Dynamic IPv4 Provisioning for Lightweight 4over6

Lightweight 4over6 provides IPv4 access over IPv6 network in hub-and-spoke softwire architecture. In Lightweight 4over6, each Lightweight B4 (lwB4) is assigned with a port-restricted public IPv4 address or a full public IPv4 address to be used for IPv4 communication. Provisioning IPv4 address, port set and other IPv4 parameters to lwB4 is the core function of the Lightweight 4over6 control plane. It can be achieved by several protocols, such as DHCPv6 , , DHCPv4 over DHCPv6 , and PCP . describes the use of DHCPv6 for deterministic IPv4 provisioning. The IPv4 address and port set ID (PSID) are carried in DHCPv6 options defined in . However, the deterministic IPv4 provisioning imposes some restrictions for addressing and deployment: The IPv4 address's life time is bound to the IPv6 tunnel endpoint life time The tunnel must be initiated from a predictable /64 prefix in the home network The IPv4 address and PSID need to be embedded into the IID of the clients' /128 IPv6 address IPv4 address resources are permanently allocated to a client whether it is active or not resulting in less efficient address usage This document describes how to deploy Lightweight 4over6 using DHCPv4 over DHCPv6 for dynamic IPv4 address provisioning. The main advantages of using a dynamic provisioning model over a deterministic model are as follows: No inherent restrictions on the IPv6 source address within the homenet topology that the client uses for sourcing its tunneled traffic Lifetimes of IPv6 and IPv4 addresses are decoupled, allowing for more flexibility in addressing policy Inactive clients' addresses can be released/reclaimed for allocation to active clients, so more efficient address usage is possible Since DHCPv4 over IPv4 is unable to directly work in native IPv6 network, DHCPv4 over DHCPv6 [RFC7341] allows DHCPv4 functionality to be trasported over a pure in IPv6 network. This is achieved by transporting DHCPv4 messages within DHCPv6 messages. defines options for lwB4 to report its IPv6 tunnel source address to the server. This document does not define a new provisioning method, but describes how these existing specifications are organized to support IPv4 provisioning for Lightweight 4over6. The architecture which is described in this document can be implemented with or without the sharing of IPv4 addresses between multiple clients. If IPv4 address sharing is required, then describes the changes necessary extensions to the DHCPv4 server and client provisioning for the allocation and lease management of shared IPv4 addresses.

Terminology defined in and is used extensively in this document.

There are four functional elements which make up the architecture.

| lwAFTR | | Client | Data Plane | | |_________| |_________| ]]> The numbers in each of the provisioning flows are described in more detail below. The Lightweight 4over6 provisioning process with DHCPv4o6 proceeds as follows: lwB4 runs DHCPv6 to get the IPv6 address of the DHCP4o6 server IPv4 address of lwB4 is provisioned by the DHCP4o6 server through DHCPv4 over DHCPv6 lwB4 port set is allocated through DHCPv4 over DHCPv6 using Dynamic Allocation of Shared IPv4 Addresses IPv6 Tunnel source address of the lwB4 is sent to the DHCP4o6 server using DHCPv4 over DHCPv6 Source Address Option lwAFTR binding table maintenance is achieved by using DHCP4o6 Bulk/Active Leasequery (or other provisioning protocol)

This section describes the dynamic provisioning process of Lightweight 4over6 in more detail. For the remainder of this document, "lwB4" should be understood to mean a stateful lwB4 using DHCPv4 over DHCPv6 for dynamic IPv4 provisioning.

Before begining the DHCPv4 over DHCPv6 to obtain IPv4 configuration, the lwB4 MUST be configured with an IPv6 address. There are no restrictions on how the IPv6 address is provisioned, (e.g. SLAAC, DHCPv6 or some other mechanisms). However, the prefix selected by the lwB4 MUST be routable to the lwAFTR (e.g. a link-local address must not be used). The operator can use the OPTION_DHCP4O6_SADDR_HINT option defined in to indicate to the client a suitable prefix to select the tunnel endpoint address from.

Before stateful lwB4 runs DHCPv4 over DHCPv6 to acquire IPv4 address and port set, lwB4 MUST run DHCPv6 to achieve the DHCP 4o6 server's IPv6 address. The DHCPv6 server provides the DHCP 4o6 server's IPv6 address by OPTION_DHCP4_O_DHCP6_SERVER as defined in .

Once the lwB4 has acquired the IPv6 address of the DHCP4o6 server, stateful configuration using DHCPv4 over DHCPv6 is performed to obtain an IPv4 address and port set. describes how the PSID is conveyed in this mechanism. The lwB4 includes one of its IPv6 address as the IPv6 tunnel source address in this message flow with the DHCP 4o6 server, and receives the lwAFTR's tunnel address through DHCPv4 over DHCPv6, as described in section 4 of .

In figure 1 above, the lwAFTR is not co-located with the DHCP 4o6 server. With this architecture, the DHCP 4o6 server informs the lwAFTR about changes in IPv4 leases and the bound tunnel endpoint addresses using the DHCP4o6 Bulk and Active Leasequery process (described in ). The lwAFTR functions as a requestor, requesting every active lwB4's IPv4 address + PSID, and bound tunnel endpoint IPv6 address. The lwAFTR can use DHCP4o6 Bulk Leasequery to initialize its binding table with current lwB4 binding information, or recover missing lease information from failure. The lwAFTR can use DHCP4o6 Active Leasequery to get real-time lwB4 binding information.

lwAFTR maintains its binding table as per section 6.1 of . Unless the binding table is fixed and pre-determined, it is synchronized with DHCPv4 over DHCPv6 process. The following DHCPv4 over DHCPv6 messages trigger binding table modification: DHCPACK: Generated by DHCP 4o6 server, triggers lwAFTR to add a new entry or modify an existing entry. DHCPRELEASE: Generated by lwB4, triggers lwAFTR to delete an existing entry. When lwAFTR receives a DHCPACK event, it looks up the binding table using the lwB4's IPv4 address and PSID as index. If there is an existing entry found, the lwAFTR updates the IPv6 address and lifetime fields of the entry; otherwise the lwAFTR creates a new entry accordingly. When lwAFTR receives a DHCPRELEASE event, it looks up the binding table using the lwB4's IPv6 address, IPv4 address and PSID as index. The lwAFTR deletes the entry either by removing it from the binding table or mark the lifetime field to an invalid value (e.g. 0). When lwAFTR is co-located with the DHCP 4o6 server, it listens all DHCPv4 over DHCPv6 messages generated or received by the DHCP 4o6 server and updates the bindings through valid messages.

NETCONF can also be used for lwAFTR binding table maintenance. The data model for lw4o6 is defined in . When NETCONF is used, the DHCP 4o6 server is integrated with NETCONF client and the lwAFTR is integrated with NETCONF server. When the address allocation state is changed due to the DHCPACK/DHCPRELEASE, the DHCP 4o6 server initiates NETCONF edit-config operations to the lwAFTR to send notifications of binding table modification.

Security considerations in and should be considered. The DHCP message triggered binding table maintenance may be used by an attacker to send fake DHCP messages to lwAFTR. The operator network should deploy to prevent this kind of attack.

This document does not include an IANA request.