draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat-00.txt   draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat-01.txt 
Internet Engineering Task Force O. Troan, Ed. Internet Engineering Task Force O. Troan, Ed.
Internet-Draft Cisco Internet-Draft Cisco
Intended status: Informational D. Miles Intended status: Informational D. Miles
Expires: September 30, 2011 Alcatel-Lucent Expires: March 3, 2012 Alcatel-Lucent
S. Matsushima S. Matsushima
SOFTBANK TELECOM Corp. Softbank Telecom
T. Okimoto T. Okimoto
NTT West NTT West
D. Wing D. Wing
Cisco Cisco
March 29, 2011 August 31, 2011
IPv6 Multihoming without Network Address Translation IPv6 Multihoming without Network Address Translation
draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat-00 draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat-01
Abstract Abstract
Network Address and Port Translation (NAPT) works well for conserving Network Address and Port Translation (NAPT) works well for conserving
global addresses and addressing multihoming requirements, because an global addresses and addressing multihoming requirements, because an
IPv4 NAPT router implements three functions: source address IPv4 NAPT router implements three functions: source address
selection, next-hop resolution and optionally DNS resolution. For selection, next-hop resolution and optionally DNS resolution. For
IPv6 hosts one approach could be the use of IPv6 NAT. However, NAT IPv6 hosts one approach could be the use of IPv6 NAT. However, NAT
should be avoided, if at all possible, to permit transparent host-to- should be avoided, if at all possible, to permit transparent end-to-
host connectivity. In this document, we analyze the use cases of end connectivity. In this document, we analyze the use cases of
multihoming. We also describe functional requirements for multihoming. We also describe functional requirements and possible
multihoming without the use of NAT in IPv6 for hosts and small IPv6 solutions for multihoming without the use of NAT in IPv6 for hosts
networks that would otherwise be unable to meet minimum IPv6 and small IPv6 networks that would otherwise be unable to meet
allocation criteria. minimum IPv6 allocation criteria. Nevertheless, we mention that the
possible needs for IPv6 NAT in the transition phase to the fully
deployment of the proposed solutions.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 30, 2011. This Internet-Draft will expire on March 3, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
skipping to change at page 2, line 20 skipping to change at page 2, line 23
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. IPv6 multihomed network scenarios . . . . . . . . . . . . . . 5 3. IPv6 multihomed network scenarios . . . . . . . . . . . . . . 5
3.1. Classification of network scenarios for multihomed host . 5 3.1. Classification of network scenarios for multihomed host . 5
3.2. Multihomed network environment . . . . . . . . . . . . . . 7 3.2. Multihomed network environment . . . . . . . . . . . . . . 8
3.3. Problem Statement . . . . . . . . . . . . . . . . . . . . 8 3.3. Problem Statement . . . . . . . . . . . . . . . . . . . . 9
4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 9 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 10
4.1. End-to-End transparency . . . . . . . . . . . . . . . . . 9 4.1. End-to-End transparency . . . . . . . . . . . . . . . . . 10
4.2. Policy providing . . . . . . . . . . . . . . . . . . . . . 10 4.2. Policy distribution . . . . . . . . . . . . . . . . . . . 11
4.3. Scalability . . . . . . . . . . . . . . . . . . . . . . . 10 4.3. Scalability . . . . . . . . . . . . . . . . . . . . . . . 11
5. Problem statement and analysis . . . . . . . . . . . . . . . . 10 5. Problem statement and analysis . . . . . . . . . . . . . . . . 11
5.1. Source address selection . . . . . . . . . . . . . . . . . 11 5.1. Source address selection . . . . . . . . . . . . . . . . . 12
5.2. Next-hop selection . . . . . . . . . . . . . . . . . . . . 11 5.2. Next-hop selection . . . . . . . . . . . . . . . . . . . . 12
5.3. DNS server selection . . . . . . . . . . . . . . . . . . . 12 5.3. DNS recursive name server selection . . . . . . . . . . . 13
6. Implementation approach . . . . . . . . . . . . . . . . . . . 13 6. Implementation approach . . . . . . . . . . . . . . . . . . . 14
6.1. Source address selection . . . . . . . . . . . . . . . . . 13 6.1. Source address selection . . . . . . . . . . . . . . . . . 14
6.2. Next-hop selection . . . . . . . . . . . . . . . . . . . . 13 6.2. Next-hop selection . . . . . . . . . . . . . . . . . . . . 14
6.3. DNS resolver selection . . . . . . . . . . . . . . . . . . 14 6.3. DNS recursive name server selection . . . . . . . . . . . 15
7. Considerations for host without multi-prefix support . . . . . 14 7. Considerations for host without multi-prefix support . . . . . 16
7.1. IPv6 NAT . . . . . . . . . . . . . . . . . . . . . . . . . 15 7.1. IPv6 NAT . . . . . . . . . . . . . . . . . . . . . . . . . 16
7.2. Co-exisitence consideration . . . . . . . . . . . . . . . 15 7.2. Co-existence consideration . . . . . . . . . . . . . . . . 17
8. Security Considerations . . . . . . . . . . . . . . . . . . . 16 8. Security Considerations . . . . . . . . . . . . . . . . . . . 17
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19
10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 16 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 19
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19
11.1. Normative References . . . . . . . . . . . . . . . . . . . 16 11.1. Normative References . . . . . . . . . . . . . . . . . . . 19
11.2. Informative References . . . . . . . . . . . . . . . . . . 17 11.2. Informative References . . . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21
1. Introduction 1. Introduction
IPv6 provides enough globally unique addresses to permit every IPv6 provides enough globally unique addresses to permit every
conceivable host on the Internet to be uniquely addressed without the conceivable host on the Internet to be uniquely addressed without the
requirement for Network Address Port Translation (NAPT [RFC3022]) requirement for Network Address Port Translation (NAPT [RFC3022]),
offering a renaissance in host-to-host transparent connectivity. offering a renaissance in end-to-end transparent connectivity.
Unfortunately, this may not be possible due to the necessity of NAT Unfortunately, this may not be possible due to the necessity of NAT
even in IPv6, because of multihoming. Though there are some even in IPv6, because of multihoming. Though there are some
mechanisms to implement multihoming, such as BGP multihoming mechanisms to implement multihoming, such as BGP multihoming
[RFC4116] and SCTP based multihoming [RFC4960], there is no mechanism [RFC4116] in network level, and SCTP based multihoming [RFC4960] in
in IPv6 that serves as a replacement for NAT based multihoming in application transport level, there is no mechanism in IPv6 that
IPv4. In IPv4, for a host or a small network, NAT based multihoming serves as a replacement for NAT based multihoming in IPv4. In IPv4,
is easily deployable and already deployed technique. The same for a host or a small network, NAT based multihoming is easily
situation that depends on NAT technique may be brought to the IPv6 deployable and an already deployed technique. Some of the same
world. reasons for IPv4 NATs may be applicable to IPv6.
Whenever a host or small network (which does not meet minimum IPv6 Whenever a host or small network (which does not meet minimum IPv6
allocation criteria) is connected to multiple upstream networks IPv6 allocation criteria) is connected to multiple upstream networks, an
address is assigned by each respective service provider resulting in IPv6 address is assigned by each respective service provider
hosts with more than one active IPv6 addresses. As each service resulting in hosts with multiple global scope IPv6 addresses with
provided is allocated a different address space from its Internet different prefixes. As each service provider is allocated a
Registry, it in-turn assigns a different address space to the end- different address space from its Internet Registry, it in-turn
user network or host. For example, a remote access user's host or assigns a different address space to the end-user network or host.
router may use a VPN to simultaneously connect to a remote network For example, a remote access user's host or router may use a VPN to
and retain a default route to the Internet for other purposes. simultaneously connect to a remote network and retain a default route
to the Internet for other purposes.
In IPv4 a common solution to the multihoming problem is to employ In IPv4 a common solution to the multihoming problem is to employ
NAPT on a border router and use private address space for individual NAPT on a border router and use private address space for individual
host addressing. The use of NAPT allows hosts to have exactly one IP host addressing. The use of NAPT allows hosts to have exactly one IP
address visible on the public network and the combination of NAPT address visible on the public network and the combination of NAPT
with provider-specific outside addresses (one for each uplink) and with provider-specific outside addresses (one for each uplink) and
destination-based routing insulates a host from the impacts of destination-based routing insulates a host from the impacts of
multiple upstream networks. The border router may also implement a multiple upstream networks. The border router may also implement a
DNS cache or DNS policy to resolve address queries from hosts. DNS cache or DNS policy to resolve address queries from hosts.
It is our goal to avoid the IPv6 equivalent of NAT. So, the goals It is our goal to avoid the IPv6 equivalent of NAT. So, the goals
for IPv6 multihoming definced in [RFC3582] do not exactly match the for IPv6 multihoming defined in [RFC3582] do not match the goals of
goals of us. Also regardless of what the IPv6 NAT's specification this document. Also regardless of what the IPv6 NAT's specification
is, we are trying to avoid any form of network address translation is, we are trying to avoid any form of network address translation
technique that may not be visible for either of the end hosts. To technique that may not be visible for either of the end hosts. To
reach this goal, mechanisms are needed for end-user hosts to have reach this goal, mechanisms are needed for end-user hosts to have
multiple address assignments and resolve issues such as which address multiple address assignments and resolve issues such as which address
to use for sourcing traffic to which destination: to use for sourcing traffic to which destination:
o If multiple routers exist on a single link the host must o If multiple routers exist on a single link the host must select
appropriately select next-hop for each connected network. Each the appropriate next-hop for each connected network. Each router
router is in turn connected to a different service provider is in turn connected to a different service provider network,
network, which provides independent address assignment and DNS which provides independent address assignment. Routing protocols
resolvers. Routing protocols that would normally be employed for that would normally be employed for router-to-router network
router-to-router network advertisement seem inappropriate for use advertisement seem inappropriate for use by individual hosts.
by individual hosts.
o Source address selection also becomes difficult whenever a host o Source address selection also becomes difficult whenever a host
has more than one address within the same address scope. Current has more than one address within the same address scope. Current
address selection criteria may result in hosts using an arbitrary address selection criteria may result in hosts using an arbitrary
or random address when sourcing upstream traffic. Unfortunately, or random address when sourcing upstream traffic. Unfortunately,
for the host, the appropriate source address is a function of the for the host, the appropriate source address is a function of the
upstream network for which the packet is bound for. If an upstream network for which the packet is bound for. If an
upstream service provider uses IP anti-spoofing or uRPF, it is upstream service provider uses IP anti-spoofing or ingress
conceivable that the packets that have inappropriate source filtering, it is conceivable that the packets that have an
address for the upstream network would never reach their inappropriate source address for the upstream network would never
destination. reach their destination.
o In a multihomed environment, different DNS scopes or partitions o In a multihomed environment, different DNS scopes or partitions
may exist in each independent upstream network. A DNS query sent may exist in each independent upstream network. A DNS query sent
to an arbitrary upstream resolver may result in incorrect or to an arbitrary upstream DNS recursive name servier may result in
poisoned responses incorrect or poisoned responses.
In short, while IPv6 facilitates hosts having more than one address In short, while IPv6 facilitates hosts having more than one address
in the same address scope, the application of this causes significant in the same address scope, the application of this causes significant
issues for a host from routing, source address selection and DNS issues for a host from routing, source address selection and DNS
resolution perspectives. A possible consequence of assigning a host resolution perspectives. A possible consequence of assigning a host
multiple identical-scoped addresses is severely impaired IP multiple identically-scoped addresses is severely impaired IP
connectivity. connectivity.
If a host connects to a network behind an IPv4 NAPT, the host has one If a host connects to a network behind an IPv4 NAPT, the host has one
private address in the local network. There is no confusion. The private address in the local network. There is no confusion. The
NAT becomes the gateway of the host and forwards the packet to an NAT becomes the gateway of the host and forwards the packet to an
appropriate network when it is multihomed. It also operates a DNS appropriate network when it is multihomed. It also operates a DNS
cache server, which receives all DNS inquires, and gives a correct cache server, which receives all DNS inquires, and gives a correct
answer to the host. answer to the host.
In this document, we identify the functions present in multihomed In this document, we analyze the use cases of multihoming. We also
IPv4 NAPT environments and propose requirements that address describe functional requirements and possible solutions for
multihomed IPv6 environments without using IPv6 NAT. multihoming without the use of NAT in IPv6 for hosts and small IPv6
networks that would otherwise be unable to meet minimum IPv6
allocation criteria. Nevertheless, we mention that the possible
needs for IPv6 NAT in the transition phase to the fully deployment of
the proposed solutions.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
IPv6 NAT The terms "NAT66" and "IPv6 NAT" refer to IPv6 NAT The terms "NAT66" and "IPv6 NAT" refer to NPTv6
[I-D.mrw-nat66]. [RFC6296].
NAPT Network Address Port Translation as described NAPT Network Address Port Translation as described
in [RFC3022]. In other contexts, NAPT is often in [RFC3022]. In other contexts, NAPT is often
pronounced "NAT" or written as "NAT". pronounced "NAT" or written as "NAT".
Multihomed with multi-prefix (MHMP) A host implementation which Multihomed with multi-prefix (MHMP) A host implementation which
supports the mechanisms described in this supports the mechanisms described in this
document. Namely source address selection document. Namely source address selection
policy, next-hop selection and DNS selection policy, next-hop selection and DNS selection
policy. policy.
skipping to change at page 5, line 30 skipping to change at page 5, line 36
In this section, we classify three scenarios of the multihoming In this section, we classify three scenarios of the multihoming
environment. environment.
3.1. Classification of network scenarios for multihomed host 3.1. Classification of network scenarios for multihomed host
Scenario 1: Scenario 1:
In this scenario, two or more routers are present on a single link In this scenario, two or more routers are present on a single link
shared with the host(s). Each router is in turn connected to a shared with the host(s). Each router is in turn connected to a
different service provider network, which provides independent different service provider network, which provides independent
address assignment and DNS resolvers. A host in this environment address assignment and DNS recursive name servers. A host in this
would be offered multiple prefixes and DNS resolvers advertised from environment would be offered multiple prefixes and DNS recursive name
the two different routers. servers advertised from the two different routers.
+------+ ___________ +------+ ___________
| | / \ | | / \
+---| rtr1 |=====/ network \ +---| rtr1 |=====/ network \
| | | \ 1 / | | | \ 1 /
+------+ | +------+ \___________/ +------+ | +------+ \___________/
| | | | | |
| host |-----+ | hosts|-----+
| | | | | |
+------+ | +------+ ___________ +------+ | +------+ ___________
| | | / \ | | | / \
+---| rtr2 |=====/ network \ +---| rtr2 |=====/ network \
| | \ 2 / | | \ 2 /
+------+ \___________/ +------+ \___________/
Figure 1: single uplink, multiple next-hop, multiple prefix Figure 1: single uplink, multiple next-hop, multiple prefix
(Scenario 1) (Scenario 1)
skipping to change at page 6, line 16 skipping to change at page 6, line 33
shared link. Networks 1 and 2 are reachable via rtr1 and rtr2 shared link. Networks 1 and 2 are reachable via rtr1 and rtr2
respectively. When the host sends packets to network 1, the next-hop respectively. When the host sends packets to network 1, the next-hop
to network 1 is rtr1. Similarly, rtr2 is the next-hop to network 2. to network 1 is rtr1. Similarly, rtr2 is the next-hop to network 2.
- e.g., broadband service (Internet, VoIP, IPTV, etc.) - e.g., broadband service (Internet, VoIP, IPTV, etc.)
Scenario 2: Scenario 2:
In this scenario, a single gateway router connects the host to two or In this scenario, a single gateway router connects the host to two or
more upstream service provider networks. This gateway router would more upstream service provider networks. This gateway router would
receive prefix delegations from each independent service provider receive prefix delegations and a different set of DNS recursive name
network and a different set of DNS resolvers. The gateway in turn servers from each independent service provider network. The gateway
advertises the provider prefixes to the host, and for DNS, may either in turn advertises the provider prefixes to the host, and for DNS,
act as a lightweight DNS resolver/cache or may advertise the complete may either act as a lightweight DNS cache server or may advertise the
set of service provider DNS resolvers to the hosts. complete set of service provider DNS recursive name servers to the
hosts.
+------+ ___________ +------+ ___________
| | / \ +-----+ | | / \
+---| rtr1 |=====/ network \ | |=======| rtr1 |=====/ network \
| | | \ 1 / | |port1 | | \ 1 /
+------+ +-----+ | +------+ \___________/ +------+ | | +------+ \___________/
| | | | | | | | |
| host |-----| GW |---+ | hosts|-----| GW |
| | | rtr | | | | | rtr |
+------+ +-----+ | +------+ ___________ +------+ | | +------+ ___________
| | | / \ | |port2 | | / \
+---| rtr2 |=====/ network \ | |=======| rtr2 |=====/ network \
| | \ 2 / +-----+ | | \ 2 /
+------+ \___________/ +------+ \___________/
Figure 2: single uplink, single next-hop, multiple prefix Figure 2: single uplink, single next-hop, multiple prefix
(Scenario 2) (Scenario 2)
Figure 2 illustrates the host connected to GW rtr. GW rtr connects Figure 2 illustrates the host connected to GW rtr. GW rtr connects
to networks 1 and 2 via rtr1 and rtr2, respectively. When the host to networks 1 and 2 via port1 and 2 respectively. When the host
sends packets to either network 1 or 2, the next-hop is GW rtr. When sends packets to either network 1 or 2, the next-hop is GW rtr. When
the packets are sent to network 1 (network 2), GW rtr forwards the the packets are sent to network 1 (network 2), GW rtr forwards the
packets to rtr1 (rtr2). packets to port1 (port2).
- e.g, Internet + VPN/ASP - e.g, Internet + VPN/Application Service Provider (ASP)
Scenario 3: Scenario 3:
In this scenario, a host has more than one active interface that In this scenario, a host has more than one active interface that
connects to different routers and service provider networks. Each connects to different routers and service provider networks. Each
router provides the host with a different address prefix and set of router provides the host with a different address prefix and set of
DNS resolvers, resulting in a host with a unique address per link/ DNS recursive name servers, resulting in a host with a unique address
interface. per link/interface.
+------+ +------+ ___________ +------+ +------+ ___________
| | | | / \ | | | | / \
| |-----| rtr1 |=====/ network \ | |-----| rtr1 |=====/ network \
| | | | \ 1 / | | | | \ 1 /
| | +------+ \___________/ | | +------+ \___________/
| | | |
| host | | host |
| | | |
| | +------+ ___________ | | +------+ ___________
skipping to change at page 7, line 34 skipping to change at page 8, line 32
Figure 3 illustrates the host connecting to rtr1 and rtr2 via a Figure 3 illustrates the host connecting to rtr1 and rtr2 via a
direct connection or a virtual link. When the host sends packets direct connection or a virtual link. When the host sends packets
network 1, the next-hop to network 1 is rtr1. Similarly, rtr2 is the network 1, the next-hop to network 1 is rtr1. Similarly, rtr2 is the
next-hop to network 2. next-hop to network 2.
- e.g., Mobile Wifi + 3G, ISP A + ISP B - e.g., Mobile Wifi + 3G, ISP A + ISP B
3.2. Multihomed network environment 3.2. Multihomed network environment
In an IPv6 multihomed network, a host is assigned two or more IPv6 In an IPv6 multihomed network, a host is assigned two or more IPv6
addresses and DNS resolvers from independent service provider addresses and DNS recursive name servers from independent service
networks. When this multihomed host attempts to connect with other provider networks. When this multihomed host attempts to connect
hosts, it may incorrectly resolve the next-hop router, use an with other hosts, it may incorrectly resolve the next-hop router, use
inappropriate source address, or use a DNS response from an incorrect an inappropriate source address, or use a DNS response from an
service provider that may result in impaired IP connectivity. incorrect service provider that may result in impaired IP
connectivity.
Multihomed networks in IPv4 have been commonly implemented through Multihomed networks in IPv4 have been commonly implemented through
the use of a gateway router with NAPT function (scenario 2 with the use of a gateway router with NAPT function (scenario 2 with
NAPT). An analysis of the current IPv4 NAPT and DNS functions within NAPT). An analysis of the current IPv4 NAPT and DNS functions within
the gateway router should provide a baseline set of requirements for the gateway router should provide a baseline set of requirements for
IPv6 multihomed environments. A destination prefix/route is often IPv6 multihomed environments. A destination prefix/route is often
used on the gateway router to separate traffic between the networks. used on the gateway router to separate traffic between the networks.
+------+ ___________ +------+ ___________
| | / \ | | / \
skipping to change at page 8, line 25 skipping to change at page 9, line 25
(private +---| rtr2 |=====/ network \ (private +---| rtr2 |=====/ network \
address | | \ 2 / address | | \ 2 /
space) +------+ \___________/ space) +------+ \___________/
Figure 4: IPv4 Multihomed environment with Gateway Router performing Figure 4: IPv4 Multihomed environment with Gateway Router performing
NAPT NAPT
3.3. Problem Statement 3.3. Problem Statement
A multihomed IPv6 host has one or more assigned IPv6 addresses and A multihomed IPv6 host has one or more assigned IPv6 addresses and
DNS resolvers from each upstream service provider, resulting in the DNS recursive name servers from each upstream service provider,
host having multiple valid IPv6 addresses and DNS resolvers. The resulting in the host having multiple valid IPv6 addresses and DNS
host must be able to resolve the appropriate next-hop, the correct recursive name servers. The host must be able to resolve the
source address and DNS resolver to use based on the destination appropriate next-hop, the correct source address and DNS recursive
prefix. To prevent IP spoofing, operators will often implement IP name server to use based on the destination prefix. To prevent IP
filters and uRPF to discard traffic with an inappropriate source spoofing, operators will often implement ingress filtering to discard
address, making it essential for the host to correctly resolve these traffic with an inappropriate source address, making it essential for
three criteria before sourcing the first packet. the host to correctly resolve these three items before sourcing the
first packet.
IPv6 has mechanisms for the provision of multiple routers on a single IPv6 has mechanisms for the provision of multiple routers on a single
link and multiple address assignments to a single host. However, link and multiple address assignments to a single host. However,
when these mechanisms are applied to the three scenarios in when these mechanisms are applied to the three scenarios in
Section 3.1 a number of connectivity issues are identified: Section 3.1 a number of connectivity issues are identified:
Scenario 1: Scenario 1:
The host has been assigned an address from each router and recognizes The host has been assigned an address from each router and recognizes
both rtr1 and rtr2 as valid default routers (in the default routers both rtr1 and rtr2 as valid default routers (in the default routers
list). list).
o The source address selection policy on the host does not o The source address selection policy on the host does not
deterministically resolve a source address. Upstream uRPF or deterministically resolve a source address. Ingress filtering or
filter policies will discard traffic with source addresses that filter policies will discard traffic with source addresses that
the operator did not assign. the operator did not assign.
o The host will select one of the two routers as the active default o The host will select one of the two routers as the active default
router. No traffic is sent to the other router. router. No traffic is sent to the other router.
Scenario 2: Scenario 2:
The host has been assigned two different addresses from the single The host has been assigned two different addresses from the single
gateway router. The gateway router is the only default router on the gateway router. The gateway router is the only default router on the
link. link.
o The source address selection policy on the host does not o The source address selection policy on the host does not
deterministically resolve a source address. Upstream uRPF or deterministically resolve a source address. Ingress filtering or
filter policies will discard traffic with source addresses that filter policies will discard traffic with source addresses that
the operator did not assign. the operator did not assign.
o The gateway router does not have a mechanism for determining which o The gateway router does not have an autonomous mechanism for
traffic should be sent to which network. If the gateway router is determining which traffic should be sent to which network. If the
implementing host functions (ie, processing RA) then two valid gateway router is implementing host functions (i.e., processing
default routers may be recognized. Router Advertisement) then two valid default routers may be
recognized.
Scenario 3: Scenario 3:
A host has two separate interfaces and on each interface a different A host has two separate interfaces and on each interface a different
address is assigned. Each link has its own router. address is assigned. Each link has its own router.
o The host does not have enough information for determining which o The host does not have enough information for determining which
traffic should be sent to which upstream routers. The host will traffic should be sent to which upstream routers. The host will
select one of the two routers as the active default router, and no select one of the two routers as the active default router, and no
traffic is sent to the other router. traffic is sent to the other router. The default address
selection rules select the address assigned to the outgoing
o The default address selection rules select the address assigned to interface as the source address. So, if a host has an appropriate
the outgoing interface as the source address. So, if a host has routing table, an appropriate source address will be selected.
an appropriate routing table, an appropriate source address will
be selected.
All scenarios: All scenarios:
o The host may use an incorrect DNS resolver for DNS queries. o In network deployments utilizing local namespaces, the host may
choose to communicate with a "wrong" DNS recursive server unable
to serve a local namespace.
4. Requirements 4. Requirements
This section describes requirements that any solution multi-address This section describes requirements that any solution multi-address
and multi-uplink architectures need to meet. and multi-uplink architectures need to meet.
4.1. End-to-End transparency 4.1. End-to-End transparency
End-to-end transparency is a basic concept of the Internet. One of the major design goals for IPv6 is to restore the end-to-end
[RFC4966] states, "One of the major design goals for IPv6 is to transparency of the Internet. If NAT mechanism is applied to IP
restore the end-to-end transparency of the Internet. Therefore, communication between hosts, it is required to apply complex NAT
because IPv6 is expected to remove the need for NATs and similar traversal mechanism to establish bi-directional IP communication.
impediments to transparency, developers creating applications to work
with IPv6 may be tempted to assume that the complex mechanisms
employed by an application to work in a 'NATted' IPv4 environment are
not required." The IPv6 multihoming solution SHOULD guarantee end-
to-end transparency by avoiding IPv6 NAT.
4.2. Policy providing Essentially, extra NAT traversal meachanism does not need to be
implemented on application, on an environment with end-to-end
transparency. Therefore, The IPv6 multihoming solution SHOULD
guarantee end-to-end transparency by avoiding IPv6 NAT.
4.2. Policy distribution
The solution SHOULD have a function to provide a policy on sites/ The solution SHOULD have a function to provide a policy on sites/
nodes. In particular, in a managed environment such as enterprise nodes. In particular, a network service provider has to control his
networks, an administrator has to control all nodes in his or her or her user nodes such as CPE devices. All nodes are not necessarily
network. controlled evenly with policy providing. It is required to identify
a nodes and provide indepenent policy by each node.
The providing mechanisms should have: The providing mechanisms should have:
o a function to distribute policies to nodes dynamically to update o a function to distribute policies to nodes dynamically to update
their behavior. When the network environment changes and the their behavior. When the network environment changes and the
nodes' behavior has to be changed, a network administrator can nodes' behavior has to be changed, a network administrator can
modify the behavior of the nodes. modify the behavior of the nodes.
o a function to control every node centrally. A site administrator o a function to control every node centrally. A site administrator
or a service provider could determine or could have an effect on or a service provider could determine or could have an effect on
skipping to change at page 11, line 16 skipping to change at page 12, line 16
This section reviews the problem statements presented above and the This section reviews the problem statements presented above and the
proposed functional requirements to resolve the issues. proposed functional requirements to resolve the issues.
5.1. Source address selection 5.1. Source address selection
A multihomed IPv6 host will typically have different addresses A multihomed IPv6 host will typically have different addresses
assigned from each service provider either on the same link assigned from each service provider either on the same link
(scenarios 1 & 2) or different links (scenario 3). When the host (scenarios 1 & 2) or different links (scenario 3). When the host
wishes to send a packet to any given destination, the current source wishes to send a packet to any given destination, the current source
address selection rules [RFC3484] may not deterministically resolve address selection rules [RFC3484] may not deterministically resolve
the correct source address when the host addressing was via RA or the correct source address when the host addressing was via Router
DHCPv6. [I-D.ietf-6man-addr-select-sol] describes the use of the Advertisement (RA) or DHCPv6.
[I-D.ietf-6man-addr-select-considerations] describes the use of the
policy table [RFC3484] to resolve this problem, but there is no policy table [RFC3484] to resolve this problem, but there is no
mechanism defined to disseminate the policy table information to a mechanism defined to disseminate the policy table information to a
host. A proposal is in [I-D.ietf-6man-addr-select-opt] to provide a host. A proposal is in [I-D.ietf-6man-addr-select-opt] to provide a
DHCPv6 mechanism for host policy table management. DHCPv6 mechanism for host policy table management.
Again, by employing DHCPv6, the server could restrict address Again, by employing DHCPv6, the server could restrict address
assignment (of additional prefixes) only to hosts that support policy assignment (of additional prefixes) only to hosts that support policy
table management. table management.
Scenario 1: "Host" needs to support the solution for this problem Scenario 1: "Host" needs to support the solution for this problem.
Scenario 2: "Host" needs to support the solution for this problem Scenario 2: "Host" needs to support the solution for this problem.
Scenario 3: If "Host" support the next-hop selection solution, there Scenario 3: If "Host" support the next-hop selection solution, there
is no need to support the address selection functionality on the is no need to support the address selection functionality on the
host. host.
It is noted that the service providers (i.e., ISP and enterprise/VPN)
must also support [I-D.ietf-6man-addr-select-opt].
5.2. Next-hop selection 5.2. Next-hop selection
A multihomed IPv6 host or gateway may have multiple uplinks to A multihomed IPv6 host or gateway may have multiple uplinks to
different service providers. Here each router would use Router different service providers. Here each router would use Router
Advertisements [RFC4861] for distributing default route/next-hop Advertisements [RFC4861] for distributing default route/next-hop
information to the host or gateway router. information to the host or gateway router.
In this case, the host or gateway router may select any valid default In this case, the host or gateway router may select any valid default
router from the default routers list, resulting in traffic being sent router from the default routers list, resulting in traffic being sent
to the wrong router and discarded by the upstream service provider. to the wrong router and discarded by the upstream service provider.
Using the above scenarios as an example, whenever the host wishes to Using the above scenarios as an example, whenever the host wishes to
reach a destination in network 2 and there is no connectivity between reach a destination in network 2 and there is no connectivity between
networks 1 and 2 (as is the case for a walled-garden or closed networks 1 and 2 (as is the case for a walled-garden or closed
service), the host or gateway router does not know whether to forward service), the host or gateway router does not know whether to forward
traffic to rtr1 or rtr2 to reach a destination in network 2. The traffic to rtr1 or rtr2 to reach a destination in network 2. The
host or gateway router may choose rtr1 as the default router, and host or gateway router may choose rtr1 as the default router, and
traffic fails to reach the destination server. The host or gateway traffic fails to reach the destination server. The host or gateway
router requires route information for each upstream service provider, router requires route information for each upstream service provider,
but the use of a routing protocol between a host and router causes but the use of a routing protocol between the gateway and the two
both configuration and scaling issues. For IPv4 hosts, the gateway routers causes both configuration and scaling issues. For IPv4
router is often pre-configured with static route information or uses hosts, the gateway router is often pre-configured with static route
of Classless Static Route Options [RFC3442] for DHCPv4. Extensions information or uses of Classless Static Route Options [RFC3442] for
to Router Advertisements through Default Router Preference and More- DHCPv4. Extensions to Router Advertisements through Default Router
Specific Routes [RFC4191] provides for link-specific preferences but Preference and More-Specific Routes [RFC4191] provides for link-
does not address per-host configuration in a multi-access topology specific preferences but does not address per-host configuration in a
because of its reliance on Router Advertisements. A DHCPv6 option, multi-access topology because of its reliance on Router
such as that in [I-D.ietf-mif-dhcpv6-route-option], is preferred for Advertisements. A DHCPv6 option, such as that in
host-specific configuration. By employing a DHCPv6 solution, a [I-D.ietf-mif-dhcpv6-route-option], is preferred for host-specific
DHCPv6 server could restrict address assignment (of additional configuration. By employing a DHCPv6 solution, a DHCPv6 server could
prefixes) only to hosts that support more advanced next-hop and restrict address assignment (of additional prefixes) only to hosts
address selection requirements. that support more advanced next-hop and address selection
requirements.
Scenario 1: "Host" needs to support the solution for this problem Scenario 1: "Host" needs to support the solution for this problem.
Scenario 2: "GW rtr" needs to support the solution for this problem Scenario 2: "GW rtr" needs to support the solution for this problem.
Scenario 3: "Host" needs to support the solution for this problem Scenario 3: "Host" needs to support the solution for this problem.
5.3. DNS server selection It is noted that the service providers (i.e., ISP and enterprise/VPN)
must also support [I-D.ietf-mif-dhcpv6-route-option].
5.3. DNS recursive name server selection
A multihomed IPv6 host or gateway router may be provided multiple DNS A multihomed IPv6 host or gateway router may be provided multiple DNS
resolvers through DHCPv6 or RA [RFC6106]. When the host or gateway recursive name servers through DHCPv6 [RFC3646] or RA [RFC6106].
router sends a DNS query, it would normally choose one of the When the host or gateway router sends a DNS query, it would normally
available DNS resolvers for the query. choose one of the available DNS recursive name servers for the query.
In the IPv6 gateway router scenario, the Broadband Forum [TR124] In the IPv6 gateway router scenario, the Broadband Forum [TR124]
required that the query be sent to all DNS resolvers, and the gateway required that the query be sent to all DNS recursive name servers,
waits for the first reply. In IPv6, given our use of specific and the gateway waits for the first reply. In IPv6, given our use of
destination-based policy for both routing and source address specific destination-based policy for both routing and source address
selection, it is desirable to extend a policy-based concept to DNS selection, it is desirable to extend a policy-based concept to DNS
resolver selection. Doing so can minimize DNS resolver load and recursive name server selection. Doing so can minimize DNS recursive
avoid issues where DNS resolvers in different networks have name server load and avoid issues where DNS recursive name servers in
connectivity issues, or the DNS resolvers are not publicly different networks have connectivity issues, or the DNS recursive
accessible. In the worst case, a DNS query may be unanswered if sent name server are not publicly accessible. In the worst case, a DNS
towards an incorrect resolver, resulting in a lack of connectivity. query for a name from a local namespace may not be resolved correctly
if sent towards a DNS server not aware of said local namespace,
resulting in a lack of connectivity.
An IPv6 multihomed host or gateway router should have the ability to It is not issue of Domain Name System model itself, but an IPv6
select appropriate DNS resolvers for each service based on the domain multihomed host or gateway router should have the ability to select
space for the destination, and each service should provide rules appropriate DNS recursive name servers for each service based on the
specific to that network. [I-D.ietf-mif-dns-server-selection] domain space for the destination, and each service should provide
proposes a solution for DNS server selection policy providing rules specific to that network. [I-D.ietf-mif-dns-server-selection]
solution with a DHCPv6 option. proposes a solution for distributing DNS server selection policy
using a DHCPv6 option.
Scenario 1: "Host" needs to support the solution for this problem Scenario 1: "Host" needs to support the solution for this problem.
Scenario 2: "GW rtr" needs to support the solution for this problem
Scenario 3: "Host" needs to support the solution for this problem Scenario 2: "GW rtr" needs to support the solution for this problem.
Scenario 3: "Host" needs to support the solution for this problem.
It is noted that the service providers (i.e., ISP and enterprise/VPN)
must also support [I-D.ietf-mif-dns-server-selection].
6. Implementation approach 6. Implementation approach
As mentioned in Section 5, in the multi-prefix environment, we have As mentioned in Section 5, in the multi-prefix environment, we have
three problems in source address selection, next-hop selection, and three problems in source address selection, next-hop selection, and
DNS resolver selection. In this section, possible solution DNS recursive name server selection. In this section, possible
mechanisms for each problem are introduced and evaluated against the solution mechanisms for each problem are introduced and evaluated
requirements in Section 4. against the requirements in Section 4.
6.1. Source address selection 6.1. Source address selection
Possible solutions and their evaluation are summarized in Possible solutions and their evaluation are summarized in
[I-D.ietf-6man-addr-select-sol]. When those solutions are examined [I-D.ietf-6man-addr-select-considerations]. When those solutions are
against the requirements in Section 4, the proactive approaches, such examined against the requirements in Section 4, the proactive
as the policy table distribution mechanism and the routing system approaches, such as the policy table distribution mechanism and the
assistance mechanism, are more appropriate in that they can propagate routing hints mechanism, are more appropriate in that they can
the network administrator's policy directly. The policy distribution propagate the network administrator's policy directly. The policy
mechanism has an advantage with regard to the host's protocol stack distribution mechanism has an advantage with regard to the host's
impact and the staticness of the assumed target network environment. protocol stack impact and the static nature of the assumed target
network environment.
6.2. Next-hop selection 6.2. Next-hop selection
As for the source address selection problem, both a policy-based As for the source address selection problem, both a policy-based
approach and a non policy-based approach are possible with regard to approach and a non policy-based approach are possible with regard to
the next-hop selection problem. Because of the same requirements, the next-hop selection problem. Because of the same requirements,
the policy propagation-based solution mechanism, whatever the policy, the policy propagation-based solution mechanism, whatever the policy,
should be more appropriate. should be more appropriate.
Routing information is a typical example of policy related to next- Routing information is a typical example of policy related to next-
hop selection. If we assume source address-based routing at hosts or hop selection. If we assume source address-based routing at hosts or
intermediate routers, the pairs of source prefixes and next-hops can intermediate routers, the pairs of source prefixes and next-hops can
be another example of next-hop selection policy. be another example of next-hop selection policy.
The routing information-based approach has a clear advantage in The routing information-based approach has a clear advantage in
implementation and is already commonly used. implementation and is already commonly used.
The existing proposed or standardized routing information The existing proposed or standardized routing information
distribution mechanisms are routing protocols, such as RIPng and distribution mechanisms are routing protocols, such as RIPng and
OSPFv3, the router advertisement (RA) extension option defined in OSPFv3, the RA extension option defined in [RFC4191], the DHCPv6
[RFC4191], the DHCPv6 route information option proposed in route information option proposed in
[I-D.ietf-mif-dhcpv6-route-option], and the [TR069] standardized at [I-D.ietf-mif-dhcpv6-route-option], and the [TR069] standardized at
BBF. BBF.
The RA-based mechanism has difficulty in per-host routing information The RA-based mechanism has difficulty in per-host routing information
distribution. The dynamic routing protocols such as RIPng are not distribution. The dynamic routing protocols such as RIPng are not
usually used between the residential users and ISP networks because usually used between the residential users and ISP networks because
of their scalability implications. The DHCPv6 mechanism does not of their scalability implications. The DHCPv6 mechanism does not
have these difficulties and has the advantages of its relaying have these difficulties and has the advantage of its relaying
functionality. It is commonly used and is thus easy to deploy. functionality. It is commonly used and is thus easy to deploy.
[TR069], mentioned above, is a possible solution mechanism for [TR069], mentioned above, is a possible solution mechanism for
routing information distribution to customer-premises equipment routing information distribution to customer-premises equipment
(CPE). It assumes, however, IP reachability to the Auto (CPE). It assumes, however, IP reachability to the Auto
Configuration Server (ACS) is established. Therefore, if the CPE Configuration Server (ACS) is established. Therefore, if the CPE
requires routing information to reach the ACS, [TR069] cannot be used requires routing information to reach the ACS, [TR069] cannot be used
to distribute this information. to distribute this information.
6.3. DNS resolver selection 6.3. DNS recursive name server selection
As in the above two problems, a policy-based approach and non policy- As in the above two problems, a policy-based approach and non policy-
based approach are possible. In a non policy-based approach, a host based approach are possible. In a non policy-based approach, a host
or a home gateway router is assumed to send DNS queries to several or a home gateway router is assumed to send DNS queries to several
DNS servers at once or to select one of the available servers. DNS recursive name servers at once or to select one of the available
servers.
In the non policy-based approach, by making a query to a resolver in In the non policy-based approach, by making a query to a DNS
a different service provider to that which hosts the service, a user recursive name server in a different service provider to that which
could be directed to unexpected IP address or receive an invalid hosts the service, a user could be directed to unexpected IP address
response, and thus cannot connect to the service provider's private or receive an invalid response, and thus cannot connect to the
and legitimate service. For example, some DNS servers reply with service provider's private and legitimate service. For example, some
different answers depending on the source address of the DNS query, DNS recursive name servers reply with different answers depending on
which is sometimes called split-horizon. When the host mistakenly the source address of the DNS query, which is sometimes called split-
makes a query to a different provider's DNS to resolve a FQDN of horizon. When the host mistakenly makes a query to a different
another provider's private service, and the DNS resolver adopts the provider's DNS recursive name server to resolve a FQDN of another
split-horizon configuration, the queried server returns an IP address provider's private service, and the DNS recursive name server adopts
of the non-private side of the service. Another problem with this the split-horizon configuration, the queried server returns an IP
approach is that it causes unnecessary DNS traffic to the DNS address of the non-private side of the service. Another problem with
resolvers that are visible to the users. this approach is that it causes unnecessary DNS traffic to the DNS
recursive name servers that are visible to the users.
The alternative of a policy-based approach is documented in The alternative of a policy-based approach is documented in
[I-D.ietf-mif-dns-server-selection],where several pairs of DNS [I-D.ietf-mif-dns-server-selection], where several pairs of DNS
resolver addresses and DNS domain suffixes are defined as part of a recursive name server addresses and DNS domain suffixes are defined
policy and conveyed to hosts in a new DHCP option. In an environment as part of a policy and conveyed to hosts in a new DHCP option. In
where there is a home gateway router, that router can act as a DNS an environment where there is a home gateway router, that router can
proxy, interpret this option and distribute DNS queries to the act as a DNS recursive name server, interpret this option and
appropriate DNS servers according to the policy. distribute DNS queries to the appropriate DNS servers according to
the policy.
7. Considerations for host without multi-prefix support 7. Considerations for host without multi-prefix support
This section presents an alternative approach to mitigate the problem This section presents an alternative approach to mitigate the problem
in a multihomed network. This approach will help IPv6 hosts that are in a multihomed network. This approach will help IPv6 hosts that are
not capable of the enhancements for the source address selection not capable of the enhancements for the source address selection
policy, next-hop selection policy, and DNS selection policy described policy, next-hop selection policy, and DNS selection policy described
in Section 6. in Section 6.
7.1. IPv6 NAT 7.1. IPv6 NAT
skipping to change at page 15, line 37 skipping to change at page 17, line 7
\ / \ /
\__________/ \__________/
Figure 5: Legacy Host Figure 5: Legacy Host
The gateway router also has to support the two features, next-hop The gateway router also has to support the two features, next-hop
selection and DNS server selection, shown in Section 6. selection and DNS server selection, shown in Section 6.
The implementation and issues of IPv6 NAT are out of the scope of The implementation and issues of IPv6 NAT are out of the scope of
this document. They may be covered by another document under this document. They may be covered by another document under
discussion [I-D.mrw-nat66]. discussion [RFC6296].
7.2. Co-exisitence consideration 7.2. Co-existence consideration
To allow the coexistence of non-MHMP hosts and MHMP hosts (i.e. hosts To allow the co-existence of non-MHMP hosts and MHMP hosts (i.e.
supporting multi-prefix with the enhancements for the source address hosts supporting multi-prefix with the enhancements for the source
selection), GW-rtr may need to treat those hosts separately. address selection), GW-rtr may need to treat those hosts separately.
An idea to achieve this is that GW-rtr identifies the hosts, and then An idea to achieve this is that GW-rtr identifies the hosts, and then
assigns single prefix to non-MHMP hosts and assigns multiple prefix assigns a single prefix to non-MHMP hosts and assigns multiple
to MHMP hosts. In this case, GW-rtr can perform IPv6 NAT only for prefixes to MHMP hosts. In this case, GW-rtr can perform IPv6 NAT
the traffic from MHMP hosts if its source address is not appropriate. only for the traffic from non-MHMP hosts if its source address is not
appropriate.
Another idea is that GW-rtr assigns multiple prefix to the both Another idea is that GW-rtr assigns multiple prefixes to the both
hosts, and it performs IPv6 NAT for the traffic from non-MHMP hosts hosts, and it performs IPv6 NAT for the traffic from non-MHMP hosts
if its source address is not appropriate. if its source address is not appropriate.
In scenario 1 and 3, the non-MHMP hosts can be placed behind the NAT In scenario 1 and 3, the non-MHMP hosts can be placed behind the NAT
box. In this case, non-MHMP host can access the service through the box. In this case, the non-MHMP host can access the service through
NAT box. the NAT box.
The implementation of identifying non-MHMP hosts and NAT policy is The implementation of identifying non-MHMP hosts and NAT policy is
outside the scope of this document. outside the scope of this document.
8. Security Considerations 8. Security Considerations
This document requires that the solutions for MHMP should have a This document requires that the solutions for MHMP should have policy
policy providing function. So, new security risks can be introduced providing functions. New security threats can be introduced
depending on what kind and what form of the policy. The threats can depending on what kind and what form of the policy. The threats can
be categorized in two parts: the policy receiver side and the policy be categorized in two parts: the policy receiver side and the policy
distributer side. A policy receiver may receive an evil policy from distributor side.
a policy distributor. A policy distributor should expect some hosts
in his network do not follow the distributed policy. The security A policy receiver may receive an evil policy from a policy
threats related to IPv6 multihoming are described in [RFC4218]. distributor. A policy distributor should expect some hosts in its
network do not follow the distributed policy. The security threats
related to IPv6 multihoming are described in [RFC4218]. Those
threats that are specific to MHMP solutions are enumerated below.
Threats related to the policy distributor side:
Policy collision can happen. When multiple policy distributor
exists, a policy receiver may not follow one or each of the
received policy. Especially when a policy conflicts with
another policy, a policy receiver cannot implement each of the
policy. To solve or mitigate this issue, policy prioritization
rule should be defined, such as preference for the policy
received on a trusted interface. Another solution is to
preclude the functionality of multiple policy acceptance at the
receiver side. In this case, a policy distributor should
cooperate with other policy distributors, and a single
representative provider should distribute a merged policy.
Apart from the policy collision, a network service provider
should expect the existence of hosts that will not obey the
received policy. A possible solutions is to ingress-filter
those packets that do not match the distributed policy and drop
them. About the route selection, packet forwarding or
redirection can be another possible solution. About the source
address selection, IPv6 NAT can be another possible solution.
Threats related to the policy receiver side:
A policy receiver are exposed to the threats of unauthorized
policy, which can lead to session hijack, DoS, wiretapping and
phishing. Unauthorized policy here means a policy distributed
from an entity that does not have rights to do so. Usually,
only a site administrator and a network service provider have
rights to distribute these policies just as well as IP address
assignment and DNS server address notification. Regarding
source address selection, unauthorized policy can expose an IP
address that will not usually be exposed to an external server,
which can be a privacy problem. To solve or mitigate this
problem of unauthorized policy, one approach is limiting on use
of these policy distribution mechanisms, as described in the
section 4.4 of [I-D.ietf-mif-dns-server-selection]. For
example, a policy should be preferred or accepted when the
policy is delivered across a secure, trusted channel such as 3G
connection in cellular services. The proposed solutions are
baed on DHCP, so the limitation of local site communication,
which is often used in WiFi access services, should be another
solution or mitigation for this problem. About DNS server
selection issue, DNSSEC can be another solution. About source
address selection, the ingress filter at the network service
provider router can be a solution.
Another threat is the leakage of the policy and privacy issues
resulting from that. Especially when each client is
distributed its own policy from the network service provider,
the policy can give a hint of which service the client
subscribes. Encryption of communication channel, separation of
communication channel per host can be solutions for this
problem.
9. IANA Considerations 9. IANA Considerations
This document has no IANA actions. This document has no IANA actions.
10. Contributors 10. Contributors
The following people contributed to this document: Akiko Hattori, The following people contributed to this document: Akiko Hattori,
Arifumi Matsumoto, Frank Brockners, Fred Baker, Tomohiro Fujisaki, Arifumi Matsumoto, Frank Brockners, Fred Baker, Tomohiro Fujisaki,
Jun-ya Kato, Shigeru Akiyama, Seiichi Morikawa, Mark Townsley, Jun-ya Kato, Shigeru Akiyama, Seiichi Morikawa, Mark Townsley,
Wojciech Dec, Yasuo Kashimura, Yuji Yamazaki. This document has Wojciech Dec, Yasuo Kashimura, Yuji Yamazaki. This document has
greatly benefited from inputs by Randy Bush, Brian Carpenter, and greatly benefited from inputs by Randy Bush, Brian Carpenter, and
Teemu Savolainen. Teemu Savolainen.
11. References 11. References
11.1. Normative References 11.1. Normative References
[I-D.ietf-6man-addr-select-opt] [I-D.ietf-6man-addr-select-considerations]
Matsumoto, A., Fujisaki, T., and J. Kato, "Distributing Chown, T., "Considerations for IPv6 Address Selection
Address Selection Policy using DHCPv6", Policy Changes",
draft-ietf-6man-addr-select-opt-00 (work in progress), draft-ietf-6man-addr-select-considerations-03 (work in
December 2010. progress), March 2011.
[I-D.ietf-6man-addr-select-sol] [I-D.ietf-6man-addr-select-opt]
Matsumoto, A., Fujisaki, T., and R. Hiromi, "Solution Matsumoto, A., Fujisaki, T., Kato, J., and T. Chown,
approaches for address-selection problems", "Distributing Address Selection Policy using DHCPv6",
draft-ietf-6man-addr-select-sol-03 (work in progress), draft-ietf-6man-addr-select-opt-01 (work in progress),
March 2010. June 2011.
[I-D.ietf-mif-dhcpv6-route-option] [I-D.ietf-mif-dhcpv6-route-option]
Dec, W., Mrugalski, T., Sun, T., and B. Sarikaya, "DHCPv6 Dec, W., Mrugalski, T., Sun, T., and B. Sarikaya, "DHCPv6
Route Option", draft-ietf-mif-dhcpv6-route-option-01 (work Route Options", draft-ietf-mif-dhcpv6-route-option-02
in progress), March 2011. (work in progress), July 2011.
[I-D.ietf-mif-dns-server-selection] [I-D.ietf-mif-dns-server-selection]
Savolainen, T. and J. Kato, "Improved DNS Server Selection Savolainen, T., Kato, J., and T. Lemon, "Improved DNS
for Multi-Homed Nodes", Server Selection for Multi-Homed Nodes",
draft-ietf-mif-dns-server-selection-01 (work in progress), draft-ietf-mif-dns-server-selection-03 (work in progress),
March 2011. June 2011.
[I-D.mrw-nat66]
Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix
Translation", draft-mrw-nat66-12 (work in progress),
March 2011.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3484] Draves, R., "Default Address Selection for Internet [RFC3484] Draves, R., "Default Address Selection for Internet
Protocol version 6 (IPv6)", RFC 3484, February 2003. Protocol version 6 (IPv6)", RFC 3484, February 2003.
[RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and [RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and
More-Specific Routes", RFC 4191, November 2005. More-Specific Routes", RFC 4191, November 2005.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
September 2007. September 2007.
[RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix
Translation", RFC 6296, June 2011.
11.2. Informative References 11.2. Informative References
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022, Address Translator (Traditional NAT)", RFC 3022,
January 2001. January 2001.
[RFC3442] Lemon, T., Cheshire, S., and B. Volz, "The Classless [RFC3442] Lemon, T., Cheshire, S., and B. Volz, "The Classless
Static Route Option for Dynamic Host Configuration Static Route Option for Dynamic Host Configuration
Protocol (DHCP) version 4", RFC 3442, December 2002. Protocol (DHCP) version 4", RFC 3442, December 2002.
[RFC3582] Abley, J., Black, B., and V. Gill, "Goals for IPv6 Site- [RFC3582] Abley, J., Black, B., and V. Gill, "Goals for IPv6 Site-
Multihoming Architectures", RFC 3582, August 2003. Multihoming Architectures", RFC 3582, August 2003.
[RFC3646] Droms, R., "DNS Configuration options for Dynamic Host
Configuration Protocol for IPv6 (DHCPv6)", RFC 3646,
December 2003.
[RFC4116] Abley, J., Lindqvist, K., Davies, E., Black, B., and V. [RFC4116] Abley, J., Lindqvist, K., Davies, E., Black, B., and V.
Gill, "IPv4 Multihoming Practices and Limitations", Gill, "IPv4 Multihoming Practices and Limitations",
RFC 4116, July 2005. RFC 4116, July 2005.
[RFC4218] Nordmark, E. and T. Li, "Threats Relating to IPv6 [RFC4218] Nordmark, E. and T. Li, "Threats Relating to IPv6
Multihoming Solutions", RFC 4218, October 2005. Multihoming Solutions", RFC 4218, October 2005.
[RFC4960] Stewart, R., "Stream Control Transmission Protocol", [RFC4960] Stewart, R., "Stream Control Transmission Protocol",
RFC 4960, September 2007. RFC 4960, September 2007.
[RFC4966] Aoun, C. and E. Davies, "Reasons to Move the Network
Address Translator - Protocol Translator (NAT-PT) to
Historic Status", RFC 4966, July 2007.
[RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, [RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli,
"IPv6 Router Advertisement Options for DNS Configuration", "IPv6 Router Advertisement Options for DNS Configuration",
RFC 6106, November 2010. RFC 6106, November 2010.
[TR069] The BroadBand Forum, "TR-069, CPE WAN Management Protocol [TR069] The BroadBand Forum, "TR-069, CPE WAN Management Protocol
v1.1, Version: Issue 1 Amendment 2", December 2007. v1.1, Version: Issue 1 Amendment 2", December 2007.
[TR124] The BroadBand Forum, "TR-124i2, Functional Requirements [TR124] The BroadBand Forum, "TR-124i2, Functional Requirements
for Broadband Residential Gateway Devices (work in for Broadband Residential Gateway Devices (work in
progress)", May 2010. progress)", May 2010.
skipping to change at page 19, line 4 skipping to change at page 21, line 20
Norway Norway
Email: ot@cisco.com Email: ot@cisco.com
David Miles David Miles
Alcatel-Lucent Alcatel-Lucent
Melbourne Melbourne
Australia Australia
Email: david.miles@alcatel-lucent.com Email: david.miles@alcatel-lucent.com
Satoru Matsushima Satoru Matsushima
SOFTBANK TELECOM Corp. Softbank Telecom
Tokyo Tokyo
Japan Japan
Email: satoru.matsushima@tm.softbank.co.jp Email: satoru.matsushima@tm.softbank.co.jp
Tadahisa Okimoto Tadahisa Okimoto
NTT West NTT West
Osaka Osaka
Japan Japan
 End of changes. 77 change blocks. 
255 lines changed or deleted 344 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/