Internet DRAFT - draft-durand-softwire-pb-statement

draft-durand-softwire-pb-statement







Network Working Group                                 A. Durand (Editor)
Internet-Draft                                                   Comcast
Expires: April 23, 2006                                 October 20, 2005


                       Softwire Problem Statement
               draft-durand-softwire-pb-statement-00.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on April 23, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document defines problem statements for the Softwire Working
   Group to solve.  At the highest level, the softwire WG is tasked to
   identify, and extend where necessary, standard protocols to support a
   selected set of IPv4 in IPv6 and IPv6 in IPv4 transition problems.
   This document describes the distinct problems that will be solved as
   part of a solution phase following the completion of this document.
   Some individual requirements (and non-requirements) are also
   identified in this document at times in order to better describe the
   specific scope for a given problem definition.



Durand                   Expires April 23, 2006                 [Page 1]

Internet-Draft         Softwire Problem Statement           October 2005


Table of Contents

   1.  Requirements Notation  . . . . . . . . . . . . . . . . . . . .  3
   2.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
     2.1.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Hubs and Spokes Problem  . . . . . . . . . . . . . . . . . . .  5
     3.1.  Description  . . . . . . . . . . . . . . . . . . . . . . .  5
     3.2.  Network Address Translation (NAT) and Port Address
           Translation (PAT)  . . . . . . . . . . . . . . . . . . . .  5
     3.3.  Non upgradable CPE router  . . . . . . . . . . . . . . . .  5
     3.4.  Static Prefix Delegation . . . . . . . . . . . . . . . . .  6
     3.5.  Softwire Initiator . . . . . . . . . . . . . . . . . . . .  6
     3.6.  Softwire Concentrators . . . . . . . . . . . . . . . . . .  6
     3.7.  Softwire Concentrator Discovery  . . . . . . . . . . . . .  7
     3.8.  Scaling  . . . . . . . . . . . . . . . . . . . . . . . . .  7
     3.9.  Routing  . . . . . . . . . . . . . . . . . . . . . . . . .  7
     3.10. Multicast  . . . . . . . . . . . . . . . . . . . . . . . .  7
     3.11. Security . . . . . . . . . . . . . . . . . . . . . . . . .  7
     3.12. Operations and Management (OAM)  . . . . . . . . . . . . .  7
     3.13. Encapsulations . . . . . . . . . . . . . . . . . . . . . .  8
   4.  Mesh Problem . . . . . . . . . . . . . . . . . . . . . . . . .  9
     4.1.  Mesh Problem . . . . . . . . . . . . . . . . . . . . . . .  9
     4.2.  Mesh Description . . . . . . . . . . . . . . . . . . . . . 10
     4.3.  Scaling  . . . . . . . . . . . . . . . . . . . . . . . . . 10
     4.4.  Persistence, Discovery and Setup Time  . . . . . . . . . . 11
     4.5.  AF/SAF Reachability  . . . . . . . . . . . . . . . . . . . 11
     4.6.  Softwire Encapsulation . . . . . . . . . . . . . . . . . . 11
     4.7.  Security . . . . . . . . . . . . . . . . . . . . . . . . . 11
     4.8.  OAM  . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
     4.9.  Encapsulations . . . . . . . . . . . . . . . . . . . . . . 12
   5.  Problems: Contrast & Compare . . . . . . . . . . . . . . . . . 13
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 14
   7.  Authors  . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 16
   Intellectual Property and Copyright Statements . . . . . . . . . . 17















Durand                   Expires April 23, 2006                 [Page 2]

Internet-Draft         Softwire Problem Statement           October 2005


1.  Requirements Notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].














































Durand                   Expires April 23, 2006                 [Page 3]

Internet-Draft         Softwire Problem Statement           October 2005


2.  Introduction

   The Softwires Working Group is specifying the standardization of
   discovery, control and encapsulation methods for connecting IPv4
   networks across IPv6 networks, IPv6 networks across IPv4 networks in
   a way that will encourage multiple, inter-operable vendor
   implementations.

   An important aspect of the problem to keep in mind is that softwires
   are to be used in IP based networks to forward both unicast and
   multicast trafic.  They are also assumed to be non-ephemeral in
   nature thus, they are peristent or long-lived.  Last, the setup time
   of a softwire is expected to be a very small fraction of the total
   setup time of the CPE/Address Family Boundry Router (AFBR)

   At the Paris softwire interim meeting in October, 2005, participants
   divided the overall problem space into two separate "sub-problems" to
   solve based on network topology.  These two problems are referred to
   as "Hub and Spoke" (Described in Section 4) and "Mesh" (Described in
   Section 5).  The primary difference between these two problems are
   how many connections and associated routes are managed by each IPv4
   or IPv6 island.  Hub and Spoke is characterized with one connection
   and associated static default route, and Mesh is characterized by
   multiple connections and routing prefixes.  During the solution phase
   of the WG, these problems will be treated as related, but separable,
   problem spaces.  Similar protocols and mechanisms will be used when
   necessary, but may vary when necessary to optimize for the
   requirements of the given problem space.

2.1.  Terminology

   Address Family - IPv4 or IPv6

   AFBR - Address Family Boundry Router (aka PE)

   CPE - Customer Premisis equipment (Host, small router, or "modem")

   Softwire (SW) - A "tunnel" that is created on the basis of a control
   protocol setup between softwire endpoints with shared point-to-point
   or multipoint-to-point state.  Softwires are generally dynamic in
   nature (they may be brought up and down on demand from any side of
   the softwire), but may be very long-lived.

   The node hosting the end of the softwire within the customer network
   is called the softwire initiator.

   The node hosting the end of the softwire within the ISP network is
   called the softwire concentrator.



Durand                   Expires April 23, 2006                 [Page 4]

Internet-Draft         Softwire Problem Statement           October 2005


3.  Hubs and Spokes Problem

   The "Hubs and Spokes" problem is named in reference to the airline
   industry where major companies have establised a relatively small
   number of well connected hubs and then deserve smaller airports from
   those hubs.

3.1.  Description

   In this problem, ISPs (or large enterprise networks acting as ISP for
   their internal resources) establish a dual stack core (either
   natively or by running tunnels, potentially managed by softwires in a
   "Mesh" problem) and a number of dual stack Points of Presence (POP)
   where they connect their customers.  However, one or two things may
   happen:

   a) the networks between the CPE router and the POP supports only one
   address family.

   b) the CPE router cannot be easily upgraded to support both address
   families.

   Equipment cost, operational cost, complexity of running a dual-stack
   network, reluctance to touch CPE, etc. are all reasons brought
   forward when asked why the invervening network cannot be dual-stack
   throughout.

3.2.  Network Address Translation (NAT) and Port Address Translation
      (PAT)

   When connecting IPv6 islands through IPv4 networks, it is assumed
   that one or more IPv4 NAT/PATs MAY exist on the intervening IPv4
   network.  At this point in time, neither IPv6 NAT nor IPv6 PAT has
   been defined, so no special consideration will be made for those
   cases.

   There is no requirement to be able to "autodetect" NAT or PAT
   presence during softwire setup.

3.3.  Non upgradable CPE router

   When the CPE router cannot run in dual stack mode, a softwire will
   have to be established by a node located behind that CPE router.
   This can be accomplished either by a regular PC in the home running
   some ad-hoc software or by a dedicated piece of hardware acting as
   the "IPv6 router".  Such a device is fairly simple in design and only
   requires one physical network interface.




Durand                   Expires April 23, 2006                 [Page 5]

Internet-Draft         Softwire Problem Statement           October 2005


3.4.  Static Prefix Delegation

   An important characteristic of this problem in IPv4 networks is that
   the ISP-facing CPE IP address is typically dynamically assigned.
   Also, if the softwire has to be establish from a node behind a CPE
   router, that node IP address can also be dynamically assigned.  In
   cases where static IP addresses are unavailable, dynamic addresses
   are a problem for some Internet accessible services.  Solutions like
   external dynamic DNS and dynamic NAT port forwarding have been
   deployed, but it would be simpler if, in IPv6 netwroks, a static
   prefix was delegated to the customer, even in the case of single node
   network.  That prefix would allow for the registration of stable
   addresses in the DNS and also enough room to use either RFC3041
   privacy extension or cryptographically generated addresses (CGA).
   The softwire protocol does not need to define a new method for prefix
   delegation however DHCPv6 prefix delegation MUST be able to run over
   a softwire.  Note also that the IP addresses of the softwire link
   itself do not need to be stable, as, even in the single PC being
   attached behind it, a /64 prefix will be delegated.

   Similarly, in the case of an IPv4 softwire, the address could be
   provided by means of DHCP.

3.5.  Softwire Initiator

   In the Hub and Spoke problem, softwires are always initiated by the
   customer side.  Thus, the node hosting the end of the softwire within
   the customer network is called the softwire initiator.  It can run on
   a simple dual stack host or a local dual stack router.  As noticed
   earlier, this can be the CPE access router, another dedicated CPE
   router behind the CPE access router or simply a host.

   The softwire initiator does not have to be always the same node
   and/or always have the same IP address.  In particular, in the
   nomadic case (e.g. a user opening up his laptop in various wifi hot-
   spots), the softwire initiator could potentially obtain an IP address
   of one address family outside its original ISP network and still want
   to obtain the other address family addresses from its original ISP.

3.6.  Softwire Concentrators

   On the ISP side, softwires are termintated on a softwire
   contentrator.  An ISP may deploy several concentrators (for example
   one per POP) for scaling reasons.  A concentrator is in practice a
   dual stack router connected to the dual stack core ISP
   infrastructure.  Softwire concentrators are not nomadic and have
   fixed IP addresses.




Durand                   Expires April 23, 2006                 [Page 6]

Internet-Draft         Softwire Problem Statement           October 2005


3.7.  Softwire Concentrator Discovery

   When the initiator of the softwire is a CPE, the IP address or DNS
   hostname of the softwire concentrator must be known.  The simplest
   way for this to be known by the CPE is for it to be configured by the
   user, or by the provider of the CPE in advance.  Alternatively, an
   automated discovery phase may be run in order to return the IP
   address(s), or hostname(s) of the concentrator.  The details of this
   discovery problem are outside the scope of this document.

3.8.  Scaling

   In a hub and spoke model, an ISP MUST scale the solution to millions
   of softwire inititators by adding more hubs (i.e. softwire
   concentrator).

3.9.  Routing

   As customers networks are typically attached via a single link to
   their ISP, a default or static route is the only thing that is needed
   for both address families.

3.10.  Multicast

   The "classic" multicast solutions can be used over the softwire.
   Typically, such solution would be either proxy MLD/IGMP and PIM.

   NOTE: need to add a reference to "classic" multicast.

3.11.  Security

   User Authentication

   The softwire must support some method of simple user authentication
   in order to accept or deny access to this service, provide adequate
   logging of activity, etc.

   Privacy, Integrity, and Replay protection

   The softwire Control and/or Data plane MUST be able to provide full
   payload security (such as IPsec or SSL) when desired.  This
   additional protection MUST be separable from the tunneling aspect of
   the softwire mechanism itself.  For IPsec, default profiles MUST be
   defined (as per Steve Bellovin documents, insert reference).

3.12.  Operations and Management (OAM)

   As it is assume that the softwire may have to go accross NAT or PAT,



Durand                   Expires April 23, 2006                 [Page 7]

Internet-Draft         Softwire Problem Statement           October 2005


   a keepalive mechanism MUST be define.  Such a mechanism is also
   useful for dead peer detection.  However it may consume unnecessary
   bandwidth, so turning it on or off MUST be an administrative option.

   Other OAM needed features include:

   - Usage accounting

   - End-point failure detection (must be encapsulated w/in the tunnel
   in the transmitting direction

   - Path failure detection)

3.13.  Encapsulations

   IPv6/IPv4, IPv6/UDP/IPV4 and IPv4/IPv6 are on the critical path for
   softwires.  Other encapsulations, like IPv6/IPv6 or IPv4/IPv4, are
   nice to have but not on the critical path.

































Durand                   Expires April 23, 2006                 [Page 8]

Internet-Draft         Softwire Problem Statement           October 2005


4.  Mesh Problem

   Reference Diagram

                    ._._._._              ._._._._
                   |        |            |        |
                   |  V4    |            |  V4    |
                   |access  |            |access  |
                   |island  |            |island  |
                    ._._._._              ._._._._
                       |                    |
                       |                    |
                      BGP                  BGP
                   Dual-Stack           Dual-Stack
                     "AFBR"               "AFBR"
                       |                    |
                       |                    |
                    ._._._._._._._._._._._._._._
                   |                            |
                   |                            |
   ._._._._        |                            |        ._._._.
   |       |       |        V6 only             |       |       |
   | V6    |-------|        transit core        |-------| V6    |
   |access |       |                            |       |access |
   |network|       |                            |       |network|
   ._._._._        |                            |        ._._._.
                   |                            |
                    ._._._._._._._._._._._._._._
                       | /              \    |
                       |/                \   |
                      BGP                  BGP
                    Dual-Stack          Dual-Stack
                     "AFBR"              "AFBR"
                      | |                   |
                      | |                   |
                    ._._._._              ._._._._
                   |        |            |        |
                   |  V4    |            |  V4    |
                   |access  |            |access  |
                   |island  |            |island  |
                    ._._._._              ._._._._

   Figure 1

4.1.  Mesh Problem

   The "Mesh" problem in named in reference to typical routing problems.




Durand                   Expires April 23, 2006                 [Page 9]

Internet-Draft         Softwire Problem Statement           October 2005


4.2.  Mesh Description

   In this problem, ISPs (or large enterprise networks acting as ISP for
   their internal resources) establish connectivity to 'islands' of
   networks of one address family type across a transit core of a
   differing address family type.  For an example, See Figure 1.  Note
   that this is just an example and the converse AF problem may exist.
   To provide reachability across the transit core, dual-stack devices
   are installed that act as "Address Family Boundary Routers."  These
   AFBRs can be performing peering across autonomous systems or,
   performing as Provider Edge routers (PE) within an autonomous system.
   The islands do not have to be upgraded at the time of deploying the
   transit core and interwork as if there was no awareness of the AFBR.

   The AFBR's are the only devices in the network that must be able to
   perform dual-stack operations and setup and encapsulate softwires in
   a mesh to the other islands.  They then pass reachability information
   as appropriate according to policy.  They may be multiply connected
   to the transit network and thus, have to be able to exchange
   appropriate informations and make a routing selection choice as to
   the best exit point.  Note that this creates a multipoint to point
   reachability but, in essence a point to point logical overlay of
   softwire connectivity.

   It should be noted that according to reports the islands do not want
   to achieve network connectivity via tunneled Layer 2 mechanisms but,
   as distinct Layer 3 or MPLS routers.  This clearly helps scaling and
   Layer 2 discovery performance issues.  It also prevents having to
   have fully meshed point to point Layer 2 connectivity between the
   nodes in differing islands as Layer 2 technology choice must be
   preserved.

4.3.  Scaling

   In the mesh problem, the number of AFBRs is on the order of the
   number of islands though it should be clear that an AFBR could handle
   many islands if they have distinct routing and forwarding tables.  A
   primary issue in the Mesh problem is that the size of the routing
   tables exchanged between the islands is of the order of the 'full
   Internet' (with respect to the islands native AF) plus, VPNs.  The
   number of peering points of an AFBR will be on the order of any
   Autonomous System Border Router (ASBR) which are assumed to be
   multiply peered to the transit core for reliability.  An island can
   also have multiple AFBRs for reliability as well.  Both the island or
   the transit core can contain route reflectors or hierarchical routing
   with impunity.





Durand                   Expires April 23, 2006                [Page 10]

Internet-Draft         Softwire Problem Statement           October 2005


4.4.  Persistence, Discovery and Setup Time

   Discovery of the AFBRs and softwire encapsulation can be accomplished
   by the routing protocol (e.g.  BGP) during capability advertisement.
   Or, the endpoints can be passed in new data formats or attributes,
   yet to be defined.  The duration of the softwire for inter-island
   reachability is considered to be as long as the BGP peering session.
   Thus, dynamicity is very low.  The setup time should be on the order
   of the same duration to setup L3VPNs.

4.5.  AF/SAF Reachability

   It has been reported that the softwires to connect the islands will
   need to be able to perform IPv4 in IPv6, IPv6 in IPv4 and be able to
   exchange L3VPN routing tables.  The islands will need to be able to
   perform multicast routing and if the transit core does not provide
   native multicast services, the "classic" multicast solutions can be
   used over the softwire.  If native multicast services are enabled,
   further work may need to be accomplished to optimize the multicast
   forwarding path, receiver transmission load or receiver load.

4.6.  Softwire Encapsulation

   In the strictest sense, the softwire encapsulation has to be dual
   stack.  There is no requirement that only one encapsulation technique
   must be used.  It could be possible to have more than one available
   at each AFBR.  The AFBR must be able to prioritize which
   encapsulation technique it will use if there is more than one
   available.

4.7.  Security

   In contrast with the hub and spoke problem, routers are advertizing
   routers for relatively large islands, and never a single user so
   there is no "user authentication" necessary.  However, if running
   over an untrusted network, control or data plane security may be
   necessary.

   In the control plane, the softwire solution has to support
   authentication, but an ISP may decide to turn it off in some
   circumstances.

   In the data plane, the softwire solution must support IPsec and an
   IPsec profile will have to be defined. (see Steve Bellovin
   recomendations)






Durand                   Expires April 23, 2006                [Page 11]

Internet-Draft         Softwire Problem Statement           October 2005


4.8.  OAM

   There have been no reports of NATs between the AFBRs (in the transit
   core) so a NAT detection solution is not needed.

   Other OAM needed features include:

   - Usage accounting

   - End-point failure detection (must be encapsulated w/in the tunnel
   in the transmitting direction

   - Path failure detection)

4.9.  Encapsulations

   IPv6/IPv4,IPv4/IPv6 and overlapping address space as defined in the
   L3VPN working group are on the critical path for softwires.  Other
   encapsulations, like IPv4/IPv4 or IPLS as defined in the L2VPN
   working group, are nice to have but not on the critical path.































Durand                   Expires April 23, 2006                [Page 12]

Internet-Draft         Softwire Problem Statement           October 2005


5.  Problems: Contrast & Compare

   An important distinction between the "Hub & Spokes" and " Mesh"
   problems is that the former defines client-initiated tunnels and the
   "spoke" is a device on the client premises (and may be owned by the
   client).  The latter discusses about provider-initiated tunnels, and
   the devices participating in the mesh are on the provider premises
   and owned/managed by the provider.











































Durand                   Expires April 23, 2006                [Page 13]

Internet-Draft         Softwire Problem Statement           October 2005


6.  Security Considerations

   None.
















































Durand                   Expires April 23, 2006                [Page 14]

Internet-Draft         Softwire Problem Statement           October 2005


7.  Authors

   This document has been edited by Alain Durand after the Paris interim
   meeting.  The contributing authors include:

   o  Xing Li

   o  Shin Miyakawa

   o  Jordi Palet

   o  Florent Parent

   o  David Ward


8.  References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.































Durand                   Expires April 23, 2006                [Page 15]

Internet-Draft         Softwire Problem Statement           October 2005


Author's Address

   Alain Durand-editor
   Comcast















































Durand                   Expires April 23, 2006                [Page 16]

Internet-Draft         Softwire Problem Statement           October 2005


Intellectual Property Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Copyright Statement

   Copyright (C) The Internet Society (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.


Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.




Durand                   Expires April 23, 2006                [Page 17]