V6OPS Working Group                                          P. Matthews
Internet-Draft                                            Alcatel-Lucent                                                     Nokia
Intended status: Informational                              V. Kuarsingh
Expires: April 21, 2016 17, 2017                                            Cisco
                                                        October 19, 2015 14, 2016

                 Some Design Choices for IPv6 Networks
                   draft-ietf-v6ops-design-choices-09
                   draft-ietf-v6ops-design-choices-10

Abstract

   This document presents advice on certain routing-related design
   choices that arise when designing IPv6 networks (both dual-stack and
   IPv6-only).  The intended audience is someone designing an IPv6
   network who is knowledgeable about best current practices around IPv4
   network design, and wishes to learn the corresponding practices for
   IPv6.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 21, 2016. 17, 2017.

Copyright Notice

   Copyright (c) 2015 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Design Choices  . . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Addresses . . . . . . . . . . . . . . . . . . . . . . . .   3
       2.1.1.  Choice of Addresses in the Core . . . . . . . . . . .   3
     2.2.  Interfaces  . . . . . . . . . . . . . . . . . . . . . . .   7   3
       2.2.1.  Mix IPv4 and IPv6 on the Same Layer-3 Interface?  . .   7   3
       2.2.2.  Interfaces with Only Link-Local Addresses?  . . . . .   8   4
     2.3.  Static Routes . . . . . . . . . . . . . . . . . . . . . .   9   6
       2.3.1.  Link-Local Next-Hop in a Static Route?  . . . . . . .   9   6
     2.4.  IGPs  . . . . . . . . . . . . . . . . . . . . . . . . . .  10   7
       2.4.1.  IGP Choice  . . . . . . . . . . . . . . . . . . . . .  10   7
       2.4.2.  IS-IS Topology Mode . . . . . . . . . . . . . . . . .  12  10
       2.4.3.  RIP / RIPng . . . . . . . . . . . . . . . . . . . . . . . . .  12  11
     2.5.  BGP . . . . . . . . . . . . . . . . . . . . . . . . . . .  13  12
       2.5.1.  Which Transport for Which Routes? . . . . . . . . . .  13  12
         2.5.1.1.  BGP Sessions for Unlabeled Routes . . . . . . . .  15  13
         2.5.1.2.  BGP sessions for Labeled or VPN Routes  . . . . .  16  14
       2.5.2.  eBGP Endpoints: Global or Link-Local Addresses? . . .  16  14
   3.  General Observations  . . . . . . . . . . . . . . . . . . . .  17  16
     3.1.  Use of Link-Local Addresses . . . . . . . . . . . . . . .  17  16
     3.2.  Separation of IPv4 and IPv6 . . . . . . . . . . . . . . .  18  16
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  19  17
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  19  17
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  19  17
   7.  Informative References  . . . . . . . . . . . . . . . . . . .  20  18
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  24  22

1.  Introduction

   This document discusses foundational routing-related design choices that arise
   when designing a IPv6-only Pv6-only or dual-stack network.  The focus is on routing
   related design
   choices that are do not normally addressed come up when designing an IPv4-only network.  The
   document presents each topic area along
   with choice and the most common design choices along with alternatives, and then
   discusses the pros and cons of
   each choice (or alternative) the alternatives in detail.  Where
   consensus currently exists around the best practice, this is
   documented; otherwise the document simply summarizes the current
   state of the discussion.  Thus this document serves to both document
   the reasoning behind the best current practices for IPv6, and to allow a
   designer to make an informed choice where no such consensus exists.

   The design choices presented apply to both Service Provider and
   Enterprise network environments.  The design areas with the relative
   choices are not specific to Service Provider or Enterprise networks,
   but the designer should be aware of their network requirements to
   best utilize the guidance or choice selection which may differ in
   each of these general network environments.  Where specific choices have selection
   criteria or analysis requirements which may differ between a the Service Provider or and the Enterprise
   environment, that will be
   noted in the text. this is noted.  The designer is encouraged to ensure
   that they familiarize themselves with any of the discussed
   technologies to ensure the best selection is made for their
   environment.

   This document does not present advice on strategies for adding IPv6
   to a network, nor does it discuss transition in these areas, see
   [RFC6180] for general advice,[RFC6782] for wireline service
   providers, [RFC6342]for mobile network providers, [RFC5963] for
   exchange point operators, [RFC6883] for content providers, and both
   [RFC4852] and [RFC7381] for enterprises.  Nor does this document
   discuss the particulars of creating an IPv6 addressing plan; for
   advice in this area, see [RFC5375] or [v6-addressing-plan].  The
   details of ULA usage is also not discussed; for this the reader is
   referred to [I-D.ietf-v6ops-ula-usage-recommendations].

   Finally, this document focuses on unicast routing design only and
   does not cover multicast or the issues involved in running MPLS over
   IPv6 transport.

2.  Design Choices

   Each subsection below presents a design choice and discusses the pros
   and cons of the various options.  If there is consensus in the
   industry for a particular option, then the consensus position is
   noted.

2.1.  Addresses

2.1.1.  Choice of Addresses in the Core

   One of

   TBD

2.2.  Interfaces

2.2.1.  Mix IPv4 and IPv6 on the first choices Same Layer-3 Interface?

   If a network designer needs to make is the type
   of IPv6 addresses going to be used in the network core.  IPv6, unlike IPv4,
   introduces new addressing techniques carry both IPv4 and concepts, as introduced in
   [RFC4291] which requires specific attention.  The introduction of
   concepts such IPv6 traffic, as using multiple-addresses per interface many
   networks do today, then a question arises: Should an operator mix
   IPv4 and IPv6 traffic or keep them separated?  More specifically,
   should the
   introduction of linked scoped address-types like Link-Local, mean design:

   a.  Mix IPv4 and IPv6 traffic on the
   designer needs to think beyond same layer-3 interface, OR

   b.  Separate IPv4 and IPv6 by using separate interfaces (e.g., two
       physical links or two VLANs on the constraints of IPv4.  There are
   also operational considerations as with the concept of a provider
   assign PA (Provider Aggregatable assigned via upstream provider)
   versus same link)?

   Option (a) implies a Regional Internet Registry assigned PI (Provider Independent
   assigned from Registry) address type.

   At the time single layer-3 interface at each end of writing, there are still some known operational issues the
   connection with both IPv4 and IPv6 deployments which expose near term deployments to
   functional or operational gaps that may addresses; while option (b)
   implies two layer-3 interfaces at each end, one day be eliminated.  Once
   such gap is host address selection challenges as noted in [RFC5220] for IPv4 addresses
   and renumbering challenges one with IPv6 addresses.

   The advantages of option (a) include:

   o  Requires only half as described in [RFC6879] and [RFC7010].

   Within this document, Unique Local Addresses (ULA) [RFC4193] are
   likened to [RFC1918] addresses from an operational perspective.
   Although ULAs are not architecturally similar to [RFC1918] private
   addresses, the reasons for selecting them, many layer 3 interfaces as option (b), thus
      providing better scaling;

   o  May require fewer physical ports, thus saving money and
      simplifying operations;

   o  Can make the challenge that may
   arise if they are QoS implementation much easier (for example, rate-
      limiting the only address type available combined IPv4 and IPv6 traffic to achieve external
   network connectivity are similar.  "Private" or from a
      customer);

   o  Works well in this document refers practice, as any increase in IPv6 traffic is usually
      counter-balanced by a corresponding decrease in IPv4 traffic to the nature that ULAs would be typically used for internal
   communications only, or externally with assistance
      from technologies
   like NAT, given the addresses are not routed directly with external
   networks.

   A related choice same host (ignoring the common pattern of an overall
      increase in Internet usage);

   o  And is whether to use only link-local addresses on
   certain links.  That choice generally conceptually simpler.

   For these reasons, there is discussed later a relatively strong consensus in the document; this
   section is about those addresses
   operator community that must be visible throughout the
   network.

   The following table lists the main options available.

   +---------+------------+---------------------+----------------------+
   |   GRT   |  End-User  |         ISP         |      Enterprise      |
   | Address |  Traffic   |                     |                      |
   |   Type  |            |                     |                      |
   +---------+------------+---------------------+----------------------+
   |         |            |                     |                      |
   +---------+------------+---------------------+----------------------+
   |    PI   | Hop-by-hop |        Works        |        Works         |
   +---------+------------+---------------------+----------------------+
   |    PI   |  Tunneled  |     Works. Using    | Works. Using private |
   |         |            |    private space    |    space likely a    |
   |         |            |   likely a better   |    better option.    |
   |         |            |       option.       |                      |
   +---------+------------+---------------------+----------------------+
   |    PA   | Hop-by-hop |        Works        |        Works         |
   +---------+------------+---------------------+----------------------+
   |    PA   |  Tunneled  |     Works. Using    | Works. Using private |
   |         |            |  private addresses  |   addresses likely   |
   |         |            |    likely better    |    better option.    |
   |         |            |       option.       |                      |
   +---------+------------+---------------------+----------------------+
   | Private | Hop-by-hop |  Will likely cause  |    Works. Careful    |
   |         |            |    problems. See    | consideration due to |
   |         |            |  discussion below.  |  NAT implications.   |
   +---------+------------+---------------------+----------------------+
   | Private |  Tunneled  |        Works        |        Works         |
   +---------+------------+---------------------+----------------------+

   As the table indicates, there are three options for the type of
   addresses a network designer can use in the network core:

   o  PI - Globally-unique IPv4 or IPv6 addresses obtained directly from
      an address registry.  An organization which has such addresses is
      considered to have "its own" address space.

   o  PA - Globally-unique IPv4 or IPv6 addresses obtained from an
      upstream provider.  Such addresses must be returned if the
      relationship with the upstream provider ceases.

   o  Private - Either IPv4 addresses as per [RFC1918] or unique-local
      IPv6 addresses [RFC4193].

   In all cases, we are talking about the type of addresses used in the
   GRT context (Global Routing Table aka base router).  If end-user
   traffic is routed hop-by-hop through the network based on the
   destination address in the IP header, then this context is visible to
   the end-user.  However, if all end-user traffic is tunneled through
   the core (for example, using MPLS) then this context is not visible
   to the end-user.

   First, consider the case where at least some end-user traffic is
   routed hop-by-hop.  In this case, the use of PI space is the best
   option, as it gives the most flexibility in the future.  However,
   some organizations may be unable or unwilling to obtain PI space - in
   this case PA space is the next-best choice.  For an ISP, the use of
   private address space is problematic - see [RFC6752] for a
   discussion.  For an enterprise, the use of private address space is
   an option and may be seen as favourable operationally, but should
   only be used after careful consideration of the technological
   drawbacks.  If ULAs are the only non-Link-Local address available the
   hosts, the enterprise will need to use translation technologies such
   as NPT[RFC6296] or NAT66 to reach the Internet.  If the network has
   no connection to the Internet, or the hosts only assigned a ULA do
   not need external connectivity, then this limitation option (a) is not a
   problem.

   Now consider the case where all end-user traffic preferred way to go.  Most
   networks today use option (a) wherever possible.

   However, there can be times when option (b) is tunneled through
   the core and thus the core pragmatic choice.
   Most commonly, option (b) is not visible used to other networks.  In this
   case, the use of private addresses work around limitations in the core
   network equipment.  One big example is the most reasonable
   and re-enforces the desire that these addresses have limited
   visibility.  The use generally poor level of PI space is the next-best option - two
   reasons
   support today for selecting this individual statistics on IPv4 traffic vs IPv6
   traffic when option (a) is to provide flexibility in case
   some traffic needs to be carried hop-by-hop in the future and to be
   absolutely sure used.  Other, device-specific, limitations
   exist as well.  It is expected that there are no address conflicts.  Getting IPv4 PI
   space at this time these limitations will be difficult, but go away as
   support for IPv6 PI space is fairly
   easy.

   The use of PA space is likely a poor matures, making option for many organizations
   since these networks are connected to more then one upstream provider
   and/or may need flexibility on how Internet reachability needs to be
   managed.  Using PA space subjects the end network to possible
   reclamation of address space in (b) less and less attractive
   until the future, which requires a
   renumbering activity.

   Not shown day that IPv4 is finally turned off.

2.2.2.  Interfaces with Only Link-Local Addresses?

   As noted in the table above are combinations of introduction, this document does not cover the basic options.
   An example of a combination is using both PA ins
   and ULA address space outs around creating an IPv6 addressing plan.  However, there is
   one question in
   the hop-by-hop enterprise case or multiple PA this area that often arises: Should an interface:

   a.  Use only a link-local address ("link-local-only"), OR

   b.  Have global and/or PI addresses.
   Combinations can reduce unique-local addresses assigned in addition to
       the magnitude link-local?

   There are two advantages in interfaces with only link-local addresses
   ("link-local-only interfaces").  The first advantage is ease of the deficiency
   configuration.  In a network with a basic
   option, but does not eliminate it completely.  For example, using PA
   + ULA for large number of link-local-only
   interfaces, the hop-by-hop enterprise case reduces operator can just enable an IGP on each router,
   without going through the amount tedious process of
   renumbering required when changing providers compared with the pure
   PA case, but does not eliminate it completely.  Additional work
   analyzing assigning and tracking
   the opportunities addresses for using multiple each interface.  The second advantage is security.
   Since packets with Link-Local destination addresses and
   overcoming limitations can should not be found in
   [I-D.ietf-v6ops-host-addr-availability].

2.2.  Interfaces

2.2.1.  Mix IPv4 and IPv6 on
   routed, it is very difficult to attack the Same Layer-3 Interface?

   If associated nodes from an
   off-link device.  This implies less effort around maintaining
   security ACLs.

   Countering this advantage are various disadvantages to link-local-
   only interfaces:

   o  It is not possible to ping a network link-local-only interface from a
      device that is going not directly attached to carry both IPv4 and IPv6 traffic, as many
   networks do today, then the link.  Thus, to
      troubleshoot, one must typically log into a fundamental question arises: Should an
   operator mix IPv4 and IPv6 traffic or keep them separated?  More
   specifically, should device that is
      directly attached to the design:

   a.  Mix IPv4 device in question, and IPv6 traffic on execute the same layer-3 interface, OR

   b.  Separate IPv4 and IPv6 by using separate interfaces (e.g., two
       physical links ping
      from there.

   o  A traceroute passing over the link-local-only interface will
      return the loopback or two VLANs on system address of the router, rather than
      the address of the same link)?

   Option (a) implies a single layer-3 interface at each end itself.

   o  In cases of parallel point to point links it is difficult to
      determine which of the
   connection with both IPv4 and IPv6 addresses; while option (b)
   implies two layer-3 interfaces at each end, one for IPv4 addresses
   and parallel links was taken when attempting to
      troubleshoot unless one with IPv6 addresses.

   The advantages of option (a) include:

   o  Requires only half as many layer 3 interfaces as option (b), thus
      providing better scaling;

   o  May require fewer physical ports, thus saving money;

   o  Can make sends packets directly between the QoS implementation much easier (for example, rate-
      limiting two
      attached link-locals on the combined IPv4 and IPv6 specific interfaces.  Since many
      network problems behave differently for traffic to or from to/from a
      customer);

   o  Works well in practice, as any increase in IPv6 router
      than for traffic is usually
      counter-balanced by a corresponding decrease through the router(s) in IPv4 traffic question, this can pose
      a significant hurdle to or some troubleshooting scenarios.

   o  On some routers, by default the link-layer address of the
      interface is derived from the same host (ignoring MAC address assigned to interface.
      When this is done, swapping out the interface hardware (e.g.
      interface card) will cause the link-layer address to change.  In
      some cases (peering config, ACLs, etc) this may require additional
      changes.  However, many devices allow the link-layer address of an
      interface to be explicitly configured, which avoids this issue.
      This problem should fade away over time as more and more routers
      select interface identifiers according to the common pattern of an overall
      increase rules in Internet usage); [RFC7217].

   o  And  The practice of naming router interfaces using DNS names is generally conceptually simpler.

   For these reasons, there
      difficult and not recommended when using link-locals only.  More
      generally, it is not recommended to put link-local addresses into
      DNS; see [RFC4472].

   o  It is often not possible to identify the interface or link (in a relatively strong consensus in
      database, email, etc) by giving just its address without also
      specifying the
   operator community link in some manner.

   It should be noted that option (a) it is quite possible for the preferred way same link-local
   address to go.  Most
   networks today use option (a) wherever possible.

   However, there can be times when option (b) is assigned to multiple interfaces.  This can happen
   because the pragmatic choice.
   Most commonly, option (b) MAC address is used duplicated (due to work around limitations in
   network equipment.  One big example is manufacturing process
   defaults or the generally poor level use of
   support today for individual statistics virtualization), because a device deliberately
   re-uses automatically-assigned link-local addresses on IPv4 traffic vs different
   links, or because an operator manually assigns the same easy-to-type
   link-local address to multiple interfaces.  All these are allowed in
   IPv6
   traffic when option (a) is used.  Other, device-specific, limitations
   exist as well.  It is expected that these limitations will go away long as
   support the addresses are used on different links.

   For more discussion on the pros and cons, see [RFC7404].  See also
   [RFC5375] for IPv6 matures, making option (b) less and less attractive
   until the day that IPv4 is finally turned off.

2.2.2.  Interfaces unicast address assignment considerations.

   Today, most operators use interfaces with Only global or unique-local
   addresses (option b).

2.3.  Static Routes

2.3.1.  Link-Local Addresses?

   As noted Next-Hop in a Static Route?

   For the introduction, this document does not cover most part, the ins
   and outs around creating an use of static routes in IPv6 addressing plan.  However, there is parallels their
   use in IPv4.  There is, however, one fundamental question exception, which revolves around
   the choice of next-hop address in this area that often arises: Should the static route.  Specifically,
   should an
   interface: operator:

   a.  Use only a the far-end's link-local address ("link-local-only"), as the next-hop address, OR

   b.  Have global and/or unique-local addresses assigned in addition to
       the link-local?

   There are two advantages in interfaces with only link-local addresses
   ("link-local-only interfaces").  The first advantage is ease of
   configuration.  In a network with a large number of link-local-only
   interfaces, the operator can just enable an IGP on each router,
   without going through the tedious process of assigning and tracking  Use the addresses for each interface.  The second advantage is security.
   Since packets with Link-Local destination addresses should not be
   routed, it is very difficult to attack far-end's GUA/ULA address as the associated nodes from an
   off-link device.  This implies less effort around maintaining
   security ACLs.

   Countering this advantage are various disadvantages to link-local-
   only interfaces:

   o  It is not possible to ping a link-local-only interface from a
      device next-hop address?

   Recall that is not directly attached to the link.  Thus, to
      troubleshoot, one must typically log into a device IPv6 specs for OSPF [RFC5340] and ISIS [RFC5308]
   dictate that is
      directly attached they always use link-locals for next-hop addresses.  For
   static routes, [RFC4861] section 8 says:

      A router MUST be able to determine the device link-local address for each
      of its neighboring routers in question, and execute the ping
      from there.

   o  A traceroute passing over the link-local-only interface will
      return order to ensure that the loopback or system target
      address of in a Redirect message identifies the router, rather than neighbor router by
      its link-local address.  For static routing, this requirement
      implies that the next-hop router's address of should be specified
      using the interface itself.

   o  In cases of parallel point to point links it is difficult to
      determine which link-local address of the parallel links was taken when attempting to
      troubleshoot unless one sends packets directly between the two
      attached link-locals on router.

   This implies that using a GUA or ULA as the specific interfaces.  Since many
      network problems behave differently for traffic to/from next hop will prevent a
   router
      than from sending Redirect messages for traffic through the router(s) in question, packets that "hit" this can pose
   static route.  All this argues for using a significant hurdle to some troubleshooting scenarios.

   o  On some routers, by default link-local as the link-layer next-hop
   address of in a static route.

   However, there are two cases where using a link-local address as the
      interface
   next-hop clearly does not work.  One is derived from when the MAC address assigned to interface.
      When this static route is done, swapping out the interface hardware (e.g.
      interface card) will cause an
   indirect (or multi-hop) static route.  The second is when the link-layer address to change. static
   route is redistributed into another routing protocol.  In
      some cases (peering config, ACLs, etc) this may require additional
      changes.  However, these
   cases, the above text from RFC 4861 notwithstanding, either a GUA or
   ULA must be used.

   Furthermore, many devices allow network operators are concerned about the link-layer address
   dependency of the default link-local address on an
      interface to be explicitly configured, which avoids this issue.
      This problem should fade away over time underlying MAC
   address, as more and more routers
      select interface identifiers according to the rules described in [RFC7217].

   o  The practice the previous section.

   Today most operators use GUAs as next-hop addresses.

2.4.  IGPs

2.4.1.  IGP Choice

   One of naming router interfaces using DNS names the main decisions for a network operator looking to deploy
   IPv6 is
      difficult the choice of IGP (Interior Gateway Protocol) within the
   network.  The main options are OSPF, IS-IS and not recommended when using link-locals only.  More
      generally, it is not recommended to put link-local addresses into
      DNS; see [RFC4472].

   o  It EIGRP.  RIPng is often not possible to identify
   another option, but very few networks run RIP in the interface or link (in core these days,
   so it is covered in a
      database, email, etc) separate section below.

   OSPF [RFC2328] [RFC5340] and IS-IS [RFC5120][RFC5120] are both
   standardized link-state protocols.  Both protocols are widely
   supported by giving just its address without also
      specifying the link vendors, and both are widely deployed.  By contrast,
   EIGRP [ref] is a Cisco proprietary distance-vector protocol.  EIGRP
   is rarely deployed in some manner.

   It should be noted that it service-provider networks, but is quite possible for the same link-local
   address to be assigned to multiple interfaces.  This can happen
   because the MAC address common
   in enterprise networks, which is why it is duplicated (due to manufacturing process
   defaults or the use discussed here.

   It is out of virtualization), because a device deliberately
   re-uses automatically-assigned link-local addresses on different
   links, or because an operator manually assigns the same easy-to-type
   link-local address scope for this document to multiple interfaces.  All these are allowed in
   IPv6 as long as describe all the addresses are used on different links.

   For more discussion on differences
   between the pros three protocols; the interested reader can find books and cons, see [RFC7404].  See also
   [RFC5375] for IPv6 unicast address assignment considerations.

   Today, most operators use interfaces with global or unique-local
   addresses (option b).

2.3.  Static Routes

2.3.1.  Link-Local Next-Hop
   websites that go into the differences in quite a Static Route?

   For the most part, the use bit of static routes in detail.
   Rather, this document simply highlights a few differences that can be
   important to consider when designing IPv6 parallels their
   use in IPv4. or dual-stack networks.

   Versions: There is, however, one exception, which revolves around
   the choice are two versions of next-hop address OSPF: OSPFv2 and OSPFv3.  The two
   versions share many concepts, are configured in a similar manner and
   seem very similar to most casual users, but have very different
   packet formats and other "under the static route.  Specifically,
   should an operator:

   a.  Use the far-end's link-local address as the next-hop address, OR

   b.  Use the far-end's GUA/ULA address as the next-hop address?
   Recall hood" differences.  The most
   important difference is that OSPFv2 will only route IPv4, while
   OSPFv3 will route both IPv4 and IPv6.  OSPFv2 was by far the IPv6 specs for most
   widely deployed version of OSPF [RFC5340] when this document was published.  By
   contrast, both IS-IS and ISIS [RFC5308]
   dictate EIGRP have just a single version, which can
   route both IPv4 and IPv6.

   Transport.  IS-IS runs over layer 2 (e.g.  Ethernet).  This means
   that they always use link-locals for next-hop addresses.  For
   static routes, [RFC4861] section 8 says:

      A router MUST be able to determine the link-local address for each functioning of its neighboring routers in order to ensure that IS-IS has no dependencies on the target
      address in IP layer: if
   there is a Redirect message identifies the neighbor router by
      its link-local address.  For static routing, this requirement
      implies that the next-hop router's address should be specified
      using problem at the link-local address of IP layer (e.g. bad addresses), two routers
   can still exchange IS-IS packets.  By contrast, OSPF and EIGRP both
   run over the router. IP layer.  This implies means that using a GUA or ULA as the next hop will prevent a
   router from sending Redirect messages for IP layer must be
   configured and working OSPF or EIGRP packets that "hit" this
   static route.  All this argues for using a link-local as to be exchanged between
   routers.  For EIGRP, the next-hop
   address in a static route.

   However, there are two cases where using a link-local address as dependency on the
   next-hop clearly does not work.  One IP layer is when simple: EIGRP
   for IPv4 runs over IPv4, while EIGRP for IPv6 runs over IPv6.  For
   OSPF, the static route story is an
   indirect (or multi-hop) static route.  The second more complex: OSPFv2 runs over IPv4, but OSPFv3
   can run over either IPv4 or IPv6.  Thus it is when the static possible to route is redistributed into another both
   IPv4 and IPv6 with OSPFv3 running over IPv6 or with OSPFv3 running
   over IPv4.  This means that there are number of choices for how to
   run OSPF in a dual-stack network:

   o  Use OSPFv2 for routing protocol.  In these
   cases, IPv4 , and OSPFv3 running over IPv6 for
      routing IPv6, OR

   o  Use OSPFv3 running over IPv6 for routing both IPv4 and IPv6, OR

   o  Use OSPFv3 running over IPv4 for routing both IPv4 and IPv6.

   Summarization and MPLS: For most casual users, the above text from RFC 4861 notwithstanding, either a GUA or
   ULA must be used.

   Furthermore, many network operators three protocols
   are concerned about fairly similar in what they can do, with two glaring exceptions:
   summarization and MPLS.  For summarization, both OSPF and IS-IS have
   the
   dependency concept of summarization between areas, but the default link-local address on two area concepts
   are quite different, and an underlying MAC
   address, as described in area design that works for one protocol
   will usually not work for the previous section.

   Today most operators use GUAs as next-hop addresses.

2.4.  IGPs

2.4.1.  IGP Choice

   One of other.  EIGRP has no area concept, but
   has the main decisions for ability to summarize at any router.  Thus a large network operator looking to deploy
   IPv6 is the choice of IGP (Interior Gateway Protocol) within the
   network.  The main options are
   will typically have a very different OSPF, IS-IS and EIGRP.  RIPng is
   another option, but very few networks run RIP in the core these days,
   so it EIGRP designs,
   which is covered important to keep in mind if you are planning on using one
   protocol to route IPv4 and a separate section below. different protocol for IPv6.  The other
   difference is that OSPF [RFC2328] [RFC5340] and IS-IS [RFC5120][RFC5120] are both
   standardized and link-state protocols.  Standardized means they are
   widely supported by vendors, while link-state means amongst other
   things that they can support RSVP-TE, which is widely used for a widely-used
   MPLS
   signaling.  Both of these signaling protocol, while EIGRP does not: this is due to OSPF
   and IS-IS both being link-state protocols are widely deployed.  By
   contrast, while EIGRP [ref] is a proprietary distance-vector distance-
   vector protocol.
   EIGRP is rarely deployed in service-provider networks, but is quite
   common in enterprise networks.

   The table below sets out possible combinations of protocols to route
   both IPv4 and IPv6, and makes some observations on each combination.

   +---------+---------+---------------+-------------+-----------------+
   Here "EIGRP-v4" means "EIGRP for IPv4" and similarly for "EIGRP-v6".
   For OSPFv3, it is possible to run it over either IPv4 or IPv6; this
   is not indicated in the table.

   +----------+----------+-------------+----------------+--------------+
   | IGP for  | IGP for  |    Multiple   |   Protocol  |    Similar     |   Multiple   |
   |   IPv4   |   IPv6   |     Known     |  separation | configuration  |    Known     |
   |          |  Deployments          |             |    possible    |
   +---------+---------+---------------+-------------+-----------------+ Deployments  |
   +----------+----------+-------------+----------------+--------------+
   |          |          |             |                |              |
   +---------+---------+---------------+-------------+-----------------+
   +----------+----------+-------------+----------------+--------------+
   |  OSPFv2  |  OSPFv3  |     YES (8)     |      YES       |   YES (8)    |
   +---------+---------+---------------+-------------+-----------------+
   +----------+----------+-------------+----------------+--------------+
   |  OSPFv2  |  IS-IS   |     YES (3)    |     YES     |       -        |
   +---------+---------+---------------+-------------+-----------------+   YES (3)    |
   +----------+----------+-------------+----------------+--------------+
   |  OSPFv2  |  EIGRP  |       - EIGRP-v6 |     YES     |       -        |
   +---------+---------+---------------+-------------+-----------------+      -       |
   +----------+----------+-------------+----------------+--------------+
   |  OSPFv3  |  IS-IS   |       -       |     YES     |       -        |
   +---------+---------+---------------+-------------+-----------------+      -       |  OSPFv3
   +----------+----------+-------------+----------------+--------------+
   |  EIGRP  OSPFv3  |       - EIGRP-v6 |     YES     |       -        |
   +---------+---------+---------------+-------------+-----------------+      -       |
   +----------+----------+-------------+----------------+--------------+
   |  IS-IS   |  OSPFv3  |     YES (2)    |     YES     |       -        |
   +---------+---------+---------------+-------------+-----------------+   YES (2)    |
   +----------+----------+-------------+----------------+--------------+
   |  IS-IS   |  IS-IS   |    YES (12)   |      -      |      YES       |
   +---------+---------+---------------+-------------+-----------------+   YES (12)   |  IS-IS
   +----------+----------+-------------+----------------+--------------+
   |  EIGRP  IS-IS   |       - EIGRP-v6 |     YES     |       -        |
   +---------+---------+---------------+-------------+-----------------+      -       |  EIGRP
   +----------+----------+-------------+----------------+--------------+
   |  OSPFv3 EIGRP-v4 |     ? (1)  OSPFv3  |     YES     |       -        |
   +---------+---------+---------------+-------------+-----------------+    ? (1)     |  EIGRP
   +----------+----------+-------------+----------------+--------------+
   |  IS-IS EIGRP-v4 |       -  IS-IS   |     YES     |       -        |
   +---------+---------+---------------+-------------+-----------------+      -       |  EIGRP
   +----------+----------+-------------+----------------+--------------+
   |  EIGRP EIGRP-v4 |     ? (2) EIGRP-v6 |      -      |      YES       |
   +---------+---------+---------------+-------------+-----------------+    ? (2)     |
   +----------+----------+-------------+----------------+--------------+

   In the column "Multiple Known Deployments", a YES indicates that a
   significant number of production networks run this combination, with
   the number of such networks indicated in parentheses following, while
   a "?" indicates that the authors are only aware of one or two small
   networks that run this combination.  Data for this column was
   gathered from an informal poll of operators on a number of mailing
   lists.  This poll was not intended to be a thorough scientific study
   of IGP choices, but to provide a snapshot of known operator choices
   at the time of writing (Mid-2015) for successful production dual
   stack network deployments.  There were twenty six (26) network
   implementations represented by 17 respondents.  Some respondents
   provided information on more then one network or network deployment.
   Due to privacy considerations, the networks' represented and
   respondents are not listed in this document.

   A number of combinations are marked as offering "Protocol
   separation".  These options use a different IGP protocol for IPv4 vs
   IPv6.  With these options, a problem with routing IPv6 is unlikely to
   affect IPv4 or visa-versa.  Some operator may consider this as a
   benefit when first introducing dual stack capabilities or for ongoing
   technical reasons.

   Three combinations are marked "Similar configuration possible".  This
   means it is possible (but not required) to use very similar IGP
   configuration for IPv4 and IPv6: for example, the same area
   boundaries, area numbering, link costing, etc.  If you are happy with
   your IPv4 IGP design, then this will likely be a consideration.  By
   contrast, the options that use, for example, IS-IS for one IP version
   and OSPF for the other version will require considerably different
   configuration, and will also require the operations staff to become
   familiar with the difference between the two protocols.

   It should be noted that a number of ISPs have run OSPF as their IPv4
   IGP for quite a few years, but have selected IS-IS as their IPv6 IGP.
   However, there are very few (none?) that have made the reverse
   choice.  This is, in part, because routers generally support more
   nodes in an IS-IS area than in the corresponding OSPF area, and
   because IS-IS is seen as more secure because it runs at layer 2.

2.4.2.  IS-IS Topology Mode

   When IS-IS is used to route both IPv4 and IPv6, then there is an
   additional choice of whether whether to run IS-IS in single-topology or
   multi-topology mode.

   With single-topology mode (also known as Native mode) [RFC5308]:

   o  IS-IS keeps a single link-state database for both IPv4 and IPv6.

   o  There is a single set of link costs which apply to both IPv4 and
      IPv6.

   o  All links in the network must support both IPv4 and IPv6, as the
      calculation of routes does not take this into account.  If some
      links do not support IPv6 (or IPv4), then packets may get routed
      across links where support is lacking and get dropped.  This can
      cause problems if some network devices do not support IPv6 (or
      IPv4).

   o  It is also important to keep the previous point in mind when
      adding or removing support for either IPv4 or IPv6.

   With multi-topology mode [ref]:

   o  IS-IS keeps two link-state databases, one for IPv4 and one for
      IPv6.

   o  IPv4 and IPv6 can have separate link metrics.  Note that most
      implementations today require separate link metrics: a number of
      operators have rudely discovered that they have forgotten to run IS-IS
      configure the IPv6 metric until sometime after deploying IPv6 in single-topology or
      multi-topology mode.  Single-topology mode allows IPv4 mode!

   o  Some links can be IPv4-only, some IPv6-only, and IPv6 some dual-stack.
      Routes to
   share a single topology and a single set of link costs[RFC5308].
   Multi-topology mode allows separate IPv4 and IPv6 topologies with
   potentially addresses are computed separately and may
      take different link costs. paths even if the addresses are located on the same
      remote device.

   o  The previous point may help when adding or removing support for
      either IPv4 or IPv6.

   In the informal poll of operators, out of 12 production networks that
   ran IS-IS for both IPv4 and IPv6, 6 used Single Topology single topology mode, 4 used
   Multi-Topology
   multi-topology mode, and 2 did not specify.  One motivation often
   cited by then operators for using Single Topology mode was because
   some device did not support multi-topology mode.

   Traditional thinking has been that

   When asked, many people feel multi-topology mode offers the
   most flexibility. is superior to
   single-topology mode because it provides greater flexibility at
   minimal extra cost.  Never-the-less, as shown by the poll results, a
   number of operators have used single-topology mode successfully.

   Note that this issue does not come up with OSPF, since there is
   nothing that corresponds to IS-IS single-topology mode with OSPF.

2.4.3.  RIP / RIPng

   A protocol option not described in the table above is RIP for IPv4
   and RIPng for IPv6 [RFC2080].  RIPng is a  These are distance vector protocol with limitations in
   larger networks.  However protocols
   that are almost universally considered to be inferior to OSPF, IS-IS,
   or EIGRP for general use.

   However, there is prevalent one specialized use case where RIP/RIPng is still
   considered to be appropriate: in large
   operator star topology networks where RIP is used for edge facing a
   single core interfaces device has lots and lots of links to edge devices and
   each edge device has only a single path back to manage high count aggregation the core.  In such
   networks, the single path means that the limitations of dynamic routing endpoints.
   Although RIP/RIPng are
   mostly not a mainline option for relevant and the network core as a whole, very light-weight nature of RIP/RIPng
   gives it an advantage over the other protocols mentioned above.  One
   concrete example of this scenario is
   commonly used in IPv4, and potentially in IPv6 for a common set the use of
   links/functions. RIP/RIPng between
   cable modems and the CMTS.

2.5.  BGP

2.5.1.  Which Transport for Which Routes?

   BGP these days is multi-protocol.  It can carry routes from many
   different families, and it can do this when the BGP session, or more
   accurately the underlying TCP connection, runs over either IPv4 or
   IPv6 (here referred to as either "IPv4 transport" or "IPv6
   transport").  Given this flexibility, one of the biggest questions
   when deploying BGP in a dual-stack network is the question of which
   routes should be carried over sessions using IPv4 transport and which
   should be carried over sessions using IPv6 transport.

   To answer this question, consider the following table:

           +----------------+-----------+----------------------+
           |  Route Family  | Transport | Comments             |
           +----------------+-----------+----------------------+
           |                |           |                      |
           +----------------+-----------+----------------------+
           | Unlabeled IPv4 |    IPv4   | Works well           |
           +----------------+-----------+----------------------+
           | Unlabeled IPv4 |    IPv6   | Next-hop issues      |
           +----------------+-----------+----------------------+
           | Unlabeled IPv6 |    IPv4   | Next-hop issues      |
           +----------------+-----------+----------------------+
           | Unlabeled IPv6 |    IPv6   | Works well           |
           +----------------+-----------+----------------------+
           |                |           |                      |
           +----------------+-----------+----------------------+
           |  Labeled IPv4  |    IPv4   | Works well           |
           +----------------+-----------+----------------------+
           |  Labeled IPv4  |    IPv6   | Next-hop issues      |
           +----------------+-----------+----------------------+
           |  Labeled IPv6  |    IPv4   | (6PE) Works well     |
           +----------------+-----------+----------------------+
           |  Labeled IPv6  |    IPv6   | Needs MPLS over IPv6 |
           +----------------+-----------+----------------------+
           |                |           |                      |
           +----------------+-----------+----------------------+
           |    VPN IPv4    |    IPv4   | Works well           |
           +----------------+-----------+----------------------+
           |    VPN IPv4    |    IPv6   | Next-hop issues      |
           +----------------+-----------+----------------------+
           |    VPN IPv6    |    IPv4   | (6VPE) Works well    |
           +----------------+-----------+----------------------+
           |    VPN IPv6    |    IPv6   | Needs MPLS over IPv6 |
           +----------------+-----------+----------------------+

   The first column in this table lists various route families, where
   "unlabeled" means SAFI 1, "labeled" means the routes carry an MPLS
   label (SAFI 4, see [RFC3107]), and "VPN" means the routes are
   normally associated with a layer-3 VPN (SAFI 128, see [RFC4364] ).
   The second column lists the protocol used to transport the BGP
   session, frequently specified by giving either an IPv4 or IPv6
   address in the "neighbor" statement.

   The third column comments on the combination in the first two
   columns:

   o  For combinations marked "Works well", these combinations are
      widely supported and are generally recommended.

   o  For combinations marked "Next-hop issues", these combinations are
      less-widely supported and when supported, often have next-hop
      issues.  That is, the next-hop address is typically a v4-mapped
      IPv6 address, which is based on some IPv4 address on the sending
      router.  This v4-mapped IPv6 address is often not reachable by
      default using IPv6 routing.  One common solution to this problem
      is to use routing policy to change the next-hop to a different
      IPv6 address.

   o  For combinations marked as "Needs MPLS over IPv6", these require
      MPLS over IPv6 for full support, though special policy
      configuration may allow them to be used with MPLS over IPv4.

   Also, it is important to note that changing the set of address
   families being carried over a BGP session requires the BGP session to
   be reset (unless something like [I-D.ietf-idr-dynamic-cap] or
   [I-D.ietf-idr-bgp-multisession] is in use).  This is generally more
   of an issue with eBGP sessions than iBGP sessions: for iBGP sessions
   it is common practice for a router to have two iBGP sessions, one to
   each member of a route reflector pair, so one can change the set of
   address families on first one of the sessions and then the other.

   The following subsections discuss specific scenarios in more detail.

2.5.1.1.  BGP Sessions for Unlabeled Routes

   Unlabeled routes are commonly carried on eBGP sessions, as well as on
   iBGP sessions in networks where Internet traffic is carried unlabeled
   across the network.  In these scenarios, operators today most
   commonly use two BGP sessions: one session is transported over IPv4
   and carries the unlabeled IPv4 routes, while the second session is
   transported over IPv6 and carries the unlabeled IPv6 routes.

   There are several reasons for this choice:

   o  It gives a clean separation between IPv4 and IPv6.  This can be
      especially useful when first deploying IPv6 and troubleshooting
      resulting problems.

   o  This avoids the next-hop problem described in note 1 above.

   o  The status of the routes follows the status of the underlying
      transport.  If, for example, the IPv6 data path between the two
      BGP speakers fails, then the IPv6 session between the two speakers
      will fail and the IPv6 routes will be withdrawn, which will allow
      the traffic to be re-routed elsewhere.  By contrast, if the IPv6
      routes were transported over IPv4, then the failure of the IPv6
      data path might leave a working IPv4 data path, so the BGP session
      would remain up and the IPv6 routes would not be withdrawn, and
      thus the IPv6 traffic would be sent into a black hole.

   o  It avoids resetting the BGP session when adding IPv6 to an
      existing session, or when removing IPv4 from an existing session.

2.5.1.2.  BGP sessions for Labeled or VPN Routes

   In these scenarios, it is most common today to carry both the IPv4
   and IPv6 routes over sessions transported over IPv4.  This can be
   done with either: (a) one session carrying both route families, or
   (b) two sessions, one for each family.

   Using a single session is usually appropriate for an iBGP session
   going to a route reflector handling both route families.  Using a
   single session here usually means that the BGP session will reset
   when changing the set of address families, but as noted above, this
   is usually not a problem when redundant route reflectors are
   involved.

   In eBGP situations, two sessions are usually more appropriate.

2.5.2.  eBGP Endpoints: Global or Link-Local Addresses?

   When running eBGP over IPv6, there are two options for the addresses
   to use at each end of the eBGP session (or more properly, the
   underlying TCP session):

   a.  Use link-local addresses for the eBGP session, OR

   b.  Use global addresses for the eBGP session.

   Note that the choice here is the addresses to use for the eBGP
   sessions, and not whether the link itself has global (or unique-
   local) addresses.  In particular, it is quite possible for the eBGP
   session to use link-local addresses even when the link has global
   addresses.

   The big attraction for option (a) is security: an eBGP session using
   link-local addresses is extremely difficult to attack from a device
   that is off-link.  This provides very strong protection against TCP
   RST and similar attacks.  Though there are other ways to get an
   equivalent level of security (e.g.  GTSM [RFC5082], MD5 [RFC5925], or
   ACLs), these other ways require additional configuration which can be
   forgotten or potentially mis-configured.

   However, there are a number of small disadvantages to using link-
   local addresses:

   o  Using link-local addresses only works for single-hop eBGP
      sessions; it does not work for multi-hop sessions.

   o  One must use "next-hop self" at both endpoints, otherwise re-
      advertising routes learned via eBGP into iBGP will not work.
      (Some products enable "next-hop self" in this situation
      automatically).

   o  Operators and their tools are used to referring to eBGP sessions
      by address only, something that is not possible with link-local
      addresses.

   o  If one is configuring parallel eBGP sessions for IPv4 and IPv6
      routes, then using link-local addresses for the IPv6 session
      introduces extra operational differences between the two sessions
      which could otherwise be avoided.

   o  On some products, an eBGP session using a link-local address is
      more complex to configure than a session that uses a global
      address.

   o  If hardware or other issues cause one to move the cable to a
      different local interface, then reconfiguration is required at
      both ends: at the local end because the interface has changed (and
      with link-local addresses, the interface must always be specified
      along with the address), and at the remote end because the link-
      local address has likely changed.  (Contrast this with using
      global addresses, where less re-configuration is required at the
      local end, and no reconfiguration is required at the remote end).

   o  Finally, a strict application of [RFC2545] forbids running eBGP
      between link-local addresses, as [RFC2545] requires the BGP next-
      hop field to contain at least a global address.

   For these reasons, most operators today choose to have their eBGP
   sessions use global addresses.

3.  General Observations

   There are two themes that run though many of the design choices in
   this document.  This section presents some general discussion on
   these two themes.

3.1.  Use of Link-Local Addresses

   The proper use of link-local addresses is a common theme in the IPv6
   network design choices.  Link-layer addresses are, of course, always
   present in an IPv6 network, but current network design practice
   mostly ignores them, despite efforts such as [RFC7404].

   There are three main reasons for this current practice:

   o  Network operators are concerned about the volatility of link-local
      addresses based on MAC addresses, despite the fact that this
      concern can be overcome by manually-configuring link-local
      addresses;

   o  It is very difficult to impossible to ping a link-local address
      from a device that is not on the same subnet.  This is a
      troubleshooting disadvantage, though it can also be viewed as a
      security advantage.

   o  Most operators are currently running networks that carry both IPv4
      and IPv6 traffic, and wish to harmonize their IPv4 and IPv6 design
      and operational practices where possible.

3.2.  Separation of IPv4 and IPv6

   Currently, most operators are running or planning to run networks
   that carry both IPv4 and IPv6 traffic.  Hence the question: To what
   degree should IPv4 and IPv6 be kept separate?  As can be seen above,
   this breaks into two sub-questions: To what degree should IPv4 and
   IPv6 traffic be kept separate, and to what degree should IPv4 and
   IPv6 routing information be kept separate?

   The general consensus around the first question is that IPv4 and IPv6
   traffic should generally be mixed together.  This recommendation is
   driven by the operational simplicity of mixing the traffic, plus the
   general observation that the service being offered to the end user is
   Internet connectivity and most users do not know or care about the
   differences between IPv4 and IPv6.  Thus it is very desirable to mix
   IPv4 and IPv6 on the same link to the end user.  On other links,
   separation is possible but more operationally complex, though it does
   occasionally allow the operator to work around limitations on network
   devices.  The situation here is roughly comparable to IP and MPLS
   traffic: many networks mix the two traffic types on the same links
   without issues.

   By contrast, there is more of an argument for carrying IPv6 routing
   information over IPv6 transport, while leaving IPv4 routing
   information on IPv4 transport.  By doing this, one gets fate-sharing
   between the control and data plane for each IP protocol version: if
   the data plane fails for some reason, then often the control plane
   will too.

4.  IANA Considerations

   This document makes no requests of IANA.

5.  Security Considerations

   This document introduces no new security considerations that are not
   already documented elsewhere.

   The following is a brief list of pointers to documents related to the
   topics covered above that the reader may wish to review for security
   considerations.

   For general IPv6 security, [RFC4942] provides guidance on security
   considerations around IPv6 transition and coexistence.

   For OSPFv3, the base protocol specification [RFC5340] has a short
   security considerations section which notes that the fundamental
   mechanism for protecting OSPFv3 from attacks is the mechanism
   described in [RFC4552].

   For IS-IS, [RFC5308] notes that ISIS for IPv6 raises no new security
   considerations over ISIS for IPv4 over those documented in [ISO10589]
   and [RFC5304].

   For BGP, [RFC2545] notes that BGP for IPv6 raises no new security
   considerations over those present in BGP for IPv4.  However, there
   has been much discussion of BGP security recently, and the interested
   reader is referred to the documents of the IETF's SIDR working group.

6.  Acknowledgements

   Many, many people in the V6OPS working group provided comments and
   suggestions that made their way into this document.  A partial list
   includes: Rajiv Asati, Fred Baker, Michael Behringer, Marc Blanchet,
   Ron Bonica, Randy Bush, Cameron Byrne, Brian Carpenter, KK
   Chittimaneni, Tim Chown, Lorenzo Colitti, Gert Doering, Francis
   Dupont, Bill Fenner, Kedar K Gaonkar, Chris Grundemann, Steinar Haug,
   Ray Hunter, Joel Jaeggli, Victor Kuarsingh, Jen Linkova, Ivan
   Pepelnjak, Alexandru Petrescu, Rob Shakir, Mark Smith, Jean-Francois
   Tremblay, Dave Thaler, Tina Tsou, Eric Vyncke, Dan York, and
   Xuxiaohu.

   The authors would also like to thank Pradeep Jain and Alastair
   Johnson for helpful comments on a very preliminary version of this
   document.

7.  Informative References

   [I-D.ietf-idr-bgp-multisession]
              Scudder, J., Appanna, C., and I. Varlashkin, "Multisession
              BGP", draft-ietf-idr-bgp-multisession-07 (work in
              progress), September 2012.

   [I-D.ietf-idr-dynamic-cap]
              Ramachandra, S. and E. Chen, "Dynamic Capability for BGP-
              4", draft-ietf-idr-dynamic-cap-14 (work in progress),
              December 2011.

   [I-D.ietf-v6ops-host-addr-availability]
              Colitti, L., Cerf, V., D., Cheshire, S., and D. Schinazi, d.
              dschinazi@apple.com, "Host address availability
              recommendations", draft-ietf-
              v6ops-host-addr-availability-01 draft-ietf-v6ops-host-addr-
              availability-07 (work in progress),
              September 2015. May 2016.

   [I-D.ietf-v6ops-ula-usage-recommendations]
              Liu, B. and S. Jiang, "Considerations For Using Unique
              Local Addresses", draft-ietf-v6ops-ula-usage-
              recommendations-05 (work in progress), May 2015.

   [ISO10589]
              International Standards Organization, "Intermediate system
              to Intermediate system intra-domain routeing information
              exchange protocol for use in conjunction with the protocol
              for providing the connectionless-mode Network Service (ISO
              8473)", International Standard 10589:2002, Nov 2002.

   [RFC1918]  Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,
              and E. Lear, "Address Allocation for Private Internets",
              BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996,
              <http://www.rfc-editor.org/info/rfc1918>.

   [RFC2080]  Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080,
              DOI 10.17487/RFC2080, January 1997,
              <http://www.rfc-editor.org/info/rfc2080>.

   [RFC2328]  Moy, J., "OSPF Version 2", STD 54, RFC 2328,
              DOI 10.17487/RFC2328, April 1998,
              <http://www.rfc-editor.org/info/rfc2328>.

   [RFC2545]  Marques, P. and F. Dupont, "Use of BGP-4 Multiprotocol
              Extensions for IPv6 Inter-Domain Routing", RFC 2545,
              DOI 10.17487/RFC2545, March 1999,
              <http://www.rfc-editor.org/info/rfc2545>.

   [RFC3107]  Rekhter, Y. and E. Rosen, "Carrying Label Information in
              BGP-4", RFC 3107, DOI 10.17487/RFC3107, May 2001,
              <http://www.rfc-editor.org/info/rfc3107>.

   [RFC4193]  Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
              Addresses", RFC 4193, DOI 10.17487/RFC4193, October 2005,
              <http://www.rfc-editor.org/info/rfc4193>.

   [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing
              Architecture", RFC 4291, DOI 10.17487/RFC4291, February
              2006, <http://www.rfc-editor.org/info/rfc4291>.

   [RFC4364]  Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
              Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
              2006, <http://www.rfc-editor.org/info/rfc4364>.

   [RFC4472]  Durand, A., Ihren, J., and P. Savola, "Operational
              Considerations and Issues with IPv6 DNS", RFC 4472,
              DOI 10.17487/RFC4472, April 2006,
              <http://www.rfc-editor.org/info/rfc4472>.

   [RFC4552]  Gupta, M. and N. Melam, "Authentication/Confidentiality
              for OSPFv3", RFC 4552, DOI 10.17487/RFC4552, June 2006,
              <http://www.rfc-editor.org/info/rfc4552>.

   [RFC4852]  Bound, J., Pouffary, Y., Klynsma, S., Chown, T., and D.
              Green, "IPv6 Enterprise Network Analysis - IP Layer 3
              Focus", RFC 4852, DOI 10.17487/RFC4852, April 2007,
              <http://www.rfc-editor.org/info/rfc4852>.

   [RFC4861]  Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
              "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
              DOI 10.17487/RFC4861, September 2007,
              <http://www.rfc-editor.org/info/rfc4861>.

   [RFC4942]  Davies, E., Krishnan, S., and P. Savola, "IPv6 Transition/
              Co-existence Security Considerations", RFC 4942,
              DOI 10.17487/RFC4942, September 2007,
              <http://www.rfc-editor.org/info/rfc4942>.

   [RFC5082]  Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C.
              Pignataro, "The Generalized TTL Security Mechanism
              (GTSM)", RFC 5082, DOI 10.17487/RFC5082, October 2007,
              <http://www.rfc-editor.org/info/rfc5082>.

   [RFC5120]  Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi
              Topology (MT) Routing in Intermediate System to
              Intermediate Systems (IS-ISs)", RFC 5120,
              DOI 10.17487/RFC5120, February 2008,
              <http://www.rfc-editor.org/info/rfc5120>.

   [RFC5220]  Matsumoto, A., Fujisaki, T., Hiromi, R., and K. Kanayama,
              "Problem Statement for Default Address Selection in Multi-
              Prefix Environments: Operational Issues of RFC 3484
              Default Rules", RFC 5220, DOI 10.17487/RFC5220, July 2008,
              <http://www.rfc-editor.org/info/rfc5220>.

   [RFC5304]  Li, T. and R. Atkinson, "IS-IS Cryptographic
              Authentication", RFC 5304, DOI 10.17487/RFC5304, October
              2008, <http://www.rfc-editor.org/info/rfc5304>.

   [RFC5308]  Hopps, C., "Routing IPv6 with IS-IS", RFC 5308,
              DOI 10.17487/RFC5308, October 2008,
              <http://www.rfc-editor.org/info/rfc5308>.

   [RFC5340]  Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
              for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
              <http://www.rfc-editor.org/info/rfc5340>.

   [RFC5375]  Van de Velde, G., Popoviciu, C., Chown, T., Bonness, O.,
              and C. Hahn, "IPv6 Unicast Address Assignment
              Considerations", RFC 5375, DOI 10.17487/RFC5375, December
              2008, <http://www.rfc-editor.org/info/rfc5375>.

   [RFC5838]  Lindem, A., Ed., Mirtorabi, S., Roy, A., Barnes, M., and
              R. Aggarwal, "Support of Address Families in OSPFv3",
              RFC 5838, DOI 10.17487/RFC5838, April 2010,
              <http://www.rfc-editor.org/info/rfc5838>.

   [RFC5925]  Touch, J., Mankin, A., and R. Bonica, "The TCP
              Authentication Option", RFC 5925, DOI 10.17487/RFC5925,
              June 2010, <http://www.rfc-editor.org/info/rfc5925>.

   [RFC5963]  Gagliano, R., "IPv6 Deployment in Internet Exchange Points
              (IXPs)", RFC 5963, DOI 10.17487/RFC5963, August 2010,
              <http://www.rfc-editor.org/info/rfc5963>.

   [RFC6180]  Arkko, J. and F. Baker, "Guidelines for Using IPv6
              Transition Mechanisms during IPv6 Deployment", RFC 6180,
              DOI 10.17487/RFC6180, May 2011,
              <http://www.rfc-editor.org/info/rfc6180>.

   [RFC6296]  Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix
              Translation", RFC 6296, DOI 10.17487/RFC6296, June 2011,
              <http://www.rfc-editor.org/info/rfc6296>.

   [RFC6342]  Koodli, R., "Mobile Networks Considerations for IPv6
              Deployment", RFC 6342, DOI 10.17487/RFC6342, August 2011,
              <http://www.rfc-editor.org/info/rfc6342>.

   [RFC6752]  Kirkham, A., "Issues with Private IP Addressing in the
              Internet", RFC 6752, DOI 10.17487/RFC6752, September 2012,
              <http://www.rfc-editor.org/info/rfc6752>.

   [RFC6782]  Kuarsingh, V., Ed. and L. Howard, "Wireline Incremental
              IPv6", RFC 6782, DOI 10.17487/RFC6782, November 2012,
              <http://www.rfc-editor.org/info/rfc6782>.

   [RFC6879]  Jiang, S., Liu, B., and B. Carpenter, "IPv6 Enterprise
              Network Renumbering Scenarios, Considerations, and
              Methods", RFC 6879, DOI 10.17487/RFC6879, February 2013,
              <http://www.rfc-editor.org/info/rfc6879>.

   [RFC6883]  Carpenter, B. and S. Jiang, "IPv6 Guidance for Internet
              Content Providers and Application Service Providers",
              RFC 6883, DOI 10.17487/RFC6883, March 2013,
              <http://www.rfc-editor.org/info/rfc6883>.

   [RFC7010]  Liu, B., Jiang, S., Carpenter, B., Venaas, S., and W.
              George, "IPv6 Site Renumbering Gap Analysis", RFC 7010,
              DOI 10.17487/RFC7010, September 2013,
              <http://www.rfc-editor.org/info/rfc7010>.

   [RFC7217]  Gont, F., "A Method for Generating Semantically Opaque
              Interface Identifiers with IPv6 Stateless Address
              Autoconfiguration (SLAAC)", RFC 7217,
              DOI 10.17487/RFC7217, April 2014,
              <http://www.rfc-editor.org/info/rfc7217>.

   [RFC7381]  Chittimaneni, K., Chown, T., Howard, L., Kuarsingh, V.,
              Pouffary, Y., and E. Vyncke, "Enterprise IPv6 Deployment
              Guidelines", RFC 7381, DOI 10.17487/RFC7381, October 2014,
              <http://www.rfc-editor.org/info/rfc7381>.

   [RFC7404]  Behringer, M. and E. Vyncke, "Using Only Link-Local
              Addressing inside an IPv6 Network", RFC 7404,
              DOI 10.17487/RFC7404, November 2014,
              <http://www.rfc-editor.org/info/rfc7404>.

   [v6-addressing-plan]
              SurfNet, "Preparing an IPv6 Address Plan", 2013,
              <http://www.ripe.net/lir-services/training/material/
              IPv6-for-LIRs-Training-Course/
              Preparing-an-IPv6-Addressing-Plan.pdf>.

Authors' Addresses

   Philip Matthews
   Alcatel-Lucent
   Nokia
   600 March Road
   Ottawa, Ontario  K2K 2E6
   Canada

   Phone: +1 613-784-3139
   Email: philip_matthews@magma.ca

   Victor Kuarsingh
   Cisco
   88 Queens Quay
   Toronto, ON  M5J0B8
   Canada

   Email: victor@jvknet.com