Network Working Group H. Singh Internet-Draft W. Beebee Intended status: Informational Cisco Systems, Inc. Expires: February 19, 2010 August 18, 2009 IPv6 CPE Router Recommendations(bis) draft-wbeebee-v6ops-ipv6-cpe-router-bis-00 Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on February 19, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Singh & Beebee Expires February 19, 2010 [Page 1] Internet-Draft CPE Router Recommendations August 2009 Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract This document continues the work undertaken by a earlier version of this document. IETF preferred to expedite the IPv6 CPE Router document. As a result, anything that was seen to be under development for a technology or feature for the IPv6 CPE Router has been moved to this document. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology and Abbreviations . . . . . . . . . . . . . . . . . 3 3. Conceptual Configuration Variables . . . . . . . . . . . . . . 3 4. Other IPv6 Features . . . . . . . . . . . . . . . . . . . . . . 3 4.1. Firewall (DEV) . . . . . . . . . . . . . . . . . . . . . . 3 4.1.1. Packet Filters (DEV) . . . . . . . . . . . . . . . . . 3 4.2. Zero Configuration Support (MEDIUM) . . . . . . . . . . . . 4 4.3. 6to4 Automated Tunneling (MEDIUM)/Dual-Stack Lite (DEV)/ISATAP (MEDIUM) . . . . . . . . . . . . . . . . . . . 4 4.4. DNS Support (DEV) . . . . . . . . . . . . . . . . . . . . . 5 4.5. Multi-homed Host Support (MEDIUM) . . . . . . . . . . . . . 5 5. Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 9.1. Normative References . . . . . . . . . . . . . . . . . . . 6 9.2. Informative References . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 Singh & Beebee Expires February 19, 2010 [Page 2] Internet-Draft CPE Router Recommendations August 2009 1. Introduction This document continues the work undertaken by the IPv6 CPE Router work to incorporate technologies under development. 2. Terminology and Abbreviations mDNS - Multicast Domain Name System - see http://www.zeroconf.org. 3. Conceptual Configuration Variables The CPE Router maintains such a list of conceptual optional configuration variables. 1. Softwire enable. 2. More Specifc Route ([RFC4191]) enable and configure routes. 3. If DHCPv6 fails, the CPE Router may initiate PPPOE, L2TPv2 Softwire tunnel, or 6to4 [RFC3056] operation. 4. Other IPv6 Features 4.1. Firewall (DEV) The CPE Router must support an IPv6 Firewall feature. The firewall may include features like access-control lists. The firewall may support interpretation or recognition of most IPv6 extension header information including inspecting fragmentation header. The firewall must support stateful and stateless Packet Filters as follows. 4.1.1. Packet Filters (DEV) The CPE Router must support packet filtering based on IP headers, extended headers, UDP and TCP ports etc. There are numerous filters mentioned (section 3.2) in draft-ietf-v6ops-cpe-simple-security [I-D.ietf-v6ops-cpe-simple-security], like some that allow IKE, IPSec packets while another filter may block Teredo packets. It is possible that in future, IPv6 global unicast prefix can expand beyond its existing range. Therefore the CPE Router MUST not have hard coded filters tied to only allow prefixes in a given range. 6to4 and ISATAP tunnels may be initiated by hosts behind the CPE Router. The CPE Router MUST NOT block 6to4 or ISATAP packets without Singh & Beebee Expires February 19, 2010 [Page 3] Internet-Draft CPE Router Recommendations August 2009 a configurable override. 4.2. Zero Configuration Support (MEDIUM) The CPE Router MAY support manual configuration via the web using a URL string like http://router.local as per mDNS described in the Terminology and Abbreviations section. Note that mDNS is a link- local protocol, so extra functionality is required if configuration is to be supported over cascaded routers. Support of configuration through cascaded routers is beyond the scope of this document. 4.3. 6to4 Automated Tunneling (MEDIUM)/Dual-Stack Lite (DEV)/ISATAP (MEDIUM) If the IPv4 address assigned to the WAN interface of the CPE Router is a non-[RFC1918] IPv4 address, and the CPE Router fails to acquire an IPv6 address before WAN_IP_ACQUIRE_TIMEOUT seconds after acquiring the IPv4 address, then the 6to4 tunneling protocol [RFC3056] SHOULD be enabled automatically, allowing tunneling of IPv6 packets over IPv4 without requiring user configuration. If an anycast 6to4 server cannot be located, the CPE Router MAY initiate ISATAP [RFC4214] to establish IPv6 connectivity over the IPv4 network. If an IPv6 address is acquired, but no IPv4 address is acquired before WAN_IP_ACQUIRE_TIMEOUT seconds after the IPv6 address was acquired, then the CPE Router SHOULD use DS-Lite and disable NAT44 in the CPE Router. If both IPv6 and IPv4 addresses are acquired within WAN_IP_ACQUIRE_TIMEOUT seconds of each other, then the CPE Router operates in dual stack mode, and does not need either 6to4 or DS- Lite. If no IPv4 and no IPv6 address has been acquired, then the CPE Router retries acquisition. 6to4 can be useful in the scenario where the Service Provider does not yet support IPv6, but devices in the home use IPv6. An IPv6 address is constructed automatically from the IPv4 address (V4ADDR) configured on the interface using the prefix 2002:V4ADDR::/48. A 6to4 tunnel can be automatically created using a pre-configured 6to4 gateway end-point for the tunnel. Several proposals are being considered by IETF related to the problem of IPv4 address depletion, but have not yet achieved working group consensus for publication as an RFC. Dual-stack lite ietf-softwire- dual-stack-lite-00 [I-D.ietf-softwire-dual-stack-lite] requires the CPE Router to support features such as v4 in v6 encapsulation and softwires. Further, any approach which requires the use of a tunnel MUST take into account the reduced MTU. The tunnel software on the CPE Router MUST be capable of fragmenting data packets. For DS-Lite, the CPE Router also discovers the IPv6 address of the Singh & Beebee Expires February 19, 2010 [Page 4] Internet-Draft CPE Router Recommendations August 2009 Carrier Grade NAT node in the deployment. The ietf-softwire-dual- stack-lite-00 [I-D.ietf-softwire-dual-stack-lite] draft has yet to fully describe the method of discovery. 4.4. DNS Support (DEV) For local DNS queries for configuration, the CPE Router may include a DNS server to handle local queries. Non-local queries can be forwarded unchanged to a DNS server specified in the DNS server DHCPv6 option. The CPE Router may also include DNS64 functionality which is specified in draft-bagnulo-behave-dns64 [I-D.bagnulo-behave-dns64]. The local DNS server MAY also handle renumbering from the Service Provider provided prefix for local names used exclusively inside the home (the local AAAA and PTR records are updated). This capability provides connectivity using local DNS names in the home after a Service Provider renumbering. A CPE Router MAY add local DNS entries based on dynamic requests from the LAN segment(s). The protocol to carry such requests from hosts to the CPE Router is yet to be described. 4.5. Multi-homed Host Support (MEDIUM) The CPE Router MAY support [RFC4191] on its LAN interfaces. Small consumer embedded multi-homed hosts in the home may not have configurable routing tables. The CPE Router can communicate More Specific Routes (MSRs) to these hosts to allow them to choose a preferred router to send traffic to for traffic destined to specific prefixes configured through manual configuration. Advertisement of MSRs through RAs is turned off by default. 5. Future Work 1. Enumerate requirements in list form (to be done after requirements are solidified). 6. Security Considerations Security considerations of a CPE router are covered by draft-ietf-v6ops-cpe-simple-security [I-D.ietf-v6ops-cpe-simple-security]. 7. IANA Considerations None. Singh & Beebee Expires February 19, 2010 [Page 5] Internet-Draft CPE Router Recommendations August 2009 8. Acknowledgements Thanks (in alphabetical order) to Antonio Querubin, Barbara Stark, Bernie Volz, Brian Carpenter, Carlos Pignataro, Dan Wing, David Miles, Francois-Xavier Le Bail, Fred Baker, James Woodyatt, Mark Townsley, Mikael Abrahamsson, Ole Troan, Remi Denis-Courmont, Shin Miyakawa, Teemu Savolainen, Thomas Herbst, and Tony Hain for their input on the document. 9. References 9.1. Normative References 9.2. Informative References [I-D.bagnulo-behave-dns64] Bagnulo, M., Sullivan, A., Matthews, P., Beijnum, I., and M. Endo, "DNS64: DNS extensions for Network Address Translation from IPv6 Clients to IPv4 Servers", draft-bagnulo-behave-dns64-02 (work in progress), March 2009. [I-D.ietf-softwire-dual-stack-lite] Durand, A., Droms, R., Haberman, B., Woodyatt, J., Lee, Y., and R. Bush, "Dual-stack lite broadband deployments post IPv4 exhaustion", draft-ietf-softwire-dual-stack-lite-01 (work in progress), July 2009. [I-D.ietf-softwire-hs-framework-l2tpv2] Storer, B., Pignataro, C., Santos, M., Stevant, B., and J. Tremblay, "Softwire Hub & Spoke Deployment Framework with L2TPv2", draft-ietf-softwire-hs-framework-l2tpv2-13 (work in progress), April 2009. [I-D.ietf-v6ops-cpe-simple-security] Woodyatt, J., "Recommended Simple Security Capabilities in Customer Premises Equipment for Providing Residential IPv6 Internet Service", draft-ietf-v6ops-cpe-simple-security-07 (work in progress), July 2009. [RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and E. Lear, "Address Allocation for Private Internets", BCP 5, RFC 1918, February 1996. [RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains Singh & Beebee Expires February 19, 2010 [Page 6] Internet-Draft CPE Router Recommendations August 2009 via IPv4 Clouds", RFC 3056, February 2001. [RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and More-Specific Routes", RFC 4191, November 2005. [RFC4214] Templin, F., Gleeson, T., Talwar, M., and D. Thaler, "Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)", RFC 4214, October 2005. [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", RFC 4862, September 2007. [RFC5214] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214, March 2008. Authors' Addresses Hemant Singh Cisco Systems, Inc. 1414 Massachusetts Ave. Boxborough, MA 01719 USA Phone: +1 978 936 1622 Email: shemant@cisco.com URI: http://www.cisco.com/ Wes Beebee Cisco Systems, Inc. 1414 Massachusetts Ave. Boxborough, MA 01719 USA Phone: +1 978 936 2030 Email: wbeebee@cisco.com URI: http://www.cisco.com/ Singh & Beebee Expires February 19, 2010 [Page 7]