IPv6 Operations (v6ops) Internet Draft J. Bound (Editor) Document: draft-pouffary-v6ops-ent-v6net-03.txt See Author Section Obsoletes: draft-pouffary-v6ops-ent-v6net-02.txt Obsoletes: draft-ietf-v6ops-entnet-scenarios-00.txt Expires: December 2003 June 2003 IPv6 Enterprise Networks Scenarios draft-pouffary-v6ops-ent-v6net-03.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoletes other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 1] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 Abstract This document describes the scenarios for IPv6 deployment within Enterprise networks. It will focus upon an Enterprise set of network base scenarios with assumptions, coexistence with legacy IPv4 nodes, networks, and applications, and network infrastructure requirements. These requirements will be used to provide analysis to determine a set of Enterprise solutions in a later document. draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 2] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 Table of Contents 1. Introduction..................................................4 2. Terminology...................................................5 3. Network Base Scenarios........................................6 3.1 Network Base Scenarios Defined.............................6 3.2 Network Scenarios Characteristics..........................7 3.3 Network Scenarios Examples.................................8 4. Support for Legacy IPv4 Nodes and Applications...............10 4.1 IPv4 Tunnels to Encapsulate IPv6..........................10 4.2 IPv6 Tunnels to Encapsulate IPv4..........................10 4.3 IPv6 NAT to Communicate with IPv4.........................10 5. Network Infrastructure Requirements..........................11 5.1 DNS.......................................................11 5.2 Routing...................................................11 5.3 Autoconfiguration.........................................11 5.4 Security..................................................11 5.5 Applications..............................................11 5.6 Network Management........................................11 5.7 Address Planning..........................................12 6. Security Considerations.......................................13 References.......................................................14 Acknowledgments..................................................15 Authors/Design Team..............................................16 draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 3] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 1. Introduction This document describes the scenarios for IPv6 deployment within Enterprise networks. It will focus upon an Enterprise set of network base scenarios with assumptions, coexistence with legacy IPv4 nodes, networks, and applications, and network infrastructure requirements. These requirements will be used to provide analysis to determine a set of Enterprise solutions in a later document. The audience for this document is the enterprise network team considering deployment of IPv6. To frame the discussion the document will describe a set of scenarios and characteristics for each scenario and then follow those sets with example scenario use, and points of transition. Each enterprise will need to select the transition to best suit their business requirements. Any attempt to define a default or one-size- fits-all transition scenario will simply not work. While it is difficult to quantify all the potential motivations for enterprise network teams to move to IPv6, there are some cases where an abstract description is possible. draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 4] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 2. Terminology Enterprise Network - An Enterprise Network is a network that has multiple links, a router connection to a Provider, and is actively managed by a network operations entity. Provider - A Provider is an entity that provides services and connectivity to the Internet or other private external networks for the Enterprise Network. IPv6/IPv4 - A node or network capable of supporting both IPv6 and IPv4. IPv4 only - A node or network capable of supporting only IPv4. IPv6 only - A node or network capable of supporting only IPv6. draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 5] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 3. Network Base Scenarios Three base scenarios are defined to capture the essential abstraction set for the Enterprise. Each scenario has assumptions and requirements. These scenarios will drive the network characteristics and then examples for use by this document. 3.1 Network Base Scenarios Defined Scenario 1: Enterprise with an existing IPv4 network wants to deploy IPv6 in parallel with their IPv4 network. Assumptions: The IPv4 characteristics have an equivalent in IPv6. Requirements: Don't break IPv4 network characteristics assumptions with IPv6. IPv6 should be equivalent or "better" than the ones in IPv4, however, it is understood that IPv6 is not required to solve every single problem. Enterprise with an existing IPv4 network wants to deploy a set of Scenario 2: particular IPv6 "applications" (application is voluntarily loosely defined here, e.g. peer to peer). The IPv6 deployment is limited to the minimum required to operate this set of applications. IPv6 software/hardware components for the application set are Assumptions: available. Requirements: Don't break IPv4 network operations Scenario 3: Enterprise deploying a new network or re-structuring an existing network, decides IPv6 is the basis for network communication. Assumptions: Required IPv6 network components are available, or available over some defined timeline. Requirements: Interoperation and Coexistence with IPv4 network operations and applications are required for communications. draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 6] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 3.2 Network Scenarios Characteristics Characteristic 1 - Providers for External Network Operation - Is external connectivity required? - One site vs. multiple sites? - Leased lines or VPN? - IPv4 existing address ownership (Provider based addresses vs. Provider independent addresses)? - Multi-homing? - Do ISPs offer IPv6 service? - Is there an external data-center? Characteristic 2 - Enterprise Application Analysis - List of applications in use? - Can the application be upgraded to IPv6? - Can the application support both IPv4 and IPv6? Characteristic 3 - Enterprise IT Department Operations Analysis - Who "owns"/"operate" the network: in house, outsourced? - Is a Tele-commuter work force supported? - Is inter-site communications required? - Is network mobility used? - IPv4 addressing plan? - IPv4 addressing assignment procedure (DHCP vs. manual)? - Internal IPv4 routing protocols used? - External IPv4 routing protocols used? - IPv4 Network Management policy/procedure? - IPv4 QoS policy/procedure? - IPv4 Security policy/procedure? - List of "network operation" software that may be impacted by IPv6? - DNS - Management (SNMP & ad-hoc tools) - File servers - Backup - Are all these software functions upgradeable to IPv6? - If not upgradeable, then what are the workarounds? - Do any of the software functions store IP addresses? - List of "network operation" hardware that may be impacted by IPv6 - Routers/switches - Firewalls - Load balancers - VPN terminators - Security Servers - Are all these hardware functions upgradeable to IPv6? - If not, what are the workarounds? - Do any of the hardware functions store IP addresses? draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 7] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 Characteristics 4 û Enterprise Network Management System - Considerations for Network Management System - What behavior to expect from NMS for each transition vehicle - Translators for IPv6 Operations - Tunnels for IPv6 operations. - Does transition vehicle fit any existing supported management models? example: dual-stack: v6/v4 <=> ipx/v4 - Which protocol to use for NM transport in dual stack? v6/v4? - Protocol single vs. multi-protocol. - Discovery of protocol used in-band or out-of-band. - Receiving Events in-band and out-of-band - Status Monitoring of software state and node state. - Effects of Autoconfiguration Model selected. - Effects of Dynamic Updates to DNS - Performance Management - Effects of multiple addresses per non-routing node - Configuration Management in mixed v4/v6 environment - Policy Management and enforcement for the Enterprise - Security Management tools for the Enterprise 3.3 Network Scenarios Examples Example Network A: A network spread across a number of geographically separated campuses. - External network operation. - External connectivity required. - Multiple sites connected by leased lines. - Provider independent IPv4 addresses. - ISP does not offer IPv6 service. Applications run by the enterprise: - Internal Web/Mail. - File servers. - Java applications. - Collaborative development tools. Internal network operation: - In house operation of the network. - DHCP (v4) is used for all desktops, servers use static address configuration. - The DHCP server to update naming records for dynamic desktops uses dynamic DNS. - A web based tool is used to enter name to address mappings for statically addressed servers. - Network management is done using SNMP. - All routers and switches are upgradeable to IPv6. draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 8] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 - Existing firewalls can be upgraded to support IPv6 rules. - Load balancers do not support IPv6, upgrade path unclear. Example Network B: A bank running a massive ATM network with some number of gazillions of transactions per second against central databases external network operation: - External connectivity not required. - Multiple sites connected by VPN. Applications run by the enterprise: - ATM transaction application. - ATM management application. Internal Network Operation: - IPsec must protect all traffic. - QoS policy for guaranteed delivery and urgent transactions. - Network is managed through in-house developed tools. Example Network C: A Security Defense network: - External network required at secure specific points. - Network is its own Internet. - Network must be able absorb ad-hoc creation of sub-Networks. - Entire parts of the Network are completely mobile. - All nodes on the network can be mobile (including routers) - Networking infrastructure mostly does not exist today with IPv4. - Network True High-Availability is mandatory. - Network must be able to be managed from ad-hoc location. - All nodes must be able to be configured from stateless mode. Applications run by the Enterprise: - Multimedia streaming of audio, video, and data for all nodes. - Data computation and analysis on stored and create data. - Transfer of data coordinate points to sensor devices. - Data and Intelligence gathering applications from all nodes. Internal Network Operations: - All packets must be secured end-2-end with encryption. - Intrusion Detection exists on all network entry points. - Network must be able to bolt on to Internet points to share bandwidth as required from Providers. - VPNs can be used but NAT can never be used. - Nodes must be able to access IPv4 legacy applications over IPv6 network. draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 9] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 4. Support for Legacy IPv4 Nodes and Applications The Enterprise network will have to support the coexistence of IPv6 and IPv4, to support legacy IPv4 applications and nodes. The Enterprise user has the following choices for that coexistence to consider today. 4.1 IPv4 Tunnels to Encapsulate IPv6 IPv6/IPv4 nodes want to communicate using IPv6, but an IPv4 Internal router is between them. These nodes could also be Mobile nodes on a visited network 4.2 IPv6 Tunnels to Encapsulate IPv4 An IPv4/IPv6 node wants to communicate with a legacy IPv4 node and is on an IPv6 only link and routing domain. 4.3 IPv6 NAT to Communicate with IPv4 An IPv6/IPv4 node wants to communicate with a legacy IPv4 only node. Using NAT for this point of transition will preclude end-2-end security, applications, and remove some benefits from the IPv6 protocol. draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 10] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 5. Network Infrastructure Requirements The Enterprise will need to determine what network infrastructure they require for their deployment of IPv6. This infrastructure will need to be analyzed and understood as a critical resource to manage. 5.1 DNS DNS will now have to support both IPv4 and IPv6 DNS records and the Enterprise will need to determine how the DNS is to be managed and accessed. 5.2 Routing Interior and Exterior routing will be required to support both IPv4 and IPv6 routing protocols, and the coexistence of IPv4 and IPv6 over the enterprise network. The enterprise will need to define the routing topology, and any ingress and egress points to provider networks. The enterprise will also need to define points of transition mechanism to use within that routing topology. 5.3 Autoconfiguration IPv6 introduces the concept of stateless autoconfiguration in addition to statefull autoconfiguration. The enterprise will have to determine the best method of autoconfiguration, for their network. 5.4 Security Current existing mechanisms used for IPv4 to provide security need to be supported for IPv6 within the Enterprise. 5.5 Applications Existing applications will need to be ported to support both IPv4 and IPv6. 5.6 Network Management The addition of IPv6 and points of transition will need to be managed by the Enterprise network operations center. This will affect many components of the network and software required on nodes. draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 11] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 5.7 Address Planning The address space within the Enterprise will need to be defined and coordinated with the routing topology of the Enterprise network. draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 12] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 6. Security Considerations This document lists scenarios for the deployment of IPv6 in enterprise networks, and there are no security considerations associated with making such a list. There will security considerations for the deployment of IPv6 in each of these scenarios, but they will be addressed in the document that includes the analysis of each scenario. draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 13] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 References None at this time draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 14] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 Acknowledgments The Authors would like to acknowledge input from the following: IETF v6ops Working Group, Brian Carpenter, Alain Durand, and Bob Hinden. draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 15] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 Authors/Design Team Send email to ent-v6net@viagenie.qc.ca to contact the design team and send comments on the draft to v6ops@ops.ietf.org. Yanick Pouffary (Chair of Design Team) HP Competency Center 950, Route des Colles, BP027, 06901 Sophia Antipolis CEDEX FRANCE Phone: + 33492956285 Email: Yanick.pouffary@hp.com Jim Bound (Editor) Hewlett Packard 110 Spitbrook Road Nashua, NH 03062 Phone: 603.884.0062 Email: jim.bound@hp.com Marc Blanchet Tony Hain Paul Gilbert Cisco Systems 1 Penn Plaza, 5th floor, NY, NY 10119 Phone: 212.714.4334 Email: pgilbert@cisco.com Margaret Wasserman Wind River 10 Tara Blvd, Suite 330 Nashua, NH 03062 USA Phone: 603.897.2067 Email: mrw@windriver.com Jason Goldschmidt Sun Microsystems M/S UMPK17-103 17 Network Circle Menlo Park, CA 94025 Phone: (650)-786-3502 Fax: (650)-786-8250 Email:jason.goldschmidt@sun.com Aldrin Isaac draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 16] Internet Draft IPv6 Enterprise Networks Scenarios June 2003 Bloomberg L.P. 499 Park Avenue New York, NY 10022 Phone: 212.940.1812 Email: aisaac@bloomberg.com Tim Chown Jordi Palet Martinez Consulintel San Jose Artesano, 1 Phone: +34 91 151 81 99 Fax: +34 91 151 81 98 Email: jordi.palet@consulintel.es Fred Templin Nokia 313 Fairchild Drive Mountain View, CA 94043 Phone: 650.625.2331 Email: ftemplin@iprg.nokia.com draft-pouffary-v6ops-ent-v6net-04.txt Expires- December 2003 [Page 17]