idnits 2.17.1 draft-ietf-v6ops-design-choices-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 375: '... A router MUST be able to determi...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 13, 2016) is 2721 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-16) exists of draft-ietf-idr-dynamic-cap-14 -- Obsolete informational reference (is this intentional?): RFC 3107 (Obsoleted by RFC 8277) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 V6OPS Working Group P. Matthews 3 Internet-Draft Nokia 4 Intended status: Informational V. Kuarsingh 5 Expires: May 17, 2017 Cisco 6 November 13, 2016 8 Routing-Related Design Choices for IPv6 Networks 9 draft-ietf-v6ops-design-choices-12 11 Abstract 13 This document presents advice on certain routing-related design 14 choices that arise when designing IPv6 networks (both dual-stack and 15 IPv6-only). The intended audience is someone designing an IPv6 16 network who is knowledgeable about best current practices around IPv4 17 network design, and wishes to learn the corresponding practices for 18 IPv6. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on May 17, 2017. 37 Copyright Notice 39 Copyright (c) 2016 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. Design Choices . . . . . . . . . . . . . . . . . . . . . . . 3 56 2.1. Addresses . . . . . . . . . . . . . . . . . . . . . . . . 3 57 2.1.1. Where to Use Addresses . . . . . . . . . . . . . . . 4 58 2.1.2. Which Addresses to Use . . . . . . . . . . . . . . . 6 59 2.2. Interfaces . . . . . . . . . . . . . . . . . . . . . . . 7 60 2.2.1. Mix IPv4 and IPv6 on the Same Layer-3 Interface? . . 7 61 2.3. Static Routes . . . . . . . . . . . . . . . . . . . . . . 8 62 2.3.1. Link-Local Next-Hop in a Static Route? . . . . . . . 8 63 2.4. IGPs . . . . . . . . . . . . . . . . . . . . . . . . . . 9 64 2.4.1. IGP Choice . . . . . . . . . . . . . . . . . . . . . 9 65 2.4.2. IS-IS Topology Mode . . . . . . . . . . . . . . . . . 12 66 2.4.3. RIP / RIPng . . . . . . . . . . . . . . . . . . . . . 13 67 2.5. BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 68 2.5.1. Which Transport for Which Routes? . . . . . . . . . . 14 69 2.5.1.1. BGP Sessions for Unlabeled Routes . . . . . . . . 16 70 2.5.1.2. BGP sessions for Labeled or VPN Routes . . . . . 17 71 2.5.2. eBGP Endpoints: Global or Link-Local Addresses? . . . 18 72 3. General Observations . . . . . . . . . . . . . . . . . . . . 19 73 3.1. Use of Link-Local Addresses . . . . . . . . . . . . . . . 19 74 3.2. Separation of IPv4 and IPv6 . . . . . . . . . . . . . . . 20 75 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 76 5. Security Considerations . . . . . . . . . . . . . . . . . . . 20 77 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 21 78 7. Informative References . . . . . . . . . . . . . . . . . . . 21 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 81 1. Introduction 83 This document discusses routing-related design choices that arise 84 when designing an IPv6-only or dual-stack network. The focus is on 85 choices that do not come up when designing an IPv4-only network. The 86 document presents each choice and the alternatives, and then 87 discusses the pros and cons of the alternatives in detail. Where 88 consensus currently exists around the best practice, this is 89 documented; otherwise the document simply summarizes the current 90 state of the discussion. Thus this document serves to both document 91 the reasoning behind best current practices for IPv6, and to allow a 92 designer to make an informed choice where no such consensus exists. 94 The design choices presented apply to both Service Provider and 95 Enterprise network environments. Where choices have selection 96 criteria which differ between the Service Provider and the Enterprise 97 environment, this is noted. The designer is encouraged to ensure 98 that they familiarize themselves with any of the discussed 99 technologies to ensure the best selection is made for their 100 environment. 102 This document does not present advice on strategies for adding IPv6 103 to a network, nor does it discuss transition in these areas, see 104 [RFC6180] for general advice,[RFC6782] for wireline service 105 providers, [RFC6342]for mobile network providers, [RFC5963] for 106 exchange point operators, [RFC6883] for content providers, and both 107 [RFC4852] and [RFC7381] for enterprises. Nor does this document 108 discuss the particulars of creating an IPv6 addressing plan; for 109 advice in this area, see [RFC5375] or [v6-addressing-plan]. The 110 document focuses on unicast routing design only and does not cover 111 multicast or the issues involved in running MPLS over IPv6 transport 113 Section 2 presents and discusses a number of design choices. 114 Section 3 discusses some general themes that run through these 115 choices. 117 2. Design Choices 119 Each subsection below presents a design choice and discusses the pros 120 and cons of the various options. If there is consensus in the 121 industry for a particular option, then the consensus position is 122 noted. 124 2.1. Addresses 126 This section discusses the choice of addresses for router loopbacks 127 and links between routers. It does not cover the choice of addresses 128 for end hosts. 130 In IPv6, an interface is always assigned a Link-Local Address (LLA) 131 [RFC4291]. The link-local address can only be used for communicating 132 with devices that are on-link, so often one or more additional 133 addresses are assigned which are able to communicate off-link. This 134 additional address or addresses can be one of three types: 136 o Provider-Independent Global Unicast Address (PI GUA): IPv6 address 137 allocated by a regional address registry [RFC4291] 139 o Provider-Aggregatable Global Unicast Address (PA GUA): IPv6 140 Address allocated by your upstream service provider 142 o Unique Local Address (ULA): IPv6 address locally assigned 143 [RFC4193] 145 This document uses the term "multi-hop address" to collectively refer 146 to these three types of addresses. 148 PI GUAs are, for many situations, the most flexible of these choices. 149 Their main disadvantages are that a regional address registry will 150 only allocate them to organizations that meet certain qualifications, 151 and one must pay an annual fee. These disadvantages mean that many 152 smaller organization may not qualify or be willing to pay for these 153 addresses. 155 PA GUAs have the advantage that they are usually provided at no extra 156 charge when you contract with an upstream provider. However, they 157 have the disadvantage that, when switching upstream providers, one 158 must give back the old addresses and get new addresses from the new 159 provider ("renumbering"). Though IPv6 has mechanisms to make 160 renumbering easier than IPv4, these techniques are not generally 161 applicable to routers and renumbering is still fairly hard [RFC5887] 162 [RFC6879] [RFC7010] . PA GUAs also have the disadvantage that it is 163 not easy to have multiple upstream providers ("multi-homing") if they 164 are used (see "Ingress Filtering Problem" in [RFC5220] ). 166 ULAs have the advantage that they are extremely easy to obtain and 167 cost nothing. However, they have the disadvantage that they cannot 168 be routed on the Internet, so must be used only within a limited 169 scope. In many situations, this is not a problem, but in certain 170 situations this can be problematic. Though there is currently no 171 document that describes these situations, many of them are similar to 172 those described in [RFC6752]. See also 173 [I-D.ietf-v6ops-ula-usage-recommendations]. 175 Not discussed in this document is the possibility of using the 176 technology described in [RFC6296] to work around some of the 177 limitations of PA GUAs and ULAs. 179 2.1.1. Where to Use Addresses 181 As mentioned above, all interfaces in IPv6 always have a link-local 182 address. This section addresses the question of when and where to 183 assign multi-hop addresses in addition to the LLA. We consider four 184 options: 186 a. Use only link-local addresses on all router interfaces. 188 b. Assign multi-hop addresses to all link interfaces on each router, 189 and use only a link-local address on the loopback interfaces. 191 c. Assign multi-hop addresses to the loopback interface on each 192 router, and use only a link-local address on all link interfaces. 194 d. Assign multi-hop addresses to both link and loopback interfaces 195 on each router. 197 Option (a) means that the router cannot be reached (ping, management, 198 etc.) from farther than one-hop away. The authors are not aware of 199 anyone using this option. 201 Option (b) means that the loopback interfaces are effectively 202 useless, since link-local addresses cannot be used for the purposes 203 that loopback interfaces are usually used for. So option (b) 204 degenerates into option (d). 206 Thus the real choice comes down to option (c) vs. option (d). 208 Option (c) has two advantages over option (d). The first advantage 209 is ease of configuration. In a network with a large number of links, 210 the operator can just assign one multi-hop address to each router and 211 then enable the IGP, without going through the tedious process of 212 assigning and tracking the addresses on each link. The second 213 advantage is security. Since packets with link-local addresses 214 cannot be should not be routed, it is very difficult to attack the 215 associated nodes from an off-link device. This implies less effort 216 around maintaining security ACLs. 218 Countering these advantages are various disadvantages to option (c) 219 compared with option (d): 221 o It is not possible to ping a link-local-only interface from a 222 device that is not directly attached to the link. Thus, to 223 troubleshoot, one must typically log into a device that is 224 directly attached to the device in question, and execute the ping 225 from there. 227 o A traceroute passing over the link-local-only interface will 228 return the loopback address of the router, rather than the address 229 of the interface itself. 231 o In cases of parallel point to point links it is difficult to 232 determine which of the parallel links was taken when attempting to 233 troubleshoot unless one sends packets directly between the two 234 attached link-locals on the specific interfaces. Since many 235 network problems behave differently for traffic to/from a router 236 than for traffic through the router(s) in question, this can pose 237 a significant hurdle to some troubleshooting scenarios. 239 o On some routers, by default the link-layer address of the 240 interface is derived from the MAC address assigned to interface. 241 When this is done, swapping out the interface hardware (e.g. 243 interface card) will cause the link-layer address to change. In 244 some cases (peering config, ACLs, etc) this may require additional 245 changes. However, many devices allow the link-layer address of an 246 interface to be explicitly configured, which avoids this issue. 247 This problem should fade away over time as more and more routers 248 select interface identifiers according to the rules in [RFC7217]. 250 o The practice of naming router interfaces using DNS names is 251 difficult and not recommended when using link-locals only. More 252 generally, it is not recommended to put link-local addresses into 253 DNS; see [RFC4472]. 255 o It is often not possible to identify the interface or link (in a 256 database, email, etc) by giving just its address without also 257 specifying the link in some manner. 259 It should be noted that it is quite possible for the same link-local 260 address to be assigned to multiple interfaces. This can happen 261 because the MAC address is duplicated (due to manufacturing process 262 defaults or the use of virtualization), because a device deliberately 263 re-uses automatically-assigned link-local addresses on different 264 links, or because an operator manually assigns the same easy-to-type 265 link-local address to multiple interfaces. All these are allowed in 266 IPv6 as long as the addresses are used on different links. 268 For more discussion on the pros and cons, see [RFC7404]. See also 269 [RFC5375] for IPv6 unicast address assignment considerations. 271 Today, most operators use option (d). 273 2.1.2. Which Addresses to Use 275 Having considered above whether or not to use a "multi-hop address", 276 we now consider which of the addresses to use. 278 When selecting between these three "multi-hop address" types, one 279 needs to consider exactly how they will be used. An important 280 consideration is how Internet traffic is carried across the core of 281 the network. There are two main options: (1) the classic approach 282 where Internet traffic is carried as unlabeled traffic hop-by-hop 283 across the network, and (2) the more recent approach where Internet 284 traffic is carried inside an MPLS LSP (typically as part of a L3 285 VPN). 287 Under the classic approach: 289 o PI GUAs are a very reasonable choice, if they are available. 291 o PA GUAs suffer from the "must renumber" and "difficult to multi- 292 home" problems mentioned above. 294 o ULAs suffer from the "may be problematic" issues described above. 296 Under the MPLS approach: 298 o PA GUAs are a reasonable choice, if they are available. 300 o PA GUAs suffer from the "must renumber" problem, but the 301 "difficult to multi-home" problem does not apply. 303 o ULAs are a reasonable choice, since (unlike in the classic 304 approach) these addresses are not visible to the Internet, so the 305 problematic cases do not occur. 307 2.2. Interfaces 309 2.2.1. Mix IPv4 and IPv6 on the Same Layer-3 Interface? 311 If a network is going to carry both IPv4 and IPv6 traffic, as many 312 networks do today, then a question arises: Should an operator mix 313 IPv4 and IPv6 traffic or keep them separated? More specifically, 314 should the design: 316 a. Mix IPv4 and IPv6 traffic on the same layer-3 interface, OR 318 b. Separate IPv4 and IPv6 by using separate interfaces (e.g., two 319 physical links or two VLANs on the same link)? 321 Option (a) implies a single layer-3 interface at each end of the 322 connection with both IPv4 and IPv6 addresses; while option (b) 323 implies two layer-3 interfaces at each end, one for IPv4 addresses 324 and one with IPv6 addresses. 326 The advantages of option (a) include: 328 o Requires only half as many layer 3 interfaces as option (b), thus 329 providing better scaling; 331 o May require fewer physical ports, thus saving money and 332 simplifying operations; 334 o Can make the QoS implementation much easier (for example, rate- 335 limiting the combined IPv4 and IPv6 traffic to or from a 336 customer); 338 o Works well in practice, as any increase in IPv6 traffic is usually 339 counter-balanced by a corresponding decrease in IPv4 traffic to or 340 from the same host (ignoring the common pattern of an overall 341 increase in Internet usage); 343 o And is generally conceptually simpler. 345 For these reasons, there is a relatively strong consensus in the 346 operator community that option (a) is the preferred way to go. Most 347 networks today use option (a) wherever possible. 349 However, there can be times when option (b) is the pragmatic choice. 350 Most commonly, option (b) is used to work around limitations in 351 network equipment. One big example is the generally poor level of 352 support today for individual statistics on IPv4 traffic vs IPv6 353 traffic when option (a) is used. Other, device-specific, limitations 354 exist as well. It is expected that these limitations will go away as 355 support for IPv6 matures, making option (b) less and less attractive 356 until the day that IPv4 is finally turned off. 358 2.3. Static Routes 360 2.3.1. Link-Local Next-Hop in a Static Route? 362 For the most part, the use of static routes in IPv6 parallels their 363 use in IPv4. There is, however, one exception, which revolves around 364 the choice of next-hop address in the static route. Specifically, 365 should an operator: 367 a. Use the far-end's link-local address as the next-hop address, OR 369 b. Use the far-end's GUA/ULA address as the next-hop address? 371 Recall that the IPv6 specs for OSPF [RFC5340] and ISIS [RFC5308] 372 dictate that they always use link-locals for next-hop addresses. For 373 static routes, [RFC4861] section 8 says: 375 A router MUST be able to determine the link-local address for each 376 of its neighboring routers in order to ensure that the target 377 address in a Redirect message identifies the neighbor router by 378 its link-local address. For static routing, this requirement 379 implies that the next-hop router's address should be specified 380 using the link-local address of the router. 382 This implies that using a GUA or ULA as the next hop will prevent a 383 router from sending Redirect messages for packets that "hit" this 384 static route. All this argues for using a link-local as the next-hop 385 address in a static route. 387 However, there are two cases where using a link-local address as the 388 next-hop clearly does not work. One is when the static route is an 389 indirect (or multi-hop) static route. The second is when the static 390 route is redistributed into another routing protocol. In these 391 cases, the above text from RFC 4861 notwithstanding, either a GUA or 392 ULA must be used. 394 Furthermore, many network operators are concerned about the 395 dependency of the default link-local address on an underlying MAC 396 address, as described in the previous section. 398 Today most operators use GUAs as next-hop addresses. 400 2.4. IGPs 402 2.4.1. IGP Choice 404 One of the main decisions for a network operator looking to deploy 405 IPv6 is the choice of IGP (Interior Gateway Protocol) within the 406 network. The main options are OSPF, IS-IS and EIGRP. RIPng is 407 another option, but very few networks run RIP in the core these days, 408 so it is covered in a separate section below. 410 OSPF [RFC2328] [RFC5340] and IS-IS [RFC5120][RFC5120] are both 411 standardized link-state protocols. Both protocols are widely 412 supported by vendors, and both are widely deployed. By contrast, 413 EIGRP [RFC7868] is a Cisco proprietary distance-vector protocol. 414 EIGRP is rarely deployed in service-provider networks, but is quite 415 common in enterprise networks, which is why it is discussed here. 417 It is out of scope for this document to describe all the differences 418 between the three protocols; the interested reader can find books and 419 websites that go into the differences in quite a bit of detail. 420 Rather, this document simply highlights a few differences that can be 421 important to consider when designing IPv6 or dual-stack networks. 423 Versions: There are two versions of OSPF: OSPFv2 and OSPFv3. The two 424 versions share many concepts, are configured in a similar manner and 425 seem very similar to most casual users, but have very different 426 packet formats and other "under the hood" differences. The most 427 important difference is that OSPFv2 will only route IPv4, while 428 OSPFv3 will route both IPv4 and IPv6 (see [RFC5838]). OSPFv2 was by 429 far the most widely deployed version of OSPF when this document was 430 published. By contrast, both IS-IS and EIGRP have just a single 431 version, which can route both IPv4 and IPv6. 433 Transport. IS-IS runs over layer 2 (e.g. Ethernet). This means 434 that the functioning of IS-IS has no dependencies on the IP layer: if 435 there is a problem at the IP layer (e.g. bad addresses), two routers 436 can still exchange IS-IS packets. By contrast, OSPF and EIGRP both 437 run over the IP layer. This means that the IP layer must be 438 configured and working OSPF or EIGRP packets to be exchanged between 439 routers. For EIGRP, the dependency on the IP layer is simple: EIGRP 440 for IPv4 runs over IPv4, while EIGRP for IPv6 runs over IPv6. For 441 OSPF, the story is more complex: OSPFv2 runs over IPv4, but OSPFv3 442 can run over either IPv4 or IPv6. Thus it is possible to route both 443 IPv4 and IPv6 with OSPFv3 running over IPv6 or with OSPFv3 running 444 over IPv4. This means that there are number of choices for how to 445 run OSPF in a dual-stack network: 447 o Use OSPFv2 for routing IPv4 , and OSPFv3 running over IPv6 for 448 routing IPv6, OR 450 o Use OSPFv3 running over IPv6 for routing both IPv4 and IPv6, OR 452 o Use OSPFv3 running over IPv4 for routing both IPv4 and IPv6. 454 Summarization and MPLS: For most casual users, the three protocols 455 are fairly similar in what they can do, with two glaring exceptions: 456 summarization and MPLS. For summarization, both OSPF and IS-IS have 457 the concept of summarization between areas, but the two area concepts 458 are quite different, and an area design that works for one protocol 459 will usually not work for the other. EIGRP has no area concept, but 460 has the ability to summarize at any router. Thus a large network 461 will typically have a very different OSPF, IS-IS and EIGRP designs, 462 which is important to keep in mind if you are planning on using one 463 protocol to route IPv4 and a different protocol for IPv6. The other 464 difference is that OSPF and IS-IS both support RSVP-TE, a widely-used 465 MPLS signaling protocol, while EIGRP does not: this is due to OSPF 466 and IS-IS both being link-state protocols while EIGRP is a distance- 467 vector protocol. 469 The table below sets out possible combinations of protocols to route 470 both IPv4 and IPv6, and makes some observations on each combination. 471 Here "EIGRP-v4" means "EIGRP for IPv4" and similarly for "EIGRP-v6". 472 For OSPFv3, it is possible to run it over either IPv4 or IPv6; this 473 is not indicated in the table. 475 +----------+----------+-------------+----------------+--------------+ 476 | IGP for | IGP for | Protocol | Similar | Multiple | 477 | IPv4 | IPv6 | separation | configuration | Known | 478 | | | | possible | Deployments | 479 +----------+----------+-------------+----------------+--------------+ 480 | | | | | | 481 +----------+----------+-------------+----------------+--------------+ 482 | OSPFv2 | OSPFv3 | YES | YES | YES (8) | 483 +----------+----------+-------------+----------------+--------------+ 484 | OSPFv2 | IS-IS | YES | - | YES (3) | 485 +----------+----------+-------------+----------------+--------------+ 486 | OSPFv2 | EIGRP-v6 | YES | - | - | 487 +----------+----------+-------------+----------------+--------------+ 488 | OSPFv3 | OSPFv3 | NO | YES | - | 489 +----------+----------+-------------+----------------+--------------+ 490 | OSPFv3 | IS-IS | YES | - | - | 491 +----------+----------+-------------+----------------+--------------+ 492 | OSPFv3 | EIGRP-v6 | YES | - | - | 493 +----------+----------+-------------+----------------+--------------+ 494 | IS-IS | OSPFv3 | YES | - | YES (2) | 495 +----------+----------+-------------+----------------+--------------+ 496 | IS-IS | IS-IS | - | YES | YES (12) | 497 +----------+----------+-------------+----------------+--------------+ 498 | IS-IS | EIGRP-v6 | YES | - | - | 499 +----------+----------+-------------+----------------+--------------+ 500 | EIGRP-v4 | OSPFv3 | YES | - | ? (1) | 501 +----------+----------+-------------+----------------+--------------+ 502 | EIGRP-v4 | IS-IS | YES | - | - | 503 +----------+----------+-------------+----------------+--------------+ 504 | EIGRP-v4 | EIGRP-v6 | - | YES | ? (2) | 505 +----------+----------+-------------+----------------+--------------+ 507 In the column "Multiple Known Deployments", a YES indicates that a 508 significant number of production networks run this combination, with 509 the number of such networks indicated in parentheses following, while 510 a "?" indicates that the authors are only aware of one or two small 511 networks that run this combination. Data for this column was 512 gathered from an informal poll of operators on a number of mailing 513 lists. This poll was not intended to be a thorough scientific study 514 of IGP choices, but to provide a snapshot of known operator choices 515 at the time of writing (Mid-2015) for successful production dual 516 stack network deployments. There were twenty six (26) network 517 implementations represented by 17 respondents. Some respondents 518 provided information on more then one network or network deployment. 519 Due to privacy considerations, the networks' represented and 520 respondents are not listed in this document. 522 A number of combinations are marked as offering "Protocol 523 separation". These options use a different IGP protocol for IPv4 vs 524 IPv6. With these options, a problem with routing IPv6 is unlikely to 525 affect IPv4 or visa-versa. Some operator may consider this as a 526 benefit when first introducing dual stack capabilities or for ongoing 527 technical reasons. 529 Three combinations are marked "Similar configuration possible". This 530 means it is possible (but not required) to use very similar IGP 531 configuration for IPv4 and IPv6: for example, the same area 532 boundaries, area numbering, link costing, etc. If you are happy with 533 your IPv4 IGP design, then this will likely be a consideration. By 534 contrast, the options that use, for example, IS-IS for one IP version 535 and OSPF for the other version will require considerably different 536 configuration, and will also require the operations staff to become 537 familiar with the difference between the two protocols. 539 It should be noted that a number of ISPs have run OSPF as their IPv4 540 IGP for quite a few years, but have selected IS-IS as their IPv6 IGP. 541 However, there are very few (none?) that have made the reverse 542 choice. This is, in part, because routers generally support more 543 nodes in an IS-IS area than in the corresponding OSPF area, and 544 because IS-IS is seen as more secure because it runs at layer 2. 546 2.4.2. IS-IS Topology Mode 548 When IS-IS is used to route both IPv4 and IPv6, then there is an 549 additional choice of whether to run IS-IS in single-topology or 550 multi-topology mode. 552 With single-topology mode (also known as Native mode) [RFC5308]: 554 o IS-IS keeps a single link-state database for both IPv4 and IPv6. 556 o There is a single set of link costs which apply to both IPv4 and 557 IPv6. 559 o All links in the network must support both IPv4 and IPv6, as the 560 calculation of routes does not take this into account. If some 561 links do not support IPv6 (or IPv4), then packets may get routed 562 across links where support is lacking and get dropped. This can 563 cause problems if some network devices do not support IPv6 (or 564 IPv4). 566 o It is also important to keep the previous point in mind when 567 adding or removing support for either IPv4 or IPv6. 569 With multi-topology mode [RFC5120]: 571 o IS-IS keeps two link-state databases, one for IPv4 and one for 572 IPv6. 574 o IPv4 and IPv6 can have separate link metrics. Note that most 575 implementations today require separate link metrics: a number of 576 operators have rudely discovered that they have forgotten to 577 configure the IPv6 metric until sometime after deploying IPv6 in 578 multi-topology mode! 580 o Some links can be IPv4-only, some IPv6-only, and some dual-stack. 581 Routes to IPv4 and IPv6 addresses are computed separately and may 582 take different paths even if the addresses are located on the same 583 remote device. 585 o The previous point may help when adding or removing support for 586 either IPv4 or IPv6. 588 In the informal poll of operators, out of 12 production networks that 589 ran IS-IS for both IPv4 and IPv6, 6 used single topology mode, 4 used 590 multi-topology mode, and 2 did not specify. One motivation often 591 cited by then operators for using Single Topology mode was because 592 some device did not support multi-topology mode. 594 When asked, many people feel multi-topology mode is superior to 595 single-topology mode because it provides greater flexibility at 596 minimal extra cost. Never-the-less, as shown by the poll results, a 597 number of operators have used single-topology mode successfully. 599 Note that this issue does not come up with OSPF, since there is 600 nothing that corresponds to IS-IS single-topology mode with OSPF. 602 2.4.3. RIP / RIPng 604 A protocol option not described in the table above is RIP for IPv4 605 and RIPng for IPv6 [RFC2080]. These are distance vector protocols 606 that are almost universally considered to be inferior to OSPF, IS-IS, 607 or EIGRP for general use. 609 However, there is one specialized use where RIP/RIPng is still 610 considered to be appropriate: in star topology networks where a 611 single core device has lots and lots of links to edge devices and 612 each edge device has only a single path back to the core. In such 613 networks, the single path means that the limitations of RIP/RIPng are 614 mostly not relevant and the very light-weight nature of RIP/RIPng 615 gives it an advantage over the other protocols mentioned above. One 616 concrete example of this scenario is the use of RIP/RIPng between 617 cable modems and the CMTS. 619 2.5. BGP 621 2.5.1. Which Transport for Which Routes? 623 BGP these days is multi-protocol. It can carry routes of many 624 different types, or more precisely, many different AFI/SAFI 625 combinations. It can also carry routes when the BGP session, or more 626 accurately the underlying TCP connection, runs over either IPv4 or 627 IPv6 (here referred to as either "IPv4 transport" or "IPv6 628 transport"). Given this flexibility, one of the biggest questions 629 when deploying BGP in a dual-stack network is the question of which 630 route types should be carried over sessions using IPv4 transport and 631 which should be carried over sessions using IPv6 transport. 633 This section discusses this question for the three most-commonly-used 634 SAFI values: unlabeled (SAFI 1), labeled (SAFI 4) and VPN (SAFI 128). 635 Though we do not explicitly discuss other SAFI values, many of the 636 comments here can be applied to the other values. 638 Consider the following table: 640 +----------------+-----------+----------------------------+ 641 | Route Family | Transport | Comments | 642 +----------------+-----------+----------------------------+ 643 | | | | 644 +----------------+-----------+----------------------------+ 645 | Unlabeled IPv4 | IPv4 | Works well | 646 +----------------+-----------+----------------------------+ 647 | Unlabeled IPv4 | IPv6 | Next-hop | 648 +----------------+-----------+----------------------------+ 649 | Unlabeled IPv6 | IPv4 | Next-hop | 650 +----------------+-----------+----------------------------+ 651 | Unlabeled IPv6 | IPv6 | Works well | 652 +----------------+-----------+----------------------------+ 653 | | | | 654 +----------------+-----------+----------------------------+ 655 | Labeled IPv4 | IPv4 | Works well | 656 +----------------+-----------+----------------------------+ 657 | Labeled IPv4 | IPv6 | Next-hop | 658 +----------------+-----------+----------------------------+ 659 | Labeled IPv6 | IPv4 | (6PE) Works well | 660 +----------------+-----------+----------------------------+ 661 | Labeled IPv6 | IPv6 | Next-hop or MPLS over IPv6 | 662 +----------------+-----------+----------------------------+ 663 | | | | 664 +----------------+-----------+----------------------------+ 665 | VPN IPv4 | IPv4 | Works well | 666 +----------------+-----------+----------------------------+ 667 | VPN IPv4 | IPv6 | Next-hop | 668 +----------------+-----------+----------------------------+ 669 | VPN IPv6 | IPv4 | (6VPE) Works well | 670 +----------------+-----------+----------------------------+ 671 | VPN IPv6 | IPv6 | Next-hop or MPLS over IPv6 | 672 +----------------+-----------+----------------------------+ 674 The first column in this table lists various route families, where 675 "unlabeled" means SAFI 1, "labeled" means the routes carry an MPLS 676 label (SAFI 4, see [RFC3107]), and "VPN" means the routes are 677 normally associated with a layer-3 VPN (SAFI 128, see [RFC4364]). 678 The second column lists the protocol used to transport the BGP 679 session, frequently specified by giving either an IPv4 or IPv6 680 address in the "neighbor" statement. 682 The third column comments on the combination in the first two 683 columns: 685 o For combinations marked "Works well", these combinations are 686 standardized, widely supported and widely deployed. 688 o For combinations marked "Next-hop", these combinations are not 689 standardized and are less-widely supported. These combinations 690 all have the "next-hop mismatch" problem: the transported route 691 needs a next-hop address from the other address family than the 692 transport address (for example, an IPv4 route needs an IPv4 next- 693 hop, even when transported over IPv6). Some vendors have 694 implemented ways to solve this problem for specific combinations, 695 but for combinations marked "next-hop", these solutions have not 696 been standardized (cf. 6PE and 6VPE, where the solution has been 697 standardized). 699 o For combinations marked as "Next-hop or MPLS over IPv6", these 700 combinations either require a non-standard solution to the next- 701 hop problem, or require MPLS over IPv6. At the time of writing, 702 MPLS over IPv6 is not widely supported or deployed. 704 Also, it is important to note that changing the set of address 705 families being carried over a BGP session requires the BGP session to 706 be reset (unless something like [I-D.ietf-idr-dynamic-cap] or 707 [I-D.ietf-idr-bgp-multisession] is in use). This is generally more 708 of an issue with eBGP sessions than iBGP sessions: for iBGP sessions 709 it is common practice for a router to have two iBGP sessions, one to 710 each member of a route reflector pair, so one can change the set of 711 address families on first one of the sessions and then the other. 713 The following subsections discuss specific combinations in more 714 detail. 716 2.5.1.1. BGP Sessions for Unlabeled Routes 718 Unlabeled routes are commonly carried on eBGP sessions, as well as on 719 iBGP sessions in networks where Internet traffic is carried unlabeled 720 across the network. 722 In these scenarios, there are three reasonable choices: 724 a. Carry unlabeled IPv4 and IPv6 routes over IPv4, OR 726 b. Carry unlabeled IPv4 and IPv6 routes over IPv6, OR 728 c. Carry unlabeled IPv4 routes over IPv4, and unlabeled IPv6 routes 729 over IPv6 731 Options (a) and (b) have the advantage that one one BGP session is 732 required between pairs of routers. However, option (c) is widely 733 considered to be the best choice. There are several reasons for this 734 : 736 o It gives a clean separation between IPv4 and IPv6. This can be 737 especially useful when first deploying IPv6 and troubleshooting 738 resulting problems. 740 o This avoids the next-hop problem described above. 742 o The status of the routes follows the status of the underlying 743 transport. If, for example, the IPv6 data path between the two 744 BGP speakers fails, then the IPv6 session between the two speakers 745 will fail and the IPv6 routes will be withdrawn, which will allow 746 the traffic to be re-routed elsewhere. By contrast, if the IPv6 747 routes were transported over IPv4, then the failure of the IPv6 748 data path might leave a working IPv4 data path, so the BGP session 749 would remain up and the IPv6 routes would not be withdrawn, and 750 thus the IPv6 traffic would be sent into a black hole. 752 o It avoids resetting the BGP session when adding IPv6 to an 753 existing session, or when removing IPv4 from an existing session. 755 Rarely, there are situations where option (c) is not practical. In 756 those cases today, most operators use option (a), carrying both route 757 types over a single BGP session. 759 2.5.1.2. BGP sessions for Labeled or VPN Routes 761 When carrying labeled or VPN routes, the only widely-supported 762 solution at time of writing is to carry both route types over IPv4. 763 This may change in as MPLS over IPv6 becomes more widely implemented. 765 There are two options when carrying both over IPv4: 767 a. Carry all routes over a single BGP session, OR 769 b. Carry the routes over multiple BGP sessions (e.g. one for VPN 770 IPv4 routes and one for VPN IPv6 routes) 772 Using a single session is usually simplest for an iBGP session going 773 to a route reflector handling both route families. Using a single 774 session here usually means that the BGP session will reset when 775 changing the set of address families, but as noted above, this is 776 usually not a problem when redundant route reflectors are involved. 778 In eBGP situations, two sessions are usually more appropriate. 779 [JUSTIFICATION?] 781 2.5.2. eBGP Endpoints: Global or Link-Local Addresses? 783 When running eBGP over IPv6, there are two options for the addresses 784 to use at each end of the eBGP session (or more properly, the 785 underlying TCP session): 787 a. Use link-local addresses for the eBGP session, OR 789 b. Use global addresses for the eBGP session. 791 Note that the choice here is the addresses to use for the eBGP 792 sessions, and not whether the link itself has global (or unique- 793 local) addresses. In particular, it is quite possible for the eBGP 794 session to use link-local addresses even when the link has global 795 addresses. 797 The big attraction for option (a) is security: an eBGP session using 798 link-local addresses is extremely difficult to attack from a device 799 that is off-link. This provides very strong protection against TCP 800 RST and similar attacks. Though there are other ways to get an 801 equivalent level of security (e.g. GTSM [RFC5082], MD5 [RFC5925], or 802 ACLs), these other ways require additional configuration which can be 803 forgotten or potentially mis-configured. 805 However, there are a number of small disadvantages to using link- 806 local addresses: 808 o Using link-local addresses only works for single-hop eBGP 809 sessions; it does not work for multi-hop sessions. 811 o One must use "next-hop self" at both endpoints, otherwise re- 812 advertising routes learned via eBGP into iBGP will not work. 813 (Some products enable "next-hop self" in this situation 814 automatically). 816 o Operators and their tools are used to referring to eBGP sessions 817 by address only, something that is not possible with link-local 818 addresses. 820 o If one is configuring parallel eBGP sessions for IPv4 and IPv6 821 routes, then using link-local addresses for the IPv6 session 822 introduces extra operational differences between the two sessions 823 which could otherwise be avoided. 825 o On some products, an eBGP session using a link-local address is 826 more complex to configure than a session that uses a global 827 address. 829 o If hardware or other issues cause one to move the cable to a 830 different local interface, then reconfiguration is required at 831 both ends: at the local end because the interface has changed (and 832 with link-local addresses, the interface must always be specified 833 along with the address), and at the remote end because the link- 834 local address has likely changed. (Contrast this with using 835 global addresses, where less re-configuration is required at the 836 local end, and no reconfiguration is required at the remote end). 838 o Finally, a strict application of [RFC2545] forbids running eBGP 839 between link-local addresses, as [RFC2545] requires the BGP next- 840 hop field to contain at least a global address. 842 For these reasons, most operators today choose to have their eBGP 843 sessions use global addresses. 845 3. General Observations 847 There are two themes that run though many of the design choices in 848 this document. This section presents some general discussion on 849 these two themes. 851 3.1. Use of Link-Local Addresses 853 The proper use of link-local addresses is a common theme in the IPv6 854 network design choices. Link-layer addresses are, of course, always 855 present in an IPv6 network, but current network design practice 856 mostly ignores them, despite efforts such as [RFC7404]. 858 There are three main reasons for this current practice: 860 o Network operators are concerned about the volatility of link-local 861 addresses based on MAC addresses, despite the fact that this 862 concern can be overcome by manually-configuring link-local 863 addresses; 865 o It is very difficult to impossible to ping a link-local address 866 from a device that is not on the same subnet. This is a 867 troubleshooting disadvantage, though it can also be viewed as a 868 security advantage. 870 o Most operators are currently running networks that carry both IPv4 871 and IPv6 traffic, and wish to harmonize their IPv4 and IPv6 design 872 and operational practices where possible. 874 3.2. Separation of IPv4 and IPv6 876 Currently, most operators are running or planning to run networks 877 that carry both IPv4 and IPv6 traffic. Hence the question: To what 878 degree should IPv4 and IPv6 be kept separate? As can be seen above, 879 this breaks into two sub-questions: To what degree should IPv4 and 880 IPv6 traffic be kept separate, and to what degree should IPv4 and 881 IPv6 routing information be kept separate? 883 The general consensus around the first question is that IPv4 and IPv6 884 traffic should generally be mixed together. This recommendation is 885 driven by the operational simplicity of mixing the traffic, plus the 886 general observation that the service being offered to the end user is 887 Internet connectivity and most users do not know or care about the 888 differences between IPv4 and IPv6. Thus it is very desirable to mix 889 IPv4 and IPv6 on the same link to the end user. On other links, 890 separation is possible but more operationally complex, though it does 891 occasionally allow the operator to work around limitations on network 892 devices. The situation here is roughly comparable to IP and MPLS 893 traffic: many networks mix the two traffic types on the same links 894 without issues. 896 By contrast, there is more of an argument for carrying IPv6 routing 897 information over IPv6 transport, while leaving IPv4 routing 898 information on IPv4 transport. By doing this, one gets fate-sharing 899 between the control and data plane for each IP protocol version: if 900 the data plane fails for some reason, then often the control plane 901 will too. 903 4. IANA Considerations 905 This document makes no requests of IANA. 907 5. Security Considerations 909 This document introduces no new security considerations that are not 910 already documented elsewhere. 912 The following is a brief list of pointers to documents related to the 913 topics covered above that the reader may wish to review for security 914 considerations. 916 For general IPv6 security, [RFC4942] provides guidance on security 917 considerations around IPv6 transition and coexistence. 919 For OSPFv3, the base protocol specification [RFC5340] has a short 920 security considerations section which notes that the fundamental 921 mechanism for protecting OSPFv3 from attacks is the mechanism 922 described in [RFC4552]. 924 For IS-IS, [RFC5308] notes that ISIS for IPv6 raises no new security 925 considerations over ISIS for IPv4 over those documented in [ISO10589] 926 and [RFC5304]. 928 For BGP, [RFC2545] notes that BGP for IPv6 raises no new security 929 considerations over those present in BGP for IPv4. However, there 930 has been much discussion of BGP security recently, and the interested 931 reader is referred to the documents of the IETF's SIDR working group. 933 6. Acknowledgements 935 Many, many people in the V6OPS working group provided comments and 936 suggestions that made their way into this document. A partial list 937 includes: Rajiv Asati, Fred Baker, Michael Behringer, Marc Blanchet, 938 Ron Bonica, Randy Bush, Cameron Byrne, Brian Carpenter, KK 939 Chittimaneni, Tim Chown, Lorenzo Colitti, Gert Doering, Francis 940 Dupont, Bill Fenner, Kedar K Gaonkar, Chris Grundemann, Steinar Haug, 941 Ray Hunter, Joel Jaeggli, Victor Kuarsingh, Jen Linkova, Ivan 942 Pepelnjak, Alexandru Petrescu, Rob Shakir, Mark Smith, Jean-Francois 943 Tremblay, Dave Thaler, Tina Tsou, Eric Vyncke, Dan York, and 944 Xuxiaohu. 946 The authors would also like to thank Pradeep Jain and Alastair 947 Johnson for helpful comments on a very preliminary version of this 948 document. 950 7. Informative References 952 [I-D.ietf-idr-bgp-multisession] 953 Scudder, J., Appanna, C., and I. Varlashkin, "Multisession 954 BGP", draft-ietf-idr-bgp-multisession-07 (work in 955 progress), September 2012. 957 [I-D.ietf-idr-dynamic-cap] 958 Ramachandra, S. and E. Chen, "Dynamic Capability for BGP- 959 4", draft-ietf-idr-dynamic-cap-14 (work in progress), 960 December 2011. 962 [I-D.ietf-v6ops-ula-usage-recommendations] 963 Liu, B. and S. Jiang, "Considerations For Using Unique 964 Local Addresses", draft-ietf-v6ops-ula-usage- 965 recommendations-05 (work in progress), May 2015. 967 [ISO10589] 968 International Standards Organization, "Intermediate system 969 to Intermediate system intra-domain routeing information 970 exchange protocol for use in conjunction with the protocol 971 for providing the connectionless-mode Network Service (ISO 972 8473)", International Standard 10589:2002, Nov 2002. 974 [RFC2080] Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080, 975 DOI 10.17487/RFC2080, January 1997, 976 . 978 [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, 979 DOI 10.17487/RFC2328, April 1998, 980 . 982 [RFC2545] Marques, P. and F. Dupont, "Use of BGP-4 Multiprotocol 983 Extensions for IPv6 Inter-Domain Routing", RFC 2545, 984 DOI 10.17487/RFC2545, March 1999, 985 . 987 [RFC3107] Rekhter, Y. and E. Rosen, "Carrying Label Information in 988 BGP-4", RFC 3107, DOI 10.17487/RFC3107, May 2001, 989 . 991 [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast 992 Addresses", RFC 4193, DOI 10.17487/RFC4193, October 2005, 993 . 995 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 996 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 997 2006, . 999 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 1000 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 1001 2006, . 1003 [RFC4472] Durand, A., Ihren, J., and P. Savola, "Operational 1004 Considerations and Issues with IPv6 DNS", RFC 4472, 1005 DOI 10.17487/RFC4472, April 2006, 1006 . 1008 [RFC4552] Gupta, M. and N. Melam, "Authentication/Confidentiality 1009 for OSPFv3", RFC 4552, DOI 10.17487/RFC4552, June 2006, 1010 . 1012 [RFC4852] Bound, J., Pouffary, Y., Klynsma, S., Chown, T., and D. 1013 Green, "IPv6 Enterprise Network Analysis - IP Layer 3 1014 Focus", RFC 4852, DOI 10.17487/RFC4852, April 2007, 1015 . 1017 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 1018 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 1019 DOI 10.17487/RFC4861, September 2007, 1020 . 1022 [RFC4942] Davies, E., Krishnan, S., and P. Savola, "IPv6 Transition/ 1023 Co-existence Security Considerations", RFC 4942, 1024 DOI 10.17487/RFC4942, September 2007, 1025 . 1027 [RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C. 1028 Pignataro, "The Generalized TTL Security Mechanism 1029 (GTSM)", RFC 5082, DOI 10.17487/RFC5082, October 2007, 1030 . 1032 [RFC5120] Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi 1033 Topology (MT) Routing in Intermediate System to 1034 Intermediate Systems (IS-ISs)", RFC 5120, 1035 DOI 10.17487/RFC5120, February 2008, 1036 . 1038 [RFC5220] Matsumoto, A., Fujisaki, T., Hiromi, R., and K. Kanayama, 1039 "Problem Statement for Default Address Selection in Multi- 1040 Prefix Environments: Operational Issues of RFC 3484 1041 Default Rules", RFC 5220, DOI 10.17487/RFC5220, July 2008, 1042 . 1044 [RFC5304] Li, T. and R. Atkinson, "IS-IS Cryptographic 1045 Authentication", RFC 5304, DOI 10.17487/RFC5304, October 1046 2008, . 1048 [RFC5308] Hopps, C., "Routing IPv6 with IS-IS", RFC 5308, 1049 DOI 10.17487/RFC5308, October 2008, 1050 . 1052 [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF 1053 for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, 1054 . 1056 [RFC5375] Van de Velde, G., Popoviciu, C., Chown, T., Bonness, O., 1057 and C. Hahn, "IPv6 Unicast Address Assignment 1058 Considerations", RFC 5375, DOI 10.17487/RFC5375, December 1059 2008, . 1061 [RFC5838] Lindem, A., Ed., Mirtorabi, S., Roy, A., Barnes, M., and 1062 R. Aggarwal, "Support of Address Families in OSPFv3", 1063 RFC 5838, DOI 10.17487/RFC5838, April 2010, 1064 . 1066 [RFC5887] Carpenter, B., Atkinson, R., and H. Flinck, "Renumbering 1067 Still Needs Work", RFC 5887, DOI 10.17487/RFC5887, May 1068 2010, . 1070 [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP 1071 Authentication Option", RFC 5925, DOI 10.17487/RFC5925, 1072 June 2010, . 1074 [RFC5963] Gagliano, R., "IPv6 Deployment in Internet Exchange Points 1075 (IXPs)", RFC 5963, DOI 10.17487/RFC5963, August 2010, 1076 . 1078 [RFC6180] Arkko, J. and F. Baker, "Guidelines for Using IPv6 1079 Transition Mechanisms during IPv6 Deployment", RFC 6180, 1080 DOI 10.17487/RFC6180, May 2011, 1081 . 1083 [RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix 1084 Translation", RFC 6296, DOI 10.17487/RFC6296, June 2011, 1085 . 1087 [RFC6342] Koodli, R., "Mobile Networks Considerations for IPv6 1088 Deployment", RFC 6342, DOI 10.17487/RFC6342, August 2011, 1089 . 1091 [RFC6752] Kirkham, A., "Issues with Private IP Addressing in the 1092 Internet", RFC 6752, DOI 10.17487/RFC6752, September 2012, 1093 . 1095 [RFC6782] Kuarsingh, V., Ed. and L. Howard, "Wireline Incremental 1096 IPv6", RFC 6782, DOI 10.17487/RFC6782, November 2012, 1097 . 1099 [RFC6879] Jiang, S., Liu, B., and B. Carpenter, "IPv6 Enterprise 1100 Network Renumbering Scenarios, Considerations, and 1101 Methods", RFC 6879, DOI 10.17487/RFC6879, February 2013, 1102 . 1104 [RFC6883] Carpenter, B. and S. Jiang, "IPv6 Guidance for Internet 1105 Content Providers and Application Service Providers", 1106 RFC 6883, DOI 10.17487/RFC6883, March 2013, 1107 . 1109 [RFC7010] Liu, B., Jiang, S., Carpenter, B., Venaas, S., and W. 1110 George, "IPv6 Site Renumbering Gap Analysis", RFC 7010, 1111 DOI 10.17487/RFC7010, September 2013, 1112 . 1114 [RFC7217] Gont, F., "A Method for Generating Semantically Opaque 1115 Interface Identifiers with IPv6 Stateless Address 1116 Autoconfiguration (SLAAC)", RFC 7217, 1117 DOI 10.17487/RFC7217, April 2014, 1118 . 1120 [RFC7381] Chittimaneni, K., Chown, T., Howard, L., Kuarsingh, V., 1121 Pouffary, Y., and E. Vyncke, "Enterprise IPv6 Deployment 1122 Guidelines", RFC 7381, DOI 10.17487/RFC7381, October 2014, 1123 . 1125 [RFC7404] Behringer, M. and E. Vyncke, "Using Only Link-Local 1126 Addressing inside an IPv6 Network", RFC 7404, 1127 DOI 10.17487/RFC7404, November 2014, 1128 . 1130 [RFC7868] Savage, D., Ng, J., Moore, S., Slice, D., Paluch, P., and 1131 R. White, "Cisco's Enhanced Interior Gateway Routing 1132 Protocol (EIGRP)", RFC 7868, DOI 10.17487/RFC7868, May 1133 2016, . 1135 [v6-addressing-plan] 1136 SurfNet, "Preparing an IPv6 Address Plan", 2013, 1137 . 1141 Authors' Addresses 1143 Philip Matthews 1144 Nokia 1145 600 March Road 1146 Ottawa, Ontario K2K 2E6 1147 Canada 1149 Phone: +1 613-784-3139 1150 Email: philip_matthews@magma.ca 1151 Victor Kuarsingh 1152 Cisco 1153 88 Queens Quay 1154 Toronto, ON M5J0B8 1155 Canada 1157 Email: victor@jvknet.com