INTERNET DRAFT C. Huitema Microsoft January 10, 2003 R. Austein Expires July 10, 2003 Bourgeois Dilettant R. van der Pol NLnet Labs Unmanaged Networks IPv6 Transition Scenarios Status of this memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract In order to evaluate the suitability of transition mechanisms, we need to define the scenarios in which these mechanisms have to be used. One specific scope is the "unmanaged networks", which typically correspond to home networks or small office networks. 1 Introduction In order to evaluate the suitability of transition mechanisms, we need to define the environment or scope in which these mechanisms have to be used. One specific scope is the "unmanaged networks", which typically correspond to home networks or small office networks. 2 Topology The typical unmanaged network is composed of a single subnet, connected to the Internet through a single Internet Service Provider (ISP)connection. Several hosts are connected to the subnet: Huitema et al. [Page 1] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 +------+ | Host +--+ +------+ | | +------+ | | Host +--+ +-------------- +------+ | | : +-----+ : +---------+ | | +--+ Gateway +------| ISP | Internet : +---------+ | | : +-----+ +------+ | | | Host +--+ +-------------- +------+ | | +------+ | | Host +--+ +------+ Between the subnet and the ISP access link is a gateway, which may or may not perform NAT and firewall function. A key point of this configuration is that the gateway is typically not "managed". In most cases, it is a simple "appliance", which incorporates some static policies. There are however many cases in which the gateway is procured and configured by the ISP, and there are also some common cases in which we find two back to back gateways, one managed by the ISP and the other added by the owner of the unmanaged network. The access link between the unmanaged network and the ISP can be either static, i.e. a permanent connection, or dynamically established, i.e. a dial-up or ISDN connection. In a degenerate case, an unmanaged network can be constituted of a single host, directly connected to an ISP. 3 Applications Users may use or wish to use the unmanaged network services in four types of applications: local, client, servers and peer-to-peers. These applications may or may not run easily on today's network: their status vary. 3.1 Local applications Local applications are meant to only involve the hosts that are part of the unmanaged network. Typical examples are the sharing of file or printers. Local applications work effectively in IPv4 unmanaged networks, even Huitema et al. [Page 2] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 when the gateway performs NAT or firewall function. In fact, firewall services at the gateway are often deemed desirable, as they isolate the local applications from interference by Internet users. 3.2 Client applications Client applications are those that involve a client on the unmanaged network and a server at a remote location. A typical example is accessing a web server from a client inside the unmanaged network, or reading and sending e-mail with the help of a server outside the unmanaged network. Local applications tend to work correctly in IPv4 unmanaged networks, even when the gateway performs NAT or firewall function: these translation and firewall functions are precisely designed to enable client applications. 3.3 Peer-to-peer applications There are two kinds of peer-to-peer applications, the "local peer- to-peer" that only involve hosts on the unmanaged network, and the "remote peer-to-peer" that involve both hosts on the unmanaged network and hosts outside the network. We will only consider here the "remote peer-to-peer" applications, as the local peer-to-peer applications are a subset of the "local applications." Peer-to-peer applications are a restricted subset of the server applications, in which the services are only meant to be used by well identified peers outside the unmanaged network. These applications are often facilitated by a server outside the unmanaged networks. Examples of a peer-to-peer application would be a video- conference over IP, facilitated by a SIP server, or a distributed game application, facilitated by a "game lobby". Peer-to-peer applications often don't work well in unmanaged IPv4 networks. Application developers often have to enlist the help of a "relay server", to effectively restructure the peer-to-peer connection in two back-to-back client/server connections. 3.4 Server applications Server applications involve running a server in the unmanaged network, for use by other parties outside the network. Examples would be running a web server or an e-mail server on one of the hosts inside the unmanaged network. Deploying these servers in most unmanaged IPv4 networks requires some special programming of the NAT or firewall, and is more complex when the NAT only publishes a small number of global IP addresses and relies on "port translation". In the common case in which the NAT manages exactly one global IP address and relies on "port translation", a given external port can only be used by one internal Huitema et al. [Page 3] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 server. Deploying servers usually requires providing the servers with a stable DNS name, and associating the global IPv4 address of the nat/firewall with that name. Since updating DNS is a management task, it somewhat falls outside the scope of an unmanaged network. On the other hand, it is also possible to use out-of-band techniques, such as cut-and-paste into an instant message system, to pass around the address of the target server. 4 Application requirements of an IPv6 unmanaged network As we transition to IPv6, we must meet the requirements of the various applications, which we can summarize in the following way: the applications that used to work well with IPv4 should continue working well during the transition; it should be possible to use IPv6 to deploy new applications that are currently hard to deploy in IPv4 networks; the deployment of these IPv6 applications should be simple and easy to manage. The application requirements are expressed in mostly three dimensions: connectivity, naming, and security. Connectivity issues include the provision of IPv6 addresses and their quality: do host need a global scope address, should this address be stable, or more precisely what should be the expected lifetime of the address. Naming issues include the management of names for the hosts: do hosts need a DNS-name, is inverse name resolution a requirement. Security issues include possible restriction to connectivity, privacy concerns, and generally speaking the security of the applications. 4.1 Requirements of local applications Local applications require local connectivity. They must continue working even if the unmanaged network is isolated from the Internet. Local applications typically use ad hoc naming systems. Many of these systems are proprietary; an example of standard system is the service location protocol (SLP). The security of local applications is enhanced if these applications can be effectively isolated from the global Internet. 4.2 Requirements of client applications Client applications require global connectivity. In an IPv6 network, we would expect the client to use a global IPv6 address, which will have to remain stable for the duration of the client-server session. Client applications typically use the domain name system to locate servers. In an IPv6 network, the client must be able to locate a DNS server. Huitema et al. [Page 4] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 Many servers try to look up a DNS name associated to the IP address of the client. In an IPv4 network, this IP address will often be allocated by the Internet service provider to the gateway, and the corresponding PTR record will be maintained by the ISP. In most cases, these PTR records are perfunctory, derived in an algorithmic fashion from the IPv4 address; the main information that they contain is the domain name of the ISP. Whether or not an equivalent function should be provided in an IPv6 network is unclear. 4.2.1 Privacy requirement of client applications We may debate whether the IPv6 networking service should be engineered to enhance the privacy of the clients, and specifically whether the support of RFC 3041 should be required. RFC 3041 enables hosts to pick IPv6 addresses in which the host identifier is randomized; this was designed to make sure that the IPv6 addresses and the host identifier cannot be used to track the Internet connections of a device's owner. Many observe that randomizing the host identifier portion of the address is only a half measure. If the unmanaged network address prefix remains constant, the randomization only hides which host in the unmanaged network originates a given connection, e.g. the children's computer versus their parents'. This would place the privacy rating of such connections on a par with that of IPv4 connections originating from an unmanaged network in which a NAT manages a static IPv4 address; in both case, the IPv4 address or the IPv6 prefix can be used to identify the unmanaged network, e.g. the specific home from which the connection originated. Randomization of the host identifier does however provide benefits. First, if some of the hosts in the unmanaged network are mobile, the randomization destroys any correlation between the addresses used at various locations: the addresses alone could not be used to determine whether a given connection originates from the same laptop moving from work to home, or used on the road. Second, the randomization removes any information that could be extracted from a hardwired host identifier; for example, it will prevent outsiders to correlate a serial number with a specific brand of expensive electronic equipment, and to use this information for planning marketing campaigns or possibly burglary attempts. Randomization of the addresses is indeed not sufficient to guarantee privacy. Usage can be tracked by a variety of other means, from application level "cookies" to complex techniques involving data mining and traffic analysis. However, just because privacy can be breached by other means is not a sufficient reason to enable additional tracking through IPv6 addresses. Randomization of the host identifier has some cost: the address management in hosts is more complex for the hosts and the gateway Huitema et al. [Page 5] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 may have to maintain a larger cache of neighbor addresses; however, experience from existing implementation shows that these costs are not overwhelming. Given the limited benefits, it would be unreasonable to require that all hosts use privacy addresses; however, given the limited costs, it is reasonable to require that all unmanaged network allow use of privacy addresses by those hosts who so choose. 4.3 Requirements of peer-to-peer applications Peer-to-peer applications require global connectivity. In an IPv6 network, we would expect the peers to use a global IPv6 address, which will have to remain stable for the duration of the peer-to- peer between client and server. Peer-to-peer applications often use ad hoc naming systems, sometimes derived from an "instant messaging" service. Many of these systems are proprietary; an example of standard system is the session initiation protocol (SIP). In these systems, the peers register their presence to a "rendezvous" server, using a name specific to the service; the case of SIP, they would use a SIP URL, of the form "sip:user@example.com". A peer to peer session typically starts by an exchange of synchronization messages through the rendezvous servers, during which the peers exchange the addresses that will be used for the session. There are multiple aspects to the security of peer-to-peer applications, many of which relate to the security of the rendezvous system. If we assume that the peers have been able to safely exchange their IPv6 addresses, the main security requirement is the capability to safely exchange data between the peers, without interference by third parties. Private conversations with developers of peer-to-peer applications showed that many would be willing to consider an "IPv6-only" model if they can get two guarantees: 1) That there is no regression from IPv4, i.e. that all customers that could participate in a peer-to-peer application using IPv4 can also be reached by IPv6. 2) That IPv6 provides a solution for at least some of their hard problems, i.e. enabling peers located behind an IPv4 NAT to participate in a peer-to-peer application. Requiring IPv6 connectivity for a popular peer-to-peer application could create what economists refer to as a "network effect", which in turn could significantly speed up the deployment of IPv6. 4.4 Requirements of server applications Server applications require global connectivity, which in an IPv6 Huitema et al. [Page 6] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 network implies global addresses. Server applications normally rely on the publication of the server's address in the DNS. This, in turns, requires that the server be provisioned with a "global DNS name". The DNS entries for the server will have to be updated, preferably in real time, if the server's address changes. In practice, updating the DNS is slow, which implies that server applications will have a better chance of being deployed if the IPv6 addresses remain stable for a long period. The security of server applications depends mostly on the correctness of the server, and also on the absence of collateral effects: many incidents occur when the opening of a server on the Internet inadvertently enables remote access to some other services on the same host. 5 Stages of IPv6 deployment The deployment of IPv6 over time is expected to proceed from an initial state in which there is little or no deployment, to a final stage in which we might retire the IPv4 infrastructure. We expect this process to stretch over several years; we also expect it to not be synchronized, as different parties involved will deploy IPv6 at different pace. In order to get some clarity, we distinguish three entities involved in the transition of an unmanaged network: the ISP (possibly including ISP CPE), the home gateway and the hosts (computers and appliances). Each can support IPv4-only, both IPv4 and IPv6 or IPv6-only. That gives us 27 possibilities. We describe the most important cases. We will consider that in all cases the hosts are a combination of IPv4-only, dual stack and IPv6-only hosts. The cases we will consider are: A) Gateway does not provide IPv6 B) ISP and gateway are dual stack C) Gateway is IPv6 capable, dual stack, ISP is not D) ISP is IPv6-only The case where the ISP is IPv6 capable but the gateway is not is similar to case A. 5.1 Case A, host deployment of IPv6 applications In this case the gateway doesn't provide IPv6; the ISP may or may not provide IPv6, but this is not relevant, since the non-upgraded gateway would prevent the hosts from using the ISP service. Some hosts will try to get IPv6 connectivity, in order to run applications that require IPv6, or work better with IPv6. Huitema et al. [Page 7] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 5.1.1 Application support in Case A The focus of Case A is to enable communication between a host on the unmanaged network and some IPv6-only hosts outside of the network. The primary focus in the immediate future, i.e. for the early adopters of IPv6, will be peer-to-peer applications. However, as IPv6 deployment progresses, we will likely find a situation where some networks have IPv6-only services deployed, at which point we would like case A client applications to be able to access those services. Local applications are not a primary focus of Case A. At this stage, we expect all clients in the unmanaged network to have either IPv4 only or dual stack support. Local applications can continue working using IPv4. Server applications are also not a primary focus of Case A. Server applications require DNS support, which is difficult to engineer for clients located behind a NAT. Besides, server applications, at this stage, cater mostly to IPv4 clients; putting up an IPv6-only server is not very attractive. In contrast, peer-to-peer applications are both attractive and easy to deploy: they are deployed in a coordinated fashion as part of a peer-to-peer network, which means that hosts can all receive some form of IPv6 upgrade; they often provide their own naming infrastructure, in which case they are not dependent on DNS services. 5.1.2 Addresses and connectivity in Case A We saw in 5.1.1 that a primary motivation for the deployment of IPv6 connectivity in hosts is participation to peer-to-peer applications, and also to IPv6-only client applications. These applications require that all participating nodes get some form of IPv6 connectivity, i.e. at least one globally reachable IPv6 address. The mechanism to provide connectivity to peers behind NAT should be easy to deploy, and light weight; it will have to involve tunneling over UDP, as this is the practical way to traverse a NAT. If servers are needed, these servers will in practice have to be deployed as part of the "support infrastructure" for the peer-to-peer network or for an IPv6 based service; economic reality implies that the cost of running these servers should be as low as possible. 5.1.3 Naming services in Case A At this phase of IPv6 deployment, hosts in the unmanaged domain have access to DNS services over IPv4, through the existing gateway. DNS resolvers are supposed to serve AAAA records, even if they only implement IPv4; the local hosts should thus be able to obtain the IPv6 addresses of IPv6-only servers. Huitema et al. [Page 8] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 Reverse lookup is hard to provide if the gateway is not upgraded. This is a potential issue for client applications. Some servers require a reverse lookup as part of accepting a client's connection, and may require that the direct lookup of the corresponding name matches the IPv6 address of the client. There is thus a requirement to either provide a reverse lookup solution, or make sure that IPv6 servers do not require reverse lookup. 5.2 Case B, IPv6 connectivity with provider support In this case the ISP and gateway are dual stack. The gateway can use native IPv6 connectivity to the ISP and use an IPv6 prefix allocated by the ISP. 5.2.1 Application support in Case B If the ISP and the gateway are dual-stack, client applications, peer-to-peer applications and server applications can all be enabled easily on the unmanaged network. We expect the unmanaged network to include three kinds of hosts: IPv4 only, IPv6-only, and dual stack. Obviously, dual stack hosts can interact easily with either IPv4 only hosts or IPv6-only hosts, but an IPv4 only host and an IPv6-only host cannot communicate without a third party performing some kind of translation service. Our analysis concludes that unmanaged networks should not have to provide such translation services. The argument for providing translation services is that their availability would accelerate the deployment of IPv6-only devices, and thus the transition to IPv6. This is however a dubious argument, since it can also be argued that the availability of these translation services will reduce the pressure to provide IPv6 at all, and to just continue fielding IPv6-only devices. The remaining pressure to provide IPv6 connectivity would just be the difference in "quality of service" between a translated exchange and a native interconnect. The argument against translation service is the difficulty of providing these services for all applications, compared to the relative ease of installing dual stack solutions in an unmanaged network. Translation services can be provided either by application relays such as HTTP proxies, or by network level services such as NAT-PT. Application relays pose several operational problems: first, one must develop relays for all applications; second, one must develop a management infrastructure to provision the host with the addresses of the relays; in addition, the application may have to be modified if one wants to use the relay selectively, e.g. only when direct connection is not available. Network level translation poses similar problems: in practice, network level actions must be complemented by "application layer gateways" that will rewrite references to IP addresses in the protocol, and these relays tend to Huitema et al. [Page 9] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 be necessary for every application; hosts may need to be parameterized to use the translation service; and designing the right algorithm to decide when to translate DNS requests has proven very difficult. Not assuming translation services in the network appears both more practical and more robust. If the market requirement for a new device requires that it interacts with both IPv4 and IPv6 hosts, we may expect the manufacturers of these devices to program them with a dual stack capability; in particular, we expect general purpose systems such as personal computers to be effectively dual-stack. The only devices that are expected to be capable of only supporting IPv6 are those who are designed for specific applications, which do not require interoperation with antique IPv4-only systems. We also observe that providing both IPv4 and IPv6 connectivity in an unmanaged network is not particularly difficult; indeed there is a well established experience of using IPv4 in these networks in parallel with other protocols such as for example IPX. 5.2.2 Addresses and connectivity in Case B In Case B, the upgraded gateway will behave as an IPv6 router; it will continue providing the IPv4 connectivity of a non-upgraded NAT. Nodes in the local network will obtain: - IPv4 natted addresses, - IPv6 link local addresses, - IPv6 global addresses. The hosts could also obtain IPv6 site local addresses, if the gateway advertises a site local prefix. This is as debatable: site local addresses provide some isolation to site local application from network connectivity events and network based attacks; however, managing non unique addresses can be problematic if some local hosts are multi-homed, as is common with VPN connections. To enable this scenario, the gateway need to use a mechanism obtain a global address prefix from the ISP, and advertise this address prefix to the hosts in the unmanaged network; several solutions will be assessed in a companion memo [EVAL]. 5.2.3 Naming services in Case B At this phase of IPv6 deployment, hosts in the unmanaged domain have access to DNS services through the gateway. As the gateway and the ISP both support IPv4 and IPv6, these services may be accessible by the IPv4 only hosts using IPv4, by the IPv6-only hosts using IPv6, and by the dual stack hosts using either. Currently, IPv4 only hosts discover the IPv4 address of the local DNS server using DHCP; there must be a way for IPv6-only hosts to discover the IPv6 address of the DNS server. Huitema et al. [Page 10] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 There must be a way to resolve the name of local hosts to their IPv4 or IPv6 addresses. Typing auto-configured IPv6 addresses in a configuration file is impractical; this implies either some form of dynamic registration of IPv6 addresses in the local service, or a dynamic address discovery mechanism. Possible solutions will be compared in the evaluation draft. The requirement to support server applications in the unmanaged network implies a requirement to publish the IPv6 addresses of local servers in the DNS. There are multiple solutions, including variations of domain name delegation. If we want to provide efficient reverse lookup functions, delegation of a fraction of the ip6.arpa tree is also required. The response to a DNS request should not depend of the protocol with which the request is transported: dual-stack hosts may indifferently use IPv4 or IPv6 to contact the local resolver; the choice of IPv4 or IPv6 will be random; the value of the response should not depend of a random event. 5.3 Case C, IPv6 connectivity without provider support In this case the gateway is IPv6 capable, dual stack, the ISP is not. The gateway has been upgraded and offers both IPv4 and IPv6 connectivity the hosts. It cannot rely on the ISP for IPv6 connectivity, because the ISP does not offer ISP connectivity yet. 5.3.1 Application support in Case C Application support in case C should be identical to that of case B. 5.3.2 Addresses and connectivity in Case C The upgraded gateway will behave as an IPv6 router; it will continue providing the IPv4 connectivity of non-upgraded NAT. Nodes in the local network will obtain: - IPv4 natted addresses, - IPv6 link local addresses, - IPv6 global addresses. The clients could also obtain IPv6 site local addresses, if the gateway advertises a site local prefix; this raises the same issues already discussed in case B. There are two ways to bring immediate IPv6 connectivity on top of an IPv4 only infrastructure: automatic tunnels provided by the [6TO4] technology, or configured tunnels. Both technologies have advantages and limitations, which will be studied in a companion document. 5.3.3 Naming services in Case C Huitema et al. [Page 11] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 The local naming requirements in case C are identical to the local naming requirements of case B, with two differences: delegation of domain names, and management of reverse lookup queries. A delegation of some domain name is required in order to publish the IPv6 addresses of servers in the DNS. As the ISP does not provide support for IPv6 in case C, the delegation mechanism will have to be provided independently of the IP connectivity mechanism. A specific mechanism for handling reverse lookup queries will be required if the gateway uses a dynamic mechanism such as 6to4 to obtain a prefix independently of any IPv6 ISP. 5.4 Case D, ISP stops providing native IPv4 connectivity In this case the ISP is IPv6-only, so the gateway looses IPv4 connectivity, and is faced with an IPv6-only service provider. The gateway itself is dual stack, and the unmanaged network includes IPv4 only, IPv6-only and dual stack hosts. Any interaction between hosts in the unmanaged network and IPv4 hosts on the Internet will require the provision of some inter-protocol services by the ISP. 5.4.1 Application support in Case D At this phase of the transition, IPv6 hosts can perform all types of applications with other IPv6 hosts. IPv4 hosts in the unmanaged network will be able to perform local applications with IPv4 or dual stack local hosts. As in case B, we will assume that IPv6-only hosts will not interact with IPv4-only hosts, either local or remote. We must however assume that IPv4-only hosts and dual stack hosts will desire to interact with IPv4 services available on the Internet: the inability to do so would place the IPv6-only provider at a great commercial disadvantage compared to other Internet service providers. There are three possible ways that an ISP can provide hosts in the unmanaged network with access to IPv4 application: by using a set of application relays, by providing an address translation service, or by providing IPv4-over-IPv6 tunnels. Our analysis concludes that a tunnel service will be vastly preferable. We already mentioned the drawbacks of the application gateway approach when analyzing case B: it is necessary to provide relays for all applications, to develop a way to provision the hosts with the addresses of these relays, and to modify the applications so that they will only use the relays when needed. We also observe that in an IPv6-only ISP the application relays would only be accessible over IPv6, and would thus not be accessible by the "legacy" IPv4- only hosts. The application relay approach is thus not very attractive. Huitema et al. [Page 12] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 Providing a network address and protocol translation service between IPv6 and IPv4 would also have many drawbacks. As in case B, it will have to be complemented by "application layer gateways" that will rewrite references to IP addresses in the protocol; hosts may need to be parameterized to use the translation service; and we would have to solve DNS issues. In addition, in an IPv6-only ISP, an IPv6- to-IPv4 translation service would not be accessible by legacy IPv4- only hosts through the IPv6 only ISP service. The network level protocol translation service appears to not be very desirable. The proper alternative to application relays and network address translation is the provision of an IPv4-over-IPv6 service. 5.4.2 Addresses and connectivity in Case D The ISP assigns an IPv6 prefix to the unmanaged network, so hosts have a global IPv6 address and use it for global IPv6 connectivity. This will require delegation of an IPv6 address prefix, as investigated in case C. To enable IPv4 hosts and dual stack host to access remote IPv4 services, the ISP must provide the gateway with at least one IPv4 address, using some form of IPv4-over-IPv6 tunneling. Once such addresses have been provided, the gateway effectively acquires dual- stack connectivity; for hosts inside the unmanaged network, this will be indistinguishable from the connectivity obtained in case B or C. 5.4.3 Naming services in Case D The loss of IPv4 connectivity has a direct impact on the provision of naming services. An obvious consequence is the gateway will have to be provisioned with the address of a DNS server and with other DNS parameters, and that this provisioning will have to use IPv6 mechanisms. Another consequence is that the DNS service in the gateway will only be able to use IPv6 connectivity to resolve queries; if local hosts perform DNS resolution autonomously, they will have the same restriction. On the surface, this seems to indicate that the local hosts will only be able to resolve names if the domain servers are accessible through an IPv6 address documented in a AAAA record. However, the DNS services are just one case of "IPv4 servers accessed by IPv6 hosts": it should be possible to simply send queries through the address translation services to reach the IPv4 only servers. The gateway should be able to act as a "DNS proxy" for the remaining IPv4 only hosts. 6 Security Considerations Huitema et al. [Page 13] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 Security considerations are discussed as part of the applications' requirements. They include: - the guarantee that local applications are only used locally, - the protection of the privacy of clients - the requirement that peer-to-peer connections are only used by authorized peers. 7 IANA Considerations This memo does not include any request to IANA. 8 Copyright The following copyright notice is copied from RFC 2026 [Bradner, 1996], Section 10.4, and describes the applicable copyright for this document. Copyright (C) The Internet Society July 12, 2001. All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 9 Intellectual Property The following notice is copied from RFC 2026 [Bradner, 1996], Section 10.4, and describes the position of the IETF concerning intellectual property claims made against this document. The IETF takes no position regarding the validity or scope of any Huitema et al. [Page 14] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 intellectual property or other rights that might be claimed to pertain to the implementation or use other technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. 10 Acknowledgements This draft has benefited from extensive reviews by Tony Hain, Suresh K Satapati, and Margaret Wasserman. 11 References [EVAL] Evaluation of Transition Mechanisms for Unmanaged Networks, work in progress. 12 Authors' Addresses Christian Huitema Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 Email: huitema@microsoft.com Rob Austein Email: sra@hactrn.net Ronald van der Pol Email: Ronald.vanderPol@surfnet.nl Huitema et al. [Page 15] INTERNET DRAFT Unmanaged Networks IPv6 scenarios January 10, 2003 Table of Contents: 1 Introduction .................................................... 1 2 Topology ........................................................ 1 3 Applications .................................................... 2 3.1 Local applications ............................................ 2 3.2 Client applications ........................................... 3 3.3 Peer-to-peer applications ..................................... 3 3.4 Server applications ........................................... 3 4 Application requirements of an IPv6 unmanaged network ........... 4 4.1 Requirements of local applications ............................ 4 4.2 Requirements of client applications ........................... 4 4.2.1 Privacy requirement of client applications .................. 5 4.3 Requirements of peer-to-peer applications ..................... 6 4.4 Requirements of server applications ........................... 6 5 Stages of IPv6 deployment ....................................... 7 5.1 Case A, host deployment of IPv6 applications .................. 7 5.1.1 Application support in Case A ............................... 8 5.1.2 Addresses and connectivity in Case A ........................ 8 5.1.3 Naming services in Case A ................................... 8 5.2 Case B, IPv6 connectivity with provider support ............... 9 5.2.1 Application support in Case B ............................... 9 5.2.2 Addresses and connectivity in Case B ........................ 10 5.2.3 Naming services in Case B ................................... 10 5.3 Case C, IPv6 connectivity without provider support ............ 11 5.3.1 Application support in Case C ............................... 11 5.3.2 Addresses and connectivity in Case C ........................ 11 5.3.3 Naming services in Case C ................................... 11 5.4 Case D, ISP stops providing native IPv4 connectivity .......... 12 5.4.1 Application support in Case D ............................... 12 5.4.2 Addresses and connectivity in Case D ........................ 13 5.4.3 Naming services in Case D ................................... 13 6 Security Considerations ......................................... 13 7 IANA Considerations ............................................. 14 8 Copyright ....................................................... 14 9 Intellectual Property ........................................... 14 10 Acknowledgements ............................................... 15 11 References ..................................................... 15 12 Authors' Addresses ............................................. 15 Huitema et al. [Page 16]