-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdraft-wbeebee-v6ops-ipv6-cpe-router-bis-01.xml
262 lines (220 loc) · 10.9 KB
/
draft-wbeebee-v6ops-ipv6-cpe-router-bis-01.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
<?xml version="1.0"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc1918 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.1918.xml'>
<!ENTITY rfc3056 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3056.xml'>
<!ENTITY rfc4191 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4191.xml'>
<!ENTITY rfc4214 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4214.xml'>
<!ENTITY rfc4862 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4862.xml'>
<!ENTITY rfc5214 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5214.xml'>
<!ENTITY soft-wires PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-softwire-hs-framework-l2tpv2'>
<!ENTITY cpe-simple-security PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-v6ops-cpe-simple-security'>
<!ENTITY dual-lite PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-softwire-dual-stack-lite'>
<!ENTITY dns64 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.bagnulo-behave-dns64'>
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes"?>
<?rfc tocdepth="4"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc strict="no"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc category="info" ipr="pre5378Trust200902" docName="draft-wbeebee-v6ops-ipv6-cpe-router-bis-00">
<front>
<title abbrev="CPE Router Recommendations">IPv6 CPE Router Recommendations(bis)</title>
<author initials="H." surname="Singh"
fullname="Hemant Singh">
<organization>Cisco Systems, Inc.</organization>
<address>
<postal>
<street>1414 Massachusetts Ave.</street>
<city>Boxborough</city> <region>MA</region>
<code>01719</code>
<country>USA</country>
</postal>
<phone>+1 978 936 1622</phone>
<email>[email protected]</email>
<uri>http://www.cisco.com/</uri>
</address>
</author>
<author initials="W." surname="Beebee"
fullname="Wes Beebee">
<organization>Cisco Systems, Inc.</organization>
<address>
<postal>
<street>1414 Massachusetts Ave.</street>
<city>Boxborough</city> <region>MA</region>
<code>01719</code>
<country>USA</country>
</postal>
<phone>+1 978 936 2030</phone>
<email>[email protected]</email>
<uri>http://www.cisco.com/</uri>
</address>
</author>
<date month="August" year="2009" />
<area>Internet</area>
<workgroup>Network Working Group</workgroup>
<keyword>I-D</keyword>
<keyword>Internet-Draft</keyword>
<abstract>
<t>This document continues the work undertaken by a earlier version of this document.
IETF preferred to expedite the IPv6 CPE Router document. As a result, anything that
was seen to be under development for a technology or feature for the IPv6 CPE Router
has been moved to this document.
</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>This document continues the work undertaken by the IPv6 CPE Router work to incorporate technologies under
development.
</t>
</section>
<section title="Terminology and Abbreviations">
<t>
<list style="empty">
<t>mDNS - Multicast Domain Name System - see http://www.zeroconf.org.</t>
</list>
</t>
</section>
<section title="Conceptual Configuration Variables">
<t>The CPE Router maintains such a list of conceptual optional configuration variables.</t>
<list style="numbers">
<t>Softwire enable.</t>
<t>More Specifc Route (<xref target="RFC4191"/>) enable and configure routes.</t>
<t>If DHCPv6 fails, the CPE Router may initiate PPPOE, L2TPv2 Softwire tunnel, or 6to4 <xref target="RFC3056"/>
operation.</t>
</list>
</section>
<section title="Other IPv6 Features">
<section title="Firewall (DEV)">
<t>The CPE Router must support an IPv6 Firewall feature. The firewall may include features like access-control
lists. The firewall may support interpretation or recognition of most IPv6 extension header information
including inspecting fragmentation header. The firewall must support stateful and stateless Packet
Filters as follows.
</t>
<section title="Packet Filters (DEV)">
<t>The CPE Router must support packet filtering based on IP headers, extended headers, UDP
and TCP ports etc. There are numerous filters mentioned (section 3.2) in
<xref target="I-D.ietf-v6ops-cpe-simple-security">draft-ietf-v6ops-cpe-simple-security</xref>,
like some that allow IKE, IPSec packets while another filter may block Teredo packets.
</t>
<t>It is possible that in future, IPv6 global unicast prefix can expand beyond its existing range. Therefore
the CPE Router MUST not have hard coded filters tied to only allow prefixes in a given range.
</t>
<t>6to4 or 6rd tunnels may be initiated by hosts behind the CPE Router. The CPE Router MUST NOT block
6to4 or 6rd packets without a configurable override.
</t>
</section>
</section>
<section title="Zero Configuration Support (MEDIUM)">
<t>The CPE Router MAY support manual configuration via the web using a URL string
like http://router.local as per mDNS described in the Terminology and Abbreviations section.
Note that mDNS is a link-local protocol, so extra functionality is required if configuration
is to be supported over cascaded routers. Support of configuration through cascaded routers
is beyond the scope of this document.
</t>
</section>
<section title="6to4 Automated Tunneling (MEDIUM)/Dual-Stack Lite (DEV)/ISATAP (MEDIUM)">
<t>If the IPv4 address assigned to the WAN interface of the CPE Router is a non-<xref target="RFC1918"/>
IPv4 address, and the CPE Router fails to acquire an IPv6 address before WAN_IP_ACQUIRE_TIMEOUT seconds
after acquiring the IPv4 address, then the 6to4 tunneling protocol <xref target="RFC3056"/> SHOULD be
enabled automatically, allowing tunneling of IPv6 packets over IPv4 without requiring user configuration.
If an anycast 6to4 server cannot be located
to establish IPv6 connectivity over the IPv4 network. If an IPv6 address is acquired, but no IPv4 address
is acquired before WAN_IP_ACQUIRE_TIMEOUT seconds after the IPv6 address was acquired, then the CPE Router
SHOULD use DS-Lite and disable NAT44 in the CPE Router. If both IPv6 and IPv4 addresses are acquired within
WAN_IP_ACQUIRE_TIMEOUT seconds of each other, then the CPE Router operates in dual stack mode, and does
not need either 6to4 or DS-Lite. If no IPv4 and no IPv6 address has been acquired, then the CPE Router
retries acquisition.
</t>
<t>6to4 can be useful in the scenario where the Service Provider does not yet support IPv6, but devices
in the home use IPv6. An IPv6 address is constructed automatically from the
IPv4 address (V4ADDR) configured on the interface using the prefix 2002:V4ADDR::/48. A 6to4 tunnel can
be automatically created using a pre-configured 6to4 gateway end-point for the tunnel.
</t>
<t>Several proposals are being considered by IETF related to the problem of IPv4 address depletion,
but have not yet achieved working group consensus for publication as an RFC.
Dual-stack lite <xref target="I-D.ietf-softwire-dual-stack-lite">ietf-softwire-dual-stack-lite-00</xref>
requires the CPE Router to support features such as v4 in v6 encapsulation and softwires.
Further, any approach which requires the use of a tunnel MUST take into account the reduced MTU.
The tunnel software on the CPE Router MUST be capable of fragmenting data packets.
</t>
<t>
For DS-Lite, the CPE Router also discovers the IPv6 address of the Carrier Grade NAT node
in the deployment. The <xref target="I-D.ietf-softwire-dual-stack-lite">ietf-softwire-dual-stack-lite-00</xref>
draft has yet to fully describe the method of discovery.
</t>
</section>
<section title="DNS Support (DEV)">
<t>For local DNS queries for configuration, the CPE Router may include a DNS server to handle local
queries. Non-local queries can be forwarded unchanged to a DNS server specified in the DNS server
DHCPv6 option. The CPE Router may also include DNS64 functionality which is specified in
<xref target="I-D.bagnulo-behave-dns64">draft-bagnulo-behave-dns64</xref>.
The local DNS server MAY also handle renumbering from the Service Provider provided prefix for
local names used exclusively inside the home (the local AAAA and PTR records are updated). This capability
provides connectivity using local DNS names in the home after a Service Provider renumbering.
A CPE Router MAY add local DNS entries based on dynamic requests from the LAN segment(s). The
protocol to carry such requests from hosts to the CPE Router is yet to be described.
</t>
</section>
<section title="Multi-homed Host Support (MEDIUM)">
<t>The CPE Router MAY support <xref target="RFC4191"/> on its LAN interfaces. Small consumer embedded multi-homed hosts
in the home may not have configurable routing tables. The CPE Router can communicate More Specific Routes (MSRs)
to these hosts to allow them to choose a preferred router to send traffic to for traffic destined to specific
prefixes configured through manual configuration. Advertisement of MSRs through RAs is turned off by default.
</t>
</section>
</section>
<section title="Future Work">
<list style="numbers">
<t>Enumerate requirements in list form (to be done after requirements are solidified).
</t>
</list>
</section>
<section title="Security Considerations">
<t>Security considerations of a CPE router are covered by
<xref target="I-D.ietf-v6ops-cpe-simple-security">draft-ietf-v6ops-cpe-simple-security</xref>.
</t>
</section>
<section title="IANA Considerations">
<t>None.
</t>
</section>
<section title="Acknowledgements">
<t>Thanks (in alphabetical order) to Antonio Querubin, Barbara Stark, Bernie Volz,
Brian Carpenter, Carlos Pignataro, Dan Wing, David Miles, Francois-Xavier Le Bail,
Fred Baker, James Woodyatt, Mark Townsley, Mikael Abrahamsson, Ole Troan,
Rémi Denis-Courmont, Shin Miyakawa, Teemu Savolainen, Thomas Herbst, and
Tony Hain for their input on the document.
</t>
</section>
</middle>
<back>
<references title="Normative References">
</references>
<references title="Informative References">
&rfc1918;
&rfc3056;
&rfc4191;
&rfc4214;
&rfc4862;
&rfc5214;
&soft-wires;
&cpe-simple-security;
&dual-lite;
&dns64;
</references>
</back>
</rfc>