Network Working Group C. Liu Internet-Draft Q. Sun Intended status: Standards Track J. Wu Expires: January 1, 2015 Tsinghua University June 30, 2014 Dynamic IPv4 Provisioning for Lightweight 4over6 draft-liu-softwire-lw4over6-dhcp-deployment-02 Abstract Lightweight 4over6 [I-D.ietf-softwire-lw4over6] is an IPv4 over IPv6 hub and spoke mechanism that provides overlay IPv4 services in an IPv6-only access network. Provisioning IPv4 addresse and port set to customers is the core function of Lightweight 4over6 control plane. [I-D.ietf-softwire-lw4over6] illustrates how to use DHCPv6 for deterministic IPv4 provisioning. This document discusses how to provision IPv4 parameters by using dynamic IPv4 provisioning protocols such as DHCPv4 over DHCPv6 [I-D.ietf-dhc-dhcpv4-over-dhcpv6]. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 1, 2015. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Liu, et al. Expires January 1, 2015 [Page 1] Internet-Draft lw4over6 dynamic provisioning June 2014 carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Dynamic Provisioning Considerations . . . . . . . . . . . . . 3 3.1. lwB4 IPv6 Addressing . . . . . . . . . . . . . . . . . . 3 3.2. lwB4 Tunnel Source Address . . . . . . . . . . . . . . . 4 3.3. Working with SLAAC . . . . . . . . . . . . . . . . . . . 4 3.4. lwAFTR Binding Table Maintenance . . . . . . . . . . . . 4 4. Working with DHCPv4 over DHCPv6 . . . . . . . . . . . . . . . 5 4.1. IP Addressing . . . . . . . . . . . . . . . . . . . . . . 5 4.2. DHCPv6 Configuration . . . . . . . . . . . . . . . . . . 5 4.3. DHCPv4 over DHCPv6 Function . . . . . . . . . . . . . . . 6 4.4. Port Set Consideration . . . . . . . . . . . . . . . . . 6 4.5. lwAFTR Binding Table Maintenance . . . . . . . . . . . . 7 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 7.2. Informative References . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 1. Introduction Lightweight 4over6 [I-D.ietf-softwire-lw4over6] provides IPv4 access over IPv6 network in hub-and-spoke softwire architecture. In Lightweight 4over6, each Lightweight B4 (lwB4) is assigned with a port-restricted public IPv4 address or a full public IPv4 address to be used for IPv4 communication. Provisioning IPv4 address, port set and other IPv4 parameters to lwB4 is the core function of the Lightweight 4over6 control plane. It can be achieved by several protocols, such as DHCPv6 [RFC3315] [I-D.ietf-softwire-map-dhcp], DHCPv4 over DHCPv6 [I-D.ietf-dhc-dhcpv4-over-dhcpv6] , and PCP [RFC6887]. [I-D.ietf-softwire-lw4over6] illustrates how to use DHCPv6 for deterministic IPv4 provisioning. The IPv4 address and port set id (PSID) are carried in DHCPv6 options through DHCPv6 queries. However, the deterministic IPv4 provisioning adds some restrictions for addressing and deployment: the IPv4 lease time needs to be bound to the IPv6 lease time; the IPv4 address and PSID need to be embedded into clients' /128 IPv6 address so the client can not use arbitrary Liu, et al. Expires January 1, 2015 [Page 2] Internet-Draft lw4over6 dynamic provisioning June 2014 /128 IPv6 address. It's not necessary to pre-install the binding between IPv4/IPv6 addresses through using dynamic IPv4 provisioning protocols such as DHCPv4 and PCP. Since DHCPv4 is unable to work in native IPv6 network directly, DHCPv4 over DHCPv6 [I-D.ietf-dhc-dhcpv4-over-dhcpv6] is proposed to support DHCPv4 functionality in IPv6 network by transporting DHCPv4 messages over DHCPv6 message. [I-D.ietf-dhc-dynamic-shared-v4allocation] describes how to allocate port set to clients using DHCPv4 over DHCPv6. PCP [RFC6887] also supports dynamic address and ports provisioning. [I-D.ietf-pcp-port-set] describes how port set is allocated to the lwB4. This document discusses how to deploy Lightweight 4over6 using dynamic IPv4 provisioning protocols as the IPv4 provisioning protocol and analyses the benefit of using dynamic provisioning methods. 2. Terminology Terminology defined in [I-D.ietf-dhc-dhcpv4-over-dhcpv6] and [I-D.ietf-softwire-lw4over6] is used extensively in this document. 3. Dynamic Provisioning Considerations [I-D.ietf-softwire-lw4over6] describes the behavior of lwB4 and lwAFTR using DHCPv6 as provisioning protocol. It is based on a pre- determined binding relationship between IPv6 prefix and IPv4 address + PSID. This section discusses the issues produced by deterministic provisioning and how they could be solved by dynamic IPv4 provisioning. 3.1. lwB4 IPv6 Addressing In section 5.1 of [I-D.ietf-softwire-lw4over6], it requires the lwB4 to embed its IPv4 address and PSID into its tunnel source IPv6 address. The reason to do this is that the binding relationship between IPv4/IPv6 addresses is pre-determined before the lwB4 requires IPv4/IPv6 addresses. Although the ISP can decide which IPv6 prefix for lwB4 to use, it can not decide the lwB4's IPv6 suffix before IPv6 provisioning actually happens. When a lwAFTR receives an downstream IPv4 packet from Internet, it needs to construct the /128 IPv6 address of the lwB4 as the tunnel destination address and then encapsulate the packet. However since the binding table in lwAFTR is generated before IPv4 provisioning, the lwB4's IPv6 suffix is unknown by looking up the binding table. So it is solved by filling IPv4 address and PSID into IPv6 suffix. Liu, et al. Expires January 1, 2015 [Page 3] Internet-Draft lw4over6 dynamic provisioning June 2014 When using dynamic IPv4 provisioning, the binding entry in lwAFTR is generated after IPv4 provisioning process. When lwAFTR is encapsulating a packet, it looks up the binding table, using the destination IPv4 address and port as index, to get the lwB4's /128 IPv6 address. Thus IPv4 address and PSID are not necessary to be filled into IPv6 suffix. There is no restriction on how to generate the lwB4's IPv6 address. 3.2. lwB4 Tunnel Source Address In deterministic IPv4 provisioning, because lwB4's prefixes are pre- determined in lwAFTR's binding table, when lwB4 has multiple prefixes, it needs to perform a longest prefix match to select which prefix to be used as the tunnel source address. A hint prefix is given by DHCPv6 server to tell the lwB4 which prefix looks like the correct one. If the lwB4 chooses a different prefix to be used as the tunnel address, it leads to a tunnel communication error. With dynamic IPv4 provisioning, the tunnel source address is decided by lwB4. lwB4 can choose any of its IPv6 address as long as the address is routable to the lwAFTR. 3.3. Working with SLAAC In deterministic IPv4 provisioning, the lwB4's /64 IPv6 prefix is assigned by ISP, and its /64 IPv6 suffix is filled with its IPv4 address and PSID. If a ISP wants multiple lwB4s to use the same /64 prefix, these lwB4s will run SLAAC to get the prefix. In this case, the upstream router advertises the /64 prefix to multiple lwB4s, then the lwB4s require their own IPv4 address and PSID through DHCPv6 Information-request. However, if the DHCPv6 server is not the upstream next hop of lwB4, it can not get the lifetime of lwB4's IPv6 address, so the DHCPv6 server is unable to recycle the allocated IPv4 addresses. Dynamic IPv4 provisioning works well with SLAAC since the IPv4 lease time is independent from IPv6 address. 3.4. lwAFTR Binding Table Maintenance With dynamic IPv4 provisioning protocol, the lwAFTR's binding table is maintained through IPv4 provisioning process. To update a binding entry, lwB4's IPv6 address (as tunnel address), IPv4 address and PSID are needed. The IPv4 address and PSID are given by the provisioning server (DHCP 4o6 server or PCP server). The lwB4 must provide its /128 IPv6 address. If the IPv4 provisioning is transported in IPv6 unicast packet, the IPv6 source address in packets from lwB4 is used. Otherwise, the lwB4 must provide the IPv6 address in the message body, e.g. in a DHCPv6 option [I-D.fsc-dhc-dhcp4o6-saddr-opt]. Liu, et al. Expires January 1, 2015 [Page 4] Internet-Draft lw4over6 dynamic provisioning June 2014 When lwAFTR is located in the path of the IPv4 provisioning process, it updates its binding table through the provisioning messages. It listens all provisioning messages from provisioning server to lwB4, and updates binding through valid DHCP ACK message and PCP response. When lwAFTR is out of the provisioning path, the provisioning server must indicate the lwAFTR about the binding updates. There are several protocols that support this function, e.g. NETCONF. A standardized data model may be needed, but it's out of the scope of this document. 4. Working with DHCPv4 over DHCPv6 This section describes how DHCPv4 over DHCPv6 is used for Lightweight 4over6 configuration. [I-D.perreault-softwire-lw4over6-pcp] discusses how PCP works with Lightweight 4over6. 4.1. IP Addressing Before starting DHCPv4 over DHCPv6 to achieve IPv4 configuration, lwB4 MUST be configured with an IPv6 address. There's no restrictions on how IPv6 address is provisioned. The configured IPv6 address is used for IPv6 tunnelling and DHCPv4 over DHCPv6 process. The address that lwB4 chooses MUST be routable to the DHCP 4o6 server. The softwire provider is free to provide any IPv4 address for a lwB4. There's no restrictions on IPv6/IPv4 addressing, e.g. scattered IPv4 addresses can be used, and IPv4 address/PSID are not embeded into IPv6 addres. 4.2. DHCPv6 Configuration Before lwB4 runs DHCPv4 over DHCPv6 to get IPv4 address and port set, lwB4 SHOULD run DHCPv6 to achieve the IPv6 address of lwAFTR and the IPv6 address of DHCP 4o6 server. lwB4 puts the option code of OPTION_S46_CONT_LW and OPTION_DHCP4_O_DHCP6_SERVER in the Option Request Option (ORO) of its DHCPv6 queries. If the DHCPv6 server decides to provide DHCPv4 over DHCPv6 service for the lwB4, it MUST reply the lwB4 with a 4o6 Server Address Option, and a S46 BR Option inside a Softwire46 LightWeight 46 Container Option. If the 4o6 Server Address Option is present in the response, the DHCPv6 server MUST NOT reply any S46 Port Parameters Option or S46 IPv4/IPv6 Address Binding Option in the response. It is possible that both stateless (using DHCPv6 for deterministic IPv4 provisioning) and stateful (using DHCPv4 over DHCPv6 for dynamic IPv4 provisioning) lwB4 exist in the same domain, and a DHCPv6 server Liu, et al. Expires January 1, 2015 [Page 5] Internet-Draft lw4over6 dynamic provisioning June 2014 serves both types of lwB4. In this case, when the DHCPv6 server receives a query, it distinguish the client based on whether there is a OPTION_DHCP4_O_DHCP6_SERVER in ORO. If OPTION_DHCP4_O_DHCP6_SERVER is present in ORO, the lwB4 is treated as a stateful lwB4 that asking for DHCPv4 over DHCPv6 service; otherwise it's treated as a stateless lwB4. The DHCPv6 server MAY reply S46 Port Parameters Option and S46 IPv4/IPv6 Address Binding Option to both types of lwB4 if the server is not configued with DHCPv4 over DHCPv6 configuration. In this case the lwB4 is informed to run the stateless configuration mode in [I-D.ietf-softwire-lw4over6]. 4.3. DHCPv4 over DHCPv6 Function The DHCPv4 over DHCPv6 function in lwB4 is disabled by default. During DHCPv6 process, if S46 Port Parameters Option or S46 IPv4/IPv6 Address Binding Option is present in the response from DHCPv6 server, lwB4 SHOULD perform operations in [I-D.ietf-softwire-lw4over6], and MUST NOT run DHCPv4 over DHCPv6 for dynamic IPv4 provisioning. When neither of the two options is present, and 4o6 Server Address Option is present, the lwB4 MUST enables its DHCPv4 over DHCPv6 function to achieve IPv4 address. Regardless of whether S46 Port Parameters Option or S46 IPv4/IPv6 Address Binding Option is present, the lwB4 MAY run stateless DHCPv4 over DHCPv6 (i.e. DHCPINFORM) when 4o6 Server Address Option is present. lwB4 MUST provide its IPv6 tunnel source address in its DHCPv4 over DHCPv6 query. The IPv6 address is provided either by unicasting DHCPv4 over DHCPv6 requests to DHCP 4o6 server, or being put into 4o6 Server Address Option [I-D.fsc-dhc-dhcp4o6-saddr-opt] along with DHCPv4 over DHCPv6 requests. This address is used by lwAFTR as the lwB4's tunnel address. When the lwB4's IPv6 tunnel address is changed, the lwB4 MUST re-initiate its DHCPv4 over DHCPv6 process and provide its updated tunnel address to the server. 4.4. Port Set Consideration lwB4 gets its PSID through DHCPv4 over DHCPv6 along with its IPv4 address. [I-D.ietf-dhc-dynamic-shared-v4allocation] describes how to provision PSID to lwB4 through DHCPv4 over DHCPv6. When sending a DHCPDISCOVER message, lwB4 MUST include OPTION_V4_PORTPARAMS in the Parameter Request List. If the server decides to reply a port-restricted address, it MUST reply OPTION_V4_PORTPARAMS to lwB4. if the server decides to reply a full IPv4 address, it SHOULD NOT reply OPTION_V4_PORTPARAMS in the response. When lwB4 receives DHCPv4 over DHCPv6 response without OPTION_V4_PORTPARAMS, it configures itself with the full IPv4 address as regular DHCPv4 client does. When lwB4 receives a shared IPv4 Liu, et al. Expires January 1, 2015 [Page 6] Internet-Draft lw4over6 dynamic provisioning June 2014 address, the address is used for NAPT and MUST NOT be used to identify the lwB4. 4.5. lwAFTR Binding Table Maintenance lwAFTR maintains its binding table as per section 6.1 of [I-D.ietf-softwire-lw4over6]. The binding table is synchronized with DHCPv4 over DHCPv6 process. The following DHCPv4 over DHCPv6 messages triggers binding table modification: o DHCPACK: Generated by DHCP server, triggers lwAFTR to add a new entry or modify an existing entry. o DHCPRELEASE: Generated by lwB4, triggers lwAFTR to delete an existing entry. When a DHCPACK event received by lwAFTR, the lwAFTR looks up its binding table using the IPv4 address and PSID. If there is an existing entry found, the lwAFTR updates the lifetime and IPv6 address field of the entry; otherwise the lwAFTR creates a new entry accordingly. When a DHCPRELEASE event received by lwAFTR, the lwAFTR looks up its binding table using the IPv6 address, IPv4 address and PSID. The lwAFTR deletes the entry either by removing it from the binding table or mark the lifetime field to an invalid value (e.g. 0). 5. Security Considerations Security considerations in [I-D.ietf-softwire-lw4over6] and [I-D.ietf-dhc-dhcpv4-over-dhcpv6] should be considered. 6. IANA Considerations This document does not include an IANA request. 7. References 7.1. Normative References [I-D.fsc-dhc-dhcp4o6-saddr-opt] Farrer, I., Sun, Q., and Y. Cui, "DHCPv4 over DHCPv6 Source Address Option", draft-fsc-dhc-dhcp4o6-saddr-opt-00 (work in progress), February 2014. Liu, et al. Expires January 1, 2015 [Page 7] Internet-Draft lw4over6 dynamic provisioning June 2014 [I-D.ietf-dhc-dhcpv4-over-dhcpv6] Sun, Q., Cui, Y., Siodelski, M., Krishnan, S., and I. Farrer, "DHCPv4 over DHCPv6 Transport", draft-ietf-dhc- dhcpv4-over-dhcpv6-09 (work in progress), June 2014. [I-D.ietf-dhc-dynamic-shared-v4allocation] Cui, Y., Qiong, Q., Farrer, I., Lee, Y., Sun, Q., and M. Boucadair, "Dynamic Allocation of Shared IPv4 Addresses", draft-ietf-dhc-dynamic-shared-v4allocation-00 (work in progress), April 2014. [I-D.ietf-softwire-lw4over6] Cui, Y., Qiong, Q., Boucadair, M., Tsou, T., Lee, Y., and I. Farrer, "Lightweight 4over6: An Extension to the DS- Lite Architecture", draft-ietf-softwire-lw4over6-10 (work in progress), June 2014. 7.2. Informative References [I-D.ietf-pcp-port-set] Qiong, Q., Boucadair, M., Sivakumar, S., Zhou, C., Tsou, T., and S. Perreault, "Port Control Protocol (PCP) Extension for Port Set Allocation", draft-ietf-pcp-port- set-05 (work in progress), May 2014. [I-D.ietf-softwire-map-dhcp] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, W., Bao, C., leaf.yeh.sdo@gmail.com, l., and X. Deng, "DHCPv6 Options for configuration of Softwire Address and Port Mapped Clients", draft-ietf-softwire-map-dhcp-07 (work in progress), March 2014. [I-D.perreault-softwire-lw4over6-pcp] Xie, C., Perreault, S., and C. Zhou, "Provisioning Lightweight 4over6 (lw4o6) with the Port Control Protocol (PCP)", draft-perreault-softwire-lw4over6-pcp-00 (work in progress), June 2013. [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. [RFC6887] Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P. Selkirk, "Port Control Protocol (PCP)", RFC 6887, April 2013. Liu, et al. Expires January 1, 2015 [Page 8] Internet-Draft lw4over6 dynamic provisioning June 2014 Authors' Addresses Cong Liu Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5822 Email: gnocuil@gmail.com Qi Sun Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5822 Email: sunqi@csnet1.cs.tsinghua.edu.cn Jianping Wu Tsinghua University Department of Computer Science, Tsinghua University Beijing 100084 P.R.China Phone: +86-10-6278-5983 Email: jianping@cernet.edu.cn Liu, et al. Expires January 1, 2015 [Page 9]