Internet DRAFT - draft-ieft-softwire-dslite-deployment

draft-ieft-softwire-dslite-deployment






Softwire                                                          Y. Lee
Internet-Draft                                                   Comcast
Intended status: Informational                               R. Maglione
Expires: March 12, 2012                                   Telecom Italia
                                                             C. Williams
                                                               MCSR Labs
                                                            C. Jacquenet
                                                            M. Boucadair
                                                          France Telecom
                                                       September 9, 2011


             Deployment Considerations for Dual-Stack Lite
                draft-ieft-softwire-dslite-deployment-00

Abstract

   This document discusses the deployment issues and describes
   requirements for the deployment and operation of Dual-Stack Lite.
   This document describes the various deployment considerations and
   applicability of the Dual-Stack Lite architecture.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 12, 2012.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents



Lee, et al.              Expires March 12, 2012                 [Page 1]

Internet-Draft    Deployment Considerations for DS-Lite   September 2011


   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


Table of Contents

   1.  Overview . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  AFTR Deployment Considerations . . . . . . . . . . . . . . . .  3
     2.1.  Interface Consideration  . . . . . . . . . . . . . . . . .  3
     2.2.  MTU Considerations . . . . . . . . . . . . . . . . . . . .  3
     2.3.  Fragmentation  . . . . . . . . . . . . . . . . . . . . . .  3
     2.4.  Lawful Intercept Considerations  . . . . . . . . . . . . .  4
     2.5.  Logging at the AFTR  . . . . . . . . . . . . . . . . . . .  4
     2.6.  Blacklisting a shared IPv4 Address . . . . . . . . . . . .  5
     2.7.  AFTR's Policies  . . . . . . . . . . . . . . . . . . . . .  5
     2.8.  AFTR Impacts on Accounting Process in Broadband Access . .  5
     2.9.  Reliability Considerations of AFTR . . . . . . . . . . . .  6
     2.10. Strategic Placement of AFTR  . . . . . . . . . . . . . . .  6
     2.11. AFTR Considerations for Geographically Aware Services  . .  7
     2.12. Impacts on QoS . . . . . . . . . . . . . . . . . . . . . .  8
     2.13. Port Forwarding Considerations . . . . . . . . . . . . . .  8
     2.14. DS-Lite Tunnel Security  . . . . . . . . . . . . . . . . .  8
     2.15. IPv6-only Network considerations . . . . . . . . . . . . .  9
   3.  B4 Deployment Considerations . . . . . . . . . . . . . . . . .  9
     3.1.  DNS deployment Considerations  . . . . . . . . . . . . . . 10
   4.  Security Considerations  . . . . . . . . . . . . . . . . . . . 10
   5.  Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 10
   6.  Acknowledgement  . . . . . . . . . . . . . . . . . . . . . . . 11
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 11
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
     8.1.  Normative References . . . . . . . . . . . . . . . . . . . 11
     8.2.  Informative References . . . . . . . . . . . . . . . . . . 12
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13















Lee, et al.              Expires March 12, 2012                 [Page 2]

Internet-Draft    Deployment Considerations for DS-Lite   September 2011


1.  Overview

   Dual-stack Lite (DS-Lite) [I-D.ietf-softwire-dual-stack-lite] is a
   transition technique that enable operators to multiplex public IPv4
   addresses while provisioning only IPv6 to users.  DS-Lite is designed
   to address the IPv4 depletion issue and allow the operators to
   upgrade their network incrementally to IPv6.  DS-Lite combines IPv4-
   in-IPv6 tunnel and NAT44 to share a public IPv4 address more than one
   user.  This document discusses various deployment considerations for
   DS-Lite by operators.


2.  AFTR Deployment Considerations

2.1.  Interface Consideration

   Address Family Transition Router (AFTR) is the function deployed
   inside the operator's network.  AFTR can be a standalone device or
   embedded into a router.  AFTR is the IPv4-in-IPv6 tunnel termination
   point and the NAT44 device.  It is deployed at the IPv4-IPv6 network
   border where the tunnel interface is IPv6 and the NAT interface is
   IPv4.  Although an operator can configure a dual-stack interface for
   both functions, we recommended to configure two individual interfaces
   (i.e. one dedicated for IPv4 and one dedicated for IPv6) to segregate
   the functions.

2.2.  MTU Considerations

   DS-Lite is part tunneling protocol.  Tunneling introduces some
   additional complexity and has a risk of MTU.  With tunneling comes
   additional header overhead that implies that the tunnel's MTU is
   smaller than the raw interface MTU.  The issue that the end user may
   experience is that they cannot download Internet pages or transfer
   files using File Transfer Protocol (FTP).

   To mitigate the tunnel overhead, the access network could increase
   the MTU size to account the necessary tunnel overhead which is the
   size of an IPv6 header.  If the access network MTU size is fixed and
   cannot be changed, the B4 element and the AFTR must support
   fragmentation.

2.3.  Fragmentation

   The IPv4-in-IPv6 tunnel is between B4 and AFTR.  When a host behind
   the B4 element communicates to a server, both the host and the server
   are not aware of the tunnel.  They may continue to use the maximum
   MTU size for communication.  In fact, the IPv4 packet isn't over-
   sized, it is the v6 encapsulation that may cause the oversize.  So



Lee, et al.              Expires March 12, 2012                 [Page 3]

Internet-Draft    Deployment Considerations for DS-Lite   September 2011


   the tunnel points are responsible to handle the fragmentation.  In
   general, the Tunnel-Entry Point and Tunnel-Exist Point should
   fragment and reassemble the oversized datagram.  If the DF is set,
   the B4 element should send an ICMP "Destination Unreachable" with
   "Fragmentation Needed and Don't Fragment was Set" and drop the
   packet.  If the DF is not set, the B4 element should fragment the
   IPv6 packet after the encapsulation.  This mechanism is transport
   protocol agnostic and works for both UDP and TCP.

   [editor note: Should we drop the IPv4 packet when DF is set?]

2.4.  Lawful Intercept Considerations

   Because of its IPv4-in-IPv6 tunneling scheme, interception of IPv4
   sessions in DS-Lite architecture must be performed on the AFTR.
   Subjects can be uniquely identified by the IPv6 address assigned to
   the B4 element.  Operator must associate the B4's IPv6 address and
   the public IPv4 address and port used by the subject.

   Monitoring of a single subject may mean statically mapping the
   subject to a certain range of ports on a single IPv4 address, to
   remove the need to follow dynamic port mappings.  A single IPv4
   address, or some range of ports for each address, might be set aside
   for monitoring purposes to simplify such procedures.  This requires
   to create a static mapping of a B4 element's IPv6 address to an IPv4
   address that used for lawful intercept.

2.5.  Logging at the AFTR

   The timestamped logging is essential for tracing back specific users
   when a problem is identified from the outside of the AFTR.  Such a
   problem is usually a misbehaving user in the case of a spammer or a
   DoS source, or someone violating a usage policy.  Without time-
   specific logs of the address and port mappings, a misbehaving user
   stays well hidden behind the AFTR.

   In DS-Lite framework, each B4 element is given a unique IPv6 address.
   The AFTR uses this IPv6 address to identify the B4 element.  Thus,
   the AFTR must log the B4's IPv6 address and the IPv4 information.
   There are two types of logging: (1) Source-Specific Log and (2)
   Destination-Specific Log. For Source-Specific Log, the AFTR must
   timestamped log the B4's IPv6 address, transport protocol, source
   IPv4 address after NAT-ed, and source port.  If a range of ports is
   dynamically assigned to a B4 element, the AFTR may create one log per
   range of ports to aggregate number of log entries.  For Destination-
   Specific Log, the AFTR must timestamped log the B4's IPv6 address,
   transport protocol, source IPv4 address after NAT-ed, source port,
   destination address and destination port.  The AFTR must log every



Lee, et al.              Expires March 12, 2012                 [Page 4]

Internet-Draft    Deployment Considerations for DS-Lite   September 2011


   session from the B4 elements.  No log aggregation can be performed.
   When using Destination-Specific Log, the operator must be careful of
   the large number of log entries created by the AFTR.

2.6.  Blacklisting a shared IPv4 Address

   AFTR is a NAT device.  It shares a single IPv4 address with multiple
   users.  [I-D.ietf-intarea-shared-addressing-issues] discusses many
   considerations when sharing address.  When a pubic IPv4 address is
   blacklisted, this may affect multiple users and there is no effective
   way for the B4 element to notify the AFTR an IP address is
   blacklisted.  It is recommended the server must no longer rely solely
   on IP address to identify an abused user.  The server should combine
   the information stored in the transport layer (e.g. source port) and
   application layer (e.g.  HTTP) to identify an abused user.
   [I-D.boucadair-intarea-nat-reveal-analysis] analyzes different
   approaches to identify a user in a shared address environment.

2.7.  AFTR's Policies

   There are two types of AFTR polices: (1) Outgoing Policies and (2)
   Incoming Policies.  The outgoing policies must be implemented on the
   AFTR's internal interface connected to the B4 elements.  The policies
   may include ACL and QoS settings.  For example: the AFTR may only
   accept B4's connections originated from the IPv6 prefixes provisioned
   in the AFTR.  The AFTR may also give priority to the packets marked
   by certain DSCP values.  The AFTR may also limit the rate of port
   creation from a single B4's IPv6 address.  Outgoing policies could be
   applied to individual B4 element or a set of B4 elements.

   The incoming policies must be implemented on the AFTR's external
   interface connected to the IPv4 network.  Similar to the outgoing
   policies, the policies may include ACL and QoS settings.  Incoming
   policies are usually more general and globally applied to all users
   rather than individual user.

2.8.  AFTR Impacts on Accounting Process in Broadband Access

   DS-Lite introduces challenges to IPv4 accounting process.  In a
   typical DSL/Broadband access scenario where the Residential Gateway
   (RG) is acting as a B4 element, the BNAS is the IPv6 edge router
   which connects to the AFTR.  The BNAS is normally responsible for
   IPv6 accounting and all the subscriber manager functions such as
   authentication, authorization and accounting.  However, given the
   fact that IPv4 traffic is encapsulated into an IPv6 packet at the B4
   level and only decapsulated at the ATFR level, the BNAS can't do the
   IPv4 accounting without examining the inner packet.  AFTR is the next
   logical place to perform IPv4 accounting, but it will potentially



Lee, et al.              Expires March 12, 2012                 [Page 5]

Internet-Draft    Deployment Considerations for DS-Lite   September 2011


   introduce some additional complexity because the AFTR does not have
   detailed customer identity information.

   The accounting process at the AFTR level is only necessary if the
   Service Provider requires separate per user accounting records for
   IPv4 and IPv6 traffic.  If the per user IPv6 accounting records,
   collected by the BNAS, are sufficient, the additional complexity to
   be able to implement IPv4 accounting at the ATFR level is not
   required.  It is important to consider that, since the IPv4 traffic
   is encapsulated in IPv6 packets, the data collected by the BNAS for
   IPv6 traffic already contain the total amount of traffic (i.e.  IPv6
   plus IPv4).

   Even if detailed accounting records collection for IPv4 traffic may
   not be required, in some scenarios it would be useful for a Service
   Provider, to have inside the RADIUS Accounting packet, generated by
   the BNAS for the IPv6 traffic, a piece of information that can be
   used to identify the AFTR that is handling the IPv4 traffic for that
   user.  This can be achieved by adding into the IPv6 accounting
   records the RADIUS attribute information specified in
   [I-D.ietf-softwire-dslite-radius-ext]

2.9.  Reliability Considerations of AFTR

   The service provider can use techniques to achieve high availability
   such as various types of clusters to ensure availability of the IPv4
   service.  High availability techniques include the cold standby mode.
   In this mode the AFTR states are not replicated from the Primary AFTR
   to the Backup AFTR.  When the Primary AFTR fails, all the existing
   established sessions will be flushed out.  The internal hosts are
   required to re-establish sessions to the external hosts.  Another
   high availability option is the hot standby mode.  In this mode the
   AFTR keeps established sessions while failover happens.  AFTR states
   are replicated from the Primary AFTR to the Backup AFTR.  When the
   Primary AFTR fails, the Backup AFTR will take over all the existing
   established sessions.  In this mode the internal hosts are not
   required to re-establish sessions to the external hosts.  The final
   option is to deploy a mode in between these two whereby only selected
   sessions such as critical protocols are replicated.  Criteria for
   sessions to be replicated on the backup would be explicitly
   configured on the AFTR devices of a redundancy group.

2.10.  Strategic Placement of AFTR

   The public IPv4 addresses are pulled away from the customer edge to
   the outside of the centralized AFTR where many customer networks can
   share a single public IPv4 address.  The AFTR architecture design is
   mostly figuring out the strategic placement of each AFTR to best use



Lee, et al.              Expires March 12, 2012                 [Page 6]

Internet-Draft    Deployment Considerations for DS-Lite   September 2011


   the capacity of each public IPv4 address without oversubscribing the
   address or overtaxing the AFTR itself.

   AFTR is a tunnel concentrator, B4 traffic must pass through the AFTR
   to reach the IPv4 Internet.  Managing tunnels and NAT could be
   resource intensive, so the placement of the AFTR would affect the
   traffic flows in the access network and have operation implications.
   In general, there are two placements to deploy AFTR.  Model One is to
   deploy the AFTR in the edge of network to cover a small region.
   Model Two is to deploy the AFTR in the core of network to cover a
   large region.

   When the operator consider where to deploy the AFTR, they must make
   trade-offs.  AFTR in Model One serves few B4 elements, thus, it
   requires less powerful AFTR.  Moreover, the traffic flows are more
   evenly distributed to the AFTRs.  However, it requires to deploy more
   AFTRs to cover the entire network.  Often the operation cost
   increases proportionally to the number of network equipment.  AFTR in
   Model Two covers larger area, thus, it serves more B4 elements.  The
   operator could deploy only few AFTRs in the strategic locations to
   support the entire subscriber base.  However, this model requires
   more powerful AFTR to sustain the load at peak hours.  Since the AFTR
   would support B4 elements from different regions, the AFTR would be
   deployed deeper in the network and steer more traffic flows to the
   network where the AFTR is located.

   DS-Lite framework can be incrementally deployed.  An operator may
   consider to start with Model Two. When the demand increases, they
   could push the AFTR closer to the edge which would effectively become
   Model One.

2.11.  AFTR Considerations for Geographically Aware Services

   By centralizing public IPv4 addresses, each address no longer
   represents a single machine, a single household, or a single small
   office.  The address now represents hundreds of machines, homes, and
   offices related only in that they are behind the same AFTR.
   Identification by IP address becomes more difficult and thus
   applications that assume such geographic information may not work as
   intended.

   Various applications and services will place their servers in such a
   way to locate them near sets of user so that this will lessen the
   latency on the client end.  In addition, having sufficient
   geographical coverage can indirectly improve end-to-end latency.  An
   example is that nameservers typically return results optimized for
   the DNS resolver's location.  Deployment of AFTR could be done in
   such a way as not to negatively impact the geographical nature of



Lee, et al.              Expires March 12, 2012                 [Page 7]

Internet-Draft    Deployment Considerations for DS-Lite   September 2011


   these services.  This can be done by making sure that AFTR
   deployments are geographically distributed so that existing
   assumptions of the clients source IP address by geographically aware
   servers can be maintained.  Another possibility the application could
   rely on location information such as GPS co-ordination to identify
   the user's location.  This technique is commonly used in mobile
   deployment where the mobile devices are probably behind a NAT device.

2.12.  Impacts on QoS

   As with tunneling in general there are challenges with deep packet
   inspection with DS-Lite for purposes of QoS.  Service Providers
   commonly uses DSCP to classify and prioritize different types of
   traffic.  DS-Lite tunnel can be seen as particular case of uniform
   conceptual tunnel model described in section 3.1 of [RFC2983].  The
   uniform model views an IP tunnel as just a necessary mechanism to get
   traffic to its destination, but the tunnel has no significant impact
   on traffic conditioning.  In this model, any packet has exactly one
   DS Field that is used for traffic conditioning at any point and it is
   the field in the outermost IP header.  In DS-Lite model this is the
   Traffic Class field in IPv6 header.  According to [RFC2983]
   implementations of this model copy the DS value to the outer IP
   header at encapsulation and copy the outer header's DSCP value to the
   inner IP header at decapsulation.  Applying the described model to
   DS-Lite scenario, it is recommended that the AFTR propagates the DSCP
   value in the IPv4 header to the IPv6 header after the encapsulation
   for the downstream traffic and, in the same way, the B4 propagates
   the DSCP value in the IPv4 header to the IPv6 header after the
   encapsulation for the upstream traffic.

2.13.  Port Forwarding Considerations

   Some applications require accepting incoming UDP or TCP traffic.
   When the remote host is on IPv4, the incoming traffic will be
   directed towards an IPv4 address.  Some applications use (UPnP-IGD)
   (e.g., XBox) or ICE [I-D.ietf-mmusic-ice] (e.g., SIP, Yahoo!, Google,
   Microsoft chat networks), other applications have all but completely
   abandoned incoming connections (e.g., most FTP transfers use passive
   mode).  But some applications rely on ALGs, UPnP IGD, or manual port
   configuration.  Port Control Protocol (PCP) [I-D.ietf-pcp-base] is
   designed to address this issues.

2.14.  DS-Lite Tunnel Security

   Section 11 of [I-D.ietf-softwire-dual-stack-lite] describes security
   issues associated to DS-Lite mechanism.  One of the recommendations
   contained in this section, in order to limit service offered by AFTR
   only to registered customers, is to implement IPv6 ingress filter on



Lee, et al.              Expires March 12, 2012                 [Page 8]

Internet-Draft    Deployment Considerations for DS-Lite   September 2011


   the AFTR's tunnel interface to accept only the IPv6 address range
   defined in the filter.  This approach requires to know in advance the
   IPv6 prefix delegated to the customers in order to be able to
   configure the filter.

   An alternative way to achieve the same goal and to provide some form
   of access control to the DS-Lite tunnel, is to use DHCPv6 Leasequery
   defined in [RFC5007].  When the AFTR receives a packet from an
   unknown (new) prefix it issues a DHCPv6 Leasequery based on IPv6
   address to the DHCPv6 server in order to verify if that prefix was
   previously delegated by the DHCPv6 server to that specific client.
   The DHCPv6 Server will reply with the delegated prefix and the
   associated lease.  If the two prefix are the same the ATFR accepts
   the packet otherwise it drops it and it denies the service.

2.15.  IPv6-only Network considerations

   In environments where the service provider wants to deploy AFTR in
   the IPv6 core network, the AFTR nodes may not have direct IPv4
   connectivity.  In this scenario the service provider extends the
   IPv6-only boundary to the border of the network and only the border
   routers have IPv4 connectivity.  For both scalability and performance
   purposes AFTR capabilities are located in the IPv6-only core closer
   to B4 elements.  The service provider assigns only IPv6 prefixes to
   the B4 capable devices but also continues to provide IPv4 services to
   these customers.  In this scenario the AFTR has only IPv6-
   connectivity and must be able to send and receive IPv4 packets.
   Enhancements to the DS-LITE AFTR are required to achive this.
   [I-D.boucadair-softwire-dslite-v6only] describes such issues and
   enhancements to DS-Lite in IPv6-only deployments.


3.  B4 Deployment Considerations

   In order to configure the IPv4-in-IPv6 tunnel, the B4 element needs
   the IPv6 address of the AFTR element.  This IPv6 address can be
   configured using a variety of methods, ranging from an out-of-band
   mechanism, manual configuration or a variety of DHCPv6 options.  In
   order to guarantee interoperability, a B4 element should implement
   the DHCPv6 option defined in
   [I-D.ietf-softwire-ds-lite-tunnel-option].  The DHCP server must be
   reachable via normal DHCP request channels from the B4, and it must
   be configured with the AFTR address.  In Broadband Access scenario
   where AAA/RADUIS is used for provisioning user profiles in the BNAS,
   [I-D.ietf-softwire-dslite-radius-ext] may be used.  BNAS will learn
   the AFTR address from the RADIUS attribute and act as the DHCPv6
   server for the B4s.




Lee, et al.              Expires March 12, 2012                 [Page 9]

Internet-Draft    Deployment Considerations for DS-Lite   September 2011


3.1.  DNS deployment Considerations

   [I-D.ietf-softwire-dual-stack-lite] recommends configuring the B4
   with a DNS proxy resolver, which will forward queries to an external
   recursive resolver over IPv6.  Alternately, the B4 proxy resolver can
   be statically configured with the IPv4 address of an external
   recursive resolver.  In this case, DNS traffic to the external
   resolver will be tunneled through IPv6 to the AFTR.  Note that the B4
   must also be statically configured with an IPv4 address in order to
   source packets; the draft recommends an address in the 192.0.0.0/29
   range.  Even more simply, you could eliminate the DNS proxy, and
   configure the DHCP server on the B4 to give its clients the IPv4
   address of an external recursive resolver.  Because of the extra
   traffic through the AFTR, and because of the need to statically
   configure the B4, these alternate solutions are likely to be
   unsatisfactory in a production environment.  However, they may be
   desirable in a testing or demonstration environment.


4.  Security Considerations

   This document does not present any new security issues.
   [I-D.ietf-softwire-dual-stack-lite] discusses DS-Lite related
   security issues.  General NAT security issues are not repeated here.

   Some of the security issues with carrier-grade NAT result directly
   from the sharing of the routable IPv4 address.  Addresses and
   timestamps are often used to identify a particular user, but with
   shared addresses, more information (i.e., protocol and port numbers)
   is needed.  This impacts software used for logging and tracing spam,
   denial of service attacks, and other abuses.  Devices on the
   customers side may try to carry out general attacks against systems
   on the global Internet or against other customers by using
   inappropriate IPv4 source addresses inside tunneled traffic.  The
   AFTR needs to protect against such abuse.  One customer may try to
   carry out a denial of service attack against other customers by
   monopolizing the available port numbers.  The AFTR needs to ensure
   equitable access.  At a more sophisticated level, a customer may try
   to attack specific ports used by other customers.  This may be more
   difficult to detect and to mitigate without a complete system for
   authentication by port umber, which would represent a huge security
   requirement.


5.  Conclusion

   DS-Lite provides new functionality to transition IPv4 traffic to IPv6
   addresses.  As the supply of unique IPv4 addresses diminishes,



Lee, et al.              Expires March 12, 2012                [Page 10]

Internet-Draft    Deployment Considerations for DS-Lite   September 2011


   service providers can now allocate new subscriber homes IPv6
   addresses and IPv6-capable equipment.  DS-Lite provides a means for
   the private IPv4 addresses behind the IPv6 equipment to reach the
   IPv4 network.

   This document discusses the issues that arise when deploying DS-Lite
   in various deployment modes.  Hence, this document can be a useful
   reference for service providers and network designers.  Deployment
   considerations of the B4, AFTR and DNS have been discussed and
   recommendations for their usage have been documented.


6.  Acknowledgement

   TBD


7.  IANA Considerations

   This memo includes no request to IANA.


8.  References

8.1.  Normative References

   [I-D.ietf-pcp-base]
              Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P.
              Selkirk, "Port Control Protocol (PCP)",
              draft-ietf-pcp-base-13 (work in progress), July 2011.

   [I-D.ietf-softwire-ds-lite-tunnel-option]
              Hankins, D. and T. Mrugalski, "Dynamic Host Configuration
              Protocol for IPv6 (DHCPv6) Option for Dual- Stack Lite",
              draft-ietf-softwire-ds-lite-tunnel-option-10 (work in
              progress), March 2011.

   [I-D.ietf-softwire-dslite-radius-ext]
              Maglione, R. and A. Durand, "RADIUS Extensions for Dual-
              Stack Lite", draft-ietf-softwire-dslite-radius-ext-06
              (work in progress), August 2011.

   [I-D.ietf-softwire-dual-stack-lite]
              Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
              Stack Lite Broadband Deployments Following IPv4
              Exhaustion", draft-ietf-softwire-dual-stack-lite-11 (work
              in progress), May 2011.




Lee, et al.              Expires March 12, 2012                [Page 11]

Internet-Draft    Deployment Considerations for DS-Lite   September 2011


   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC4925]  Li, X., Dawkins, S., Ward, D., and A. Durand, "Softwire
              Problem Statement", RFC 4925, July 2007.

   [RFC5007]  Brzozowski, J., Kinnear, K., Volz, B., and S. Zeng,
              "DHCPv6 Leasequery", RFC 5007, September 2007.

8.2.  Informative References

   [I-D.boucadair-intarea-nat-reveal-analysis]
              Boucadair, M., Touch, J., Levis, P., and R. Penno,
              "Analysis of Solution Candidates to Reveal a Host
              Identifier in Shared Address Deployments",
              draft-boucadair-intarea-nat-reveal-analysis-04 (work in
              progress), September 2011.

   [I-D.boucadair-softwire-dslite-v6only]
              Boucadair, M., Jacquenet, C., Grimault, J., Kassi-Lahlou,
              M., Levis, P., Cheng, D., and Y. Lee, "Deploying Dual-
              Stack Lite in IPv6 Network",
              draft-boucadair-softwire-dslite-v6only-01 (work in
              progress), April 2011.

   [I-D.ietf-intarea-server-logging-recommendations]
              Durand, A., Gashinsky, I., Lee, D., and S. Sheppard,
              "Logging recommendations for Internet facing servers",
              draft-ietf-intarea-server-logging-recommendations-04 (work
              in progress), April 2011.

   [I-D.ietf-intarea-shared-addressing-issues]
              Ford, M., Boucadair, M., Durand, A., Levis, P., and P.
              Roberts, "Issues with IP Address Sharing",
              draft-ietf-intarea-shared-addressing-issues-05 (work in
              progress), March 2011.

   [I-D.ietf-mmusic-ice]
              Rosenberg, J., "Interactive Connectivity Establishment
              (ICE): A Protocol for Network Address Translator (NAT)
              Traversal for Offer/Answer Protocols",
              draft-ietf-mmusic-ice-19 (work in progress), October 2007.

   [I-D.ietf-v6ops-ipv6-cpe-router]
              Singh, H., Beebee, W., Donley, C., Stark, B., and O.
              Troan, "Basic Requirements for IPv6 Customer Edge
              Routers", draft-ietf-v6ops-ipv6-cpe-router-09 (work in
              progress), December 2010.



Lee, et al.              Expires March 12, 2012                [Page 12]

Internet-Draft    Deployment Considerations for DS-Lite   September 2011


   [I-D.xu-behave-stateful-nat-standby]
              Xu, X., Boucadair, M., Lee, Y., and G. Chen, "Redundancy
              Requirements and Framework for Stateful Network Address
              Translators (NAT)",
              draft-xu-behave-stateful-nat-standby-06 (work in
              progress), October 2010.

   [RFC1918]  Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
              E. Lear, "Address Allocation for Private Internets",
              BCP 5, RFC 1918, February 1996.

   [RFC2983]  Black, D., "Differentiated Services and Tunnels",
              RFC 2983, October 2000.

   [RFC3056]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains
              via IPv4 Clouds", RFC 3056, February 2001.

   [RFC3484]  Draves, R., "Default Address Selection for Internet
              Protocol version 6 (IPv6)", RFC 3484, February 2003.

   [RFC5569]  Despres, R., "IPv6 Rapid Deployment on IPv4
              Infrastructures (6rd)", RFC 5569, January 2010.


Authors' Addresses

   Yiu L. Lee
   Comcast
   One Comcast Center
   Philadelphia, PA  19103
   U.S.A.

   Email: yiu_lee@cable.comcast.com
   URI:   http://www.comcast.com


   Roberta Maglione
   Telecom Italia
   Via Reiss Romoli 274
   Torino  10148
   Italy

   Email: roberta.maglione@telecomitalia.it
   URI:







Lee, et al.              Expires March 12, 2012                [Page 13]

Internet-Draft    Deployment Considerations for DS-Lite   September 2011


   Carl Williams
   MCSR Labs
   Philadelphia
   U.S.A.

   Email: carlw@mcsr-labs.org


   Christian Jacquenet
   France Telecom
   Rennes
   France

   Email: christian.jacquenet@orange-ftgroup.com


   Mohamed Boucadair
   France Telecom
   Rennes
   France

   Email: mohamed.boucadair@orange-ftgroup.com





























Lee, et al.              Expires March 12, 2012                [Page 14]