< draft-ietf-homenet-arch-05.txt   draft-ietf-homenet-arch-06.txt >
Network Working Group T. Chown, Ed. Network Working Group T. Chown, Ed.
Internet-Draft University of Southampton Internet-Draft University of Southampton
Intended status: Informational J. Arkko Intended status: Informational J. Arkko
Expires: April 22, 2013 Ericsson Expires: April 25, 2013 Ericsson
A. Brandt A. Brandt
Sigma Designs Sigma Designs
O. Troan O. Troan
Cisco Systems, Inc. Cisco Systems, Inc.
J. Weil J. Weil
Time Warner Cable Time Warner Cable
October 19, 2012 October 22, 2012
Home Networking Architecture for IPv6 Home Networking Architecture for IPv6
draft-ietf-homenet-arch-05 draft-ietf-homenet-arch-06
Abstract Abstract
This text describes evolving networking technology within This text describes evolving networking technology within
increasingly large residential home networks. The goal of this increasingly large residential home networks. The goal of this
document is to define an architecture for IPv6-based home networking, document is to define an architecture for IPv6-based home networking,
while describing the associated principles, considerations and while describing the associated principles, considerations and
requirements. The text briefly highlights the specific implications requirements. The text briefly highlights the specific implications
of the introduction of IPv6 for home networking, discusses the of the introduction of IPv6 for home networking, discusses the
elements of the architecture, and suggests how standard IPv6 elements of the architecture, and suggests how standard IPv6
skipping to change at page 1, line 49 skipping to change at page 1, line 49
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 22, 2013. This Internet-Draft will expire on April 25, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 27 skipping to change at page 2, line 27
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Terminology and Abbreviations . . . . . . . . . . . . . . 5 1.1. Terminology and Abbreviations . . . . . . . . . . . . . . 5
2. Effects of IPv6 on Home Networking . . . . . . . . . . . . . . 6 2. Effects of IPv6 on Home Networking . . . . . . . . . . . . . . 6
2.1. Multiple subnets and routers . . . . . . . . . . . . . . . 6 2.1. Multiple subnets and routers . . . . . . . . . . . . . . . 6
2.2. Global addressability and elimination of NAT . . . . . . . 7 2.2. Global addressability and elimination of NAT . . . . . . . 7
2.3. Multi-Addressing of devices . . . . . . . . . . . . . . . 7 2.3. Multi-Addressing of devices . . . . . . . . . . . . . . . 8
2.4. Unique Local Addresses (ULAs) . . . . . . . . . . . . . . 8 2.4. Unique Local Addresses (ULAs) . . . . . . . . . . . . . . 8
2.5. Naming, and manual configuration of IP addresses . . . . . 9 2.5. Naming, and manual configuration of IP addresses . . . . . 9
2.6. IPv6-only operation . . . . . . . . . . . . . . . . . . . 9 2.6. IPv6-only operation . . . . . . . . . . . . . . . . . . . 9
3. Homenet Architecture . . . . . . . . . . . . . . . . . . . . . 10 3. Homenet Architecture . . . . . . . . . . . . . . . . . . . . . 10
3.1. General Principles . . . . . . . . . . . . . . . . . . . . 11 3.1. General Principles . . . . . . . . . . . . . . . . . . . . 11
3.1.1. Reuse existing protocols . . . . . . . . . . . . . . . 11 3.1.1. Reuse existing protocols . . . . . . . . . . . . . . . 11
3.1.2. Minimise changes to hosts and routers . . . . . . . . 11 3.1.2. Minimise changes to hosts and routers . . . . . . . . 11
3.2. Homenet Topology . . . . . . . . . . . . . . . . . . . . . 11 3.2. Homenet Topology . . . . . . . . . . . . . . . . . . . . . 11
3.2.1. Supporting arbitrary topologies . . . . . . . . . . . 11 3.2.1. Supporting arbitrary topologies . . . . . . . . . . . 11
3.2.2. Network topology models . . . . . . . . . . . . . . . 12 3.2.2. Network topology models . . . . . . . . . . . . . . . 12
skipping to change at page 2, line 50 skipping to change at page 2, line 50
3.3. A Self-Organising Network . . . . . . . . . . . . . . . . 18 3.3. A Self-Organising Network . . . . . . . . . . . . . . . . 18
3.3.1. Homenet realms and borders . . . . . . . . . . . . . . 19 3.3.1. Homenet realms and borders . . . . . . . . . . . . . . 19
3.3.2. Largest practical subnets . . . . . . . . . . . . . . 20 3.3.2. Largest practical subnets . . . . . . . . . . . . . . 20
3.3.3. Handling multiple homenets . . . . . . . . . . . . . . 20 3.3.3. Handling multiple homenets . . . . . . . . . . . . . . 20
3.3.4. Coordination of configuration information . . . . . . 20 3.3.4. Coordination of configuration information . . . . . . 20
3.4. Homenet Addressing . . . . . . . . . . . . . . . . . . . . 21 3.4. Homenet Addressing . . . . . . . . . . . . . . . . . . . . 21
3.4.1. Use of ISP-delegated IPv6 prefixes . . . . . . . . . . 21 3.4.1. Use of ISP-delegated IPv6 prefixes . . . . . . . . . . 21
3.4.2. Stable internal IP addresses . . . . . . . . . . . . . 22 3.4.2. Stable internal IP addresses . . . . . . . . . . . . . 22
3.4.3. Internal prefix delegation . . . . . . . . . . . . . . 23 3.4.3. Internal prefix delegation . . . . . . . . . . . . . . 23
3.4.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . 24 3.4.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . 24
3.5. Routing functionality . . . . . . . . . . . . . . . . . . 24 3.5. Routing functionality . . . . . . . . . . . . . . . . . . 25
3.5.1. Multicast routing . . . . . . . . . . . . . . . . . . 26 3.5.1. Multicast support . . . . . . . . . . . . . . . . . . 26
3.6. Security . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.6. Security . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.6.1. Addressability vs reachability . . . . . . . . . . . . 26 3.6.1. Addressability vs reachability . . . . . . . . . . . . 27
3.6.2. Filtering at borders . . . . . . . . . . . . . . . . . 27 3.6.2. Filtering at borders . . . . . . . . . . . . . . . . . 28
3.6.3. Marginal Effectiveness of NAT and Firewalls . . . . . 28 3.6.3. Marginal Effectiveness of NAT and Firewalls . . . . . 28
3.6.4. Device capabilities . . . . . . . . . . . . . . . . . 28 3.6.4. Device capabilities . . . . . . . . . . . . . . . . . 29
3.6.5. ULAs as a hint of connection origin . . . . . . . . . 28 3.6.5. ULAs as a hint of connection origin . . . . . . . . . 29
3.7. Naming and Service Discovery . . . . . . . . . . . . . . . 29 3.7. Naming and Service Discovery . . . . . . . . . . . . . . . 29
3.7.1. Discovering services . . . . . . . . . . . . . . . . . 29 3.7.1. Discovering services . . . . . . . . . . . . . . . . . 29
3.7.2. Assigning names to devices . . . . . . . . . . . . . . 29 3.7.2. Assigning names to devices . . . . . . . . . . . . . . 30
3.7.3. Name spaces . . . . . . . . . . . . . . . . . . . . . 30 3.7.3. Name spaces . . . . . . . . . . . . . . . . . . . . . 30
3.7.4. The homenet name service . . . . . . . . . . . . . . . 31 3.7.4. The homenet name service . . . . . . . . . . . . . . . 32
3.7.5. Independent operation . . . . . . . . . . . . . . . . 32 3.7.5. Independent operation . . . . . . . . . . . . . . . . 33
3.7.6. Considerations for LLNs . . . . . . . . . . . . . . . 33 3.7.6. Considerations for LLNs . . . . . . . . . . . . . . . 33
3.7.7. DNS resolver discovery . . . . . . . . . . . . . . . . 33 3.7.7. DNS resolver discovery . . . . . . . . . . . . . . . . 34
3.8. Other Considerations . . . . . . . . . . . . . . . . . . . 33 3.8. Other Considerations . . . . . . . . . . . . . . . . . . . 34
3.8.1. Proxy or Extend? . . . . . . . . . . . . . . . . . . . 33 3.8.1. Proxy or Extend? . . . . . . . . . . . . . . . . . . . 34
3.8.2. Quality of Service . . . . . . . . . . . . . . . . . . 34 3.8.2. Quality of Service . . . . . . . . . . . . . . . . . . 35
3.8.3. Operations and Management . . . . . . . . . . . . . . 34 3.8.3. Operations and Management . . . . . . . . . . . . . . 35
3.9. Implementing the Architecture on IPv6 . . . . . . . . . . 35 3.9. Implementing the Architecture on IPv6 . . . . . . . . . . 35
4. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 35 4. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 36
5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 35 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5.1. Normative References . . . . . . . . . . . . . . . . . . . 35 5.1. Normative References . . . . . . . . . . . . . . . . . . . 36
5.2. Informative References . . . . . . . . . . . . . . . . . . 36 5.2. Informative References . . . . . . . . . . . . . . . . . . 37
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 39 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 40
Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . . 40 Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . . 40
B.1. Version 05 . . . . . . . . . . . . . . . . . . . . . . . . 40 B.1. Version 06 . . . . . . . . . . . . . . . . . . . . . . . . 41
B.2. Version 04 . . . . . . . . . . . . . . . . . . . . . . . . 40 B.2. Version 05 . . . . . . . . . . . . . . . . . . . . . . . . 41
B.3. Version 03 . . . . . . . . . . . . . . . . . . . . . . . . 40 B.3. Version 04 . . . . . . . . . . . . . . . . . . . . . . . . 41
B.4. Version 02 . . . . . . . . . . . . . . . . . . . . . . . . 42 B.4. Version 03 . . . . . . . . . . . . . . . . . . . . . . . . 41
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 42 B.5. Version 02 . . . . . . . . . . . . . . . . . . . . . . . . 43
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 43
1. Introduction 1. Introduction
This document focuses on evolving networking technology within This document focuses on evolving networking technology within
increasingly large residential home networks and the associated increasingly large residential home networks and the associated
challenges with their deployment and operation. There is a growing challenges with their deployment and operation. There is a growing
trend in home networking for the proliferation of networking trend in home networking for the proliferation of networking
technology in an increasingly broad range of devices and media. This technology in an increasingly broad range of devices and media. This
evolution in scale and diversity sets requirements on IETF protocols. evolution in scale and diversity sets requirements on IETF protocols.
Some of these requirements relate to the introduction of IPv6, others Some of these requirements relate to the introduction of IPv6, others
skipping to change at page 4, line 26 skipping to change at page 4, line 26
While at the time of writing some complex home network topologies While at the time of writing some complex home network topologies
exist, most operate based on IPv4, employ solutions that we would exist, most operate based on IPv4, employ solutions that we would
like to avoid such as (cascaded) network address translation (NAT), like to avoid such as (cascaded) network address translation (NAT),
or require expert assistance to set up. In IPv6 home networks, there or require expert assistance to set up. In IPv6 home networks, there
are likely to be scenarios where internal routing is required, for are likely to be scenarios where internal routing is required, for
example to support private and guest networks, in which case such example to support private and guest networks, in which case such
networks may use increasing numbers of subnets, and require methods networks may use increasing numbers of subnets, and require methods
for IPv6 prefixes to be delegated to those subnets. The assumption for IPv6 prefixes to be delegated to those subnets. The assumption
of this document is that the homenet is as far as possible self- of this document is that the homenet is as far as possible self-
organising and self-configuring, and is thus need not be pro-actively organising and self-configuring, and thus need not be pro-actively
managed by the residential user. managed by the residential user.
The architectural constructs in this document are focused on the The architectural constructs in this document are focused on the
problems to be solved when introducing IPv6 with an eye towards a problems to be solved when introducing IPv6 with an eye towards a
better result than what we have today with IPv4, as well as a better better result than what we have today with IPv4, as well as a better
result than if the IETF had not given this specific guidance. The result than if the IETF had not given this specific guidance. The
document aims to provide the basis and guiding principles for how document aims to provide the basis and guiding principles for how
standard IPv6 mechanisms and addressing [RFC2460] [RFC4291] can be standard IPv6 mechanisms and addressing [RFC2460] [RFC4291] can be
employed in home networking, while coexisting with existing IPv4 employed in home networking, while coexisting with existing IPv4
mechanisms. In emerging dual-stack home networks it is vital that mechanisms. In emerging dual-stack home networks it is vital that
introducing IPv6 does not adversely affect IPv4 operation. We assume introducing IPv6 does not adversely affect IPv4 operation. We assume
that the IPv4 network architecture in home networks is what it is, that the IPv4 network architecture in home networks is what it is,
and can not be affected by new recommendations. Future deployments, and can not be affected by new recommendations. It should not be
or specific subnets within an otherwise dual-stack home network, may assumed that any future new functionality created with IPv6 in mind
be IPv6-only, in which case considerations for IPv4 impact would not will be backward-compatible to include IPv4 support. Further, future
apply. deployments, or specific subnets within an otherwise dual-stack home
network, may be IPv6-only, in which case considerations for IPv4
impact would not apply.
This architecture document proposes a baseline homenet architecture, This architecture document proposes a baseline homenet architecture,
based on protocols and implementations that are as far as possible based on protocols and implementations that are as far as possible
proven and robust. The scope of the document is primarily the proven and robust. The scope of the document is primarily the
network layer technologies that provide the basic functionality to network layer technologies that provide the basic functionality to
enable addressing, connectivity, routing, naming and service enable addressing, connectivity, routing, naming and service
discovery. While it may, for example, state that homenet components discovery. While it may, for example, state that homenet components
must be simple to deploy and use, it does not discuss specific user must be simple to deploy and use, it does not discuss specific user
interfaces, nor does it discuss specific physical, wireless or data- interfaces, nor does it discuss specific physical, wireless or data-
link layer considerations. link layer considerations.
skipping to change at page 6, line 51 skipping to change at page 7, line 6
technology and link layers designed for low-power and lossy networks technology and link layers designed for low-power and lossy networks
(LLNs), such as those used for certain types of sensor devices. (LLNs), such as those used for certain types of sensor devices.
Constraining the flow of certain traffic from Ethernet links to much Constraining the flow of certain traffic from Ethernet links to much
lower capacity links thus becomes an important topic. lower capacity links thus becomes an important topic.
The addition of routing between subnets raises the issue of how to The addition of routing between subnets raises the issue of how to
extend mechanisms such as service discovery which currently rely on extend mechanisms such as service discovery which currently rely on
link-local addressing to limit scope. There are two broad choices; link-local addressing to limit scope. There are two broad choices;
extend existing protocols to work across the scope of the homenet, or extend existing protocols to work across the scope of the homenet, or
introduce proxies for existing link layer protocols. This topic is introduce proxies for existing link layer protocols. This topic is
discussed later in the document. discussed later in the document. It may also be more appropriate to
use a different protocol instead, in which case it should preferably
be a proven, existing protocol.
There will also be the need to discover which routers in the homenet There will also be the need to discover which routers in the homenet
are the border router(s) by an appropriate mechanism. Here, there are the border router(s) by an appropriate mechanism. Here, there
are a number of choices, including the use of an appropriate service are a number of choices, including the use of an appropriate service
discovery protocol. Whatever method is chosen would likely have to discovery protocol. Whatever method is chosen would likely have to
deal with handling more than one router responding in multihomed deal with handling more than one router responding in multihomed
environments. environments.
2.2. Global addressability and elimination of NAT 2.2. Global addressability and elimination of NAT
skipping to change at page 7, line 50 skipping to change at page 8, line 8
external traffic initiated into a homenet. It is important to external traffic initiated into a homenet. It is important to
distinguish between addressability and reachability. While IPv6 distinguish between addressability and reachability. While IPv6
offers global addressability through use of globally unique addresses offers global addressability through use of globally unique addresses
in the home, whether they are globally reachable or not would depend in the home, whether they are globally reachable or not would depend
on the firewall or filtering configuration, and not, as is commonly on the firewall or filtering configuration, and not, as is commonly
the case with IPv4, the presence or use of NAT. the case with IPv4, the presence or use of NAT.
2.3. Multi-Addressing of devices 2.3. Multi-Addressing of devices
In an IPv6 network, devices may acquire multiple addresses, typically In an IPv6 network, devices may acquire multiple addresses, typically
at least a link-local address and a globally unique address. They at least a link-local address and one or more globally unique
may also have an IPv4 address if the network is dual-stack, a Unique addresses. They may also have an IPv4 address if the network is
Local Address (ULA) [RFC4193] (see below), and one or more IPv6 dual-stack, a Unique Local Address (ULA) [RFC4193] (see below), and
Privacy Addresses [RFC4941]. one or more IPv6 Privacy Addresses [RFC4941].
Thus it should be considered the norm for devices on IPv6 home Thus it should be considered the norm for devices on IPv6 home
networks to be multi-addressed, and to need to make appropriate networks to be multi-addressed, and to need to make appropriate
address selection decisions for the candidate source and destination address selection decisions for the candidate source and destination
address pairs. Default Address Selection for IPv6 [RFC6724] provides address pairs. Default Address Selection for IPv6 [RFC6724] provides
a solution for this, though it may face problems in the event of a solution for this, though it may face problems in the event of
multihoming, where nodes will be configured with one address from multihoming, where nodes will be configured with one address from
each upstream ISP prefix. In such cases the presence of upstream each upstream ISP prefix. In such cases the presence of upstream
ingress filtering requires multi-addressed nodes to select the ingress filtering requires multi-addressed nodes to select the
correct source address to be used for the corresponding uplink, to correct source address to be used for the corresponding uplink, to
skipping to change at page 8, line 29 skipping to change at page 8, line 36
2.4. Unique Local Addresses (ULAs) 2.4. Unique Local Addresses (ULAs)
[RFC4193] defines Unique Local Addresses (ULAs) for IPv6 that may be [RFC4193] defines Unique Local Addresses (ULAs) for IPv6 that may be
used to address devices within the scope of a single site. Support used to address devices within the scope of a single site. Support
for ULAs for IPv6 CERs is described in [RFC6204]. A home network for ULAs for IPv6 CERs is described in [RFC6204]. A home network
running IPv6 may deploy ULAs for stable communication between devices running IPv6 may deploy ULAs for stable communication between devices
(on different subnets) within the network where the externally (on different subnets) within the network where the externally
allocated global prefix changes over time (e.g. due to renumbering allocated global prefix changes over time (e.g. due to renumbering
within the subscriber's ISP) or where external connectivity is within the subscriber's ISP) or where external connectivity is
temporarily unavailable. temporarily unavailable. In the case where multiple routers exist in
the homenet, a mechanism for the creation of a single overlapping /48
ULA prefix is desirable for addressing consistency and policy
enforcement.
A counter-argument to using ULAs is that it is undesirable to A counter-argument to using ULAs is that it is undesirable to
aggressively deprecate global prefixes for temporary loss of aggressively deprecate global prefixes for temporary loss of
connectivity, so for a host to lose its global address there would connectivity, so for a host to lose its global address there would
have to be a connection breakage longer than the lease period, and have to be a connection breakage longer than the lease period, and
even then, deprecating prefixes when there is no connectivity may not even then, deprecating prefixes when there is no connectivity may not
be advisable. It should also be noted that there may be timers on be advisable. It should also be noted that there may be timers on
the prefix lease to the homenet, on the internal prefix delegations, the prefix lease to the homenet, on the internal prefix delegations,
and on the Router Advertisements to the hosts. Despite this counter- and on the Router Advertisements to the hosts. Despite this counter-
argument, while setting a network up there may be a period with no argument, while setting a network up there may be a period with no
skipping to change at page 9, line 15 skipping to change at page 9, line 24
2.5. Naming, and manual configuration of IP addresses 2.5. Naming, and manual configuration of IP addresses
Some IPv4 home networking devices expose IPv4 addresses to users, Some IPv4 home networking devices expose IPv4 addresses to users,
e.g. the IPv4 address of a home IPv4 CER that may be configured via a e.g. the IPv4 address of a home IPv4 CER that may be configured via a
web interface. Users should not be expected to enter IPv6 literal web interface. Users should not be expected to enter IPv6 literal
addresses in homenet devices or applications, given their much addresses in homenet devices or applications, given their much
greater length and apparent randomness to a typical home user. While greater length and apparent randomness to a typical home user. While
shorter addresses, perhaps ones registered with IANA from ULA-C space shorter addresses, perhaps ones registered with IANA from ULA-C space
[I-D.hain-ipv6-ulac], could be used for specific devices/services, in [I-D.hain-ipv6-ulac], could be used for specific devices/services, in
general it is better to not expose users to real IPv6 addresses. general it is better not to expose users to real IPv6 addresses.
Thus, even for the simplest of functions, simple naming and the Thus, even for the simplest of functions, simple naming and the
associated (ideally zero configuration) discovery of services is associated (minimal, and ideally zero configuration) discovery of
imperative for the easy deployment and use of homenet devices and services is imperative for the easy deployment and use of homenet
applications. devices and applications.
In a multi-subnet homenet, naming and service discovery should be In a multi-subnet homenet, naming and service discovery should be
expected to be capable of operating across the scope of the entire expected to be capable of operating across the scope of the entire
home network, and thus be able to cross subnet boundaries. It should home network, and thus be able to cross subnet boundaries. It should
be noted that in IPv4, such services do not generally function across be noted that in IPv4, such services do not generally function across
home router NAT boundaries, so this is one area where there is room home router NAT boundaries, so this is one area where there is room
for improvement in IPv6. for improvement in IPv6.
2.6. IPv6-only operation 2.6. IPv6-only operation
skipping to change at page 9, line 43 skipping to change at page 10, line 4
requirements, e.g. for devices to get configuration information via requirements, e.g. for devices to get configuration information via
IPv6 transport (not relying on an IPv4 protocol such as IPv4 DHCP), IPv6 transport (not relying on an IPv4 protocol such as IPv4 DHCP),
and for devices to be able to initiate communications to external and for devices to be able to initiate communications to external
devices that are IPv4-only. Thus, for example, the following devices that are IPv4-only. Thus, for example, the following
requirements are amongst those that should be considered in IPv6-only requirements are amongst those that should be considered in IPv6-only
environments: environments:
o Ensuring there is a way to access content in the IPv4 Internet. o Ensuring there is a way to access content in the IPv4 Internet.
This can be arranged through appropriate use of NAT64 [RFC6144] This can be arranged through appropriate use of NAT64 [RFC6144]
and DNS64 [RFC6145], for example, or via a node-based DS-Lite and DNS64 [RFC6145], for example, or via a node-based DS-Lite
[RFC6333] approach. [RFC6333] approach.
o DNS discovery mechanisms are enabled for IPv6. Both stateless o DNS discovery mechanisms are enabled for IPv6. Both stateless
DHCPv6 [RFC3736] [RFC3646] and Router Advertisement options DHCPv6 [RFC3736] [RFC3646] and Router Advertisement options
[RFC6106] may have to be supported and turned on by default to [RFC6106] may have to be supported and turned on by default to
ensure maximum compatibility with all types of hosts in the ensure maximum compatibility with all types of hosts in the
network. This requires, however, that a working DNS server is network. This requires, however, that a working DNS server is
known and addressable via IPv6, and that the automatic discovery known and addressable via IPv6, and that the automatic discovery
of such a server is possible through multiple routers in the of such a server is possible through multiple routers in the
homenet. homenet.
o All nodes in the home network support operations in IPv6-only o All nodes in the home network support operations in IPv6-only
mode. Some current devices work well with dual-stack but fail to mode. Some current devices work well with dual-stack but fail to
recognise connectivity when IPv4 DHCP fails, for instance. recognise connectivity when IPv4 DHCP fails, for instance.
The widespread availability of robust solutions to these types of The widespread availability of robust solutions to these types of
requirements will help accelerate the uptake of IPv6-only homenets. requirements will help accelerate the uptake of IPv6-only homenets.
The specifics of these are however beyond the scope of this document, The specifics of these are however beyond the scope of this document,
especially those functions that reside on the CPE. especially those functions that reside on the CER.
3. Homenet Architecture 3. Homenet Architecture
The aim of this architecture text is to outline how to construct The aim of this architecture text is to outline how to construct
advanced IPv6-based home networks involving multiple routers and advanced IPv6-based home networks involving multiple routers and
subnets using standard IPv6 protocols and addressing [RFC2460] subnets using standard IPv6 protocols and addressing [RFC2460]
[RFC4291]. In this section, we present the elements of such a home [RFC4291]. In this section, we present the elements of such a home
networking architecture, with discussion of the associated design networking architecture, with discussion of the associated design
principles. principles.
skipping to change at page 11, line 32 skipping to change at page 11, line 40
weight to running code, is preferable. Where new protocols are weight to running code, is preferable. Where new protocols are
required, evidence of commitment to implementation by appropriate required, evidence of commitment to implementation by appropriate
vendors or development communities is highly desirable. Protocols vendors or development communities is highly desirable. Protocols
used should be backwardly compatible, and forward compatible where used should be backwardly compatible, and forward compatible where
changes are made. changes are made.
3.1.2. Minimise changes to hosts and routers 3.1.2. Minimise changes to hosts and routers
Where possible, any requirement for changes to hosts and routers Where possible, any requirement for changes to hosts and routers
should be minimised, though solutions which, for example, should be minimised, though solutions which, for example,
incrementally improve with host changes may be acceptable. incrementally improve with host or router changes may be acceptable.
3.2. Homenet Topology 3.2. Homenet Topology
This section considers homenet topologies, and the principles that This section considers homenet topologies, and the principles that
may be applied in designing an architecture to support as wide a may be applied in designing an architecture to support as wide a
range as possible of such topologies. range as possible of such topologies.
3.2.1. Supporting arbitrary topologies 3.2.1. Supporting arbitrary topologies
There should ideally be no built-in assumptions about the topology in There should ideally be no built-in assumptions about the topology in
home networks, as users are capable of connecting their devices in home networks, as users are capable of connecting their devices in
"ingenious" ways. Thus arbitrary topologies and arbitrary routing "ingenious" ways. Thus arbitrary topologies and arbitrary routing
will need to be supported, or at least the failure mode for when the will need to be supported, or at least the failure mode for when the
user makes a mistake should be as robust as possible, e.g. de- user makes a mistake should be as robust as possible, e.g. de-
activating a certain part of the infrastructure to allow the rest to activating a certain part of the infrastructure to allow the rest to
operate. In such cases, the user should ideally have some useful operate. In such cases, the user should ideally have some useful
indication of the failure mode encountered. indication of the failure mode encountered.
There are no topology secenarios which could cause loss of There are no topology scenarios which could cause loss of
connectivity, except when the user creates a physical island within connectivity, except when the user creates a physical island within
the topology. Some potentially pathological cases that can be the topology. Some potentially pathological cases that can be
created include bridging ports of a router together, however this created include bridging ports of a router together, however this
case can be detected and dealt with by the router. Routing cycles case can be detected and dealt with by the router. Loops within a
within a topology are in a sense good in that they offer redundancy. routed topology are in a sense good in that they offer redundancy.
Bridging cyslces can be dangerous but are also detectable when a Bridging loops can be dangerous but are also detectable when a switch
switch learns the MAC of one of its interfaces on another or runs a learns the MAC of one of its interfaces on another or runs a spanning
spanning tree or link state protocol. It is only cycles using simple tree or link state protocol. It is only loops using simple repeaters
repeaters that are truly pathological. that are truly pathological.
3.2.2. Network topology models 3.2.2. Network topology models
Most IPv4 home network models at the time of writing tend to be Most IPv4 home network models at the time of writing tend to be
relatively simple, typically a single NAT router to the ISP and a relatively simple, typically a single NAT router to the ISP and a
single internal subnet but, as discussed earlier, evolution in single internal subnet but, as discussed earlier, evolution in
network architectures is driving more complex topologies, such as the network architectures is driving more complex topologies, such as the
separation of guest and private networks. There may also be some separation of guest and private networks. There may also be some
cascaded IPv4 NAT scenarios, which we mention in the next section. cascaded IPv4 NAT scenarios, which we mention in the next section.
skipping to change at page 13, line 5 skipping to change at page 13, line 11
o Demarcation of the CER. The CER(s) may or may not be managed by o Demarcation of the CER. The CER(s) may or may not be managed by
the ISP. If the demarcation point is such that the customer can the ISP. If the demarcation point is such that the customer can
provide or manage the CER, its configuration must be simple. Both provide or manage the CER, its configuration must be simple. Both
models must be supported. models must be supported.
Various forms of multihoming are likely to be more prevalent with Various forms of multihoming are likely to be more prevalent with
IPv6 home networks, as discussed further below. Thus the following IPv6 home networks, as discussed further below. Thus the following
properties should also be considered for such networks: properties should also be considered for such networks:
o Number of upstream providers. A typical homenet might just have a o Number of upstream providers. The majority of home networks today
single upstream ISP, but it may become more common for there to be consist of a single upstream ISP, but it may become more common in
multiple ISPs, whether for resilience or provision of additional the future for there to be multiple ISPs, whether for resilience
services. Each would offer its own prefix. Some may or may not or provision of additional services. Each would offer its own
be walled gardens. prefix. Some may or may not provide a default route to the public
Internet.
o Number of CERs. The homenet may have a single CER, which might be o Number of CERs. The homenet may have a single CER, which might be
used for one or more providers, or multiple CERs. The presence of used for one or more providers, or multiple CERs. The presence of
multiple CERs adds additional complexity for multihoming multiple CERs adds additional complexity for multihoming
scenarios, and protocols like PCP that need to manage connection- scenarios, and protocols like PCP that need to manage connection-
oriented state mappings. oriented state mappings.
In the following sections we give some examples of the types of In the following sections we give some examples of the types of
homenet topologies we may see in the future. This is not intended to homenet topologies we may see in the future. This is not intended to
be an exhaustive or complete list, rather an indicative one to be an exhaustive or complete list, rather an indicative one to
skipping to change at page 14, line 48 skipping to change at page 14, line 48
|IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | | |IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | |
| H5 | | H6 | | H7 | | H8 | / | H5 | | H6 | | H7 | | H8 | /
+----------+ +----------+ +----------+ +----------+ / +----------+ +----------+ +----------+ +----------+ /
Figure 1 Figure 1
In this diagram there is one CER. It has a single uplink interface. In this diagram there is one CER. It has a single uplink interface.
It has three additional interfaces connected to Network A, Link F, It has three additional interfaces connected to Network A, Link F,
and Network B. IPv6 Internal Router (IR) has four interfaces and Network B. IPv6 Internal Router (IR) has four interfaces
connected to Link F, Network C, Network D and Network E. Network B connected to Link F, Network C, Network D and Network E. Network B
and Network E have been bridged, likely inadvertedly. This could be and Network E have been bridged, likely inadvertently. This could be
as a result of connecting a wire between a switch for Network B and a as a result of connecting a wire between a switch for Network B and a
switch for Network E. switch for Network E.
Any of logical Networks A through F might be wired or wireless. Any of logical Networks A through F might be wired or wireless.
Where multiple hosts are shown, this might be through one or more Where multiple hosts are shown, this might be through one or more
physical ports on the CER or IPv6 (IR), wireless networks, or through physical ports on the CER or IPv6 (IR), wireless networks, or through
one or more layer-2 only ethernet switches. one or more layer-2 only Ethernet switches.
3.2.2.2. B: Two ISPs, Two CERs, Shared subnet 3.2.2.2. B: Two ISPs, Two CERs, Shared subnet
+-------+-------+ +-------+-------+ \ +-------+-------+ +-------+-------+ \
| Service | | Service | \ | Service | | Service | \
| Provider A | | Provider B | | Service | Provider A | | Provider B | | Service
| Router | | Router | | Provider | Router | | Router | | Provider
+------+--------+ +-------+-------+ | network +------+--------+ +-------+-------+ | network
| | / | | /
| Customer | / | Customer | /
skipping to change at page 19, line 34 skipping to change at page 19, line 34
It is expected that a realm would span at least an entire subnet, and It is expected that a realm would span at least an entire subnet, and
thus be associated to one delegated prefix within the homenet. It is thus be associated to one delegated prefix within the homenet. It is
also desirable for a richer security model that hosts, which may be also desirable for a richer security model that hosts, which may be
running in a transparent communication mode, are able to make running in a transparent communication mode, are able to make
decisions based on available realm and associated prefix information decisions based on available realm and associated prefix information
in the same way that routers at realm borders can. in the same way that routers at realm borders can.
A simple homenet model may just consider three types of realm and the A simple homenet model may just consider three types of realm and the
borders between them. For example if the realms are the homenet, the borders between them. For example if the realms are the homenet, the
ISP and the guest network, then the borders will include that from ISP and the guest network, then the borders will include that from
the homenet to the ISP, and that from the homenet to a guest network. the homenet to the ISP, that from the guest network to the ISP, and
Regardless, it should be possible for additional types of realms and that from the homenet to the guest network. Regardless, it should be
borders to be defined, e.g. for some specific Grid or LLN-based possible for additional types of realms and borders to be defined,
network, and for these to be detected automatically, and for an e.g. for some specific Grid or LLN-based network, and for these to be
appropriate default policy to be applied as to what type of traffic/ detected automatically, and for an appropriate default policy to be
data can flow across such borders. applied as to what type of traffic/data can flow across such borders.
It is desirable to classify the external border of the home network It is desirable to classify the external border of the home network
as a unique logical interface separating the home network from as a unique logical interface separating the home network from
service provider network/s. This border interface may be a single service provider network/s. This border interface may be a single
physical interface to a single service provider, multiple layer 2 physical interface to a single service provider, multiple layer 2
sub-interfaces to a single service provider, or multiple connections sub-interfaces to a single service provider, or multiple connections
to a single or multiple providers. This border makes it possible to to a single or multiple providers. This border makes it possible to
describe edge operations and interface requirements across multiple describe edge operations and interface requirements across multiple
functional areas including security, routing, service discovery, and functional areas including security, routing, service discovery, and
router discovery. router discovery.
skipping to change at page 21, line 33 skipping to change at page 21, line 33
make no assumptions about the stability of the prefix received from make no assumptions about the stability of the prefix received from
an ISP, or the length of the prefix that may be offered. However, if an ISP, or the length of the prefix that may be offered. However, if
only a /64 is offered by the ISP, the homenet may be severely only a /64 is offered by the ISP, the homenet may be severely
constrained (with IPv6 not reaching all devices in the home, or use constrained (with IPv6 not reaching all devices in the home, or use
of some form of IPv6 NAT being forced), or even unable to function. of some form of IPv6 NAT being forced), or even unable to function.
While it may be possible to operate a DHCPv6-only network with While it may be possible to operate a DHCPv6-only network with
prefixes longer than /64, doing so would break SLAAC, and is thus not prefixes longer than /64, doing so would break SLAAC, and is thus not
recommended. recommended.
A DHCPv6-PD capable router should "hint" that it would like a /48 A DHCPv6-PD capable router should "hint" that it would like a /48
prefix from its ISP, i.e. the CPE asks the ISP for the maximum size prefix from its ISP, i.e. the CER asks the ISP for the maximum size
prefix it might expect to be offered, but in practice it may prefix it might expect to be offered, but in practice it may
typically only be offered a /56 or /60. typically only be offered a /56 or /60.
The internal operation of the home network should also not depend on The internal operation of the home network should also not depend on
the availability of the ISP network at any given time, other than for the availability of the ISP network at any given time, other than for
connectivity to services or systems off the home network. This connectivity to services or systems off the home network. This
implies the use of ULAs for stable internal communication, as implies the use of ULAs for stable internal communication, as
described in the next section. described in the next section.
In practice, it is expected that ISPs will deliver a relatively In practice, it is expected that ISPs will deliver a relatively
skipping to change at page 22, line 31 skipping to change at page 22, line 31
The customer may of course also choose to move to a new ISP, and thus The customer may of course also choose to move to a new ISP, and thus
begin using a new prefix. In such cases the customer should expect a begin using a new prefix. In such cases the customer should expect a
discontinuity, and not only may the prefix change, but potentially discontinuity, and not only may the prefix change, but potentially
also the prefix length, if the new ISP offers a different default also the prefix length, if the new ISP offers a different default
size prefix, e.g. a /60 rather than a /56. Regardless, it's size prefix, e.g. a /60 rather than a /56. Regardless, it's
desirable that homenet protocols support rapid renumbering and that desirable that homenet protocols support rapid renumbering and that
operational processes don't add unnecessary complexity for the operational processes don't add unnecessary complexity for the
renumbering process. renumbering process.
The 6renum WG has studied IPv6 renumbering for enterprise networks. The 6renum WG has studied IPv6 renumbering for enterprise networks.
It has not as yet targetted homenets, but may produce outputs that It has not as yet targeted homenets, but may produce outputs that are
are relevant. The introduction of any new homenet protocols should relevant. The introduction of any new homenet protocols should not
not make any form of renumbering any more complex than it already is. make any form of renumbering any more complex than it already is.
3.4.2. Stable internal IP addresses 3.4.2. Stable internal IP addresses
The network should by default attempt to provide IP-layer The network should by default attempt to provide IP-layer
connectivity between all internal parts of the homenet as well as to connectivity between all internal parts of the homenet as well as to
and from the external Internet, subject to the filtering policies or and from the external Internet, subject to the filtering policies or
other policy constraints discussed later in the security section. other policy constraints discussed later in the security section.
ULAs should be used within the scope of a homenet to support routing ULAs should be used within the scope of a homenet to support routing
between subnets regardless of whether a globally unique ISP-provided between subnets regardless of whether a globally unique ISP-provided
skipping to change at page 23, line 16 skipping to change at page 23, line 16
memory. Updating global prefixes in sleeping LLN devices might also memory. Updating global prefixes in sleeping LLN devices might also
be problematic. be problematic.
ULAs may be used for all devices, not just those intended to only ULAs may be used for all devices, not just those intended to only
have internal connectivity. ULAs used in this way provide stable have internal connectivity. ULAs used in this way provide stable
internal communications should the ISP-provided prefix (suddenly) internal communications should the ISP-provided prefix (suddenly)
change, or external connectivity be temporarily lost. The use of change, or external connectivity be temporarily lost. The use of
ULAs should be restricted to the homenet scope through filtering at ULAs should be restricted to the homenet scope through filtering at
the border(s) of the homenet, as described in RFC 6092. the border(s) of the homenet, as described in RFC 6092.
Note that it is possible that in some cases multiple /48 ULA prefixes
may be in use within the same homenet, e.g. when the network is being
deployed, perhaps also without external connectivity. It is expect
that routers in the homenet would somehow elect a 'master' that would
be responsible for delegating /64 prefixes to internal requesting
routers, much as routers obtain /64 global prefixes from the prefix
pool delegated by the ISP to the CER. In cases where multiple ULA
/48's are in use, hosts need to know that each /48 is local to the
homenet, e.g. by inclusion in their local address selection policy
table.
3.4.3. Internal prefix delegation 3.4.3. Internal prefix delegation
As mentioned above, there are various sources of prefixes, e.g. they As mentioned above, there are various sources of prefixes, e.g. they
may be globally unique prefixes originating from ISP(s), they may be may be globally unique prefixes originating from ISP(s), they may be
globally unique or ULA prefixes allocated by "master" router(s) in globally unique or ULA prefixes allocated by "master" router(s) in
the homenet, or they may be ULAs allocated by LLN gateways. There the homenet, or they may be ULAs allocated by LLN gateways. There
may also be a prefix associated with NAT64, if in use in the homenet. may also be a prefix associated with NAT64, if in use in the homenet.
From the homenet perspective, a single prefix from each ISP should be From the homenet perspective, a single prefix from each ISP should be
received on the border CER [RFC3633]. Then each subnet in the received on the border CER [RFC3633]. Then each subnet in the
homenet should receive a prefix from within the ISP-provided homenet should receive a prefix from within the ISP-provided
prefix(es). The ISP should only see the aggregate from the homenet, prefix(es).
and not single /64 prefixes allocated within the homenet.
Delegation should be autonomous, and not assume a flat or The delegation of a prefix pool to the homenet should allow
hierarchical model. This text makes no assumption about whether the subsequent internal autonomous delegation of prefixes within the
delegation of prefixes is distributed or centralised. The assignment homenet, which should not assume a flat or hierarchical model. This
mechanism should provide reasonable efficiency, so that typical home text also makes no assumption about whether the delegation of
network prefix allocation sizes can accommodate all the necessary /64 prefixes is distributed or centralised. The assignment mechanism
should provide reasonable efficiency, so that typical home network
prefix allocation sizes can accommodate all the necessary /64
allocations in most cases, and not waste prefixes. A currently allocations in most cases, and not waste prefixes. A currently
typical /60 allocation gives 16 /64 subnets. Duplicate assignment of typical /60 allocation gives 16 /64 subnets. Duplicate assignment of
multiple /64s to the same network should be avoided. The network multiple /64s to the same network should be avoided. The network
should behave as gracefully as possible in the event of prefix should behave as gracefully as possible in the event of prefix
exhaustion, though the options in such cases may be limited. exhaustion, though the options in such cases may be limited.
Where multiple CERs exist with multiple ISP prefix pools, it is Where multiple CERs exist with multiple ISP prefix pools, it is
expected that routers within the homenet would assign themselves expected that routers within the homenet would assign themselves
prefixes from each ISP they communicate with/through. prefixes from each ISP they communicate with/through.
Where ULAs are used, most likely but not necessarily in parallel with Where ULAs are used, most likely but not necessarily in parallel with
global prefixes, one router should be elected to offer ULA prefixes global prefixes, one router should be elected to offer ULA prefixes
for the homenet. The router should generate a /48 ULA for the site, for the homenet. The router should generate a /48 ULA for the site,
and then delegate /64's from that ULA prefix to subnets. In the and then delegate /64's from that ULA prefix to subnets. In the
normal state, a single /48 ULA should be used within the homenet. In normal state, a single /48 ULA should be used within the homenet. In
cases where two /48 ULAs are generated within a homenet, the network cases where two /48 ULAs are generated within a homenet, the network
should still continue to function. should still continue to function, meaning that hosts will need to
determine that each ULA is local to the homenet.
Delegation within the homenet should give each subnet a prefix that Delegation within the homenet should give each subnet a prefix that
is persistent across reboots, power outages and similar short-term is persistent across reboots, power outages and similar short-term
outages. Addition of a new routing device should not affect existing outages. Addition of a new routing device should not affect existing
persistent prefixes, but persistence may not be expected in the face persistent prefixes, but persistence may not be expected in the face
of significant "replumbing" of the homenet. Persistent prefixes of significant "replumbing" of the homenet. Persistent prefixes
should not depend on router boot order. Such persistent prefixes may should not depend on router boot order. Such persistent prefixes may
imply the need for stable storage on routing devices, and also a imply the need for stable storage on routing devices, and also a
method for a home user to "reset" the stored prefix should a method for a home user to "reset" the stored prefix should a
significant reconfiguration be required (though ideally the home user significant reconfiguration be required (though ideally the home user
skipping to change at page 26, line 10 skipping to change at page 26, line 23
may be integrated into the routing protocol itself, but may also be may be integrated into the routing protocol itself, but may also be
imported via a separate discovery mechanism. imported via a separate discovery mechanism.
In general, LLN or other networks should be able to attach and In general, LLN or other networks should be able to attach and
participate the same way as the main homenet, or alternatively map/be participate the same way as the main homenet, or alternatively map/be
gatewayed to the main homenet. Current home deployments use largely gatewayed to the main homenet. Current home deployments use largely
different mechanisms in sensor and basic Internet connectivity different mechanisms in sensor and basic Internet connectivity
networks. IPv6 VM solutions may also add additional routing networks. IPv6 VM solutions may also add additional routing
requirements. requirements.
3.5.1. Multicast routing 3.5.1. Multicast support
It is also desirable that multicast routing is supported across the It is desirable that, subject to the capacities of devices on certain
homenet. The natural scopes for multicast would be link-local or media types, multicast routing is supported across the homenet. The
site-local, with the latter constrained within the homenet, but other natural scopes for multicast would be link-local or site-local, with
policy borders, e.g. to a guest subnet, may also affect where the latter constrained within the homenet, but other policy borders,
specific multicast traffic is routed. e.g. to a guest subnet, or to certain media types, may also affect
where specific multicast traffic is routed.
Where multicast is routed cross a homenet an appropriate multicast There may be different drivers for multicast to be supported across
routing protocol is required, one that as per the unicast routing the homenet, e.g. for service discovery should a proposal such as
protocol should be self-configuring. The multicast environment xmDNS [I-D.lynn-homenet-site-mdns] be deployed, or potentially for
should support the ability for applications to pick a unique novel streaming or filesharing applications. Where multicast is
multicast group to use. routed across a homenet an appropriate multicast routing protocol is
required, one that as per the unicast routing protocol should be
self-configuring. It must be possible to scope or filter multicast
traffic to avoid it being flooded to network media where devices
cannot reasonably support it.
The multicast environment should support the ability for applications
to pick a unique multicast group to use.
3.6. Security 3.6. Security
The security of an IPv6 homenet is an important consideration. The The security of an IPv6 homenet is an important consideration. The
most notable difference to the IPv4 operational model is the removal most notable difference to the IPv4 operational model is the removal
of NAT, the introduction of global addressability of devices, and of NAT, the introduction of global addressability of devices, and
thus a need to consider whether devices should have global thus a need to consider whether devices should have global
reachability. However, there are other challenges introduced, e.g. reachability. However, there are other challenges introduced, e.g.
default filtering policies at the borders between other homenet default filtering policies at the borders between other homenet
realms. realms.
There is no defined "threat model" as such for the type of IPv6 There is no defined "threat model" as such for the type of IPv6
homenet described in this text. Such a document may be very useful. homenet described in this text. Such a document may be very useful.
It may include a variety of perspectives, from probing for specific It may include a variety of perspectives, from probing for specific
types of home appliance being present, to potential denial of service types of home appliance being present, to potential denial of service
attacks. Hosts need to be able to operate securely, end-to-end where attacks. Hosts need to be able to operate securely, end-to-end where
required, but also be robust against malicious traffic direct towards required, but also be robust against malicious traffic direct towards
them. We simply note at this point that software on home devices are them. We simply note at this point that software on home devices are
skipping to change at page 28, line 21 skipping to change at page 28, line 43
LLNs provide an another example of where there may be secure LLNs provide an another example of where there may be secure
perimeters inside the homenet. Constrained LLN nodes may implement perimeters inside the homenet. Constrained LLN nodes may implement
WPA2-style network key security but may depend on access policies WPA2-style network key security but may depend on access policies
enforced by the LLN border router. enforced by the LLN border router.
3.6.3. Marginal Effectiveness of NAT and Firewalls 3.6.3. Marginal Effectiveness of NAT and Firewalls
Security by way of obscurity (address translation) or through Security by way of obscurity (address translation) or through
firewalls (filtering) is at best marginally effective. The very poor firewalls (filtering) is at best marginally effective. The very poor
security track record of home computer, home networking and business security track record of home computer, home networking and business
PC computers and networking is testomony to its ineffectiveness. A PC computers and networking is testimony to its ineffectiveness. A
compromise behind the firewall of any device exposes all others, compromise behind the firewall of any device exposes all others,
making an entire network that relies on obscurity or a firewall as making an entire network that relies on obscurity or a firewall as
vulnerable as the most insecure device on the private side of the vulnerable as the most insecure device on the private side of the
network. network.
However, given home network products with very poor security, putting However, given home network products with very poor security, putting
a firewall in place does provide some protection, even if only a firewall in place does provide some protection, even if only
marginally effective. IPv6 global reachability may increase the need marginally effective. IPv6 global reachability may increase the need
to solve the underlying problem of certain insecure home and business to solve the underlying problem of certain insecure home and business
computer and network products. The use of firewalls today, whether a computer and network products. The use of firewalls today, whether a
skipping to change at page 28, line 48 skipping to change at page 29, line 21
security policies in accordance to their computing capabilities. security policies in accordance to their computing capabilities.
They should have the means to request transparent communications to They should have the means to request transparent communications to
be initiated to them, either for all ports or for specific services. be initiated to them, either for all ports or for specific services.
Users should have simple methods to associate devices to services Users should have simple methods to associate devices to services
that they wish to operate transparently through (CER) borders. that they wish to operate transparently through (CER) borders.
3.6.5. ULAs as a hint of connection origin 3.6.5. ULAs as a hint of connection origin
It has been suggested that using ULAs would provide an indication to It has been suggested that using ULAs would provide an indication to
applications that received traffic is locally sourced. This could applications that received traffic is locally sourced. This could
then be used with security settings to designate where a particular then be used with security settings to designate between which nodes
application is allowed to connect to or receive traffic from. a particular application is allowed to communicate, provided ULA
address space is filtered appropriately at the boundary of the realm.
3.7. Naming and Service Discovery 3.7. Naming and Service Discovery
Naming and service discovery must be supported in the homenet, and Naming and service discovery must be supported in the homenet, and
the service(s) providing this function must support unmanaged the service(s) providing this function must as far as possible
operation. support unmanaged operation.
The naming system will be required to work internally or externally, The naming system will be required to work internally or externally,
be the user within the homenet or outside it. The most natural way be the user within the homenet or outside it. The most natural way
to think about such naming and service discovery is to enable it to to think about such naming and service discovery is to enable it to
work across the entire homenet residence (site), disregarding work across the entire homenet residence (site), disregarding
technical borders such as subnets but respecting policy borders such technical borders such as subnets but respecting policy borders such
as those between guest and other internal network realms. as those between guest and other internal network realms.
3.7.1. Discovering services 3.7.1. Discovering services
skipping to change at page 29, line 35 skipping to change at page 30, line 7
Such interfaces may also typically hide the local domain name element Such interfaces may also typically hide the local domain name element
from users, especially where only one name space is available. As we from users, especially where only one name space is available. As we
discuss below, in some cases the ability to discover available discuss below, in some cases the ability to discover available
domains may be useful. domains may be useful.
We note that current service discovery protocols are generally aimed We note that current service discovery protocols are generally aimed
at single subnets. There is thus a choice to make for multi-subnet at single subnets. There is thus a choice to make for multi-subnet
homenets as to whether such protocols should be proxied or extended homenets as to whether such protocols should be proxied or extended
to operate across a whole homenet. This issue is discussed in more to operate across a whole homenet. This issue is discussed in more
detail in a later section of this text. The outcome may have an detail in a later section of this text. In general we should prefer
impact, for example, on whether support may be required for IPv6 approaches that are backwardly compatible, and allow current
multicast routing across the scope of the whole homenet. In general implementations to continue to be used.
we should prefer approaches that are backwardly compatible, and allow
current implementations to continue to be used. One of the primary challenges facing service discovery today is lack
of interoperability due to the ever increasing number of service
discovery protocols available. While it is conceivable for consumer
devices to support multiple discovery protocols, this is clearly not
the most efficient use of network and computational resources. One
goal of the homenet architecture should be a path to service
discovery protocol interoperability either through a standards based
translation scheme, hooks into current protocols to allow some for of
communication among discovery protocols, extensions to support a
central service repository in the homenet, or convergence towards a
unified protocol suite.
3.7.2. Assigning names to devices 3.7.2. Assigning names to devices
Given the large number of devices that may be networked in the Given the large number of devices that may be networked in the
future, devices should have a means to generate their own unique future, devices should have a means to generate their own unique
names within a homenet, and to detect clashes should they arise, e.g. names within a homenet, and to detect clashes should they arise, e.g.
where two devices of the same type are deployed with the same default where two devices of the same type are deployed with the same default
name, or where two running network elements are suddenly joined. name, or where two running network elements are suddenly joined.
Users will also want simple ways to (re)name devices, again most Users will also want simple ways to (re)name devices, again most
skipping to change at page 30, line 27 skipping to change at page 31, line 10
expected that the default case is that a homenet will use a global expected that the default case is that a homenet will use a global
domain provided by the ISP, but users wishing to use a name space domain provided by the ISP, but users wishing to use a name space
that is independent of their provider in the longer term may seek that is independent of their provider in the longer term may seek
their own domain name. Examples of provider name space delegation their own domain name. Examples of provider name space delegation
approaches are described in [I-D.mglt-homenet-naming-delegation] and approaches are described in [I-D.mglt-homenet-naming-delegation] and
[I-D.mglt-homenet-front-end-naming-delegation]. For users wanting to [I-D.mglt-homenet-front-end-naming-delegation]. For users wanting to
use their own independent domain names, such services are already use their own independent domain names, such services are already
available. available.
If however a global name space is not available, the homenet will If however a global name space is not available, the homenet will
need to uck and tse a local name space, which would only have meaning need to pick and use a local name space, which would only have
within the local homenet (i.e. it would not be used for remote access meaning within the local homenet (i.e. it would not be used for
to the homenet). The .local name space has a special meaning for remote access to the homenet). The .local name space has a special
certain existing protocols which have link-local scope, and is thus meaning for certain existing protocols which have link-local scope,
not appropriate for multi-subnet home networks. A differently named and is thus not appropriate for multi-subnet home networks. A
name space is thus required for the homenet. differently named name space is thus required for the homenet.
One approach for picking a local name space is to use an Ambiguous One approach for picking a local name space is to use an Ambiguous
Local Qualified Domain Name (ALQDN) space, such as .sitelocal (or an Local Qualified Domain Name (ALQDN) space, such as .sitelocal (or an
appropriate name reserved for the purpose). While this is a simple appropriate name reserved for the purpose). While this is a simple
approach, there is the potential for devices that are bookmarked approach, there is the potential for devices that are bookmarked
somehow by an application in one homenet to be confused with a device somehow by an application in one homenet to be confused with a device
with the same name in another homenet. with the same name in another homenet.
An alternative approach for local name space would be to use a Unique An alternative approach for local name space would be to use a Unique
Locally Qualified Domain Name (ULQDN) space such as Locally Qualified Domain Name (ULQDN) space such as
skipping to change at page 32, line 34 skipping to change at page 33, line 18
(details to-be-defined) means of automated delegation populate a (details to-be-defined) means of automated delegation populate a
global DNS zone. global DNS zone.
To protect against attacks such as cache poisoning, it is desirable To protect against attacks such as cache poisoning, it is desirable
to support appropriate name service security methods, including to support appropriate name service security methods, including
DNSSEC. DNSSEC.
The impact of a change in CER must be considered. It would be The impact of a change in CER must be considered. It would be
desirable to retain any relevant state (configuration) that was held desirable to retain any relevant state (configuration) that was held
in the old CER. This might imply that state information should be in the old CER. This might imply that state information should be
distributed in the homenet, to be recoverable by/to the new CER. distributed in the homenet, to be recoverable by/to the new CER, or
to the homenet's ISP or a third party service by some means.
3.7.5. Independent operation 3.7.5. Independent operation
Name resolution and service discovery for reachable devices must Name resolution and service discovery for reachable devices must
continue to function if the local network is disconnected from the continue to function if the local network is disconnected from the
global Internet, e.g. a local media server should still be available global Internet, e.g. a local media server should still be available
even if the Internet link is down for an extended period. This even if the Internet link is down for an extended period. This
implies the local network should also be able to perform a complete implies the local network should also be able to perform a complete
restart in the absence of external connectivity, and have local restart in the absence of external connectivity, and have local
naming and service discovery operate correctly. naming and service discovery operate correctly.
The approach described above of a local authoritative name service The approach described above of a local authoritative name service
with a cache would allow local operation for sustained ISP outages. with a cache would allow local operation for sustained ISP outages.
Having an independent local trust anchor is desirable, to support Having an independent local trust anchor is desirable, to support
secure exchanges should external connectivity be unavailable. secure exchanges should external connectivity be unavailable.
A change in ISP should should not affect local naming and service A change in ISP should not affect local naming and service discovery.
discovery. However, if the homenet uses a global name space provided However, if the homenet uses a global name space provided by the ISP,
by the ISP, then this will obviously have an impact if the user then this will obviously have an impact if the user changes their
changes their network provider. network provider.
3.7.6. Considerations for LLNs 3.7.6. Considerations for LLNs
In some parts of the homenet, in particular LLNs, devices may be In some parts of the homenet, in particular LLNs, devices may be
sleeping, in which case a proxy for such nodes may be required, that sleeping, in which case a proxy for such nodes may be required, that
can respond (for example) to multicast service discovery requests. can respond (for example) to multicast service discovery requests.
Those same parts of the network may have less capacity for multicast Those same parts of the network may have less capacity for multicast
traffic that may be flooded from other parts of the network. In traffic that may be flooded from other parts of the network. In
general, message utilisation should be efficient considering the general, message utilisation should be efficient considering the
network technologies the service may need to operate over. network technologies the service may need to operate over.
There are efforts underway to determine naming and dicovery solutions There are efforts underway to determine naming and discovery
for use by the Constrained Application Protocol (CoAP) in LLN solutions for use by the Constrained Application Protocol (CoAP) in
networks. These are outside the scope of this document. LLN networks. These are outside the scope of this document.
3.7.7. DNS resolver discovery 3.7.7. DNS resolver discovery
Automatic discovery of a name service to allow client devices in the Automatic discovery of a name service to allow client devices in the
homenet to resolve external domains on the Internet is required, and homenet to resolve external domains on the Internet is required, and
such discovery must support clients that may be a number of router such discovery must support clients that may be a number of router
hops away from the name service. hops away from the name service. Similarly the search domains for
local FQDN-derived zones should be included.
3.8. Other Considerations 3.8. Other Considerations
This section discusses some other considerations for home networking This section discusses some other considerations for home networking
that may affect the architecture. that may affect the architecture.
3.8.1. Proxy or Extend? 3.8.1. Proxy or Extend?
There are two broad choices for allowing services that would There are two broad choices for allowing services that would
otherwise be link-local to work across a homenet site. In the otherwise be link-local to work across a homenet site, i.e. to extend
example of service discovery, one is to take protocols like mDNS and the protocol to work across the scope of a subnet directly, or to
have them run over site multicast within the homenet, as described in proxy the link-local protocol between subnets. It may also in some
the Extended mDNS proposal (xmDNS) [I-D.lynn-homenet-site-mdns]. cases be appropriate to use a different protocol instead, in which
This is fine if all hosts support the extension, and the scope within case that protocol should preferably be a proven, existing protocol.
any internal borders is well-understood. But it's not backwards-
compatible with existing link-local protocols. The alternative is to In the example of service discovery, one option is to take protocols
proxy service discovery across subnets to propagate it. This is more like mDNS and have them run over site multicast within the homenet,
complex, but is backwards-compatible. It would need to work with as described in the Extended mDNS proposal (xmDNS)
IPv6, and dual-stack. [I-D.lynn-homenet-site-mdns]. This is fine if all hosts support the
extension, and the scope within any internal borders is well-
understood. But it's not backwards-compatible with existing link-
local protocols. An alternative is to proxy service discovery across
subnets to propagate it. This is more complex, but is backwards-
compatible. It would need to work with IPv6, and dual-stack.
The homenet architecture proposes that any existing protocols that The homenet architecture proposes that any existing protocols that
are designed to only work within a subnet should be extended to work are designed to only work within a subnet should be extended to work
across subnets, rather than defining proxy capabilities for each of across subnets, rather than defining proxy capabilities for each of
those functions. However, while it is desirable to extend protocols those functions. However, while it is desirable to extend protocols
to site scope operation rather than providing proxy functions on to site scope operation rather than providing proxy functions on
subnet boundaries, the reality is that until all hosts can use site- subnet boundaries, the reality is that until all hosts can use site-
scope discovery protocols, existing link-local protocols would need scope discovery protocols, existing link-local protocols would need
to be proxied anyway. to be proxied anyway.
skipping to change at page 40, line 11 skipping to change at page 41, line 5
Michael Richardson, Barbara Stark, Sander Steffann, Don Sturek, Dave Michael Richardson, Barbara Stark, Sander Steffann, Don Sturek, Dave
Taht, Dave Thaler, Michael Thomas, Mark Townsley, JP Vasseur, Curtis Taht, Dave Thaler, Michael Thomas, Mark Townsley, JP Vasseur, Curtis
Villamizar, Dan Wing, Russ White, and James Woodyatt for their Villamizar, Dan Wing, Russ White, and James Woodyatt for their
comments and contributions within homenet WG meetings and on the WG comments and contributions within homenet WG meetings and on the WG
mailing list. mailing list.
Appendix B. Changes Appendix B. Changes
This section will be removed in the final version of the text. This section will be removed in the final version of the text.
B.1. Version 05 B.1. Version 06
Changes made include:
o Stated that unmanaged goal is 'as far as possible'.
o Added note about multiple /48 ULAs potentially being in use.
o Minor edits from list feedback.
B.2. Version 05
Changes made include: Changes made include:
o Some significant changes to naming and SD section. o Some significant changes to naming and SD section.
o Removed some expired drafts. o Removed some expired drafts.
o Added notes about issues caused by ISP only delegating a /64. o Added notes about issues caused by ISP only delegating a /64.
o Recommended against using prefixes longer than /64. o Recommended against using prefixes longer than /64.
o Suggested CPE asks for /48 by DHCP-PD, even if it only receives o Suggested CER asks for /48 by DHCP-PD, even if it only receives
less. less.
o Added note about DS-Lite but emphasised transition is out of o Added note about DS-Lite but emphasised transition is out of
scope. scope.
o Added text about multicast routing. o Added text about multicast routing.
B.2. Version 04 B.3. Version 04
Changes made include: Changes made include:
o Moved border section from IPv6 differences to principles section. o Moved border section from IPv6 differences to principles section.
o Restructured principles into areas. o Restructured principles into areas.
o Added summary of naming and service discovery discussion from WG o Added summary of naming and service discovery discussion from WG
list. list.
B.3. Version 03 B.4. Version 03
Changes made include: Changes made include:
o Various improvements to the readability. o Various improvements to the readability.
o Removed bullet lists of requirements, as requested by chair. o Removed bullet lists of requirements, as requested by chair.
o Noted 6204bis has replaced advanced-cpe draft. o Noted 6204bis has replaced advanced-cpe draft.
o Clarified the topology examples are just that. o Clarified the topology examples are just that.
skipping to change at page 42, line 11 skipping to change at page 43, line 13
the homenet. the homenet.
o Added some ISPs renumber due to privacy laws. o Added some ISPs renumber due to privacy laws.
o Removed extra repeated references to Simple Security. o Removed extra repeated references to Simple Security.
o Removed some solution creep on RIOs/RAs. o Removed some solution creep on RIOs/RAs.
o Load-balancing scenario added as to be supported. o Load-balancing scenario added as to be supported.
B.4. Version 02 B.5. Version 02
Changes made include: Changes made include:
o Made the IPv6 implications section briefer. o Made the IPv6 implications section briefer.
o Changed Network Models section to describe properties of the o Changed Network Models section to describe properties of the
homenet with illustrative examples, rather than implying the homenet with illustrative examples, rather than implying the
number of models was fixed to the six shown in 01. number of models was fixed to the six shown in 01.
o Text to state multihoming support focused on single CER model. o Text to state multihoming support focused on single CER model.
 End of changes. 54 change blocks. 
129 lines changed or deleted 189 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/