INTERNET DRAFT C. Huitema
<draft-ietf-ngtrans-unmanscope-00.txt> Microsoft
Expires December 24, 2002 June 24, 2002
Unmanaged Networks Transition Scope
Status of this memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
The NGTRANS working group is preparing the transition of the
Internet from IPv4 to IPv6 and has devised a number of transition
mechanisms. In order to evaluate the suitability of transition
mechanisms, we need to define the environment or scope in which
these mechanisms have to be used. One specific scope is the
"unmanaged networks", which typically correspond to home networks or
small office networks.
1 Introduction
The NGTRANS working group is preparing the transition of the
Internet from IPv4 to IPv6 and has devised a number of transition
mechanisms. In order to evaluate the suitability of transition
mechanisms, we need to define the environment or scope in which
these mechanisms have to be used. One specific scope is the
"unmanaged network". An unmanaged network consists of a (possibly
large) number of nodes communicating via IP. All nodes are in the
same administrative domain and are used typically by less than ten
persons. Examples of unmanaged networks are home networks or small
office networks.
We present here the characteristics of unmanaged networks that are
important for evaluating transition: their topology, the management
constraints, the applications that must be supported. From these
presentations, we define requirements that must be met in order to
Huitema [Page 1]
INTERNET DRAFT Unmanaged Networks Transition Scope June 24, 2002
support the desirable applications.
2 Topology
The typical unmanaged network is composed of a single subnet,
connected to the Internet through a single Internet Service Provider
(ISP) connection. Several hosts are connected to the subnet:
+------+
| Host +--+
+------+ |
|
+------+ |
| Host +--+ +--------------
+------+ | |
: +-----+
: +---------+ | |
+--+ Gateway +------| ISP | Internet
: +---------+ | |
: +-----+
+------+ | |
| Host +--+ +--------------
+------+ |
|
+------+ |
| Host +--+
+------+
Between the subnet and the ISP access link is a gateway, which may
or may not perform NAT and firewall function [RFC3022]. When the
gateway performs a NAT function, the hosts are typically provided
with "private addresses" [RFC1918]. A key point of this
configuration is that the gateway is typically not "managed". In
most cases, it is a simple "appliance", which incorporates some
static policies.
The access link between the unmanaged network and the ISP can be
either static, i.e. a permanent connection, or dynamically
established, i.e. a dial-up or ISDN connection.
2.1 Degenerated case of the single computer
In a degenerate case, an unmanaged network can be constituted of a
single host, directly connected to an ISP.
3 Management requirement
An important characteristic of unmanaged networks is the absence of
specialized personnel such as IT administrators. Configuration of
the nodes must only be necessary at install time and must be so easy
that most people are able to do it. Possible initial configuration
could be: configuring a name of the node instead of the default one
Huitema [Page 2]
INTERNET DRAFT Unmanaged Networks Transition Scope June 24, 2002
and configuring whether the node should be accessible locally only
or globally. After initial setup no further configuration is needed.
The gateway(s) used should also be plug-and-play.
4 Applications
Users may use or wish to use the unmanaged network services in four
types of applications: local, client, servers and peer-to-peers.
These applications may or may not run easily on today's network; in
particular, when the gateway implement a NAT function, peer-to-peer
and server applications tend to be severely impeded [RFC2993].
4.1 Local applications
Local applications are meant to only involve the hosts that are part
of the unmanaged network. Typical examples are the sharing of file
or printers.
Local applications work effectively in IPv4 unmanaged networks, even
when the gateway performs NAT or firewall function. In fact,
firewall services at the gateway are often deemed desirable, as they
isolate the local applications from interference by Internet users.
4.2 Client applications
Client applications are those that involve a client on the unmanaged
network and a server at a remote location. A typical example is
accessing a web server from a client inside the managed network, or
reading and sending e-mail with the help of a server outside the
managed network.
Local applications tend to work correctly in IPv4 unmanaged
networks, even when the gateway performs NAT or firewall function:
the translation and firewall functions are precisely designed to
enable client applications.
4.3 Peer-to-peer applications
Peer-to-peer applications are a restricted subset of the server
applications, in which the services are only meant to be used by
well identified peers outside the unmanaged network.
Peer-to-peer applications typically use ad hoc naming systems, often
derived from an "instant messaging" service. Many of these systems
are proprietary; and example of standard system is the session
initiation protocol (SIP) [RFC2543]. In these systems, the peers
register their presence to a "rendezvous" service, using a name
specific to the service; the case of SIP, they would use a SIP URL,
of the form "sip:user@example.com"; a peer to peer session typically
starts by an exchange of synchronization messages through the
rendezvous service, during which the peers exchange the addresses
that will be used for the session.
Huitema [Page 3]
INTERNET DRAFT Unmanaged Networks Transition Scope June 24, 2002
In many cases, the rendezvous service is provided by well connected
servers, for example SIP servers; however, there are example of
peer-to-peer systems in which the rendezvous service is effectively
a distributed process, performed by the connected peers without the
help of a central service. Examples of peer-to-peer applications
would be a video-conference over IP, facilitated by a SIP server, a
distributed game application, facilitated by a "game lobby", or file
exchange systems such as "gnutella" that operate without servers.
Peer-to-peer applications require direct communication between
peers, and thus often don't work well in unmanaged IPv4 networks.
The MIDCOM working group is developing solutions that would enable
the real-time opening of "pin-holes" in the NAT or firewall, but the
work is at its early stage and the results uncertain. Application
developers often have to enlist the help of a "relay server", to
effectively restructure the peer-to-peer connection in two back-to-
back connections to a server.
4.4 Server applications
Server applications involve running a server in the unmanaged
network, for use by other parties outside the network. Examples
would be running a web server or an e-mail server on one of the
hosts inside the unmanaged network.
It is difficult to deploy these servers in most unmanaged IPv4
networks as such deployment typically requires some special
programming of the NAT or firewall. Deploying servers also require
providing the servers with a stable DNS name, and associating a
global IPv4 address with that name.
5 Requirement of an IPv6 unmanaged network
As we transition to IPv6, we must meet the requirements of the
various applications, which we can summarize in the following way:
the applications that used to work well with IPv4 should continue
working well during the transition; it should be possible to use
IPv6 to deploy new applications that are currently hard to deploy in
IPv4 networks.
The application requirements are expressed in mostly three
dimensions: connectivity, naming, and security. Connectivity issues
include the provision of IPv6 addresses and their quality: do host
need a global scope address, should this address be stable, or more
precisely what should be the expected lifetime of the address.
Naming issues include the management of names for the hosts: do
hosts need a DNS-name, is inverse name resolution a requirement.
5.1 Requirements of local applications
Local applications require local connectivity. They must continue
Huitema [Page 4]
INTERNET DRAFT Unmanaged Networks Transition Scope June 24, 2002
working even if the unmanaged network is isolated from the Internet.
Local applications typically use ad hoc naming systems. Many of
these systems are proprietary; and example of standard system is the
service location protocol (SLP).
The security of local applications is enhanced if these applications
can be effectively isolated from the global Internet.
5.2 Requirements of client applications
Client applications require connectivity. In an IPv6 network, we
would expect the client to use a global IPv6 address, which will
have to remain stable for the duration of the client-server session.
Client applications typically use the domain name system to locate
servers. In an IPv6 network, the client must be able to locate a DNS
server.
Many servers use "reverse DNS look-up" to locate the "friendly name"
associated to the IP address of the client. In an IPv4 network, this
IP address will typically be allocated by the Internet service
provider to the gateway, and the corresponding PTR record will be
maintained by the ISP. In most cases, these PTR records are
perfunctory, derived in an algorithmic fashion from the IPv4
address; the main information that they contain is the domain name
of the ISP. Whether or not an equivalent function should be provided
in an IPv6 network is unclear.
One of the main security issues with client applications is,
maintaining the privacy of the client. Many gateways are designed to
effectively hide the internal topology of the unmanaged network,
presenting a single IPv4 address for many internal clients. In an
IPv6 network, a similar degree of privacy will have to be
maintained.
5.3 Requirements of peer-to-peer applications
Peer-to-peer applications require connectivity and addressability:
each peer must be able to contact the other peers. In an IPv6
network, we would expect the peers to use a global IPv6 address,
which will have to remain stable for the duration of the peer-to-
peer between client and server.
Because they use ad hoc naming services, peer-to-peer applications
often do not require support from the DNS. In particular, they do
not require that the stations engaged in the peer-to-peer activity
publish their address in a globally available service such as the
DNS.
There are multiple aspects to the security of peer-to-peer
applications, many of which relate to the security of the rendezvous
Huitema [Page 5]
INTERNET DRAFT Unmanaged Networks Transition Scope June 24, 2002
system. If we assume that the peers have been able to safely
exchange their IPv6 addresses, the main security requirement is the
capability to safely exchange data between the peers, without
interference by third parties.
Peer-to-peer applications benefit greatly from "network effects",
which may create a specific requirement during the transition to
IPv6: the developers of these applications will be willing to
consider IPv6 if they can be guaranteed that IPv6 packets will be
able to quickly reach a majority of the Internet nodes.
5.4 Requirements of server applications
Server applications require global connectivity, which in an IPv6
network implies global addresses.
Server applications normally rely on the publication of the server's
address in the DNS. This, in turns, requires that the server be
provisioned with a "global DNS name".
The DNS entries for the server will have to be updated, preferably
in real time, if the server's address changes. In practice, updating
the DNS is slow, which implies that server applications will have a
better chance of being deployed if the IPv6 addresses remain stable
for a long period.
The security of server applications depends mostly on the
correctness of the server, and also on the absence of collateral
effects: many incidents occur when the opening of a server on the
Internet inadvertently enables remote access to some other services
on the same host.
6 Security Considerations
Security considerations are discussed as part of the applications
requirements. They include:
- the guarantee that local applications are only used locally,
- the protection of the privacy of clients
- the requirement that peer-to-peer connections are only used by
authorized peers.
Given the absence of specialized personnel, these security
requirements will have to be met without mandating specific
configurations of the gateway or firewall to fit the needs of
particular applications.
7 IANA Considerations
This memo does not include any request to IANA.
8 Copyright
Huitema [Page 6]
INTERNET DRAFT Unmanaged Networks Transition Scope June 24, 2002
The following copyright notice is copied from RFC 2026 [Bradner,
1996], Section 10.4, and describes the applicable copyright for this
document.
Copyright (C) The Internet Society July 12, 2001. All Rights
Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
9 Intellectual Property
The following notice is copied from RFC 2026 [Bradner, 1996],
Section 10.4, and describes the position of the IETF concerning
intellectual property claims made against this document.
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use other technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances
of licenses to be made available, or the result of an attempt made
to obtain a general license or permission for the use of such
proprietary rights by implementers or users of this specification
can be obtained from the IETF Secretariat.
Huitema [Page 7]
INTERNET DRAFT Unmanaged Networks Transition Scope June 24, 2002
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
10 Acknowledgements
A number of improvements on the initial draft of this memo were
suggested by Ronald van der Pol.
11 References
[RFC1918] Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot,
E. Lear. "Address Allocation for Private Internets", RFC 1918,
February 1996.
[RFC2993] T. Hain. "Architectural Implications of NAT," RFC 2993,
November 2000.
[RFC3022] P. Srisuresh, K. Egevang. "Traditional IP Network Address
Translator (Traditional NAT)", RFC 3022, January 2001.
[RFC2543] M. Handley, H. Schulzrinne, E. Schooler, J. Rosenberg "SIP:
Session Initiation Protocol", RFC 2543, March 1999.
12 Authors' Addresses
Christian Huitema
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
Email: huitema@microsoft.com
Huitema [Page 8]
INTERNET DRAFT Unmanaged Networks Transition Scope June 24, 2002
Table of Contents:
1 Introduction .................................................... 1
2 Topology ........................................................ 2
2.1 Degenerated case of the single computer ....................... 2
3 Management requirement .......................................... 2
4 Applications .................................................... 3
4.1 Local applications ............................................ 3
4.2 Client applications ........................................... 3
4.3 Peer-to-peer applications ..................................... 3
4.4 Server applications ........................................... 4
5 Requirement of an IPv6 unmanaged network ........................ 4
5.1 Requirements of local applications ............................ 4
5.2 Requirements of client applications ........................... 5
5.3 Requirements of peer-to-peer applications ..................... 5
5.4 Requirements of server applications ........................... 6
6 Security Considerations ......................................... 6
7 IANA Considerations ............................................. 6
8 Copyright ....................................................... 6
9 Intellectual Property ........................................... 7
10 Acknowledgements ............................................... 8
11 References ..................................................... 8
12 Authors' Addresses ............................................. 8
Huitema [Page 9]