draft-ietf-v6ops-ipv6-cpe-router-00.txt   draft-ietf-v6ops-ipv6-cpe-router-01.txt 
Network Working Group H. Singh Network Working Group H. Singh
Internet-Draft W. Beebee Internet-Draft W. Beebee
Intended status: BCP Cisco Systems, Inc. Intended status: Informational Cisco Systems, Inc.
Expires: September 26, 2009 March 25, 2009 Expires: February 19, 2010 August 18, 2009
IPv6 CPE Router Recommendations IPv6 CPE Router Recommendations
draft-ietf-v6ops-ipv6-cpe-router-00 draft-ietf-v6ops-ipv6-cpe-router-01
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from IETF Standards Process. Without obtaining an adequate license from
skipping to change at page 1, line 42 skipping to change at page 1, line 42
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 26, 2009. This Internet-Draft will expire on February 19, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info). publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 3, line 25 skipping to change at page 3, line 25
5.3. Acquire IPv6 Address and Other Configuration 5.3. Acquire IPv6 Address and Other Configuration
Parameters (CORE) . . . . . . . . . . . . . . . . . . . . 7 Parameters (CORE) . . . . . . . . . . . . . . . . . . . . 7
5.3.1. Numbered Model (CORE) . . . . . . . . . . . . . . . . 8 5.3.1. Numbered Model (CORE) . . . . . . . . . . . . . . . . 8
5.3.2. Unnumbered Model (MEDIUM) . . . . . . . . . . . . . . 8 5.3.2. Unnumbered Model (MEDIUM) . . . . . . . . . . . . . . 8
5.3.3. Both Models . . . . . . . . . . . . . . . . . . . . . 8 5.3.3. Both Models . . . . . . . . . . . . . . . . . . . . . 8
5.4. Details for DHCPv6 Address Acquisition (CORE) . . . . . . 8 5.4. Details for DHCPv6 Address Acquisition (CORE) . . . . . . 8
5.5. IPv6 Provisioning of Home Devices (CORE) . . . . . . . . . 9 5.5. IPv6 Provisioning of Home Devices (CORE) . . . . . . . . . 9
5.5.1. LAN Initialization before WAN Initialization . . . . . 10 5.5.1. LAN Initialization before WAN Initialization . . . . . 10
5.5.2. WAN initialization before LAN Initialization . . . . . 11 5.5.2. WAN initialization before LAN Initialization . . . . . 11
5.6. IPv6 over PPP . . . . . . . . . . . . . . . . . . . . . . 11 5.6. IPv6 over PPP . . . . . . . . . . . . . . . . . . . . . . 11
5.6.1. Softwire Support (DEV) . . . . . . . . . . . . . . . . 11
5.7. Stateful DHCPv6 Server (CORE) . . . . . . . . . . . . . . 12 5.7. Stateful DHCPv6 Server (CORE) . . . . . . . . . . . . . . 12
6. Cascading of Routers behind the CPE Router (MEDIUM) . . . . . 12 6. CPE Router Behavior in a routed network (MEDIUM) . . . . . . . 12
7. IPv6 Data Forwarding (CORE) . . . . . . . . . . . . . . . . . 12 7. IPv6 Data Forwarding (CORE) . . . . . . . . . . . . . . . . . 12
7.1. IPv6 ND Proxy Behavior (DEV) . . . . . . . . . . . . . . . 13 7.1. IPv6 ND Proxy Behavior (MEDIUM) . . . . . . . . . . . . . 13
7.2. IPv6 Multicast Behavior (CORE) . . . . . . . . . . . . . . 14 7.2. IPv6 Multicast Behavior (CORE) . . . . . . . . . . . . . . 14
8. Other IPv6 Features . . . . . . . . . . . . . . . . . . . . . 14 8. Other IPv6 Features . . . . . . . . . . . . . . . . . . . . . 14
8.1. Path MTU Discovery Support (MEDIUM) . . . . . . . . . . . 14 8.1. Path MTU Discovery Support (MEDIUM) . . . . . . . . . . . 14
8.2. Optional RIPng Support (CORE) . . . . . . . . . . . . . . 15 8.2. Optional RIPng Support (CORE) . . . . . . . . . . . . . . 15
8.3. Firewall (DEV) . . . . . . . . . . . . . . . . . . . . . . 15 8.3. Automated Tunneling (MEDIUM) . . . . . . . . . . . . . . . 15
8.3.1. Packet Filters (DEV) . . . . . . . . . . . . . . . . . 15 8.4. DNS Support (CORE) . . . . . . . . . . . . . . . . . . . . 16
8.4. Zero Configuration Support (MEDIUM) . . . . . . . . . . . 15 8.5. Quality Of Service(QoS) . . . . . . . . . . . . . . . . . 16
8.5. 6to4 Automated Tunneling (MEDIUM)/Dual-Stack Lite 9. IPv4 Support (CORE) . . . . . . . . . . . . . . . . . . . . . 16
(DEV)/ISATAP (MEDIUM) . . . . . . . . . . . . . . . . . . 16 10. DEVICE Constants . . . . . . . . . . . . . . . . . . . . . . . 16
8.6. DNS Support (DEV) . . . . . . . . . . . . . . . . . . . . 16 11. Future Work . . . . . . . . . . . . . . . . . . . . . . . . . 17
8.7. Quality Of Service(QoS) . . . . . . . . . . . . . . . . . 17 12. Security Considerations . . . . . . . . . . . . . . . . . . . 17
9. IPv4 Support (CORE) . . . . . . . . . . . . . . . . . . . . . 17 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
10. DEVICE Constants . . . . . . . . . . . . . . . . . . . . . . . 18 14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 17
11. Future Work . . . . . . . . . . . . . . . . . . . . . . . . . 18 15. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17
12. Security Considerations . . . . . . . . . . . . . . . . . . . 18 15.1. Normative References . . . . . . . . . . . . . . . . . . . 17
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 15.2. Informative References . . . . . . . . . . . . . . . . . . 17
14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20
15. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
15.1. Normative References . . . . . . . . . . . . . . . . . . . 18
15.2. Informative References . . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21
1. Introduction 1. Introduction
This document defines IPv6 features for a residential or small office This document defines IPv6 features for a residential or small office
router referred to as a CPE Router. Typically, CPE Router devices router referred to as a CPE Router. Typically, CPE Router devices
support IPv4, as discussed in the "IPv4 Support" section. Also, this support IPv4, as discussed in the "IPv4 Support" section. Also, this
document does not go into configuration details for the CPE Router. document does not go into configuration details for the CPE Router.
A CPE Router is an IPv6 Node and, therefore, MUST follow IPv6 Node A CPE Router is an IPv6 Node and, therefore, MUST follow IPv6 Node
Requirements draft-ietf-6man-node-req-bis-01 Requirements draft-ietf-6man-node-req-bis-01
[I-D.ietf-6man-node-req-bis]. [I-D.ietf-6man-node-req-bis].
The document discusses IPv6 implications for the attached Service The document discusses IPv6 implications for the attached Service
Provider network. The document notes that the CPE Router may be Provider network. The document notes that the CPE Router may be
deployed in home in one of two ways. Either the Service Provider or deployed in home in one of two ways. Either the Service Provider or
the home user may manage this device. When the CPE Router is managed the home user may manage this device. When the CPE Router is managed
by the Service Provider, the router may need additional management by the Service Provider, the router may need additional management
and routing properties like a new MIB definition and routing and routing properties like a new MIB definition and routing
protocols communicating between the CPE Router and the Service protocols communicating between the CPE Router and the Service
Provider network. The CPE router has one or more WAN interface(s) to Provider network. The CPE router has one or more WAN interface(s) to
connect to the Service Provider and zero or more LAN interfaces to connect to the Service Provider and zero or more LAN interfaces to
the home network devices. The WAN interface is preferred to be the home network devices. In the case of zero LAN interfaces, any
Ethernet encapsulated but it may support other encapsulations such as LAN-applicable initialization and behavior is skipped. The WAN
PPP. interface is preferred to be Ethernet encapsulated but it may support
other encapsulations such as PPP.
Technologies are labelled as: CORE (widely deployed in the field, Technologies are labeled as: CORE (widely deployed in the field, many
many years of operational experience, one or more standards-track years of operational experience, one or more standards-track RFC's
RFC's exist), MEDIUM (standards-track RFC exists, but is a recent exist), MEDIUM (standards-track RFC exists, but is a recent
development and/or has limited deployments, or still has known development and/or has limited deployments. Technologies under
unresolved problems), under DEVelopment (no standards-track RFC DEVelopment (no standards-track RFC exists and/or has not yet been
exists and/or has not yet been deployed). deployed) have been moved to a bis(updates) version of this document.
2. Terminology and Abbreviations 2. Terminology and Abbreviations
Host - this is a personal computer or any other network device in Host - this is a personal computer or any other network device in
a home that connects to the Internet via the CPE Router. a home that connects to the Internet via the CPE Router. A more
formal definition of a host exists in the Terminology section of
[RFC2460].
LAN interface(s) - an optional set of network interfaces on the LAN interface(s) - an optional set of network interfaces on the
CPE Router that are used to connect hosts in the home. This set CPE Router that are used to connect hosts in the home. This set
of ports could be switched, bridged, or routed. If no LAN of ports could be switched, bridged, or routed. If no LAN
interface is present, then there is no need for the CPE router to interface is present, then there is no need for the CPE router to
provide LAN side services such as DHCPv6 PD or ULA's. provide LAN side services such as DHCPv6 PD or ULA's.
WLAN interface - an optional wireless access point interface on WLAN interface - an optional wireless access point interface on
the CPE Router used to connect wireless hosts in the home in the CPE Router used to connect wireless hosts in the home in
either managed or ad-hoc modes. either managed or ad-hoc modes.
skipping to change at page 5, line 19 skipping to change at page 5, line 22
with more than one WAN interface will need a more complicated with more than one WAN interface will need a more complicated
provisioning and multicast model than is described in this provisioning and multicast model than is described in this
document. document.
GRE tunnel - Generic Routing Encapsulation tunnel. GRE tunnel - Generic Routing Encapsulation tunnel.
SLAAC - StateLess Address Auto Configuration. SLAAC - StateLess Address Auto Configuration.
IPTV - Internet Protocol TeleVision. IPTV - Internet Protocol TeleVision.
mDNS - Multicast Domain Name System - see http://www.zeroconf.org.
3. Operational Behavior 3. Operational Behavior
The CPE Router is a gateway to the Internet for a home. The router The CPE Router is a gateway to the Internet for a home. The router
is also intended to provide home networking functionality. The CPE is also intended to provide home networking functionality. The CPE
Router may have a console or web interface for configuration. This Router may have a console or web interface for configuration. This
document defines the core set of features that are supported by the document defines the core set of features that are supported by the
CPE Router, however individual implementations may include value- CPE Router, however individual implementations may include value-
added features such as WLAN capability. added features such as WLAN capability.
The core set of IPv6 features for the CPE Router includes The core set of IPv6 features for the CPE Router includes
provisioning the CPE Router for IPv6, IPv6 data forwarding including provisioning the CPE Router for IPv6, IPv6 data forwarding including
IPv6 multicast, CPE Router provisioning hosts on its LAN IPv6 multicast, CPE Router provisioning hosts on its LAN
interface(s), firewall, and QoS behavior. An IPv6 firewall is interface(s), firewall, and QoS behavior.
discussed briefly in the Firewall section where the section refers
the draft-ietf-v6ops-cpe-simple-security
[I-D.ietf-v6ops-cpe-simple-security] for more details.
3.1. Conceptual Configuration Variables 3.1. Conceptual Configuration Variables
The CPE Router maintains such a list of conceptual optional The CPE Router maintains such a list of conceptual optional
configuration variables. configuration variables.
1. Loopback interface enable. 1. Loopback interface enable.
2. PPPOE enable. 2. PPPOE enable.
3. Softwire enable. 3. RIPng enable.
4. RIPng enable.
5. If DHCPv6 fails, the CPE Router may initiate PPPOE, L2TPv2 4. If DHCPv6 fails, the CPE Router may initiate PPPOE, L2TPv2
Softwire tunnel, or 6to4 [RFC3056] operation. tunnel, and 6rd draft-townsley-ipv6-6rd [I-D.townsley-ipv6-6rd]
operation. If 6rd is attempted and fails, then 6to4 [RFC3056]
operation is attempted.
4. Router Initialization 4. Router Initialization
Before the CPE Router is initialized, the device must have IPv6 Before the CPE Router is initialized, the device must have IPv6
enabled. The CPE Router SHOULD support the ability to disable its enabled. The CPE Router SHOULD support the ability to disable its
IPv6 stack. The CPE Router also has the ability to block or forward IPv6 stack. The CPE Router also has the ability to block or forward
IPv6 traffic to and from the router's LAN interface(s). [RFC2669] IPv6 traffic to and from the router's LAN interface(s). [RFC2669]
includes a MIB definition to block the IPv4 or IPv6 Ethertype in the includes a MIB definition to block the IPv4 or IPv6 Ethertype in the
upstream or downstream interface(s) of a device such as the CPE upstream or downstream interface(s) of a device such as the CPE
Router. Some portion of this MIB may need to be modified for use Router. Some portion of this MIB may need to be modified for use
skipping to change at page 6, line 32 skipping to change at page 6, line 29
in the Basic IPv6 Provisioning section. in the Basic IPv6 Provisioning section.
5. Basic IPv6 Provisioning 5. Basic IPv6 Provisioning
The CPE Router MUST support at least one of two WAN interface models, The CPE Router MUST support at least one of two WAN interface models,
one of which will be active on the CPE Router at any given time. In one of which will be active on the CPE Router at any given time. In
the Numbered model, the WAN interface acquires a global unicast the Numbered model, the WAN interface acquires a global unicast
address (GUA) using a combination of SLAAC and stateful DHCPv6 for address (GUA) using a combination of SLAAC and stateful DHCPv6 for
IA_PD (no IA_NA) or uses only stateful DHCPv6 for GUA (IA_NA) and IA_PD (no IA_NA) or uses only stateful DHCPv6 for GUA (IA_NA) and
IA_PD. IA_PD is acquired using stateful DHCPv6 as described in IA_PD. IA_PD is acquired using stateful DHCPv6 as described in
[RFC3633]. A Loopback interface (which can be used as a stable [RFC3633]. Assigning a stable global unicast address to a loopback
peering point for routing protocols or to respond to the anycast interface (which can be used as a stable peering point for routing
address) is optional. If stateful DHCPv6 is not used to obtain other protocols or to respond to the anycast address) is optional. If
IPv6 configuration, then stateless DHCPv6 [RFC3736] must be initiated stateful DHCPv6 is not used to obtain other IPv6 configuration, then
by the WAN interface to obtain other IPv6 configuration. Further, in stateless DHCPv6 [RFC3736] must be initiated by the WAN interface to
the numbered model, we recommend the CPE Router WAN interface acquire obtain other IPv6 configuration. Further, in the numbered model, we
its global IPv6 address using stateful DHCPv6 for administrative recommend the CPE Router WAN interface acquire its global IPv6
control of the router. Manual configuration may be supported by the address using stateful DHCPv6 for administrative control of the
CPE router for IPv6 address configuration of the WAN interface. router. Manual configuration may be supported by the CPE router for
However, manual configuration is beyond the scope of this document. IPv6 address configuration of the WAN interface. However, manual
configuration is beyond the scope of this document.
In the Unnumbered model, the WAN interface only constructs a LLA, In the Unnumbered model, the WAN interface only constructs a Link-
then the WAN interface initiates stateful DHCPv6 for IA_PD. The Local Address, then the WAN interface initiates stateful DHCPv6 for
IA_PD is sub-delegated to the LAN interface(s) and an optional IA_PD. The IA_PD is sub-delegated to the LAN interface(s) and an
Loopback interface (or the addresses for the LAN/Loopback interfaces optional Loopback interface (or the addresses for the LAN/Loopback
could come from IA_NAs). Either the Loopback or the LAN interface interfaces could come from IA_NAs). Either the Loopback or the LAN
can be used to source WAN-facing traffic. Other IPv6 configuration interface can be used to source WAN-facing traffic. Other IPv6
information is obtained using stateless DHCPv6. configuration information is obtained using stateless DHCPv6.
The CPE Router acquires its IPv6 addresses from the Service Provider The CPE Router acquires its IPv6 addresses from the Service Provider
along with any other IPv6 configuration any time the WAN interface is along with any other IPv6 configuration any time the WAN interface is
connected to the Service Provider network. Thereafter the CPE Router connected to the Service Provider network. Thereafter the CPE Router
provisions its LAN interface(s) for IPv6 router functionality provisions its LAN interface(s) for IPv6 router functionality
including provisioning global IPv6 addresses on the LAN interface(s). including provisioning global IPv6 addresses on the LAN interface(s).
Even if LAN interface(s) have been operational and provisioned Even if LAN interface(s) have been operational and provisioned
earlier, the global IPv6 configuration of LAN interface(s) is still earlier, the global IPv6 configuration of LAN interface(s) is still
required. More details for provisioning the CPE Router are given in required. More details for provisioning the CPE Router are given in
the following sections. the following sections.
skipping to change at page 8, line 13 skipping to change at page 8, line 13
[I-D.ietf-6man-ipv6-subnet-model]. [I-D.ietf-6man-ipv6-subnet-model].
5.3.1. Numbered Model (CORE) 5.3.1. Numbered Model (CORE)
As instructed by the RA message, the WAN interface acquires global As instructed by the RA message, the WAN interface acquires global
IPv6 address using stateful DHCPv6 or SLAAC. IPv6 address using stateful DHCPv6 or SLAAC.
5.3.2. Unnumbered Model (MEDIUM) 5.3.2. Unnumbered Model (MEDIUM)
When the CPE router is configured for Unnumbered model, the WAN When the CPE router is configured for Unnumbered model, the WAN
interface only constructs a LLA, then the WAN interface initiates interface only constructs a Link-Local-Address, then the WAN
stateful DHCPv6 for IA_PD. Then the IA_PD is sub-delegated to the interface initiates stateful DHCPv6 for IA_PD. Then the IA_PD is
LAN interface(s) and an optional Loopback interface (or the addresses sub-delegated to the LAN interface(s) and an optional Loopback
for the LAN/Loopback interfaces could come from IA_NAs). Either the interface (or the addresses for the LAN/Loopback interfaces could
Loopback or the LAN interface can be used to source WAN-facing come from IA_NAs). Either the Loopback or the LAN interface can be
traffic. When the Loopback or the LAN interface is used to source used to source WAN-facing traffic. When the Loopback or the LAN
WAN-facing traffic, both the CPE Router and the Service Provider interface is used to source WAN-facing traffic, both the CPE Router
Router must consider the traffic to be off-link to the link and the Service Provider Router must consider the traffic to be off-
connecting the CPE Router with the Service Provider Router. Other link to the link connecting the CPE Router with the Service Provider
IPv6 configuration information is obtained using stateless DHCPv6. A Router. Other IPv6 configuration information is obtained using
CPE Router acts as a host for packets originating from or destined stateless DHCPv6. A CPE Router acts as a host for packets
for the CPE Router. Such packets may include SNMP or web-based originating from or destined for the CPE Router. Such packets may
router configuration, tunnel encapsulation/decapsulation, or PPP include SNMP or web-based router configuration, tunnel encapsulation/
endpoint packets. The Unnumbered model is incompatible with the decapsulation, or PPP endpoint packets. The Unnumbered model is
strong host model [RFC1122] on the CPE router (such as a personal incompatible with the strong host model [RFC1122] on the CPE router
computer running PPP and routing code). The unnumbered model may be (such as a personal computer running PPP and routing code). The
inappropriate for use with certain deployments where a device that unnumbered model may be inappropriate for use with certain
uses the strong host model can operate as a CPE Router. deployments where a device that uses the strong host model can
operate as a CPE Router.
5.3.3. Both Models 5.3.3. Both Models
At any instance in time of the CPE Router operation, the router does At any instance in time of the CPE Router operation, the router does
not forward any traffic between its WAN and LAN interface(s) if the not forward any traffic between its WAN and LAN interface(s) if the
router has not completed IPv6 provisioning process that involves the router has not completed IPv6 provisioning process that involves the
acquisition of a global IPv6 address by the WAN or if the WAN is acquisition of a global IPv6 address by the WAN or if the WAN is
unnumbered and there is no GUA available to source WAN packets. The unnumbered and there is no GUA available to source WAN packets. The
LAN interface(s) must also be provisioned for a global or Unique LAN interface(s) must also be provisioned for a global or Unique
Local Address. Local Address.
skipping to change at page 9, line 19 skipping to change at page 9, line 20
the response message (e.g. ADVERTISE or REPLY) received does not the response message (e.g. ADVERTISE or REPLY) received does not
include an IA_PD option (if stateful DHCPv6 was initiated), or include an IA_PD option (if stateful DHCPv6 was initiated), or
Reconfigure Accept option, then the CPE Router has failed DHCPv6 Reconfigure Accept option, then the CPE Router has failed DHCPv6
address acquisition. If stateful DHCPv6 succeeds, the CPE Router address acquisition. If stateful DHCPv6 succeeds, the CPE Router
must perform DAD for any IPv6 address acquired from DHCPv6. If the must perform DAD for any IPv6 address acquired from DHCPv6. If the
CPE Router detects a duplicate, the CPE Router must send a DHCPv6 CPE Router detects a duplicate, the CPE Router must send a DHCPv6
Decline message to the DHCPv6 server. Decline message to the DHCPv6 server.
The CPE Router may support the Reconfigure Key Authentication The CPE Router may support the Reconfigure Key Authentication
Protocol, as described in section 21.5 of [RFC3315]. The CPE Router Protocol, as described in section 21.5 of [RFC3315]. The CPE Router
may also support prefix sub-delegation. Prefix sub-delegation may also support prefix sub-delegation as described in
draft-baker-ipv6-prefix-subdelegation
[I-D.baker-ipv6-prefix-subdelegation]. Prefix sub-delegation
involves DHCPv6 server support with IA_PD on the CPE router and the involves DHCPv6 server support with IA_PD on the CPE router and the
ability to provision the server from a DHCPv6 REPLY with IA_PD option ability to provision the server from a DHCPv6 REPLY with IA_PD option
received on the WAN interface. received on the WAN interface.
5.5. IPv6 Provisioning of Home Devices (CORE) 5.5. IPv6 Provisioning of Home Devices (CORE)
The CPE Router may include a stateful DHCPv6 server to assign The CPE Router may include a stateful DHCPv6 server to assign
addresses to home devices connected via the LAN interface(s) of the addresses to home devices connected via the LAN interface(s) of the
CPE Router. The home devices can also acquire addresses via SLAAC. CPE Router. The home devices can also acquire addresses via SLAAC.
skipping to change at page 10, line 11 skipping to change at page 10, line 13
Router obtained the Domain Name Server(s) in OPTION_DNS_SERVERS Router obtained the Domain Name Server(s) in OPTION_DNS_SERVERS
option from the DHCPv6 server when the CPE Router WAN interface option from the DHCPv6 server when the CPE Router WAN interface
completed DHCPv6. completed DHCPv6.
5.5.1. LAN Initialization before WAN Initialization 5.5.1. LAN Initialization before WAN Initialization
On power up, the LAN interface(s) of the CPE Router may become On power up, the LAN interface(s) of the CPE Router may become
operational before the WAN interface. This mode is appropriate for operational before the WAN interface. This mode is appropriate for
manual user configuration of the CPE Router. After any LAN interface manual user configuration of the CPE Router. After any LAN interface
has constructed a link-local address, the address can be used for has constructed a link-local address, the address can be used for
user configuration via the network. The interface can assign itself user configuration via the network. The interface MAY assign itself
a Unique Local Address automatically through the pseudo-random number a Unique Local Address automatically through the pseudo-random number
generation algorithm described in [RFC4193]. Note that the ULA must generation algorithm described in [RFC4193]. Once the IPv6 address
have a larger subnet than a /64 if multiple routers are cascaded configuration of the LAN interface(s) is complete with a ULA, as per
behind the CPE router and prefix sub-delegation is used (see the [RFC4862], the CPE Router sends Router Advertisements (RA) to devices
Cascading of Routers behind the CPE Router section below). Once the in the home. Hosts receiving the RA from LAN interface(s) will
IPv6 address configuration of the LAN interface(s) is complete with a process the RA and perform IPv6 address acquisition. After all the
ULA, as per [RFC4862], the CPE Router sends Router Advertisements LAN interface(s) have become operational, if the WAN interface is
(RA) to devices in the home. Hosts receiving the RA from LAN connected to the Service Provider network, then the WAN interface
interface(s) will process the RA and perform IPv6 address provisions itself and may acquire an IA_PD. If an IA_PD is acquired,
acquisition. After all the LAN interface(s) have become operational, it may be sub-delegated to any cascaded routers or used for SLAAC
if the WAN interface is connected to the Service Provider network, provisioning of hosts in the home. Based on the IA_PD, the CPE
then the WAN interface provisions itself and may acquire an IA_PD. Router configures global address(es) on the LAN interface(s) and
If an IA_PD is acquired, it may be sub-delegated to any cascaded sends an RA containing the global address and unique local prefixes
routers or used for SLAAC provisioning of hosts in the home. Based out the LAN interface(s) . After this process, every LAN interface
on the IA_PD, the CPE Router configures global address(es) on the LAN has a link-local unicast address, a ULA, and a GUA. Therefore, the
interface(s) and sends an RA containing the global address and unique interface has to apply source address selection to determine which
local prefixes out the LAN interface(s). After this process, every address to use as a source for outgoing packets. Since the GUA and
LAN interface has a link-local unicast address, a ULA, and a GUA. ULA have a larger scope than the link-local address (rule #2 of
Therefore, the interface has to apply source address selection to [RFC3484]), the GUA or ULA will be used as a source address of
determine which address to use as a source for outgoing packets. outgoing packets that are not subject to rule #1. For source address
Since the GUA has a larger scope than the link-local address, or the selection between a GUA and ULA, rule #8 of [RFC3484] will be
ULA (rule #2 of [RFC3484]), the GUA will be used as a source address used. If a user desires to keep CPE Router configuration traffic
of outgoing packets that are not subject to rule #1. If a user local to the home network, the user can do the following:
desires to keep CPE Router configuration traffic local to the home
network, the user can do the following:
Use the ULA of the CPE Router as the destination of the Use the ULA of the CPE Router as the destination of the
configuration traffic. configuration traffic.
Use access control lists (ACL)s to block any ULA sourced packet Use access control lists (ACL)s to block any ULA sourced packet
from being sent out the WAN interface. from being sent out the WAN interface.
Rule #1 of [RFC3484] and the ACLs ensure that the traffic does not Rule #1 of [RFC3484] and the ACLs ensure that the traffic does not
escape the home network. escape the home network.
After the WAN interface initializes, then the LAN interface(s) can After the WAN interface initializes, then the LAN interface(s) can
acquire global unicast addresses. acquire global unicast addresses.
If the residential/SOHO network has multiple LANs, the CPE Router
MUST calculate and distribute a ULA with different subnets on the
different LANs, and the ULA MUST be saved in non-volatile memory in
order to make it consistent across reboots. The ULA provides for
intra-site connectivity when global addresses are unavailable such as
during an uplink outage. It is RECOMMENDED that the ULA on each LAN
be displayed in a user interface and be configurable. The CPE Router
MAY calculate a ULA when the network consists of one LAN, perhaps
under configuration control, although Link Local addresses may
suffice in the case.
5.5.2. WAN initialization before LAN Initialization 5.5.2. WAN initialization before LAN Initialization
On power up, the WAN interface of the CPE Router may become On power up, the WAN interface of the CPE Router may become
operational before the LAN interface(s). This mode is appropriate operational before the LAN interface(s). This mode is appropriate
for Service Provider configuration of the CPE Router (such as a Cable for Service Provider configuration of the CPE Router (such as a Cable
DOCSIS eRouter). After the IPv6 address configuration for WAN DOCSIS eRouter). After the IPv6 address configuration for WAN
interface is completed, the CPE Router configures IPv6 address for interface is completed, the CPE Router configures IPv6 address for
LAN interface(s). LAN interface(s).
Once IPv6 address configuration of the LAN interface(s) is complete, Once IPv6 address configuration of the LAN interface(s) is complete,
as per [RFC4862], the CPE Router sends Router Advertisements (RA) to as per [RFC4862], the CPE Router sends Router Advertisements (RA) to
devices in the home. Hosts receiving the RA from LAN interface(s) devices in the home. Hosts receiving the RA from LAN interface(s)
will process the RA and perform IPv6 address acquisition. will process the RA and perform IPv6 address acquisition.
5.6. IPv6 over PPP 5.6. IPv6 over PPP
In some deployments IPv6 over PPP is preferred to connect the home to In some deployments IPv6 over PPP is preferred to connect the home to
the Service Provider. For such a deployment, another configuration the Service Provider. For such a deployment, another configuration
variable on the CPE Router enables optional IPv6 over PPP support. variable on the CPE Router enables optional IPv6 over PPP support.
After IPv6CP negotiates IPv6 over PPP and the WAN interface has After IPv6CP negotiates IPv6 over PPP and the WAN interface has
constructed a LLA, steps mentioned in the "Acquire IPv6 Address and constructed a Link-Local Address, steps mentioned in the "Acquire
Other Configuration Parameters" section above are followed to acquire IPv6 Address and Other Configuration Parameters" section above are
a GUA for WAN interface and also an IA_PD. If an IA_PD is acquired followed to acquire a GUA for WAN interface and also an IA_PD. If an
by the WAN interface, the CPE Router assigns global address(es) to IA_PD is acquired by the WAN interface, the CPE Router assigns global
its LAN interface(s) and sub-delegates the IA_PD to hosts connected address(es) to its LAN interface(s) and sub-delegates the IA_PD to
to the LAN interface(s). IPv6 over PPP follows [RFC5072]. As per hosts connected to the LAN interface(s) . IPv6 over PPP follows
[RFC5072], the CPE router does not initiate any DAD for unicast IPv6 [RFC5072]. As per [RFC5072], the CPE router does not initiate any
addresses since DupAddrDetectTransmits variable from [RFC4862] is DAD for unicast IPv6 addresses since DupAddrDetectTransmits variable
zero for IPv6 over PPP. from [RFC4862] is zero for IPv6 over PPP.
If the Service Provider deployment supports dual-stack PPP support, If the Service Provider deployment supports dual-stack PPP support,
then the CPE Router WAN interface may initiate one PPP logical then the CPE Router WAN interface may initiate one PPP logical
channel and support NCP IPv4 and IPv6 control protocols over one PPP channel and support NCP IPv4 and IPv6 control protocols over one PPP
logical channel. [RFC4241] describes such behavior. The IPv4 and logical channel. [RFC4241] describes such behavior. The IPv4 and
IPv6 NCP's are independent of each other and start and terminate IPv6 NCP's are independent of each other and start and terminate
independently. independently.
5.6.1. Softwire Support (DEV)
If the CPE Router is deployed in a deployment where the home includes
IPv6 hosts but the Service Provider network does not support IPv6, an
optional softwire feature may be enabled on the CPE Router. The
softwire draft-ietf-softwire-hs-framework-l2tpv2
[I-D.ietf-softwire-hs-framework-l2tpv2] initiates L2TPv2 tunnel from
the CPE Router to tunnel IPv6 data from the home over an IPv4
network. The feature is enabled before any IPv6 host in the home is
connected to the CPE Router or the WAN interface of the CPE Router is
operational. If the CPE Router supports the Softwire feature, then
the CPE Router must support the deployment scenario of Router CPE as
Softwire Initiator described in section 3.1.2 of
draft-ietf-softwire-hs-framework-l2tpv2
[I-D.ietf-softwire-hs-framework-l2tpv2]. IPV6CP negotiates IPv6 over
PPP which also provides the capability for the Service Provider to
assign the 64-bit Interface-Identifier to the WAN interface of the
CPE Router. After the WAN interface has acquired an IA_PD option,
global addresses from the IA_PD are assigned to the LAN interface(s)
and the IA_PD is also sub-delegated to clients connected to the LAN
interface(s).
5.7. Stateful DHCPv6 Server (CORE) 5.7. Stateful DHCPv6 Server (CORE)
The CPE Router may support a stateful DHCPv6 server to serve clients The CPE Router may support a stateful DHCPv6 server to serve clients
on the CPE Router LAN interface(s). If the CPE Router needs to on the CPE Router LAN interface(s). If the CPE Router needs to
support a stateful DHCPv6 server, then more details will be added to support a stateful DHCPv6 server, then more details will be added to
this section specifying the minimal functionality that the stateful this section specifying the minimal functionality that the stateful
DHCPv6 server needs to support. DHCPv6 server needs to support.
6. Cascading of Routers behind the CPE Router (MEDIUM) 6. CPE Router Behavior in a routed network (MEDIUM)
To support cascading routers behind the CPE Router this document One example of the CPE Router use in the home is shown below. The
recommends using prefix sub-delegation of the prefix obtained either home has a broadband modem combined with a CPE Router, all in one
via IA_PD from WAN interface or a ULA from the LAN interface. The device. The LAN interface of the device is connected to another
network interface of the downstream router may obtain an IA_PD either standalone CPE Router that supports a wireless access point. To
via stateful DHCPv6 or stateless DHCPv6. If the CPE router supports support such a network, this document recommends using prefix sub-
cascading of routers through automatic prefix sub-delegation, the CPE delegation of the prefix obtained either via IA_PD from WAN interface
router MUST support a DHCPv6 server or DHCPv6 relay agent. If an or a ULA from the LAN interface . The network interface of the
IA_PD is used, the Service Provider or user MUST allocate an IA_PD or downstream router may obtain an IA_PD via stateful DHCPv6. If the
ULA prefix short enough to be sub-delegated and subsequently used for CPE router supports the routed network through automatic prefix sub-
SLAAC. Therefore, a prefix length shorter than /64 is needed. The delegation, the CPE router MUST support a DHCPv6 server or DHCPv6
CPE Router MAY support RIPng in the home network. relay agent. Further, if an IA_PD is used, the Service Provider or
user MUST allocate an IA_PD or ULA prefix short enough to be sub-
delegated and subsequently used for SLAAC. Therefore, a prefix
length shorter than /64 is needed. The CPE Router MAY support RIPng
in the home network.
/-------+------------\ /------------+-----\
SP <--+ Modem | CPE Router +--+ CPE Router | WAP + --> PC
\-------+------------/ \------------+-----/
WAP = Wireless Access Point
Figure 1.
7. IPv6 Data Forwarding (CORE) 7. IPv6 Data Forwarding (CORE)
Each of the WAN and LAN interface(s) of the CPE Router must have its Each of the WAN and LAN interface(s) of the CPE Router must have its
own L2 (e.g. MAC) address. The CPE Router supports ND protocol on own L2 (e.g. MAC) address. The CPE Router supports ND protocol on
both the WAN interface and LAN interface(s) to advertise itself as a both the WAN interface and LAN interface(s) and sends Router
router to neighbors in the Service Provider and home networks. Solicitations (RS) on the WAN interface and sends Router
Advertisement(s) (RA) on the LAN interface(s).
The CPE Router forwards packets between the Service Provider and the The CPE Router forwards packets between the Service Provider and the
home network. To do this, the CPE Router looks up the destination home network. To do this, the CPE Router looks up the destination
address of the packet in the routing table and decide which route to address of the packet in the routing table and decide which route to
use to forward the packet. The CPE Router routing table will be use to forward the packet. The CPE Router routing table will be
initialized during CPE Router initialization. The routing table is initialized during CPE Router initialization. The routing table is
filled by directly connected, static, and routing protocol routes. filled by directly connected, static, and routing protocol routes.
The CPE Router consumes any packet destined to its WAN or LAN The CPE Router consumes any packet destined to its WAN or LAN
interface. The CPE Router forwards other packets destined to hosts interface. The CPE Router forwards other packets destined to hosts
skipping to change at page 13, line 26 skipping to change at page 13, line 33
for any packet it forwards. The packet is discarded if Hop Limit is for any packet it forwards. The packet is discarded if Hop Limit is
decremented to zero and the CPE Router also sends an ICMP Time decremented to zero and the CPE Router also sends an ICMP Time
Exceeded message to the source of the packet. Exceeded message to the source of the packet.
A null route SHOULD be added to the routing table (to prevent routing A null route SHOULD be added to the routing table (to prevent routing
loops) that is lower priority than any route except the default loops) that is lower priority than any route except the default
route. The choice to drop the packet or send an ICMPv6 Destination route. The choice to drop the packet or send an ICMPv6 Destination
Unreachable to the source address of the packet is implementation- Unreachable to the source address of the packet is implementation-
dependent. The installation of this null route MAY be automatic. dependent. The installation of this null route MAY be automatic.
7.1. IPv6 ND Proxy Behavior (DEV) 7.1. IPv6 ND Proxy Behavior (MEDIUM)
If the CPE Router has only one /64 prefix to be used across multiple If the CPE Router has only one /64 prefix to be used across multiple
LAN interfaces and the CPE Router supports any two LAN interfaces LAN interfaces and the CPE Router supports any two LAN interfaces
that cannot bridge data between them because the two interfaces have that cannot bridge data between them because the two interfaces have
disparate MAC layer, then the CPE Router MUST support ND Proxy disparate MAC layers, then the CPE Router MUST support ND Proxy
[RFC4389]. If any two LAN interfaces support bridging between the [RFC4389]. If any two LAN interfaces support bridging between the
interfaces, then ND Proxy is not necessary between the two interfaces, then ND Proxy is not necessary between the two
interfaces. Legacy 3GPP networks have the following requirements: interfaces. Legacy 3GPP networks have the following requirements:
1. No DHCPv6 prefix is delegated to the CPE Router. 1. No DHCPv6 prefix is delegated to the CPE Router.
2. Only one /64 is available on the WAN link. 2. Only one /64 is available on the WAN link.
3. The link types between the WAN interface and LAN interface(s) are 3. The link types between the WAN interface and LAN interface(s) are
disparate and, therefore, can't be bridged. disparate and, therefore, can't be bridged.
skipping to change at page 14, line 39 skipping to change at page 14, line 48
Multicast (PIM-SSM) [RFC3569] is recommended to handle multicast Multicast (PIM-SSM) [RFC3569] is recommended to handle multicast
traffic flowing in the upstream direction as a one-to-many multicast traffic flowing in the upstream direction as a one-to-many multicast
flow. flow.
8. Other IPv6 Features 8. Other IPv6 Features
8.1. Path MTU Discovery Support (MEDIUM) 8.1. Path MTU Discovery Support (MEDIUM)
GRE tunnels, such as IPv6 to IPv4 tunnels (which may be terminated on GRE tunnels, such as IPv6 to IPv4 tunnels (which may be terminated on
the CPE Router), can modify the default Ethernet MTU of 1500 bytes. the CPE Router), can modify the default Ethernet MTU of 1500 bytes.
Also, in the future, Ethernet Jumbo frames (9000+ bytes) may also be Also, in the future, Ethernet Jumbo frames (> 1500 bytes) may also be
supported. Since the MTU can vary, a newly initiated TCP stream must supported. Since the MTU can vary, a newly initiated TCP stream must
detect the largest packet that can be sent to the destination without detect the largest packet that can be sent to the destination without
fragmentation. This can be detected using Path MTU Discovery fragmentation. This can be detected using Path MTU Discovery
[RFC1981]. Routers which may encounter a packet too large to be [RFC1981]. Routers which may encounter a packet too large to be
forwarded from source to destination may drop the packet and send an forwarded from source to destination may drop the packet and send an
ICMPv6 Packet Too Big message to the source. The CPE Router must ICMPv6 Packet Too Big message to the source. The CPE Router must
route back to the source any ICMPv6 Packet Too Big messages generated route back to the source any ICMPv6 Packet Too Big messages generated
anywhere on this path. anywhere on this path. Issues and solutions to problems with MTUs
and tunnels are described more fully in [RFC4459].
8.2. Optional RIPng Support (CORE) 8.2. Optional RIPng Support (CORE)
The CPE Router may support RIPng routing protocol [RFC2080] so that The CPE Router may support RIPng routing protocol [RFC2080] so that
RIPng operates between the CPE Router and the Service Provider RIPng operates between the CPE Router and the Service Provider
network. RIPng has scaling and security implications for the Service network. RIPng has scaling and security implications for the Service
Provider network where one Service Provider router may terminate Provider network where one Service Provider router may terminate
several tens of thousands of CPE routers. However, RIPng does several tens of thousands of CPE routers. However, RIPng does
provide one solution from the CPE Router to the Service Provider provide one solution from the CPE Router to the Service Provider
network for prefix route injection. network for prefix route injection.
8.3. Firewall (DEV) 8.3. Automated Tunneling (MEDIUM)
The CPE Router must support an IPv6 Firewall feature. The firewall
may include features like access-control lists. The firewall may
support interpretation or recognition of most IPv6 extension header
information including inspecting fragmentation header. The firewall
must support stateful and stateless Packet Filters as follows.
8.3.1. Packet Filters (DEV)
The CPE Router must support packet filtering based on IP headers,
extended headers, UDP and TCP ports etc. There are numerous filters
mentioned (section 3.2) in draft-ietf-v6ops-cpe-simple-security
[I-D.ietf-v6ops-cpe-simple-security], like some that allow IKE, IPSec
packets while another filter may block Teredo packets.
It is possible that in future, IPv6 global unicast prefix can expand
beyond 2000::/3. Therefore the CPE Router MUST not have hard coded
filters tied to only allow prefixes in a given range. The CPE Router
SHOULD be capable of treating any address not already reserved for a
specific use by the IETF (such as Link-Local and Multicast addresses)
as a potential global unicast address.
6to4 and ISATAP tunnels may be initiated by hosts behind the CPE
Router. The CPE Router MUST NOT block 6to4 or ISATAP packets without
a configurable override.
8.4. Zero Configuration Support (MEDIUM)
The CPE Router MAY support manual configuration via the web using a
URL string like http://router.local as per mDNS described in the
Terminology and Abbreviations section. Note that mDNS is a link-
local protocol, so extra functionality is required if configuration
is to be supported over cascaded routers. Support of configuration
through cascaded routers is beyond the scope of this document.
8.5. 6to4 Automated Tunneling (MEDIUM)/Dual-Stack Lite (DEV)/ISATAP
(MEDIUM)
If the IPv4 address assigned to the WAN interface of the CPE Router If the IPv4 address assigned to the WAN interface of the CPE Router
is a non-[RFC1918] IPv4 address, and the CPE Router fails to acquire is a non-[RFC1918] IPv4 address, and the CPE Router fails to acquire
an IPv6 address before WAN_IP_ACQUIRE_TIMEOUT seconds after acquiring an IPv6 address before WAN_IP_ACQUIRE_TIMEOUT seconds after acquiring
the IPv4 address, then the 6to4 tunneling protocol [RFC3056] SHOULD the IPv4 address, then the 6rd tunneling protocol SHOULD be enabled
be enabled automatically, allowing tunneling of IPv6 packets over (if supported). If 6rd fails to find a usable relay, then 6to4
IPv4 without requiring user configuration. If an anycast 6to4 server tunneling protocol [RFC3056] SHOULD be enabled automatically,
cannot be located, the CPE Router MAY initiate ISATAP [RFC4214] to allowing tunneling of IPv6 packets over IPv4 without requiring user
establish IPv6 connectivity over the IPv4 network. If an IPv6 configuration. If both IPv6 and IPv4 addresses are acquired within
address is acquired, but no IPv4 address is acquired before
WAN_IP_ACQUIRE_TIMEOUT seconds after the IPv6 address was acquired,
then the CPE Router SHOULD use DS-Lite and disable NAT44 in the CPE
Router. If both IPv6 and IPv4 addresses are acquired within
WAN_IP_ACQUIRE_TIMEOUT seconds of each other, then the CPE Router WAN_IP_ACQUIRE_TIMEOUT seconds of each other, then the CPE Router
operates in dual stack mode, and does not need either 6to4 or DS- operates in dual stack mode, and does not need 6rd or 6to4. If no
Lite. If no IPv4 and no IPv6 address has been acquired, then the CPE IPv4 and no IPv6 address has been acquired, then the CPE Router
Router retries acquisition. retries address acquisition.
6to4 can be useful in the scenario where the Service Provider does 6to4 can be useful in the scenario where the Service Provider does
not yet support IPv6, but devices in the home use IPv6. An IPv6 not yet support IPv6, but devices in the home use IPv6. An IPv6
address is constructed automatically from the IPv4 address (V4ADDR) address is constructed automatically from the IPv4 address (V4ADDR)
configured on the interface using the prefix 2002:V4ADDR::/48. A configured on the interface using the prefix 2002:V4ADDR::/48. A
6to4 tunnel can be automatically created using a pre-configured 6to4 6to4 tunnel can be automatically created using a pre-configured 6to4
gateway end-point for the tunnel. gateway end-point for the tunnel.
6rd is similar to 6to4, however it uses a service provider prefix
instead of a well-known prefix. The 6rd relay is typically managed
by the service provider. The 6rd protocol is described more fully in
draft-townsley-ipv6-6rd [I-D.townsley-ipv6-6rd]. A deployment of 6rd
is described in draft-despres-6rd [I-D.despres-6rd].
Several proposals are being considered by IETF related to the problem Several proposals are being considered by IETF related to the problem
of IPv4 address depletion, but have not yet achieved working group of IPv4 address depletion, but have not yet achieved working group
consensus for publication as an RFC. Dual-stack lite ietf-softwire- consensus for publication as an RFC. Dual-stack lite ietf-softwire-
dual-stack-lite-00 [I-D.ietf-softwire-dual-stack-lite] requires the dual-stack-lite-00 [I-D.ietf-softwire-dual-stack-lite] requires the
CPE Router to support features such as v4 in v6 encapsulation and CPE Router to support features such as v4 in v6 encapsulation and
softwires. Further, any approach which requires the use of a tunnel softwires. Since Dual-stack lite ietf-softwire-dual-stack-lite-00
MUST take into account the reduced MTU. The tunnel software on the [I-D.ietf-softwire-dual-stack-lite] is under development in the IETF,
CPE Router MUST be capable of fragmenting data packets. it has been moved to the bis version of this document.
For DS-Lite, the CPE Router also discovers the IPv6 address of the
Carrier Grade NAT node in the deployment. The ietf-softwire-dual-
stack-lite-00 [I-D.ietf-softwire-dual-stack-lite] draft has yet to
fully describe the method of discovery.
8.6. DNS Support (DEV) 8.4. DNS Support (CORE)
For local DNS queries for configuration, the CPE Router may include a For local DNS queries for configuration, the CPE Router may include a
DNS server to handle local queries. Non-local queries can be DNS server to handle local queries. Non-local queries can be
forwarded unchanged to a DNS server specified in the DNS server forwarded unchanged to a DNS server specified in the DNS server
DHCPv6 option. The CPE Router may also include DNS64 functionality. DHCPv6 option. The local DNS server MAY also handle renumbering from
In that case, the prefix used is either a well-known prefix or the Service Provider provided prefix for local names used exclusively
configured through DHCPv6 or SNMP. An A record is simply passed inside the home (the local AAAA and PTR records are updated). This
through untouched. An AAAA record is relayed to the server. If the capability provides connectivity using local DNS names in the home
CPE Router receives no response, then an A query is used. If the A after a Service Provider renumbering.
query returns a response, then an AAAA record is synthesized using
the prefix and sent to the host. If DNSSEC is used, then both an A
record (authenticated with DNSSEC), and the synthesized AAAA record
(possibly tagged as synthetic with an EDNS0 option, IDENT bit(s), or
using a well-known prefix) is returned. This allows unmodified hosts
to simply use the synthetic AAAA record (without DNSSEC). Modified
hosts can look at the DNSSEC A record, authenticate it, then
synthesize its own AAAA record in a stub resolver located in the
host. Therefore, unmodified hosts can get connectivity, but modified
hosts can also authenticate DNS records. The local DNS server MAY
also handle renumbering from the Service Provider provided prefix for
local names used exclusively inside the home (the local AAAA records
are updated). This capability provides connectivity using local DNS
names in the home after a Service Provider renumbering. A CPE Router
MAY add local DNS entries based on dynamic requests from the LAN
segment(s). The protocol to carry such requests from hosts to the
CPE Router is yet to be described.
8.7. Quality Of Service(QoS) 8.5. Quality Of Service(QoS)
The CPE router MAY support differentiated services [RFC2474]. The CPE router MAY support differentiated services [RFC2474].
9. IPv4 Support (CORE) 9. IPv4 Support (CORE)
IPv4 support is largely out of scope for this document. However, a IPv4 support is largely out of scope for this document. However, a
brief overview of current practice in the market may be helpful since brief overview of current practice in the market may be helpful since
the CPE Router may support both IPv4 and IPv6. This section does NOT the CPE Router may support both IPv4 and IPv6. This section does NOT
require the CPE Router to support IPv4. For background information require the CPE Router to support IPv4. For background information
on IPv4 routing capabilities, please refer to [RFC1812]. Typically, on IPv4 routing capabilities, please refer to [RFC1812]. Typically,
skipping to change at page 18, line 14 skipping to change at page 17, line 8
10. DEVICE Constants 10. DEVICE Constants
1. WAN_IP_ACQUIRE_TIMEOUT 180 seconds. 1. WAN_IP_ACQUIRE_TIMEOUT 180 seconds.
The default value of WAN_IP_ACQUIRE_TIMEOUT can be overidden by link- The default value of WAN_IP_ACQUIRE_TIMEOUT can be overidden by link-
type specific documents. type specific documents.
11. Future Work 11. Future Work
1. Enumerate requirements in list form (to be done after All of the future work has been moved to a bis(updates) version of
requirements are solidified). this document.
2. Preferred Lifetime vs. Valid Lifetime for ULA's and Source
Address Selection.
12. Security Considerations 12. Security Considerations
Security considerations of a CPE router are covered by Security considerations of a CPE router are covered by
draft-ietf-v6ops-cpe-simple-security draft-ietf-v6ops-cpe-simple-security
[I-D.ietf-v6ops-cpe-simple-security]. [I-D.ietf-v6ops-cpe-simple-security].
13. IANA Considerations 13. IANA Considerations
None. None.
skipping to change at page 19, line 5 skipping to change at page 17, line 38
input on the document. input on the document.
15. References 15. References
15.1. Normative References 15.1. Normative References
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
September 2007. September 2007.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862, September 2007.
15.2. Informative References 15.2. Informative References
[I-D.baker-ipv6-prefix-subdelegation]
Baker, F., "Prefix Sub-delegation in a SOHO/SMB
Environment", draft-baker-ipv6-prefix-subdelegation-00
(work in progress), July 2009.
[I-D.despres-6rd]
Despres, R., "IPv6 Rapid Deployment on IPv4
infrastructures (6rd)", draft-despres-6rd-03 (work in
progress), April 2009.
[I-D.ietf-6man-ipv6-subnet-model] [I-D.ietf-6man-ipv6-subnet-model]
Singh, H., Beebee, W., and E. Nordmark, "IPv6 Subnet Singh, H., Beebee, W., and E. Nordmark, "IPv6 Subnet
Model: the Relationship between Links and Subnet Model: the Relationship between Links and Subnet
Prefixes", draft-ietf-6man-ipv6-subnet-model-03 (work in Prefixes", draft-ietf-6man-ipv6-subnet-model-05 (work in
progress), March 2009. progress), May 2009.
[I-D.ietf-6man-node-req-bis] [I-D.ietf-6man-node-req-bis]
Loughney, J., "IPv6 Node Requirements RFC 4294-bis", Loughney, J. and T. Narten, "IPv6 Node Requirements RFC
draft-ietf-6man-node-req-bis-02 (work in progress), 4294-bis", draft-ietf-6man-node-req-bis-03 (work in
November 2008. progress), July 2009.
[I-D.ietf-softwire-dual-stack-lite] [I-D.ietf-softwire-dual-stack-lite]
Durand, A., Droms, R., Haberman, B., and J. Woodyatt, Durand, A., Droms, R., Haberman, B., Woodyatt, J., Lee,
"Dual-stack lite broadband deployments post IPv4 Y., and R. Bush, "Dual-stack lite broadband deployments
exhaustion", draft-ietf-softwire-dual-stack-lite-00 (work post IPv4 exhaustion",
in progress), March 2009. draft-ietf-softwire-dual-stack-lite-01 (work in progress),
July 2009.
[I-D.ietf-softwire-hs-framework-l2tpv2]
Storer, B., Pignataro, C., Santos, M., Stevant, B., and J.
Tremblay, "Softwire Hub & Spoke Deployment Framework with
L2TPv2", draft-ietf-softwire-hs-framework-l2tpv2-12 (work
in progress), March 2009.
[I-D.ietf-v6ops-cpe-simple-security] [I-D.ietf-v6ops-cpe-simple-security]
Woodyatt, J., "Recommended Simple Security Capabilities in Woodyatt, J., "Recommended Simple Security Capabilities in
Customer Premises Equipment for Providing Residential Customer Premises Equipment for Providing Residential
IPv6 Internet Service", IPv6 Internet Service",
draft-ietf-v6ops-cpe-simple-security-04 (work in draft-ietf-v6ops-cpe-simple-security-07 (work in
progress), March 2009. progress), July 2009.
[I-D.townsley-ipv6-6rd]
Townsley, M. and O. Troan, "IPv6 via IPv4 Service Provider
Networks", draft-townsley-ipv6-6rd-01 (work in progress),
July 2009.
[RFC1122] Braden, R., "Requirements for Internet Hosts - [RFC1122] Braden, R., "Requirements for Internet Hosts -
Communication Layers", STD 3, RFC 1122, October 1989. Communication Layers", STD 3, RFC 1122, October 1989.
[RFC1812] Baker, F., "Requirements for IP Version 4 Routers", [RFC1812] Baker, F., "Requirements for IP Version 4 Routers",
RFC 1812, June 1995. RFC 1812, June 1995.
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and [RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
E. Lear, "Address Allocation for Private Internets", E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, February 1996. BCP 5, RFC 1918, February 1996.
skipping to change at page 20, line 51 skipping to change at page 20, line 5
[RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol [RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol
(DHCP) Service for IPv6", RFC 3736, April 2004. (DHCP) Service for IPv6", RFC 3736, April 2004.
[RFC3769] Miyakawa, S. and R. Droms, "Requirements for IPv6 Prefix [RFC3769] Miyakawa, S. and R. Droms, "Requirements for IPv6 Prefix
Delegation", RFC 3769, June 2004. Delegation", RFC 3769, June 2004.
[RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery [RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery
Version 2 (MLDv2) for IPv6", RFC 3810, June 2004. Version 2 (MLDv2) for IPv6", RFC 3810, June 2004.
[RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and
More-Specific Routes", RFC 4191, November 2005.
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", RFC 4193, October 2005. Addresses", RFC 4193, October 2005.
[RFC4214] Templin, F., Gleeson, T., Talwar, M., and D. Thaler,
"Intra-Site Automatic Tunnel Addressing Protocol
(ISATAP)", RFC 4214, October 2005.
[RFC4241] Shirasaki, Y., Miyakawa, S., Yamasaki, T., and A. [RFC4241] Shirasaki, Y., Miyakawa, S., Yamasaki, T., and A.
Takenouchi, "A Model of IPv6/IPv4 Dual Stack Internet Takenouchi, "A Model of IPv6/IPv4 Dual Stack Internet
Access Service", RFC 4241, December 2005. Access Service", RFC 4241, December 2005.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006. Architecture", RFC 4291, February 2006.
[RFC4389] Thaler, D., Talwar, M., and C. Patel, "Neighbor Discovery [RFC4389] Thaler, D., Talwar, M., and C. Patel, "Neighbor Discovery
Proxies (ND Proxy)", RFC 4389, April 2006. Proxies (ND Proxy)", RFC 4389, April 2006.
[RFC4459] Savola, P., "MTU and Fragmentation Issues with In-the-
Network Tunneling", RFC 4459, April 2006.
[RFC4541] Christensen, M., Kimball, K., and F. Solensky, [RFC4541] Christensen, M., Kimball, K., and F. Solensky,
"Considerations for Internet Group Management Protocol "Considerations for Internet Group Management Protocol
(IGMP) and Multicast Listener Discovery (MLD) Snooping (IGMP) and Multicast Listener Discovery (MLD) Snooping
Switches", RFC 4541, May 2006. Switches", RFC 4541, May 2006.
[RFC4605] Fenner, B., He, H., Haberman, B., and H. Sandick, [RFC4605] Fenner, B., He, H., Haberman, B., and H. Sandick,
"Internet Group Management Protocol (IGMP) / Multicast "Internet Group Management Protocol (IGMP) / Multicast
Listener Discovery (MLD)-Based Multicast Forwarding Listener Discovery (MLD)-Based Multicast Forwarding
("IGMP/MLD Proxying")", RFC 4605, August 2006. ("IGMP/MLD Proxying")", RFC 4605, August 2006.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless [RFC4779] Asadullah, S., Ahmed, A., Popoviciu, C., Savola, P., and
Address Autoconfiguration", RFC 4862, September 2007. J. Palet, "ISP IPv6 Deployment Scenarios in Broadband
Access Networks", RFC 4779, January 2007.
[RFC5072] S.Varada, Haskins, D., and E. Allen, "IP Version 6 over [RFC5072] S.Varada, Haskins, D., and E. Allen, "IP Version 6 over
PPP", RFC 5072, September 2007. PPP", RFC 5072, September 2007.
[RFC5135] Wing, D. and T. Eckert, "IP Multicast Requirements for a [RFC5135] Wing, D. and T. Eckert, "IP Multicast Requirements for a
Network Address Translator (NAT) and a Network Address Network Address Translator (NAT) and a Network Address
Port Translator (NAPT)", BCP 135, RFC 5135, February 2008. Port Translator (NAPT)", BCP 135, RFC 5135, February 2008.
[RFC5214] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site
Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214,
March 2008.
Authors' Addresses Authors' Addresses
Hemant Singh Hemant Singh
Cisco Systems, Inc. Cisco Systems, Inc.
1414 Massachusetts Ave. 1414 Massachusetts Ave.
Boxborough, MA 01719 Boxborough, MA 01719
USA USA
Phone: +1 978 936 1622 Phone: +1 978 936 1622
Email: shemant@cisco.com Email: shemant@cisco.com
 End of changes. 50 change blocks. 
269 lines changed or deleted 219 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/