V6OPS Working Group D. Binet Internet-Draft M. Boucadair Intended status: Informational France Telecom Expires: August16,22, 2015 A. Vizdal Deutsche Telekom AG G. Chen China Mobile N. Heatley EE R. Chandler eircom | meteor D. Michaud Rogers Communications D. Lopez Telefonica I+D February12,18, 2015 An Internet Protocol Version 6 (IPv6) Profile for 3GPP Mobile Devicesdraft-ietf-v6ops-mobile-device-profile-17draft-ietf-v6ops-mobile-device-profile-18 Abstract This document defines a profile that is a superset of that of the connection to IPv6 cellular networks defined in the IPv6 for Third Generation Partnership Project (3GPP) Cellular Hosts document. This document defines an IPv6 profile that a number of operators recommend in order to connect 3GPP mobile devices to an IPv6-only or dual-stack wireless network (including 3GPP cellularnetwork and IEEE 802.11network) with a special focus on IPv4 service continuity features. Both hosts and devices with capability to share their WAN (Wide Area Network) connectivity are in scope. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August16,22, 2015. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . .34 1.2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Connectivity Recommendations . . . . . . . . . . . . . . . .5 2.1. WLAN Connectivity Recommendations . . . . . . . . . . . . 86 3.Advanced Recommendations . . . . . . . . . . . . . . . . . . 8 4.Recommendations for Cellular Devices with LAN Capabilities .10 5. APIs & Applications9 4. Advanced Recommendations . . . . . . . . . . . . .12 6.. . . . . 11 5. Security Considerations . . . . . . . . . . . . . . . . . . . 137.6. IANA Considerations . . . . . . . . . . . . . . . . . . . . .13 8.14 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . .13 9.14 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 149.1.8.1. Normative References . . . . . . . . . . . . . . . . . . 149.2.8.2. Informative References . . . . . . . . . . . . . . . . .1516 1. Introduction IPv6 deployment in 3GPP mobile networks is the only perennial solution to the exhaustion of IPv4 addresses in those networks. Several mobile operators have already deployed IPv6 [RFC2460] or are in the pre-deployment phase. One of the major hurdles as perceived by some mobile operators is the availability of non-broken IPv6 implementation in mobile devices (e.g., Section 3.3 of [OECD]). [RFC7066] lists a set of features to be supported by cellular hosts to connect to 3GPP mobile networks. In the light of recent IPv6 production deployments, additional features to facilitate IPv6-only deployments while accessing IPv4-onlyserviceservices are to be considered. This document fills this void. Concretely, this document lists means to ensure IPv4 service continuity over an IPv6-only connectivity given the adoption rate of this model by mobile operators. Those operators require that no service degradation is experienced by customers serviced with an IPv6-only model compared to the level of service of customers with legacy IPv4-only devices. This document defines an IPv6 profile for mobile devices listing specifications produced by various Standards Developing Organizations(in particular 3GPP(including 3GPP, IETF, andIETF).GSMA). The objectives of this effort are: 1. List in one single document a comprehensive list of IPv6 features for a mobile device, including both IPv6-only and dual-stack mobile deployment contexts. These features cover various network types such as GPRS (General Packet RadioService),Service) or EPC (Evolved PacketCore) or IEEE 802.11 network.Core). 2. Help Operators with the detailed device requirement list preparation (to be exchanged with device suppliers). This is also a contribution to harmonize Operators' requirements towards device vendors. 3. Vendors to be aware of a set of features to allow for IPv6 connectivity and IPv4 service continuity (over an IPv6-only transport). The recommendations do not include 3GPP release details. For more information on the 3GPP releases detail, the reader may refer to Section 6.2 of [RFC6459]. Some of the features listed in this profile document require to activate dedicated functions at the network side. It is out of scope of this document to list these network-side functions. A detailed overview of IPv6 support in 3GPP architectures is provided in [RFC6459]. This document is organized as follows: o Section 2 lists generic recommendations including functionalities to provide IPv4 service continuity over an IPv6-only connectivity. o Section 3 enumerates a set of recommendations for cellular devices with LAN capabilities (e.g., CPE, dongles with tethering features). o Section 4 identifies a set of advanced recommendations to fulfill requirements of critical services such as VoLTE (Voice over LTE). 1.1. Terminology This document makes use of the terms defined in [RFC6459]. In addition, the following terms are used: o "3GPP cellular host" (or cellular host for short) denotes a 3GPP device which can be connected to 3GPP mobile networks or IEEE 802.11 networks. o "3GPP cellular device" (or cellular device for short) refers to a cellular host which supports the capability to share its WAN (Wide Area Network) connectivity. o"Cellular host" and "mobile host" are used interchangeably. o "Cellular device" and "mobile device" are"IPv4 service continuity" denotes the features usedinterchangeably.to provide access to IPv4-only services to customers serviced with an IPv6-only connectivity. A typical example of IPv4 service continuity technique is NAT64 [RFC6146]. PREFIX64 denotes an IPv6 prefix used to build IPv4-converted IPv6 addresses [RFC6052]. 1.2. Scope A 3GPP mobile network can be used to connect various user equipments such as a mobile telephone, a CPE (Customer Premises Equipment) or a machine-to-machine (M2M) device. Because of this diversity of terminals, it is necessary to define a set of IPv6 functionalities valid for any node directly connecting to a 3GPP mobile network. This document describes these functionalities. This document is structured to provide the generic IPv6 recommendations which are valid for all nodes, whatever their function (e.g., host or CPE) or service (e.g., Session Initiation Protocol (SIP, [RFC3261])) capability. The document also contains sections covering specific functionalities for devices providing some LAN functions (e.g., mobile CPE or broadband dongles). The recommendations listed below are valid for both 3GPP GPRS and 3GPP EPS (Evolved Packet System) access. For EPS, PDN-Connection term is used instead of PDP-Context.This document identifies also some WLAN-related IPv6 recommendations.Other non-3GPP accesses [TS.23402] are out of scope of this document. This profile is a superset of that of the IPv6 profile for 3GPP Cellular Hosts [RFC7066], which is in turn a superset of IPv6 Node Requirements [RFC6434]. It targets cellular nodes, including GPRS, EPC (Evolved Packet Core) and IEEE 802.11 networks, that require features to ensure IPv4 service delivery over an IPv6-only transport in addition to the base IPv6 service. Moreover, this profile covers cellular CPEs that are used in various deployments to offer fixed- like services. Recommendations inspired from real deployment experiences (e.g., roaming) are included in this profile. Also, this profile sketches recommendations for the sake of deterministic behaviors of cellular devices when the same configuration information is received over several channels. For conflicting recommendations in [RFC7066] and [RFC6434] (e.g., Neighbor Discovery Protocol), this profile adheres to [RFC7066]. Indeed, the support of Neighbor Discovery Protocol is mandatory in 3GPP cellular environment as it is the only way to convey IPv6 prefix towards the 3GPP cellular device. In particular, MTU (Maximum Transmission Unit) communication via Router Advertisement must be supported since many 3GPP networks do not have a standard MTU setting. This profile uses a stronger language for the support of Prefix Delegation compared to [RFC7066]. The main motivation is that cellular networks are more and more perceived as an alternative to fixed networks for home IP-based services delivery; especially with the advent of smartphones and 3GPP data dongles. There is a need for an efficient mechanism to assign shorter prefix than /64 to cellular hosts so that each LAN segment can get its own /64 prefix and multi- link subnet issues to be avoided. The support of this functionality in both cellular and fixed networks is key for fixed-mobile convergence.This document is not a standard, and conformance with it is not required in order to claim conformance with IETF standards for IPv6.Thesupport of the full setuse offeatures may not be requiredaddress family dependent APIs (Application Programming Interfaces) or hard-coded IPv4 address literals may lead to broken applications when IPv6 connectivity is in use. As such, means to minimize broken applications when the cellular host is attached to an IPv6-only network should be encouraged. Particularly, (1) name resolution libraries (e.g., [RFC3596]) must support both IPv4 and IPv6; (2) applications must be independent of the underlying IP address family; (3) and applications relying upon Uniform Resource Identifiers (URIs) must follow [RFC3986] and its updates. Note, somedeployment contexts.IETF specifications (e.g., SIP [RFC3261]) contains broken IPv6 ABNF and rules to compare URIs with embedded IPv6 addresses; fixes (e.g., [RFC5954]) must be used instead. Theauthors believe thatrecommendations included in each section are listed in a priority order. This document is not a standard, and conformance with it is not required in order to claim conformance with IETF standards for IPv6. Compliance with this profile does not require the support ofa subsetall enclosed items. Obviously, the support of the full set of features may not be required in some deployment contexts. However, the authors believe that not supporting relevant features included in thisprotocolprofile (e.g., Customer Side Translator (CLAT, [RFC6877])) may lead to a degraded level ofservice in some deployment contexts.service. 2. Connectivity Recommendations This section identifies the main connectivity recommendations to be followed by a cellular host to attach to a network usingIPv6.IPv6 in addition to what is defined in [RFC6434] and [RFC7066]. Bothdual-stackdual- stack and IPv6-only deployment models are considered. IPv4 service continuity features are listed in this section because these are critical for Operators with an IPv6-only deployment model. C_REC#1: In order to allow each operator to select their own strategy regarding IPv6 introduction, the cellular host must support both IPv6 and IPv4v6 PDP-Contexts [TS.23060].Both IPv6 and IPv4v6 PDP-Contexts must be supported.IPv4, IPv6 or IPv4v6 PDP-Context request acceptance depends on the cellular network configuration. C_REC#2: The cellular host must comply with the behavior defined in [TS.23060] [TS.23401] [TS.24008] for requesting a PDP- Context type. In particular, the cellular host must request by default an IPv6 PDP-Context if the cellular host is IPv6-only andrequestingrequest an IPv4v6 PDP-Context if the cellular host is dual-stack or when the cellular host is not aware of connectivity types requested by devices connected to it (e.g., cellular host with LAN capabilities as discussed in Section4):3): * If the requested IPv4v6 PDP-Context is not supported by the network, but IPv4 and IPv6 PDP types are allowed, then the cellular host will be configured with an IPv4 address or an IPv6 prefix by the network. It must initiate another PDP-Context activation in addition to the one already activated for a given APN (Access Point Name). * If therequested PDP type andsubscription data or network configuration allows only one IP address family (IPv4 or IPv6), the cellular host must not request a second PDP-Context to the same APN for the other IP address family. The text above focuses on the specification part which explains the behavior for requesting IPv6-related PDP- Context(s). Understanding this behavior is important to avoid having broken IPv6 implementations in cellular devices. C_REC#3: The cellular host must support the PCO (Protocol Configuration Options) [TS.24008] to retrieve the IPv6 address(es) of the Recursive DNS server(s). In-band signaling is a convenient method to inform the cellular host about various services, including DNS server information. It does not require any specific protocol to be supported and it is already deployed in IPv4 cellular networks to convey such DNS information. C_REC#4: The cellular host must support IPv6 aware Traffic Flow Templates (TFT) [TS.24008]. Traffic Flow Templates are employing a packet filter to couple an IP traffic with a PDP-Context. Thus a dedicated PDP-Context and radio resources can be provided by the cellular network for certain IP traffic. C_REC#5: If the cellular host receives the DNS information in several channels for the same interface, the following preference order must be followed: 1. PCO 2. RA 3. DHCPv6 The purpose of this recommendation is to guarantee for a deterministic behavior to be followed by all cellular hosts when the DNS information is received in various channels. C_REC#6: The cellular host must be able to be configured to limit PDP type(s) for a given APN. The default mode is to allow all supported PDP types. Note, C_REC#2 discusses the default behavior for requesting PDP-Context type(s). This feature is useful to drive the behavior of the UE to be aligned with: (1) service-specific constraints such as the use of IPv6-only for VoLTE (Voice over LTE), (2) network conditions with regards to the support of specific PDP types (e.g., IPv4v6 PDP-Context is not supported), (3) IPv4 sunset objectives, (4) subscription data, etc. Note, a cellular host changing its connection between an IPv6-specific APN and an IPv4-specific APN restarts the ongoing applications. Thisismay be considered as a brokenness situation. C_REC#7: Because of potential operational deficiencies to be experienced in some roaming situations, the cellular host must be able to be configured with a homeIP profilePDP-Context type(s) and a roamingIP profile.PDP-Context type(s). Theaimpurpose of the of the roaming profile is to limit the PDP type(s) requested by the cellular host when out of the home network. Note that distinct PDP type(s) and APN(s) can be configured for home and roaming cases. A detailed analysis of roaming failure cases is included in [RFC7445]. C_REC#8: In order to ensure IPv4 service continuity in an IPv6-only deployment context, the cellular host should support a method to locally construct IPv4-embedded IPv6 addresses [RFC6052]. A method to learn PREFIX64 should be supported by the cellular host. This solves the issue when applications use IPv4 referrals on IPv6-only access networks. In PCP-based environments, cellular hosts should follow [RFC7225] to learn the IPv6 Prefix used by an upstream PCP-controlled NAT64 device. If PCP is not enabled, the cellular host should implement the method specified in [RFC7050] to retrieve the PREFIX64. C_REC#9: In order to ensure IPv4 service continuity in an IPv6-only deployment context, the cellular host should implement the Customer Side Translator (CLAT, [RFC6877]) functionwhich is compliantin compliance with [RFC6052][RFC6145][RFC6146]. CLAT function in the cellular host allows for IPv4-only application and IPv4-referals to work on an IPv6-only connectivity.CLAT function requires a NAT64 capabilityThe more applications are address family independent, the less CLAT function is solicited. CLAT function requires a NAT64 capability [RFC6146] in thecorenetwork. The cellular host should only invoke the CLAT in the absence of the IPv4 connectivity on the cellular side, i.e., when the network does not assign an IPv4 address on the cellular interface. Note, NAT64 assumes an IPv6-only mode [RFC6146]. The IPv4 Service Continuity Prefix used by CLAT is defined in [RFC7335].2.1. WLAN ConnectivityCLAT and/or NAT64 do not interfere with native IPv6 communications. 3. RecommendationsIt is increasingly commonfor Cellular Devices with LAN Capabilities This section focuses on cellularhosts have a WLAN interface in addition to their cellular interface. These hosts are likelydevices (e.g., CPE, smartphones, or dongles with tethering features) which provide IP connectivity tobeother devices connected toprivate or public hotspots. Belowthem. In such case, all connected devices arelisted some generic recommendations: W_REC#1: IPv6 must be supported onsharing theWLAN interface.same 2G, 3G or LTE connection. Inparticular, WLAN interface must behave properly when only an IPv6 connectivity is provided. Some tests revealed that IPv4 configuration is requiredaddition toenable IPv6-only connectivity. Indeed, some cellular handsets can access a WLAN IPv6-only network by configuring first a static IPv4 address. Oncethedevice is connectedgeneric recommendations listed in Section 2, these cellular devices have to meet thenetwork and the wlan0 interface got an IPv6 global address, the IPv4 address can be deleted from the configuration. This avoids therecommendations listed below. L_REC#1: The cellular deviceto ask automaticallymust support Prefix Delegation capabilities [RFC3633] and must support Prefix Exclude Option for DHCPv6-based Prefix Delegation as defined in [RFC6603]. Particularly, it must behave as aDHCPv4 server,Requesting Router. Cellular networks are more andallows to connect to IPv6-only networks. Failing to configuremore perceived as anIPv4 address onalternative to fixed networks for home IP-based services delivery; especially with theinterface must not prohibit using IPv6 on the same interface. W_REC#2: If the device receives the DNS information in several channels for the same interface, the following preference order must be followed: 1. RA 2. DHCPv6 3. Advanced Recommendations This section identifies a set of advanced recommendations to fulfill requirementsadvent ofcritical services such as VoLTE. A_REC#1: The cellular host must support ROHC RTP Profile (0x0001)smartphones andROHC UDP Profile (0x0002) for IPv6 ([RFC5795]). Other ROHC profiles may be supported. Bandwidth in cellular networks must be optimized as much as possible. ROHC provides3GPP data dongles. There is asolution to reduce bandwidth consumption and to reduce the impact of having bigger packet headers in IPv6 comparedneed for an efficient mechanism toIPv4. "RTP/UDP/IP" ROHC profile (0x0001)assign shorter prefix than /64 tocompress RTP packetscellular hosts so that each LAN segment can get its own /64 prefix and"UDP/IP" ROHC profile (0x0002)multi-link subnet issues tocompress RTCP packets are required for Voice over LTE (VoLTE) by IR.92.4.0 section 4.1 [IR92]. Note, [IR92] indicates also the host mustbeable to apply the compression to packets that are carried over the radio bearer dedicated for the voice media. A_REC#2: The cellular host should support PCP [RFC6887]. The support of PCP is seen asavoided. In case adriver to save battery consumption exacerbated by keepalive messages. PCP also gives the possibility of enabling incoming connectionsprefix is delegated tothe cellular device. Indeed, because several stateful devices may be deployed in wireless networks (e.g., NAT and/or Firewalls), PCP can be used by thea cellular hostto control network-based NAT and Firewall functions which will reduce per-application signaling and save battery consumption. According to [Power],using DHCPv6, theconsumption of acellular device will be configured witha keep-alive interval equal to 20 seconds (that is the default value in [RFC3948]two prefixes: (1) one forexample) is 29 mA (2G)/34 mA (3G). This consumption is reduced to 16 mA (2G)/24 mA (3G) when3GPP link allocated using SLAAC mechanism and (2) another one delegated for LANs acquired during Prefix Delegation operation. Note that theinterval is increased to 40 seconds, to 9.1 mA (2G)/16 mA (3G) if3GPP network architecture requires both theinterval is equal to 150 seconds,WAN (Wide Area Network) andto 7.3 mA (2G)/14 mA (3G) iftheinterval is equaldelegated prefix to180 seconds. When no keep- alive is issued, the consumption would be 5.2 mA (2G)/6.1 mA (3G). The impact of keepalive messages wouldbemore severe if multiple applications are issuing those messages (e.g., SIP, IPsec, etc.). A_REC#3: In order for host-based validation of DNS Security Extensions (DNSSEC) to continue to function in an IPv6-only with NAT64 deployment context, the cellular host should embed a DNS64 function ([RFC6147]). This is called "DNS64 in stub-resolver mode" in [RFC6147]. As discussed in Section 5.5 of [RFC6147], a security- aware and validating host has to performaggregatable, so theDNS64 function locally. Because synthetic AAAA records cannotsubscriber can besuccessfully validated inidentified using ahost, learningsingle prefix. Without the Prefix Exclude Option, the delegating router (GGSN/PGW) will have to ensure [RFC3633] compliancy (e.g., halving thePREFIX64 used to construct IPv4-converted IPv6 addresses allowsdelegated prefix and assigning theuseWAN prefix out ofDNSSEC [RFC4033] [RFC4034], [RFC4035]. Means to configure or discover a PREFIX64 are required onthecellular device as discussed in C_REC#8. [RFC7051] discusses why a security-aware1st half andvalidating host has to performtheDNS64 function locally and why it hasprefix to beabledelegated tolearntheproper PREFIX64(s). A_REC#4: Whenterminal from thecellular host2nd half). Because Prefix Delegation capabilities may not be available in some attached networks, L_REC#3 isdual-stack connected (i.e., configured with an IPv4 address and IPv6 prefix), it should support meansstrongly recommended toprefer native IPv6 connection over connection established through translation devices (e.g., NAT44 and NAT64). When both IPv4 and IPv6 DNS servers are configured, a dual-stack hostaccommodate early deployments. L_REC#2: The cellular CPE mustcontact first its IPv6 DNS server. Cellular hosts should followbe compliant with theprocedurerequirements specified in[RFC6724] for source address selection. 4. Recommendations for Cellular Devices with LAN Capabilities This section focuses[RFC7084]. There are several deployments, particularly in emerging countries, that relies oncellular devicesmobile networks to provide broadband services (e.g.,CPE, smartphones, or donglescustomers are provided withtethering features) which provide IP connectivitymobile CPEs). Note, this profile does not require IPv4 service continuity techniques listed in [RFC7084] because those are specific toother devices connectedfixed networks. IPv4 service continuity techniques specific tothem. In such case, all connected devicesthe mobile networks aresharingincluded in this profile. This recommendation does not apply to handsets with tethering capabilities; it is specific to cellular CPEs in order to ensure the same2G, 3GIPv6 functional parity for both fixed and cellular CPEs. Note, modern CPEs are designed with advanced functions such as link aggregation that consists in optimizing the network usage by aggregating the connectivity resources offered via various interfaces (e.g., DSL, LTE, WLAN, etc.) orLTE connection. In addition tooffloading thegeneric recommendations listed in Section 2,traffic via a subset of interfaces. Mutualizing IPv6 features among thesecellular devices haveinterface types is important for the sake of specification efficiency, service design simplification and validation effort optimization. L_REC#3: For deployments requiring tomeetshare the same /64 prefix, therecommendations listed below. L_REC#1: Thecellular devicemustshould supportPrefix Delegation capabilities [RFC3633][RFC7278] to enable sharing a /64 prefix between the 3GPP interface towards the GGSN/ PGW (WAN interface) andmust support Prefix Exclude Option for DHCPv6-basedthe LAN interfaces. Prefix Delegationas defined in [RFC6603]. Particularly, it must behave as a Requesting Router. Cellular networks are more and more perceived as an alternative(refer tofixed networksL_REC#1) is the target solution forhome IP-based services delivery; especially withdistributing prefixes in theadvent of smartphones andLAN side but, because the device may attach to earlier 3GPPdata dongles. There isrelease networks, aneed for an efficient mechanismmean toassign shorter prefix thanshare a /64 prefix is also recommended [RFC7278]. [RFC7278] must be invoked only if Prefix Delegation is not in use. L_REC#4: In order to allow IPv4 service continuity in an IPv6-only deployment context, the cellular device should support the Customer Side Translator (CLAT) [RFC6877]. Various IP devices are likely to be connected to cellular device, acting as a CPE. Some of these devices can be dual-stack, others are IPv6-only or IPv4-only. IPv6-only connectivity for cellular device does not allow IPv4-only sessions to be established for hostsso that eachconnected on the LAN segmentcan get its own /64 prefix and multi-link subnet issues to be avoided.of cellular devices. Incase a prefix is delegatedorder to allow IPv4 sessions establishment initiated from devices located on LAN segment side and target IPv4 nodes, a solution consists in integrating the CLAT function in the cellular device. As elaborated in Section 2, the CLAT function allows also IPv4 applications to continue running over an IPv6-only device. The cellular hostusing DHCPv6,should only invoke the CLAT in the absence of the IPv4 connectivity on the cellulardevice will be configured with two prefixes: (1) one for 3GPP link allocated using SLAAC mechanism and (2) another one delegated for LANs acquired during Prefix Delegation operation. Note thatside, i.e., when the3GPPnetworkarchitecture requires bothdoes not assign an IPv4 address on theWAN (Wide Area Network) andcellular interface. The IPv4 Service Continuity Prefix used by CLAT is defined in [RFC7335]. L_REC#5: If a RA MTU is advertised from thedelegated prefix3GPP network, the cellular device should relay that upstream MTU information tobe aggregatable, sothesubscriber can be identified usingdownstream attached LAN devices in RA. Receiving and relaying RA MTU values facilitates asingle prefix. Withoutmore harmonious functioning of thePrefix Exclude Option,mobile core network where end nodes transmit packets that do not exceed thedelegating router (GGSN/PGW) will haveMTU size of the mobile network's GTP tunnels. [TS.23060] indicates providing a link MTU value of 1358 octets toensure [RFC3633] compliancy (e.g., halvingthedelegated prefix and assigning3GPP cellular device will prevent the IP layer fragmentation within theWAN prefix out oftransport network between the1st halfcellular device and theprefix to be delegatedGGSN/PGW. 4. Advanced Recommendations This section identifies a set of advanced recommendations tothe terminal from the 2nd half). Because Prefix Delegation capabilitiesfulfill requirements of critical services such as VoLTE. A_REC#1: The cellular host must support ROHC RTP Profile (0x0001) and ROHC UDP Profile (0x0002) for IPv6 ([RFC5795]). Other ROHC profiles maynotbeavailablesupported. Bandwidth insome attached networks, L_REC#3 is strongly recommended to accommodate early deployments. L_REC#2: ThecellularCPEnetworks must becompliant withoptimized as much as possible. ROHC provides a solution to reduce bandwidth consumption and to reduce therequirements specified in [RFC7084]. There are several deployments, particularlyimpact of having bigger packet headers inemerging countries, that relies on mobile networksIPv6 compared toprovide broadband services (e.g., customers are provided with mobile CPEs). Note, thisIPv4. "RTP/UDP/IP" ROHC profiledoes not require IPv4 service continuity techniques listed in [RFC7084] because those are specific(0x0001) tofixed networks. IPv4 service continuity techniques specificcompress RTP packets and "UDP/IP" ROHC profile (0x0002) tothe mobile networkscompress RTCP packets areincluded in this profile. CAUTION: This recommendation does notrequired for Voice over LTE (VoLTE) by IR.92.4.0 section 4.1 [IR92]. Note, [IR92] indicates that the host must be able to apply the compression toanypackets that are carried over the voice media dedicated radio bearer. A_REC#2: The cellulardevice with LAN capabilities; ithost should support PCP [RFC6887]. The support of PCP isspecificseen as a driver to save battery consumption exacerbated by keepalive messages. PCP also gives the possibility of enabling incoming connections to the cellularCPEsdevice. Indeed, because several stateful devices may be deployed inorder to ensurewireless networks (e.g., NAT64 and/or IPv6 Firewalls), PCP can be used by thesamecellular host to control network-based NAT64 and IPv6functional parity for both fixedFirewall functions which will reduce per- application signaling andcellular CPEs. L_REC#3: For deployments requiringsave battery consumption. According toshare the same /64 prefix,[Power], the consumption of a cellular deviceshould support [RFC7278] to enable sharingwith a/64 prefix between the 3GPP interface towards the GGSN/ PGW (WAN interface) and the LAN interfaces. Prefix Delegation (referkeep-alive interval equal toL_REC#1)20 seconds (that is thetarget solution for distributing prefixesdefault value in [RFC3948] for example) is 29 mA (2G)/34 mA (3G). This consumption is reduced to 16 mA (2G)/24 mA (3G) when theLAN side but, because the device may attachinterval is increased toearlier 3GPP release networks, a mean40 seconds, toshare a /64 prefix is also recommended [RFC7278]. [RFC7278] must be invoked only9.1 mA (2G)/16 mA (3G) ifPrefix Delegationthe interval isnot in use. L_REC#4: In orderequal toensure IPv4 service continuity in an IPv6-only deployment context,150 seconds, and to 7.3 mA (2G)/14 mA (3G) if thecellular device should supportinterval is equal to 180 seconds. When no keep- alive is issued, theCustomer Side Translator (CLAT) [RFC6877]. Various IP devicesconsumption would be 5.2 mA (2G)/6.1 mA (3G). The impact of keepalive messages would be more severe if multiple applications arelikelyissuing those messages (e.g., SIP, IPsec, etc.). PCP allows tobe connectedavoid embedding ALGs (Application Level Gateways) at the network side (e.g., NAT64) tocellular device, acting as a CPE. Somemanage protocols which convey IP addresses and/or port numbers (see Section 2.2 ofthese devices can be dual-stack, others are IPv6-only or IPv4-only. IPv6-only connectivity[RFC6889]). Avoiding soliciting ALGs allows forcellular device does not allow IPv4-only sessionsmore easiness tobe established for hosts connected on the LAN segmentmake evolve a service independently ofcellular devices.the underlying transport network. A_REC#3: In order for host-based validation of DNS Security Extensions (DNSSEC) to continue toallow IPv4 sessions establishment initiated from devices located on LAN segment side and target IPv4 nodes, a solution consists in integrating the CLATfunction inthe cellular device. As elaborated in Section 2, the CLAT function allows also IPv4 applications to continue running overan IPv6-onlyhost. The IPv4 Service Continuity Prefix used by CLAT is defined in [RFC7335]. L_REC#5: If a RA MTU is advertised from the 3GPP network,connectivity with NAT64 deployment context, the cellulardevicehost shouldrelay that upstream MTU information to the downstream attached LAN devices in RA. Receiving and relaying RA MTU values facilitatesembed amore harmonious functioning of the mobile core network where end nodes transmit packets that do not exceed the MTU sizeDNS64 function ([RFC6147]). This is called "DNS64 in stub-resolver mode" in [RFC6147]. As discussed in Section 5.5 ofthe mobile network's GTP tunnels. [TS.23060] indicates providing[RFC6147], alink MTU value of 1358 octetssecurity- aware and validating host has to perform the3GPP cellular device will prevent the IP layer fragmentation within the transport network betweenDNS64 function locally. Because synthetic AAAA records cannot be successfully validated in a host, learning thecellular device andPREFIX64 used to construct IPv4-converted IPv6 addresses allows theGGSN/PGW. 5. APIs & Applications Recommendations Theuse ofaddress family dependent APIs (Application Programming Interfaces) or hard-coded IPv4 address literals may leadDNSSEC [RFC4033] [RFC4034], [RFC4035]. Means tobroken applications when IPv6 connectivity isconfigure or discover a PREFIX64 are required on the cellular device as discussed inuse. This section identifiesC_REC#8. [RFC7051] discusses why aset of recommendations aimingsecurity-aware and validating host has tominimize broken applications whenperform the DNS64 function locally and why it has to be able to learn the proper PREFIX64(s). A_REC#4: When the cellulardevicehost isattached todual-stack connected (i.e., configured with an IPv4 address and IPv6network. APP_REC#1: Name resolution libraries mustprefix), it should support means to prefer native IPv6 connection over connection established through translation devices (e.g., NAT44 and NAT64). When both IPv4 andIPv6. In particular, the cellularIPv6 DNS servers are configured, a dual-stack host mustsupport [RFC3596]. APP_REC#2: Applications provided by the mobile device vendor must be independent of the underlying IP address family. This means applications must be IP version agnostic. APP_REC#3: Applications provided by the mobile device vendor that use Uniform Resource Identifiers (URIs) must follow [RFC3986] andcontact first itsupdates. For example, SIP applications mustIPv6 DNS server. This preference allows to offload IPv4-only DNS servers. Cellular hosts should follow thecorrection definedprocedure specified in[RFC5954]. 6.[RFC6724] for source address selection. 5. Security Considerations The security considerations identified in [RFC7066] and [RFC6459] are to be taken into account. In the case of cellular CPEs, compliance with L_REC#2 entails compliance with [RFC7084], which in turn recommends compliance with Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service [RFC6092]. Therefore, the security considerations in Section 6 of [RFC6092] are relevant. In particular, it bears repeating here that the true impact of stateful filtering may be a reduction in security, and that IETF make no statement, expressed or implied, as to whether using the capabilities described in any of these documents ultimately improves security for any individual users or for the Internet community as a whole. The cellular host must be able to generate IPv6 addresses which preserve privacy. The activation of privacy extension (e.g., using [RFC7217]) makes it more difficult to track a host over time when compared to using a permanent Interface Identifier. Tracking a host is still possible based on the first 64 bits of the IPv6 address. Means to prevent against such tracking issues may be enabled in the network side. Note, privacy extensions are required by regulatory bodies in some countries. Host-based validation of DNSSEC is discussed in A_REC#3 (see Section3). 7.4). 6. IANA Considerations This document does not require any action from IANA.8.7. Acknowledgements Many thanks to C. Byrne, H. Soliman, H. Singh, L. Colliti, T. Lemon, B. Sarikaya, M. Mawatari, M. Abrahamsson, P. Vickers, V. Kuarsingh, E. Kline, S. Josefsson, A. Baryun, J. Woodyatt, T. Kossut, B. Stark, and A. Petrescu for the discussion in the v6ops mailinglist.list and for the comments. Thanks to A. Farrel, B. Haberman and K. Moriarty for the comments during the IESG review. Special thanks to T. Savolainen, J. Korhonen, J. Jaeggli, and F. Baker for their detailed reviews and comments.9.8. References9.1.8.1. Normative References [IR92] GSMA, "IR.92.V4.0 - IMS Profile for Voice and SMS", March 2011, <http://www.gsma.com/newsroom/ ir-92-v4-0-ims-profile-for-voice-and-sms>. [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. [RFC3596] Thomson, S., Huitema, C., Ksinant, V., and M. Souissi, "DNS Extensions to Support IP Version 6", RFC 3596, October 2003. [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6", RFC 3633, December 2003. [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, January 2005. [RFC5795] Sandlund, K., Pelletier, G., and L-E. Jonsson, "The RObust Header Compression (ROHC) Framework", RFC 5795, March 2010. [RFC5954] Gurbani, V., Carpenter, B., and B. Tate, "Essential Correction for IPv6 ABNF and URI Comparison in RFC 3261", RFC 5954, August 2010. [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, October 2010. [RFC6603] Korhonen, J., Savolainen, T., Krishnan, S., and O. Troan, "Prefix Exclude Option for DHCPv6-based Prefix Delegation", RFC 6603, May 2012. [RFC7066] Korhonen, J., Arkko, J., Savolainen, T., and S. Krishnan, "IPv6 for Third Generation Partnership Project (3GPP) Cellular Hosts", RFC 7066, November 2013. [TS.23060] 3GPP, "General Packet Radio Service (GPRS); Service description; Stage 2", September 2011, <http://www.3gpp.org/DynaReport/23060.htm>. [TS.23401] 3GPP, "General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access", September 2011, <http://www.3gpp.org/DynaReport/23401.htm>. [TS.24008] 3GPP, "Mobile radio interface Layer 3 specification; Core network protocols; Stage 3", June 2011, <http://www.3gpp.org/DynaReport/24008.htm>.9.2.8.2. Informative References [OECD] Organisation for Economic Cooperation and Development (OECD), "The Economics of the Transition to Internet Protocol version 6 (IPv6)", November 2014, <http://www.oec d.org/officialdocuments/publicdisplaydocumentpdf/?cote=DST I/ICCP/CISP%282014%293/FINAL&docLanguage=En>. [Power] Haverinen, H., Siren, J., and P. Eronen, "Energy Consumption of Always-On Applications in WCDMA Networks", April 2007, <http://ieeexplore.ieee.org/xpl/ articleDetails.jsp?arnumber=4212635>. [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. [RFC3948] Huttunen, A., Swander, B., Volpe, V., DiBurro, L., and M. Stenberg, "UDP Encapsulation of IPsec ESP Packets", RFC 3948, January 2005. [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "DNS Security Introduction and Requirements", RFC 4033, March 2005. [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Resource Records for the DNS Security Extensions", RFC 4034, March 2005. [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Protocol Modifications for the DNS Security Extensions", RFC 4035, March 2005. [RFC6092] Woodyatt, J., "Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service", RFC 6092, January 2011. [RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation Algorithm", RFC 6145, April 2011. [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers", RFC 6146, April 2011. [RFC6147] Bagnulo, M., Sullivan, A., Matthews, P., and I. van Beijnum, "DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers", RFC 6147, April 2011. [RFC6434] Jankiewicz, E., Loughney, J., and T. Narten, "IPv6 Node Requirements", RFC 6434, December 2011. [RFC6459] Korhonen, J., Soininen, J., Patil, B., Savolainen, T., Bajko, G., and K. Iisakkila, "IPv6 in 3rd Generation Partnership Project (3GPP) Evolved Packet System (EPS)", RFC 6459, January 2012. [RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown, "Default Address Selection for Internet Protocol Version 6 (IPv6)", RFC 6724, September 2012. [RFC6877] Mawatari, M., Kawashima, M., and C. Byrne, "464XLAT: Combination of Stateful and Stateless Translation", RFC 6877, April 2013. [RFC6887] Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P. Selkirk, "Port Control Protocol (PCP)", RFC 6887, April 2013. [RFC6889] Penno, R., Saxena, T., Boucadair, M., and S. Sivakumar, "Analysis of Stateful 64 Translation", RFC 6889, April 2013. [RFC7050] Savolainen, T., Korhonen, J., and D. Wing, "Discovery of the IPv6 Prefix Used for IPv6 Address Synthesis", RFC 7050, November 2013. [RFC7051] Korhonen, J. and T. Savolainen, "Analysis of Solution Proposals for Hosts to Learn NAT64 Prefix", RFC 7051, November 2013. [RFC7084] Singh, H., Beebee, W., Donley, C., and B. Stark, "Basic Requirements for IPv6 Customer Edge Routers", RFC 7084, November 2013. [RFC7217] Gont, F., "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)", RFC 7217, April 2014. [RFC7225] Boucadair, M., "Discovering NAT64 IPv6 Prefixes Using the Port Control Protocol (PCP)", RFC 7225, May 2014. [RFC7278] Byrne, C., Drown, D., and A. Vizdal, "Extending an IPv6 /64 Prefix from a Third Generation Partnership Project (3GPP) Mobile Interface to a LAN Link", RFC 7278, June 2014. [RFC7335] Byrne, C., "IPv4 Service Continuity Prefix", RFC 7335, August 2014. [RFC7445] Chen, G., Deng, H., Michaud, D., Korhonen, J., Boucadair, M., and V. Ales, "Analysis of Failure Cases in IPv6 Roaming Scenarios", February 2015. [TS.23402] 3GPP, "Architecture enhancements for non-3GPP accesses", September 2011, <http://www.3gpp.org/DynaReport/23402.htm>. Authors' Addresses David Binet France Telecom Rennes France EMail: david.binet@orange.com Mohamed Boucadair France Telecom Rennes 35000 France EMail: mohamed.boucadair@orange.com Ales Vizdal Deutsche Telekom AG EMail: ales.vizdal@t-mobile.cz Gang Chen China Mobile EMail: phdgang@gmail.com Nick Heatley EE The Point, 37 North Wharf Road, London W2 1AG U.K EMail: nick.heatley@ee.co.uk Ross Chandler eircom | meteor 1HSQ St. John's Road Dublin 8 Ireland EMail: ross@eircom.net Dave Michaud Rogers Communications 8200 Dixie Rd. Brampton, ON L6T 0C1 Canada EMail: dave.michaud@rci.rogers.com Diego R. Lopez Telefonica I+D Don Ramon de la Cruz, 82 Madrid 28006 Spain Phone: +34 913 129 041 EMail: diego.r.lopez@telefonica.com