[Search] [txt|pdf|bibtex] [Tracker] [Email] [Nits]

Versions: 00 01 02 03 04                                                
Network Working Group                                           H. Singh
Internet-Draft                                                 W. Beebee
Intended status: Informational                       Cisco Systems, Inc.
Expires: February 19, 2010                               August 18, 2009


                  IPv6 CPE Router Recommendations(bis)
               draft-wbeebee-v6ops-ipv6-cpe-router-bis-00

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.  This document may contain material
   from IETF Documents or IETF Contributions published or made publicly
   available before November 10, 2008.  The person(s) controlling the
   copyright in some of this material may not have granted the IETF
   Trust the right to allow modifications of such material outside the
   IETF Standards Process.  Without obtaining an adequate license from
   the person(s) controlling the copyright in such materials, this
   document may not be modified outside the IETF Standards Process, and
   derivative works of it may not be created outside the IETF Standards
   Process, except to format it for publication as an RFC or to
   translate it into languages other than English.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on February 19, 2010.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal



Singh & Beebee          Expires February 19, 2010               [Page 1]


Internet-Draft         CPE Router Recommendations            August 2009


   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Abstract

   This document continues the work undertaken by a earlier version of
   this document.  IETF preferred to expedite the IPv6 CPE Router
   document.  As a result, anything that was seen to be under
   development for a technology or feature for the IPv6 CPE Router has
   been moved to this document.


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Terminology and Abbreviations . . . . . . . . . . . . . . . . . 3
   3.  Conceptual Configuration Variables  . . . . . . . . . . . . . . 3
   4.  Other IPv6 Features . . . . . . . . . . . . . . . . . . . . . . 3
     4.1.  Firewall (DEV)  . . . . . . . . . . . . . . . . . . . . . . 3
       4.1.1.  Packet Filters (DEV)  . . . . . . . . . . . . . . . . . 3
     4.2.  Zero Configuration Support (MEDIUM) . . . . . . . . . . . . 4
     4.3.  6to4 Automated Tunneling (MEDIUM)/Dual-Stack Lite
           (DEV)/ISATAP (MEDIUM) . . . . . . . . . . . . . . . . . . . 4
     4.4.  DNS Support (DEV) . . . . . . . . . . . . . . . . . . . . . 5
     4.5.  Multi-homed Host Support (MEDIUM) . . . . . . . . . . . . . 5
   5.  Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . 5
   6.  Security Considerations . . . . . . . . . . . . . . . . . . . . 5
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 6
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 6
     9.1.  Normative References  . . . . . . . . . . . . . . . . . . . 6
     9.2.  Informative References  . . . . . . . . . . . . . . . . . . 6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 7
















Singh & Beebee          Expires February 19, 2010               [Page 2]


Internet-Draft         CPE Router Recommendations            August 2009


1.  Introduction

   This document continues the work undertaken by the IPv6 CPE Router
   work to incorporate technologies under development.


2.  Terminology and Abbreviations

      mDNS - Multicast Domain Name System - see http://www.zeroconf.org.


3.  Conceptual Configuration Variables

   The CPE Router maintains such a list of conceptual optional
   configuration variables.

   1.  Softwire enable.

   2.  More Specifc Route ([RFC4191]) enable and configure routes.

   3.  If DHCPv6 fails, the CPE Router may initiate PPPOE, L2TPv2
       Softwire tunnel, or 6to4 [RFC3056] operation.


4.  Other IPv6 Features

4.1.  Firewall (DEV)

   The CPE Router must support an IPv6 Firewall feature.  The firewall
   may include features like access-control lists.  The firewall may
   support interpretation or recognition of most IPv6 extension header
   information including inspecting fragmentation header.  The firewall
   must support stateful and stateless Packet Filters as follows.

4.1.1.  Packet Filters (DEV)

   The CPE Router must support packet filtering based on IP headers,
   extended headers, UDP and TCP ports etc.  There are numerous filters
   mentioned (section 3.2) in draft-ietf-v6ops-cpe-simple-security
   [I-D.ietf-v6ops-cpe-simple-security], like some that allow IKE, IPSec
   packets while another filter may block Teredo packets.

   It is possible that in future, IPv6 global unicast prefix can expand
   beyond its existing range.  Therefore the CPE Router MUST not have
   hard coded filters tied to only allow prefixes in a given range.

   6to4 and ISATAP tunnels may be initiated by hosts behind the CPE
   Router.  The CPE Router MUST NOT block 6to4 or ISATAP packets without



Singh & Beebee          Expires February 19, 2010               [Page 3]


Internet-Draft         CPE Router Recommendations            August 2009


   a configurable override.

4.2.  Zero Configuration Support (MEDIUM)

   The CPE Router MAY support manual configuration via the web using a
   URL string like http://router.local as per mDNS described in the
   Terminology and Abbreviations section.  Note that mDNS is a link-
   local protocol, so extra functionality is required if configuration
   is to be supported over cascaded routers.  Support of configuration
   through cascaded routers is beyond the scope of this document.

4.3.  6to4 Automated Tunneling (MEDIUM)/Dual-Stack Lite (DEV)/ISATAP
      (MEDIUM)

   If the IPv4 address assigned to the WAN interface of the CPE Router
   is a non-[RFC1918] IPv4 address, and the CPE Router fails to acquire
   an IPv6 address before WAN_IP_ACQUIRE_TIMEOUT seconds after acquiring
   the IPv4 address, then the 6to4 tunneling protocol [RFC3056] SHOULD
   be enabled automatically, allowing tunneling of IPv6 packets over
   IPv4 without requiring user configuration.  If an anycast 6to4 server
   cannot be located, the CPE Router MAY initiate ISATAP [RFC4214] to
   establish IPv6 connectivity over the IPv4 network.  If an IPv6
   address is acquired, but no IPv4 address is acquired before
   WAN_IP_ACQUIRE_TIMEOUT seconds after the IPv6 address was acquired,
   then the CPE Router SHOULD use DS-Lite and disable NAT44 in the CPE
   Router.  If both IPv6 and IPv4 addresses are acquired within
   WAN_IP_ACQUIRE_TIMEOUT seconds of each other, then the CPE Router
   operates in dual stack mode, and does not need either 6to4 or DS-
   Lite.  If no IPv4 and no IPv6 address has been acquired, then the CPE
   Router retries acquisition.

   6to4 can be useful in the scenario where the Service Provider does
   not yet support IPv6, but devices in the home use IPv6.  An IPv6
   address is constructed automatically from the IPv4 address (V4ADDR)
   configured on the interface using the prefix 2002:V4ADDR::/48.  A
   6to4 tunnel can be automatically created using a pre-configured 6to4
   gateway end-point for the tunnel.

   Several proposals are being considered by IETF related to the problem
   of IPv4 address depletion, but have not yet achieved working group
   consensus for publication as an RFC.  Dual-stack lite ietf-softwire-
   dual-stack-lite-00 [I-D.ietf-softwire-dual-stack-lite] requires the
   CPE Router to support features such as v4 in v6 encapsulation and
   softwires.  Further, any approach which requires the use of a tunnel
   MUST take into account the reduced MTU.  The tunnel software on the
   CPE Router MUST be capable of fragmenting data packets.

   For DS-Lite, the CPE Router also discovers the IPv6 address of the



Singh & Beebee          Expires February 19, 2010               [Page 4]


Internet-Draft         CPE Router Recommendations            August 2009


   Carrier Grade NAT node in the deployment.  The ietf-softwire-dual-
   stack-lite-00 [I-D.ietf-softwire-dual-stack-lite] draft has yet to
   fully describe the method of discovery.

4.4.  DNS Support (DEV)

   For local DNS queries for configuration, the CPE Router may include a
   DNS server to handle local queries.  Non-local queries can be
   forwarded unchanged to a DNS server specified in the DNS server
   DHCPv6 option.  The CPE Router may also include DNS64 functionality
   which is specified in draft-bagnulo-behave-dns64
   [I-D.bagnulo-behave-dns64].  The local DNS server MAY also handle
   renumbering from the Service Provider provided prefix for local names
   used exclusively inside the home (the local AAAA and PTR records are
   updated).  This capability provides connectivity using local DNS
   names in the home after a Service Provider renumbering.  A CPE Router
   MAY add local DNS entries based on dynamic requests from the LAN
   segment(s).  The protocol to carry such requests from hosts to the
   CPE Router is yet to be described.

4.5.  Multi-homed Host Support (MEDIUM)

   The CPE Router MAY support [RFC4191] on its LAN interfaces.  Small
   consumer embedded multi-homed hosts in the home may not have
   configurable routing tables.  The CPE Router can communicate More
   Specific Routes (MSRs) to these hosts to allow them to choose a
   preferred router to send traffic to for traffic destined to specific
   prefixes configured through manual configuration.  Advertisement of
   MSRs through RAs is turned off by default.


5.  Future Work

   1.  Enumerate requirements in list form (to be done after
       requirements are solidified).


6.  Security Considerations

   Security considerations of a CPE router are covered by
   draft-ietf-v6ops-cpe-simple-security
   [I-D.ietf-v6ops-cpe-simple-security].


7.  IANA Considerations

   None.




Singh & Beebee          Expires February 19, 2010               [Page 5]


Internet-Draft         CPE Router Recommendations            August 2009


8.  Acknowledgements

   Thanks (in alphabetical order) to Antonio Querubin, Barbara Stark,
   Bernie Volz, Brian Carpenter, Carlos Pignataro, Dan Wing, David
   Miles, Francois-Xavier Le Bail, Fred Baker, James Woodyatt, Mark
   Townsley, Mikael Abrahamsson, Ole Troan, Remi Denis-Courmont, Shin
   Miyakawa, Teemu Savolainen, Thomas Herbst, and Tony Hain for their
   input on the document.


9.  References

9.1.  Normative References

9.2.  Informative References

   [I-D.bagnulo-behave-dns64]
              Bagnulo, M., Sullivan, A., Matthews, P., Beijnum, I., and
              M. Endo, "DNS64: DNS extensions for Network Address
              Translation from IPv6 Clients to  IPv4 Servers",
              draft-bagnulo-behave-dns64-02 (work in progress),
              March 2009.

   [I-D.ietf-softwire-dual-stack-lite]
              Durand, A., Droms, R., Haberman, B., Woodyatt, J., Lee,
              Y., and R. Bush, "Dual-stack lite broadband deployments
              post IPv4 exhaustion",
              draft-ietf-softwire-dual-stack-lite-01 (work in progress),
              July 2009.

   [I-D.ietf-softwire-hs-framework-l2tpv2]
              Storer, B., Pignataro, C., Santos, M., Stevant, B., and J.
              Tremblay, "Softwire Hub & Spoke Deployment Framework with
              L2TPv2", draft-ietf-softwire-hs-framework-l2tpv2-13 (work
              in progress), April 2009.

   [I-D.ietf-v6ops-cpe-simple-security]
              Woodyatt, J., "Recommended Simple Security Capabilities in
              Customer Premises Equipment for  Providing Residential
              IPv6 Internet Service",
              draft-ietf-v6ops-cpe-simple-security-07 (work in
              progress), July 2009.

   [RFC1918]  Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
              E. Lear, "Address Allocation for Private Internets",
              BCP 5, RFC 1918, February 1996.

   [RFC3056]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains



Singh & Beebee          Expires February 19, 2010               [Page 6]


Internet-Draft         CPE Router Recommendations            August 2009


              via IPv4 Clouds", RFC 3056, February 2001.

   [RFC4191]  Draves, R. and D. Thaler, "Default Router Preferences and
              More-Specific Routes", RFC 4191, November 2005.

   [RFC4214]  Templin, F., Gleeson, T., Talwar, M., and D. Thaler,
              "Intra-Site Automatic Tunnel Addressing Protocol
              (ISATAP)", RFC 4214, October 2005.

   [RFC4862]  Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
              Address Autoconfiguration", RFC 4862, September 2007.

   [RFC5214]  Templin, F., Gleeson, T., and D. Thaler, "Intra-Site
              Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214,
              March 2008.


Authors' Addresses

   Hemant Singh
   Cisco Systems, Inc.
   1414 Massachusetts Ave.
   Boxborough, MA  01719
   USA

   Phone: +1 978 936 1622
   Email: shemant@cisco.com
   URI:   http://www.cisco.com/


   Wes Beebee
   Cisco Systems, Inc.
   1414 Massachusetts Ave.
   Boxborough, MA  01719
   USA

   Phone: +1 978 936 2030
   Email: wbeebee@cisco.com
   URI:   http://www.cisco.com/












Singh & Beebee          Expires February 19, 2010               [Page 7]