draft-ietf-v6ops-unique-ipv6-prefix-per-host-03.txt   draft-ietf-v6ops-unique-ipv6-prefix-per-host-04.txt 
v6ops J. Brzozowski v6ops J. Brzozowski
Internet-Draft Comcast Cable Internet-Draft Comcast Cable
Intended status: Best Current Practice G. Van De Velde Intended status: Informational G. Van De Velde
Expires: November 18, 2017 Nokia Expires: December 28, 2017 Nokia
May 17, 2017 June 26, 2017
Unique IPv6 Prefix Per Host Unique IPv6 Prefix Per Host
draft-ietf-v6ops-unique-ipv6-prefix-per-host-03 draft-ietf-v6ops-unique-ipv6-prefix-per-host-04
Abstract Abstract
In some IPv6 environments, the need has arisen for hosts to be able In some IPv6 environments, the need has arisen for hosts to be able
to utilize a unique IPv6 prefix, even though the link or media may be to utilize a unique IPv6 prefix, even though the link or media may be
shared. Typically hosts (subscribers) on a shared network, either shared. Typically hosts (subscribers) on a shared network, either
wired or wireless, such as Ethernet, WiFi, etc., will acquire unique wired or wireless, such as Ethernet, WiFi, etc., will acquire unique
IPv6 addresses from a common IPv6 prefix that is allocated or IPv6 addresses from a common IPv6 prefix that is allocated or
assigned for use on a specific link. assigned for use on a specific link.
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 18, 2017. This Internet-Draft will expire on December 28, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Motivation and Scope of Applicability . . . . . . . . . . . . 3 2. Motivation and Scope of Applicability . . . . . . . . . . . . 3
3. Design Principles . . . . . . . . . . . . . . . . . . . . . . 4 3. Design Principles . . . . . . . . . . . . . . . . . . . . . . 4
4. IPv6 Unique Prefix Assignment . . . . . . . . . . . . . . . . 4 4. IPv6 Unique Prefix Assignment . . . . . . . . . . . . . . . . 4
5. IPv6 Neighbor Discovery Best Practices . . . . . . . . . . . 5 5. IPv6 Neighbor Discovery Best Practices . . . . . . . . . . . 6
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
9. Normative References . . . . . . . . . . . . . . . . . . . . 7 9. Normative References . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
The concepts in this document are originally developed as part of a The concepts in this document are originally developed as part of a
large scale, production deployment of IPv6 support for a provider large scale, production deployment of IPv6 support for a provider
managed shared network service. In this document IPv6 support does managed shared network service. In this document IPv6 support does
not preclude support for IPv4; however, the primary objectives for not preclude support for IPv4; however, the primary objectives for
this work was to make it so that user equipment (UE) were capable of this work was to make it so that user equipment (UE) were capable of
an IPv6 only experience from a network operators perspective. In the an IPv6 only experience from a network operators perspective. In the
context of this document, UE can be 'regular' end-user-equipment, as context of this document, UE can be 'regular' end-user-equipment, as
well as a server in a datacentre, assuming a shared network (wired or well as a server in a datacenter, assuming a shared network (wired or
wireless). wireless).
Details of IPv4 support are out of scope for this document. This Details of IPv4 support are out of scope for this document. This
document will also, in general, outline the requirements that must be document will also, in general, outline the requirements that must be
satified by UE to allow for an IPv6 only experience. satisfied by UE to allow for an IPv6 only experience.
In most current deployments, User Equipment (UE) IPv6 address In most current deployments, User Equipment (UE) IPv6 address
assignment is commonly done using either IPv6 SLAAC RFC4862 [RFC4862] assignment is commonly done using either IPv6 SLAAC RFC4862 [RFC4862]
and/or DHCP IA_NA RFC3315 [RFC3315]. During the time when this and/or DHCP IA_NA RFC3315 [RFC3315]. During the time when this
approach was developed and subsequently deployed, it has been approach was developed and subsequently deployed, it has been
observed that some operating systems do not support the use of DHCPv6 observed that some operating systems do not support the use of DHCPv6
for the acquisition of IA_NA per RFC7934 [RFC7934]. As such the use for the acquisition of IA_NA per RFC7934 [RFC7934]. As such the use
of IPv6 SLAAC based subscriber and address management for provider of IPv6 SLAAC based subscriber and address management for provider
managed shared network services is the recommended technology of managed shared network services is the recommended technology of
choice, as it does not exclude any known IPv6 implementation. In choice, as it does not exclude any known IPv6 implementation. In
addition an IA_NA-only network is not recommended per RFC 7934 addition an IA_NA-only network is not recommended per RFC 7934
RFC7934 [RFC7934] section 8. This document will detail the mechanics RFC7934 [RFC7934] section 8. This document will detail the mechanics
involved for IPv6 SLAAC based address and subscriber management involved for IPv6 SLAAC based address and subscriber management
coupled with stateless DHCPv6, where beneficial. coupled with stateless DHCPv6, where beneficial.
This document will focus upon the process for UEs to obtain a unique This document will focus upon the process for UEs to obtain a unique
IPv6 prefix. IPv6 prefix.
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. Motivation and Scope of Applicability 2. Motivation and Scope of Applicability
The motivation for this work falls into the following categories: The motivation for this work falls into the following categories:
o Deployment advice for IPv6 that will allow stable and secure IPv6 o Deployment advice for IPv6 that will allow stable and secure IPv6
only experience, even if IPv4 support is present only experience, even if IPv4 support is present
o Ensure support for IPv6 is efficient and does not impact the o Ensure support for IPv6 is efficient and does not impact the
performance of the underlying network and in turn the customer performance of the underlying network and in turn the customer
experience experience
skipping to change at page 3, line 45 skipping to change at page 4, line 6
o Lay the technological foundation for future work related to the o Lay the technological foundation for future work related to the
use of IPv6 over shared media requiring optimized subscriber use of IPv6 over shared media requiring optimized subscriber
management management
o Two devices (subscriber/hosts), both attached to the same provider o Two devices (subscriber/hosts), both attached to the same provider
managed shared network should only be able to communicate through managed shared network should only be able to communicate through
the provider managed First Hop Router the provider managed First Hop Router
o Provide guidelines regarding best common practices around IPv6 o Provide guidelines regarding best common practices around IPv6
neighborship discovery and IPv6 address managent settings between neighborship discovery RFC4861 [RFC4861] and IPv6 address managent
the First Hop router and directly connected hosts/subscribers. settings between the First Hop router and directly connected
hosts/subscribers.
3. Design Principles 3. Design Principles
The First Hop router discussed in this document is the L3-Edge router The First Hop router discussed in this document is the L3-Edge router
responsible for the communication with the devices (hosts and responsible for the communication with the devices (hosts and
subscribers) directly connected to a provider managed shared network, subscribers) directly connected to a provider managed shared network,
and to transport traffic between the directly connected devices and and to transport traffic between the directly connected devices and
between directly connected devices and remote devices. between directly connected devices and remote devices.
The work detailed in this document is focused on providing details The work detailed in this document is focused on providing details
skipping to change at page 4, line 43 skipping to change at page 4, line 48
IPv6 gateway, the IPv6 prefix information, the DNS information IPv6 gateway, the IPv6 prefix information, the DNS information
RFC6106 [RFC6106], and the remaining information required to RFC6106 [RFC6106], and the remaining information required to
establish globally routable IPv6 connectivity. For that purpose, the establish globally routable IPv6 connectivity. For that purpose, the
the UE/subscriber sends a RS (Router Solicitation) message. the UE/subscriber sends a RS (Router Solicitation) message.
The First Hop Router receives this UE/subscriber RS message and The First Hop Router receives this UE/subscriber RS message and
starts the process to compose the response to the UE/subscriber starts the process to compose the response to the UE/subscriber
originated RS message. The First Hop Provider Router will answer originated RS message. The First Hop Provider Router will answer
using a unicast RA (Router Advertisement) to the UE/subscriber. This using a unicast RA (Router Advertisement) to the UE/subscriber. This
RA contains two important parameters for the EU/subscriber to RA contains two important parameters for the EU/subscriber to
consume: (1) a /64 prefix and (2) flags. The /64 prefix can be consume: (1) a Unique IPv6 prefix (most likely a /64 prefix
derived from a locally managed pool or aggregate IPv6 block assigned consistent with RFC7608 [RFC7608]) and (2) flags. The Unique IPv6
to the First Hop Provider Router or from a centrally allocated pool. prefix can be derived from a locally managed pool or aggregate IPv6
The flags indicate to the UE/subscriber to use SLAAC and/or DHCPv6 block assigned to the First Hop Provider Router or from a centrally
for address assignment; it may indicate if the autoconfigured address allocated pool. The flags indicate to the UE/subscriber to use SLAAC
is on/off-link and if 'Other' information (e.g. DNS server address) and/or DHCPv6 for address assignment; it may indicate if the
needs to be requested. autoconfigured address is on/off-link and if 'Other' information
(e.g. DNS server address) needs to be requested.
The IPv6 RA flags used for best common practice in IPv6 SLAAC based The IPv6 RA flags used for best common practice in IPv6 SLAAC based
Provider managed shared networks are: Provider managed shared networks are:
o M-flag = 0 (UE/subscriber address is not managed through DHCPv6), o M-flag = 0 (UE/subscriber address is not managed through DHCPv6),
this flag may be set to 1 in the future if/when DHCPv6 prefix this flag may be set to 1 in the future if/when DHCPv6 prefix
delegation support is desired) delegation support is desired)
o O-flag = 1 (DHCPv6 is used to request configuration information o O-flag = 1 (DHCPv6 is used to request configuration information
i.e. DNS, NTP information, not for IPv6 addressing) i.e. DNS, NTP information, not for IPv6 addressing)
o A-flag = 1 (The UE/subscriber can configure itself using SLAAC) o A-flag = 1 (The UE/subscriber can configure itself using SLAAC)
o L-flag = 0 (The UE/subscriber is off-link, which means that the o L-flag = 0 (the prefix is not an on-link prefix, which means that
UE/subscriber will ALWAYS send packets to its default gateway, the UE/subscriber will NEVER assume destination addresses that
even if the destination is within the range of the /64 prefix) match the prefix are on-link and will ALWAYS send packets to those
addresses to its default gateway.)
The use of a unique IPv6 prefix per UE adds an additional level of The use of a unique IPv6 prefix per UE adds an additional level of
protection and efficiency as it relates to how IPv6 Neighbor protection and efficiency as it relates to how IPv6 Neighbor
Discovery and Router Discovery processing. Since the UE has a unique Discovery and Router Discovery processing. Since the UE has a unique
IPv6 prefix all traffic by default will be directed to the First Hop IPv6 prefix all traffic by default will be directed to the First Hop
provider router. Further, the flag combinations documented above provider router. Further, the flag combinations documented above
maximize the IPv6 configurations that are available by hosts maximise the IPv6 configurations that are available by hosts
including the use of privacy IPv6 addressing. including the use of privacy IPv6 addressing.
The architected result of designing the RA as documented above is The architected result of designing the RA as documented above is
that each UE/subscriber gets its own unique /64 IPv6 prefix for which that each UE/subscriber gets its own unique IPv6 prefix for which it
it can use SLAAC or any other method to select its /128 unique can use SLAAC or any other method to select its /128 unique address.
address. In addition it will use stateless DHCPv6 to get the IPv6 In addition it will use stateless DHCPv6 to get the IPv6 address of
address of the DNS server, however it SHOULD NOT use stateful DHCPv6 the DNS server, however it SHOULD NOT use stateful DHCPv6 to receive
to receive a service provider managed IPv6 address. If the UE/ a service provider managed IPv6 address. If the UE/subscriber
subscriber desires to send anything external including other UE/ desires to send anything external including other UE/subscriber
subscriber devices (assuming device to device communications is devices (assuming device to device communications is enabled and
enabled and supported), then, due to the L-bit set, it SHOULD send supported), then, due to the L-bit set, it SHOULD send this traffic
this traffic to the First Hop Provider Router. to the First Hop Provider Router.
After the UE/subscriber received the RA, and the associated flags, it After the UE/subscriber received the RA, and the associated flags, it
will assign itself a 128 bit IPv6 address using SLAAC. Since the will assign itself a 128 bit IPv6 address using SLAAC. Since the
address is composed by the UE/subscriber device itself, it will need address is composed by the UE/subscriber device itself, it will need
to verify that the address is unique on the shared network. The UE/ to verify that the address is unique on the shared network. The UE/
subscriber will for that purpose, perform Duplicate Address Detection subscriber will for that purpose, perform Duplicate Address Detection
algorithm. This will occur for each address the UE attempts to algorithm. This will occur for each address the UE attempts to
utilize on the shared provider managed network. utilize on the shared provider managed network.
5. IPv6 Neighbor Discovery Best Practices 5. IPv6 Neighbor Discovery Best Practices
skipping to change at page 6, line 38 skipping to change at page 6, line 47
model provides a consideration to make regarding resource consumption model provides a consideration to make regarding resource consumption
(i.e. memory, neighbor state) on the First Hop Router. To reduce (i.e. memory, neighbor state) on the First Hop Router. To reduce
undesired resource consumption on the First Hop Router the desire is undesired resource consumption on the First Hop Router the desire is
to remove UE/subscriber context in the case of non-permanent UE, such to remove UE/subscriber context in the case of non-permanent UE, such
as in the case of WiFi hotspots as quickly as possible. A possible as in the case of WiFi hotspots as quickly as possible. A possible
solution is to use a subscriber inactivity timer which, after solution is to use a subscriber inactivity timer which, after
tracking a pre-defined (currently unspecified) number of minutes, tracking a pre-defined (currently unspecified) number of minutes,
deletes the subscriber context on the First Hop Router. deletes the subscriber context on the First Hop Router.
When employing stateless IPv6 address assignment, a number of widely When employing stateless IPv6 address assignment, a number of widely
deployed operating systems will attempt to utilize RFC 4941 RFC4941 deployed operating systems will attempt to utilise RFC 4941 RFC4941
[RFC4941] temporary 'private' addresses. [RFC4941] temporary 'private' addresses.
Similarly, when using this technology in a datacentre, the UE server Similarly, when using this technology in a datacenter, the UE server
may need to use several addresses from the same /64, for example may need to use several addresses from the same Unique IPv6 Prefix,
because is using multiple virtual hosts, containers, etc. in the for example because is using multiple virtual hosts, containers, etc.
bridged virtual switch. This can lead to the consequence that a UE
has multiple /128 addresses from the same IPv6 prefix. The First Hop in the bridged virtual switch. This can lead to the consequence that
Provider Router MUST be able to handle the presence and use of a UE has multiple /128 addresses from the same IPv6 prefix. The
multiple globally routable IPv6 addresses. First Hop Provider Router MUST be able to handle the presence and use
of multiple globally routable IPv6 addresses.
For accounting purposes, the First Hop Provider Router must be able For accounting purposes, the First Hop Provider Router must be able
to send usage statistics per UE/subscriber using Radius attributes. to send usage statistics per UE/subscriber using Radius attributes.
6. IANA Considerations 6. IANA Considerations
No IANA considerations are defined at this time. No IANA considerations are defined at this time.
7. Security Considerations 7. Security Considerations
No additional security considerations are made in this document. The mechanics of IPv6 privacy extensions RFC4941 [RFC4941] is
compatible with assignment of an Unique IPv6 Prefix per Host. The
combination of both IPv6 privacy extensions and operator based
assignment of a Unique IPv6 Prefix per Host provides each
implementing operator a tool to manage and provide subscriber
services and hence reduces the experienced privacy within each
operator controlled domain. However, beyond the operator controlled
domain, IPv6 privacy extensions provide the desired privacy as
documented in RFC4941 [RFC4941].
No other additional security considerations are made in this
document.
8. Acknowledgements 8. Acknowledgements
The authors would like to thank the following, in alphabetical order, The authors would like to thank the following, in alphabetical order,
for their contributions: for their contributions:
Tim Chown, Lorenzo Colitti, Killian Desmedt, Brad Hilgenfeld, Wim Brian Carpenter, Tim Chown, Lorenzo Colitti, Killian Desmedt, Brad
Henderickx, Erik Kline, Warren Kumari, Thomas Lynn, Jordi Palet, Phil Hilgenfeld, Wim Henderickx, Erik Kline, Warren Kumari, Thomas Lynn,
Sanderson, Colleen Szymanik, Eric Vyncke, Sanjay Wadhwa Jordi Palet, Phil Sanderson, Colleen Szymanik, Jinmei Tatuya, Eric
Vyncke, Sanjay Wadhwa
9. Normative References 9. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins,
C., and M. Carney, "Dynamic Host Configuration Protocol C., and M. Carney, "Dynamic Host Configuration Protocol
for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July
2003, <http://www.rfc-editor.org/info/rfc3315>. 2003, <http://www.rfc-editor.org/info/rfc3315>.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
DOI 10.17487/RFC4861, September 2007,
<http://www.rfc-editor.org/info/rfc4861>.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862, Address Autoconfiguration", RFC 4862,
DOI 10.17487/RFC4862, September 2007, DOI 10.17487/RFC4862, September 2007,
<http://www.rfc-editor.org/info/rfc4862>. <http://www.rfc-editor.org/info/rfc4862>.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration in Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007, IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007,
<http://www.rfc-editor.org/info/rfc4941>. <http://www.rfc-editor.org/info/rfc4941>.
[RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, [RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli,
"IPv6 Router Advertisement Options for DNS Configuration", "IPv6 Router Advertisement Options for DNS Configuration",
RFC 6106, DOI 10.17487/RFC6106, November 2010, RFC 6106, DOI 10.17487/RFC6106, November 2010,
<http://www.rfc-editor.org/info/rfc6106>. <http://www.rfc-editor.org/info/rfc6106>.
[RFC7608] Boucadair, M., Petrescu, A., and F. Baker, "IPv6 Prefix
Length Recommendation for Forwarding", BCP 198, RFC 7608,
DOI 10.17487/RFC7608, July 2015,
<http://www.rfc-editor.org/info/rfc7608>.
[RFC7934] Colitti, L., Cerf, V., Cheshire, S., and D. Schinazi, [RFC7934] Colitti, L., Cerf, V., Cheshire, S., and D. Schinazi,
"Host Address Availability Recommendations", BCP 204, "Host Address Availability Recommendations", BCP 204,
RFC 7934, DOI 10.17487/RFC7934, July 2016, RFC 7934, DOI 10.17487/RFC7934, July 2016,
<http://www.rfc-editor.org/info/rfc7934>. <http://www.rfc-editor.org/info/rfc7934>.
Authors' Addresses Authors' Addresses
John Jason Brzozowski John Jason Brzozowski
Comcast Cable Comcast Cable
1701 John F. Kennedy Blvd. 1701 John F. Kennedy Blvd.
 End of changes. 20 change blocks. 
42 lines changed or deleted 80 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/