idnits 2.17.1 draft-liu-softwire-lw4over6-dhcp-deployment-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The abstract seems to contain references ([RFC7341], [I-D.ietf-softwire-lw4over6]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 154: '... lwB4 MUST be configured with an IPv...' RFC 2119 keyword, line 157: '...hat lwB4 chooses MUST be routable to t...' RFC 2119 keyword, line 168: '...d port set, lwB4 MUST run DHCPv6 to ac...' RFC 2119 keyword, line 191: '... [I-D.fsc-softwire-dhcp4o6-saddr-opt] and MUST be followed....' RFC 2119 keyword, line 199: '...over DHCPv6 message, lwB4 MUST include...' (3 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 12, 2014) is 3481 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'I-D.ietf-dhc-dhcpv6-active-leasequery' is defined on line 299, but no explicit reference was found in the text == Outdated reference: A later version (-07) exists of draft-fsc-softwire-dhcp4o6-saddr-opt-01 == Outdated reference: A later version (-09) exists of draft-ietf-dhc-dynamic-shared-v4allocation-02 == Outdated reference: A later version (-13) exists of draft-ietf-softwire-lw4over6-10 == Outdated reference: A later version (-07) exists of draft-ietf-dhc-dhcpv4-active-leasequery-01 == Outdated reference: A later version (-04) exists of draft-ietf-dhc-dhcpv6-active-leasequery-01 == Outdated reference: A later version (-12) exists of draft-ietf-softwire-map-dhcp-09 -- Obsolete informational reference (is this intentional?): RFC 3315 (Obsoleted by RFC 8415) Summary: 2 errors (**), 0 flaws (~~), 8 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group C. Liu 3 Internet-Draft Q. Sun 4 Intended status: Informational J. Wu 5 Expires: April 15, 2015 Tsinghua University 6 October 12, 2014 8 Dynamic IPv4 Provisioning for Lightweight 4over6 9 draft-liu-softwire-lw4over6-dhcp-deployment-05 11 Abstract 13 Lightweight 4over6 [I-D.ietf-softwire-lw4over6] is an IPv4 over IPv6 14 hub and spoke mechanism that provides overlay IPv4 services in an 15 IPv6-only access network. Provisioning IPv4 addresses and port set 16 to customers is the core function of Lightweight 4over6 control 17 plane. [I-D.ietf-softwire-lw4over6] illustrates how to use DHCPv6 18 for deterministic IPv4 provisioning. This document discusses how to 19 provision IPv4 parameters by using dynamic IPv4 provisioning 20 protocols such as DHCPv4 over DHCPv6 [RFC7341]. This document 21 describes a dynamic IPv4 provisioning mode for Lightweight 4over6 22 that uses DHCPv4 over DHCPv6 [RFC7341] for IPv4 address provisioning. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on April 15, 2015. 41 Copyright Notice 43 Copyright (c) 2014 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 3. Advantage of Dynamic IPv4 Provisioning . . . . . . . . . . . 3 61 4. Using DHCPv4 over DHCPv6 for Lw4over6 Provisioning . . . . . 4 62 4.1. IP Addressing . . . . . . . . . . . . . . . . . . . . . . 4 63 4.2. DHCPv6 Configuration . . . . . . . . . . . . . . . . . . 4 64 4.3. DHCPv4 over DHCPv6 Function . . . . . . . . . . . . . . . 4 65 4.4. Port Set Consideration . . . . . . . . . . . . . . . . . 5 66 4.5. lwAFTR Binding Table Maintenance . . . . . . . . . . . . 5 67 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 68 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 69 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 70 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 71 7.2. Informative References . . . . . . . . . . . . . . . . . 7 72 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 74 1. Introduction 76 Lightweight 4over6 [I-D.ietf-softwire-lw4over6] provides IPv4 access 77 over IPv6 network in hub-and-spoke softwire architecture. In 78 Lightweight 4over6, each Lightweight B4 (lwB4) is assigned with a 79 port-restricted public IPv4 address or a full public IPv4 address to 80 be used for IPv4 communication. Provisioning IPv4 address, port set 81 and other IPv4 parameters to lwB4 is the core function of the 82 Lightweight 4over6 control plane. It can be achieved by several 83 protocols, such as DHCPv6 [RFC3315] [I-D.ietf-softwire-map-dhcp], 84 DHCPv4 over DHCPv6 [RFC7341] , and PCP [RFC6887]. 86 [I-D.ietf-softwire-lw4over6] illustrates how to use DHCPv6 for 87 deterministic IPv4 provisioning. The IPv4 address and port set ID 88 (PSID) are carried in DHCPv6 options defined in 89 [I-D.ietf-softwire-map-dhcp]. However, the deterministic IPv4 90 provisioning adds some restrictions for addressing and deployment: 91 the IPv4 address's life time needs to be bound to the IPv6 lease 92 time; the IPv4 address and PSID need to be embedded into clients' 93 /128 IPv6 address so the client can not use arbitrary /128 IPv6 94 address as tunnel source address; a customer network that is 95 provisioned with a unique IPv6 prefix can only set up one tunnel 96 instance. 98 This document describes how to deploy Lightweight 4over6 using DHCPv4 99 over DHCPv6 for dynamic IPv4 address provisioning. Since pure DHCPv4 100 is unable to directly work in native IPv6 network, DHCPv4 over DHCPv6 101 [RFC7341] is proposed to support DHCPv4 functionality in IPv6 network 102 by transporting DHCPv4 messages over DHCPv6 message. 103 [I-D.ietf-dhc-dynamic-shared-v4allocation] describes how to allocate 104 port set to clients using DHCPv4 over DHCPv6. 105 [I-D.fsc-softwire-dhcp4o6-saddr-opt] defines options for lwB4 to 106 report its IPv6 tunnel source address to the server. This document 107 does not define a new provisioning method, but describes how these 108 existing specifications are organized to support IPv4 provisioning 109 for Lightweight 4over6. 111 2. Terminology 113 Terminology defined in [RFC7341] and [I-D.ietf-softwire-lw4over6] is 114 used extensively in this document. 116 3. Advantage of Dynamic IPv4 Provisioning 118 [I-D.ietf-softwire-lw4over6] describes the behavior of lwB4 and 119 lwAFTR using DHCPv6 as provisioning protocol. It is based on a pre- 120 determined binding relationship between IPv6 prefix and IPv4 address 121 + PSID. With dynamic IPv4 provisioning, there is no restriction on 122 how the lwB4's IPv6 address is generated. Since in the DHCPv4 over 123 DHCPv6 process the lwB4 is able to tell the server which IPv6 address 124 it intends to use, the lwB4 can run SLAAC, DHCPv6 or other mechanism 125 to achieve and generate its IPv6 address that is used for IPv6 tunnel 126 source address. It is different from the deterministic provisioning 127 mode that IPv4 address are pre-binded to IPv6 prefix and multiple 128 lwB4s sourced behind the same IPv4 prefix can not be supported, and 129 generally lwB4 can not run SLAAC to generate its IPv6 address for 130 tunnel. 132 From the IPv4 address life time view, dynamic IPv4 provisioning 133 allows IPv4 address to have a independent IPv4 life time. This is 134 helpful that the in some case the IPv4 provisioning server may not be 135 able to know the lwB4's IPv6 address life time. It may be because 136 that the IPv4 provisioning server may not also be the IPv6 137 provisioning server for the lwB4, or even the lwB4's IPv6 address 138 does not have a life time at all, thus to bound the IPv4 address life 139 time to IPv6 address life time may cause a waste of IPv4 addresses 140 that the provisioning server is unable to recycle IPv4 address. The 141 dynamic provisioning schema is suitable for operators that has 142 restricted IPv4 address recourses. 144 4. Using DHCPv4 over DHCPv6 for Lw4over6 Provisioning 146 This section describes how DHCPv4 over DHCPv6 is used for Lightweight 147 4over6 configuration. In the remaining of this section, "lwB4" 148 without explicitly written as "stateless lwB4" will refer to stateful 149 lwB4 that runs DHCPv4 over DHCPv6 for dynamic IPv4 provisioning. 151 4.1. IP Addressing 153 Before starting DHCPv4 over DHCPv6 to achieve IPv4 configuration, 154 lwB4 MUST be configured with an IPv6 address. There's no 155 restrictions on how IPv6 address is provisioned. The configured IPv6 156 address is used for IPv6 tunneling and DHCPv4 over DHCPv6 process. 157 The address that lwB4 chooses MUST be routable to the lwAFTR and DHCP 158 4o6 server, e.g. a link-local address must not be used. 160 The softwire provider is free to provide any IPv4 address for a lwB4. 161 There's no restrictions on IPv6/IPv4 addressing, e.g. scattered IPv4 162 addresses can be used, and there's no need for embedding IPv4 163 address/PSID into IPv6 address. 165 4.2. DHCPv6 Configuration 167 Before stateful lwB4 runs DHCPv4 over DHCPv6 to acquire IPv4 address 168 and port set, lwB4 MUST run DHCPv6 to achieve the DHCP 4o6 server's 169 IPv6 address. The DHCPv6 server provides the DHCP 4o6 server's IPv6 170 address by OPTION_DHCP4_O_DHCP6_SERVER as defined in [RFC7341]. 172 A stateful lwB4 may also be compatible with [I-D.ietf-softwire-map- 173 dhcp] and thus will require both OPTION_DHCP4_O_DHCP6_SERVER and 174 OPTION_S46_CONT_LW. The DHCPv6 server decides whether supply 175 OPTION_S46_CONT_LW and OPTION_S46_V4V6BIND directly or indicate the 176 client to run DHCPv4 over DHCPv6 by supplying 177 OPTION_DHCP4_O_DHCP6_SERVER according to its policy. The lwB4 should 178 implement a local logic to decide which one it prefers. The strategy 179 of how to decide preferences between the provisioning modes is out of 180 the scope of the document. 182 4.3. DHCPv4 over DHCPv6 Function 184 The DHCPv4 over DHCPv6 function in lwB4 is disabled by default, and 185 enabled by OPTION_DHCP4_O_DHCP6_SERVER in DHCPv6 server's response. 186 Once enabled, lwB4 runs stateful DHCPv4 over DHCPv6 to acquire IPv4 187 address and port set. lwB4 provides one of its IPv6 address as IPv6 188 tunnel source address to the DHCP 4o6 server, and get the lwAFTR's 189 tunnel address through DHCPv4 over DHCPv6. The DHCPv4 over DHCPv6 190 message flow is described in section 4 of 191 [I-D.fsc-softwire-dhcp4o6-saddr-opt] and MUST be followed. 193 4.4. Port Set Consideration 195 lwB4 gets its PSID through DHCPv4 over DHCPv6 along with its IPv4 196 address. [I-D.ietf-dhc-dynamic-shared-v4allocation] describes how to 197 provision PSID to lwB4 through DHCPv4 over DHCPv6. 199 When sending a DHCPDISCOVER over DHCPv6 message, lwB4 MUST include 200 OPTION_V4_PORTPARAMS in the Parameter Request List. If the server 201 decides to reply a port-restricted address, it MUST reply 202 OPTION_V4_PORTPARAMS to lwB4. if the server decides to reply a full 203 IPv4 address, it SHOULD NOT reply OPTION_V4_PORTPARAMS in the 204 response. When lwB4 receives DHCPv4 over DHCPv6 response without 205 OPTION_V4_PORTPARAMS, it configures itself with the full IPv4 address 206 as regular DHCPv4 client does. When lwB4 receives a shared IPv4 207 address, the address is used for NAPT and MUST NOT be used to 208 identify the lwB4. 210 4.5. lwAFTR Binding Table Maintenance 212 lwAFTR maintains its binding table as per section 6.1 of 213 [I-D.ietf-softwire-lw4over6]. Unless the binding table is fixed and 214 pre-determined, it is synchronized with DHCPv4 over DHCPv6 process. 215 The following DHCPv4 over DHCPv6 messages triggers binding table 216 modification: 218 o DHCPACK: Generated by DHCP server, triggers lwAFTR to add a new 219 entry or modify an existing entry. 221 o DHCPRELEASE: Generated by lwB4, triggers lwAFTR to delete an 222 existing entry. 224 When lwAFTR receives a DHCPACK event, it looks up the binding table 225 using the lwB4's IPv4 address and PSID as index. If there is an 226 existing entry found, the lwAFTR updates the IPv6 address and 227 lifetime fields of the entry; otherwise the lwAFTR creates a new 228 entry accordingly. When lwAFTR receives a DHCPRELEASE event, it 229 looks up the binding table using the lwB4's IPv6 address, IPv4 230 address and PSID as index. The lwAFTR deletes the entry either by 231 removing it from the binding table or mark the lifetime field to an 232 invalid value (e.g. 0). 234 When lwAFTR is co-located with the DHCP server, it listens all DHCPv4 235 over DHCPv6 messages generated or received by the DHCP server and 236 updates the bindings through valid messages. When lwAFTR is not co- 237 located with the DHCP server, the DHCP server informs the lwAFTR 238 about the binding updates through other protocols. DHCP active lease 239 query [I-D.ietf-dhc-dhcpv4-active-leasequery] 240 [I-D.ietf-dhc-dhcpv4-active-leasequery] could be used to do this. 242 The lwAFTR works as a requestor to get every lwB4's IPv4 address + 243 PSID (from DHCPv4 lease), and IPv6 address (from DHCPv6 option). 244 Since current DHCPv4 active lease query doesn't support carrying 245 DHCPv6 options, and DHCPv6 active lease query doesn't support 246 carrying DHCPv4 lease information, it may require extensions to 247 current DHCPv4/DHCPv6 active lease protocols but out of the scope of 248 this document. 250 5. Security Considerations 252 Security considerations in [I-D.ietf-softwire-lw4over6] and [RFC7341] 253 should be considered. 255 The DHCP message triggered binding table maintenance may be used by 256 an attacker to send faked DHCP messages to lwAFTR. The operator 257 network should deploy [RFC2827] to prevent this kind of attack. 259 6. IANA Considerations 261 This document does not include an IANA request. 263 7. References 265 7.1. Normative References 267 [I-D.fsc-softwire-dhcp4o6-saddr-opt] 268 Farrer, I., Sun, Q., and Y. Cui, "DHCPv4 over DHCPv6 269 Source Address Option", draft-fsc-softwire-dhcp4o6-saddr- 270 opt-01 (work in progress), September 2014. 272 [I-D.ietf-dhc-dynamic-shared-v4allocation] 273 Cui, Y., Qiong, Q., Farrer, I., Lee, Y., Sun, Q., and M. 274 Boucadair, "Dynamic Allocation of Shared IPv4 Addresses", 275 draft-ietf-dhc-dynamic-shared-v4allocation-02 (work in 276 progress), September 2014. 278 [I-D.ietf-softwire-lw4over6] 279 Cui, Y., Qiong, Q., Boucadair, M., Tsou, T., Lee, Y., and 280 I. Farrer, "Lightweight 4over6: An Extension to the DS- 281 Lite Architecture", draft-ietf-softwire-lw4over6-10 (work 282 in progress), June 2014. 284 [RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering: 285 Defeating Denial of Service Attacks which employ IP Source 286 Address Spoofing", BCP 38, RFC 2827, May 2000. 288 [RFC7341] Sun, Q., Cui, Y., Siodelski, M., Krishnan, S., and I. 289 Farrer, "DHCPv4-over-DHCPv6 (DHCP 4o6) Transport", RFC 290 7341, August 2014. 292 7.2. Informative References 294 [I-D.ietf-dhc-dhcpv4-active-leasequery] 295 Kinnear, K., Stapp, M., Volz, B., and N. Russell, "Active 296 DHCPv4 Lease Query", draft-ietf-dhc-dhcpv4-active- 297 leasequery-01 (work in progress), June 2014. 299 [I-D.ietf-dhc-dhcpv6-active-leasequery] 300 Dushyant, D., Kinnear, K., and D. Kukrety, "DHCPv6 Active 301 Leasequery", draft-ietf-dhc-dhcpv6-active-leasequery-01 302 (work in progress), March 2014. 304 [I-D.ietf-softwire-map-dhcp] 305 Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, 306 W., Bao, C., leaf.yeh.sdo@gmail.com, l., and X. Deng, 307 "DHCPv6 Options for configuration of Softwire Address and 308 Port Mapped Clients", draft-ietf-softwire-map-dhcp-09 309 (work in progress), October 2014. 311 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 312 and M. Carney, "Dynamic Host Configuration Protocol for 313 IPv6 (DHCPv6)", RFC 3315, July 2003. 315 [RFC6887] Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P. 316 Selkirk, "Port Control Protocol (PCP)", RFC 6887, April 317 2013. 319 Authors' Addresses 321 Cong Liu 322 Tsinghua University 323 Department of Computer Science, Tsinghua University 324 Beijing 100084 325 P.R.China 327 Phone: +86-10-6278-5822 328 Email: gnocuil@gmail.com 329 Qi Sun 330 Tsinghua University 331 Department of Computer Science, Tsinghua University 332 Beijing 100084 333 P.R.China 335 Phone: +86-10-6278-5822 336 Email: sunqi@csnet1.cs.tsinghua.edu.cn 338 Jianping Wu 339 Tsinghua University 340 Department of Computer Science, Tsinghua University 341 Beijing 100084 342 P.R.China 344 Phone: +86-10-6278-5983 345 Email: jianping@cernet.edu.cn