draft-ietf-v6ops-unman-scenarios-01.txt   draft-ietf-v6ops-unman-scenarios-02.txt 
INTERNET DRAFT C. Huitema INTERNET DRAFT C. Huitema
<draft-ietf-v6ops-unman-scenarios-01.txt> Microsoft <draft-ietf-v6ops-unman-scenarios-02.txt> Microsoft
June 3, 2003 R. Austein June 16, 2003 R. Austein
Expires December 3, 2003 Bourgeois Dilettant Expires December 16, 2003 Bourgeois Dilettant
S. Satapati S. Satapati
Cisco Systems, Inc. Cisco Systems, Inc.
R. van der Pol R. van der Pol
NLnet Labs NLnet Labs
Unmanaged Networks IPv6 Transition Scenarios Unmanaged Networks IPv6 Transition Scenarios
Status of this memo Status of this memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
skipping to change at page 10, line ? skipping to change at page 10, line ?
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Abstract Abstract
In order to evaluate the suitability of IPv6 transition mechanisms, In order to evaluate the suitability of IPv6 transition mechanisms,
we need to define the scenarios in which these mechanisms have to be we need to define the scenarios in which these mechanisms have to be
used. One specific scope is the "unmanaged network", which typically used. One specific scope is the "unmanaged network", which typically
corresponds to a home or small office network. The scenarios are corresponds to a home or small office network. The scenarios are
specific to single link subnet, and are defined in terms of IP specific to single subnet, and are defined in terms of IP
connectivity supported by the home gateway and the ISP. We first connectivity supported by the gateway and the ISP. We first examine
examine the generic requirements of four classes of applications: the generic requirements of four classes of applications: local,
local, client, peer to peer and server. Then, for each scenario, we client, peer to peer and server. Then, for each scenario, we infer
infer transition requirements by analyzing the needs for smooth transition requirements by analyzing the needs for smooth migration
migration of applications from IPv4 to IPv6. of applications from IPv4 to IPv6.
1 Introduction 1 Introduction
In order to evaluate the suitability of transition mechanisms, we In order to evaluate the suitability of transition mechanisms, we
need to define the environment or scope in which these mechanisms need to define the environment or scope in which these mechanisms
have to be used. One specific scope is the "unmanaged networks", have to be used. One specific scope is the "unmanaged networks",
which typically correspond to home networks or small office which typically correspond to home networks or small office
networks. networks.
This document studies the requirement posed by various transition This document studies the requirement posed by various transition
skipping to change at page 10, line ? skipping to change at page 10, line ?
: +-----+ : +-----+
+------+ | | +------+ | |
| Host +--+ +-------------- | Host +--+ +--------------
+------+ | +------+ |
| |
+------+ | +------+ |
| Host +--+ | Host +--+
+------+ +------+
Between the subnet and the ISP access link is a gateway, which may Between the subnet and the ISP access link is a gateway, which may
or may not perform NAT and firewall function. A key point of this or may not perform NAT and firewall functions. A key point of this
configuration is that the gateway is typically not "managed". In configuration is that the gateway is typically not "managed". In
most cases, it is a simple "appliance", which incorporates some most cases, it is a simple "appliance", which incorporates some
static policies. However, there are many cases in which the gateway static policies. However, there are many cases in which the gateway
is procured and configured by the ISP, and there are also some is procured and configured by the ISP, and there are also some
common cases in which we find two gateways back to back, one managed common cases in which we find two gateways back to back, one managed
by the ISP and the other added by the owner of the unmanaged by the ISP and the other added by the owner of the unmanaged
network. network.
The access link between the unmanaged network and the ISP might be The access link between the unmanaged network and the ISP might be
either a static, permanent connection or a dynamic connection such either a static, permanent connection or a dynamic connection such
Huitema et al. [Page 2] Huitema et al. [Page 2]
as a dial-up or ISDN line. as a dial-up or ISDN line.
In a degenerate case, an unmanaged network might consist of a single In a degenerate case, an unmanaged network might consist of a single
host, directly connected to an ISP. host, directly connected to an ISP.
There are some cases in which the "gateway" is replaced by a layer-2
bridge. In such deployments, the hosts have direct access to the ISP
service. In order to avoid lengthy developments, we will treat these
cases as if the gateway was not present, i.e. as if each host was
connected directly to the ISP.
Our definition of unmanaged networks explicitly exclude networks Our definition of unmanaged networks explicitly exclude networks
composed of multiple subnets. We will readily admit that some home composed of multiple subnets. We will readily admit that some home
networks and some small business networks contain multiple subnets, networks and some small business networks contain multiple subnets,
but in the current state of the technology these multiple subnet but in the current state of the technology these multiple subnet
networks are not "unmanaged": some competent administrator has to networks are not "unmanaged": some competent administrator has to
explicitly configure the routers. We will thus concentrate on single explicitly configure the routers. We will thus concentrate on single
subnet networks, where no such competent operator is expected. subnet networks, where no such competent operator is expected.
3 Applications 3 Applications
skipping to change at page 10, line ? skipping to change at page 10, line ?
unmanaged network, or reading and sending e-mail with the help of a unmanaged network, or reading and sending e-mail with the help of a
server outside the unmanaged network. server outside the unmanaged network.
Client applications tend to work correctly in IPv4 unmanaged Client applications tend to work correctly in IPv4 unmanaged
networks, even when the gateway performs NAT or firewall function: networks, even when the gateway performs NAT or firewall function:
these translation and firewall functions are designed precisely to these translation and firewall functions are designed precisely to
enable client applications. enable client applications.
3.3 Peer-to-peer applications 3.3 Peer-to-peer applications
Huitema et al. [Page 3]
There are really two kinds of "peer-to-peer" applications: ones There are really two kinds of "peer-to-peer" applications: ones
which only involve hosts on the unmanaged network, and ones which which only involve hosts on the unmanaged network, and ones which
involve both one or more hosts on the unmanaged network and one or involve both one or more hosts on the unmanaged network and one or
more hosts outside the unmanaged network. We will only consider the more hosts outside the unmanaged network. We will only consider the
latter kind of peer-to-peer applications, since the former can be latter kind of peer-to-peer applications, since the former can be
considered a subset of the kind of local applications discussed considered a subset of the kind of local applications discussed
Huitema et al. [Page 3]
in section 3.1. in section 3.1.
Peer-to-peer applications are a restricted subset of "server Peer-to-peer applications are a restricted subset of "server
applications" (discussed in section 3.4), in which the services are applications" (discussed in section 3.4), in which the services are
only meant to be used by well-identified peers outside the unmanaged only meant to be used by well-identified peers outside the unmanaged
network. These applications are often facilitated by a server network. These applications are often facilitated by a server
outside the unmanaged networks. Examples of peer-to-peer outside the unmanaged networks. Examples of peer-to-peer
applications would be a video-conference over IP, facilitated by a applications would be a video-conference over IP, facilitated by a
Session Invitation Protocol (SIP) server, or a distributed game Session Invitation Protocol (SIP) server, or a distributed game
application, facilitated by a "game lobby". application, facilitated by a "game lobby".
skipping to change at page 10, line ? skipping to change at page 10, line ?
network. On the other hand, it is also possible to use out-of-band network. On the other hand, it is also possible to use out-of-band
techniques (such as cut-and-paste into an instant message system) to techniques (such as cut-and-paste into an instant message system) to
pass around the address of the target server. pass around the address of the target server.
4 Application requirements of an IPv6 unmanaged network 4 Application requirements of an IPv6 unmanaged network
As we transition to IPv6, we must meet the requirements of the As we transition to IPv6, we must meet the requirements of the
various applications, which we can summarize in the following way: various applications, which we can summarize in the following way:
applications that used to work well with IPv4 should continue applications that used to work well with IPv4 should continue
working well during the transition; it should be possible to use working well during the transition; it should be possible to use
Huitema et al. [Page 4]
IPv6 to deploy new applications that are currently hard to deploy in IPv6 to deploy new applications that are currently hard to deploy in
IPv4 networks; and the deployment of these IPv6 applications should IPv4 networks; and the deployment of these IPv6 applications should
be simple and easy to manage, but the solutions should also be be simple and easy to manage, but the solutions should also be
robust and secure. robust and secure.
The application requirements for IPv6 Unmanaged Networks fall into The application requirements for IPv6 Unmanaged Networks fall into
Huitema et al. [Page 4]
three general categories: connectivity, naming, and security. three general categories: connectivity, naming, and security.
Connectivity issues include the provision of IPv6 addresses and Connectivity issues include the provision of IPv6 addresses and
their quality: do hosts need global addresses, should these their quality: do hosts need global addresses, should these
addresses be stable or, more precisely, what should the expected addresses be stable or, more precisely, what should the expected
lifetimes of these addresses be? Naming issues include the lifetimes of these addresses be? Naming issues include the
management of names for the hosts: do hosts need DNS names, and is management of names for the hosts: do hosts need DNS names, and is
inverse name resolution a requirement? Security issues include inverse name resolution a requirement? Security issues include
possible restriction to connectivity, privacy concerns and, possible restriction to connectivity, privacy concerns and,
generally speaking, the security of the applications. generally speaking, the security of the applications.
4.1 Requirements of local applications 4.1 Requirements of local applications
Local applications require local connectivity. They must continue to Local applications require local connectivity. They must continue to
work even if the unmanaged network is isolated from the Internet. work even if the unmanaged network is isolated from the Internet.
Local applications typically use ad hoc naming systems. Many of Local applications typically use ad hoc naming systems. Many of
these systems are proprietary; an example of a standard system is these systems are proprietary; an example of a standard system is
the service location protocol (SLP). the service location protocol (SLP) [RFC2608].
The security of local applications will usually be enhanced if these The security of local applications will usually be enhanced if these
applications can be effectively isolated from the global Internet. applications can be effectively isolated from the global Internet.
4.2 Requirements of client applications 4.2 Requirements of client applications
Client applications require global connectivity. In an IPv6 network, Client applications require global connectivity. In an IPv6 network,
we would expect the client to use a global IPv6 address, which will we would expect the client to use a global IPv6 address, which will
have to remain stable for the duration of the client-server session. have to remain stable for the duration of the client-server session.
skipping to change at page 10, line ? skipping to change at page 10, line ?
cases, these PTR records are perfunctory, derived in an algorithmic cases, these PTR records are perfunctory, derived in an algorithmic
fashion from the IPv4 address; the main information that they fashion from the IPv4 address; the main information that they
contain is the domain name of the ISP. Whether or not an equivalent contain is the domain name of the ISP. Whether or not an equivalent
function should be provided in an IPv6 network is unclear. function should be provided in an IPv6 network is unclear.
4.2.1 Privacy requirement of client applications 4.2.1 Privacy requirement of client applications
It is debatable whether the IPv6 networking service should be It is debatable whether the IPv6 networking service should be
engineered to enhance the privacy of the clients, and specifically engineered to enhance the privacy of the clients, and specifically
whether support for RFC 3041 should be required. RFC 3041 enables whether support for RFC 3041 should be required. RFC 3041 enables
Huitema et al. [Page 5]
hosts to pick IPv6 addresses in which the host identifier is hosts to pick IPv6 addresses in which the host identifier is
randomized; this was designed to make sure that the IPv6 addresses randomized; this was designed to make sure that the IPv6 addresses
and the host identifier cannot be used to track the Internet and the host identifier cannot be used to track the Internet
connections of a device's owner. connections of a device's owner.
Many observe that randomizing the host identifier portion of the Many observe that randomizing the host identifier portion of the
Huitema et al. [Page 5]
address is only a half measure. If the unmanaged network address address is only a half measure. If the unmanaged network address
prefix remains constant, the randomization only hides which host in prefix remains constant, the randomization only hides which host in
the unmanaged network originates a given connection, e.g. the the unmanaged network originates a given connection, e.g. the
children's computer versus their parents'. This would place the children's computer versus their parents'. This would place the
privacy rating of such connections on a par with that of IPv4 privacy rating of such connections on a par with that of IPv4
connections originating from an unmanaged network in which a NAT connections originating from an unmanaged network in which a NAT
manages a static IPv4 address; in both case, the IPv4 address or the manages a static IPv4 address; in both cases, the IPv4 address or
IPv6 prefix can be used to identify the unmanaged network, e.g. the the IPv6 prefix can be used to identify the unmanaged network, e.g.
specific home from which the connection originated. the specific home from which the connection originated.
However, randomization of the host identifier does provide benefits. However, randomization of the host identifier does provide benefits.
First, if some of the hosts in the unmanaged network are mobile, the First, if some of the hosts in the unmanaged network are mobile, the
randomization destroys any correlation between the addresses used at randomization destroys any correlation between the addresses used at
various locations: the addresses alone could not be used to various locations: the addresses alone could not be used to
determine whether a given connection originates from the same laptop determine whether a given connection originates from the same laptop
moving from work to home, or used on the road. Second, the moving from work to home, or used on the road. Second, the
randomization removes any information that could be extracted from a randomization removes any information that could be extracted from a
hardwired host identifier; for example, it will prevent outsiders hardwired host identifier; for example, it will prevent outsiders
from correlating a serial number with a specific brand of expensive from correlating a serial number with a specific brand of expensive
electronic equipment, and to use this information for planning electronic equipment, and to use this information for planning
marketing campaigns or possibly burglary attempts. marketing campaigns or possibly burglary attempts.
Randomization of the addresses is not sufficient to guarantee Randomization of the addresses is not sufficient to guarantee
privacy. Usage can be tracked by a variety of other means, from privacy. Usage can be tracked by a variety of other means, from
application level "cookies" to complex techniques involving data application level "cookies" to complex techniques involving data
mining and traffic analysis. However, just because privacy can be mining and traffic analysis. However, we should not make a bad
breached by other means is not a sufficient reason to enable situation worse. Other attacks to privacy may be possible, but this
additional tracking through IPv6 addresses. is not a reason to enable additional tracking through IPv6
addresses.
Randomization of the host identifier has some cost: the address Randomization of the host identifier has some cost: the address
management in hosts is more complex for the hosts and the gateway management in hosts is more complex for the hosts, reverse DNS
may have to maintain a larger cache of neighbor addresses; however, services are harder to provide, and the gateway may have to maintain
experience from existing implementation shows that these costs are a larger cache of neighbor addresses; however, experience from
not overwhelming. Given the limited benefits, it would be existing implementation shows that these costs are not overwhelming.
unreasonable to require that all hosts use privacy addresses; Given the limited benefits, it would be unreasonable to require that
however, given the limited costs, it is reasonable to require that all hosts use privacy addresses; however, given the limited costs,
all unmanaged networks allow use of privacy addresses by those hosts it is reasonable to require that all unmanaged networks allow use of
that choose to do so. privacy addresses by those hosts that choose to do so.
4.3 Requirements of peer-to-peer applications 4.3 Requirements of peer-to-peer applications
Peer-to-peer applications require global connectivity. In an IPv6 Peer-to-peer applications require global connectivity. In an IPv6
network, we would expect the peers to use a global IPv6 address, network, we would expect the peers to use a global IPv6 address,
which will have to remain stable for the duration of the peer-to- which will have to remain stable for the duration of the peer-to-
peer session. peer session.
Huitema et al. [Page 6]
Peer-to-peer applications often use ad hoc naming systems, sometimes Peer-to-peer applications often use ad hoc naming systems, sometimes
derived from an "instant messaging" service. (Peer-to-peer derived from an "instant messaging" service. (Peer-to-peer
applications that rely on the DNS for name resolution have the same applications that rely on the DNS for name resolution have the same
naming requirements as server applications, which are discussed in naming requirements as server applications, which are discussed in
the next section.) Many of these systems are proprietary; an example the next section.) Many of these systems are proprietary; an example
of a standard system is the session invitation protocol (SIP). In of a standard system is the session invitation protocol (SIP)
[RFC3261]. In these systems, the peers register their presence to a
Huitema et al. [Page 6] "rendezvous" server, using a name specific to the service; the case
these systems, the peers register their presence to a "rendezvous" of SIP, they would use a SIP URL, of the form
server, using a name specific to the service; the case of SIP, they "sip:user@example.com". A peer-to-peer session typically starts with
would use a SIP URL, of the form "sip:user@example.com". A peer-to- an exchange of synchronization messages through the rendezvous
peer session typically starts with an exchange of synchronization servers, during which the peers exchange the addresses that will be
messages through the rendezvous servers, during which the peers used for the session.
exchange the addresses that will be used for the session.
There are multiple aspects to the security of peer-to-peer There are multiple aspects to the security of peer-to-peer
applications, many of which relate to the security of the rendezvous applications, many of which relate to the security of the rendezvous
system. If we assume that the peers have been able to safely system. If we assume that the peers have been able to safely
exchange their IPv6 addresses, the main security requirement is the exchange their IPv6 addresses, the main security requirement is the
capability to safely exchange data between the peers, without capability to safely exchange data between the peers, without
interference by third parties. interference by third parties.
Private conversations by one of the authors with developers of peer- Private conversations by one of the authors with developers of peer-
to-peer applications suggest that many would be willing to consider to-peer applications suggest that many would be willing to consider
skipping to change at page 10, line ? skipping to change at page 10, line ?
NAT, for each service provided by a server, the NAT has to be NAT, for each service provided by a server, the NAT has to be
configured to forward packets sent to that service to the server configured to forward packets sent to that service to the server
that offers the service. that offers the service.
Server applications normally rely on the publication of the server's Server applications normally rely on the publication of the server's
address in the DNS. This, in turn, requires that the server be address in the DNS. This, in turn, requires that the server be
provisioned with a "global DNS name". provisioned with a "global DNS name".
The DNS entries for the server will have to be updated, preferably The DNS entries for the server will have to be updated, preferably
in real time, if the server's address changes. In practice, updating in real time, if the server's address changes. In practice, updating
Huitema et al. [Page 7]
the DNS can be slow, which implies that server applications will the DNS can be slow, which implies that server applications will
have a better chance of being deployed if the IPv6 addresses remain have a better chance of being deployed if the IPv6 addresses remain
stable for a long period. stable for a long period.
The security of server applications depends mostly on the The security of server applications depends mostly on the
correctness of the server, and also on the absence of collateral correctness of the server, and also on the absence of collateral
effects: many incidents occur when the opening of a server on the effects: many incidents occur when the opening of a server on the
Internet inadvertently enables remote access to some other services Internet inadvertently enables remote access to some other services
Huitema et al. [Page 7]
on the same host. on the same host.
5 Stages of IPv6 deployment 5 Stages of IPv6 deployment
We expect the deployment of IPv6 to proceed from an initial state in We expect the deployment of IPv6 to proceed from an initial state in
which there is little or no deployment to a final stage in which we which there is little or no deployment to a final stage in which we
might retire the IPv4 infrastructure. We expect this process to might retire the IPv4 infrastructure. We expect this process to
stretch over many years; we also expect it to not be synchronized, stretch over many years; we also expect it to not be synchronized,
as different parties involved will deploy IPv6 at different paces. as different parties involved will deploy IPv6 at different paces.
In order to get some clarity, we distinguish three entities involved In order to get some clarity, we distinguish three entities involved
in the transition of an unmanaged network: the ISP (possibly in the transition of an unmanaged network: the ISP (possibly
including ISP consumer premise equipment (CPE)), the home gateway, including ISP consumer premise equipment (CPE)), the home gateway,
and the hosts (computers and appliances). Each can support IPv4- and the hosts (computers and appliances). Each can support IPv4-
only, both IPv4 and IPv6 or IPv6-only. That gives us 27 only, both IPv4 and IPv6 or IPv6-only. That gives us 27
possibilities. We describe the most important cases. We will assume possibilities. We describe the most important cases. We will assume
that in all cases the hosts are a combination of IPv4-only, dual that in all cases the hosts are a combination of IPv4-only, dual
stack and (perhaps) IPv6-only hosts. stack and (perhaps) IPv6-only hosts.
The cases we will consider are: The cases we will consider are:
skipping to change at page 10, line ? skipping to change at page 10, line ?
A) a gateway which does not provide IPv6 at all; A) a gateway which does not provide IPv6 at all;
B) a dual-stack gateway connected to a dual stack ISP; B) a dual-stack gateway connected to a dual stack ISP;
C) a dual stack gateway connected to an IPV4-only ISP; and C) a dual stack gateway connected to an IPV4-only ISP; and
D) a gateway connected to an IPv6-only ISP D) a gateway connected to an IPv6-only ISP
In most of these cases we will assume that the gateway includes a In most of these cases we will assume that the gateway includes a
NAT: we realize that this is not always the case, but we submit that NAT: we realize that this is not always the case, but we submit that
it is common enough that we have to deal with it; furthermore, we it is common enough that we have to deal with it; furthermore, we
believe that the non-NAT variants of these cases map fairly closely believe that the non-NAT variants of these cases map fairly closely
to this same set of cases. For example, the case in which there is to this same set of cases. In fact, we can consider three non-NAT
no NAT and the CPE is a bridge rather than a router maps fairly well variants: directly connected host; gateway acting as a bridge; and
to cases B, C, or D, depending on which protocols the ISP supports; gateway acting as a non-NAT IP router.
similarly, the case in which the CPE is a router but is not a NAT
maps either to case B or case C depending on what the CPE router The cases of directly connected hosts are in effect variants of
supports. Last, note that the combination of an IPv6-capable ISP cases B, C and D, in which the host can use all solutions available
with a gateway that doesn't support IPv6 is, in effect, equivalent to gateways: case B if the ISP is dual stack, case C if the ISP only
to case A. provides IPv4 connectivity, and case D if the ISP only provides IPv6
connectivity.
In the cases where the gateway is a bridge, the hosts are in effect
directly connected to the ISP, and for all practical matter behave
as directly connected hosts.
Huitema et al. [Page 8]
The case where the gateway is an IP router but not a NAT will be
treated as small variants in the analysis of case A, B, C and D.
5.1 Case A, host deployment of IPv6 applications 5.1 Case A, host deployment of IPv6 applications
In this case the gateway doesn't provide IPv6; the ISP may or may In this case the gateway doesn't provide IPv6; the ISP may or may
not provide IPv6, but this is not relevant, since the non-upgraded not provide IPv6, but this is not relevant, since the non-upgraded
gateway would prevent the hosts from using the ISP service. Some gateway would prevent the hosts from using the ISP service. Some
hosts will try to get IPv6 connectivity, in order to run hosts will try to get IPv6 connectivity, in order to run
applications that require IPv6, or work better with IPv6. The hosts applications that require IPv6, or work better with IPv6. The hosts
in this case will have to handle the IPv6 transition mechanisms on in this case will have to handle the IPv6 transition mechanisms on
their own. their own.
There are two variations of this case, depending on the type of There are two variations of this case, depending on the type of
service implemented by the gateway. In many cases, the gateway is a service implemented by the gateway. In many cases, the gateway is a
direct obstacle to the deployment of IPv6, but a gateway which is direct obstacle to the deployment of IPv6, but a gateway which is
some form of bridge-mode CPE or which is a plain (neither some form of bridge-mode CPE or which is a plain (neither
Huitema et al. [Page 8]
filtering nor NAT) router does not really fall into this category. filtering nor NAT) router does not really fall into this category.
5.1.1 Application support in Case A 5.1.1 Application support in Case A
The focus of Case A is to enable communication between a host on the The focus of Case A is to enable communication between a host on the
unmanaged network and some IPv6-only hosts outside of the network. unmanaged network and some IPv6-only hosts outside of the network.
The primary focus in the immediate future, i.e. for the early The primary focus in the immediate future, i.e. for the early
adopters of IPv6, will be peer-to-peer applications. However, as adopters of IPv6, will be peer-to-peer applications. However, as
IPv6 deployment progresses, we will likely find a situation where IPv6 deployment progresses, we will likely find a situation where
some networks have IPv6-only services deployed, at which point we some networks have IPv6-only services deployed, at which point we
skipping to change at page 10, line ? skipping to change at page 10, line ?
and easy to deploy: they are deployed in a coordinated fashion as and easy to deploy: they are deployed in a coordinated fashion as
part of a peer-to-peer network, which means that hosts can all part of a peer-to-peer network, which means that hosts can all
receive some form of IPv6 upgrade; they often provide their own receive some form of IPv6 upgrade; they often provide their own
naming infrastructure, in which case they are not dependent on DNS naming infrastructure, in which case they are not dependent on DNS
services. services.
5.1.2 Addresses and connectivity in Case A 5.1.2 Addresses and connectivity in Case A
We saw in 5.1.1 that the likely motivation for deployment of IPv6 We saw in 5.1.1 that the likely motivation for deployment of IPv6
connectivity in hosts in case A is a desire to use peer-to-peer and connectivity in hosts in case A is a desire to use peer-to-peer and
Huitema et al. [Page 9]
client IPv6 applications. These applications require that all client IPv6 applications. These applications require that all
participating nodes get some form of IPv6 connectivity, i.e. at participating nodes get some form of IPv6 connectivity, i.e. at
least one globally reachable IPv6 address. least one globally reachable IPv6 address.
If the local gateway provides global IPv4 addresses to the local If the local gateway provides global IPv4 addresses to the local
hosts, then these hosts can individually exercise the mechanisms hosts, then these hosts can individually exercise the mechanisms
described in case C, "IPv6 connectivity without provider support." described in case C, "IPv6 connectivity without provider support."
If the local gateway implements a NAT function, another type of If the local gateway implements a NAT function, another type of
mechanism is needed. The mechanism to provide connectivity to peers mechanism is needed. The mechanism to provide connectivity to peers
behind NAT should be easy to deploy, and light weight; it will have behind NAT should be easy to deploy, and light weight; it will have
to involve tunneling over a protocol that can easily traverse NAT, to involve tunneling over a protocol that can easily traverse NAT,
either TCP or preferably UDP, as tunneling over TCP can result in either TCP or preferably UDP, as tunneling over TCP can result in
poor performances in case of time-outs and retransmission. If poor performances in case of time-outs and retransmission. If
servers are needed, these servers will in practice have to be servers are needed, these servers will in practice have to be
deployed as part of the "support infrastructure" for the peer-to- deployed as part of the "support infrastructure" for the peer-to-
peer network or for an IPv6-based service; economic reality implies peer network or for an IPv6-based service; economic reality implies
that the cost of running these servers should be as low as possible. that the cost of running these servers should be as low as possible.
Huitema et al. [Page 9]
5.1.3 Naming services in Case A 5.1.3 Naming services in Case A
At this phase of IPv6 deployment, hosts in the unmanaged domain have At this phase of IPv6 deployment, hosts in the unmanaged domain have
access to DNS services over IPv4, through the existing gateway. DNS access to DNS services over IPv4, through the existing gateway. DNS
resolvers are supposed to serve AAAA records, even if they only resolvers are supposed to serve AAAA records, even if they only
implement IPv4; the local hosts should thus be able to obtain the implement IPv4; the local hosts should thus be able to obtain the
IPv6 addresses of IPv6-only servers. IPv6 addresses of IPv6-only servers.
Reverse lookup is difficult to provide for hosts on the unmanaged Reverse lookup is difficult to provide for hosts on the unmanaged
network if the gateway is not upgraded. This is a potential issue network if the gateway is not upgraded. This is a potential issue
skipping to change at page 11, line 5 skipping to change at page 11, line 23
all, and to just continue fielding IPv4-only devices. The remaining all, and to just continue fielding IPv4-only devices. The remaining
pressure to provide IPv6 connectivity would just be the difference pressure to provide IPv6 connectivity would just be the difference
in "quality of service" between a translated exchange and a native in "quality of service" between a translated exchange and a native
interconnect. interconnect.
The argument against translation service is the difficulty of The argument against translation service is the difficulty of
providing these services for all applications, compared to the providing these services for all applications, compared to the
relative ease of installing dual stack solutions in an unmanaged relative ease of installing dual stack solutions in an unmanaged
network. Translation services can be provided either by application network. Translation services can be provided either by application
relays such as HTTP proxies, or by network level services such as relays such as HTTP proxies, or by network level services such as
NAT-PT. Application relays pose several operational problems: first, NAT-PT [RFC2766]. Application relays pose several operational
one must develop relays for all applications; second, one must problems: first, one must develop relays for all applications;
develop a management infrastructure to provision the host with the second, one must develop a management infrastructure to provision
addresses of the relays; in addition, the application may have to be the host with the addresses of the relays; in addition, the
modified if one wants to use the relay selectively, e.g. only when application may have to be modified if one wants to use the relay
direct connection is not available. Network level translation poses selectively, e.g. only when direct connection is not available.
similar problems: in practice, network level actions must be Network level translation poses similar problems: in practice,
complemented by "application layer gateways" that will rewrite network level actions must be complemented by "application layer
references to IP addresses in the protocol, and while these relays gateways" that will rewrite references to IP addresses in the
are not necessary for every application, they are necessary for protocol, and while these relays are not necessary for every
enough applications to make any sort of generalized translation application, they are necessary for enough applications to make any
quite problematic; hosts may need to be parameterized to use the sort of generalized translation quite problematic; hosts may need to
translation service; and designing the right algorithm to decide be parameterized to use the translation service; and designing the
when to translate DNS requests has proven very difficult. right algorithm to decide when to translate DNS requests has proven
very difficult.
Not assuming translation services in the network appears to be both Not assuming translation services in the network appears to be both
more practical and more robust. If the market requirement for a new more practical and more robust. If the market requirement for a new
device requires that it interact with both IPv4 and IPv6 hosts, we device requires that it interact with both IPv4 and IPv6 hosts, we
may expect the manufacturers of these devices to program them with a may expect the manufacturers of these devices to program them with a
dual stack capability; in particular, we expect general purpose dual stack capability; in particular, we expect general purpose
systems such as personal computers to be effectively dual-stack. The systems such as personal computers to be effectively dual-stack. The
only devices that are expected to be capable of only supporting IPv6 only devices that are expected to be capable of only supporting IPv6
are those who are designed for specific applications, which do not are those who are designed for specific applications, which do not
require interoperation with IPv4-only systems. We also observe that require interoperation with IPv4-only systems. We also observe that
skipping to change at page 11, line 45 skipping to change at page 12, line 11
In Case B, the upgraded gateway will act as an IPv6 router; it will In Case B, the upgraded gateway will act as an IPv6 router; it will
continue providing the IPv4 connectivity, perhaps using NAT. Nodes continue providing the IPv4 connectivity, perhaps using NAT. Nodes
in the local network will typically obtain: in the local network will typically obtain:
- IPv4 addresses (from or via the gateway), - IPv4 addresses (from or via the gateway),
- IPv6 link local addresses, and - IPv6 link local addresses, and
- IPv6 global addresses. - IPv6 global addresses.
In some networks, NAT will not be in use and the local hosts will In some networks, NAT will not be in use and the local hosts will
actually obtain global IPv4 addresses NAT will not be in use. We actually obtain global IPv4 addresses. We will not elaborate on
will not elaborate on this, as the availability of global IPv4 this, as the availability of global IPv4 addresses does not bring
addresses does not bring any additional complexity to the transition any additional complexity to the transition mechanisms.
mechanisms.
To enable this scenario, the gateway needs to use a mechanism to To enable this scenario, the gateway needs to use a mechanism to
obtain a global IPv6 address prefix from the ISP, and advertise this obtain a global IPv6 address prefix from the ISP, and advertise this
address prefix to the hosts in the unmanaged network; several address prefix to the hosts in the unmanaged network; several
solutions will be assessed in a companion memo [EVAL]. solutions will be assessed in a companion memo [EVAL].
5.2.3 Naming services in Case B 5.2.3 Naming services in Case B
In case B, hosts in the unmanaged domain have access to DNS services In case B, hosts in the unmanaged domain have access to DNS services
through the gateway. As the gateway and the ISP both support IPv4 through the gateway. As the gateway and the ISP both support IPv4
and IPv6, these services may be accessible by the IPv4-only hosts and IPv6, these services may be accessible by the IPv4-only hosts
using IPv4, by the IPv6-only hosts using IPv6, and by the dual stack using IPv4, by the IPv6-only hosts using IPv6, and by the dual stack
hosts using either. Currently, IPv4 only hosts usually discover the hosts using either. Currently, IPv4 only hosts usually discover the
IPv4 address of the local DNS resolver using DHCP; there must be a IPv4 address of the local DNS resolver using DHCP; there must be a
way for IPv6-only hosts to discover the IPv6 address of the DNS way for IPv6-only hosts to discover the IPv6 address of the DNS
resolver. resolver.
There must be a way to resolve the name of local hosts to their IPv4 There must be a way to resolve the name of local hosts to their IPv4
skipping to change at page 12, line 37 skipping to change at page 13, line 4
The response to a DNS request should not depend on the protocol by The response to a DNS request should not depend on the protocol by
which the request is transported: dual-stack hosts may use either which the request is transported: dual-stack hosts may use either
IPv4 or IPv6 to contact the local resolver, the choice of IPv4 or IPv4 or IPv6 to contact the local resolver, the choice of IPv4 or
IPv6 may be random, and the value of the response should not depend IPv6 may be random, and the value of the response should not depend
of a random event. of a random event.
DNS transition issues in a dual IPv4/IPv6 network are discussed in DNS transition issues in a dual IPv4/IPv6 network are discussed in
[DNSOPV6]. [DNSOPV6].
5.3 Case C, IPv6 connectivity without provider support 5.3 Case C, IPv6 connectivity without provider support
In this case the gateway is dual stack, but the ISP is not. The In this case the gateway is dual stack, but the ISP is not. The
gateway has been upgraded and offers both IPv4 and IPv6 connectivity gateway has been upgraded and offers both IPv4 and IPv6 connectivity
the hosts. It cannot rely on the ISP for IPv6 connectivity, because to hosts. It cannot rely on the ISP for IPv6 connectivity, because
the ISP does not offer ISP connectivity yet. the ISP does not offer ISP connectivity yet.
5.3.1 Application support in Case C 5.3.1 Application support in Case C
Application support in case C should be identical to that of case B. Application support in case C should be identical to that of case B.
5.3.2 Addresses and connectivity in Case C 5.3.2 Addresses and connectivity in Case C
The upgraded gateway will behave as an IPv6 router; it will continue The upgraded gateway will behave as an IPv6 router; it will continue
providing the IPv4 connectivity, perhaps using NAT. Nodes in the providing the IPv4 connectivity, perhaps using NAT. Nodes in the
skipping to change at page 14, line 37 skipping to change at page 14, line 54
The preferable alternative to application relays and network address The preferable alternative to application relays and network address
translation is the provision of an IPv4-over-IPv6 service. translation is the provision of an IPv4-over-IPv6 service.
5.4.2 Addresses and connectivity in Case D 5.4.2 Addresses and connectivity in Case D
The ISP assigns an IPv6 prefix to the unmanaged network, so hosts The ISP assigns an IPv6 prefix to the unmanaged network, so hosts
have a global IPv6 address and use it for global IPv6 connectivity. have a global IPv6 address and use it for global IPv6 connectivity.
This will require delegation of an IPv6 address prefix, as This will require delegation of an IPv6 address prefix, as
investigated in case C. investigated in case C.
To enable IPv4 hosts and dual stack host to access remote IPv4 To enable IPv4 hosts and dual stack hosts to access remote IPv4
services, the ISP must provide the gateway with at least one IPv4 services, the ISP must provide the gateway with at least one IPv4
address, using some form of IPv4-over-IPv6 tunneling. Once such address, using some form of IPv4-over-IPv6 tunneling. Once such
addresses have been provided, the gateway effectively acquires dual- addresses have been provided, the gateway effectively acquires dual-
stack connectivity; for hosts inside the unmanaged network, this stack connectivity; for hosts inside the unmanaged network, this
will be indistinguishable from the IPv4 connectivity obtained in will be indistinguishable from the IPv4 connectivity obtained in
case B or C. case B or C.
5.4.3 Naming services in Case D 5.4.3 Naming services in Case D
The loss of IPv4 connectivity has a direct impact on the provision The loss of IPv4 connectivity has a direct impact on the provision
skipping to change at page 17, line 24 skipping to change at page 17, line 42
Informative references Informative references
[EVAL] Evaluation of Transition Mechanisms for Unmanaged Networks, [EVAL] Evaluation of Transition Mechanisms for Unmanaged Networks,
work in progress. work in progress.
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G. [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.
J., and E. Lear, "Address Allocation for Private Internets", RFC J., and E. Lear, "Address Allocation for Private Internets", RFC
1918, February 1996. 1918, February 1996.
[RFC2608] Guttman, E., Perkins, C., Veizades, J. and M. Day,
"Service Location Protocol, Version 2", RFC 2608, June 1999.
[RFC3056] Carpenter, B., and K. Moore, "Connection of IPv6 Domains [RFC3056] Carpenter, B., and K. Moore, "Connection of IPv6 Domains
via IPv4 Clouds", RFC 3056, February 2001. via IPv4 Clouds", RFC 3056, February 2001.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP: A., Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002. Session Initiation Protocol", RFC 3261, June 2002.
[RFC3022] Srisuresh, P., and K. Egevang. "Traditional IP Network [RFC3022] Srisuresh, P., and K. Egevang. "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022, January 2001. Address Translator (Traditional NAT)", RFC 3022, January 2001.
[RFC2993] T. Hain. "Architectural Implications of NAT", RFC 2993, [RFC2993] T. Hain. "Architectural Implications of NAT", RFC 2993,
November 2000. November 2000.
[RFC2608] Guttman, E., Perkins, C., Veizades, J., and M. Day. [RFC2608] Guttman, E., Perkins, C., Veizades, J., and M. Day.
"Service Location Protocol, Version 2", RFC 2993, June 1999. "Service Location Protocol, Version 2", RFC 2993, June 1999.
[RFC3041] Narten, T., and R. Draves. "Privacy Extensions for [RFC3041] Narten, T., and R. Draves. "Privacy Extensions for
Stateless Address Autoconfiguration in IPv6", RFC 3041, January Stateless Address Autoconfiguration in IPv6", RFC 3041, January
2001. 2001.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002.
[RFC2766] Tsirtsis, G. and P. Srisuresh, "Network Address
Translation - Protocol Translation (NAT-PT)", RFC 2766, February
2000.
[DNSOPV6] A. Durand. "IPv6 DNS transition issues", Work in progress. [DNSOPV6] A. Durand. "IPv6 DNS transition issues", Work in progress.
[DNSINADDR] D. Senie. "Requiring DNS IN-ADDR Mapping", Work in [DNSINADDR] D. Senie. "Requiring DNS IN-ADDR Mapping", Work in
progress. progress.
12 Authors' Addresses 12 Authors' Addresses
Christian Huitema Christian Huitema
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
skipping to change at page 19, line 21 skipping to change at page 19, line 21
3.2 Client applications ........................................... 3 3.2 Client applications ........................................... 3
3.3 Peer-to-peer applications ..................................... 3 3.3 Peer-to-peer applications ..................................... 3
3.4 Server applications ........................................... 4 3.4 Server applications ........................................... 4
4 Application requirements of an IPv6 unmanaged network ........... 4 4 Application requirements of an IPv6 unmanaged network ........... 4
4.1 Requirements of local applications ............................ 5 4.1 Requirements of local applications ............................ 5
4.2 Requirements of client applications ........................... 5 4.2 Requirements of client applications ........................... 5
4.2.1 Privacy requirement of client applications .................. 5 4.2.1 Privacy requirement of client applications .................. 5
4.3 Requirements of peer-to-peer applications ..................... 6 4.3 Requirements of peer-to-peer applications ..................... 6
4.4 Requirements of server applications ........................... 7 4.4 Requirements of server applications ........................... 7
5 Stages of IPv6 deployment ....................................... 8 5 Stages of IPv6 deployment ....................................... 8
5.1 Case A, host deployment of IPv6 applications .................. 8 5.1 Case A, host deployment of IPv6 applications .................. 9
5.1.1 Application support in Case A ............................... 9 5.1.1 Application support in Case A ............................... 9
5.1.2 Addresses and connectivity in Case A ........................ 9 5.1.2 Addresses and connectivity in Case A ........................ 9
5.1.3 Naming services in Case A ................................... 10 5.1.3 Naming services in Case A ................................... 10
5.2 Case B, IPv6 connectivity with provider support ............... 10 5.2 Case B, IPv6 connectivity with provider support ............... 10
5.2.1 Application support in Case B ............................... 10 5.2.1 Application support in Case B ............................... 10
5.2.2 Addresses and connectivity in Case B ........................ 11 5.2.2 Addresses and connectivity in Case B ........................ 11
5.2.3 Naming services in Case B ................................... 11 5.2.3 Naming services in Case B ................................... 12
5.3 Case C, IPv6 connectivity without provider support ............ 12 5.3 Case C, IPv6 connectivity without provider support ............ 12
5.3.1 Application support in Case C ............................... 12 5.3.1 Application support in Case C ............................... 13
5.3.2 Addresses and connectivity in Case C ........................ 12 5.3.2 Addresses and connectivity in Case C ........................ 13
5.3.3 Naming services in Case C ................................... 13 5.3.3 Naming services in Case C ................................... 13
5.4 Case D, ISP stops providing native IPv4 connectivity .......... 13 5.4 Case D, ISP stops providing native IPv4 connectivity .......... 13
5.4.1 Application support in Case D ............................... 13 5.4.1 Application support in Case D ............................... 14
5.4.2 Addresses and connectivity in Case D ........................ 14 5.4.2 Addresses and connectivity in Case D ........................ 14
5.4.3 Naming services in Case D ................................... 14 5.4.3 Naming services in Case D ................................... 15
6 Security Considerations ......................................... 15 6 Security Considerations ......................................... 15
7 IANA Considerations ............................................. 15 7 IANA Considerations ............................................. 15
8 Copyright ....................................................... 15 8 Copyright ....................................................... 16
9 Intellectual Property ........................................... 16 9 Intellectual Property ........................................... 16
10 Acknowledgements ............................................... 16 10 Acknowledgements ............................................... 17
11 References ..................................................... 16 11 References ..................................................... 17
12 Authors' Addresses ............................................. 17 12 Authors' Addresses ............................................. 18
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/