draft-ietf-v6ops-incremental-cgn-01.txt   draft-ietf-v6ops-incremental-cgn-02.txt 
Network Working Group S. Jiang Network Working Group S. Jiang
Internet Draft D. Guo Internet Draft D. Guo
Intended status: Informational Huawei Technologies Co., Ltd Intended status: Informational Huawei Technologies Co., Ltd
Expires: December 22, 2010 B. Carpenter Expires: April 12, 2010 B. Carpenter
University of Auckland University of Auckland
June 18, 2010 October 11, 2010
An Incremental Carrier-Grade NAT (CGN) for IPv6 Transition An Incremental Carrier-Grade NAT (CGN) for IPv6 Transition
draft-ietf-v6ops-incremental-cgn-01.txt draft-ietf-v6ops-incremental-cgn-02.txt
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute working Task Force (IETF). Note that other groups may also distribute working
documents as Internet-Drafts. The list of current Internet-Drafts is documents as Internet-Drafts. The list of current Internet-Drafts is
at http://datatracker.ietf.org/drafts/current/. at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 22, 2010. This Internet-Draft will expire on April 12, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Abstract Abstract
Global IPv6 deployment was slower than originally expected in the Global IPv6 deployment was slower than originally expected. As IPv4
last ten years. As IPv4 address exhaustion gets closer, the IPv4/IPv6 address exhaustion approaches, the IPv4 to IPv6 transition issues
transition issues become more critical and complicated. Host-based become more critical and less tractable. Host-based transition
transition mechanisms are not able to meet the requirements while mechanisms used in dual stack environments are not able to meet the
most end users are not sufficiently expert to configure or maintain transition requirements. Most end users are not sufficiently expert
these transition mechanisms. Carrier-Grade NAT (CGN) with integrated to configure or maintain host-based transition mechanisms. Carrier-
transition mechanisms can simplify the operation of end users during Grade NAT (CGN) devices with integrated transition mechanisms can
the IPv4/IPv6 migration or coexistence period. This document proposes reduce the operational change required during the IPv4 to IPv6
an incremental CGN approach for IPv6 transition. It can provide IPv6 migration or coexistence period.
access services for IPv6-enabled end hosts and IPv4 access services
for IPv4 end hosts while remaining most of legacy IPv4 ISP networks This document proposes an incremental CGN approach for IPv6
unchanged. It is suitable for the initial stage of IPv4/IPv6 transition. It can provide IPv6 access services for IPv6-enabled
migration. Unlike NAT444 CGN alone, it also supports and encourages hosts and IPv4 access services for IPv4 hosts while leaving much of a
transition towards dual-stack or IPv6-only ISP networks. A smooth legacy IPv4 ISP network unchanged. It is suitable for the initial
transition mechanism is also described in this document. It stage of IPv4 to IPv6 migration. Unlike NAT444 based CGN alone,
introduces an integrated configurable CGN device and an adaptive Home Incremental CGN also supports and encourages transition towards dual-
Gateway (HG) device. Both HG and CGN are re-usable devices during stack or IPv6-only ISP networks. A smooth transition to IPv6
different transition periods. It avoid potential multiple upgrade. deployment is also described in this document.
ISPs have NOT to make a big transition decision. It enables IPv6
migration to be incrementally achieved according to the real user An integrated configurable CGN device and an adaptive Home Gateway
requirements. So ISPs have NOT to make a big transition decision. (HG) device are introduced. Both HG and CGN are re-usable devices
during different transition periods. It avoids potential multiple
upgrades. It enables IPv6 migration to be incrementally achieved
according to the real user requirements.
Table of Contents Table of Contents
1. Introduction.................................................3 1. Introduction................................................3
2. An Incremental CGN Approach..................................4 2. An Incremental CGN Approach..................................4
2.1. Incremental CGN Approach Overview.......................4 2.1. Incremental CGN Approach Overview.......................4
2.2. Choice of tunnelling technology.........................5 2.2. Choice of tunneling technology..........................5
2.3. Behaviour of Dual-stack Home Gateway....................6 2.3. Behavior of Dual-stack Home Gateway.....................6
2.4. Behaviour of Dual-stack CGN.............................6 2.4. Behavior of Dual-stack CGN..............................6
2.5. Impact for existing end hosts and remaining networks....7 2.5. Impact for existing hosts and unchanged networks.........7
2.6. IPv4/IPv6 intercommunication............................7 2.6. IPv4/IPv6 intercommunication............................7
2.7. Discussion..............................................7 2.7. Discussion.............................................7
3. Smooth transition towards IPv6 infrastructure................8 3. Smooth transition towards IPv6 infrastructure................8
4. Security Considerations......................................9 4. Security Considerations......................................9
5. IANA Considerations..........................................9 5. IANA Considerations.........................................9
6. Acknowledgements.............................................9 6. Acknowledgements............................................9
7. Change Log [RFC Editor please remove].......................10 7. Change Log [RFC Editor please remove].......................10
8. References..................................................11 8. References.................................................11
8.1. Normative References...................................11 8.1. Normative References...................................11
8.2. Informative References.................................11 8.2. Informative References.................................11
Author's Addresses.............................................14 Author's Addresses............................................13
1. Introduction 1. Introduction
Up to now, global IPv6 deployment does not happen as was expected 10 Global IPv6 deployment did not happen as was forecast 10 years ago.
years ago. The progress was much slower than originally expected.
Network providers were hesitant to take the first move while IPv4 was Network providers were hesitant to take the first move while IPv4 was
and is still working well. However, IPv4 address exhaustion is now and is still working well. However, IPv4 address exhaustion is
confirmed to happen soon. The dynamically-updated IPv4 Address Report imminent. The dynamically-updated IPv4 Address Report [IPUSAGE] has
[IPUSAGE] has analyzed this issue. It predicts early 2011 for IANA analyzed this issue. It predicts early 2011 for IANA unallocated
unallocated address pool exhaustion and middle 2012 for RIR address pool exhaustion and middle 2012 for RIR unallocated address
unallocated address pool exhaustion. Based on this fact, the Internet pool exhaustion. Based on this fact, the Internet industry appears to
industry appears to have reached consensus that global IPv6 have reached consensus that global IPv6 deployment is inevitable and
deployment is inevitable and has to be done quite quickly. has to be done expediently.
IPv4/IPv6 transition issues therefore become more critical and IPv4 to IPv6 transition issues therefore become more critical and
complicated for the soon-coming global IPv6 deployment. Host-based complicated for the soon-coming global IPv6 deployment. Host-based
transition mechanisms alone are not able to meet the requirements in transition mechanisms alone are not able to meet the requirements in
all cases. Therefore, network supporting functions and/or new all cases. Therefore, network supporting functions and/or new
transition mechanisms with simple user-side operation are needed. transition mechanisms with simple user-side operation are needed.
Carrier-Grade NAT (CGN) [I-D.nishitani-cgn], also called NAT444 CGN, Carrier-Grade NAT (CGN) [I-D.nishitani-cgn], also called NAT444 CGN,
alone creates operational problems, but does nothing to help alone compounds IPv4 operational problems, but does nothing to
IPv4/IPv6 transition. In fact it allows ISPs to delay the transition, encourage IPv4 to IPv6 transition. Deployment of NAT444 CGN allows
and therefore causes double transition costs (once to add CGN, and ISPs to delay the transition, and therefore increased double
again to support IPv6). transition costs (once to add CGN, and again to support IPv6).
CGN that integrates multiple transition mechanisms can simplify the CGN deployments that integrate multiple transition mechanisms can
operation of end user services during the IPv4/IPv6 migration or simplify the operation of end user services during the IPv4 to IPv6
coexistence period. CGNs are deployed on the network side and migration and coexistence periods. CGNs are deployed on the network
managed/maintained by professionals. On the user side, new Home side and managed/maintained by professionals. On the user side, new
Gateway (HG) devices may be needed too. They may be provided by Home Gateway (HG) devices may be needed too. They may be provided by
network providers, depending on the specific business model. Dual- network providers, depending on the specific business model. Dual-
stack lite [I-D.ietf-softwire-dual-stack-lite], also called DS-Lite, stack lite [I-D.ietf-softwire-dual-stack-lite], also called DS-Lite,
is a CGN-based solution that supports transition, but it requires the is a CGN-based solution that supports transition, but it requires the
ISP to upgrade its network to IPv6 immediately. Many ISPs hesitate to ISP to upgrade its network to IPv6 immediately. Many ISPs hesitate to
do this as the first step. Theoretically, DS-Lite can be used with do this as the first step. Theoretically, DS-Lite can be used with
double encapsulation (IPv4-in-IPv6-in-IPv4) but this seems even less double encapsulation (IPv4-in-IPv6-in-IPv4) but this seems even less
likely to be accepted by an ISP and is not discussed further. likely to be accepted by an ISP and is not discussed in this
document.
This document proposes an incremental CGN approach for IPv6 This document proposes an incremental CGN approach for IPv6
transition. The approach is similar to DS-Lite, but the other way transition. The approach is similar to DS-Lite, but the other way
around. Technically, it mainly combines v4-v4 NAT with v6-over-v4 around. It mainly combines v4-v4 NAT with v6-over-v4 tunneling
tunnelling functions along with some minor adjustment. It can provide functions. It can provide IPv6 access services for IPv6-enabled hosts
IPv6 access services for IPv6-enabled end hosts and IPv4 access and IPv4 access services for IPv4 hosts, while leaving most of legacy
services for IPv4 end hosts, while leaving most of legacy IPv4 ISP IPv4 ISP networks unchanged. The deployment of this technology does
networks unchanged. The deployment of this technology does not affect not affect legacy IPv4 hosts with global IPv4 addresses at all. It is
legacy IPv4 hosts with global IPv4 addresses at all. It is suitable suitable for the initial stage of IPv4 to IPv6 migration. It also
for the initial stage of IPv4/IPv6 migration. It also supports supports transition towards dual-stack or IPv6-only ISP networks.
transition towards dual-stack or IPv6-only ISP networks.
A smooth transition mechanism is also described in this document. It A smooth transition mechanism is also described in this document. It
introduces an integrated configurable CGN device and an adaptive HG introduces an integrated configurable CGN device and an adaptive HG
device. Both CGN and HG are re-usable devices during different device. Both CGN and HG are re-usable devices during different
transition periods. It avoid potential multiple upgrade. It enables transition periods. It avoid potential multiple upgrade. It enables
IPv6 migration to be incrementally achieved according to the real IPv6 migration to be incrementally achieved according to the real
user requirements. So ISPs have NOT to make a big transition user requirements.
decision.
2. An Incremental CGN Approach 2. An Incremental CGN Approach
Most ISP networks are still IPv4. Network providers are starting to Most consumers remain primarily IPv4. Network providers are starting
provide IPv6 access services for end users. However, at the initial to provide IPv6 access services for end users. At the initial stage
stage of IPv4/IPv6 migration, IPv4 connectivity and traffic would be of IPv4 to IPv6 migration, IPv4 connectivity and traffic would
the majority for most ISP networks. ISPs would like to minimize the continue to represent the majority of traffic for most ISP networks.
changes on their IPv4 networks. Switching the whole ISP network into ISPs would like to minimize the changes to their IPv4 networks.
IPv6-only would be considered as a radical strategy. Switching the Switching the whole ISP network into IPv6-only would be considered as
whole ISP network to dual stack is less radical, but introduces a radical strategy. Switching the whole ISP network to dual stack is
operational costs and complications. Although some ISPs have less radical, but introduces operational costs and complications.
successfully deployed dual stack routers, others prefer not to do Although some ISPs have successfully deployed dual stack networks,
this as their first step in IPv6. However, they currently face two others prefer not to do this as their first step in IPv6. However,
urgent pressures - to compensate for an immediate shortage of IPv4 they currently face two urgent pressures - to compensate for an
addresses by deploying some method of address sharing, and to prepare immediate shortage of IPv4 addresses by deploying some method of
actively for the deployment of IPv6 address space and services. ISPs address sharing, and to prepare actively for the use of deployment of
facing only one pressure out of two could adopt either CGN (for IPv6 address space and services. ISPs facing only one pressure out of
shortage of IPv6 addresses) or 6rd (to provide IPv6 connectivity two could adopt either CGN (for shortage of IPv6 addresses) or 6rd
services). The approach described in this draft is targeting to (to provide IPv6 connectivity services). The approach described in
addresses both of these pressures at the same time by combining v4-v4 this draft is intended to address both of these pressures at the same
CGN with v6-over-v4 tunnelling technologies. time by combining v4-v4 CGN with v6-over-v4 tunneling technologies.
2.1. Incremental CGN Approach Overview 2.1. Incremental CGN Approach Overview
The incremental CGN approach we propose is illustrated as the The incremental CGN approach we propose is illustrated as the
following figure. following figure.
+-------------+ +-------------+
|IPv6 Internet| |IPv6 Internet|
+-------------+ +-------------+
| |
skipping to change at page 5, line 23 skipping to change at page 5, line 23
+-----+ +--+ +--------------------+---+ +--------+ +-----+ +--+ +--------------------+---+ +--------+
_ _ _ _ _ _ _ _ _ _ _ | _ _ _ _ _ _ _ _ _ _ _ |
()_6_o_4_ _t_u_n_n_e_l_() +---------------------+ ()_6_o_4_ _t_u_n_n_e_l_() +---------------------+
| Existing IPv4 hosts | | Existing IPv4 hosts |
+---------------------+ +---------------------+
Figure 1: incremental CGN approach with IPv4 ISP network Figure 1: incremental CGN approach with IPv4 ISP network
DS HG = Dual-Stack Home Gateway (CPE). DS HG = Dual-Stack Home Gateway (CPE).
As showed in the above figure, the ISP has not significantly changed As shown in the above figure, the ISP has not significantly changed
its IPv4 network. This approach enables IPv4 hosts to access the IPv4 its IPv4 network. This approach enables IPv4 hosts to access the IPv4
Internet and IPv6 hosts to access the IPv6 Internet. A dual stack Internet and IPv6 hosts to access the IPv6 Internet. A dual stack
host can be treated as an IPv4 host when it uses IPv4 access service host is treated as an IPv4 host when it uses IPv4 access service and
and as an IPv6 host when it uses IPv6 access service. In order to as an IPv6 host when it uses an IPv6 access service. In order to
enable IPv4 hosts to access IPv6 Internet and IPv6 hosts to access enable IPv4 hosts to access the IPv6 Internet and IPv6 hosts to
IPv4 Internet, NAT-PT [RFC2766, RFC4966] (or its replacement) can be access IPv4 Internet, NAT-PT [RFC2766, RFC4966] (or its replacement)
integrated with CGN. The integration of such mechanisms is out of can be integrated with the CGN. The integration of such mechanisms is
scope for this document out of scope for this document
Two new types of devices need to be deployed in this approach: a Two new types of devices need to be deployed in this approach: a
dual-stack home gateway, which may follow the requirements of dual-stack home gateway, which may follow the requirements of
[I-D.ietf-v6ops-ipv6-cpe-router], and dual-stack CGN. The dual-stack [I-D.ietf-v6ops-ipv6-cpe-router], and a dual-stack CGN. The dual-
home gateway integrates IPv4 forwarding and v6-over-v4 tunnelling stack home gateway integrates IPv4 forwarding and v6-over-v4
functions. It may integrate v4-v4 NAT function, too. The dual-stack tunneling functions. It may integrate v4-v4 NAT functionality, too.
CGN integrates v6-over-v4 tunnelling and v4-v4 CGN functions. The dual-stack CGN integrates v6-over-v4 tunneling and v4-v4 CGN
functions.
2.2. Choice of tunnelling technology 2.2. Choice of tunneling technology
In principle, this model will work with any form of tunnel between In principle, this model will work with any form of tunnel between
the DS HG and the dual-stack CGN. However, tunnels that require the DS HG and the dual-stack CGN. However, tunnels that require
individual configuration are clearly undesirable because of their individual configuration are clearly undesirable because of their
operational cost. Configured tunnels based directly on [RFC4213] are operational cost. Configured tunnels based directly on [RFC4213] are
therefore not suitable. A tunnel broker according to [RFC3053] would therefore not suitable. A tunnel broker according to [RFC3053] would
also have high operational costs. also have high operational costs.
Modified 6RD [RFC5569, I-D.ietf-softwire-ipv6-6rd] technology appears Modified 6RD [RFC5569, RFC5969] technology appears suitable to
suitable to support v6-over-v4 tunnelling with low operational cost. support v6-over-v4 tunneling with low operational cost. Modified GRE
Modified GRE [RFC2784] with additional auto-configuration mechanism
is also suitable to support v6-over-v4 tunnelling. Other tunnelling
mechanisms such as 6over4 [RFC2529], 6to4 [RFC3056], the Intra-Site
Automatic Tunnel Addressing Protocol (ISATAP) [RFC5214] or Virtual
Enterprise Traversal (VET) [RFC5558] are also considered. If the ISP
has an entirely MPLS infrastructure between the HG and the dual-stack
CGN, it would also be possible to consider a 6PE [RFC4798] tunnel
directly over MPLS. This would, however, only be suitable for an
advanced HG that is unlikely to be found as a home gateway, and is
not further discussed here.
2.3. Behaviour of Dual-stack Home Gateway [RFC2784] with additional auto-configuration mechanism is also
suitable to support v6-over-v4 tunneling. Other tunneling mechanisms
such as 6over4 [RFC2529], 6to4 [RFC3056], the Intra-Site Automatic
Tunnel Addressing Protocol (ISATAP) [RFC5214] or Virtual Enterprise
Traversal (VET) [RFC5558] are also considered. If the ISP has an
entirely MPLS infrastructure between the HG and the dual-stack CGN,
it would also be possible to consider a 6PE [RFC4798] tunnel directly
over MPLS. This would, however, only be suitable for an advanced HG
that is unlikely to be found as a consumer device, and is not further
discussed here.
When a dual-stack home gateway receives a data packet from an end 2.3. Behavior of Dual-stack Home Gateway
host, it firstly checks whether the packet is IPv4 or IPv6. For IPv4
data, the HG can directly forward it to CGN if there is no v4-v4 NAT When a dual-stack home gateway receives a data packet from a host, it
running on the HG. Or the HG translates packet source address from a firstly checks whether the packet is IPv4 or IPv6. For IPv4 data, the
HG-scope private IPv4 address into a CGN-scope private IPv4 address, HG can directly forward it to CGN in the absence of v4-v4 NAT on the
then forwards it to CGN. The HG records the v4-v4 address mapping HG. Alternatively the HG translates packet source address from a HG-
information for inbound packets, just like normal NAT does. scope private IPv4 address into a CGN-scope private IPv4 address, and
then forwards it towards the CGN. The HG records the v4-v4 address
mapping information for inbound packets, just like a normal NAT
gateway does.
For IPv6 data, the HG needs to encapsulate the data into an IPv4 For IPv6 data, the HG needs to encapsulate the data into an IPv4
tunnel, which has the dual-stack CGN as the other end. Then the HG tunnel, which has the dual-stack CGN as the other end. The HG sends
sends the new IPv4 packet towards CGN. the new IPv4 packet towards CGN.
The HG records the mapping information between the tunnel and the The HG records the mapping information between the tunnel and the
source IPv6 address for inbound packets if HG uplinks to more than source IPv6 address for inbound packets if HG uplinks to more than
one CGN. Detailed considerations for the use of multiple CGNs by one one CGN. Detailed considerations for the use of multiple CGNs by one
HG are for further study. HG are for further study.
2.4. Behaviour of Dual-stack CGN 2.4. Behavior of Dual-stack CGN
When a dual-stack CGN receives a data packet from a dual-stack home When a dual-stack CGN receives a data packet from a dual-stack home
gateway, it firstly checks whether the packet is a normal IPv4 packet gateway, it firstly checks whether the packet is a normal IPv4 packet
or a v6-over-v4 tunnel packet. For a normal IPv4 packet, the CGN or a v6-over-v4 tunnel packet. For a normal IPv4 packet, the CGN
translates packet source address from a CGN-scope private IPv4 translates packet source address from a CGN-scope private IPv4
address into a public IPv4 address, and then send it to IPv4 address into a public IPv4 address, and then send it to IPv4
Internet. The CGN records the v4-v4 address mapping information for Internet. The CGN records the v4-v4 address mapping information for
inbound packets, just like normal NAT does. For a v6-over-v4 tunnel inbound packets, just like normal NAT does. For a v6-over-v4 tunnel
packet, the CGN needs to decapsulate it into the original IPv6 packet packet, the CGN needs to decapsulate it into the original IPv6 packet
and then send it to IPv6 Internet. The CGN records the mapping and then send it to IPv6 Internet. The CGN records the mapping
information between the tunnel and the source IPv6 address for information between the tunnel and the source IPv6 address for
inbound packets. inbound packets.
Depending on the deployed location of the CGN, it may use v6-over-v4 Depending on the deployed location of the CGN, it may use v6-over-v4
tunnels to connect to the IPv6 Internet. tunnels to connect to the IPv6 Internet.
2.5. Impact for existing end hosts and remaining networks 2.5. Impact for existing hosts and unchanged networks
This approach does not affect the remaining networks at all. Legacy This approach does not affect the unchanged networks at all. Legacy
IPv4 ISP networks and their IPv4 devices remain in use. The existing IPv4 ISP networks and their IPv4 devices remain in use. The existing
IPv4 hosts, shown as the right box in Figure 1, either having global IPv4 hosts, shown as the right box in Figure 1, either having global
IPv4 addresses or behind v4-v4 NAT can connect to IPv4 Internet as it IPv4 addresses or behind v4-v4 NAT can connect to IPv4 Internet as it
is now. Of course, these hosts, if they are upgraded to become dual- is now. These hosts, if they are upgraded to become dual-stack hosts,
stack hosts, can access IPv6 Internet through IPv4 ISP network by can access IPv6 Internet through the IPv4 ISP network by using IPv6-
using IPv6-over-IPv4 tunnel technologies. over-IPv4 tunnel technologies.
2.6. IPv4/IPv6 intercommunication 2.6. IPv4/IPv6 intercommunication
Although IPv6-only public services are not expected as long as there IPv6-only public services are not expected as long as there is
is an IPv4-only customer base in the world, for obvious commercial significant IPv4-only customer base in the world, for obvious
reasons. However, IPv4/IPv6 intercommunication may become issues in commercial reasons. However, IPv4/IPv6 intercommunication may become
many scenarios. issues in many scenarios.
Each ISP can provide its IPv6-only customers with a network-layer An ISP can provide its IPv6-only customers with a network-layer
translation service to satisfy this need. Such a service is not fully translation service to satisfy this need. Such a service is not fully
defined at this time, so we refer to it non-specifically as "NAT64". defined at this time, so we refer to it non-specifically as "NAT64".
Current work in the IETF is focussed on one particular proposal Current work in the IETF is focused on one particular proposal
[I-D.ietf-behave-v6v4-xlate-stateful]. The NAT64 service can be [I-D.ietf-behave-v6v4-xlate-stateful]. The NAT64 service can be
provided as a common service located at the border between the ISP provided as a common service located at the border between the ISP
and the IPv4 Internet, beyond the dual stack CGN from the customer's and the IPv4 Internet, beyond the dual stack CGN from the customer's
viewpoint. It may be integrated into CGN devices too. viewpoint. It may be integrated into CGN devices too.
[I-D.boucadair-dslite-interco-v4v6] describes a proposal to enhance [I-D.boucadair-dslite-interco-v4v6] describes a proposal to enhance a
DS-lite solution with an additional feature to ease interconnection DS-lite solution with an additional feature to ease interconnection
between IPv4 and IPv6 realms. Furthermore, home users may encounter between IPv4 and IPv6 realms. Home users may encounter the problem of
the problem of reaching legacy IPv4-only public services from IPv6- reaching legacy IPv4-only public services from IPv6-only clients.
only clients. This problem could already exist in Phase 1, but will This problem already exists in early phases, but will become more
become more serious as time goes on. serious over time.
2.7. Discussion 2.7. Discussion
For IPv4 traffic, this approach inherits all the problems of CGN For IPv4 traffic, the incremental CGN approach inherits all the
(e.g., scaling, and the difficulty of supporting well-known ports for problems of CGN address sharing techniques
inbound traffic). Application layer problems created by double NAT [I-D.ietf-intarea-shared-addressing-issues] (e.g., scaling, and the
are for further study. difficulty of supporting well-known ports for inbound traffic).
Application layer problems created by double NAT are for further
study.
If a different technology than v4-v4 NAT is chosen for IPv4 address If a different technology than v4-v4 NAT is chosen for IPv4 address
sharing, for example [I-D.ymbk-aplusp], the present approach could be sharing, for example [I-D.ymbk-aplusp], the present approach could be
suitably modified, for example replacing the v4-v4 NAT function by suitably modified, for example replacing the v4-v4 NAT function by
the A+P gateway function. the A+P gateway function.
However, for IPv6 traffic, a user behind the DS HG will see normal For IPv6 traffic, a user behind the DS HG will see normal IPv6
IPv6 service. We therefore observe that an IPv6 tunnel MTU of at service. We observe that an IPv6 tunnel MTU of at least 1500 bytes
least 1500 bytes would ensure that the mechanism does not cause would ensure that the mechanism does not cause excessive
excessive fragmentation of IPv6 traffic nor excessive IPv6 path MTU fragmentation of IPv6 traffic nor excessive IPv6 path MTU discovery
discovery interactions. interactions.
However, for IPv6 traffic, a user behind the DS HG will see normal For IPv6 traffic, a user behind the DS HG will see normal IPv6
IPv6 service. This, and the absence of NAT problems for IPv6, will service. This, and the absence of NAT problems for IPv6, will create
create an incentive for users and application service providers to an incentive for users and application service providers to prefer
prefer IPv6. IPv6.
ICMP filtering [RFC4890] function may be included as part of CGN ICMP filtering [RFC4890] function may be included as part of CGN
functions. functions.
3. Smooth transition towards IPv6 infrastructure 3. Smooth transition towards IPv6 infrastructure
This incremental CGN approach can easily be transited from NAT444 CGN The incremental CGN approach can easily be transited from NAT444 CGN
or 6rd. NAT444 CGN solves the public address shortage issues in the or 6rd. NAT444 CGN solves the public address shortage issues in the
current IPv4 infrastructure. However, it does not contribute towards current IPv4 infrastructure. However, it does not contribute towards
IPv6 at all. This incremental CGN approach can inherit NAT444 CGN IPv6 deployment at all. The incremental CGN approach can inherit
function while providing overlay IPv6 services. 6rd mechanism can NAT444 CGN function while providing overlay IPv6 services. 6rd
also transform into this incremental CGN with small modifications. mechanisms can also transform into this incremental CGN with small
One consideration is that home gateways also have to be changed modifications. One consideration is that home gateways also have to
correspondently. be changed correspondently.
This incremental CGN can also easily be transited into IPv6-enabled The incremental CGN can also easily be transited into IPv6-enabled
infrastructure, in which the ISP network is either dual-stack or infrastructure, in which the ISP network is either dual-stack or
IPv6-only. For dual-stack ISP networks, dual-stack home gateways can IPv6-only. For dual-stack ISP networks, dual-stack home gateways can
simply switch off the v6-over-v4 function and forward both IPv6 and simply switch off the v6-over-v4 function and forward both IPv6 and
IPv4 traffic directly while the dual-stack CGN only keeps its v4-v4 IPv4 traffic directly while the dual-stack CGN only keeps its v4-v4
NAT function. However, this is considered an unlikely choice, since NAT function. This approach is considered an unlikely choice, since
we expect ISPs to choose the approach described here because they we expect ISPs to choose the approach described as incremental CGN
want to avoid dual-stack deployment completely. For IPv6-only ISP here because they want to avoid or are unable to complete dual-stack
networks, the DS-Lite solution also needs dual-stack home gateway and deployment completely. For IPv6-only ISP networks, the DS-Lite
CGN devices. solution also needs dual-stack home gateway and CGN devices.
The best business model for this approach is that an integrated The best model for the incremental CGN approach is that an integrated
configurable CGN device and an adaptive HG device. The integrated CGN configurable CGN device and an adaptive HG device. The integrated CGN
hardware may be integrated multiple functions, include NAT444 CGN, hardware may integrate multiple functions, include NAT444 CGN, 6rd
6rd router, incremental CGN, DS-Lite CGN and dual-stack forwarding. router, incremental CGN, DS-Lite CGN and dual-stack forwarding. The
It could act as different device with only software configuration HG has to integrate these correspondent functions, and be able to
change while the hardware and its physical position/connectivity detect changes on the CGN side.
remains no change at all. HG has also integrated these correspondent
functions, and be able to automatically detect the change on the CGN
side.
For example, the appearance of IPv6 Route Advertisement messages or For example, the appearance of IPv6 Route Advertisement messages or
DHCPv6 messages can be used as a signal of DS-Lite CGN. Then when an DHCPv6 messages can be used as a signal the availability of DS-Lite
ISP decides to switch from incremental CGN to DS-Lite CGN, it may be CGN. When an ISP decides to switch from incremental CGN to DS-Lite
that only a configuration change or a minor software update is needed CGN, it may be that only a configuration change or a minor software
on the CGNs. The home gateway will then detect this change and switch update is needed on the CGNs. The home gateway can then detect this
automatically to DS-Lite mode. The only impact on the home user will change and switch automatically to DS-Lite mode. The only impact on
be to receive a different IPv6 prefix. the home user will be to receive a different IPv6 prefix.
In this smooth transition model, both CGN and HG are re-usable In the smooth transition model, both CGN and HG are re-usable devices
devices during different transition periods. It avoid potential during different transition periods. It avoids the potential multiple
multiple upgrade. It enables IPv6 migration to be incrementally upgrades. IPv6 migration may be incrementally achieved according to
achieved according to the real user requirements. ISPs have NOT to the real user requirements.
make a big transition decision.
4. Security Considerations 4. Security Considerations
Security issues associated with NAT have been documented in [RFC2663] Security issues associated with NAT have been documented in [RFC2663]
and [RFC2993]. and [RFC2993].
Further security analysis will be needed to understand double NAT Further security analysis will be needed to understand double NAT
security issues and tunnel security issues. However, since the tunnel security issues and tunnel security issues. However, since the tunnel
proposed here exists entirely within a single ISP network, between proposed here exists entirely within a single ISP network, between
the HG/CPE and the CGN, the threat model is relatively simple. the HG/CPE and the CGN, the threat model is relatively simple.
[RFC4891] describes how to protect tunnels using IPSec, but it is not [RFC4891] describes how to protect tunnels using IPSec, but it is not
clear whether this would be an important requirement. An ISP could clear whether doing so would be an important requirement. An ISP
deem its infrastructure to have sufficient security without could deem its infrastructure to provide adequate security without
additional protection of the tunnels. additional protection of the tunnels.
The dual-stack home gateway will need to provide basic security for The dual-stack home gateway will need to provide basic security
IPv6 [I-D.ietf-v6ops-cpe-simple-security]. Other aspects are functionality for IPv6 [I-D.ietf-v6ops-cpe-simple-security]. Other
described in [RFC4864]. aspects are described in [RFC4864].
5. IANA Considerations 5. IANA Considerations
This draft does not request any IANA action. This draft does not request any IANA action.
6. Acknowledgements 6. Acknowledgements
Useful comments were made by Fred Baker, Dan Wing, Fred Templin, Useful comments were made by Fred Baker, Dan Wing, Fred Templin,
Seiichi Kawamura, Remi Despres, Janos Mohacsi, Mohamed Boucadair, Seiichi Kawamura, Remi Despres, Janos Mohacsi, Mohamed Boucadair,
Shin Miyakawa and other members of the IETF V6OPS working group. Shin Miyakawa, Joel Jaeggli and other members of the IETF V6OPS
working group.
7. Change Log [RFC Editor please remove] 7. Change Log [RFC Editor please remove]
draft-jiang-incremental-cgn-00, original version, 2009-02-27 draft-jiang-incremental-cgn-00, original version, 2009-02-27
draft-jiang-v6ops-incremental-cgn-00, revised after comments at draft-jiang-v6ops-incremental-cgn-00, revised after comments at
IETF74, 2009-04-23 IETF74, 2009-04-23
draft-jiang-v6ops-incremental-cgn-01, revised after comments at v6ops draft-jiang-v6ops-incremental-cgn-01, revised after comments at v6ops
mailing list, 2009-06-30 mailing list, 2009-06-30
draft-jiang-v6ops-incremental-cgn-02, remove normative parts (to be draft-jiang-v6ops-incremental-cgn-02, remove normative parts (to be
documented in other WGs), 2009-07-06 documented in other WGs), 2009-07-06
draft-jiang-v6ops-incremental-cgn-03, revised after comments at v6ops draft-jiang-v6ops-incremental-cgn-03, revised after comments at v6ops
mailing list, 2009-09-24 mailing list, 2009-09-24
draft-ietf-v6ops-incremental-cgn-00, accepted as v6ops wg docuemtn, draft-ietf-v6ops-incremental-cgn-00, accepted as v6ops wg document,
2009-11-17 2009-11-17
draft-ietf-v6ops-incremental-cgn-01, revised after comments at v6ops draft-ietf-v6ops-incremental-cgn-01, revised after comments at v6ops
mailing list, 2010-06-21 mailing list, 2010-06-21
draft-ietf-v6ops-incremental-cgn-02, revised after comments at v6ops
WGLC, 2010-10-11
8. References 8. References
8.1. Normative References 8.1. Normative References
[RFC2529] B. Carpenter, and C. Jung, "Transmission of IPv6 over IPv4 [RFC2529] B. Carpenter, and C. Jung, "Transmission of IPv6 over IPv4
Domains without Explicit Tunnels", RFC2529, March 1999. Domains without Explicit Tunnels", RFC2529, March 1999.
[RFC2784] D. Farinacci, T. Li, S. Hanks, D. Meyer and P. Traina, [RFC2784] D. Farinacci, T. Li, S. Hanks, D. Meyer and P. Traina,
"Generic Routing Encapsulation (GRE)", RFC 2784, March "Generic Routing Encapsulation (GRE)", RFC 2784, March
2000. 2000.
[RFC5969] W. Townsley and O. Troan, "IPv6 via IPv4 Service Provider
Networks '6rd'", RFC5969, May 2010.
8.2. Informative References 8.2. Informative References
[RFC2663] P. Srisuresh and M. Holdrege, "IP Network Address [RFC2663] P. Srisuresh and M. Holdrege, "IP Network Address
Translator (NAT) Terminology and Considerations", RFC 2663, Translator (NAT) Terminology and Considerations", RFC 2663,
August 1999. August 1999.
[RFC2766] G. Tsirtsis and P. Srisuresh, "Network Address Translation [RFC2766] G. Tsirtsis and P. Srisuresh, "Network Address Translation
- Protocol Translation (NAT-PT)", RFC 2766, February 2000. - Protocol Translation (NAT-PT)", RFC 2766, February 2000.
[RFC2993] T. Hain, "Architectural Implications of NAT", RFC 2993, [RFC2993] T. Hain, "Architectural Implications of NAT", RFC 2993,
skipping to change at page 12, line 26 skipping to change at page 12, line 29
(6rd)", RFC 5569, January 2010. (6rd)", RFC 5569, January 2010.
[IPUSAGE] G. Huston, IPv4 Address Report, March 2009, [IPUSAGE] G. Huston, IPv4 Address Report, March 2009,
http://www.potaroo.net/tools/ipv4/index.html. http://www.potaroo.net/tools/ipv4/index.html.
[I-D.ietf-softwire-dual-stack-lite] [I-D.ietf-softwire-dual-stack-lite]
A. Durand, "Dual-stack lite broadband deployments post IPv4 A. Durand, "Dual-stack lite broadband deployments post IPv4
exhaustion", draft-ietf-softwire-dual-stack-lite, work in exhaustion", draft-ietf-softwire-dual-stack-lite, work in
progress. progress.
[I-D.ietf-softwire-ipv6-6rd]
W. Townsley and O. Troan, "IPv6 via IPv4 Service Provider
Networks '6rd'", draft-ietf-softwire-ipv6-6rd, work in
progress.
[I-D.ietf-v6ops-ipv6-cpe-router] [I-D.ietf-v6ops-ipv6-cpe-router]
H. Singh, W. Beebee, C. Donley, B. Stark and O. Troan, H. Singh, W. Beebee, C. Donley, B. Stark and O. Troan,
"IPv6 CPE Router Recommendations", draft-ietf-v6ops-ipv6- "IPv6 CPE Router Recommendations", draft-ietf-v6ops-ipv6-
cpe-router, work in progress. cpe-router, work in progress.
[I-D.ietf-v6ops-cpe-simple-security] [I-D.ietf-v6ops-cpe-simple-security]
J. Woodyatt, "Recommended Simple Security Capabilities in J. Woodyatt, "Recommended Simple Security Capabilities in
Customer Premises Equipment for Providing Residential IPv6 Customer Premises Equipment for Providing Residential IPv6
Internet Service", draft-ietf-v6ops-cpe-simple-security, Internet Service", draft-ietf-v6ops-cpe-simple-security,
work in progress. work in progress.
[I-D.ietf-behave-v6v4-xlate-stateful] [I-D.ietf-behave-v6v4-xlate-stateful]
M. Bagnulo, P. Matthews and I. van Beijnum, "NAT64: Network M. Bagnulo, P. Matthews and I. van Beijnum, "NAT64: Network
Address and Protocol Translation from IPv6 Clients to IPv4 Address and Protocol Translation from IPv6 Clients to IPv4
Servers", draft-ietf-behave-v6v4-xlate-stateful, work in Servers", draft-ietf-behave-v6v4-xlate-stateful, work in
progress. progress.
[I-D.ietf-intarea-shared-addressing-issues]
M. Ford, et al, "Issues with IP Address Sharing", draft-
ietf-intarea-shared-addressing-issues, work in progress.
[I-D.nishitani-cgn] [I-D.nishitani-cgn]
I. Yamagata, T. Nishitani, S. Miyahawa, A. nakagawa and H. I. Yamagata, T. Nishitani, S. Miyahawa, A. nakagawa and H.
Ashida, "Common requirements for IP address sharing Ashida, "Common requirements for IP address sharing
schemes", draft-nishitani-cgn, work in progress. schemes", draft-nishitani-cgn, work in progress.
[I-D.ymbk-aplusp] [I-D.ymbk-aplusp]
R. Bush, "The A+P Approach to the IPv4 Address Shortage", R. Bush, "The A+P Approach to the IPv4 Address Shortage",
draft-ymbk-aplusp, work in progress. draft-ymbk-aplusp, work in progress.
[I-D.boucadair-dslite-interco-v4v6] [I-D.boucadair-dslite-interco-v4v6]
 End of changes. 57 change blocks. 
192 lines changed or deleted 200 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/