ipngwg Internet Draft Shi. Li Document: draft-lishi-ipngwg-dbnetlayer-00.txt China Telecom Expires: September 2014 March 2014 Double Network Layer solution as IPng Abstract This document describes a new proposal for IPng. Compared to IPv6, this proposal has bigger address space, and most importantly, is HIGHLY COMPATIBLE with IPv4. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 17, 2014. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Li Expires - September 2014 [Page 1] Double Network Layer solution as IPng March 2014 carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction................................................... 3 2. Solution: Double network layer................................. 3 2.1 Protocol stack............................................. 3 2.2 Complete forwarding scenes of the new protocol............. 4 2.3 Domain name resolve solution............................... 8 3. Upgrade routine................................................ 8 3.1 Carrier's network.......................................... 8 3.2 Users' hosts............................................... 9 4. TCP/DN/IP vs IPv6.............................................. 9 5. Peroration.................................................... 10 6. Security Considerations....................................... 10 7. References.................................................... 10 8. Acknowledgments............................................... 10 Author's Addresses............................................... 10 Li Expires - September 2014 [Page 2] Double Network Layer solution as IPng March 2014 1. Introduction The Internet is approaching a situation in which the current IP address space is no longer adequate for global addressing and routing. The replacing solution - Ipv6, is proved to be difficult to promote in the past 20 years. The reason is obviously because it is incompatible with IPv4. This is because IPv6 extends address space in the IP layer, so all layer 3 and above devices must be upgraded. This influences too much devices which are running very well, and need too much investment and time to achieve this. Rational carriers tend to dig the potential of existing devices rather than replacing them with devices supporting IPv6. This document describes a completely new proposal which extends address space from a newly added network layer. By doing this, not only the address space is extended, but also the new protocol is highly compatible with IPv4. In this proposal, only very few devices are required to upgrade, most L3 devices need not to. And, the upgrade can be very smooth. 2. Solution: Double network layer 2.1 Protocol stack +-------+----------------------+-----------------------+ | Layer | Content | Key Information | +-------+----------------------+-----------------------+ | 6 | (HTTP/FTP/...) | | +-------+----------------------+-----------------------+ | 5 |(TCP/UDP/ICMP/IGMP...)| Dst&Src ports | New Network +=======+======================+=======================+ Layer --->> | 4 | Domain Name | Dst&Src domain names | +=======+======================+=======================+ | 3 | IP | Dst&Src IP addresses | +-------+----------------------+-----------------------+ | 2 | Data Link Layer | | +-------+----------------------+-----------------------+ | 1 | Physical Layer | | +-------+----------------------+-----------------------+ Figure 1 TCP/DN/IP protocol stack We add a new layer just above the IP layer, put destination and source hosts' domain names inside as the key information. New protocol stack with domain name layer is shown in Figure 1. Because Li Expires - September 2014 [Page 3] Double Network Layer solution as IPng March 2014 original protocol is known as TCP/IP, here we simply name the new protocol as TCP/DN/IP (DN=Domain Name). The new protocol uses domain name as the unique destination on Internet. The Domain Name routers divide the IP network into multiple separated areas, just like the IP routers divide the Ethernet into multiple separated areas. Here we call each separated IP network as an 'IP domain'. IP addresses can be re-allocated in different IP domain. Thus we have enough addresses to use (far more than IPv6). Because the IP layer is not touched, this protocol is highly compatible with TCP/IP, which means that most routers in current Internet need NOT to be upgraded. 2.2 Complete forwarding scenes of the new protocol A. host visits host outside current IP domain +------------------------Global Domain(.)---------------------------+ | | | +------------------------------------+ | | | Global Domain DNS | | | +------------------------------------+ | | ^|7 | ^ | | || | | | | || +----------------+ | | | | 4|| | 8 | 5| |6 | | |v | v v | | | +--------+ +--------+ +--------+ +--------+ | | +--| CN DNS |-| CN DNR | --+ +-- | US DNR |-| US DNS |--+ | | | +--------+ +--------+ | | +--------+ +--------+ | | | | ^ | ^ | | | ^ | ^ | | | +---| | | | |---| | | |9 | |10 |-----+ | 1| |2 3| | | 11| | +-----+ | | | | | | | | | +------------+ | | | v | | | v | | +-----------------+ | | +-----------------+ | | | host.cn | | | | host.us | | | +-----------------+ | | +-----------------+ | | | | | +----China domain (cn.)----+ +------US domain (us.)-----+ Figure 2 visit across IP domains There are 3 separate IP domains in Figure 2: the Global Domain (.), the China domain (cn.), and the US domain (us.). Each domain has entire IP address space. Different IP domains don't interwork in IP layer. Domain Name Routers (DNR) forward packets between IP domains. Li Expires - September 2014 [Page 4] Double Network Layer solution as IPng March 2014 Each DNS server belongs to its respective IP domain. Some root DNS servers are located at the edge of the IP domain, because the queries may come from both inside and outside. a) If the query comes from inside and queries for inside host, returns the host's IP; b) If the query comes from inside and queries for outside host, returns the DNR's inside IP; c) If the query comes from outside and queries for inside host, return the DNR's outside IP. Upgraded hosts register type DNA (Domain Name Address) resources in DNS, map to IP addresses. Un-upgraded hosts only have type A resources. Here is a complete process about how host.cn sends packets to host.us: a) Host.cn fills the destination field in domain name layer with 'host.us' b) Host.cn sends a query to DNS server of China domain, queries for type DNA resource of host.us c) DNS server finds host.us is an outside host, so returns the IP of the Domain Name Router of CN domain(CN DNR) d) Host.cn gets the result, fills the destination field in IP layer with it, and then sends the packet out. e) CN DNR queries the IP of host.us in the Global Domain. DNS returns US DNR IP CN DNR replaces the IP destination field with it, and sends the packet to US DNR; f) US DNR get the packet, queries the IP of host.us inside the .us domain, replaces the IP destination field with the result, and sends the packet to host.us successfully. Advantages: a) Because IP layer is not modified, L3 devices inside IP domains needn't to be upgraded. To carriers, such devices accounted for the vast majority; b) DNS servers need to be upgraded, but its amount is very limited. c) Routers on the edge (equivalent to the international export for a long time) need to be upgraded to DNR, but its amount is also very limited. Li Expires - September 2014 [Page 5] Double Network Layer solution as IPng March 2014 B. Upgraded host visits un-upgraded outside host A)NAT +------------------------Global Domain(.)---------------------------+ | | | +------------------------------------+ | | | Global Domain DNS | | | +------------------------------------+ | | ^|5 | | || | | || +----------------+ | | 4|| | 6 | | | |v | v | | +--------+ +--------+ +------------+ | | +--| CN DNS |-| CN DNR | --+ | server.com | | | | +--------+ +--------+ | +------------+ | | | ^ | ^ | | +---| | | | |------------------------------------+ | 1| |2 3| | | | | | | | | v | | | +-----------------+ | | | host.cn | | | +-----------------+ | | | +----China domain (cn.)----+ Figure 3 visit outside un-upgraded host In figure 3 the host 'server.com' in the Global Domain is not upgraded. Here are the steps how host.cn visits it: Steps a)-c) are the same as in section 3.2.A d) CN DNR gets the packet, queries DNS for the IP of server.com. The DNS returns only type A resource (no type DNA resource), so the DNR knows that the target host hasn't been upgraded. Then the DNR turns into NAT mode, maps (TCP/DN/IP) domainname:port to (TCP/IP) IP:port. This proposal should be regarded as a transitional proposal, an optional feature of the DNR. Enabling this feature may consume more DNR resources. B)VPN Usually, most requirements can be met by the NAT proposal. But, some special applications may encounter the ALG problems, resulted in unsuccessful connection. In such case, the user can choose the VPN proposal: Li Expires - September 2014 [Page 6] Double Network Layer solution as IPng March 2014 1. User connects to the PPTP VPN Server in Global Domain via TCP/DN/IP and obtains a valid IP address of Global Domain. Now the user can access any hosts inside Global domain via TCP/IP. 2. After the VPN connection's establishing, the host has two IP addresses from two different IP domains. This may lead to some confusion. I suggest using the protocol stack to distinguish between the two. That is, enable only TCP/DN/IP in the physical interface, and enable only TCP/IP in the VPN interface, each with independent routing table. C. inside domain A)Un-upgraded host visits inside host 1. HostA.cn(un-upgraded host) sends a DNS query to the DNS server, queries for the IP of hostB.cn (type A) 2. DNS server finds that the target is inside current domain, then just returns the IP or hostB.cn 3. hostA.cn communicate with HostB.cn using TCP/IP In this scenario, no matter HostB.cn has been upgraded or not, HostA.cn can communicate with HostB.cn using TCP/IP. B)Upgraded host visits hosts inside domain 1. HostA.cn(upgraded host) sends a query to DNS server, queries for the IP of HostB.cn (type DNA) 2. DNS server finds the target host is inside domain, should returns the IP or HostB.cn a) If there is type DNA resource of HostB.cn, this means HostB.cn has been upgraded, returns the IP in type DNA; b) If there is only type A resource of HostB.cn, which means HostB.cn hasn't been upgraded, returns the IP in type A. 3. HostA.cn gets the reply from DNS a) If the IP is in type DNA, hostA.cn knows that the target host has been upgraded, uses TCP/DN/IP to communicate with it. b) If the IP is in type A, hostA.cn knows that the target host hasn't been upgraded, uses TCP/IP to communicate with it. C)Un-upgraded host visits host outside current domain 1. HostA.cn(un-upgraded host) sends a query to DNS server, querying for the IP in type A of HostB.us 2. DNS server finds the target host is outside domain, and the source host hasn't been upgraded (because it queries type A resource), returns the web server's IP to lead the host to upgrade. 3. If HostA.cn is opening the web page on the target, it will open the webpage leading to upgrade. Li Expires - September 2014 [Page 7] Double Network Layer solution as IPng March 2014 2.3 Domain name resolve solution A)Fixed domain name Add a new resource type - DNA (Domain Name Address) - into DNS. Set the value to the IP address of the upgraded host. After a host has been upgraded, it should add a type DNA resource into DNS. Thus the others can determine whether the host has been upgraded or not. B)Auto-configuration for dynamically accessed hosts We can see from the previous routing and forwarding process that, to be able to be properly addressed, each host requires a domain name. The majority of broadband users are dynamically assigned IP addresses. And if we want to assign domain name to them, the DHCP system should be adjusted. This will affect too much devices. A solution about auto-configuration domain name for hosts: 1. Add local domain's name into local DNS system (for example, add ".cn" into the DNS system of domain .cn); 2. The upgraded host connects to the network, applies IP address and DNS servers via DHCP (for example, gets 192.0.2.10 as IP); 3. If succeed, queries local domain's name via DNS (DNS returns ".cn"); 4. Converts the IP to HEX-style string, and quotes it with "[ ]" (we get "[C000020A]" here). This is used as the host part of the domain name. 5. Combine the host part and the domain part to get the whole domain name (in this example, it's "[C000020A].cn"). When a TCP/DN/IP host wants to map a domain name to IP address, it should firstly check whether the target domain name are in the same IP domain with itself. If yes, see whether the left part is in above style. If still yes, just parses the IP from it. In other case, queries IP via DNS. Following this proposal, the carriers needn't modifying their DHCP servers, and the amount of queries sent to DNS servers are also reduced greatly. 3. Upgrade routine 3.1 Carrier's network A)Network devices Carriers need to the following jobs: a. Transform the DNS Li Expires - September 2014 [Page 8] Double Network Layer solution as IPng March 2014 a) If inside hosts are queried, returns the IPs of the hosts; if outside hosts are queried, returns the IPs of corresponding DNR; b) The root domain name server of the domain should be set on the border of the domain (should has interfaces on both sides) b. Upgrade the routers on domain border to DNR B)Home Gateway HGs need no upgrading, can simply disable NAT and work in L3 routing mode. Because the amount of HG is huge, compared with IPv6, this specification of this proposal can save too much investment and time. 3.2 Users' hosts The users should upgrade their OS and applications. These upgrades are based on software and should be simple. We omit them here. 4. TCP/DN/IP vs IPv6 It is now widely recognized that IPv6 will be the next-generation Internet protocol. We compare TCP/DN/IP and IPv6 here: A) addressing basis IPv6: Globally unique 128-bit address TCP/DN/IP: Globally unique domain name, Inside domain unique IPv4 address is available B) Address space IPv6: 2^128=3.4*10^38 TCP/DN/IP: >>10^96 C) Compatibility IPv6: Incompatible TCP/DN/IP: High compatibility. Hosts in same domain continue working without upgrading. IPv4 network needn't to be closed. L3 routers inside domains need no upgrading. Up-upgraded hosts cannot cross domain, but upgrade is easy when needed. D) Migration enthusiasm Li Expires - September 2014 [Page 9] Double Network Layer solution as IPng March 2014 IPv6: Carriers invest too much, but nothing rewarded; Upgraded users will find only very few resources in the new network and dislike it, and there are big obstacle to visit resources in original IPv4 network. So the users tend to don't move. TCP/DN/IP: Carriers invest very few. Upgraded users can continually visit any resources in original IPv4 network. Only un-upgraded users will find they cannot visit resources outside its domain, but the upgrade is based on software and is easy. 5. Peroration TCP/DN/IP seems to be a very good solution for IPng: bigger address space (even bigger than IPv6), highly compatible with IPv4 (and thus, easy and smooth upgrading, etc) This document is just a very brief framework about the new proposal, and the author hopes more people will accept this solution, and jointly promote this solution to mature. Thanks. 6. IANA Considerations IANA is required to add a new resource type 'DNA' into DNS, and the value should be set to a IPv4 address. 7. Security Considerations TBD. 8. References 8.1 Normative References [RFC 1034] P. Mockapetris, "DOMAIN NAMES - CONCEPTS AND FACILITIES", RFC-1034, November 1987 8.2 Informative References 9. Acknowledgments Author's Addresses Shi Li China TeleCom Email: lishi@sttri.com.cn Li Expires - September 2014 [Page 10]