draft-ietf-v6ops-ent-scenarios-02.txt   draft-ietf-v6ops-ent-scenarios-03.txt 
IPv6 Operations Working Group IPv6 Operations Working Group
Internet Draft Jim Bound (Editor) Internet Draft Jim Bound (Editor)
Document: draft-ietf-v6ops-ent-scenarios-02.txt Hewlett Packard Document: draft-ietf-v6ops-ent-scenarios-03.txt Hewlett Packard
Obsoletes: draft-ietf-v6ops-ent-scenarios-01.txt Obsoletes: draft-ietf-v6ops-ent-scenarios-02.txt
Expires: November 2004 Expires: December 2004
IPv6 Enterprise Network Scenarios IPv6 Enterprise Network Scenarios
<draft-ietf-v6ops-ent-scenarios-02.txt> <draft-ietf-v6ops-ent-scenarios-03.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
This document is a submission by the Internet Protocol IPv6 Working This document is a submission by the Internet Protocol IPv6 Working
Group of the Internet Engineering Task Force (IETF). Comments should Group of the Internet Engineering Task Force (IETF). Comments should
be submitted to the ipng@sunroof.eng.sun.com mailing list. be submitted to the ipng@sunroof.eng.sun.com mailing list.
skipping to change at page 2, line 12 skipping to change at page 2, line 12
These requirements will be used to provide analysis to determine a These requirements will be used to provide analysis to determine a
set of enterprise solutions in a later document. set of enterprise solutions in a later document.
Table of Contents: Table of Contents:
1. Introduction................................................3 1. Introduction................................................3
2. Terminology.................................................5 2. Terminology.................................................5
3. Base Scenarios..............................................6 3. Base Scenarios..............................................6
3.1 Base Scenarios Defined.....................................6 3.1 Base Scenarios Defined.....................................6
3.2 Scenarios Network Infrastructure Components................7 3.2 Scenarios Network Infrastructure Components................7
3.3 Specific Scenario Examples.................................8 3.3 Specific Scenario Examples.................................9
4. Support for Legacy IPv4 Nodes and Applications.............10 4. Network Infrastructure Component Requirements..............10
4.1 IPv4 Tunnels to Encapsulate IPv6..........................10 4.1 DNS.......................................................11
4.2 IPv6 Tunnels to Encapsulate IPv4..........................10 4.2 Routing...................................................11
4.3 IPv6 only communicating with IPv4.........................11 4.3 Configuration of Hosts....................................11
5. Network Infrastructure Component Requirements..............11 4.4 Security..................................................11
5.1 DNS.......................................................11 4.5 Applications..............................................12
5.2 Routing...................................................11 4.6 Network Management........................................12
5.3 Autoconfiguration.........................................12 4.7 Address Planning..........................................12
5.4 Security..................................................12 4.8 Multicast..................................................12
5.5 Applications..............................................12 4.9 Multihoming................................................12
5.6 Network Management........................................12 5. Security Considerations....................................13
5.7 Address Planning..........................................12 6. References.................................................13
5.8 Multicast..................................................13 6.1 Normative References......................................13
5.9 Multihoming................................................13 6.2 Non-Normative References..................................13
6. Security Considerations....................................13 Document Acknowledgments.......................................13
7. References.................................................13 Authors Addresses .............................................14
7.1 Normative References......................................14 Intellectual Property Statement................................15
7.2 Non-Normative References..................................14 Full Copyright Statement.......................................16
Document Acknowledgments.......................................14 Acknowledgement................................................16
Authors-Design Team Contact Information........................15
Intellectual Property Statement................................16
Full Copyright Statement.......................................17
Acknowledgement................................................17
1. Introduction 1. Introduction
This document describes the scenarios for IPv6 deployment within This document describes the scenarios for IPv6 deployment within
enterprise networks. It will focus upon an enterprise set of network enterprise networks. It will focus upon an enterprise set of network
base scenarios with assumptions, coexistence with legacy IPv4 nodes, base scenarios with assumptions, coexistence with legacy IPv4 nodes,
networks, and applications, and network infrastructure requirements. networks, and applications, and network infrastructure requirements.
These requirements will be used to provide analysis to determine a These requirements will be used to provide analysis to determine a
set of enterprise solutions in a later document. set of enterprise solutions in a later document.
skipping to change at page 7, line 18 skipping to change at page 7, line 18
above enterprise scenarios. This is not an exhaustive list, but a above enterprise scenarios. This is not an exhaustive list, but a
base list that can be expanded by the enterprise for specific base list that can be expanded by the enterprise for specific
deployment scenarios. The network infrastructure components are deployment scenarios. The network infrastructure components are
presented as functions that the enterprise must analyze as part of presented as functions that the enterprise must analyze as part of
defining their specific scenario. The analysis of these functions defining their specific scenario. The analysis of these functions
will identify actions that are required to deploy IPv6. will identify actions that are required to deploy IPv6.
Network Infrastructure Component 1 Network Infrastructure Component 1
Enterprise Provider Requirements Enterprise Provider Requirements
- Is external connectivity required? - Is external connectivity required?
- One site vs. multiple sites? - One site vs. multiple sites and are they within different
- Leased lines or VPN? geographies?
- Leased lines or VPNS?
- If multiple sites, how is the traffic exchanged securely?
- How many global IPv4 addresses are available to the - How many global IPv4 addresses are available to the
enterprise? enterprise?
- What is the IPv6 address assignment plan available - What is the IPv6 address assignment plan available
from the provider? from the provider?
- Will clients be Multihomed? - What prefix delegation is required by the Enterprise?
- Will the enterprise be multihomed?
- What multihoming techniques are available from the provider?
- Will clients within the enterprise be multihomed?
- Does the provider offer any IPv6 services? - Does the provider offer any IPv6 services?
- What site external IPv6 routing protocols are required? - What site external IPv6 routing protocols are required?
- Is there an external data-center? - Is there an external data-center to the enterprise, such as
servers located at the Provider?
- Is IPv6 available using the same access links as IPv4,
or differently?
Network Infrastructure Component 2 Network Infrastructure Component 2
Enterprise Application Requirements Enterprise Application Requirements
- List of applications in use? - List of applications in use?
- Which applications must be moved to support IPv6 first? - Which applications must be moved to support IPv6 first?
- Can the application be upgraded to IPv6? - Can the application be upgraded to IPv6?
- Will the application have to support both IPv4 and IPv6? - Will the application have to support both IPv4 and IPv6?
- Do the enterprise platforms support both IPv4 and IPv6? - Do the enterprise platforms support both IPv4 and IPv6?
- Do the applications have issues with NAT v4-v4 and NAT v4-v6? - Do the applications have issues with NAT v4-v4 and NAT v4-v6?
- Do the applications need globally routable IP addresses? - Do the applications need globally routable IP addresses?
- Do the applications care about dependency between IPv4 and IPv6 - Do the applications care about dependency between IPv4 and IPv6
addresses? addresses?
- Are applications run only on the internal enterprise network?
Network Infrastructure Component 3 Network Infrastructure Component 3
Enterprise IT Department Requirements Enterprise IT Department Requirements
- Who "owns"/"operates" the network: in house, or outsourced? - Who "owns"/"operates" the network: in house, or outsourced?
- Is a Tele-commuter work force supported? - Is working remotely (e.g., through VPNs) supported?
- Is inter-site communications required? - Is inter-site communications required?
- Is network mobility used or required for IPv6? - Is network mobility used or required for IPv6?
- What are the requirements of the IPv6 address plan? - What are the requirements of the IPv6 address plan?
- Is there a detailed asset management database, including
hosts, IP/MAC addresses, etc.?
- What is the enterprise' approach to numbering geographically
separate sites which have their own Service Providers?
- What will be the internal IPv6 address assignment procedure? - What will be the internal IPv6 address assignment procedure?
- What site internal IPv6 routing protocols are required? - What site internal IPv6 routing protocols are required?
- What will be the IPv6 Network Management policy/procedure? - What will be the IPv6 Network Management policy/procedure?
- What will be the IPv6 QOS policy/procedure? - What will be the IPv6 QOS policy/procedure?
- What will be the IPv6 Security policy/procedure? - What will be the IPv6 Security policy/procedure?
- What is the IPv6 training plan to educate the enterprise? - What is the IPv6 training plan to educate the enterprise?
- What network operations software will be impacted by IPv6? - What network operations software will be impacted by IPv6?
- DNS - DNS
- Management (SNMP & ad-hoc tools) - Management (SNMP & ad-hoc tools)
- Enterprise Network Servers Applications - Enterprise Network Servers Applications
skipping to change at page 9, line 28 skipping to change at page 9, line 40
- Enterprise Resource Applications. - Enterprise Resource Applications.
- Multimedia Applications. - Multimedia Applications.
- Financial Enterprise Applications. - Financial Enterprise Applications.
- Data Warehousing Applications. - Data Warehousing Applications.
Internal network operation: Internal network operation:
- In house operation of the network. - In house operation of the network.
- DHCP (v4) is used for all desktops, servers use static address - DHCP (v4) is used for all desktops, servers use static address
configuration. configuration.
- The DHCP server to update naming records for dynamic desktops - The DHCP server updates naming records for dynamic desktops uses
uses
dynamic DNS. dynamic DNS.
- A web based tool is used to enter name to address mappings for - A web based tool is used to enter name to address mappings for
statically addressed servers. statically addressed servers.
- Network management is done using SNMP. - Network management is done using SNMP.
- All routers and switches are upgradeable to IPv6. - All routers and switches are upgradeable to IPv6.
- Existing firewalls can be upgraded to support IPv6 rules. - Existing firewalls can be upgraded to support IPv6 rules.
- Load balancers do not support IPv6, upgrade path unclear. - Load balancers do not support IPv6, upgrade path unclear.
- Peer-2-Peer Application and Security supported. - Peer-2-Peer Application and Security supported.
- IPv4 Private address space is used within the enterprise. - IPv4 Private address space is used within the enterprise.
skipping to change at page 10, line 33 skipping to change at page 10, line 45
Internal Network Operations: Internal Network Operations:
- All packets must be secured end-2-end with encryption. - All packets must be secured end-2-end with encryption.
- Intrusion Detection exists on all network entry points. - Intrusion Detection exists on all network entry points.
- Network must be able to bolt on to the Internet to share - Network must be able to bolt on to the Internet to share
bandwidth as required from Providers. bandwidth as required from Providers.
- VPNs can be used but NAT can never be used. - VPNs can be used but NAT can never be used.
- Nodes must be able to access IPv4 legacy applications over IPv6 - Nodes must be able to access IPv4 legacy applications over IPv6
network. network.
4. Support for Legacy IPv4 Nodes and Applications 4. Network Infrastructure Component Requirements
The enterprise network will have to support the coexistence of IPv6
and IPv4, to support legacy IPv4 applications and nodes. This means
that some set of nodes will have to be IPv6 capable. The enterprise
user has the following choices for that coexistence to consider
today.
4.1 IPv4 Tunnels to Encapsulate IPv6
IPv6 capable nodes want to communicate using IPv6, but an IPv4
Internal router is between them. These nodes could also be Mobile
nodes on a visited network.
4.2 IPv6 Tunnels to Encapsulate IPv4
An IPv6 capable node, on an IPv6 link within an IPv6 routing domain,
wants to communicate with a legacy IPv4 application.
4.3 IPv6 only communicating with IPv4
An IPv6 capable node wants to communicate with an IPv4 service, but
the node is operating as IPv6 only. In order to continue support for
communications with IPv4 services an IPv6 to IPv4 translator or IPv6
proxy is required. Introduction of such software may prevent usage
of end-to-end security trust models and applications carrying
embedded IP addressing information. Bi-directional establishment of
connections might be difficult to achieve.
5. Network Infrastructure Component Requirements
The enterprise will need to determine what network infrastructure The enterprise will need to determine what network infrastructure
components require enhancements or to be added for deployment of components require enhancements or to be added for deployment of
IPv6. This infrastructure will need to be analyzed and understood as IPv6. This infrastructure will need to be analyzed and understood as
a critical resource to manage. a critical resource to manage. The list in this section is not
exhaustive but are the essential network infrastructure components to
consider for the enterprise before they begin to define more fine
tuned requirements such as QOS, PKI, or Bandwidth requirements for
IPv6 as examples. The components are only identified here and the
details of the components will be discussed in the analysis document
for enterprise scenarios. Where there are references at this time
for a component they are provided.
5.1 DNS 4.1 DNS
DNS will now have to support both IPv4 and IPv6 DNS records and the DNS will now have to support both IPv4 and IPv6 DNS records and the
enterprise will need to determine how the DNS is to be managed and enterprise will need to determine how the DNS is to be managed and
accessed, and secured. The range of DNS operational issues are out accessed, and secured. The range of DNS operational issues are out
of scope for this work. Users need to consider all current DNS IPv4 of scope for this work. Users need to consider all current DNS IPv4
operations and determine if those operations are supported for IPv6. operations and determine if those operations are supported for IPv6.
However, DNS resolution and transport solutions for both IP protocols However, DNS resolution and transport solutions for both IP protocols
are influenced by the chosen IPv6 deployment scenario. Users need to are influenced by the chosen IPv6 deployment scenario. Users need to
consider all current DNS IPv4 operations and determine if those consider all current DNS IPv4 operations and determine if those
operations are supported for IPv6. operations are supported for IPv6 [DNSV6].
5.2 Routing 4.2 Routing
Interior and Exterior routing will be required to support both IPv4 Interior and Exterior routing will be required to support both IPv4
and IPv6 routing protocols, and the coexistence of IPv4 and IPv6 over and IPv6 routing protocols, and the coexistence of IPv4 and IPv6 over
the enterprise network. The enterprise will need to define the IPv6 the enterprise network. The enterprise will need to define the IPv6
routing topology, any ingress and egress points to provider networks, routing topology, any ingress and egress points to provider networks,
and transition mechanisms they wish to use for IPv6 adoption. The and transition mechanisms they wish to use for IPv6 adoption. The
enterprise will also need to determine what IPv6 transition enterprise will also need to determine what IPv6 transition
mechanisms are supported by their upstream providers. mechanisms are supported by their upstream providers.
The choice of interior routing protocols have an impact on how the 4.3 Configuration of Hosts
routing tables will be handled: some such as OSPF will have the
ships-in-the-night paradigm, others such as ISIS are integrated. This
has an impact on the topology and the management of the network.
IPv6 capable routers should be monitored to ensure the router has
sufficient storage for both IPv6 and IPv4 route tables. Existing
network design principles to limit the number of routes in the
network, such as prefix aggregation, become more critical with the
addition of IPv6 to an existing IPv4 network.
5.3 Autoconfiguration
IPv6 introduces the concept of stateless autoconfiguration in IPv6 introduces the concept of stateless autoconfiguration in
addition to stateful autoconfiguration. The enterprise will have to addition to stateful autoconfiguration, for the configuration of
determine the best method of autoconfiguration, for their network. Hosts within the enterprise. The enterprise will have to determine
The enterprise will need to determine if they are to use stateless or the best method of host configuration, for their network. The
enterprise will need to determine if they are to use stateless or
stateful autoconfiguration, and how autoconfiguration is to operate stateful autoconfiguration, and how autoconfiguration is to operate
for DNS updates. The enterprise will need to determine how prefix for DNS updates. The enterprise will need to determine how prefix
delegation is done from their upstream provider and how those delegation is done from their upstream provider and how those
prefixes are cascaded down to the enterprise IPv6 network. The prefixes are cascaded down to the enterprise IPv6 network. The
policy for DNS or choice of autoconfiguration is out of scope for policy for DNS or choice of autoconfiguration is out of scope for
this document. this document. [CONF, DHCPF, DHCPL]
5.4 Security 4.4 Security
Current existing mechanisms used for IPv4 to provide security need to Current existing mechanisms used for IPv4 to provide security need to
be supported for IPv6 within the enterprise. IPv6 should create no be supported for IPv6 within the enterprise. IPv6 should create no
new security concerns for IPv4. The entire security infrastructure new security concerns for IPv4. The entire security infrastructure
currently used in the enterprise needs to be analyzed against IPv6 currently used in the enterprise needs to be analyzed against IPv6
deployment effect and determine what is supported in IPv6. Users deployment effect and determine what is supported in IPv6. Users
should review other security IPv6 network infrastructure work in the should review other security IPv6 network infrastructure work in the
IETF and within the industry on going at this time. Users will have IETF and within the industry on going at this time. Users will have
to work with their platform and software providers to determine what to work with their platform and software providers to determine what
IPv6 security network infrastructure components are supported. The IPv6 security network infrastructure components are supported. The
security filters and firewall requirments for IPv6 need to be security filters and firewall requirements for IPv6 need to be
determined by the enterprise. The policy choice of users for security determined by the enterprise. The policy choice of users for security
is out of scope for this document. is out of scope for this document.
5.5 Applications 4.5 Applications
Existing applications will need to be ported or proxyed to support Existing applications will need to be ported or provide proxies to
both IPv4 and IPv6. support both IPv4 and IPv6 [APPS].
5.6 Network Management 4.6 Network Management
The addition of IPv6 network infrastructure components will need to The addition of IPv6 network infrastructure components will need to
be managed by the enterprise network operations center. Users will be managed by the enterprise network operations center. Users will
need to work with their network management platform providers to need to work with their network management platform providers to
determine what for IPv6 is supported during their planning for IPv6 determine what for IPv6 is supported during their planning for IPv6
adoption, and what tools are available in the market to monitor the adoption, and what tools are available in the market to monitor the
network. network. Network management will not need to support both IPv4 and
IPv6 and view nodes as dual stacks.
5.7 Address Planning 4.7 Address Planning
The address space within the enterprise will need to be defined and The address space within the enterprise will need to be defined and
coordinated with the routing topology of the enterprise network. It coordinated with the routing topology of the enterprise network. It
is also important to identify the pool of IPv4 address space is also important to identify the pool of IPv4 address space
available to the enterprise to assist with IPv6 transition methods. available to the enterprise to assist with IPv6 transition methods.
5.8 Multicast 4.8 Multicast
Enterprises utilising IPv4 Multicast services will need to consider
how these services may be presented in an IPv6-enabled environment.
First, the Multicast routing protocols will need to be considered;
those such as PIM-SM may operate similarly under either protocol, but
in IPv6 nodes will need to support the Multicast Listener Discovery
protocol.
Nodes wishing to utilise Source Specific Multicast (SSM) will need to
support Multicast Listener Discovery protocol v2 (MLDv2). In
addition, applications written for PIM-SM may need to be modified to
use SSM.
For inter-domain multicast, IPv6 has no equivalent of Multicast
Source Discovery Protocol (MSDP); alternative methods are being
designed within the IETF, e.g. by embedding the Rendezvous Point
address in the multicast group address.
For inter-domain use, sites may choose to migrate IPv4 multicast Enterprises utilizing IPv4 Multicast services will need to consider
applications to SSM, for which no reverse path discovery method is how these services may be implemented operationally in an IPv6-
required. enabled environment.
5.9 Multihoming 4.9 Multihoming
At this time, current IPv6 allocation policies are mandating the At this time, current IPv6 allocation policies are mandating the
allocation of IPv6 address space from the upstream provider. If an allocation of IPv6 address space from the upstream provider. If an
enterprise is multihomed, the enterprise will have to determine how enterprise is multihomed, the enterprise will have to determine how
they wish to support multihoming. This also is an area of study they wish to support multihoming. This also is an area of study
within the IETF and work in progress. within the IETF and work in progress.
6. Security Considerations 5. Security Considerations
This document lists scenarios for the deployment of IPv6 in This document lists scenarios for the deployment of IPv6 in
enterprise networks, and there are no security considerations enterprise networks, and there are no security considerations
associated with making such a list. associated with making such a list.
There will security considerations for the deployment of IPv6 in each There will security considerations for the deployment of IPv6 in each
of these scenarios, but they will be addressed in the document that of these scenarios, but they will be addressed in the document that
includes the analysis of each scenario. includes the analysis of each scenario.
7. References 6. References
7.1 Normative References 6.1 Normative References
None at this time. [DNSV6] Durand, A., Ihren, J. and P. Savola, "Operational
Considerations and Issues with IPv6 DNS", Work in
Progress.
7.2 Non-Normative References [CONF] Thomson, S., Narten, T., "IPv6 Stateless Autoconfiguration"
RFC 2462 December 1998.
[DHCPF] Droms, R., Bound, J., Volz, B., Lemon, T., et al. "Dynamic
Host Configuration Protocol for IPv6 (DHCPv6)" RFC 3315 July
2003.
[DHCPL] Droms, R., "Stateless Dynamic Host Configuration Protocol
(DHCP) Service for IPv6" RFC 3756 April 2004.
[APPS] Shin, M-K., Hong, Y-G., Haigino, J., Savola, P., Castro, E.,
"Application Aspects of
IPv6 Transition" Work in Progress.
6.2 Non-Normative References
None at this time. None at this time.
Document Acknowledgments Document Acknowledgments
The Authors would like to acknowledge contributions from the The Authors would like to acknowledge contributions from the
following: IETF v6ops Working Group, Alan Beard, Brian Carpenter, following: IETF v6ops Working Group, Alan Beard, Brian Carpenter,
Alain Durand, and Bob Hinden. Alain Durand, Bob Hinden, and Pekka Savola.
Authors-Design Team Contact Information
Send email to ent-v6net@viagenie.qc.ca to contact the design team and Authors Addresses
send comments on the draft to v6ops@ops.ietf.org.
Yanick Pouffary (Chair of Design Team) Yanick Pouffary (Chair of Design Team)
HP Competency Center HP Competency Center
950, Route des Colles, BP027, 950, Route des Colles, BP027,
06901 Sophia Antipolis CEDEX 06901 Sophia Antipolis CEDEX
FRANCE FRANCE
Phone: + 33492956285 Phone: + 33492956285
Email: Yanick.pouffary@hp.com Email: Yanick.pouffary@hp.com
Jim Bound (Editor) Jim Bound (Editor)
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/