Network Working Group H. Singh
Internet-Draft W. Beebee
Intended status: Informational Cisco Systems, Inc.
Expires: February 19, 2010 August 18, 2009
IPv6 CPE Router Recommendations(bis)
draft-wbeebee-v6ops-ipv6-cpe-router-bis-00
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to
translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on February 19, 2010.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Singh & Beebee Expires February 19, 2010 [Page 1]
Internet-Draft CPE Router Recommendations August 2009
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract
This document continues the work undertaken by a earlier version of
this document. IETF preferred to expedite the IPv6 CPE Router
document. As a result, anything that was seen to be under
development for a technology or feature for the IPv6 CPE Router has
been moved to this document.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology and Abbreviations . . . . . . . . . . . . . . . . . 3
3. Conceptual Configuration Variables . . . . . . . . . . . . . . 3
4. Other IPv6 Features . . . . . . . . . . . . . . . . . . . . . . 3
4.1. Firewall (DEV) . . . . . . . . . . . . . . . . . . . . . . 3
4.1.1. Packet Filters (DEV) . . . . . . . . . . . . . . . . . 3
4.2. Zero Configuration Support (MEDIUM) . . . . . . . . . . . . 4
4.3. 6to4 Automated Tunneling (MEDIUM)/Dual-Stack Lite
(DEV)/ISATAP (MEDIUM) . . . . . . . . . . . . . . . . . . . 4
4.4. DNS Support (DEV) . . . . . . . . . . . . . . . . . . . . . 5
4.5. Multi-homed Host Support (MEDIUM) . . . . . . . . . . . . . 5
5. Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6
9.1. Normative References . . . . . . . . . . . . . . . . . . . 6
9.2. Informative References . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7
Singh & Beebee Expires February 19, 2010 [Page 2]
Internet-Draft CPE Router Recommendations August 2009
1. Introduction
This document continues the work undertaken by the IPv6 CPE Router
work to incorporate technologies under development.
2. Terminology and Abbreviations
mDNS - Multicast Domain Name System - see http://www.zeroconf.org.
3. Conceptual Configuration Variables
The CPE Router maintains such a list of conceptual optional
configuration variables.
1. Softwire enable.
2. More Specifc Route ([RFC4191]) enable and configure routes.
3. If DHCPv6 fails, the CPE Router may initiate PPPOE, L2TPv2
Softwire tunnel, or 6to4 [RFC3056] operation.
4. Other IPv6 Features
4.1. Firewall (DEV)
The CPE Router must support an IPv6 Firewall feature. The firewall
may include features like access-control lists. The firewall may
support interpretation or recognition of most IPv6 extension header
information including inspecting fragmentation header. The firewall
must support stateful and stateless Packet Filters as follows.
4.1.1. Packet Filters (DEV)
The CPE Router must support packet filtering based on IP headers,
extended headers, UDP and TCP ports etc. There are numerous filters
mentioned (section 3.2) in draft-ietf-v6ops-cpe-simple-security
[I-D.ietf-v6ops-cpe-simple-security], like some that allow IKE, IPSec
packets while another filter may block Teredo packets.
It is possible that in future, IPv6 global unicast prefix can expand
beyond its existing range. Therefore the CPE Router MUST not have
hard coded filters tied to only allow prefixes in a given range.
6to4 and ISATAP tunnels may be initiated by hosts behind the CPE
Router. The CPE Router MUST NOT block 6to4 or ISATAP packets without
Singh & Beebee Expires February 19, 2010 [Page 3]
Internet-Draft CPE Router Recommendations August 2009
a configurable override.
4.2. Zero Configuration Support (MEDIUM)
The CPE Router MAY support manual configuration via the web using a
URL string like http://router.local as per mDNS described in the
Terminology and Abbreviations section. Note that mDNS is a link-
local protocol, so extra functionality is required if configuration
is to be supported over cascaded routers. Support of configuration
through cascaded routers is beyond the scope of this document.
4.3. 6to4 Automated Tunneling (MEDIUM)/Dual-Stack Lite (DEV)/ISATAP
(MEDIUM)
If the IPv4 address assigned to the WAN interface of the CPE Router
is a non-[RFC1918] IPv4 address, and the CPE Router fails to acquire
an IPv6 address before WAN_IP_ACQUIRE_TIMEOUT seconds after acquiring
the IPv4 address, then the 6to4 tunneling protocol [RFC3056] SHOULD
be enabled automatically, allowing tunneling of IPv6 packets over
IPv4 without requiring user configuration. If an anycast 6to4 server
cannot be located, the CPE Router MAY initiate ISATAP [RFC4214] to
establish IPv6 connectivity over the IPv4 network. If an IPv6
address is acquired, but no IPv4 address is acquired before
WAN_IP_ACQUIRE_TIMEOUT seconds after the IPv6 address was acquired,
then the CPE Router SHOULD use DS-Lite and disable NAT44 in the CPE
Router. If both IPv6 and IPv4 addresses are acquired within
WAN_IP_ACQUIRE_TIMEOUT seconds of each other, then the CPE Router
operates in dual stack mode, and does not need either 6to4 or DS-
Lite. If no IPv4 and no IPv6 address has been acquired, then the CPE
Router retries acquisition.
6to4 can be useful in the scenario where the Service Provider does
not yet support IPv6, but devices in the home use IPv6. An IPv6
address is constructed automatically from the IPv4 address (V4ADDR)
configured on the interface using the prefix 2002:V4ADDR::/48. A
6to4 tunnel can be automatically created using a pre-configured 6to4
gateway end-point for the tunnel.
Several proposals are being considered by IETF related to the problem
of IPv4 address depletion, but have not yet achieved working group
consensus for publication as an RFC. Dual-stack lite ietf-softwire-
dual-stack-lite-00 [I-D.ietf-softwire-dual-stack-lite] requires the
CPE Router to support features such as v4 in v6 encapsulation and
softwires. Further, any approach which requires the use of a tunnel
MUST take into account the reduced MTU. The tunnel software on the
CPE Router MUST be capable of fragmenting data packets.
For DS-Lite, the CPE Router also discovers the IPv6 address of the
Singh & Beebee Expires February 19, 2010 [Page 4]
Internet-Draft CPE Router Recommendations August 2009
Carrier Grade NAT node in the deployment. The ietf-softwire-dual-
stack-lite-00 [I-D.ietf-softwire-dual-stack-lite] draft has yet to
fully describe the method of discovery.
4.4. DNS Support (DEV)
For local DNS queries for configuration, the CPE Router may include a
DNS server to handle local queries. Non-local queries can be
forwarded unchanged to a DNS server specified in the DNS server
DHCPv6 option. The CPE Router may also include DNS64 functionality
which is specified in draft-bagnulo-behave-dns64
[I-D.bagnulo-behave-dns64]. The local DNS server MAY also handle
renumbering from the Service Provider provided prefix for local names
used exclusively inside the home (the local AAAA and PTR records are
updated). This capability provides connectivity using local DNS
names in the home after a Service Provider renumbering. A CPE Router
MAY add local DNS entries based on dynamic requests from the LAN
segment(s). The protocol to carry such requests from hosts to the
CPE Router is yet to be described.
4.5. Multi-homed Host Support (MEDIUM)
The CPE Router MAY support [RFC4191] on its LAN interfaces. Small
consumer embedded multi-homed hosts in the home may not have
configurable routing tables. The CPE Router can communicate More
Specific Routes (MSRs) to these hosts to allow them to choose a
preferred router to send traffic to for traffic destined to specific
prefixes configured through manual configuration. Advertisement of
MSRs through RAs is turned off by default.
5. Future Work
1. Enumerate requirements in list form (to be done after
requirements are solidified).
6. Security Considerations
Security considerations of a CPE router are covered by
draft-ietf-v6ops-cpe-simple-security
[I-D.ietf-v6ops-cpe-simple-security].
7. IANA Considerations
None.
Singh & Beebee Expires February 19, 2010 [Page 5]
Internet-Draft CPE Router Recommendations August 2009
8. Acknowledgements
Thanks (in alphabetical order) to Antonio Querubin, Barbara Stark,
Bernie Volz, Brian Carpenter, Carlos Pignataro, Dan Wing, David
Miles, Francois-Xavier Le Bail, Fred Baker, James Woodyatt, Mark
Townsley, Mikael Abrahamsson, Ole Troan, Remi Denis-Courmont, Shin
Miyakawa, Teemu Savolainen, Thomas Herbst, and Tony Hain for their
input on the document.
9. References
9.1. Normative References
9.2. Informative References
[I-D.bagnulo-behave-dns64]
Bagnulo, M., Sullivan, A., Matthews, P., Beijnum, I., and
M. Endo, "DNS64: DNS extensions for Network Address
Translation from IPv6 Clients to IPv4 Servers",
draft-bagnulo-behave-dns64-02 (work in progress),
March 2009.
[I-D.ietf-softwire-dual-stack-lite]
Durand, A., Droms, R., Haberman, B., Woodyatt, J., Lee,
Y., and R. Bush, "Dual-stack lite broadband deployments
post IPv4 exhaustion",
draft-ietf-softwire-dual-stack-lite-01 (work in progress),
July 2009.
[I-D.ietf-softwire-hs-framework-l2tpv2]
Storer, B., Pignataro, C., Santos, M., Stevant, B., and J.
Tremblay, "Softwire Hub & Spoke Deployment Framework with
L2TPv2", draft-ietf-softwire-hs-framework-l2tpv2-13 (work
in progress), April 2009.
[I-D.ietf-v6ops-cpe-simple-security]
Woodyatt, J., "Recommended Simple Security Capabilities in
Customer Premises Equipment for Providing Residential
IPv6 Internet Service",
draft-ietf-v6ops-cpe-simple-security-07 (work in
progress), July 2009.
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, February 1996.
[RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains
Singh & Beebee Expires February 19, 2010 [Page 6]
Internet-Draft CPE Router Recommendations August 2009
via IPv4 Clouds", RFC 3056, February 2001.
[RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and
More-Specific Routes", RFC 4191, November 2005.
[RFC4214] Templin, F., Gleeson, T., Talwar, M., and D. Thaler,
"Intra-Site Automatic Tunnel Addressing Protocol
(ISATAP)", RFC 4214, October 2005.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862, September 2007.
[RFC5214] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site
Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214,
March 2008.
Authors' Addresses
Hemant Singh
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, MA 01719
USA
Phone: +1 978 936 1622
Email: shemant@cisco.com
URI: http://www.cisco.com/
Wes Beebee
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, MA 01719
USA
Phone: +1 978 936 2030
Email: wbeebee@cisco.com
URI: http://www.cisco.com/
Singh & Beebee Expires February 19, 2010 [Page 7]