draft-ietf-v6ops-design-choices-01.txt   draft-ietf-v6ops-design-choices-02.txt 
V6OPS Working Group P. Matthews V6OPS Working Group P. Matthews
Internet-Draft Alcatel-Lucent Internet-Draft Alcatel-Lucent
Intended status: Informational V. Kuarsingh Intended status: Informational V. Kuarsingh
Expires: September 7, 2014 Dyn Expires: March 8, 2015 Dyn
March 6, 2014 September 4, 2014
Design Choices for IPv6 Networks Design Choices for IPv6 Networks
draft-ietf-v6ops-design-choices-01 draft-ietf-v6ops-design-choices-02
Abstract Abstract
This document presents advice on the design choices that arise when This document presents advice on the design choices that arise when
designing IPv6 networks (both dual-stack and IPv6-only). The designing IPv6 networks (both dual-stack and IPv6-only). The
intended audience is someone designing an IPv6 network who is intended audience is someone designing an IPv6 network who is
knowledgeable about best current practices around IPv4 network knowledgeable about best current practices around IPv4 network
design, and wishes to learn the corresponding practices for IPv6. design, and wishes to learn the corresponding practices for IPv6.
Status of This Memo Status of This Memo
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 7, 2014. This Internet-Draft will expire on March 8, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Design Choices . . . . . . . . . . . . . . . . . . . . . . . 3 2. Design Choices . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Mix IPv4 and IPv6 on the Same Link? . . . . . . . . . . . 3 2.1. Links . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2. Links with Only Link-Local Addresses? . . . . . . . . . . 4 2.1.1. Mix IPv4 and IPv6 on the Same Link? . . . . . . . . . 3
2.3. Link-Local Next-Hop in a Static Route? . . . . . . . . . 5 2.1.2. Links with Only Link-Local Addresses? . . . . . . . . 4
2.4. Separate or Combined eBGP Sessions? . . . . . . . . . . . 6 2.2. Static Routes . . . . . . . . . . . . . . . . . . . . . . 6
2.5. eBGP Endpoints: Global or Link-Local Addresses? . . . . . 7 2.2.1. Link-Local Next-Hop in a Static Route? . . . . . . . 6
2.6. IGP Choice . . . . . . . . . . . . . . . . . . . . . . . 8 2.3. IGPs . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. General Observations . . . . . . . . . . . . . . . . . . . . 9 2.3.1. IGP Choice . . . . . . . . . . . . . . . . . . . . . 6
3.1. Use of Link-Local Addresses . . . . . . . . . . . . . . . 9 2.4. BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.2. Separation of IPv4 and IPv6 . . . . . . . . . . . . . . . 10 2.4.1. BGP Sessions for Unlabeled Routes . . . . . . . . . . 10
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 2.4.2. BGP sessions for Labeled or VPN Routes . . . . . . . 11
5. Security Considerations . . . . . . . . . . . . . . . . . . . 10 2.4.3. eBGP Endpoints: Global or Link-Local Addresses? . . . 11
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 3. General Observations . . . . . . . . . . . . . . . . . . . . 12
7. Informative References . . . . . . . . . . . . . . . . . . . 11 3.1. Use of Link-Local Addresses . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 3.2. Separation of IPv4 and IPv6 . . . . . . . . . . . . . . . 13
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
5. Security Considerations . . . . . . . . . . . . . . . . . . . 14
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14
7. Informative References . . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
This document presents advice on the design choices that arise when This document presents advice on the design choices that arise when
designing IPv6 networks (both dual-stack and IPv6-only). The designing IPv6 networks (both dual-stack and IPv6-only). The
intended audience is someone designing an IPv6 network who is intended audience is someone designing an IPv6 network who is
knowledgeable about best current practices around IPv4 network knowledgeable about best current practices around IPv4 network
design, and wishes to learn the corresponding practices for IPv6. design, and wishes to learn the corresponding practices for IPv6.
The focus of the document is on design choices where there are The focus of the document is on design choices where there are
skipping to change at page 3, line 22 skipping to change at page 3, line 28
The current version is still work in progress, and it is expected The current version is still work in progress, and it is expected
that the presentation and discussion of additional design choices that the presentation and discussion of additional design choices
will be added as the document matures. will be added as the document matures.
2. Design Choices 2. Design Choices
This section consists of a list of specific design choices a network This section consists of a list of specific design choices a network
designer faces when designing an IPv6-only or dual-stack network, designer faces when designing an IPv6-only or dual-stack network,
along with guidance and advice to the designer when making a choice. along with guidance and advice to the designer when making a choice.
2.1. Mix IPv4 and IPv6 on the Same Link? 2.1. Links
2.1.1. Mix IPv4 and IPv6 on the Same Link?
Should IPv4 and IPv6 traffic be logically separated on a link? That Should IPv4 and IPv6 traffic be logically separated on a link? That
is: is:
a. Mix IPv4 and IPv6 traffic on the same layer 2 connection, OR a. Mix IPv4 and IPv6 traffic on the same layer 2 connection, OR
b. Separate IPv4 and IPv6 by using separate physical or logical b. Separate IPv4 and IPv6 by using separate physical or logical
links (e.g., two physical links or two VLANs on the same link)? links (e.g., two physical links or two VLANs on the same link)?
Option (a) implies a single layer 3 interface at each end with both Option (a) implies a single layer 3 interface at each end with both
skipping to change at page 3, line 42 skipping to change at page 4, line 4
Option (a) implies a single layer 3 interface at each end with both Option (a) implies a single layer 3 interface at each end with both
IPv4 and IPv6 addresses; while option (b) implies two layer 3 IPv4 and IPv6 addresses; while option (b) implies two layer 3
interfaces, one for IPv4 addresses and one with IPv6 addresses. interfaces, one for IPv4 addresses and one with IPv6 addresses.
The advantages of option (a) include: The advantages of option (a) include:
o Requires only half as many layer 3 interfaces as option (b), thus o Requires only half as many layer 3 interfaces as option (b), thus
providing better scaling; providing better scaling;
o May require fewer physical ports, thus saving money; o May require fewer physical ports, thus saving money;
o Can make the QoS implementation much easier (for example, rate- o Can make the QoS implementation much easier (for example, rate-
limiting the combined IPv4 and IPv6 traffic to or from a limiting the combined IPv4 and IPv6 traffic to or from a
customer); customer);
o Provides better support for the expected future of increasing IPv6 o Works well in practice, as any increase in IPv6 traffic is usually
traffic and decreasing IPv4 traffic; counter-balanced by a corresponding decrease in IPv4 traffic to or
from the same host (ignoring the common pattern of an overall
increase in Internet usage);
o And is generally conceptually simpler. o And is generally conceptually simpler.
For these reasons, there is a pretty strong consensus in the operator For these reasons, there is a pretty strong consensus in the operator
community that option (a) is the preferred way to go. community that option (a) is the preferred way to go. Most networks
today use option (a) wherever possible.
However, there can be times when option (b) is the pragmatic choice. However, there can be times when option (b) is the pragmatic choice.
Most commonly, option (b) is used to work around limitations in Most commonly, option (b) is used to work around limitations in
network equipment. One big example is the generally poor level of network equipment. One big example is the generally poor level of
support today for individual statistics on IPv4 traffic vs IPv6 support today for individual statistics on IPv4 traffic vs IPv6
traffic when option (a) is used. Other, device-specific, limitations traffic when option (a) is used. Other, device-specific, limitations
exist as well. It is expected that these limitations will go away as exist as well. It is expected that these limitations will go away as
support for IPv6 matures, making option (b) less and less attractive support for IPv6 matures, making option (b) less and less attractive
until the day that IPv4 is finally turned off. until the day that IPv4 is finally turned off.
Most networks today use option (a) wherever possible. 2.1.2. Links with Only Link-Local Addresses?
2.2. Links with Only Link-Local Addresses?
Should the link: Should the link:
a. Use only link-local addresses ("unnumbered"), OR a. Use only link-local addresses ("unnumbered"), OR
b. Have global or unique-local addresses assigned in addition to b. Have global or unique-local addresses assigned in addition to
link-locals? link-locals?
There are two advantages of unnumbered links. The first advantage is There are two advantages of unnumbered links. The first advantage is
ease of configuration. In a network with a large number of ease of configuration. In a network with a large number of
skipping to change at page 4, line 50 skipping to change at page 5, line 11
o It is not possible to ping an interface that has only a link-local o It is not possible to ping an interface that has only a link-local
address from a device that is not directly attached to the link. address from a device that is not directly attached to the link.
Thus, to troubleshoot, one must typically log into a device that Thus, to troubleshoot, one must typically log into a device that
is directly attached to the device in question, and execute the is directly attached to the device in question, and execute the
ping from there. ping from there.
o A traceroute passing over the unnumbered link will return the o A traceroute passing over the unnumbered link will return the
loopback or system address of the router, rather than the address loopback or system address of the router, rather than the address
of the interface itself. of the interface itself.
o In cases of parallel point to point links it is difficult to
determine which of the parallel links was taken when attempting to
troubleshoot unless one sends packets directly between the two
attached link-locals on the specific interfaces. Since many
network problems behave differently for traffic to/from a router
than for traffic through the router(s) in question, this can pose
a significant hurdle to some troubleshooting scenarios.
o On some devices, by default the link-layer address of the o On some devices, by default the link-layer address of the
interface is derived from the MAC address assigned to interface. interface is derived from the MAC address assigned to interface.
When this is done, swapping out the interface hardware (e.g. When this is done, swapping out the interface hardware (e.g.
interface card) will cause the link-layer address to change. In interface card) will cause the link-layer address to change. In
some cases (peering config, ACLs, etc) this may require additional some cases (peering config, ACLs, etc) this may require additional
changes. However, many devices allow the link-layer address of an changes. However, many devices allow the link-layer address of an
interface to be explicitly configured, which avoids this issue. interface to be explicitly configured, which avoids this issue.
o The practice of naming router interfaces using DNS names is o The practice of naming router interfaces using DNS names is
difficult-to-impossible when using LLAs only. difficult and not recommended when using link-locals only. More
generally, it is not recommended to put link-local addresses into
DNS; see [RFC4472].
o It is not possible to identify the interface or link (in a o It is not often not possible to identify the interface or link (in
database, email, etc) by just giving its address. a database, email, etc) by giving just its address without also
specifying the link in some manner.
It should be noted that it is quite possible for the same link-local
address to be assigned to multiple interfaces. This can happen
because the MAC address is duplicated (due to manufacturing process
defaults or the use of virtualization), because a device deliberately
re-uses automatically-assigned link-local addresses on different
links, or because an operator manually assigns the same easy-to-type
link-local address to multiple interfaces. All these are allowed in
IPv6 as long as the addresses are used on different links.
For more discussion on the pros and cons, see For more discussion on the pros and cons, see
[I-D.ietf-opsec-lla-only]. [I-D.ietf-opsec-lla-only].
Today, most operators use numbered links (option b). Today, most operators use numbered links (option b).
2.3. Link-Local Next-Hop in a Static Route? 2.2. Static Routes
2.2.1. Link-Local Next-Hop in a Static Route?
What form of next-hop address should one use in a static route? What form of next-hop address should one use in a static route?
a. Use the far-end's link-local address as the next-hop address, OR a. Use the far-end's link-local address as the next-hop address, OR
b. Use the far-end's GUA/ULA address as the next-hop address? b. Use the far-end's GUA/ULA address as the next-hop address?
Recall that the IPv6 specs for OSPF [RFC5340] and ISIS [RFC5308] Recall that the IPv6 specs for OSPF [RFC5340] and ISIS [RFC5308]
dictate that they always use link-locals for next-hop addresses. For dictate that they always use link-locals for next-hop addresses. For
static routes, [RFC4861] section 8 says: static routes, [RFC4861] section 8 says:
skipping to change at page 6, line 11 skipping to change at page 6, line 44
route is redistributed into another routing protocol. In these route is redistributed into another routing protocol. In these
cases, the above text from RFC 4861 notwithstanding, either a GUA or cases, the above text from RFC 4861 notwithstanding, either a GUA or
ULA must be used. ULA must be used.
Furthermore, many network operators are concerned about the Furthermore, many network operators are concerned about the
dependency of the default link-local address on an underlying MAC dependency of the default link-local address on an underlying MAC
address, as described in the previous section. address, as described in the previous section.
Today most operators use GUAs as next-hop addresses. Today most operators use GUAs as next-hop addresses.
2.4. Separate or Combined eBGP Sessions? 2.3. IGPs
For a dual-stack peering connection where eBGP is used as the routing 2.3.1. IGP Choice
protocol, then one can either:
a. Use one BGP session to carry both IPv4 and IPv6 routes, OR One of the main decisions for an IPv6 implementor is the choice of
IGP (Interior Gateway Protocol) within the network. The primary
choices are the IETF protocols of RIP [RFC2080], OSPF [RFC2328]
[RFC5340] and IS-IS [RFC5120] [RFC5308], though some operators may
consider non-IETF protocols. Here we limit our discussion to the
pros and cons of OSPF vs. IS-IS.
b. Use two BGP sessions, a session over IPv4 carrying IPv4 routes Considering just OSPF vs. IS-IS, the discussion in this section
and a session over IPv6 carrying IPv6 routes. revolves around the options in the table below:
The main advantage of (a) is a reduction in the number of BGP +--------+--------+---------+---------+------------+----------------+
sessions compared with (b). | Option | IGP | IGP for | Known | Hard | Similar |
| | for | IPv6 | to work | separation | configuration |
| | IPv4 | | well | | possible |
+--------+--------+---------+---------+------------+----------------+
| | | | | | |
+--------+--------+---------+---------+------------+----------------+
| a | IS-IS | IS-IS | YES | - | YES |
+--------+--------+---------+---------+------------+----------------+
| b | IS-IS | OSPFv3 | - | YES | - |
+--------+--------+---------+---------+------------+----------------+
| | | | | | |
+--------+--------+---------+---------+------------+----------------+
| c | OSPFv2 | IS-IS | YES | YES | - |
+--------+--------+---------+---------+------------+----------------+
| d | OSPFv2 | OSPFv3 | YES | YES | YES |
+--------+--------+---------+---------+------------+----------------+
| | | | | | |
+--------+--------+---------+---------+------------+----------------+
| e | OSPFv3 | IS-IS | - | YES | - |
+--------+--------+---------+---------+------------+----------------+
| f | OSPFv3 | OSPFv3 | - | - | YES |
+--------+--------+---------+---------+------------+----------------+
However, there are a number of concerns with option (a): Three of the options above are marked as "Known to work well". These
options have seen significant deployments and are generally
considered to be good choices. The other options represent valid
choices, but have not seen widespread use, so it is hard to offer
comments on how well they work. In particular, options (e) and (f)
use OSPFv3 to route IPv4 [RFC5838], which is still rather new and
untested.
o On most existing implementations, adding or removing an address A number of options are marked "Gives hard separation". These
family to an established BGP session will cause the router to tear options use a different IGP for IPv4 vs IPv6. With these options, a
down and re-establish the session. Thus adding the IPv6 family to problem with routing IPv6 is unlikely to affect IPv4 or visa-versa.
an existing session carrying just IPv4 routes will disrupt the
session, and the eventual removal of IPv4 from the dual IPv4/IPv6
session will also disrupt the session. This disruption problem
will persist until something similar to [I-D.ietf-idr-dynamic-cap]
or [I-D.ietf-idr-bgp-multisession] is widely deployed.
o Whatever selection you make for the underlying transport protocol Three options are marked "Similar configuration possible". This
(v4 or v6) will likely look funny at some date. Using two means it is possible (but not required) to use very similar IGP
sessions is appropriate both now and in the future. configuration for IPv4 and IPv6: for example, the same area
boundaries, area numbering, link costing, etc. If you are happy with
your IPv4 IGP design, then this will likely be a consideration. By
contrast, the options that uses IS-IS for one IP version and OSPF for
the other version will require quite different configuration, and
will also require the operations staff to become familiar with the
difference between the two protocols.
o Carrying (for example) IPv6 routes over IPv4 means that route With option (a), there is an additional choice of whether to run IS-
information is transported over a different transport plane than IS in single-topology mode (where IPv4 and IPv6 share a single
the data packets themselves. If v6 connectivity goes down locally topology and a single set of link costs[RFC5308]) or multi-topology
without v4 also going down, then v6 routes will still be mode (where IPv4 and IPv6 have separate topologies and potentially
exchanged, thus leading to a blackhole. different link costs[RFC5120]). A big problem with single-topology
mode is that it cannot easily accommodate devices that support
IPv4-only or IPv6-only. Thus, today there is general agreement that
multi-topology is the right choice as this gives the greatest
flexibility in network design.
o In some implementations, carrying v4 routes in a BGP session over It should be noted that a number of ISPs have run OSPF as their IPv4
v6 transport (or vica-versa) results in the BGP next-hops in the IGP for quite a few years, but have selected IS-IS as their IPv6 IGP.
wrong address family, which must be fixed using routing policy However, there are very few (none?) that have made the reverse
before the routes can be used. choice. This is, in part, because routers generally support more
nodes in an IS-IS area than in the corresponding OSPF area, and
because IS-IS is seen as more secure because it runs at layer 2.
Given these disadvantages, option (b) is the better choice in most 2.4. BGP
situations, and this is the choice selected in most networks today.
2.5. eBGP Endpoints: Global or Link-Local Addresses? The discussion in this section revolves around the following table.
+----------------+-----------+-------------------+
| Route Family | Transport | Comments |
+----------------+-----------+-------------------+
| | | |
+----------------+-----------+-------------------+
| Unlabeled IPv4 | IPv4 | Works well |
+----------------+-----------+-------------------+
| Unlabeled IPv4 | IPv6 | Next-hop issues |
+----------------+-----------+-------------------+
| Unlabeled IPv6 | IPv4 | Next-hop issues |
+----------------+-----------+-------------------+
| Unlabeled IPv6 | IPv6 | Works well |
+----------------+-----------+-------------------+
| | | |
+----------------+-----------+-------------------+
| Labeled IPv4 | IPv4 | Works well |
+----------------+-----------+-------------------+
| Labeled IPv4 | IPv6 | Next-hop issues |
+----------------+-----------+-------------------+
| Labeled IPv6 | IPv4 | (6PE) Works well |
+----------------+-----------+-------------------+
| Labeled IPv6 | IPv6 | ??? |
+----------------+-----------+-------------------+
| | | |
+----------------+-----------+-------------------+
| VPN IPv4 | IPv4 | Works well |
+----------------+-----------+-------------------+
| VPN IPv4 | IPv6 | Next-hop issues |
+----------------+-----------+-------------------+
| VPN IPv6 | IPv4 | (6VPE) Works well |
+----------------+-----------+-------------------+
| VPN IPv6 | IPv6 | ??? |
+----------------+-----------+-------------------+
The first column lists various route families, where "unlabeled"
means SAFI 1, "labeled" means SAFI 4, and "VPN" means SAFI 128. The
second column lists the protocol used to transport the BGP session,
frequently specified by giving either an IPv4 or IPv6 address in the
"neighbor" statement.
The third column comments on the combination in the first two
columns:
o For combinations marked "Works well", these combinations are
widely supported and are generally recommended.
o For combinations marked "Next-hop issues", these combinations are
less-widely supported and when supported, often have next-hop
issues. That is, the next-hop address is typically a v4-mapped
IPv6 address, which is based on some IPv4 address on the sending
router. This v4-mapped IPv6 address is often not reachable by
default using IPv6 routing. One common solution to this problem
is to use routing policy to change the next-hop to a different
IPv6 address.
o For combinations marked as "???", it is believed that these
combinations will not be supported until MPLS over IPv6 becomes
available. [Need to Confirm].
Also, it is important to note that changing the set of address
families being carried over a BGP session requires the BGP session to
be reset (unless something like [I-D.ietf-idr-dynamic-cap] or
[I-D.ietf-idr-bgp-multisession] is in use). This is generally more
of an issue with eBGP sessions than iBGP sessions: for iBGP sessions
it is common practice for a router to have to two iBGP sessions, one
to each member of a route reflector pair, and so one can change the
set of address families on first one session and then the other.
The following subsections discuss specific scenarios in more detail.
2.4.1. BGP Sessions for Unlabeled Routes
Unlabeled routes are commonly carried on eBGP sessions, as well as on
iBGP sessions in networks where Internet traffic is carried unlabeled
across the network. In these scenarios, operators today most
commonly use two BGP sessions: one session is transported over IPv4
and carries the unlabeled IPv4 routes, while the second session is
transported over IPv6 and carries the unlabeled IPv6 routes.
There are several reasons for this choice:
o It gives a clean separation between IPv4 and IPv6.
o This avoids the next-hop problem described in note 1 above.
o The status of the routes follows the status of the underlying
transport. If, for example, the IPv6 data path between the two
BGP speakers fails, then the IPv6 session between the two speakers
will fail and the IPv6 routes will be withdrawn, which will allow
the traffic to be re-routed elsewhere. By contrast, if the IPv6
routes were transported over IPv4, then the failure of the IPv6
data path might leave a working IPv4 data path, so the BGP session
would remain up and the IPv6 routes would not be withdrawn, and
thus the IPv6 traffic would be sent into a black hole.
o It avoids resetting the BGP session when adding IPv6 to an
existing session, or when removing IPv4 from an existing session.
2.4.2. BGP sessions for Labeled or VPN Routes
In these scenarios, it is most common today to carry both the IPv4
and IPv6 routes over sessions transported over IPv4. This can be
done with either: (a) one session carrying both route families, or
(b) two sessions, one for each family.
Using a single session is usually appropriate for an iBGP session
going to a route reflector handling both route families. Using a
single session here usually means that the BGP session will reset
when changing the set of address families, but as noted above, this
is usually not a problem when redundant route reflectors are
involved.
In eBGP situations, two sessions are usually more appropriate.
2.4.3. eBGP Endpoints: Global or Link-Local Addresses?
When running eBGP over IPv6, there are two options for the addresses When running eBGP over IPv6, there are two options for the addresses
to use at each end of the eBGP session (or more properly, the to use at each end of the eBGP session (or more properly, the
underlying TCP session): underlying TCP session):
a. Use link-local addresses for the eBGP session, OR a. Use link-local addresses for the eBGP session, OR
b. Use global addresses for the eBGP session. b. Use global addresses for the eBGP session.
Note that the choice here is the addresses to use for the eBGP Note that the choice here is the addresses to use for the eBGP
sessions, and not whether the link itself has global (or unique- sessions, and not whether the link itself has global (or unique-
local) addresses. In particular, it is quite possible for the eBGP local) addresses. In particular, it is quite possible for the eBGP
session to use link-local addresses even when the link has global session to use link-local addresses even when the link has global
addresses. addresses.
The big attraction for option (a) is security: an eBGP session using The big attraction for option (a) is security: an eBGP session using
link-local addresses is impossible to attack from a device that is link-local addresses is impossible to attack from a device that is
off-link. This provides very strong protection against TCP RST and off-link. This provides very strong protection against TCP RST and
similar attacks. Though there are other ways to get an equivalent similar attacks. Though there are other ways to get an equivalent
level of security (e.g. GTSM [RFC5082], MD5 [RFC5925], or ACLs), level of security (e.g. GTSM [RFC5082], MD5 [RFC5925], or ACLs),
these other ways require additional configuration which can be these other ways require additional configuration which can be
forgotten or potentially mis-configured. forgotten or potentially mis-configured.
However, there are a number of small disadvantages to using link- However, there are a number of small disadvantages to using link-
local addresses: local addresses:
o Using link-local addresses only works for single-hop eBGP o Using link-local addresses only works for single-hop eBGP
sessions; it does not work for multi-hop sessions. sessions; it does not work for multi-hop sessions.
o One must use "next-hop self" at both endpoints, otherwise o One must use "next-hop self" at both endpoints, otherwise re-
redistributing routes learned via eBGP into iBGP will not work. advertising routes learned via eBGP into iBGP will not work.
(Some products enable "next-hop self" in this situation (Some products enable "next-hop self" in this situation
automatically). automatically).
o Operators and their tools are used to referring to eBGP sessions o Operators and their tools are used to referring to eBGP sessions
by address only, something that is not possible with link-local by address only, something that is not possible with link-local
addresses. addresses.
o If one is configuring parallel eBGP sessions for IPv4 and IPv6 o If one is configuring parallel eBGP sessions for IPv4 and IPv6
routes, then using link-local addresses for the IPv6 session routes, then using link-local addresses for the IPv6 session
introduces an extra difference between the two sessions which introduces extra operational differences between the two sessions
could otherwise be avoided. which could otherwise be avoided.
o On some products, an eBGP session using a link-local address is o On some products, an eBGP session using a link-local address is
more complex to configure than a session that use a global more complex to configure than a session that use a global
address. address.
o If hardware or other issues cause one to move the cable to a o If hardware or other issues cause one to move the cable to a
different local interface, then reconfiguration is required at different local interface, then reconfiguration is required at
both ends: at the local end because the interface has changed (and both ends: at the local end because the interface has changed (and
with link-local addresses, the interface must always be specified with link-local addresses, the interface must always be specified
along with the address), and at the remote end because the link- along with the address), and at the remote end because the link-
skipping to change at page 8, line 22 skipping to change at page 12, line 40
local end, and no reconfiguration is required at the remote end). local end, and no reconfiguration is required at the remote end).
o Finally, a strict interpretation of RFC 2545 can be seen as o Finally, a strict interpretation of RFC 2545 can be seen as
forbidding running eBGP between link-local addresses, as RFC 2545 forbidding running eBGP between link-local addresses, as RFC 2545
requires the BGP next-hop field to contain at least a global requires the BGP next-hop field to contain at least a global
address. address.
For these reasons, most operators today choose to have their eBGP For these reasons, most operators today choose to have their eBGP
sessions use global addresses. sessions use global addresses.
2.6. IGP Choice
One of the main decisions for an IPv6 implementor is the choice of
IGP (Interior Gateway Protocol) within the network. The primary
choices are the IETF protocols of RIP [RFC2080], OSPF [RFC2328]
[RFC5340] and IS-IS [RFC5120] [RFC5308], though some operators may
consider non-IETF protocols. Here we limit our discussion to the
pros and cons of OSPF vs. IS-IS.
Considering just OSPF vs. IS-IS, the options are:
a. Use OSPFv2 for IPv4 and OSPFv3 for IPv6, OR
b. Use OSPFv3 for both IPv4 and IPv6, OR
c. Use OSPFv2 for IPv4, and IS-IS for IPv6, OR
d. Use IS-IS for IPv4 and IPv6, OR
e. Use IS-IS for IPv4 and OSPFv3 for IPv6.
Note that options (a), (c), and (e) involve running two different
routing protocols, while options (b) and (d) involve running just one
routing protocol.
o A big factor in the choice is the protocol the operator is
currently using for routing IPv4. Option (e) is unlikely to be a
good choice for an operator currently using OSPF for IPv4 routing,
and similarly option (a) is unlikely to be a good choice for an
operator currently using IS-IS.
o A pro for options (a), (c), and (e), which use two routing
protocols, is that they give a hard separation between IPv4 and
IPv6 routing. Thus a problem with one protocol or one set of
routes is unlikely to affect the other.
o There are two cons for options (a), (c), and (e). One con is that
two sets of all the protocol mechanisms need to be maintained. On
a larger modern router, this is unlikely to be a problem, but on
some edge devices this might be an issue. The second con is that
some operational staff must be familiar with both protocols. For
many routing problems, the protocols are sufficiently similar that
they can be considered identical, but some problems require a
detailed knowledge of the differences.
o Option (b) requires the use of new protocol extensions that allow
OSPFv3 to also route IPv4. At the time of writing, these
extensions are still quite new.
3. General Observations 3. General Observations
There are two themes that run though many of the design choices in There are two themes that run though many of the design choices in
this document. This section presents some general discussion on this document. This section presents some general discussion on
these two themes. these two themes.
3.1. Use of Link-Local Addresses 3.1. Use of Link-Local Addresses
The proper use of link-local addresses is a common theme in the IPv6 The proper use of link-local addresses is a common theme in the IPv6
network design choices. Link-layer addresses are, of course, always network design choices. Link-layer addresses are, of course, always
skipping to change at page 11, line 17 skipping to change at page 14, line 37
document. document.
7. Informative References 7. Informative References
[I-D.ietf-idr-bgp-multisession] [I-D.ietf-idr-bgp-multisession]
Scudder, J., Appanna, C., and I. Varlashkin, "Multisession Scudder, J., Appanna, C., and I. Varlashkin, "Multisession
BGP", draft-ietf-idr-bgp-multisession-07 (work in BGP", draft-ietf-idr-bgp-multisession-07 (work in
progress), September 2012. progress), September 2012.
[I-D.ietf-idr-dynamic-cap] [I-D.ietf-idr-dynamic-cap]
Ramachandra, S. and E. Chen, "Dynamic Capability for Ramachandra, S. and E. Chen, "Dynamic Capability for BGP-
BGP-4", draft-ietf-idr-dynamic-cap-14 (work in progress), 4", draft-ietf-idr-dynamic-cap-14 (work in progress),
December 2011. December 2011.
[I-D.ietf-opsec-lla-only] [I-D.ietf-opsec-lla-only]
Behringer, M. and E. Vyncke, "Using Only Link-Local Behringer, M. and E. Vyncke, "Using Only Link-Local
Addressing Inside an IPv6 Network", draft-ietf-opsec-lla- Addressing Inside an IPv6 Network", draft-ietf-opsec-lla-
only-07 (work in progress), February 2014. only-10 (work in progress), July 2014.
[I-D.ietf-v6ops-enterprise-incremental-ipv6] [I-D.ietf-v6ops-enterprise-incremental-ipv6]
Chittimaneni, K., Chown, T., Howard, L., Kuarsingh, V., Chittimaneni, K., Chown, T., Howard, L., Kuarsingh, V.,
Pouffary, Y., and E. Vyncke, "Enterprise IPv6 Deployment Pouffary, Y., and E. Vyncke, "Enterprise IPv6 Deployment
Guidelines", draft-ietf-v6ops-enterprise-incremental- Guidelines", draft-ietf-v6ops-enterprise-incremental-
ipv6-05 (work in progress), January 2014. ipv6-06 (work in progress), July 2014.
[RFC2080] Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080, [RFC2080] Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080,
January 1997. January 1997.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998. [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998.
[RFC4472] Durand, A., Ihren, J., and P. Savola, "Operational
Considerations and Issues with IPv6 DNS", RFC 4472, April
2006.
[RFC4852] Bound, J., Pouffary, Y., Klynsma, S., Chown, T., and D. [RFC4852] Bound, J., Pouffary, Y., Klynsma, S., Chown, T., and D.
Green, "IPv6 Enterprise Network Analysis - IP Layer 3 Green, "IPv6 Enterprise Network Analysis - IP Layer 3
Focus", RFC 4852, April 2007. Focus", RFC 4852, April 2007.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
September 2007. September 2007.
[RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., and C. [RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., and C.
Pignataro, "The Generalized TTL Security Mechanism Pignataro, "The Generalized TTL Security Mechanism
skipping to change at page 12, line 15 skipping to change at page 15, line 40
[RFC5308] Hopps, C., "Routing IPv6 with IS-IS", RFC 5308, October [RFC5308] Hopps, C., "Routing IPv6 with IS-IS", RFC 5308, October
2008. 2008.
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", RFC 5340, July 2008. for IPv6", RFC 5340, July 2008.
[RFC5375] Van de Velde, G., Popoviciu, C., Chown, T., Bonness, O., [RFC5375] Van de Velde, G., Popoviciu, C., Chown, T., Bonness, O.,
and C. Hahn, "IPv6 Unicast Address Assignment and C. Hahn, "IPv6 Unicast Address Assignment
Considerations", RFC 5375, December 2008. Considerations", RFC 5375, December 2008.
[RFC5838] Lindem, A., Mirtorabi, S., Roy, A., Barnes, M., and R.
Aggarwal, "Support of Address Families in OSPFv3", RFC
5838, April 2010.
[RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP
Authentication Option", RFC 5925, June 2010. Authentication Option", RFC 5925, June 2010.
[RFC5963] Gagliano, R., "IPv6 Deployment in Internet Exchange Points [RFC5963] Gagliano, R., "IPv6 Deployment in Internet Exchange Points
(IXPs)", RFC 5963, August 2010. (IXPs)", RFC 5963, August 2010.
[RFC6180] Arkko, J. and F. Baker, "Guidelines for Using IPv6 [RFC6180] Arkko, J. and F. Baker, "Guidelines for Using IPv6
Transition Mechanisms during IPv6 Deployment", RFC 6180, Transition Mechanisms during IPv6 Deployment", RFC 6180,
May 2011. May 2011.
 End of changes. 35 change blocks. 
121 lines changed or deleted 261 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/