draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat-06.txt   rfc7157.txt 
Internet Engineering Task Force O. Troan, Ed. Internet Engineering Task Force (IETF) O. Troan, Ed.
Internet-Draft Cisco Request for Comments: 7157 Cisco
Intended status: Informational D. Miles Category: Informational D. Miles
Expires: August 18, 2014 Alcatel-Lucent ISSN: 2070-1721 Google Fiber
S. Matsushima S. Matsushima
Softbank Telecom Softbank Telecom
T. Okimoto T. Okimoto
NTT West NTT West
D. Wing D. Wing
Cisco Cisco
February 14, 2014 March 2014
IPv6 Multihoming without Network Address Translation IPv6 Multihoming without Network Address Translation
draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat-06
Abstract Abstract
Network Address and Port Translation (NAPT) works well for conserving Network Address and Port Translation (NAPT) works well for conserving
global addresses and addressing multihoming requirements, because an global addresses and addressing multihoming requirements because an
IPv4 NAPT router implements three functions: source address IPv4 NAPT router implements three functions: source address
selection, next-hop resolution and optionally DNS resolution. For selection, next-hop resolution, and (optionally) DNS resolution. For
IPv6 hosts one approach could be the use of NPTv6. However, NAT IPv6 hosts, one approach could be the use of IPv6-to-IPv6 Network
should be avoided, if at all possible, to permit transparent end-to- Prefix Translation (NPTv6). However, NAT and NPTv6 should be
end connectivity. In this document, we analyze the use cases of avoided, if at all possible, to permit transparent end-to-end
connectivity. In this document, we analyze the use cases of
multihoming. We also describe functional requirements and possible multihoming. We also describe functional requirements and possible
solutions for multihoming without the use of NAT in IPv6 for hosts solutions for multihoming without the use of NAT in IPv6 for hosts
and small IPv6 networks that would otherwise be unable to meet and small IPv6 networks that would otherwise be unable to meet
minimum IPv6 allocation criteria. We conclude that DHCPv6 based minimum IPv6-allocation criteria. We conclude that DHCPv6-based
solutions are suitable to solve the multihoming issues, described in solutions are suitable to solve the multihoming issues described in
this document, while NPTv6 may be required as an intermediate this document, but NPTv6 may be required as an intermediate solution.
solution.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This document is not an Internet Standards Track specification; it is
provisions of BCP 78 and BCP 79. published for informational purposes.
Internet-Drafts are working documents of the Internet Engineering This document is a product of the Internet Engineering Task Force
Task Force (IETF). Note that other groups may also distribute (IETF). It represents the consensus of the IETF community. It has
working documents as Internet-Drafts. The list of current Internet- received public review and has been approved for publication by the
Drafts is at http://datatracker.ietf.org/drafts/current/. Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
Internet-Drafts are draft documents valid for a maximum of six months Information about the current status of this document, any errata,
and may be updated, replaced, or obsoleted by other documents at any and how to provide feedback on it may be obtained at
time. It is inappropriate to use Internet-Drafts as reference http://www.rfc-editor.org/info/rfc7157.
material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 18, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. IPv6 multihomed network scenarios . . . . . . . . . . . . . . 5 3. IPv6 Multihomed Network Scenarios . . . . . . . . . . . . . . 6
3.1. Classification of network scenarios for multihomed host . 5 3.1. Classification of Network Scenarios for Multihomed Host . 6
3.2. Multihomed network environment . . . . . . . . . . . . . 7 3.2. Multihomed Network Environment . . . . . . . . . . . . . 8
3.3. Problem Statement . . . . . . . . . . . . . . . . . . . . 8 3.3. Problem Statement . . . . . . . . . . . . . . . . . . . . 9
4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 9 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 11
4.1. End-to-End transparency . . . . . . . . . . . . . . . . . 10 4.1. End-to-End Transparency . . . . . . . . . . . . . . . . . 11
4.2. Scalability . . . . . . . . . . . . . . . . . . . . . . . 10 4.2. Scalability . . . . . . . . . . . . . . . . . . . . . . . 11
5. Problem statement and analysis . . . . . . . . . . . . . . . 10 5. Problem Analysis . . . . . . . . . . . . . . . . . . . . . . 11
5.1. Source address selection . . . . . . . . . . . . . . . . 10 5.1. Source Address Selection . . . . . . . . . . . . . . . . 11
5.2. Next-hop selection . . . . . . . . . . . . . . . . . . . 11 5.2. Next Hop Selection . . . . . . . . . . . . . . . . . . . 12
5.3. DNS recursive name server selection . . . . . . . . . . . 12 5.3. DNS Recursive Name Server Selection . . . . . . . . . . . 13
6. Implementation approach . . . . . . . . . . . . . . . . . . . 12 6. Implementation Approach . . . . . . . . . . . . . . . . . . . 13
6.1. Source address selection . . . . . . . . . . . . . . . . 12 6.1. Source Address Selection . . . . . . . . . . . . . . . . 14
6.2. Next-hop selection . . . . . . . . . . . . . . . . . . . 13 6.2. Next Hop Selection . . . . . . . . . . . . . . . . . . . 14
6.3. DNS recursive name server selection . . . . . . . . . . . 13 6.3. DNS Recursive Name Server Selection . . . . . . . . . . . 15
6.4. Other algorithms available in RFCs . . . . . . . . . . . 14 6.4. Other Algorithms Available in RFCs . . . . . . . . . . . 16
7. Considerations for MHMP deployment . . . . . . . . . . . . . 14 7. Considerations for MHMP Deployment . . . . . . . . . . . . . 16
7.1. Non-MHMP host consideration . . . . . . . . . . . . . . . 15 7.1. Non-MHMP Host Consideration . . . . . . . . . . . . . . . 16
7.2. Co-existence considerations . . . . . . . . . . . . . . . 15 7.2. Coexistence Considerations . . . . . . . . . . . . . . . 17
7.3. Policy collision consideration . . . . . . . . . . . . . 16 7.3. Policy Collision Consideration . . . . . . . . . . . . . 17
8. Security Considerations . . . . . . . . . . . . . . . . . . . 16 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 19
10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 18 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 20
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 10.1. Normative References . . . . . . . . . . . . . . . . . . 20
11.1. Normative References . . . . . . . . . . . . . . . . . . 18 10.2. Informative References . . . . . . . . . . . . . . . . . 20
11.2. Informative References . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20
1. Introduction 1. Introduction
In this document, we analyze the use cases of multihoming, describe In this document, we analyze the use cases of multihoming, describe
functional requirements and the problems with IPv6 multihoming. functional requirements, and describe the problems with IPv6
There are two ways to avoid the problems of IPv6 multihoming: multihoming. There are two ways to avoid the problems of IPv6
multihoming:
1. IPv6 network prefix translation (NPTv6, [RFC6296]), or; 1. using IPv6-to-IPv6 network prefix translation (NPTv6) [RFC6296],
or;
2. refining IPv6 specifications to resolve the problems with IPv6 2. refining IPv6 specifications to resolve the problems with IPv6
multihoming. multihoming.
This document concerns itself with the latter, and explores the This document concerns itself with the latter and explores the
solution space. We hope this will encourage the development of solution space. We hope this will encourage the development of
solutions to the problem so that, in the long run, NPTv6 can be solutions to the problem so that, in the long run, NPTv6 can be
avoided. avoided.
IPv6 provides enough globally unique addresses to permit every IPv6 provides enough globally unique addresses to permit every
conceivable host on the Internet to be uniquely addressed without the conceivable host on the Internet to be uniquely addressed without the
requirement for Network Address Port Translation (NAPT [RFC3022]), requirement for Network Address Port Translation (NAPT) [RFC3022],
offering a renaissance in end-to-end transparent connectivity. offering a renaissance in end-to-end transparent connectivity.
Unfortunately, this may not be possible in every case, due to the Unfortunately, this may not be possible in every case, due to the
possible necessity of NAT even in IPv6, because of multihoming. possible necessity of NAT even in IPv6, because of multihoming.
Though there are mechanisms to implement multihoming, such as BGP Though there are mechanisms to implement multihoming, such as BGP
multihoming [RFC4116] at the network level, and SCTP based multihoming [RFC4116] at the network level and multihoming based on
multihoming [RFC4960] in the transport layer, there is no mechanism the Stream Control Transmission Protocol (SCTP) [RFC4960] in the
in IPv6 that serves as a replacement for NAT based multihoming in transport layer, there is no mechanism in IPv6 that serves as a
IPv4. In IPv4, for a host or a small network, NAT based multihoming replacement for NAT-based multihoming in IPv4. In IPv4, for a host
is easily deployable and an already deployed technique. or a small network, NAT-based multihoming is easily deployable and is
an already-deployed technique.
Whenever a host or small network (that does not meet minimum IPv6 Whenever a host or small network (that does not meet minimum IPv6
allocation criteria) is connected to multiple upstream networks, an allocation criteria) is connected to multiple upstream networks, an
IPv6 address is assigned by each respective service provider IPv6 address is assigned by each respective service provider
resulting in hosts with multiple global scope IPv6 addresses with resulting in hosts with multiple global scope IPv6 addresses with
different prefixes. As each service provider is allocated a different prefixes. As each service provider is allocated a
different address space from its Internet Registry, it, in turn different address space from its Internet Registry, it, in turn,
assigns a different address space to the end-user network or host. assigns a different address space to the end-user network or host.
For example, a remote access user's host or router may use a VPN to For example, a remote access user's host or router may use a VPN to
simultaneously connect to a remote network and retain a default route simultaneously connect to a remote network and retain a default route
to the Internet for other purposes. to the Internet for other purposes.
In IPv4 a common solution to the multihoming problem is to employ In IPv4, a common solution to the multihoming problem is to employ
NAPT on a border router and use private address space for individual NAPT on a border router and use private address space for individual
host addressing. The use of NAPT allows hosts to have exactly one IP host addressing. The use of NAPT allows hosts to have exactly one IP
address visible on the public network and the combination of NAPT address visible on the public network, and the combination of NAPT
with provider-specific outside addresses (one for each uplink) and with provider-specific outside addresses (one for each uplink) and
destination-based routing insulates a host from the impacts of destination-based routing insulates a host from the impacts of
multiple upstream networks. The border router may also implement a multiple upstream networks. The border router may also implement a
DNS cache or DNS policy to resolve address queries from hosts. DNS cache or DNS policy to resolve address queries from hosts.
It is our goal to avoid the IPv6 equivalent of NAT. So, the goals It is our goal to avoid the IPv6 equivalent of NAT. So, the goals
for IPv6 multihoming defined in [RFC3582] do not match the goals of for IPv6 multihoming defined in [RFC3582] do not match the goals of
this document. Also regardless of what the NPTv6 specification is, this document. Also, regardless of what the NPTv6 specification is,
we are trying to avoid any form of network address translation we are trying to avoid any form of network address translation
technique that may not be visible to either of the end hosts. To technique that may not be visible to either of the end hosts. To
reach this goal, several mechanisms are needed for end-user hosts to reach this goal, several mechanisms are needed for end-user hosts to
have multiple address assignments and resolve issues such as which have multiple address assignments and resolve issues such as which
address to use for sourcing traffic to which destination: address to use for sourcing traffic to which destination:
o If multiple routers exist on a single link the host must select o If multiple routers exist on a single link, the host must select
the appropriate next-hop for each connected network. Each router the appropriate next hop for each connected network. Each router
is in turn connected to a different service provider network, is in turn connected to a different service provider network,
which provides independent address assignment. Routing protocols which provides independent address assignment. Routing protocols
that would normally be employed for router-to-router network that would normally be employed for router-to-router network
advertisement seem inappropriate for use by individual hosts. advertisement seem inappropriate for use by individual hosts.
o Source address selection becomes difficult whenever a host has o Source address selection becomes difficult whenever a host has
more than one address of the same address scope. Current address more than one address of the same address scope. Current address
selection criteria, may result in hosts using an arbitrary or selection criteria may result in hosts using an arbitrary or
random address when sourcing upstream traffic. Unfortunately, for random address when sourcing upstream traffic. Unfortunately, for
the host, the appropriate source address is a function of the the host, the appropriate source address is a function of the
upstream network for which the packet is bound for. If an upstream network for which the packet is bound. If an upstream
upstream service provider uses IP anti-spoofing or ingress service provider uses IP anti-spoofing or ingress filtering, it is
filtering, it is conceivable that the packets that have an conceivable that the packets that have an inappropriate source
inappropriate source address for the upstream network would never address for the upstream network would never reach their
reach their destination. destination.
o In a multihomed environment, different DNS scopes or partitions o In a multihomed environment, different DNS scopes or partitions
may exist in each independent upstream network. A DNS query sent may exist in each independent upstream network. A DNS query sent
to an arbitrary upstream DNS recursive name server may result in to an arbitrary upstream DNS recursive name server may result in
incorrect or poisoned responses. incorrect or poisoned responses.
In short, while IPv6 facilitates hosts having more than one address In short, while IPv6 facilitates hosts having more than one address
in the same address scope, the application of this causes significant in the same address scope, the application of this causes significant
issues for a host; from routing, source address selection and DNS issues for a host from routing, source address selection, and DNS
resolution perspectives. A possible consequence of assigning a host resolution perspectives. A possible consequence of assigning a host
multiple identically-scoped addresses is severely impaired IP multiple identically scoped addresses is severely impaired IP
connectivity. connectivity.
If a host connects to a network behind an IPv4 NAPT, the host has one If a host connects to a network behind an IPv4 NAPT, the host has one
private address in the local network. There is no confusion. The private address in the local network. There is no confusion. The
NAT becomes the gateway of the host and forwards the packet to an NAT becomes the gateway of the host and forwards the packet to an
appropriate network when it is multihomed. It also operates a DNS appropriate network when it is multihomed. It also operates a DNS
cache server or DNS proxy, which receives all DNS inquires, and gives cache server or DNS proxy, which receives all DNS inquires, and gives
a correct answer to the host. a correct answer to the host.
2. Terminology 2. Terminology
NPTv6 IPv6-to-IPv6 Network Prefix Translation in NPTv6 IPv6-to-IPv6 Network Prefix Translation as described in
NPTv6 [RFC6296]. [RFC6296].
NAPT Network Address Port Translation as described NAPT Network Address Port Translation as described in
in [RFC3022]. In other contexts, NAPT is often [RFC3022]. In other contexts, NAPT is often pronounced
pronounced "NAT" or written as "NAT". "NAT" or written as "NAT".
Multihomed with multi-prefix (MHMP) A host implementation which MHMP Multihomed with multi-prefix. A host implementation that
supports the mechanisms described in this supports the mechanisms described in this document;
document. Namely source address selection namely, source address selection policy, next hop
policy, next-hop selection and DNS selection selection, and DNS selection policy.
policy.
3. IPv6 multihomed network scenarios 3. IPv6 Multihomed Network Scenarios
In this section, we classify three scenarios of the multihoming In this section, we classify three scenarios of the multihoming
environment. environment.
3.1. Classification of network scenarios for multihomed host 3.1. Classification of Network Scenarios for Multihomed Host
Scenario 1: Scenario 1:
In this scenario, two or more routers are present on a single link In this scenario, two or more routers are present on a single link
shared with the host(s). Each router is in turn connected to a shared with the host(s). Each router is, in turn, connected to a
different service provider network, that provides independent address different service provider network, which provides independent
assignment and DNS recursive name servers. A host in this address assignment and DNS recursive name servers. A host in this
environment would be offered multiple prefixes and DNS recursive name environment would be offered multiple prefixes and DNS recursive name
servers advertised from the two different routers. servers advertised from the two different routers.
+------+ ___________ +------+ ___________
| | / \ | | / \
+---| rtr1 |=====/ network \ +---| rtr1 |=====/ network \
| | | \ 1 / | | | \ 1 /
+------+ | +------+ \___________/ +------+ | +------+ \___________/
| | | | | |
| hosts|-----+ | hosts|-----+
| | | | | |
+------+ | +------+ ___________ +------+ | +------+ ___________
| | | / \ | | | / \
+---| rtr2 |=====/ network \ +---| rtr2 |=====/ network \
| | \ 2 / | | \ 2 /
+------+ \___________/ +------+ \___________/
Figure 1: single uplink, multiple next-hop, multiple prefix Figure 1: Single Uplink, Multiple Next Hop, Multiple Prefix
(Scenario 1) (Scenario 1)
Figure 1 illustrates the host connecting to rtr1 and rtr2 via a Figure 1 illustrates the host connecting to rtr1 and rtr2 via a
shared link. Networks 1 and 2 are reachable via rtr1 and rtr2 shared link. Networks 1 and 2 are reachable via rtr1 and rtr2,
respectively. When the host sends packets to network 1, the next-hop respectively. When the host sends packets to network 1, the next hop
to network 1 is rtr1. Similarly, rtr2 is the next-hop to network 2. to network 1 is rtr1. Similarly, rtr2 is the next hop to network 2.
- e.g., multiple broadband service providers (Internet, VoIP, IPTV, Example: multiple broadband service providers (Internet, VoIP, IPTV,
etc.) etc.)
Scenario 2: Scenario 2:
In this scenario, a single gateway router connects the host to two or In this scenario, a single gateway router connects the host to two or
more upstream service provider networks. This gateway router would more upstream service provider networks. This gateway router would
receive prefix delegations and a different set of DNS recursive name receive prefix delegations and a different set of DNS recursive name
servers from each independent service provider network. The gateway servers from each independent service provider network. The gateway,
in turn advertises the provider prefixes to the host, and for DNS, in turn, advertises the provider prefixes to the host, and for DNS,
may either act as a lightweight DNS cache server or may advertise the may either act as a lightweight DNS cache server or advertise the
complete set of service provider DNS recursive name servers to the complete set of service provider DNS recursive name servers to the
hosts. hosts.
+------+ ___________ +------+ ___________
+-----+ | | / \ +-----+ | | / \
| |=======| rtr1 |=====/ network \ | |=======| rtr1 |=====/ network \
| |port1 | | \ 1 / | |port1 | | \ 1 /
+------+ | | +------+ \___________/ +------+ | | +------+ \___________/
| | | | | | | |
| hosts|-----| GW | | hosts|-----| GW |
| | | rtr | | | | rtr |
+------+ | | +------+ ___________ +------+ | | +------+ ___________
| |port2 | | / \ | |port2 | | / \
| |-------| rtr2 |=====/ network \ | |-------| rtr2 |=====/ network \
+-----+ | | \ 2 / +-----+ | | \ 2 /
+------+ \___________/ +------+ \___________/
Figure 2: single uplink, single next-hop, multiple prefix Figure 2: Single Uplink, Single Next Hop, Multiple Prefix
(Scenario 2) (Scenario 2)
Figure 2 illustrates the host connected to GW rtr. GW rtr connects Figure 2 illustrates the host connected to GW rtr. GW rtr connects
to networks 1 and 2 via port1 and 2 respectively. As the figure to networks 1 and 2 via port1 and 2, respectively. As the figure
shows a logical topology of the scenario, the port1 could be a pseudo shows a logical topology of the scenario, port1 could be a pseudo-
interface for tunneling, which connects to the network 1 through the interface for tunneling, which connects to network 1 through network
network 2, and vice versa. When the host sends packets to either 2 and vice versa. When the host sends packets to either network 1 or
network 1 or 2, the next-hop is GW rtr. When the packets are sent to 2, the next hop is GW rtr. When the packets are sent to network 1
network 1 (network 2), GW rtr forwards the packets to port1 (port2). (network 2), GW rtr forwards the packets to port1 (port2).
- e.g, Internet + VPN/Application Service Provider (ASP)
Example: Internet + VPN / Application Service Provider (ASP)
Scenario 3: Scenario 3:
In this scenario, a host has more than one active interface that In this scenario, a host has more than one active interface that
connects to different routers and service provider networks. Each connects to different routers and service provider networks. Each
router provides the host with a different address prefix and set of router provides the host with a different address prefix and set of
DNS recursive name servers, resulting in a host with a unique address DNS recursive name servers, resulting in a host with a unique address
per link/interface. per link/interface.
+------+ +------+ ___________ +------+ +------+ ___________
| | | | / \ | | | | / \
| |-----| rtr1 |=====/ network \ | |-----| rtr1 |=====/ network \
| | | | \ 1 / | | | | \ 1 /
| | +------+ \___________/ | | +------+ \___________/
| | | |
| host | | host |
| | | |
| | +------+ ___________ | | +------+ ___________
| | | | / \ | | | | / \
| |=====| rtr2 |=====/ network \ | |=====| rtr2 |=====/ network \
| | | | \ 2 / | | | | \ 2 /
+------+ +------+ \___________/ +------+ +------+ \___________/
Figure 3: Multiple uplink, multiple next-hop, multiple prefix Figure 3: Multiple Uplink, Multiple Next Hop, Multiple Prefix
(Scenario 3) (Scenario 3)
Figure 3 illustrates the host connecting to rtr1 and rtr2 via a Figure 3 illustrates the host connecting to rtr1 and rtr2 via a
direct connection or a virtual link. When the host sends packets direct connection or a virtual link. When the host sends packets to
network 1, the next-hop to network 1 is rtr1. Similarly, rtr2 is the network 1, the next hop to network 1 is rtr1. Similarly, rtr2 is the
next-hop to network 2. next hop to network 2.
- e.g., Mobile Wifi + 3G, ISP A + ISP B Example: Mobile Wifi + 3G, ISP A + ISP B
3.2. Multihomed network environment 3.2. Multihomed Network Environment
In an IPv6 multihomed network, a host is assigned two or more IPv6 In an IPv6 multihomed network, a host is assigned two or more IPv6
addresses and DNS recursive name servers from independent service addresses and DNS recursive name servers from independent service
provider networks. When this multihomed host attempts to connect provider networks. When this multihomed host attempts to connect
with other hosts, it may incorrectly resolve the next-hop router, use with other hosts, it may incorrectly resolve the next-hop router, use
an inappropriate source address, or use a DNS response from an an inappropriate source address, or use a DNS response from an
incorrect service provider that may result in impaired IP incorrect service provider that may result in impaired IP
connectivity. connectivity.
Multihomed networks in IPv4 have been implemented through the use of In many cases, multihomed networks in IPv4 have been implemented
a gateway router with NAPT function (scenario 2 with NAPT) in many through the use of a gateway router with NAPT function (scenario 2
cases. An analysis of the current IPv4 NAPT and DNS functions within with NAPT). An analysis of the current IPv4 NAPT and DNS functions
the gateway router should provide a baseline set of requirements for within the gateway router should provide a baseline set of
IPv6 multihomed environments. A destination prefix/route is often requirements for IPv6 multihomed environments. A destination prefix/
used on the gateway router to separate traffic between the networks. route is often used on the gateway router to separate traffic between
the networks.
+------+ ___________ +------+ ___________
| | / \ | | / \
+---| rtr1 |=====/ network \ +---| rtr1 |=====/ network \
| | | \ 1 / | | | \ 1 /
+------+ +-----+ | +------+ \___________/ +------+ +-----+ | +------+ \___________/
| IPv4 | | | | | IPv4 | | | |
| hosts|-----| GW |---+ | hosts|-----| GW |---+
| | | rtr | | | | | rtr | |
+------+ +-----+ | +------+ ___________ +------+ +-----+ | +------+ ___________
(NAPT&DNS) | | | / \ (NAPT&DNS) | | | / \
(private +---| rtr2 |=====/ network \ (private +---| rtr2 |=====/ network \
address | | \ 2 / address | | \ 2 /
space) +------+ \___________/ space) +------+ \___________/
Figure 4: IPv4 Multihomed environment with Gateway Router performing Figure 4: IPv4 Multihomed Environment with
NAPT Gateway Router Performing NAPT
3.3. Problem Statement 3.3. Problem Statement
A multihomed IPv6 host has one or more assigned IPv6 addresses and A multihomed IPv6 host has one or more assigned IPv6 addresses and
DNS recursive name servers from each upstream service provider, DNS recursive name servers from each upstream service provider,
resulting in the host having multiple valid IPv6 addresses and DNS resulting in the host having multiple valid IPv6 addresses and DNS
recursive name servers. The host must be able to resolve the recursive name servers. The host must be able to resolve the
appropriate next-hop, the correct source address and DNS recursive appropriate next hop, the correct source address, and the correct DNS
name server to use based on the destination prefix. To prevent IP recursive name server to use based on the destination prefix. To
spoofing, operators will often implement ingress filtering to discard prevent IP spoofing, operators will often implement ingress filtering
traffic with an inappropriate source address, making it essential for to discard traffic with an inappropriate source address, making it
the host to correctly resolve these three items before sourcing the essential for the host to correctly resolve these three items before
first packet. sourcing the first packet.
IPv6 has mechanisms for the provision of multiple routers on a single IPv6 has mechanisms for the provision of multiple routers on a single
link and multiple address assignments to a single host. However, link and multiple address assignments to a single host. However,
when these mechanisms are applied to the three scenarios in when these mechanisms are applied to the three scenarios described in
Section 3.1 a number of connectivity issues are identified: Section 3.1, a number of connectivity issues are identified:
Scenario 1: Scenario 1:
The host has been assigned an address from each router and recognizes The host has been assigned an address from each router and recognizes
both rtr1 and rtr2 as valid default routers (in the default routers both rtr1 and rtr2 as valid default routers (in the default routers
list). list).
o The source address selection policy on the host does not o The source address selection policy on the host does not
deterministically resolve a source address. Ingress filtering or deterministically resolve a source address. Ingress filtering or
filter policies will discard traffic with source addresses that filter policies will discard traffic with source addresses that
skipping to change at page 9, line 27 skipping to change at page 10, line 27
link. link.
o The source address selection policy on the host does not o The source address selection policy on the host does not
deterministically resolve a source address. Ingress filtering or deterministically resolve a source address. Ingress filtering or
filter policies will discard traffic with source addresses that filter policies will discard traffic with source addresses that
the operator did not assign. the operator did not assign.
o The gateway router does not have an autonomous mechanism for o The gateway router does not have an autonomous mechanism for
determining which traffic should be sent to which network. If the determining which traffic should be sent to which network. If the
gateway router is implementing host functions (i.e., processing gateway router is implementing host functions (i.e., processing
Router Advertisement) then two valid default routers may be Router Advertisement (RA)), then two valid default routers may be
recognized. recognized.
Scenario 3: Scenario 3:
A host has two separate interfaces and on each interface a different A host has two separate interfaces, and each interface has a
address is assigned. Each link has its own router. different address assigned. Each link has its own router.
o The host does not have enough information for determining which o The host does not have enough information to determine which
traffic should be sent to which upstream routers. The host will traffic should be sent to which upstream routers. The host will
select one of the two routers as the active default router, and no select one of the two routers as the active default router, and no
traffic is sent to the other router. The default address traffic is sent to the other router. The default address
selection rules select the address assigned to the outgoing selection rules select the address assigned to the outgoing
interface as the source address. So, if a host has an appropriate interface as the source address. So, if a host has an appropriate
routing table, an appropriate source address will be selected. routing table, an appropriate source address will be selected.
All scenarios: All scenarios:
o In network deployments utilizing local namespaces, the host may o In network deployments utilizing local namespaces, the host may
choose to communicate with a "wrong" DNS recursive server unable choose to communicate with a "wrong" DNS recursive server unable
to serve a local namespace. to serve a local namespace.
4. Requirements 4. Requirements
This section describes requirements that any solution multi-address This section describes requirements that any solution multi-address
and multi-uplink architectures need to meet. and multi-uplink architectures need to meet.
4.1. End-to-End transparency 4.1. End-to-End Transparency
One of the major design goals for IPv6 is to restore the end-to-end One of the major design goals for IPv6 is to restore the end-to-end
transparency of the Internet. If NAT is applied to IP communication transparency of the Internet. If NAT is applied to IP communication
between hosts, NAT traversal mechanism are required, to establish bi- between hosts, NAT traversal mechanisms are required to establish
directional IP communication. A NAT traversal mechanism does not bidirectional IP communication. In an environment with end-to-end
need to be implemented in an application, in an environment with end- transparency, a NAT traversal mechanism does not need to be
to-end transparency. Therefore, the IPv6 multihoming solution should implemented in an application (e.g., ICE [RFC5245]). Therefore, the
strive to avoid NPTv6 to achieve end-to-end transparency. IPv6 multihoming solution should strive to avoid NPTv6 to achieve
end-to-end transparency.
4.2. Scalability 4.2. Scalability
The solution will have to be able to manage a large number of sites/ The solution will have to be able to manage a large number of sites/
nodes. In services for residential users, provider edge devices have nodes. In services for residential users, provider edge devices have
to manage thousands of sites. In such environments, sending packets to manage thousands of sites. In such environments, sending packets
periodically to each site may affect edge system performance. periodically to each site may affect edge system performance.
5. Problem statement and analysis 5. Problem Analysis
The problems described in Section 3 can be classified into these The problems described in Section 3 can be classified into these
three types: three types:
o Wrong source address selection o Wrong source address selection
o Wrong next-hop selection o Wrong next hop selection
o Wrong DNS server selection o Wrong DNS server selection
This section reviews the problem statements presented above and the This section reviews the problem statements presented above and the
proposed functional requirements to resolve the issues. proposed functional requirements to resolve the issues.
5.1. Source address selection 5.1. Source Address Selection
A multihomed IPv6 host will typically have different addresses A multihomed IPv6 host will typically have different addresses
assigned from each service provider either on the same link assigned from each service provider on either the same link
(scenarios 1 & 2) or different links (scenario 3). When the host (scenarios 1 and 2) or different links (scenario 3). When the host
wishes to send a packet to any given destination, the current source wishes to send a packet to any given destination, the current source
address selection rules [RFC6724] may not deterministically select address selection rules [RFC6724] may not deterministically select
the correct source address. [RFC7078] describes the use of the the correct source address. [RFC7078] describes the use of the
policy table [RFC6724] to resolve this problem, using a DHCPv6 policy table (as discussed in [RFC6724]) to resolve this problem,
mechanism for host policy table management. using a DHCPv6 mechanism for host policy table management.
Again, by employing DHCPv6, the server could restrict address Again, by employing DHCPv6, the server could restrict address
assignment (of additional prefixes) only to hosts that support policy assignment (of additional prefixes) only to hosts that support policy
table management. table management.
Scenario 1: "Host" needs to support the solution for this problem. Scenario 1: Host needs to support the solution for this problem.
Scenario 2: "Host" needs to support the solution for this problem. Scenario 2: Host needs to support the solution for this problem.
Scenario 3: If "Host" support the next-hop selection solution, there Scenario 3: If Host supports the next hop selection solution, there
is no need to support the address selection functionality on the is no need to support the address selection functionality on the
host. host.
It is noted that the service providers (i.e., ISP and enterprise/VPN) It is noted that the network's DHCP server and DHCP-forwarding
must also support [RFC7078]. routers must also support the Address Selection option [RFC7078].
5.2. Next-hop selection 5.2. Next Hop Selection
A multihomed IPv6 host or gateway may have multiple uplinks to A multihomed IPv6 host or gateway may have multiple uplinks to
different service providers. Here each router would use Router different service providers. Here, each router would use Router
Advertisements [RFC4861] for distributing default route/next-hop Advertisements [RFC4861] to distribute default route/next-hop
information to the host or gateway router. information to the host or gateway router.
In this case, the host or gateway router may select any valid default In this case, the host or gateway router may select any valid default
router from the default routers list, resulting in traffic being sent router from the default routers list, resulting in traffic being sent
to the wrong router and discarded by the upstream service provider. to the wrong router and discarded by the upstream service provider.
Using the above scenarios as an example, whenever the host wishes to Using the above scenarios as an example, whenever the host wishes to
reach a destination in network 2 and there is no connectivity between reach a destination in network 2 and there is no connectivity between
networks 1 and 2 (as is the case for a walled-garden or closed networks 1 and 2 (as is the case for a walled-garden or closed
service), the host or gateway router does not know whether to forward service), the host or gateway router does not know whether to forward
traffic to rtr1 or rtr2 to reach a destination in network 2. The traffic to rtr1 or rtr2 to reach a destination in network 2. The
host or gateway router may choose rtr1 as the default router, and host or gateway router may choose rtr1 as the default router, but
traffic fails to reach the destination server. The host or gateway traffic will fail to reach the destination server. The host or
router requires route information for each upstream service provider, gateway router requires route information for each upstream service
but the use of a routing protocol between the gateway and the two provider, but the use of a routing protocol between the gateway and
routers causes both configuration and scaling issues. For IPv4 the two routers causes both configuration and scaling issues. In
hosts, the gateway router is often pre-configured with static route IPv4, gateway routers are often pre-configured with static routes or
information or uses of Classless Static Route Options [RFC3442] for use the Classless Static Route Options [RFC3442] for DHCPv4. An
DHCPv4. Extensions to Router Advertisements through Default Router extension to Router Advertisements through Default Router Preference
Preference and More-Specific Routes [RFC4191] provides for link- and More-Specific Routes [RFC4191] provides for link-specific
specific preferences but does not address per-host configuration in a preferences but does not address per-host configuration in a multi-
multi-access topology because of its reliance on Router access topology because of its reliance on Router Advertisements.
Advertisements.
Scenario 1: "Host" needs to support the solution for this problem. Scenario 1: Host needs to support the solution for this problem.
Scenario 2: "GW rtr" needs to support the solution for this problem. Scenario 2: GW rtr needs to support the solution for this problem.
Scenario 3: "Host" needs to support the solution for this problem. Scenario 3: Host needs to support the solution for this problem.
5.3. DNS recursive name server selection 5.3. DNS Recursive Name Server Selection
A multihomed IPv6 host or gateway router may be provided multiple DNS A multihomed IPv6 host or gateway router may be provided multiple DNS
recursive name servers through DHCPv6 [RFC3646] or RA [RFC6106]. recursive name servers through DHCPv6 [RFC3646] or RA [RFC6106].
When the host or gateway router sends a DNS query, it would normally When the host or gateway router sends a DNS query, it would normally
choose one of the available DNS recursive name servers for the query. choose one of the available DNS recursive name servers for the query.
In the IPv6 gateway router scenario, the Broadband Forum [TR124] In the IPv6 gateway router scenario, the Broadband Forum (BBF)
requires that the query be sent to all DNS recursive name servers, [TR-124] requires that the query be sent to all DNS recursive name
and the gateway waits for the first reply. In IPv6, given our use of servers and that the gateway wait for the first reply. In IPv6,
specific destination-based policy for both routing and source address given our use of specific destination-based policy for both routing
selection, it is desirable to extend a policy-based concept to DNS and source address selection, it is desirable to extend a policy-
recursive name server selection. Doing so can minimize DNS recursive based concept to DNS recursive name server selection. Doing so can
name server load and avoid issues where DNS recursive name servers in minimize DNS recursive name server load and avoid issues where DNS
different networks have connectivity issues, or the DNS recursive recursive name servers in different networks have connectivity
name server are not publicly accessible. In the worst case, a DNS issues, or the DNS recursive name servers are not publicly
query for a name from a local namespace may not be resolved correctly accessible. In the worst case, a DNS query for a name from a local
if sent towards a DNS server not aware of said local namespace, namespace may not be resolved correctly if sent towards a DNS server
resulting in a lack of connectivity. not aware of said local namespace, resulting in a lack of
connectivity.
It is not an issue of Domain Name System model itself, but an IPv6 It is not an issue of the Domain Name System model itself, but an
multihomed host or gateway router should have the ability to select IPv6 multihomed host or gateway router should have the ability to
appropriate DNS recursive name servers for each service based on the select appropriate DNS recursive name servers for each service based
domain space for the destination, and each service should provide on the domain space for the destination, and each service should
rules specific to that network. [RFC6731] proposes a solution for provide rules specific to that network. [RFC6731] proposes a
distributing DNS server selection policy using a DHCPv6 option. solution for distributing DNS server selection policy using a DHCPv6
option.
Scenario 1: "Host" needs to support the solution for this problem. Scenario 1: Host needs to support the solution for this problem.
Scenario 2: "GW rtr" needs to support the solution for this problem. Scenario 2: GW rtr needs to support the solution for this problem.
Scenario 3: "Host" needs to support the solution for this problem. Scenario 3: Host needs to support the solution for this problem.
It is noted that the service providers (i.e., ISP and enterprise/VPN) It is noted that the network's DHCP server and DHCP-forwarding
must also support [RFC6731]. routers must also support the Address Selection option [RFC6731].
6. Implementation approach 6. Implementation Approach
As mentioned in Section 5, in the multi-prefix environment, we have As mentioned in Section 5, in the multi-prefix environment, we have
three problems; source address selection, next-hop selection, and DNS three problems: source address selection, next hop selection, and DNS
recursive name server selection. In this section, possible solutions recursive name server selection. In this section, possible solutions
for each problem are introduced and evaluated against the for each problem are introduced and evaluated against the
requirements in Section 4. requirements in Section 4.
6.1. Source address selection 6.1. Source Address Selection
The problems of address selection in multi-prefix environments are The problems of address selection in multi-prefix environments are
summarized in [RFC5220]. When solutions are examined against the summarized in [RFC5220]. When solutions are examined against the
requirements in Section 4, the proactive approaches, such as the requirements in Section 4, the proactive approaches, such as the
policy table distribution mechanism and the routing hints mechanism, policy table distribution mechanism and the routing hints mechanism,
are more appropriate in that they can propagate the network are more appropriate in that they can propagate the network
administrator's policy directly. The policy distribution mechanism administrator's policy directly. The policy distribution mechanism
has an advantage with regard to the host's protocol stack impact and has an advantage with regard to the host's protocol stack impact and
the static nature of the assumed target network environment. the static nature of the assumed target network environment.
6.2. Next-hop selection 6.2. Next Hop Selection
As for the source address selection problem, both a policy-based As for the source address selection problem, both a policy-based
approach and a non policy-based approach are possible with regard to approach and a non-policy-based approach are possible with regard to
the next-hop selection problem. Because of the same requirements, the next hop selection problem. Because of the same requirements,
the policy propagation-based solution mechanism, whatever the policy, the policy propagation-based solution mechanism, whatever the policy,
should be more appropriate. should be more appropriate.
Routing information is a typical example of policy related to next- Routing information is a typical example of policy related to next
hop selection. If we assume source address-based routing at hosts or hop selection. If we assume source-address-based routing at hosts or
intermediate routers, pairs of source prefixes and next-hops can be intermediate routers, pairs of source prefixes and next hops can be
another example of next-hop selection policy. another example of next hop selection policy.
The routing information-based approach has a clear advantage in The routing-information-based approach has a clear advantage in
implementation and is already commonly used. implementation and is already commonly used.
The existing proposed or standardized routing information The existing proposed or standardized routing information
distribution mechanisms are routing protocols, such as RIPng and distribution mechanisms are routing protocols (such as Routing
OSPFv3, the RA extension option defined in [RFC4191], and the [TR069] Information Protocol Next Generation (RIPng) and OSPFv3), the RA
standardized at BBF. extension option defined in [RFC4191], and the CPE WAN Management
Protocol (CWMP) [TR069] standardized at BBF.
The RA-based mechanism doesn't handle distribution of per-host The RA-based mechanism doesn't handle distribution of per-host
routing information easily. Dynamic routing protocols are not routing information easily. Dynamic routing protocols are not
typically used between residential users and ISPs, because of their typically used between residential users and ISPs, because of their
scalability and security implications. The DHCPv6 mechanism does not scalability and security implications. The DHCPv6 mechanism does not
have these problems and has the advantage of its relaying have these problems and has the advantage of relay functionality. It
functionality. It is commonly used and is thus easy to deploy. is commonly used and is thus easy to deploy.
[TR069], mentioned above, is a possible solution mechanism for [TR069], mentioned above, defines a possible solution mechanism for
routing information distribution to customer-premises equipment routing information distribution to customer premises equipment
(CPE). It assumes, however, IP reachability to the Auto (CPE). It assumes, however, that IP reachability to the Auto
Configuration Server (ACS) is established. Therefore, if the CPE Configuration Server (ACS) has been established. Therefore, if the
requires routing information to reach the ACS, [TR069] cannot be used CPE requires routing information to reach the ACS, CWMP [TR069]
to distribute this information. cannot be used to distribute this information.
6.3. DNS recursive name server selection 6.3. DNS Recursive Name Server Selection
Note: Split-horizon DNS is discussed in this section. Split- Note: Split-horizon DNS is discussed in this section. Split-
horizon DNS is known to cause problems with applications to allow horizon DNS is known to cause problems with applications to allow
information leakage. The discussion of split-horizon DNS is not information leakage. The discussion of split-horizon DNS is not
condoning its use, but rather acknowledging that split-horizon DNS condoning its use, but rather acknowledging that split-horizon DNS
is used and that its use is another justification for network is used and that its use is another justification for network
address translation. The goal of this document is to encourage address translation. The goal of this document is to encourage
building solutions which do not need network address translation. building solutions that do not need network address translation.
Two solutions appear possible: make split-horizon DNS work better Two solutions appear possible: improve the function of split-
(which is discussed below) or meet network administrator's horizon DNS (which is discussed below) or meet network
requirements without split-horizon DNS (which is out of scope of administrators' requirements without split-horizon DNS (which is
this document). out of scope of this document).
As in the above two problems, a policy-based approach and a non As in the above two problems, a policy-based approach and a non-
policy-based approach are possible. In a non policy-based approach, policy-based approach are possible. In a non-policy-based approach,
a host or a home gateway router is assumed to send DNS queries to a host or a home gateway router is assumed to send DNS queries to
several DNS recursive name servers at once or to select one of the several DNS recursive name servers at once or to select one of the
available servers. available servers.
In the non policy-based approach, by making a query to a DNS In the non-policy-based approach, by making a query to a DNS
recursive name server in a different service provider to that which recursive name server in a different service provider to that which
hosts the service, a user could be directed to unexpected IP address hosts the service, a user could be directed to an unexpected IP
or receive an invalid response, and thus cannot connect to the address or receive an invalid response, and thus it could not connect
service provider's private and legitimate service. For example, some to the service provider's private and legitimate service. For
DNS recursive name servers reply with different answers depending on example, some DNS recursive name servers reply with different answers
the source address of the DNS query, which is sometimes called split- depending on the source address of the DNS query, which is sometimes
horizon. When the host mistakenly makes a query to a different called "split-horizon". When the host mistakenly makes a query to a
provider's DNS recursive name server to resolve a FQDN of another different provider's DNS recursive name server to resolve a Fully
provider's private service, and the DNS recursive name server adopts Qualified Domain Name (FQDN) of another provider's private service,
the split-horizon configuration, the queried server returns an IP and the DNS recursive name server adopts the split-horizon
address of the non-private side of the service. Another problem with configuration, the queried server returns an IP address of the non-
this approach is that it causes unnecessary DNS traffic to the DNS private side of the service. Another problem with this approach is
recursive name servers that are visible to the users. that it causes unnecessary DNS traffic to the DNS recursive name
servers that are visible to the users.
The alternative of a policy-based approach is documented in The alternative to a policy-based approach is documented in
[RFC6731], where several pairs of DNS recursive name server addresses [RFC6731], where several pairs of DNS recursive name server addresses
and DNS domain suffixes are defined as part of a policy and conveyed and DNS domain suffixes are defined as part of a policy and conveyed
to hosts in a new DHCP option. In an environment where there is a to hosts in a new DHCP option. In an environment where there is a
home gateway router, that router can act as a DNS recursive name home gateway router, that router can act as a DNS recursive name
server, interpret this option and distribute DNS queries to the server, interpret this option, and distribute DNS queries to the
appropriate DNS servers according to the policy. appropriate DNS servers according to the policy.
6.4. Other algorithms available in RFCs 6.4. Other Algorithms Available in RFCs
The authors of this document are aware of a variety of other The authors of this document are aware of a variety of other
algorithms and architectures, such as shim6 [RFC5533] and HIP algorithms and architectures, such as Shim6 [RFC5533] and HIP
[RFC5206], that may be useful in this environment. At this writing, [RFC5206], that may be useful in this environment. At the time of
there is not enough operational experience on which to base a this writing, there is not enough operational experience on which to
recommendation. Should such operational experience become available, base a recommendation. Should such operational experience become
this document may be updated in the future. available, this document may be updated in the future.
7. Considerations for MHMP deployment 7. Considerations for MHMP Deployment
This section describes considerations to mitigate possible problem in
a network which implements MHMP described in Section 6.
7.1. Non-MHMP host consideration This section describes considerations to mitigate possible problems
in a network that implements MHMP (described in Section 6).
7.1. Non-MHMP Host Consideration
In a typical IPv4 multihomed network deployment, IPv4 NAPT is In a typical IPv4 multihomed network deployment, IPv4 NAPT is
practically used and it can eventually avoid assigning multiple practically used and it can eventually avoid assigning multiple
addresses to the hosts and solve the next-hop selection problem. In addresses to the hosts and solve the next hop selection problem. In
a similar fashion, NPTv6 can be used as a last resort for IPv6 a similar fashion, NPTv6 can be used as a last resort for IPv6
multihomed network deployments where one needs to assign a single multihomed network deployments where one needs to assign a single
IPv6 address to a non-MHMP host. IPv6 address to a non-MHMP host.
__________ __________
/ \ / \
+---/ Internet \ +---/ Internet \
gateway router | \ / gateway router | \ /
+------+ +---------------------+ | \__________/ +------+ +---------------------+ | \__________/
| | | | | WAN1 +--+ | | | | | WAN1 +--+
| host |-----|LAN| Router |--------| | host |-----|LAN| Router |--------|
| | | | |NAT|WAN2+--+ | | | | |NAT|WAN2+--+
+------+ +---------------------+ | __________ +------+ +---------------------+ | __________
| / \ | / \
+---/ ASP \ +---/ ASP \
\ / \ /
\__________/ \__________/
Figure 5: Legacy Host Figure 5: Legacy Host
The gateway router also has to support the two features, next-hop The gateway router also has to support the two features, next hop
selection and DNS server selection, shown in Section 6. selection and DNS server selection, shown in Section 6.
The implementation and issues of NPTv6 are out of the scope of this The implementation and issues of NPTv6 are out of the scope of this
document. They may be covered by another document under discussion document, but are discussed in Section 5 of [RFC6296].
[RFC6296].
7.2. Co-existence considerations 7.2. Coexistence Considerations
To allow the co-existence of non-MHMP hosts and MHMP hosts (i.e. To allow the coexistence of non-MHMP hosts and MHMP hosts (i.e.,
hosts supporting multi-prefix with the enhancements for the source hosts supporting multi-prefix with the enhancements for the source
address selection), GW-rtr may need to treat those hosts separately. address selection), GW rtr may need to treat those hosts separately.
An idea for how to achieve this, is that GW-rtr identifies the hosts, An idea for how to achieve this would be for GW rtr to identify the
and then assigns a single prefix to non-MHMP hosts and assigns hosts, and then assign a single prefix to non-MHMP hosts and assign
multiple prefixes to MHMP hosts. In this case, GW-rtr can perform multiple prefixes to MHMP hosts. In this case, GW rtr can perform
IPv6 NAT only for the traffic from non-MHMP hosts if its source IPv6 NAT only for the traffic from non-MHMP hosts if its source
address is not appropriate. address is not appropriate.
Another idea is that GW-rtr assigns multiple prefixes to both hosts, Another idea is that GW rtr could assign multiple prefixes to both
and performs IPv6 NAT for traffic from non-MHMP hosts if its source hosts and perform IPv6 NAT for traffic from non-MHMP hosts if its
address is not appropriate. source address is not appropriate.
In scenario 1 and 3, the non-MHMP hosts can be placed behind the NAT In scenarios 1 and 3, the non-MHMP hosts can be placed behind the NAT
box. In this case, the non-MHMP host can access the service through box. In this case, the non-MHMP host can access the service through
the NAT box. the NAT box.
The implementation of identifying non-MHMP hosts and NAT policy is The implementation of identifying non-MHMP hosts and NAT policy is
outside the scope of this document. outside the scope of this document.
7.3. Policy collision consideration 7.3. Policy Collision Consideration
When multiple policy distributors exist, a policy receiver may not When multiple policy distributors exist, a policy receiver may not
follow one or each of the received policy. In particular, when a follow each of the received policies. In particular, when a policy
policy conflicts with another policy, a policy receiver cannot conflicts with another policy, a policy receiver cannot implement
implement each of the policy. To solve or mitigate this issue, it is both of the policies. To solve or mitigate this issue, a
required that prioritization rule to align these policies along prioritization rule is required to align the policies with the
preference on a trusted interface. Another solution is to preclude preferences of a trusted interface. Another solution is to preclude
the functionality of multiple policy acceptance at the receiver side. the functionality of the acceptance of multiple policies at the
In this case, a policy distributor should cooperate with other policy receiver side. In this case, a policy distributor should cooperate
distributors, and a single representative provider should distribute with other policy distributors, and a single representative provider
a merged policy. should distribute a merged policy.
This document does not presume specific recommendations for resolving This document does not presume specific recommendations for resolving
policy collision. It is expected to the implementation to decide how policy collision. It is expected that the implementation will decide
to resolve the conflicts. If they are not resolved consistently by how to resolve the conflicts. If they are not resolved consistently
different implementations, that could affect interoperability and by different implementations, that could affect interoperability and
security trust boundaries. Future work will be expected to address security trust boundaries. Future work is expected to address the
the need for consistent policy resolution to avoid interoperability need for consistent policy resolution to avoid interoperability and
and security trust boundary issues. security trust boundary issues.
8. Security Considerations 8. Security Considerations
In today's multi-homed IPv4 networks, it is difficult to resolve or In today's multihomed IPv4 networks, it is difficult to resolve or
coordinate conflicts between the two upstream networks. This problem coordinate conflicts between the two upstream networks. This problem
persists with IPv6, no matter if the hosts use IPv6 provider- persists with IPv6, no matter if the hosts use IPv6 provider-
dependent or provider-independent addresses. dependent or provider-independent addresses.
This document requires that the solutions for MHMP should have policy This document requires that MHMP solutions have functions that
providing functions. New security threats can be introduced provide policy controls. New security threats can be introduced
depending on what kind and what form of the policy. The threats can depending on the kind and form of the policy. The threats can be
be categorized in two parts: the policy receiver side and the policy categorized in two parts: the policy receiver side and the policy
distributor side. distributor side.
A policy receiver may receive an evil policy from a policy A policy receiver may receive an evil policy from a policy
distributor. A policy distributor should expect some hosts in its distributor. A policy distributor should expect that some hosts in
network do not follow the distributed policy. At the time of its network will not follow the distributed policy. At the time of
writing, there are no known methods to resolve conflicts between the this writing, there are no known methods to resolve conflicts between
host's own policy (policy receiver) and the policies of upstream the host's own policy (policy receiver) and the policies of upstream
providers (policy provider). As this document is analyzing the providers (policy provider). As this document is analyzing the
problem space, rather than proposing a solution, we note the problem space, rather than proposing a solution, we note the
following problems: following problems:
Threats related to the policy distributor side: Threats related to the policy distributor side:
Service provider should expect the existence of hosts that will The service provider should expect the existence of hosts that
not obey the received policy. A possible solutions is to will not obey the received policy. A possible solution is to
ingress-filter those packets that do not match the distributed ingress-filter those packets that do not match the distributed
policy and drop them. About the route selection, packet policy and drop them. For route selection, packet forwarding
forwarding or redirection can be another possible solution. or redirection can be another possible solution. For source
About the source address selection, IPv6 NAT can be another address selection, IPv6 NAT can be another possible solution.
possible solution.
Administrators of different networks might need to control In a multihomed multiple-provider network, nodes in the network
policies (and nodes' behaviors) independently of other may be administered by different organizations. Administrators
administrators. It means that the need to have access controls might need to control policies (and a node's behavior)
for such cross-administrative policy access. Administrators independently of other administrators. Access control policies
must control only nodes that are part of their own networks, or need to be in place to restrict the administrator's access to
some administrators must control only nodes that are part of only the nodes it is authorized to control.
their own networks, while others are authorized to control
nodes across administrative boundaries. To be success to
cross-administrative policy-control, per-user authorization
might be required with existing AAA and network management
standards.
Threats related to the policy receiver side: Threats related to the policy receiver side:
For policy receiver side, who should be trusted to accept For the policy receiver side, who should be trusted to accept
policies is a fundamental issue. How is the trust established, policies is a fundamental issue. How is the trust established?
and how can the network element be assured that it can How can the network element be assured that it can establish
established that trust before the network is fully configured. that trust before the network is fully configured? If a policy
If a policy receiver trusts untrusted network, it will cause receiver trusts an untrusted network, it will cause the
that distributing unwanted and unauthorized policy that distributing of the unwanted and unauthorized policy that is
described below. described below.
A policy receiver are exposed to the threats of unauthorized A policy receiver is exposed to the threats of unauthorized
policy, which can lead to session hijack, falsification, DoS, policy, which can lead to session hijack, falsification, DoS,
wiretapping and phishing. Unauthorized policy here means a wiretapping, and phishing. Unauthorized policy here means a
policy distributed from an entity that does not have rights to policy distributed from an entity that does not have rights to
do so. Usually, only a site administrator and a network do so. Usually, only a site administrator and a network
service provider have rights to distribute these policies just service provider have rights to distribute these policies in
as well as IP address assignment and DNS server address addition to IP address assignment and DNS server address
notification. Regarding source address selection, unauthorized notification. Regarding source address selection, unauthorized
policy can expose an IP address that will not usually be policy can expose an IP address that will not usually be
exposed to an external server, which can be a privacy problem. exposed to an external server, which can be a privacy problem.
To solve or mitigate the problem of unauthorized policy, one
To solve or mitigate this problem of unauthorized policy, one approach is to limit the use of these policy distribution
approach is limiting on use of these policy distribution mechanisms, as described in the Section 4.4 of [RFC6731]. For
mechanisms, as described in the section 4.4 of [RFC6731]. For example, a policy should be preferred or accepted if delivered
example, a policy should be preferred or accepted when the over a secure, trusted channel such as a cellular data
policy is verified its integrity and delivered across a secure, connection. The proposed solutions are based on DHCP, so the
trusted channel such as 3G connection in cellular services. limitation of local site communication, which is often used in
The proposed solutions are based on DHCP, so the limitation of WiFi access services, should be another solution or mitigation
local site communication, which is often used in WiFi access for this problem. For the DNS server selection issue, DNS
services, should be another solution or mitigation for this Security (DNSSEC) can be another solution. For source address
problem. About DNS server selection issue, DNSSEC can be selection, the ingress filter at the network service provider
another solution. About source address selection, the ingress router can be a solution.
filter at the network service provider router can be a
solution.
Another threat is the leakage of the policy and privacy issues Another threat is the leakage of the policy and privacy issues
resulting from that. Especially when each client is resulting from that. Especially when clients receive different
distributed its own policy from the network service provider, policies from the network service provider, that difference
the policy can give a hint of which service the client provides hints about the host itself and can be useful to
subscribes. Encryption of communication channel, separation of uniquely identify the host. Encryption of the communication
communication channel per host can be solutions for this channel and separation of the communication channel per host
problem. can be solutions for this problem.
The security threats related to IPv6 multihoming are described in The security threats related to IPv6 multihoming are described in
[RFC4218]. [RFC4218].
9. IANA Considerations 9. Contributors
This document has no IANA actions.
10. Contributors
The following people contributed to this document: Akiko Hattori, The following people contributed to this document: Akiko Hattori,
Arifumi Matsumoto, Frank Brockners, Fred Baker, Tomohiro Fujisaki, Arifumi Matsumoto, Frank Brockners, Fred Baker, Tomohiro Fujisaki,
Jun-ya Kato, Shigeru Akiyama, Seiichi Morikawa, Mark Townsley, Jun-ya Kato, Shigeru Akiyama, Seiichi Morikawa, Mark Townsley,
Wojciech Dec, Yasuo Kashimura, Yuji Yamazaki. This document has Wojciech Dec, Yasuo Kashimura, and Yuji Yamazaki. This document has
greatly benefited from inputs by Randy Bush, Brian Carpenter, and greatly benefited from inputs by Randy Bush, Brian Carpenter, and
Teemu Savolainen. Teemu Savolainen.
11. References 10. References
11.1. Normative References 10.1. Normative References
[RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and [RFC4191] Draves, R. and D. Thaler, "Default Router Preferences and
More-Specific Routes", RFC 4191, November 2005. More-Specific Routes", RFC 4191, November 2005.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
September 2007. September 2007.
[RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix [RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix
Translation", RFC 6296, June 2011. Translation", RFC 6296, June 2011.
skipping to change at page 19, line 20 skipping to change at page 20, line 31
(IPv6)", RFC 6724, September 2012. (IPv6)", RFC 6724, September 2012.
[RFC6731] Savolainen, T., Kato, J., and T. Lemon, "Improved [RFC6731] Savolainen, T., Kato, J., and T. Lemon, "Improved
Recursive DNS Server Selection for Multi-Interfaced Recursive DNS Server Selection for Multi-Interfaced
Nodes", RFC 6731, December 2012. Nodes", RFC 6731, December 2012.
[RFC7078] Matsumoto, A., Fujisaki, T., and T. Chown, "Distributing [RFC7078] Matsumoto, A., Fujisaki, T., and T. Chown, "Distributing
Address Selection Policy Using DHCPv6", RFC 7078, January Address Selection Policy Using DHCPv6", RFC 7078, January
2014. 2014.
11.2. Informative References 10.2. Informative References
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022, January Address Translator (Traditional NAT)", RFC 3022, January
2001. 2001.
[RFC3442] Lemon, T., Cheshire, S., and B. Volz, "The Classless [RFC3442] Lemon, T., Cheshire, S., and B. Volz, "The Classless
Static Route Option for Dynamic Host Configuration Static Route Option for Dynamic Host Configuration
Protocol (DHCP) version 4", RFC 3442, December 2002. Protocol (DHCP) version 4", RFC 3442, December 2002.
[RFC3582] Abley, J., Black, B., and V. Gill, "Goals for IPv6 Site- [RFC3582] Abley, J., Black, B., and V. Gill, "Goals for IPv6 Site-
skipping to change at page 20, line 7 skipping to change at page 21, line 20
[RFC5206] Nikander, P., Henderson, T., Vogt, C., and J. Arkko, "End- [RFC5206] Nikander, P., Henderson, T., Vogt, C., and J. Arkko, "End-
Host Mobility and Multihoming with the Host Identity Host Mobility and Multihoming with the Host Identity
Protocol", RFC 5206, April 2008. Protocol", RFC 5206, April 2008.
[RFC5220] Matsumoto, A., Fujisaki, T., Hiromi, R., and K. Kanayama, [RFC5220] Matsumoto, A., Fujisaki, T., Hiromi, R., and K. Kanayama,
"Problem Statement for Default Address Selection in Multi- "Problem Statement for Default Address Selection in Multi-
Prefix Environments: Operational Issues of RFC 3484 Prefix Environments: Operational Issues of RFC 3484
Default Rules", RFC 5220, July 2008. Default Rules", RFC 5220, July 2008.
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245, April
2010.
[RFC5533] Nordmark, E. and M. Bagnulo, "Shim6: Level 3 Multihoming [RFC5533] Nordmark, E. and M. Bagnulo, "Shim6: Level 3 Multihoming
Shim Protocol for IPv6", RFC 5533, June 2009. Shim Protocol for IPv6", RFC 5533, June 2009.
[RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, [RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli,
"IPv6 Router Advertisement Options for DNS Configuration", "IPv6 Router Advertisement Options for DNS Configuration",
RFC 6106, November 2010. RFC 6106, November 2010.
[TR069] The BroadBand Forum, "TR-069, CPE WAN Management Protocol [TR-124] The Broadband Forum, "TR-124, Functional Requirements for
v1.1, Version: Issue 1 Amendment 2", December 2007. Broadband Residential Gateway Devices", Issue: 2, May
2010, <http://www.broadband-forum.org/technical/download/
TR-124_Issue-2.pdf>.
[TR124] The BroadBand Forum, "TR-124i2, Functional Requirements [TR069] The Broadband Forum, "TR-069, CPE WAN Management Protocol
for Broadband Residential Gateway Devices (work in v1.1", Version: Issue 1 Amendment 2, December 2007,
progress)", May 2010. <http://www.broadband-forum.org/technical/download/
TR-069_Amendment-2.pdf>.
Authors' Addresses Authors' Addresses
Ole Troan (editor) Ole Troan (editor)
Cisco Cisco
Oslo Oslo
Norway Norway
Email: ot@cisco.com EMail: ot@cisco.com
David Miles David Miles
Alcatel-Lucent Google Fiber
Melbourne Mountain View, CA
Australia USA
Email: david.miles@alcatel-lucent.com EMail: davidmiles@google.com
Satoru Matsushima Satoru Matsushima
Softbank Telecom Softbank Telecom
Tokyo Tokyo
Japan Japan
Email: satoru.matsushima@g.softbank.co.jp EMail: satoru.matsushima@g.softbank.co.jp
Tadahisa Okimoto Tadahisa Okimoto
NTT West NTT West
Osaka Osaka
Japan Japan
Email: t.okimoto@west.ntt.co.jp EMail: t.okimoto@west.ntt.co.jp
Dan Wing Dan Wing
Cisco Cisco
170 West Tasman Drive 170 West Tasman Drive
San Jose San Jose
USA USA
Email: dwing@cisco.com EMail: dwing@cisco.com
 End of changes. 133 change blocks. 
371 lines changed or deleted 370 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/