE Router to tunnel IPv6 data from the home over an IPv4
network. The feature is enabled before any IPv6 host in the home is
connected to the CPE Router or the WAN interface of the CPE Router is
Singh & Beebee Expires January 15, 2009 [Page 9]
Internet-Draft CPE Router Recommendations July 2008
operational. If the CPE Router supports the Softwire feature, then
the CPE Router must support the deployment scenario of Router CPE as
Softwire Initiator described in section 3.1.2 of
draft-ietf-softwire-hs-framework-l2tpv2
[I-D.ietf-softwire-hs-framework-l2tpv2]. IPV6CP negotiates IPv6 over
PPP which also provides the capability for the Service Provider to
assign the 64-bit Interface-Identifier to the WAN interface of the
CPE Router. After the WAN interface has acquired an IA_PD option,
global addresses from the IA_PD are assigned to the LAN interface(s)
and the IA_PD is also sub-delegated to clients connected to the LAN
interface(s).
5.7. Stateful DHCPv6 Server
The CPE Router may support a stateful DHCPv6 server to serve clients
on the CPE Router LAN interface(s). If the CPE Router needs to
support a stateful DHCPv6 server, then more details will be added to
this section specifying the minimal functionality that the stateful
DHCPv6 server needs to support.
6. Cascading of Routers behind the CPE Router
To support cascading routers behind the CPE Router this document
recommends using prefix sub-delegation of the prefix obtained either
via IA_PD from WAN interface or a ULA from the LAN interface. The
network interface of the downstream router may obtain an IA_PD either
via stateful DHCPv6 or stateless DHCPv6. If the CPE router supports
cascading of routers through automatic prefix sub-delegation, the CPE
router must support a DHCPv6 server or DHCPv6 relay agent. If an
IA_PD is used, the Service Provider or user needs to allocate an
IA_PD or ULA prefix short enough to be sub-delegated and subsequently
used for SLAAC. Therefore, a prefix length shorter than /64 is
needed.
7. IPv6 Data forwarding
Each of the WAN and LAN interface(s) of the CPE Router must have its
own L2 (e.g. MAC) address. The CPE Router supports ND protocol on
both the WAN interface and LAN interface(s) to advertise itself as a
router to neighbors in the Service Provider and home networks.
The CPE Router forwards packets between the Service Provider and the
home network. To do this, the CPE Router needs to look up the
destination address of the packet in the routing table and decide
which route to use to forward the packet. The CPE Router routing
table will be initialized during CPE Router initialization. The
Singh & Beebee Expires January 15, 2009 [Page 10]
Internet-Draft CPE Router Recommendations July 2008
routing table is filled by directly connected, static, and routing
protocol routes.
The CPE Router consumes any packet destined to its WAN or LAN
interface. The CPE Router forwards other packets destined to hosts
attached to CPE Router LAN interface(s). Any packet that is not
routable by the CPE Router must be dropped.
The CPE Router must support the ND protocol specified by [RFC4861].
Proxy Neighbor Advertisements as described in Section 7.2.8 of
[RFC4861] are not applicable to the CPE Router. Also note, as per
section 6.2.8 of [RFC4861] the link-local address on a router should
rarely change, if ever. As per [RFC2460], the CPE Router decrements
the Hop Limit by 1 for any packet it forwards. The packet is
discarded if Hop Limit is decremented to zero and the CPE Router also
sends an ICMP Time Exceeded message to the source of the packet.
7.1. IPv6 Multicast
The CPE Router needs to support multicast clients in the home. These
clients are connected to the CPE Router LAN interface(s). Therefore
the CPE Router must implement IPv6 multicast MLDv2 router
functionality as per [RFC3810] on each of the LAN interface(s).
Further, the IPv6 multicast router also maintains a conceptual
Multicast Client Database for each LAN interface which maintains
multicast client reception state for connected hosts. The CPE Router
builds the Multicast Client Database from MLD Reports messages
arriving at the LAN interface(s) from hosts in the home.
In the CPE Router downstream direction the device needs to forward
multicast data to LAN interface(s). In order to do that, the CPE
Router needs to support being a MLDv2 multicast Listener, defined in
[RFC3810], on the WAN interface. The CPE Router learns IPv6
multicast group membership information received on LAN interface(s)
and proxies the information on the WAN interface to the next upstream
multicast router. Multicast downstream packets arriving at the WAN
interface are forwarded to the respective LAN interface based on
information the CPE Router learned from LAN interface MLDv1/v2
Reports.
The CPE Router also merges all multicast connected client information
from all the LAN interface(s) in a conceptual IPv6 multicast Group
Membership Database. The WAN interface follows section 4.2 of
[RFC3810] to maintain the multicast reception interface state.
Therefore, if an entry in the IPv6 multicast Group Membership
Database changes, the CPE Router reports the change with an
unsolicited MLDv2 Report. Likewise, if the CPE Router WAN interface
is queried by an upstream multicast router, the CPE Router will
Singh & Beebee Expires January 15, 2009 [Page 11]
Internet-Draft CPE Router Recommendations July 2008
respond with information from the Group Membership Database. The
format of records in the Group Membership Database is specified in
section 7.2 of [RFC3810]. A record will exist per LAN interface and
per multicast address joined.
Querier Election rules as described in section 7.6.2 of [RFC3810] do
not apply to the CPE Router since the home network has only one
router. Therefore, the CPE Router must always act as an MLD querier
on its LAN interface(s).
The CPE Router maintains a conceptual Multicast Forwarding
Information Base (MFIB). To forward any multicast packet, the CPE
Router will lookup the multicast group and output interface list in
the MFIB. The CPE Router transmits IPv6 multicast packets out an
interface if and only if at least one receiving host is joined to the
corresponding group on the interface. Entries in the MFIB are added
and updated via the Multicast Client Database and the Group
Membership Database.
Consistent with the above model, the CPE Router may not implement the
router portion of MLDv2 for the WAN interface. Likewise, the LAN
interfaces on the CPE router may not implement an MLDv2 Multicast
Listener. However, if a user at home wants to create a new multicast
group and send multicast data to other nodes on the Service Provider
network, then the WAN interface of the CPE Router will need to
implement the router portion of MLDv2 and the LAN interface will need
to implement MLDv2 Multicast Listener. Furthermore, in this case,
the router implementation described above should be extended to
handle multicast traffic flowing in the upstream direction.
8. Other IPv6 Features
8.1. Path MTU Discovery Support
GRE tunnels, such as IPv6 to IPv4 tunnels (which may be terminated on
the CPE Router), can modify the default Ethernet MTU of 1500 bytes.
Also, in the future, Ethernet Jumbo frames (9000+ bytes) may also be
supported. Since the MTU can vary, a newly initiated TCP stream must
detect the largest packet that can be sent to the destination without
fragmentation. This can be detected using Path MTU Discovery
[RFC1981]. Packets which are too large to be forwarded along the
path from source to destination may generate an ICMPv6 Packet Too Big
message. The CPE Router must route back to the source any ICMPv6
Packet Too Big messages generated anywhere on this path.
Singh & Beebee Expires January 15, 2009 [Page 12]
Internet-Draft CPE Router Recommendations July 2008
8.2. Optional support for RIPv6
The CPE Router may support RIPv6 routing protocol [RFC2080] so that
RIPv6 operates between the CPE Router and the Service Provider
network. RIPv6 has scaling and security implications for the Service
Provider network where one Service Provider router may terminate
several tens of thousands of CPE routers. However, RIPv6 does
provide one solution from the CPE Router to the Service Provider
network for prefix route injection.
8.3. Firewall
The CPE Router must support an IPv6 Firewall feature. The firewall
may include features like access-control lists. The firewall may
support interpretation or recognition of most IPv6 extension header
information including inspecting fragmentation header. The firewall
needs to support stateful and stateless Packet Filters as follows.
8.3.1. Packet filters
The CPE Router needs to support packet filtering based on IP headers,
extended headers, UDP and TCP ports etc. There are numerous filters
mentioned (section 3.2) in draft-ietf-v6ops-cpe-simple-security
[I-D.ietf-v6ops-cpe-simple-security], like some that allow IKE, IPSec
packets while another filter may block Teredo packets.
9. Quality Of Service(QoS)
The CPE router MAY support differentiated services [RFC2474].
10. Security Considerations
Security considerations of a CPE router are covered by
draft-ietf-v6ops-cpe-simple-security
[I-D.ietf-v6ops-cpe-simple-security].
11. IANA Considerations
None.
12. Acknowledgements
Thanks (in alphabetical order) to Bernie Volz, Carlos Pignataro, Mark
Townsley, Mikael Abrahamsson, Ole Troan, Remi Denis-Courmont, and
Singh & Beebee Expires January 15, 2009 [Page 13]
Internet-Draft CPE Router Recommendations July 2008
Shin Miyakawa for their input on the document.
13. References
13.1. Normative References
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
September 2007.
13.2. Informative References
[I-D.ietf-6man-ipv6-subnet-model]
Singh, H., Beebee, W., and E. Nordmark, "IPv6 Subnet
Model: the Relationship between Links and Subnet
Prefixes", draft-ietf-6man-ipv6-subnet-model-01 (work in
progress), July 2008.
[I-D.ietf-6man-node-req-bis]
Loughney, J., "IPv6 Node Requirements RFC 4294-bis",
draft-ietf-6man-node-req-bis-01 (work in progress),
February 2008.
[I-D.ietf-softwire-hs-framework-l2tpv2]
Storer, B., Pignataro, C., Santos, M., Stevant, B., and J.
Tremblay, "Softwire Hub & Spoke Deployment Framework with
L2TPv2", draft-ietf-softwire-hs-framework-l2tpv2-09 (work
in progress), July 2008.
[I-D.ietf-v6ops-cpe-simple-security]
Woodyatt, J., "Recommended Simple Security Capabilities in
Customer Premises Equipment for Providing Residential
IPv6 Internet Service",
draft-ietf-v6ops-cpe-simple-security-02 (work in
progress), February 2008.
[RFC1122] Braden, R., "Requirements for Internet Hosts -
Communication Layers", STD 3, RFC 1122, October 1989.
[RFC1981] McCann, J., Deering, S., and J. Mogul, "Path MTU Discovery
for IP version 6", RFC 1981, August 1996.
[RFC2080] Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080,
January 1997.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998.
Singh & Beebee Expires January 15, 2009 [Page 14]
Internet-Draft CPE Router Recommendations July 2008
[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
"Definition of the Differentiated Services Field (DS
Field) in the IPv4 and IPv6 Headers", RFC 2474,
December 1998.
[RFC2669] St. Johns, M., "DOCSIS Cable Device MIB Cable Device
Management Information Base for DOCSIS compliant Cable
Modems and Cable Modem Termination Systems", RFC 2669,
August 1999.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3484] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003.
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
Host Configuration Protocol (DHCP) version 6", RFC 3633,
December 2003.
[RFC3646] Droms, R., "DNS Configuration options for Dynamic Host
Configuration Protocol for IPv6 (DHCPv6)", RFC 3646,
December 2003.
[RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol
(DHCP) Service for IPv6", RFC 3736, April 2004.
[RFC3769] Miyakawa, S. and R. Droms, "Requirements for IPv6 Prefix
Delegation", RFC 3769, June 2004.
[RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery
Version 2 (MLDv2) for IPv6", RFC 3810, June 2004.
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", RFC 4193, October 2005.
[RFC4241] Shirasaki, Y., Miyakawa, S., Yamasaki, T., and A.
Takenouchi, "A Model of IPv6/IPv4 Dual Stack Internet
Access Service", RFC 4241, December 2005.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006.
[RFC4605] Fenner, B., He, H., Haberman, B., and H. Sandick,
"Internet Group Management Protocol (IGMP) / Multicast
Listener Discovery (MLD)-Based Multicast Forwarding
("IGMP/MLD Proxying")", RFC 4605, August 2006.
Singh & Beebee Expires January 15, 2009 [Page 15]
Internet-Draft CPE Router Recommendations July 2008
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862, September 2007.
[RFC5072] S.Varada, Haskin, D., and E. Allen, "IP Version 6 over
PPP", RFC 5072, September 2007.
Appendix A. CHANGE HISTORY
[NOTE TO RFC EDITOR: PLEASE REMOVE THIS SECTION UPON PUBLICATION.]
Changes in draft-wbeebee-ipv6-cpe-router-02.txt since -01.txt are:
o Added a new section called Conceptual Configuration Variables to
list optional configuration variables.
o Removed the following sentence from the LAN initialization before
WAN initialization section. "Note that if the home does not
cascade CPE routers, then ULA's are not needed for the LAN
interfaces, since link-local addresses are sufficient for
configuration."
o Removed the following sentence from IPv6 Data Forwarding Section.
"Each protocol that the CPE Router can forward packets for must
have a separate routing table."
o Removed the following sentence from IPv6 Data Forwarding Section
because once it was explained what the sentence is describing,
reviewers said the facts are obvious for a router. "Before
forwarding a packet in any direction from CPE router, the CPE
Router will perform a MAC rewrite operation that rewrites the
source L2 address of the packet with CPE Router's WAN or LAN
interface MAC address."
o Reworded the QoS section and added a reference to [RFC2474].
o Changed hyphenated 6-to-4 text in the Path MTU Discovery Support
section to IPv6 to IPv4.
o Added a new IPv6 over PPP section.
o Added a new Softwires section.
o Added one new sentence at the end of second paragraph of the IPv6
Provisioning of Home Devices for renumbering behavior for the CPE
Router network interfaces.
Changes in draft-wbeebee-ipv6-cpe-router-01.txt since -00.txt are:
Singh & Beebee Expires January 15, 2009 [Page 16]
Internet-Draft CPE Router Recommendations July 2008
o Added to Abstract to explain better what is the scope of the CPE
Router document.
o In Introduction section, changed WAN port from only Ethernet
encapsulation to also support other encapsulation types like PPP.
o Added another router initialization mode of LAN first before WAN
to Router Initialization section.
o Split up Acquire IPv6 address and other configuration parameters
section into two sub-sections to support no global IPV6 address
assigned to WAN interface. Added details as to how WAN interface
works without a global IPv6 address.
o IPv6 Provisioning of Home Devices section was split up into two
sections called LAN initialization before WAN initialization and
WAN initialization before LAN initialization. Details have been
provided for workings of the CPE Router in such initialization
modes.
o New section called Cascading of Routers behind the CPE Router was
added.
o Text of draft between sections 4-5 has a lot of shuffling around
to accomodate new initialization modes and two different kind of
WAN interface address support.
Authors' Addresses
Hemant Singh
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, MA 01719
USA
Phone: +1 978 936 1622
Email: shemant@cisco.com
URI: http://www.cisco.com/
Singh & Beebee Expires January 15, 2009 [Page 17]
Internet-Draft CPE Router Recommendations July 2008
Wes Beebee
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, MA 01719
USA
Phone: +1 978 936 2030
Email: wbeebee@cisco.com
URI: http://www.cisco.com/
Singh & Beebee Expires January 15, 2009 [Page 18]
Internet-Draft CPE Router Recommendations July 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Singh & Beebee Expires January 15, 2009 [Page 19]