draft-ietf-v6ops-unman-scenarios-03.txt   rfc3750.txt 
INTERNET DRAFT C. Huitema
<draft-ietf-v6ops-unman-scenarios-03.txt> Microsoft Network Working Group C. Huitema
October 16, 2003 R. Austein Request for Comments: 3750 Microsoft
Expires April 16, 2004 Bourgeois Dilettant Category: Informational R. Austein
ISC
S. Satapati S. Satapati
Cisco Systems, Inc. Cisco Systems, Inc.
R. van der Pol R. van der Pol
NLnet Labs NLnet Labs
April 2004
Unmanaged Networks IPv6 Transition Scenarios Unmanaged Networks IPv6 Transition Scenarios
Status of this memo Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six This memo provides information for the Internet community. It does
months and may be updated, replaced, or obsoleted by other documents not specify an Internet standard of any kind. Distribution of this
at any time. It is inappropriate to use Internet-Drafts as memo is unlimited.
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at Copyright Notice
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at Copyright (C) The Internet Society (2004). All Rights Reserved.
http://www.ietf.org/shadow.html.
Abstract Abstract
In order to evaluate the suitability of IPv6 transition mechanisms, This document defines the scenarios in which IPv6 transition
we need to define the scenarios in which these mechanisms have to be mechanisms are to be used in unmanaged networks. In order to
used. One specific scope is the "unmanaged network", which typically evaluate the suitability of these mechanisms, we need to define the
corresponds to a home or small office network. The scenarios are scenarios in which these mechanisms have to be used. One specific
specific to single subnet, and are defined in terms of IP scope is the "unmanaged network", which typically corresponds to a
connectivity supported by the gateway and the ISP. We first examine home or small office network. The scenarios are specific to a single
subnet, and are defined in terms of IP connectivity supported by the
gateway and the Internet Service Provider (ISP). We first examine
the generic requirements of four classes of applications: local, the generic requirements of four classes of applications: local,
client, peer to peer and server. Then, for each scenario, we infer client, peer to peer and server. Then, for each scenario, we infer
transition requirements by analyzing the needs for smooth migration transition requirements by analyzing the needs for smooth migration
of applications from IPv4 to IPv6. of applications from IPv4 to IPv6.
1 Introduction Table of Contents
In order to evaluate the suitability of transition mechanisms, we 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
need to define the environment or scope in which these mechanisms 2. Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
have to be used. One specific scope is the "unmanaged networks", 3. Applications . . . . . . . . . . . . . . . . . . . . . . . . . 4
which typically correspond to home networks or small office 3.1. Local Applications . . . . . . . . . . . . . . . . . . . 5
networks. 3.2. Client Applications. . . . . . . . . . . . . . . . . . . 5
3.3. Peer-to-Peer Applications. . . . . . . . . . . . . . . . 5
3.4. Server Applications. . . . . . . . . . . . . . . . . . . 5
4. Application Requirements of an IPv6 Unmanaged Network. . . . . 6
4.1. Requirements of Local Applications . . . . . . . . . . . 6
4.2. Requirements of Client Applications. . . . . . . . . . . 7
4.2.1. Privacy Requirement of Client Applications . . . 7
4.3. Requirements of Peer-to-Peer Applications. . . . . . . . 8
4.4. Requirements of Server Applications. . . . . . . . . . . 9
5. Stages of IPv6 Deployment. . . . . . . . . . . . . . . . . . . 9
5.1. Case A, Host Deployment of IPv6 Applications . . . . . . 10
5.1.1. Application Support in Case A. . . . . . . . . . 10
5.1.2. Addresses and Connectivity in Case A . . . . . . 11
5.1.3. Naming Services in Case A. . . . . . . . . . . . 12
5.2. Case B, IPv6 Connectivity with Provider Support. . . . . 12
5.2.1. Application Support in Case B. . . . . . . . . . 12
5.2.2. Addresses and Connectivity in Case B . . . . . . 13
5.2.3. Naming Services in Case B. . . . . . . . . . . . 14
5.3. Case C, IPv6 Connectivity without Provider Support . . . 14
5.3.1. Application Support in Case C. . . . . . . . . . 15
5.3.2. Addresses and Connectivity in Case C . . . . . . 15
5.3.3. Naming Services in Case C. . . . . . . . . . . . 15
5.4. Case D, ISP Stops Providing Native IPv4 Connectivity . . 15
5.4.1. Application Support in Case D. . . . . . . . . . 16
5.4.2. Addresses and Connectivity in Case D . . . . . . 16
5.4.3. Naming Services in Case D. . . . . . . . . . . . 17
6. Security Considerations. . . . . . . . . . . . . . . . . . . . 17
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
8.1. Normative References. . . . . . . . . . . . . . . . . . . 18
8.2. Informative References. . . . . . . . . . . . . . . . . . 18
9. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 19
10. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 20
This document studies the requirement posed by various transition 1. Introduction
Huitema et al. [Page 1] In order to evaluate the suitability of transition mechanisms from
scenarios, and is organized in four main sections. Section 2 defines IPv4 [RFC791] to IPv6 [RFC2460], we need to define the environment or
the topology that we are considering. Section 3 presents the four scope in which these mechanisms have to be used. One specific scope
classes of applications that we consider for unmanaged networks: is the "unmanaged networks", which typically correspond to home
networks or small office networks.
This document studies the requirement posed by various transition
scenarios, and is organized in to four main sections. Section 2
defines the topology that we are considering. Section 3 presents the
four classes of applications that we consider for unmanaged networks:
local applications, client applications, peer-to-peer applications, local applications, client applications, peer-to-peer applications,
and server applications. Section 4 studies the requirements of these and server applications. Section 4 studies the requirements of these
four classes of applications. Section 5 analyses how these four classes of applications. Section 5 analyses how these
requirements translate into four configurations which we expect to requirements translate into four configurations that we expect to
encounter during IPv6 deployment: gateways which do not provide encounter during IPv6 deployment: gateways which do not provide IPv6,
IPv6, dual-stack gateways connected to dual-stack ISPs, dual-stack dual-stack gateways connected to dual-stack ISPs, dual-stack gateways
gateways connected to IPv4-only ISPs, and IPv6-capable gateways connected to IPv4-only ISPs, and IPv6-capable gateways connected to
connected to IPv6-only ISPs. While these four configurations are IPv6-only ISPs. While these four configurations are certainly not an
certainly not an exhaustive list of possible configurations, we exhaustive list of possible configurations, we believe that they
believe that they represent the common cases for unmanaged networks. represent the common cases for unmanaged networks.
2 Topology 2. Topology
The typical unmanaged network is composed of a single subnet, The typical unmanaged network is composed of a single subnet,
connected to the Internet through a single Internet Service Provider connected to the Internet through a single Internet Service Provider
(ISP) connection. Several hosts may be connected to the subnet: (ISP) connection. Several hosts may be connected to the subnet:
+------+ +------+
| Host +--+ | Host +--+
+------+ | +------+ |
| |
+------+ | +------+ |
skipping to change at page 10, line ? skipping to change at page 4, line 4
+--+ Gateway +------| ISP | Internet +--+ Gateway +------| ISP | Internet
: +---------+ | | : +---------+ | |
: +-----+ : +-----+
+------+ | | +------+ | |
| Host +--+ +-------------- | Host +--+ +--------------
+------+ | +------+ |
| |
+------+ | +------+ |
| Host +--+ | Host +--+
+------+ +------+
Between the subnet and the ISP access link is a gateway, which may or
Between the subnet and the ISP access link is a gateway, which may may not perform NAT and firewall functions. When the gateway
or may not perform NAT and firewall functions. A key point of this performs NAT functions [RFC3022], it generally allocates private IPv4
addresses to the local hosts [RFC1918]. A key point of this
configuration is that the gateway is typically not "managed". In configuration is that the gateway is typically not "managed". In
most cases, it is a simple "appliance", which incorporates some most cases, it is a simple "appliance" that incorporates some static
static policies. However, there are many cases in which the gateway policies. There are many cases in which the gateway is procured and
is procured and configured by the ISP, and there are also some configured by the ISP.
common cases in which we find two gateways back to back, one managed
by the ISP and the other added by the owner of the unmanaged
network.
The access link between the unmanaged network and the ISP might be Note that there are also some cases in which we find two gateways
either a static, permanent connection or a dynamic connection such back to back, one managed by the ISP and the other added by the owner
of the unmanaged network. They are not covered in this memo because
most of them either require some management, or the gateway added by
the user can function as an L2 switch.
Huitema et al. [Page 2] The access link between the unmanaged network and the ISP might be
as a dial-up or ISDN line. either a static, permanent connection or a dynamic connection such as
a dial-up or ISDN line.
In a degenerate case, an unmanaged network might consist of a single In a degenerate case, an unmanaged network might consist of a single
host, directly connected to an ISP. host, directly connected to an ISP.
There are some cases in which the "gateway" is replaced by a layer-2 There are some cases in which the "gateway" is replaced by a layer-2
bridge. In such deployments, the hosts have direct access to the ISP bridge. In such deployments, the hosts have direct access to the ISP
service. In order to avoid lengthy developments, we will treat these service. In order to avoid lengthy developments, we will treat these
cases as if the gateway was not present, i.e. as if each host was cases as if the gateway was not present, i.e., as if each host was
connected directly to the ISP. connected directly to the ISP.
Our definition of unmanaged networks explicitly exclude networks Our definition of unmanaged networks explicitly exclude networks
composed of multiple subnets. We will readily admit that some home composed of multiple subnets. We will readily admit that some home
networks and some small business networks contain multiple subnets, networks and some small business networks contain multiple subnets,
but in the current state of the technology these multiple subnet but in the current state of the technology, these multiple subnet
networks are not "unmanaged": some competent administrator has to networks are not "unmanaged": some competent administrator has to
explicitly configure the routers. We will thus concentrate on single explicitly configure the routers. We will thus concentrate on single
subnet networks, where no such competent operator is expected. subnet networks, where no such competent operator is expected.
3 Applications 3. Applications
Users may use or wish to use the unmanaged network services in four Users may use or wish to use the unmanaged network services in four
types of applications: local, client, servers and peer-to-peers. types of applications: local, client, servers and peer-to-peers.
These applications may or may not run easily on today's networks These applications may or may not run easily on today's networks
(some do, some don't). (some do, some don't).
3.1 Local applications 3.1. Local Applications
"Local applications" are only meant to involve the hosts that are "Local applications" are only meant to involve the hosts that are
part of the unmanaged network. Typical examples would be file part of the unmanaged network. Typical examples would be file
sharing or printer sharing. sharing or printer sharing.
Local applications work effectively in IPv4 unmanaged networks, even Local applications work effectively in IPv4 unmanaged networks, even
when the gateway performs NAT or firewall function. In fact, when the gateway performs NAT or firewall functions. In fact,
firewall services at the gateway are often deemed desirable, as they firewall services at the gateway are often deemed desirable, as they
isolate the local applications from interference by Internet users. isolate the local applications from interference by Internet users.
3.2 Client applications 3.2. Client Applications
"Client applications" are those that involve a client on the "Client applications" are those that involve a client on the
unmanaged network and a server at a remote location. Typical unmanaged network and a server at a remote location. Typical
examples would be accessing a web server from a client inside the examples would be accessing a web server from a client inside the
unmanaged network, or reading and sending e-mail with the help of a unmanaged network, or reading and sending e-mail with the help of a
server outside the unmanaged network. server outside the unmanaged network.
Client applications tend to work correctly in IPv4 unmanaged Client applications tend to work correctly in IPv4 unmanaged
networks, even when the gateway performs NAT or firewall function: networks, even when the gateway performs NAT or firewall functions:
these translation and firewall functions are designed precisely to these translation and firewall functions are designed precisely to
enable client applications. enable client applications.
3.3 Peer-to-peer applications 3.3. Peer-to-Peer Applications
Huitema et al. [Page 3] There are really two kinds of "peer-to-peer" applications: ones which
There are really two kinds of "peer-to-peer" applications: ones only involve hosts on the unmanaged network, and ones which involve
which only involve hosts on the unmanaged network, and ones which both one or more hosts on the unmanaged network and one or more hosts
involve both one or more hosts on the unmanaged network and one or outside the unmanaged network. We will only consider the latter kind
more hosts outside the unmanaged network. We will only consider the of peer-to-peer applications, since the former can be considered a
latter kind of peer-to-peer applications, since the former can be subset of the kind of local applications discussed in section 3.1.
considered a subset of the kind of local applications discussed
in section 3.1.
Peer-to-peer applications often don't work well in unmanaged IPv4 Peer-to-peer applications often don't work well in unmanaged IPv4
networks. Application developers often have to enlist the help of a networks. Application developers often have to enlist the help of a
"relay server", in effect restructuring the peer-to-peer connection "relay server", in effect restructuring the peer-to-peer connection
into a pair of back-to-back client/server connections. into a pair of back-to-back client/server connections.
3.4 Server applications 3.4. Server Applications
"Server applications" involve running a server in the unmanaged "Server applications" involve running a server in the unmanaged
network for use by other parties outside the network. Typical network for use by other parties outside the network. Typical
examples would be running a web server or an e-mail server on one of examples would be running a web server or an e-mail server on one of
the hosts inside the unmanaged network. the hosts inside the unmanaged network.
Deploying these servers in most unmanaged IPv4 networks requires Deploying these servers in most unmanaged IPv4 networks requires some
some special programming of the NAT or firewall, and is more complex special programming of the NAT or firewall [RFC2993], and is more
when the NAT only publishes a small number of global IP addresses complex when the NAT only publishes a small number of global IP
and relies on "port translation". In the common case in which the addresses and relies on "port translation". In the common case in
NAT manages exactly one global IP address and relies on "port which the NAT manages exactly one global IP address and relies on
translation", a given external port can only be used by one internal "port translation", a given external port can only be used by one
server. internal server.
Deploying servers usually requires providing each server with a Deploying servers usually requires providing each server with a
stable DNS name, and associating a global IPv4 address with that stable DNS name, and associating a global IPv4 address with that
name, whether the address be that of the server itself or that of name, whether the address be that of the server itself or that of the
the router acting as a firewall or NAT. Since updating DNS is a router acting as a firewall or NAT. Since updating DNS is a
management task, it falls somewhat outside the scope of an unmanaged management task, it falls somewhat outside the scope of an unmanaged
network. On the other hand, it is also possible to use out-of-band network. On the other hand, it is also possible to use out-of-band
techniques (such as cut-and-paste into an instant message system) to techniques (such as cut-and-paste into an instant message system) to
pass around the address of the target server. pass around the address of the target server.
4 Application requirements of an IPv6 unmanaged network 4. Application Requirements of an IPv6 Unmanaged Network
As we transition to IPv6, we must meet the requirements of the As we transition to IPv6, we must meet the requirements of the
various applications, which we can summarize in the following way: various applications, which we can summarize in the following way:
applications that used to work well with IPv4 should continue applications that worked well with IPv4 should continue working well
working well during the transition; it should be possible to use during the transition; it should be possible to use IPv6 to deploy
IPv6 to deploy new applications that are currently hard to deploy in new applications that are currently hard to deploy in IPv4 networks;
IPv4 networks; and the deployment of these IPv6 applications should and the deployment of these IPv6 applications should be simple and
be simple and easy to manage, but the solutions should also be easy to manage, but the solutions should also be robust and secure.
robust and secure.
The application requirements for IPv6 Unmanaged Networks fall into The application requirements for IPv6 Unmanaged Networks fall into
three general categories: connectivity, naming, and security. three general categories: connectivity, naming, and security.
Connectivity issues include the provision of IPv6 addresses and Connectivity issues include the provision of IPv6 addresses and their
their quality: do hosts need global addresses, should these quality: do hosts need global addresses, should these addresses be
stable or, more precisely, what should the expected lifetimes of
Huitema et al. [Page 4] these addresses be? Naming issues include the management of names
addresses be stable or, more precisely, what should the expected for the hosts: do hosts need DNS names, and is inverse name
lifetimes of these addresses be? Naming issues include the resolution [DNSINADDR] a requirement? Security issues include
management of names for the hosts: do hosts need DNS names, and is possible restriction to connectivity, privacy concerns and, generally
inverse name resolution a requirement? Security issues include speaking, the security of the applications.
possible restriction to connectivity, privacy concerns and,
generally speaking, the security of the applications.
4.1 Requirements of local applications 4.1. Requirements of Local Applications
Local applications require local connectivity. They must continue to Local applications require local connectivity. They must continue to
work even if the unmanaged network is isolated from the Internet. work even if the unmanaged network is isolated from the Internet.
Local applications typically use ad hoc naming systems. Many of Local applications typically use ad hoc naming systems. Many of
these systems are proprietary; an example of a standard system is these systems are proprietary; an example of a standard system is the
the service location protocol (SLP) [RFC2608]. service location protocol (SLP) [RFC2608].
The security of local applications will usually be enhanced if these The security of local applications will usually be enhanced if these
applications can be effectively isolated from the global Internet. applications can be effectively isolated from the global Internet.
4.2 Requirements of client applications 4.2. Requirements of Client Applications
Client applications require global connectivity. In an IPv6 network, Client applications require global connectivity. In an IPv6 network,
we would expect the client to use a global IPv6 address, which will we would expect the client to use a global IPv6 address, which will
have to remain stable for the duration of the client-server session. have to remain stable for the duration of the client-server session.
Client applications typically use the domain name system to locate Client applications typically use the domain name system to locate
servers. In an IPv6 network, the client must be able to locate a DNS servers. In an IPv6 network, the client must be able to locate a DNS
resolver. resolver.
Many servers try to look up a DNS name associated to the IP address Many servers try to look up a DNS name associated with the IP address
of the client. In an IPv4 network, this IP address will often be of the client. In an IPv4 network, this IP address will often be
allocated by the Internet service provider to the gateway, and the allocated by the Internet service provider to the gateway, and the
corresponding PTR record will be maintained by the ISP. In many corresponding PTR record will be maintained by the ISP. In many
cases, these PTR records are perfunctory, derived in an algorithmic cases, these PTR records are perfunctory, derived in an algorithmic
fashion from the IPv4 address; the main information that they fashion from the IPv4 address; the main information that they contain
contain is the domain name of the ISP. Whether or not an equivalent is the domain name of the ISP. Whether or not an equivalent function
function should be provided in an IPv6 network is unclear. should be provided in an IPv6 network is unclear.
4.2.1 Privacy requirement of client applications 4.2.1. Privacy Requirement of Client Applications
It is debatable whether the IPv6 networking service should be It is debatable whether the IPv6 networking service should be
engineered to enhance the privacy of the clients, and specifically engineered to enhance the privacy of the clients, and specifically
whether support for RFC 3041 should be required. RFC 3041 enables whether support for RFC 3041 [RFC3041] should be required. RFC 3041
hosts to pick IPv6 addresses in which the host identifier is enables hosts to pick IPv6 addresses in which the host identifier is
randomized; this was designed to make sure that the IPv6 addresses randomized; this was designed to make sure that the IPv6 addresses
and the host identifier cannot be used to track the Internet and the host identifier cannot be used to track the Internet
connections of a device's owner. connections of a device's owner.
Many observe that randomizing the host identifier portion of the Many observe that randomizing the host identifier portion of the
address is only a half measure. If the unmanaged network address address is only a half measure. If the unmanaged network address
prefix remains constant, the randomization only hides which host in prefix remains constant, the randomization only hides which host in
the unmanaged network originates a given connection, e.g. the the unmanaged network originates a given connection, e.g., the
Huitema et al. [Page 5]
children's computer versus their parents'. This would place the children's computer versus their parents'. This would place the
privacy rating of such connections on a par with that of IPv4 privacy rating of such connections on a par with that of IPv4
connections originating from an unmanaged network in which a NAT connections originating from an unmanaged network in which a NAT
manages a static IPv4 address; in both cases, the IPv4 address or manages a static IPv4 address; in both cases, the IPv4 address or the
the IPv6 prefix can be used to identify the unmanaged network, e.g. IPv6 prefix can be used to identify the unmanaged network, e.g., the
the specific home from which the connection originated. specific home from which the connection originated.
However, randomization of the host identifier does provide benefits. However, randomization of the host identifier does provide benefits.
First, if some of the hosts in the unmanaged network are mobile, the First, if some of the hosts in the unmanaged network are mobile, the
randomization destroys any correlation between the addresses used at randomization destroys any correlation between the addresses used at
various locations: the addresses alone could not be used to various locations: the addresses alone could not be used to determine
determine whether a given connection originates from the same laptop whether a given connection originates from the same laptop moving
moving from work to home, or used on the road. Second, the from work to home, or used on the road. Second, the randomization
randomization removes any information that could be extracted from a removes any information that could be extracted from a hardwired host
hardwired host identifier; for example, it will prevent outsiders identifier; for example, it will prevent outsiders from correlating a
from correlating a serial number with a specific brand of expensive serial number with a specific brand of expensive electronic
electronic equipment, and to use this information for planning equipment, and to use this information for planning marketing
marketing campaigns or possibly burglary attempts. campaigns or possibly burglary attempts.
Randomization of the addresses is not sufficient to guarantee Randomization of the addresses is not sufficient to guarantee
privacy. Usage can be tracked by a variety of other means, from privacy. Usage can be tracked by a variety of other means, from
application level "cookies" to complex techniques involving data application level "cookies" to complex techniques involving data
mining and traffic analysis. However, we should not make a bad mining and traffic analysis. However, we should not make a bad
situation worse. Other attacks to privacy may be possible, but this situation worse. Other attacks to privacy may be possible, but this
is not a reason to enable additional tracking through IPv6 is not a reason to enable additional tracking through IPv6 addresses.
addresses.
Randomization of the host identifier has some cost: the address Randomization of the host identifier has some costs: the address
management in hosts is more complex for the hosts, reverse DNS management in hosts is more complex for the hosts, reverse DNS
services are harder to provide, and the gateway may have to maintain services are harder to provide, and the gateway may have to maintain
a larger cache of neighbor addresses; however, experience from a larger cache of neighbor addresses; however, experience from
existing implementation shows that these costs are not overwhelming. existing implementation shows that these costs are not overwhelming.
Given the limited benefits, it would be unreasonable to require that Given the limited benefits, it would be unreasonable to require that
all hosts use privacy addresses; however, given the limited costs, all hosts use privacy addresses; however, given the limited costs, it
it is reasonable to require that all unmanaged networks allow use of is reasonable to require that all unmanaged networks allow use of
privacy addresses by those hosts that choose to do so. privacy addresses by those hosts that choose to do so.
4.3 Requirements of peer-to-peer applications 4.3. Requirements of Peer-to-Peer Applications
Peer-to-peer applications require global connectivity. In an IPv6 Peer-to-peer applications require global connectivity. In an IPv6
network, we would expect the peers to use a global IPv6 address, network, we would expect the peers to use a global IPv6 address,
which will have to remain stable for the duration of the peer-to- which will have to remain stable for the duration of the peer-to-peer
peer session. session.
There are multiple aspects to the security of peer-to-peer There are multiple aspects to the security of peer-to-peer
applications, many of which relate to the security of the rendezvous applications, many of which relate to the security of the rendezvous
system. If we assume that the peers have been able to safely system. If we assume that the peers have been able to safely
exchange their IPv6 addresses, the main security requirement is the exchange their IPv6 addresses, the main security requirement is the
capability to safely exchange data between the peers, without capability to safely exchange data between the peers without
interference by third parties. interference by third parties.
Private conversations by one of the authors with developers of peer- Private conversations by one of the authors with developers of peer-
to-peer applications suggest that many individuals would be willing
to consider an "IPv6-only" model if they can get two guarantees:
Huitema et al. [Page 6] 1) That there is no regression from IPv4, i.e., that all customers
to-peer applications suggest that many would be willing to consider
an "IPv6-only" model if they can get two guarantees:
1) That there is no regression from IPv4, i.e. that all customers
who could participate in a peer-to-peer application using IPv4 can who could participate in a peer-to-peer application using IPv4 can
also be reached by IPv6. also be reached by IPv6.
2) That IPv6 provides a solution for at least some of their hard 2) That IPv6 provides a solution for at least some of their hard
problems, e.g. enabling peers located behind an IPv4 NAT to problems, e.g., enabling peers located behind an IPv4 NAT to
participate in a peer-to-peer application. participate in a peer-to-peer application.
Requiring IPv6 connectivity for a popular peer-to-peer application Requiring IPv6 connectivity for a popular peer-to-peer application
could create what economists refer to as a "network effect", which could create what economists refer to as a "network effect", which in
in turn could significantly speed up the deployment of IPv6. turn could significantly speed up the deployment of IPv6.
4.4 Requirements of server applications 4.4. Requirements of Server Applications
Server applications require global connectivity, which in an IPv6 Server applications require global connectivity, which in an IPv6
network implies global addresses. In an IPv4 network utilizing a network implies global addresses. In an IPv4 network utilizing a
NAT, for each service provided by a server, the NAT has to be NAT, for each service provided by a server, the NAT has to be
configured to forward packets sent to that service to the server configured to forward packets sent to that service to the server that
that offers the service. offers the service.
Server applications normally rely on the publication of the server's Server applications normally rely on the publication of the server's
address in the DNS. This, in turn, requires that the server be address in the DNS. This, in turn, requires that the server be
provisioned with a "global DNS name". provisioned with a "global DNS name".
The DNS entries for the server will have to be updated, preferably The DNS entries for the server will have to be updated, preferably in
in real time, if the server's address changes. In practice, updating real time, if the server's address changes. In practice, updating
the DNS can be slow, which implies that server applications will the DNS can be slow, which implies that server applications will have
have a better chance of being deployed if the IPv6 addresses remain a better chance of being deployed if the IPv6 addresses remain
stable for a long period. stable.
The security of server applications depends mostly on the The security of server applications depends mostly on the correctness
correctness of the server, and also on the absence of collateral of the server, and also on the absence of collateral effects: many
effects: many incidents occur when the opening of a server on the incidents occur when the opening of a server on the Internet
Internet inadvertently enables remote access to some other services inadvertently enables remote access to some other services on the
on the same host. same host.
5 Stages of IPv6 deployment 5. Stages of IPv6 Deployment
We expect the deployment of IPv6 to proceed from an initial state in We expect the deployment of IPv6 to proceed from an initial state in
which there is little or no deployment to a final stage in which we which there is little or no deployment, to a final stage in which we
might retire the IPv4 infrastructure. We expect this process to might retire the IPv4 infrastructure. We expect this process to
stretch over many years; we also expect it to not be synchronized, stretch over many years; we also expect it to not be synchronized, as
as different parties involved will deploy IPv6 at different paces. different parties involved will deploy IPv6 at different paces.
In order to get some clarity, we distinguish three entities involved In order to get some clarity, we distinguish three entities involved
in the transition of an unmanaged network: the ISP (possibly in the transition of an unmanaged network: the ISP (possibly
including ISP consumer premise equipment (CPE)), the home gateway, including ISP consumer premise equipment (CPE)), the home gateway,
and the hosts (computers and appliances). Each can support IPv4- and the hosts (computers and appliances). Each can support IPv4-
only, both IPv4 and IPv6 or IPv6-only. That gives us 27 only, both IPv4 and IPv6, or IPv6-only. That gives us 27
Huitema et al. [Page 7]
possibilities. We describe the most important cases. We will assume possibilities. We describe the most important cases. We will assume
that in all cases the hosts are a combination of IPv4-only, dual that in all cases the hosts are a combination of IPv4-only, dual
stack and (perhaps) IPv6-only hosts. stack, and (perhaps) IPv6-only hosts.
The cases we will consider are: The cases we will consider are:
A) a gateway which does not provide IPv6 at all; A) a gateway that does not provide IPv6 at all;
B) a dual-stack gateway connected to a dual stack ISP; B) a dual-stack gateway connected to a dual stack ISP;
C) a dual stack gateway connected to an IPV4-only ISP; and C) a dual stack gateway connected to an IPV4-only ISP; and
D) a gateway connected to an IPv6-only ISP D) a gateway connected to an IPv6-only ISP
In most of these cases we will assume that the gateway includes a In most of these cases, we will assume that the gateway includes a
NAT: we realize that this is not always the case, but we submit that NAT: we realize that this is not always the case, but we submit that
it is common enough that we have to deal with it; furthermore, we it is common enough that we have to deal with it; furthermore, we
believe that the non-NAT variants of these cases map fairly closely believe that the non-NAT variants of these cases map fairly closely
to this same set of cases. In fact, we can consider three non-NAT to this same set of cases. In fact, we can consider three non-NAT
variants: directly connected host; gateway acting as a bridge; and variants: directly connected host; gateway acting as a bridge; and
gateway acting as a non-NAT IP router. gateway acting as a non-NAT IP router.
The cases of directly connected hosts are in effect variants of The cases of directly connected hosts are, in effect, variants of
cases B, C and D, in which the host can use all solutions available cases B, C, and D, in which the host can use all solutions available
to gateways: case B if the ISP is dual stack, case C if the ISP only to gateways: case B if the ISP is dual stack, case C if the ISP only
provides IPv4 connectivity, and case D if the ISP only provides IPv6 provides IPv4 connectivity, and case D if the ISP only provides IPv6
connectivity. connectivity.
In the cases where the gateway is a bridge, the hosts are in effect In the cases where the gateway is a bridge, the hosts are, in effect,
directly connected to the ISP, and for all practical matter behave directly connected to the ISP, and for all practical matter, behave
as directly connected hosts. as directly connected hosts.
The case where the gateway is an IP router but not a NAT will be The case where the gateway is an IP router but not a NAT will be
treated as small variants in the analysis of case A, B, C and D. treated as small variants in the analysis of case A, B, C, and D.
5.1 Case A, host deployment of IPv6 applications 5.1. Case A, Host Deployment of IPv6 Applications
In this case the gateway doesn't provide IPv6; the ISP may or may In this case, the gateway doesn't provide IPv6; the ISP may or may
not provide IPv6, but this is not relevant, since the non-upgraded not provide IPv6, but this is not relevant since the non-upgraded
gateway would prevent the hosts from using the ISP service. Some gateway would prevent the hosts from using the ISP service. Some
hosts will try to get IPv6 connectivity, in order to run hosts will try to get IPv6 connectivity in order to run applications
applications that require IPv6, or work better with IPv6. The hosts that require IPv6, or work better with IPv6. The hosts, in this
in this case will have to handle the IPv6 transition mechanisms on case, will have to handle the IPv6 transition mechanisms on their
their own. own.
There are two variations of this case, depending on the type of There are two variations of this case, depending on the type of
service implemented by the gateway. In many cases, the gateway is a service implemented by the gateway. In many cases, the gateway is a
direct obstacle to the deployment of IPv6, but a gateway which is direct obstacle to the deployment of IPv6, but a gateway which is
some form of bridge-mode CPE or which is a plain (neither some form of bridge-mode CPE or which is a plain (neither filtering
filtering nor NAT) router does not really fall into this category. nor NAT) router does not really fall into this category.
5.1.1 Application support in Case A 5.1.1. Application Support in Case A
The focus of Case A is to enable communication between a host on the The focus of Case A is to enable communication between a host on the
unmanaged network and some IPv6-only hosts outside of the network. unmanaged network and some IPv6-only hosts outside of the network.
Huitema et al. [Page 8] The primary focus in the immediate future, i.e., for the early
The primary focus in the immediate future, i.e. for the early
adopters of IPv6, will be peer-to-peer applications. However, as adopters of IPv6, will be peer-to-peer applications. However, as
IPv6 deployment progresses, we will likely find a situation where IPv6 deployment progresses, we will likely find a situation where
some networks have IPv6-only services deployed, at which point we some networks have IPv6-only services deployed, at which point we
would like case A client applications to be able to access those would like case A client applications to be able to access those
services. services.
Local applications are not a primary focus of Case A. At this stage, Local applications are not a primary focus of Case A. At this stage,
we expect all clients in the unmanaged network to have either IPv4 we expect all clients in the unmanaged network to have either IPv4
only or dual stack support. Local applications can continue working only or dual stack support. Local applications can continue working
using IPv4. using IPv4.
Server applications are also not a primary focus of Case A. Server Server applications are also not a primary focus of Case A. Server
applications require DNS support, which is difficult to engineer for applications require DNS support, which is difficult to engineer for
clients located behind a NAT, which is likely to be present in this clients located behind a NAT, which is likely to be present in this
case. Besides, server applications at present cater mostly to IPv4 case. Besides, server applications presently cater mostly to IPv4
clients; putting up an IPv6-only server is not very attractive. clients; putting up an IPv6-only server is not very attractive.
In contrast, peer-to-peer applications are probably both attractive In contrast, peer-to-peer applications are probably both attractive
and easy to deploy: they are deployed in a coordinated fashion as and easy to deploy: they are deployed in a coordinated fashion as
part of a peer-to-peer network, which means that hosts can all part of a peer-to-peer network, which means that hosts can all
receive some form of IPv6 upgrade; they often provide their own receive some form of an IPv6 upgrade; they often provide their own
naming infrastructure, in which case they are not dependent on DNS naming infrastructure, in which case they are not dependent on DNS
services. services.
5.1.2 Addresses and connectivity in Case A 5.1.2. Addresses and Connectivity in Case A
We saw in 5.1.1 that the likely motivation for deployment of IPv6 We saw in 5.1.1 that the likely motivation for deployment of IPv6
connectivity in hosts in case A is a desire to use peer-to-peer and connectivity in hosts in case A is a desire to use peer-to-peer and
client IPv6 applications. These applications require that all client IPv6 applications. These applications require that all
participating nodes get some form of IPv6 connectivity, i.e. at participating nodes get some form of IPv6 connectivity, i.e., at
least one globally reachable IPv6 address. least one globally reachable IPv6 address.
If the local gateway provides global IPv4 addresses to the local If the local gateway provides global IPv4 addresses to the local
hosts, then these hosts can individually exercise the mechanisms hosts, then these hosts can individually exercise the mechanisms
described in case C, "IPv6 connectivity without provider support." described in case C, "IPv6 connectivity without provider support."
If the local gateway implements a NAT function, another type of If the local gateway implements a NAT function, another type of
mechanism is needed. The mechanism to provide connectivity to peers mechanism is needed. The mechanism to provide connectivity to peers
behind NAT should be easy to deploy, and light weight; it will have behind NAT should be easy to deploy, and light weight; it will have
to involve tunneling over a protocol that can easily traverse NAT, to involve tunneling over a protocol that can easily traverse NAT,
either TCP or preferably UDP, as tunneling over TCP can result in either TCP or preferably UDP, as tunneling over TCP can result in
poor performances in case of time-outs and retransmission. If poor performance in cases of time-outs and retransmissions. If
servers are needed, these servers will in practice have to be servers are needed, these servers will, in practice, have to be
deployed as part of the "support infrastructure" for the peer-to- deployed as part of the "support infrastructure" for the peer-to-peer
peer network or for an IPv6-based service; economic reality implies network or for an IPv6-based service; economic reality implies that
that the cost of running these servers should be as low as possible. the cost of running these servers should be as low as possible.
5.1.3 Naming services in Case A 5.1.3. Naming Services in Case A
At this phase of IPv6 deployment, hosts in the unmanaged domain have At this phase of IPv6 deployment, hosts in the unmanaged domain have
access to DNS services over IPv4, through the existing gateway. DNS access to DNS services over IPv4 through the existing gateway. DNS
resolvers are supposed to serve AAAA records, even if they only resolvers are supposed to serve AAAA records, even if they only
Huitema et al. [Page 9]
implement IPv4; the local hosts should thus be able to obtain the implement IPv4; the local hosts should thus be able to obtain the
IPv6 addresses of IPv6-only servers. IPv6 addresses of IPv6-only servers.
Reverse lookup is difficult to provide for hosts on the unmanaged Reverse lookup is difficult to provide for hosts on the unmanaged
network if the gateway is not upgraded. This is a potential issue network if the gateway is not upgraded. This is a potential issue
for client applications. Some servers require a reverse lookup as for client applications. Some servers require a reverse lookup as
part of accepting a client's connection, and may require that the part of accepting a client's connection, and may require that the
direct lookup of the corresponding name matches the IPv6 address of direct lookup of the corresponding name matches the IPv6 address of
the client. There is thus a requirement either to provide a reverse the client. There is thus a requirement to provide either a reverse
lookup solution, or to make sure that IPv6 servers do not require lookup solution, or to make sure that IPv6 servers do not require
reverse lookup. reverse lookup.
5.2 Case B, IPv6 connectivity with provider support 5.2. Case B, IPv6 Connectivity with Provider Support
In this case the ISP and gateway are both dual stack. The gateway In this case, the ISP and gateway are both dual stack. The gateway
can use native IPv6 connectivity to the ISP and can use an IPv6 can use native IPv6 connectivity to the ISP and can use an IPv6
prefix allocated by the ISP. prefix allocated by the ISP.
5.2.1 Application support in Case B 5.2.1. Application Support in Case B
If the ISP and the gateway are dual-stack, client applications, If the ISP and the gateway are dual-stack, client applications,
peer-to-peer applications and server applications can all be enabled peer-to-peer applications, and server applications can all be enabled
easily on the unmanaged network. easily on the unmanaged network.
We expect the unmanaged network to include three kinds of hosts: We expect the unmanaged network to include three kinds of hosts:
IPv4 only, IPv6-only, and dual stack. Obviously, dual stack hosts IPv4 only, IPv6-only, and dual stack. Obviously, dual stack hosts
can interact easily with either IPv4 only hosts or IPv6-only hosts, can interact easily with either IPv4 only hosts or IPv6-only hosts,
but an IPv4 only host and an IPv6-only host cannot communicate but an IPv4 only host and an IPv6-only host cannot communicate
without a third party performing some kind of translation service. without a third party performing some kind of translation service.
Our analysis concludes that unmanaged networks should not have to Our analysis concludes that unmanaged networks should not have to
provide such translation services. provide such translation services.
The argument for providing translation services is that their The argument for providing translation services is that their
availability would accelerate the deployment of IPv6-only devices, availability would accelerate the deployment of IPv6-only devices,
and thus the transition to IPv6. This is however a dubious argument, and thus the transition to IPv6. This is, however, a dubious
since it can also be argued that the availability of these argument since it can also be argued that the availability of these
translation services will reduce the pressure to provide IPv6 at translation services will reduce the pressure to provide IPv6 at all,
all, and to just continue fielding IPv4-only devices. The remaining and to just continue fielding IPv4-only devices. The remaining
pressure to provide IPv6 connectivity would just be the difference pressure to provide IPv6 connectivity would just be the difference in
in "quality of service" between a translated exchange and a native "quality of service" between a translated exchange and a native
interconnect. interconnect.
The argument against translation service is the difficulty of The argument against translation service is the difficulty of
providing these services for all applications, compared to the providing these services for all applications, compared to the
relative ease of installing dual stack solutions in an unmanaged relative ease of installing dual stack solutions in an unmanaged
network. Translation services can be provided either by application network. Translation services can be provided either by application
relays such as HTTP proxies, or by network level services such as relays, such as HTTP proxies, or by network level services, such as
NAT-PT [RFC2766]. Application relays pose several operational NAT-PT [RFC2766]. Application relays pose several operational
problems: first, one must develop relays for all applications; problems: first, one must develop relays for all applications;
second, one must develop a management infrastructure to provision second, one must develop a management infrastructure to provision the
the host with the addresses of the relays; in addition, the host with the addresses of the relays; in addition, the application
application may have to be modified if one wants to use the relay may have to be modified if one wants to use the relay selectively,
selectively, e.g. only when direct connection is not available. e.g., only when direct connection is not available. Network level
Network level translation poses similar problems: in practice, translation poses similar problems: in practice, network level
network level actions must be complemented by "application layer actions must be complemented by "application layer gateways" that
gateways" that will rewrite references to IP addresses in the will rewrite references to IP addresses in the protocol, and while
protocol, and while these relays are not necessary for every these relays are not necessary for every application, they are
application, they are necessary for enough applications to make any necessary for enough applications to make any sort of generalized
sort of generalized translation quite problematic; hosts may need to translation quite problematic; hosts may need to be parameterized to
be parameterized to use the translation service; and designing the use the translation service, and designing the right algorithm to
right algorithm to decide when to translate DNS requests has proven decide when to translate DNS requests has proven very difficult.
very difficult.
Not assuming translation services in the network appears to be both Not assuming translation services in the network appears to be both
more practical and more robust. If the market requirement for a new more practical and more robust. If the market requirement for a new
device requires that it interact with both IPv4 and IPv6 hosts, we device requires that it interact with both IPv4 and IPv6 hosts, we
may expect the manufacturers of these devices to program them with a may expect the manufacturers of these devices to program them with a
dual stack capability; in particular, we expect general purpose dual stack capability; in particular, we expect general purpose
systems such as personal computers to be effectively dual-stack. The systems, such as personal computers, to be effectively dual-stack.
only devices that are expected to be capable of only supporting IPv6 The only devices that are expected to be capable of only supporting
are those who are designed for specific applications, which do not IPv6 are those designed for specific applications, which do not
require interoperation with IPv4-only systems. We also observe that require interoperation with IPv4-only systems. We also observe that
providing both IPv4 and IPv6 connectivity in an unmanaged network is providing both IPv4 and IPv6 connectivity in an unmanaged network is
not particularly difficult: we have a fair amount of experience not particularly difficult: we have a fair amount of experience using
using IPv4 in unmanaged networks in parallel with other protocols IPv4 in unmanaged networks in parallel with other protocols, such as
such as, for example, IPX. IPX.
5.2.2 Addresses and connectivity in Case B 5.2.2. Addresses and Connectivity in Case B
In Case B, the upgraded gateway will act as an IPv6 router; it will In Case B, the upgraded gateway will act as an IPv6 router; it will
continue providing the IPv4 connectivity, perhaps using NAT. Nodes continue providing the IPv4 connectivity, perhaps using NAT. Nodes
in the local network will typically obtain: in the local network will typically obtain:
- IPv4 addresses (from or via the gateway), - IPv4 addresses (from or via the gateway),
- IPv6 link local addresses, and - IPv6 link local addresses, and
- IPv6 global addresses. - IPv6 global addresses.
In some networks, NAT will not be in use and the local hosts will In some networks, NAT will not be in use and the local hosts will
actually obtain global IPv4 addresses. We will not elaborate on actually obtain global IPv4 addresses. We will not elaborate on
this, as the availability of global IPv4 addresses does not bring this, as the availability of global IPv4 addresses does not bring any
any additional complexity to the transition mechanisms. additional complexity to the transition mechanisms.
To enable this scenario, the gateway needs to use a mechanism to To enable this scenario, the gateway needs to use a mechanism to
obtain a global IPv6 address prefix from the ISP, and advertise this obtain a global IPv6 address prefix from the ISP, and advertise this
address prefix to the hosts in the unmanaged network; several address prefix to the hosts in the unmanaged network; several
solutions will be assessed in a companion memo [EVAL]. solutions will be assessed in a companion memo [EVAL].
5.2.3 Naming services in Case B 5.2.3. Naming Services in Case B
In case B, hosts in the unmanaged domain have access to DNS services In case B, hosts in the unmanaged domain have access to DNS services
through the gateway. As the gateway and the ISP both support IPv4 through the gateway. As the gateway and the ISP both support IPv4
and IPv6, these services may be accessible by the IPv4-only hosts and IPv6, these services may be accessible by the IPv4-only hosts
using IPv4, by the IPv6-only hosts using IPv6, and by the dual stack using IPv4, by the IPv6-only hosts using IPv6, and by the dual stack
hosts using either. Currently, IPv4 only hosts usually discover the hosts using either. Currently, IPv4 only hosts usually discover the
IPv4 address of the local DNS resolver using DHCP; there must be a IPv4 address of the local DNS resolver using DHCP; there must be a
way for IPv6-only hosts to discover the IPv6 address of the DNS way for IPv6-only hosts to discover the IPv6 address of the DNS
resolver. resolver.
There must be a way to resolve the name of local hosts to their IPv4 There must be a way to resolve the name of local hosts to their IPv4
or IPv6 addresses. Typing auto-configured IPv6 addresses in a or IPv6 addresses. Typing auto-configured IPv6 addresses in a
configuration file is impractical; this implies either some form of configuration file is impractical; this implies either some form of
dynamic registration of IPv6 addresses in the local service, or a dynamic registration of IPv6 addresses in the local service, or a
dynamic address discovery mechanism. Possible solutions will be dynamic address discovery mechanism. Possible solutions will be
compared in the evaluation draft. compared in the evaluation draft [EVAL].
The requirement to support server applications in the unmanaged The requirement to support server applications in the unmanaged
network implies a requirement to publish the IPv6 addresses of local network implies a requirement to publish the IPv6 addresses of local
servers in the DNS. There are multiple solutions, including domain servers in the DNS. There are multiple solutions, including domain
name delegation. If efficient reverse lookup functions are to be name delegation. If efficient reverse lookup functions are to be
provided, delegation of a fraction of the ip6.arpa tree is also provided, delegation of a fraction of the ip6.arpa tree is also
required. required.
The response to a DNS request should not depend on the protocol by The response to a DNS request should not depend on the protocol by
which the request is transported: dual-stack hosts may use either which the request is transported: dual-stack hosts may use either
IPv4 or IPv6 to contact the local resolver, the choice of IPv4 or IPv4 or IPv6 to contact the local resolver, the choice of IPv4 or
IPv6 may be random, and the value of the response should not depend IPv6 may be random, and the value of the response should not depend
of a random event. on a random event.
DNS transition issues in a dual IPv4/IPv6 network are discussed in DNS transition issues in a dual IPv4/IPv6 network are discussed in
[DNSOPV6]. [DNSOPV6].
5.3 Case C, IPv6 connectivity without provider support 5.3. Case C, IPv6 Connectivity without Provider Support
In this case the gateway is dual stack, but the ISP is not. The In this case, the gateway is dual stack, but the ISP is not. The
gateway has been upgraded and offers both IPv4 and IPv6 connectivity gateway has been upgraded and offers both IPv4 and IPv6 connectivity
to hosts. It cannot rely on the ISP for IPv6 connectivity, because to hosts. It cannot rely on the ISP for IPv6 connectivity, because
the ISP does not offer ISP connectivity yet. the ISP does not yet offer ISP connectivity.
5.3.1 Application support in Case C 5.3.1. Application Support in Case C
Application support in case C should be identical to that of case B. Application support in case C should be identical to that of case B.
5.3.2 Addresses and connectivity in Case C 5.3.2. Addresses and Connectivity in Case C
The upgraded gateway will behave as an IPv6 router; it will continue The upgraded gateway will behave as an IPv6 router; it will continue
providing the IPv4 connectivity, perhaps using NAT. Nodes in the providing the IPv4 connectivity, perhaps using NAT. Nodes in the
local network will obtain: local network will obtain:
- IPv4 addresses (from or via the gateway), - IPv4 addresses (from or via the gateway),
- IPv6 link local addresses, - IPv6 link local addresses,
- IPv6 global addresses. - IPv6 global addresses.
There are two ways to bring immediate IPv6 connectivity on top of an There are two ways to bring immediate IPv6 connectivity on top of an
IPv4 only infrastructure: automatic tunnels, e.g. provided by the IPv4 only infrastructure: automatic tunnels, e.g., provided by the
[6TO4] technology, or configured tunnels. Both technologies have 6TO4 technology [RFC3056], or configured tunnels. Both technologies
advantages and limitations, which will be studied in a companion have advantages and limitations, which will be studied in another
document. document.
There will be some cases where the local hosts actually obtain There will be some cases where the local hosts actually obtain global
global IPv4 addresses. We will not discuss this scenario, as it does IPv4 addresses. We will not discuss this scenario, as it does not
not make the use of transition technology harder, or more complex. make the use of transition technology harder, or more complex. Case
Case A has already examined how hosts could obtain IPv6 connectivity A has already examined how hosts could obtain IPv6 connectivity
individually. individually.
5.3.3 Naming services in Case C 5.3.3. Naming Services in Case C
The local naming requirements in case C are identical to the local The local naming requirements in case C are identical to the local
naming requirements of case B, with two differences: delegation of naming requirements of case B, with two differences: delegation of
domain names, and management of reverse lookup queries. domain names, and management of reverse lookup queries.
A delegation of some domain name is required in order to publish the A delegation of some domain name is required in order to publish the
IPv6 addresses of servers in the DNS. IPv6 addresses of servers in the DNS.
A specific mechanism for handling reverse lookup queries will be A specific mechanism for handling reverse lookup queries will be
required if the gateway uses a dynamic mechanism such as 6to4 to required if the gateway uses a dynamic mechanism, such as 6to4, to
obtain a prefix independently of any IPv6 ISP. obtain a prefix independently of any IPv6 ISP.
5.4 Case D, ISP stops providing native IPv4 connectivity 5.4. Case D, ISP Stops Providing Native IPv4 Connectivity
In this case the ISP is IPv6-only, so the gateway loses IPv4 In this case, the ISP is IPv6-only, so the gateway loses IPv4
connectivity, and is faced with an IPv6-only service provider. The connectivity, and is faced with an IPv6-only service provider. The
gateway itself is dual stack, and the unmanaged network includes gateway itself is dual stack, and the unmanaged network includes IPv4
IPv4 only, IPv6-only and dual stack hosts. Any interaction between only, IPv6-only, and dual stack hosts. Any interaction between hosts
hosts in the unmanaged network and IPv4 hosts on the Internet will in the unmanaged network and IPv4 hosts on the Internet will require
require the provision of some inter-protocol services by the ISP. the provision of some inter-protocol services by the ISP.
5.4.1 Application support in Case D 5.4.1. Application Support in Case D
At this phase of the transition, IPv6 hosts can participate in all At this phase of the transition, IPv6 hosts can participate in all
types of applications with other IPv6 hosts. IPv4 hosts in the types of applications with other IPv6 hosts. IPv4 hosts in the
unmanaged network will be able to perform local applications with unmanaged network will be able to perform local applications with
IPv4 or dual stack local hosts. IPv4 or dual stack local hosts.
As in case B, we will assume that IPv6-only hosts will not interact As in case B, we will assume that IPv6-only hosts will not interact
with IPv4-only hosts, either local or remote. We must however assume with IPv4-only hosts, either local or remote. We must however assume
that IPv4-only hosts and dual stack hosts will desire to interact that IPv4-only hosts and dual stack hosts will want to interact with
with IPv4 services available on the Internet: the inability to do so IPv4 services available on the Internet: the inability to do so would
would place the IPv6-only provider at a great commercial place the IPv6-only provider at a great commercial disadvantage
disadvantage compared to other Internet service providers. compared to other Internet service providers.
There are three possible ways that an ISP can provide hosts in the There are three possible ways that an ISP can provide hosts in the
unmanaged network with access to IPv4 applications: by using a set unmanaged network with access to IPv4 applications: by using a set of
of application relays, by providing an address translation service, application relays, by providing an address translation service, or
or by providing IPv4-over-IPv6 tunnels. Our analysis concludes that by providing IPv4-over-IPv6 tunnels. Our analysis concludes that a
a tunnel service seems to be vastly preferable. tunnel service seems to be vastly preferable.
We already mentioned the drawbacks of the application gateway We already mentioned the drawbacks of the application gateway
approach when analyzing case B: it is necessary to provide relays approach when analyzing case B: it is necessary to provide relays for
for all applications, to develop a way to provision the hosts with all applications, to develop a way to provision the hosts with the
the addresses of these relays, and to modify the applications so addresses of these relays, and to modify the applications so that
that they will only use the relays when needed. We also observe that they will only use the relays when needed. We also observe that in
in an IPv6-only ISP the application relays would only be accessible an IPv6-only ISP, the application relays would only be accessible
over IPv6, and would thus not be accessible by the "legacy" IPv4- over IPv6, and would thus not be accessible by the "legacy" IPv4-only
only hosts. The application relay approach is thus not very hosts. The application relay approach is thus not very attractive.
attractive.
Providing a network address and protocol translation service between Providing a network address and protocol translation service between
IPv6 and IPv4 would also have many drawbacks. As in case B, it will IPv6 and IPv4 would also have many drawbacks. As in case B, it will
have to be complemented by "application layer gateways" that will have to be complemented by "application layer gateways" that will
rewrite references to IP addresses in the protocol; hosts may need rewrite references to IP addresses in the protocol; hosts may need to
to be parameterized to use the translation service; and we would be parameterized to use the translation service, and we would have to
have to solve DNS issues. The network level protocol translation solve DNS issues. The network level protocol translation service
service doesn't appear to be very desirable. doesn't appear to be very desirable.
The preferable alternative to application relays and network address The preferable alternative to application relays and network address
translation is the provision of an IPv4-over-IPv6 service. translation is the provision of an IPv4-over-IPv6 service.
5.4.2 Addresses and connectivity in Case D 5.4.2. Addresses and Connectivity in Case D
The ISP assigns an IPv6 prefix to the unmanaged network, so hosts The ISP assigns an IPv6 prefix to the unmanaged network, so hosts
have a global IPv6 address and use it for global IPv6 connectivity. have a global IPv6 address and use it for global IPv6 connectivity.
This will require delegation of an IPv6 address prefix, as This will require delegation of an IPv6 address prefix, as
investigated in case C. investigated in case C.
To enable IPv4 hosts and dual stack hosts to access remote IPv4 To enable IPv4 hosts and dual stack hosts accessibility to remote
services, the ISP must provide the gateway with at least one IPv4 IPv4 services, the ISP must provide the gateway with at least one
address, using some form of IPv4-over-IPv6 tunneling. Once such IPv4 address, using some form of IPv4-over-IPv6 tunneling. Once such
addresses have been provided, the gateway effectively acquires dual- addresses have been provided, the gateway effectively acquires dual-
stack connectivity; for hosts inside the unmanaged network, this stack connectivity; for hosts inside the unmanaged network, this will
will be indistinguishable from the IPv4 connectivity obtained in be indistinguishable from the IPv4 connectivity obtained in case B or
case B or C. C.
5.4.3 Naming services in Case D 5.4.3. Naming Services in Case D
The loss of IPv4 connectivity has a direct impact on the provision The loss of IPv4 connectivity has a direct impact on the provision of
of naming services. In many IPv4 unmanaged networks, hosts obtain naming services. In many IPv4 unmanaged networks, hosts obtain their
their DNS configuration parameters from the local gateway, typically DNS configuration parameters from the local gateway, typically
through the DHCP service. If the same mode of operation is desired through the DHCP service. If the same mode of operation is desired
in case D, the gateway will have to be provisioned with the address in case D, the gateway will have to be provisioned with the address
of a DNS resolver and with other DNS parameters, and this of a DNS resolver and with other DNS parameters, and this
provisioning will have to use IPv6 mechanisms. Another consequence provisioning will have to use IPv6 mechanisms. Another consequence
is that the DNS service in the gateway will only be able to use IPv6 is that the DNS service in the gateway will only be able to use IPv6
connectivity to resolve queries; if local hosts perform DNS connectivity to resolve queries; if local hosts perform DNS
resolution autonomously, they will have the same restriction. resolution autonomously, they will have the same restriction.
On the surface, this seems to indicate that the local hosts will On the surface, this seems to indicate that the local hosts will only
only be able to resolve names if the domain servers are accessible be able to resolve names if the domain servers are accessible through
through an IPv6 address documented in an AAAA record. However, the an IPv6 address documented in an AAAA record. However, the DNS
DNS services are just one case of "IPv4 servers accessed by IPv6 services are just one case of "IPv4 servers accessed by IPv6 hosts":
hosts": it should be possible to simply send queries through the it should be possible to simply send queries through the IPv4
IPv4 connectivity services to reach the IPv4 only servers. connectivity services to reach the IPv4 only servers.
The gateway should be able to act as a recursive DNS name server for The gateway should be able to act as a recursive DNS name server for
the remaining IPv4 only hosts. the remaining IPv4 only hosts.
6 Security Considerations 6. Security Considerations
Security considerations are discussed as part of the applications' Security considerations are discussed as part of the applications'
requirements. They include: requirements. They include:
- the guarantee that local applications are only used locally, - the guarantee that local applications are only used locally,
- the protection of the privacy of clients - the protection of the privacy of clients
- the requirement that peer-to-peer connections are only used by - the requirement that peer-to-peer connections are only used by
authorized peers authorized peers
- the requirement that tunneling protocols used for IPv6 access over - the requirement that tunneling protocols used for IPv6 access over
IPv4 be designed for secure use IPv4 be designed for secure use
- the related requirement that servers in the infrastructure - the related requirement that servers in the infrastructure
supporting transition scenarios be designed not to be vulnerable to supporting transition scenarios be designed so as to not be
abuse. vulnerable to abuse.
The security solutions currently used in IPv4 networks include a The security solutions currently used in IPv4 networks include a
combination of firewall functions in the gateway, authentication and combination of firewall functions in the gateway, authentication and
authorization functions in the applications, encryption and authorization functions in the applications, encryption and
authentication services provides by IP security, Transport Layer authentication services provided by IP security, Transport Layer
Security and application specific services, and host-based security Security and application specific services, and host-based security
products such as anti-virus software, and host firewalls. The products, such as anti-virus software and host firewalls. The
applicability of these tools in IPv6 unmanaged networks will be applicability of these tools in IPv6 unmanaged networks will be
studied in a companion document. studied in a another document.
7 IANA Considerations
This memo does not include any request to IANA.
8 Copyright
The following copyright notice is copied from RFC 2026 [Bradner,
1996], Section 10.4, and describes the applicable copyright for this
document.
Copyright (C) The Internet Society July 12, 2001. All Rights
Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
9 Intellectual Property
The following notice is copied from RFC 2026 [Bradner, 1996],
Section 10.4, and describes the position of the IETF concerning
intellectual property claims made against this document.
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use other technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances
of licenses to be made available, or the result of an attempt made
to obtain a general license or permission for the use of such
proprietary rights by implementers or users of this specification
can be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
10 Acknowledgements 7. Acknowledgements
This draft has benefited from the comments of the members of the This document has benefited from the comments of the members of the
IETF V6OPS working group, and from extensive reviews by Chris IETF V6OPS working group, and from extensive reviews by Chris
Fischer, Tony Hain, Kurt Erik Lindqvist, Erik Nordmark, Pekka Fischer, Tony Hain, Kurt Erik Lindqvist, Erik Nordmark, Pekka Savola,
Savola, and Margaret Wasserman. and Margaret Wasserman.
11 References
Normative References 8. References
[RFC791] J. Postel, "Internet Protocol", RFC 791, September 1981.
[RFC2460] Deering, S., and R. Hinden, "Internet Protocol, Version 6 8.1. Normative References
(IPv6) Specification", RFC 2460, December 1998.
[RFC2461] Narten, T., Nordmark, E., and W. Simpson, "Neighbor [RFC791] Postel, J., "Internet Protocol", STD 5, RFC 791,
Discovery for IP Version 6 (IPv6)", RFC 2461, December 1998. September 1981.
[RFC2462] Narten, T., and S. Thomson, "IPv6 Stateless Address [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
Autoconfiguration", RFC 2462, December 1998. (IPv6) Specification", RFC 2460, December 1998.
Informative references 8.2. Informative References
[EVAL] Evaluation of Transition Mechanisms for Unmanaged Networks, [EVAL] Evaluation of Transition Mechanisms for Unmanaged
work in progress. Networks, Work in Progress.
[RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G. [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.
J., and E. Lear, "Address Allocation for Private Internets", RFC J. and E. Lear, "Address Allocation for Private
1918, February 1996. Internets", BCP 5, RFC 1918, February 1996.
[RFC2608] Guttman, E., Perkins, C., Veizades, J. and M. Day, [RFC2608] Guttman, E., Perkins, C., Veizades, J. and M. Day,
"Service Location Protocol, Version 2", RFC 2608, June 1999. "Service Location Protocol, Version 2", RFC 2608, June
1999.
[RFC3056] Carpenter, B., and K. Moore, "Connection of IPv6 Domains [RFC3056] Carpenter, B. and K. Moore, "Connection of IPv6 Domains
via IPv4 Clouds", RFC 3056, February 2001. via IPv4 Clouds", RFC 3056, February 2001.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, [RFC3022] Srisuresh, P. and K. Egevang. "Traditional IP Network
A., Peterson, J., Sparks, R., Handley, M. and E. Schooler, "SIP: Address Translator (Traditional NAT)", RFC 3022, January
Session Initiation Protocol", RFC 3261, June 2002. 2001.
[RFC3022] Srisuresh, P., and K. Egevang. "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022, January 2001.
[RFC2993] T. Hain. "Architectural Implications of NAT", RFC 2993, [RFC2993] Hain, T., "Architectural Implications of NAT", RFC 2993,
November 2000. November 2000.
[RFC2608] Guttman, E., Perkins, C., Veizades, J., and M. Day. [RFC3041] Narten, T. and R. Draves, "Privacy Extensions for
"Service Location Protocol, Version 2", RFC 2993, June 1999. Stateless Address Autoconfiguration in IPv6", RFC 3041,
January 2001.
[RFC3041] Narten, T., and R. Draves. "Privacy Extensions for
Stateless Address Autoconfiguration in IPv6", RFC 3041, January
2001.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Session Initiation Protocol", RFC 3261, June 2002.
[RFC2766] Tsirtsis, G. and P. Srisuresh, "Network Address [RFC2766] Tsirtsis, G. and P. Srisuresh, "Network Address
Translation - Protocol Translation (NAT-PT)", RFC 2766, February Translation - Protocol Translation (NAT-PT)", RFC 2766,
2000. February 2000.
[DNSOPV6] A. Durand. "IPv6 DNS transition issues", Work in progress. [DNSOPV6] Durand, A., Ihren, J. and P. Savola, "Operational
Considerations and Issues with IPv6 DNS", Work in
Progress.
[DNSINADDR] D. Senie. "Requiring DNS IN-ADDR Mapping", Work in [DNSINADDR] Senie, D., "Requiring DNS IN-ADDR Mapping", Work in
progress. Progress.
12 Authors' Addresses 9. Authors' Addresses
Christian Huitema Christian Huitema
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
Redmond, WA 98052-6399 Redmond, WA 98052-6399
Email: huitema@microsoft.com
EMail: huitema@microsoft.com
Rob Austein Rob Austein
Email: sra@hactrn.net Internet Systems Consortium
950 Charter Street
Redwood City, CA 94063
USA
EMail: sra@isc.org
Suresh Satapati Suresh Satapati
Cisco Systems, Inc. Cisco Systems, Inc.
San Jose, CA 95134 San Jose, CA 95134
USA USA
EMail: satapati@cisco.com EMail: satapati@cisco.com
Ronald van der Pol Ronald van der Pol
NLnet Labs NLnet Labs
Kruislaan 419 Kruislaan 419
1098 VA Amsterdam 1098 VA Amsterdam
NL NL
Email: Ronald.vanderPol@nlnetlabs.nl
Table of Contents: EMail: Ronald.vanderPol@nlnetlabs.nl
1 Introduction .................................................... 1 10. Full Copyright Statement
2 Topology ........................................................ 2
3 Applications .................................................... 3 Copyright (C) The Internet Society (2004). This document is subject
3.1 Local applications ............................................ 3 to the rights, licenses and restrictions contained in BCP 78 and
3.2 Client applications ........................................... 3 except as set forth therein, the authors retain all their rights.
3.3 Peer-to-peer applications ..................................... 3
3.4 Server applications ........................................... 4 This document and the information contained herein are provided on an
4 Application requirements of an IPv6 unmanaged network ........... 4 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
4.1 Requirements of local applications ............................ 5 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
4.2 Requirements of client applications ........................... 5 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
4.2.1 Privacy requirement of client applications .................. 5 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
4.3 Requirements of peer-to-peer applications ..................... 6 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
4.4 Requirements of server applications ........................... 7 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
5 Stages of IPv6 deployment ....................................... 7
5.1 Case A, host deployment of IPv6 applications .................. 8 Intellectual Property
5.1.1 Application support in Case A ............................... 8
5.1.2 Addresses and connectivity in Case A ........................ 9 The IETF takes no position regarding the validity or scope of any
5.1.3 Naming services in Case A ................................... 9 Intellectual Property Rights or other rights that might be claimed to
5.2 Case B, IPv6 connectivity with provider support ............... 10 pertain to the implementation or use of the technology described in
5.2.1 Application support in Case B ............................... 10 this document or the extent to which any license under such rights
5.2.2 Addresses and connectivity in Case B ........................ 11 might or might not be available; nor does it represent that it has
5.2.3 Naming services in Case B ................................... 11 made any independent effort to identify any such rights. Information
5.3 Case C, IPv6 connectivity without provider support ............ 12 on the procedures with respect to rights in RFC documents can be
5.3.1 Application support in Case C ............................... 12 found in BCP 78 and BCP 79.
5.3.2 Addresses and connectivity in Case C ........................ 12
5.3.3 Naming services in Case C ................................... 13 Copies of IPR disclosures made to the IETF Secretariat and any
5.4 Case D, ISP stops providing native IPv4 connectivity .......... 13 assurances of licenses to be made available, or the result of an
5.4.1 Application support in Case D ............................... 13 attempt made to obtain a general license or permission for the use of
5.4.2 Addresses and connectivity in Case D ........................ 14 such proprietary rights by implementers or users of this
5.4.3 Naming services in Case D ................................... 14 specification can be obtained from the IETF on-line IPR repository at
6 Security Considerations ......................................... 15 http://www.ietf.org/ipr.
7 IANA Considerations ............................................. 15
8 Copyright ....................................................... 15 The IETF invites any interested party to bring to its attention any
9 Intellectual Property ........................................... 16 copyrights, patents or patent applications, or other proprietary
10 Acknowledgements ............................................... 16 rights that may cover technology that may be required to implement
11 References ..................................................... 16 this standard. Please address the information to the IETF at ietf-
12 Authors' Addresses ............................................. 18 ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/