idnits 2.17.1 draft-ietf-ngtrans-dstm-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == Mismatching filename: the document gives the document name as 'draft-ietf-ngtrans-dstm-02', but the file name used is 'draft-ietf-ngtrans-dstm-03' == No 'Intended status' indicated for this document; assuming Proposed Standard == It seems as if not all pages are separated by form feeds - found 0 form feeds but 20 pages Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 16 instances of too long lines in the document, the longest one being 7 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 472 has weird spacing: '... status zer...' == Line 494 has weird spacing: '... status zer...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: When the client requests an IPv4 address from the DHCPv6 Server the TEP field MUST not be present in the IPv4 Address Extension. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: The Client MUST not assume it can use the IPv4 Address until it has received a corresponding Reply to the Client Request. == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: The Client MUST not update the DNS with this new address. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '1' is defined on line 684, but no explicit reference was found in the text == Unused Reference: '2' is defined on line 687, but no explicit reference was found in the text == Unused Reference: '6' is defined on line 702, but no explicit reference was found in the text == Unused Reference: '7' is defined on line 705, but no explicit reference was found in the text == Unused Reference: '12' is defined on line 726, but no explicit reference was found in the text == Unused Reference: '14' is defined on line 732, but no explicit reference was found in the text == Unused Reference: '17' is defined on line 741, but no explicit reference was found in the text == Unused Reference: '18' is defined on line 744, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2460 (ref. '3') (Obsoleted by RFC 8200) == Outdated reference: A later version (-28) exists of draft-ietf-dhc-dhcpv6-15 -- No information found for draft-ietf-dhc-dhcpv6ext - is the name correct? -- Possible downref: Normative reference to a draft: ref. '5' -- Possible downref: Non-RFC (?) normative reference: ref. '7' ** Obsolete normative reference: RFC 2406 (ref. '8') (Obsoleted by RFC 4303, RFC 4305) ** Obsolete normative reference: RFC 2065 (ref. '10') (Obsoleted by RFC 2535) ** Obsolete normative reference: RFC 2137 (ref. '11') (Obsoleted by RFC 3007) ** Downref: Normative reference to an Informational RFC: RFC 2185 (ref. '12') ** Obsolete normative reference: RFC 2765 (ref. '14') (Obsoleted by RFC 6145) ** Obsolete normative reference: RFC 2893 (ref. '15') (Obsoleted by RFC 4213) ** Downref: Normative reference to an Historic RFC: RFC 2874 (ref. '18') ** Obsolete normative reference: RFC 2462 (ref. '19') (Obsoleted by RFC 4862) ** Obsolete normative reference: RFC 2373 (ref. '20') (Obsoleted by RFC 3513) Summary: 15 errors (**), 0 flaws (~~), 18 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 INTERNET-DRAFT Jim Bound 2 NGTRANS Working Group Compaq 3 Obsoletes draft-ietf-ngtrans-dstm-02.txt Laurent Toutain 4 Expires March 2001 Francis Dupont 5 ENST Bretagne 6 Hossam Afifi 7 INT 8 Alain Durand 9 Sun Microsystems 11 Dual Stack Transition Mechanism (DSTM) 13 15 Status of this Memo 17 This document is an Internet-Draft and is in full conformance with 18 all provisions of Section 10 of RFC2026. 20 Internet-Drafts are working documents of the Internet Engineering 21 Task Force (IETF), its areas, and its working groups. Note that 22 other groups may also distribute working documents as Internet- 23 Drafts. 25 Internet-Drafts are draft documents valid for a maximum of six months 26 and may be updated, replaced, or obsoleted by other documents at any 27 time. It is inappropriate to use Internet- Drafts as reference 28 material or to cite them other than as "work in progress." 30 The list of current Internet-Drafts can be accessed at 31 http://www.ietf.org/ietf/1id-abstracts.txt 33 The list of Internet-Draft Shadow Directories can be accessed at 34 http://www.ietf.org/shadow.html. 36 To view the entire list of current Internet-Drafts, please check the 37 "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow 38 Directories on ftp.is.co.za (Africa), ftp.nordu.net (Europe), 39 munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast), or 40 ftp.isi.edu (US West Coast). 42 Distribution of this memo is unlimited. 44 Abstract 46 The initial deployment of IPv6 will require a tightly coupled use of 47 IPv4 addresses to support the interoperation of IPv6 and IPv4, within 48 an IPv6 Network. Nodes will still need to communicate with IPv4 49 nodes that do not have a dual IP layer supporting both IPv4 and IPv6. 50 The Dual Stack Transition Mechanism (DSTM) provides a method to 51 assign temporary Global IPv4 Addresses to IPv6/IPv4 nodes over a 52 native IPv6 Network, use of dynamic tunnels within an IPv6 Network to 53 carry IPv4 traffic, and a defined set of processes and architecture 54 for the supporting infrastructure required for this transition 55 mechanism. 57 Table of Contents: 59 1. Introduction.................................................4 60 2. Terminology..................................................5 61 2.1 IPv6 DSTM Terminology.......................................5 62 2.2 Specification Language......................................5 63 3. DSTM Overview and Assumptions................................6 64 4. DSTM Deployment Example......................................9 65 4.1 DSTM Client/Server Example ................................10 66 5 DTI Architecture.............................................10 67 5.1 Assignment of the IPv4 address to the DTI..................11 68 5.2 DTI Encapsulation of IPv4 packets..........................11 69 5.3 DTI IPv6 destination address...............................11 70 6. DHCPv6 Requirements.........................................12 71 6.1 DHCPv6 Global IPv4 Address Extension.......................12 72 6.1.1 Client Request of IPv4 Global Address....................12 73 6.1.2 Server Reply of IPv4 Global Address Extension............13 74 6.1.3 Client Processing of IPv4 Address Extension..............14 75 6.2 Server Processing of an IPv4 Address Extension.............14 76 6.3 Client Processing of an IPv4 Address Extension.............15 77 7. Applicability Statement.....................................16 78 8. Security Considerations.....................................16 79 Changes from draft 02 to draft 03..............................17 80 Changes from draft 01 to draft 02..............................17 81 Changes from draft 00 to draft 01..............................17 82 Acknowledgments................................................18 83 References.....................................................18 84 1. Introduction 86 The initial deployment of IPv6 will require a tightly coupled use of 87 IPv4 addresses to support the interoperation of IPv6 and IPv4, within an 88 IPv6 Network. Nodes will still need to communicate with IPv4 nodes that 89 do not have a dual IP layer supporting both IPv4 and IPv6. The Dual 90 Stack Transition Mechanism (DSTM) provides a method to assign temporary 91 Global IPv4 Addresses to IPv6/IPv4 nodes over a native IPv6 Network, use 92 of dynamic tunnels within an IPv6 Network to carry IPv4 traffic, and a 93 defined set of processes and architecture for the supporting 94 infrastructure required for this transition mechanism. 96 The DSTM assigns, when needed an IPv4 address to a dual IP layer node. 97 This will allow either IPv6 nodes to communicate with IPv4-only nodes, 98 or for IPv4-only applications to run without modification on an IPv6 99 nodes. This allocation mechanism is coupled with the ability to perform 100 dynamic tunneling of an IPv4 packet inside an IPv6 packet, to suppress 101 the exposure of IPv4 native packets within a DSTM domain of an IPv6 102 network. This will simplify the network management of IPv6 deployment, 103 since routers need only IPv6 routing tables to move IPv4 packets across 104 an IPv6 network. This means that network managers do not need an IPv4 105 routing plan for DSTM. 107 DSTM is targeted to help the interoperation of IPv6 newly deployed 108 networks with existing IPv4 networks. DSTM assumes that a user will 109 deploy an IPv6 network to reduce the need and reliability on IPv4 within 110 a portion of their network. In addition the IPv4 globally routable 111 address space available to the network is a scarce resource, and the 112 user does not want to deploy DHCPv4[16] to assign temporary IPv4 113 addresses to IPv6 nodes, and would rather require those nodes to use 114 IPv6 to obtain or be given the IPv4 temporary addresses from DHCPv6. 115 Also, to begin to reduce the IPv4 applications a user has to support and 116 to obtain a temporary IPv6 IPv4-Mapped Address (see Section 6), the 117 client only has to run a DHCPv6 client process with the DTI mechanisms 118 in this specification. 120 The DSTM architecture is composed of a DHCPv6 server, that provides for 121 the assignment of IPv4 Global Addresses to IPv6 Hosts. The DHCPv6 122 server will allocate temporary IPv4 Global Addresses to IPv6 nodes. The 123 DHCPv6 server will also be used to maintain the mapping between the 124 allocated IPv4 address and the permanent IPv6 address of the node. Each 125 IPv6 DSTM will have an IPv4 interface called the Dynamic Tunneling 126 Interface (DTI) designed to encapsulate IPv4 packets into IPv6 packets. 127 Also a DSTM daemon exists working with a DHCPv6 client to resolve the 128 address space mechanics, between IPv4 and IPv6. 130 The specification will begin by defining the terminology (section 2), 131 then section 3 provides a technical overview of the DSTM methodology as 132 a transition mechanism. Then in section 4 we provide a DSTM example. 133 Section 5 describes the DTI Architecture and Section 6 discusses the 134 DHCPv6 extension requirements. Section 7 provides the DSTM 135 Applicability Statement. 137 2. Terminology 139 2.1 IPv6 DSTM Terminology 141 DSTM Domain The network areas on an Intranet where a 142 DHCPv6 Server has access to IPv6 nodes participating 143 in DSTM for that network, and IPv4 routing access 144 is not necessary within a DSTM domain. 146 DSTM Border Router A border router within a DSTM domain and 147 access to an external IPv4-ONLY domain. 149 DSTM Host A Host that supports a dual IP layer IPv4 150 and IPv6 stack, DTI, and a DHCPv6 Client 151 process. 153 IPv6 Protocol Terms: See [3] 155 IPv6 Transition Terms: See [15] 157 DHCPv6 Terms: See [4,5] 159 DTI: Dynamic Tunneling Interface. An interface 160 encapsulating IPv4 packets into IPv6 packets. 162 IPv4 Global Address: An IPv4 address that is globally routable on 163 the Internet. 165 Tunnel End Point (TEP) Destination of the IPv6 packet containing an 166 IPv4 packet. In most cases this will be 167 a dual stack border router. 169 2.2 Specification Language 171 In this document, several words are used to signify the requirements 172 of the specification, in accordance with RFC 2119 [9]. These words 173 are often capitalized. 175 MUST This word, or the adjective "required", means that 176 the definition is an absolute requirement of the 177 specification. 179 MUST NOT This phrase means that the definition is an absolute 180 prohibition of the specification. 182 SHOULD This word, or the adjective "recommended", means 183 that there may exist valid reasons in particular 184 circumstances to ignore this item, but the full 185 implications must be understood and carefully 186 weighed before choosing a different course. 187 Unexpected results may result otherwise. 189 MAY This word, or the adjective "optional", means that 190 this item is one of an allowed set of alternatives. 191 An implementation which does not include this option 192 MUST be prepared to interoperate with another 193 implementation which does include the option. 195 silently discard 196 The implementation discards the packet without 197 further processing, and without indicating an error 198 to the sender. The implementation SHOULD provide 199 the capability of logging the error, including the 200 contents of the discarded packet, and SHOULD record 201 the event in a statistics counter. 203 3. DSTM Overview and Assumptions 205 DSTM as discussed in the introduction is a method which uses existing 206 protocols. DSTM does not specify a protocol. However, DSTM defines a 207 new DHCPv6 Extension for transition. 209 The motivation for DSTM is to provide IPv6 nodes a means to acquire an 210 IPv4 Global Address, for communications with IPv4-only nodes or IPv4 211 applications. 213 The core assumption within this mechanism is that it is totally 214 transparent to applications, which can continue to work with IPv4 215 addresses. It is also transparent to the network which carry only IPv6 216 packets. It is the authors viewpoint that the user in this case, has 217 deployed IPv6 to support end to end computing, without translation. 218 This aspect is fundamental during a transition process to guarantee that 219 every existing application will continue to work (e.g. IPsec, H.323), 220 which embed IPv4 addresses in the payload of a packet. 222 The DSTM model and assumptions are as follows: 224 - The DSTM domain is within an Intranet not on the Internet. 226 - IPv6 nodes do not maintain IPv4 addresses except on a temporary basis, 227 to communicate with IPv4-only and IPv4 Applications. 229 - Standard DHCPv6 is used to support the extension to provide 230 and accept from DHCPv6 Servers Global IPv4 Addresses. 232 - The DSTM domain for the IPv6 nodes will keep IPv4 routing 233 tables to a minimum and use IPv6 routing, hence, reducing 234 the network management required for IPv4 during transition. 236 - Once IPv6 nodes have obtained IPv4 addresses Dynamic Tunneling is 237 used to encapsulate the IPv4 packet within IPv6 and then forward 238 that packet to an IPv6 TEP, where the packet will be decapulated and 239 forwarded using IPv4. DHCPv6 is used to provide TEPs to IPv6 nodes 240 supporting DTI, as part of the new DHCPv6 Extension. 242 - Existing IPv4 applications or nodes do not have to be modified to 243 communicate with DSTM. 245 - Implementation defined software will have to exist to support DSTM: 247 o Ability within a DHCPv6 Server implementation to maintain 248 configuration information about TEPs for encapsulating IPv4 249 packets between IPv6 nodes that can forward IPv4 packets to an 250 IPv4 routing realm, and to maintain a pool of Global IPv4 251 Addresses. 253 o Software within an IPv6 node to support the dynamic tunneling 254 mechanisms in this specification to encapsulate IPv4 packets 255 within IPv6 on an IPv6 node. In addition 256 a daemon must exist to access a DHCPv6 client for Global IPv4 257 Mapped Addresses and TEPs. How this daemon communicates with 258 a DHCPv6 Client implementation is implementation defined, and 259 left as an exercise for implementors of this transition 260 mechanism. 262 o Software in DSTM Border Routers to recall or be able to cache 263 the association of IPv6 and IPv4 addresses of nodes during 264 decapsulation and encapsulation. 266 A simplistic overview of DSTM is as follows: 268 ----------------------------------------------- 269 | IPv4 Internet or Intranet 270 DSTM Domain Intranet | IPv4 Applications 271 | Domain 272 _____________________ | 273 | | | 274 | DHCPv6 Server | | 275 |_____________________| | 276 ^ | 277 | | 278 __________________ | _|_______ 279 | | | | | 280 | IPv6/IPv4 Node | | | DSTM | 281 |------------------| | | Border | 282 | DSTM Daemon | | | Router | 283 | DHCPv6 client |<------- | IPv6 | 284 |------------------| | & | 285 | DTI/Route |<-------------------->| IPv4 | 286 ------------------- --------- 287 | 288 ---------------------------------------------- 290 For an IPv6 node to participate in DSTM it MUST have a dual IP layer, 291 supporting both an IPv4 and an IPv6 stack. DSTM is not a solution for 292 IPv6 ONLY nodes. 294 4. DSTM Deployment Example 296 In the example below, the following notation will be used: 298 X will designate an IPv6 node with a dual stack, X6 will be the IPv6 299 address of this node and X4 the IPv4 address 300 Y will designate a DSTM border router at the boundary between an 301 IPv6 DSTM domain and an IPv4-only domain. 302 Z will designate an IPv4-only node and Z4 its address. 303 ==> means an IPv6 packet 304 --> means an IPv4 packet 305 ++> means a tunneled IPv4 packet is encapsulated in an IPv6 packet 306 ..> means a DNS query or response. The path taken by this 307 packet does not matter in the examples 308 "a" means the DNS name of a node 310 4.1 DSTM Client/Server Example 312 This example describes the case where an application (either compiled 313 for the IPv6 or IPv4 API) running on an IPv6 node (X6) wants to 314 establish a session with an IPv4 application on an IPv4-only node (Z4). 316 The IPv6 node is configured with the IPv6 address of a TEP, where an 317 IPv4 encapsulated packet will be sent. 319 The IPv4 routing table of node X is configured to send IPv4 packets to 320 the DTI interface. 322 DHCPv6 323 DNS 324 X6 Y6/Y4 Z4 325 | | | 326 |. . . . . . . .> Z | - X6 asks the DNS for the A RR for "Z" 327 |<. . . . . . . . Z4 | - the answer is Z4 328 | | | 329 | | | - The application sends its first IPv4 330 | | | packet which arrives to the DTI interface 331 | | | (If the application is compiled for IPv6 332 | | | this can be done through an IPv4-mapped 333 | | | address). 334 | | | 335 | | | - X6 needs an IPv4 address (first use) 336 |====> | | - X6 queries the DHCPv6 server for an 337 | | | IPv4 address using DHCPv6 338 |<==== | | - The DHCPv6 server locates the client 339 | | | and provides a temporary IPv4 340 | | | global address. 341 |+++++++++++>| | - The DTI sends the IPv6 packet to the 342 | | | TEP. 343 | |----------->| - Y sends the packet to the destination Z4 344 | | | - Y caches the association between 345 | | | the IPv4 and IPv6 addresses of X. 347 When Z responds the packet returns back through Y. Y having cached the 348 association between the IPv4 and the IPv6 address of X, is able to send 349 the packet encapsulating the IPv4 packet within IPv6 back to X. 351 5 DTI Architecture 353 In the absence of an IPv4 routing infrastructure, a DSTM node can not 354 directly send IPv4 packets on the network. It has to encapsulate them 355 into IPv6 packets and send them to a tunnel end point (TEP) that will 356 decapsulate them and inject them in the IPv4 network. 358 On a DSTM node, this encapsulation is done by the DTI interface. An 359 IPv4 packet can be directed to that interface by an IPv4 routing table 360 entry. 362 The exact details of the DTI interface and the associated routing table 363 entries are implementation dependant. 365 5.1 Assignment of the IPv4 address to the DTI 367 When the DTI interface is activated, an IPv4 address is not given to 368 that interface. When it has to send the first IPv4 packet, a request is 369 sent to the DHCPv6 client. The DHCPv6 client will send a DHCPv6 request 370 to the DHCPv6 server to get the temporary IPv4 Global Address and a TEP. 372 An IPv6 node can know it needs an IPv4 address if the DNS resolver on 373 the node knows that the destination address will be an IPv4 address. 375 5.2 DTI Encapsulation of IPv4 packets 377 The next header type for IPv4 encapsulation is 4 (as for IPv4 tunneling 378 over IPv4). When a tunneled packet arrives to the IPv6 destination, the 379 IPv6 header is removed and the packet is processed by the IPv4 layer. 380 The DSTM Border Router SHOULD cache the association between the IPv4 and 381 IPv6 source addresses. The IPv4 packet will then be forwarded by the 382 DSTM border router using the IPv4 infrastructure. 384 The IPv6 source address of an encapsulated packet will be the IPv6 385 address of the interface on which the IPv6 packet will be sent. 387 5.3 DTI IPv6 destination address 389 When a DTI has to encapsulate an IPv4 packet into an IPv6 packet, the 390 DTI has to determine the TEP IPv6 address for the destination. The TEP 391 can be the node destination or, if the destination node is IPv4-only, 392 the IPv6 address of an IPv4/IPv6 DSTM Border Router. 394 The TEP can be either statically configured or dynamically acquired when 395 the IPv6 node acquires an IPv4 Compatible Address from a DHCPv6 Server. 397 The TEP SHOULD be provided by the DHCPv6 server when the DSTM node 398 receives an IPv4-Mapped IPv6 Address (section 6). But, a DSTM node MAY 399 manually configure the TEP during early deployment of IPv6, this will 400 not scale and is not recommended as a long term transition solution. 402 6. DHCPv6 Requirements 404 The DSTM processes will use the DHCPv6 services [4,5] to communicate 405 between the DHCPv6 Server and the DHCPv6 Client. A new extension is 406 required for DHCPv6 to support DSTM. But there are some additional 407 requirements placed on the DSTM processes that are not specific to the 408 DHCPv6 protocol as a transition and interoperation set of mechanisms for 409 the IPv6 node. 411 6.1 DHCPv6 Global IPv4 Address Extension 413 The DHCPv6 IPv4 Address Extension informs a DHCPv6 Server or Client that 414 the IPv6 Address Extension [5] following this extension will contain an 415 IPv4-Mapped IPv6 Address [20] in an IPv6 address extension, or is a 416 Request for an IPv4-Mapped IPv6 Address from a client. The extension 417 can also provide an IPv6 address to be used as the TEP to encapsulate an 418 IPv4 packet within IPv6. 420 This extension can be used with the DHCPv6 Request, Reply, Release, and 421 Reconfigure-Init Messages for cases where a DHCPv6 server wants to 422 assign to clients IPv4-Mapped IPv6 Addresses. 424 0 1 2 3 425 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 426 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 427 | Type | Length | 428 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 429 | Tunnel End Point | 430 | (If Present) | 431 | (16 octets) | 432 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 434 Type: TBD 435 Length: 0 or 16 436 Tunnel End Point: IPv6 Address if Present 438 An IPv4 Global Address Extension MUST only apply to the address 439 extension following it, and not to any additional address extensions in 440 the DHCPv6 protocol. 442 6.1.1 Client Request of IPv4 Global Address 444 When the client requests an IPv4 address from the DHCPv6 Server the TEP 445 field MUST not be present in the IPv4 Address Extension. 447 The IPv6 Address Extension fields as specified in [5] and depicted below 448 for reference MUST be filled in as follows: 450 0 1 2 3 451 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 452 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 453 | Type = 1 | Length | 454 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 455 | status |C|I|L|Q|A|P| reserved |scope| prefix-len | 456 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 457 | (if present) | 458 | IP address (16 octets) | 459 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 460 | (if present) preferred lifetime (4 octets) | 461 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 462 | (if present) valid lifetime (4 octets) | 463 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 464 | (if present) DNS name (variable length) ... 465 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 467 Type 1 469 Length (unsigned integer, variable) The length of the Extension 470 in Octets. 472 status zero 474 bits C-P not set 476 scope zero 478 prefix-len zero 480 All other fields are not present. 482 6.1.2 Server Reply of IPv4 Global Address Extension 484 The server will reply to the client with an IPv4 Address Extension, that 485 can contain an IPv6 Address Tunnel End Point. 487 The server will fill in the IPv6 Address Extension depicted in 6.1.1 as 488 follows: 490 Type 1 491 Length (unsigned integer, variable) The length of the Extension 492 in Octets. 494 status zero unless the server could not provide the address 495 then the status will be set as defined in [5]. 497 bits C set 498 I not set 499 L set 500 Q-P not set 502 scope zero 504 prefix-len zero 506 IP Address IPv4-Mapped IPv6 Address 508 Preferred Lifetime Present 510 Valid Lifetime Present 512 DNS Name Not Present 514 6.1.3 Client Processing of IPv4 Address Extension 516 The processing of the IPv4 Global Address Extension on the client is 517 implementation defined but here are some guidelines for developers. 519 When processing the IPv6 Address Extension following the IPv4 Global 520 Address Extension, the IP Address provided will be an IPv4-Mapped IPv6 521 Address. A conceptual implementation model would be to add this address 522 to the IPv6 mechanisms that maintain timing procedures for IPv6 523 addresses on the IPv6 stack, and then configure the IPv4 interface for 524 DTI, as a procedure called from the DHCPv6 client. 526 6.2 Server Processing of an IPv4 Address Extension 528 When a DHCPv6 Server receives an IPv4 Global Address Extension it MUST 529 assume that the next extension is a DHCPv6 Request or Release Message; 530 the Client is either Requesting an IPv4 Global Address or Releasing an 531 IPv4 Global Address. If an address is present in either of these 532 messages it will be in the form of an IPv4-Mapped IPv6 Address. 534 A DHCPv6 Server MAY send a Client a Reconfigure-Init message using the 535 IPv4 Global Address Extension to ask the Client to request an IPv4 536 Global Address. The Client will recognize this by processing the IPv4 537 Global Address Extension, as an Extension Request Extension in the 538 Reconfigure-Init message. 540 The Server will know a priori the IPv6 routable address, when sending a 541 Reconfiguration-Init message, of a Client within the Intranet, and may 542 use that address with its own IPv6 address as the transaction binding 543 cache until the DHCPv6 Client/Server protocol processing has completed, 544 if the server supports this optimization. 546 The Server will look in its implementation defined IPv4 Address 547 configuration to determine if a TEP is available for a specific IPv6 548 Address Prefix. If that is the case the Server will put the address for 549 the TEP in the IPv4 Address Extension. 551 6.3 Client Processing of an IPv4 Address Extension 553 When the Client supplies an IPv4 Global Address as a Request or Release 554 it MUST represent that address as an IPv4-Mapped IPv6 Address. 556 The Client MUST not assume it can use the IPv4 Address until it has 557 received a corresponding Reply to the Client Request. 559 The Client MUST not update the DNS with this new address. 561 Once the Client is assured it can use the IPv4 Address it can perform 562 the following operations: 564 1. In an implementation defined manner the Client MUST assign the 565 address to an interface, supporting the Client's IPv4 stack 566 implementation. 568 2. In an implementation defined manner the Client MUST create an entry 569 as an IPv4-Mapped IPv6 Address supporting the processing required 570 for an IPv6 address regarding the valid and preferred lifetimes 571 as specified in IPv6 Addrconf [19]. Once the IPv4-Mapped IPv6 572 Address valid lifetime expires the IPv4 address MUST be deleted 573 from the respective interface and a DHCPv6 Release Message 574 MUST be sent to the DHCPv6 Server to delete the IPv4 575 Address from the Servers bindings. 577 3. If a TEP address is provided in the IPv4 578 Address Extension, the Client MUST create a configured tunnel 579 to the TEP address, in an implementation defined 580 manner. These encapsulation mechanisms are defined 581 in other IPv6 specifications [13, 15]. 583 7. Applicability Statement 585 DSTM is applicable for use from within the DSTM Domain to IPv4 nodes or 586 applications on a user Intranet or over the Internet. 588 DSTM's motivation is to support dual IP layer DSTM node to communicate 589 using global IPv4 addresses across an Intranet or Internet, where global 590 addresses are required. But, DSTM has been defined to also permit the 591 use of Private IPv4 address space to permit the Intranet use of DSTM 592 where users require temporary access to IPv4 services within their 593 Intranet. 595 DSTM requires the use of DHCPv6 to obtain IPv4 addresses and TEPs for a 596 DSTM node. Communications between the DSTM Daemon and the DHCPv6 client 597 is implementation defined. The DTI mechanism is also implementation 598 defined. DSTM does permit optionally for DSTM node to manually 599 configure TEPs for DTI for early deployment of DSTM but highly 600 recommends not doing this and configuring DHCPv6 servers with this 601 information is really the way to execute DSTM on an IPv6 Network. 603 DSTM also assumes that all packets returning from an IPv4 node to a DSTM 604 dual IP layer node return through the orginating DSTM Border Router 605 which has cached the association of the DSTM's IPv4+IPv6 addresses. At 606 this time it is beyond the scope of DSTM to permit IPv4 packets destined 607 for DSTM node to return packets through a non-orginating DSTM border 608 router. 610 DSTM also through the new DHCPv6 extension permits Network Operators to 611 inform DSTM Hosts they will need IPv4 addresses for communications using 612 the DHCPv6 Reconfigure-Init message. 614 DSTM as future work can be extended to support multiple border routers 615 for returning IPv4 packets, and for the discovery of DSTM node using 616 IPv4 DNS queries as future work for DSTM. 618 8. Security Considerations 620 The DSTM mechanism can use all the defined security specifications for 621 each functional part of the operation. For DNS the DNS Security 622 Extensions/Update can be used [10, 11], for DHCPv6 the DHCPv6 623 Authentication Message can be used [5], and for communications between 624 the IPv6 node, once it has an IPv4 address, and the remote IPv4 node, 625 IPsec [8] can be used as DSTM does not break secure end-to-end 626 communications at any point in the mechanism. 628 Changes from draft 02 to draft 03 630 1. Working Group Edits 632 Changes from draft 01 to draft 02 634 1. Added futher clarifications to DSTM components. 636 2. Added client/server details for DHCPv6 ngtrans extension. 638 3. Removed optional scenarios to simplify this mechanism. 640 4. Removed AIIH concepts and changed to be DSTM components. 642 5. Add Applicability Statement 644 6. Added acknowledgment section and new coauthors Francis Dupont 645 and Alain Durand. 647 Changes from draft 00 to draft 01 649 1. Added text explaining why the draft does not use DHCPv4 to assign 650 IPv4 compatible addresses to the "Introduction". 652 2. Defined what is mandatory and what is optional and added relative 653 text in various places to clarify this change. And added RFC 654 2119 adjectives to the spec where appropriate. 656 3. Scenario 1 where IPv6 node wants to communicate with IPv4 657 node is mandatory. 659 4. Scenarios 2 and 3 are now optional where an IPv6 node is 660 assigned an IPv4 compatible address because an external 661 IPv4 node is attempting communications with the IPv6 node. 663 5. For scenario 1 DHCPv6 is only needed for DSTM and not the 664 tightly coupled paradigm of a co-existent DHCPv6 and 665 DNS server. Also added mandatory and optional to the 666 DSTM AIIH/NODE/ROUTER Diagram. 668 6. Made Static Tunnel Endpoints mandatory and Dyanmic Tunnel 669 End Points optional. 671 7. Fixed DHCPv6 Reconfigure statements to take into account 672 changes to the Reconfigure message in the DHCPv6 working 673 group, to support AIIH processing. 675 Acknowledgments 677 The authors would like to acknowledge the implementation contributions 678 by Stephane Atheo at ENST Bretagne who has implemented a DSTM prototype 679 on FreeBSD and input to this specification. We would also like to thank 680 the NGTRANS Working Group for their input. 682 References 684 [1] Mockapetris, P., "Domain Names - Concepts and Facilities", STD 685 13, RFC 1034, USC/Information Sciences Institute, November 1987. 687 [2] Mockapetris, P., "Domain Names - Implementation and Specifica- 688 tion", STD 13, RFC 1035, USC/Information Sciences Institute, 689 November 1987. 691 [3] S. Deering and R. Hinden. Internet Protocol, Version 6 (IPv6) 692 Architecture", RFC 2460, December 1998. 694 [4] J. Bound, M. Carney, and C. Perkins. Dynamic Host Configuration 695 Protocol for IPv6. draft-ietf-dhc-dhcpv6-15.txt May 2000 (work 696 in progress). 698 [5] J. Bound, M. Carney, and C Perkins. Extensions for the Dynamic 699 Host Configuration Protocol for IPv6. 700 draft-ietf-dhc-dhcpv6ext-12.txt May 2000. (work in progress). 702 [6] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates 703 to the Domain Name System (DNS). RFC 2136, April 1997. 705 [7] William R. Cheswick and Steven Bellovin. Firewalls and Internet 706 Security. Addison-Wesley, Reading, MA 1994 (ISBN: 707 0-201-63357-4). 709 [8] IPSEC - 710 S. Kent, R. Atkinson. Security Architecture for the Internet 711 Protocol. RFC 2401, November 1998. 712 S. Kent, R. Atkinson. IP Authentication Header. 713 RFC 2402, November 1998. 714 S. Kent, R. Atkinson. IP Encapsulating Security Payload 715 RFC 2406, November 1998. 717 [9] S. Bradner. Key words for use in RFCs to indicate Requirement 718 Levels. RFC 2119, March 1997. 720 [10] D. Eastlake and C. Kaufman. Domain Name System Security 721 Extensions. RFC 2065, January 1997. 723 [11] D. Eastlake. Secure Domain Name System Dynamic Update. 724 RFC 2137, April 1997. 726 [12] R. Callon and D. Haskins. Routing Aspects Of IPv6 Transition 727 RFC 2185, September 1997. 729 [13] A. Conta and S. Deering. Generic Packet Tunneling in IPv6. 730 RFC 2473, December 1998. 732 [14] E. Nordmark. Stateless IP/ICMP Translator (SIIT) 733 RFC 2765, February 2000. 735 [15] R. Gilligan and E. Nordmark. Transition Mechanisms for IPv6 736 Hosts and Routers. RFC 2893, August 2000. 738 [16] R. Droms. Dynamic Host Configuration Protocol. 739 RFC 2131, March 1997. 741 [17] Rekhter, Moskowitz, Karrenburg, Groot. Address Allocation 742 for Private Networks. RFC 1918. February 1996. 744 [18] M. Crawford, C. Huitema. DNS Extensions to Support IPv6 Address 745 Aggregation and Renumbering. RFC 2874, July 2000. 747 [19] Thomson, Narten. IPv6 Stateless Address Configuration. 748 RFC 2462, December 1998. 750 [20] Hinden, Deering. IP Version 6 Addressing Architecture. 751 RFC 2373, July 1998. 753 Authors' Address 755 Jim Bound 756 Compaq Computer Corporation 757 110 Spitbrook Road, ZKO3-3/W20 758 Nashua, NH 03062 759 Phone: +1 603 884 0400 760 Email: bound@zk3.dec.com 762 Laurent Toutain 763 ENST Bretagne 764 BP 78 765 35 512 Cesson 766 Phone : +33 2 99 12 70 26 767 Email : Laurent.Toutain@enst-bretagne.fr 769 Hossam Afifi 770 INT 771 91 011 M-Ivry 772 Phone : +33 1 60 76 40 40 773 Email : Hossam.Afifi@int-evry.fr 775 Francis Dupont 776 ENST Bretagne 777 BP 78 778 35 512 Cesson 779 Phone : +33 2 99 12 70 36 780 Email : Francis.Dupont@enst-bretagne.fr 782 Alain Durand 783 Sun Microsystems 784 901 San Antonio Road 785 UMPK 17-202 786 Palo Alto, CA 94303-4900 787 Tel: +1 650 786 7503 788 Fax: +1 650 786 5896 789 Email: Alain.Durand@sun.com