Network Working Group N. Matsuhira Internet-Draft Fujitsu Limited Intended status: Informational July 6, 2011 Expires: January 7, 2012 Applicability of Stateless automatic IPv4 over IPv6 Tunneling (SA46T) draft-matsuhira-sa46t-applicability-02 Abstract This document provide IPv6 transition scenario using Stateless Automatic IPv4 over IPv6 Tunneling (SA46T) and applicability of SA46T. SA46T is just one of automatic tunnling technologies, so there are several usage with SA46T. This document shows such possible applicability. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 7, 2012. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of Matsuhira Expires January 7, 2012 [Page 1] Internet-Draft SA46T applicability July 2011 publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. IPv6 Transition scenario with SA46T . . . . . . . . . . . . . 3 3. Applicability of SA46T . . . . . . . . . . . . . . . . . . . . 6 3.1. IPv6 only backbone network . . . . . . . . . . . . . . . . 6 3.2. IPv4 VPNs over IPv6 backbone network . . . . . . . . . . . 7 3.3. IPv4 address reuse over IPv6 backbone network . . . . . . 7 3.4. IPv4 address separation in Data Center . . . . . . . . . . 9 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 7.1. Normative References . . . . . . . . . . . . . . . . . . . 9 7.2. Informative References . . . . . . . . . . . . . . . . . . 10 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 10 Matsuhira Expires January 7, 2012 [Page 2] Internet-Draft SA46T applicability July 2011 1. Introduction This document provide IPv6 transition scenario using Stateless Automatic IPv4 over IPv6 Tunneling (SA46T) and applicabilities of SA46T. SA46T [I-D.draft-matsuhira-sa46t-spec] require IPv6, so if SA46T deploy, IPv6 also deploy too. SA46T is just one of automatic tunnling technologies, so there are several usage with SA46T. This document shows such possible applicability. Translation between IPv6 and IPv4 is out of scope of this document. 2. IPv6 Transition scenario with SA46T The basic strategy for IPv6 deployment is dual stack. More careful viewing, IPv6 deployment could be think independently, that mean host deployment and network deployment could be treat different thing in technically. Today, hosts that have a capabiliry generating IPv6 traffic are very common and widely deployed, so network which treat both IPv4 and IPv6 traffic is not the point already. The network which can treat both IPv4 and IPv6 is precondition already, the point is how network treat both IPv4 and IPv6 traffic. The important thing is provided some options which can suitabele in time and place, or type of network. The solution maight be different in each network. In general, three basic method is considered for network which enable to treat both IPv4 and IPv6 traffic. Figure 1 shows such relation and below is some description about these. SA46T correspond IPv4 over IPv6 Tunneling technologies at IPv6 only network base. +--------------+------------------------+------------------------+ | | IPv4 Traffic | IPv6 Traffic | | | (IPv4 only or Dual | (IPv6 only or Dual | | | stack host exist) | stack host exist) | +--------------+------------------------+-------- ---------------+ | IPv4 only | native | Enable with IPv6 over | | network base | | IPv4 Tunnel | +--------------+------------------------+------------------------+ | Dual Stack | native | native | | network base | | | +--------------+------------------------+------------------------+ | IPv6 only | Enable with IPv4 over | native | | network base | IPv6 Tunnel (SA46T) | | +--------------+------------------------+------------------------+ Figure 1 Matsuhira Expires January 7, 2012 [Page 3] Internet-Draft SA46T applicability July 2011 IPv4 only network base Based on current existing IPv4 network, and adding IPv6 over IPv4 Tunneling technologies. Maybe early stage method in IPv6 transition Dual Stack network base Favorite method. IPv6 only network bse Considered in final transition stage. Thinking with time scale, following three stages are considered, these are starting IPv4 only network base, then Dual stack network base, and finally IPv6 only network base. IPv6 only network base is final transition stage. However, when the network is newly constructed, starting from dual stack network base may be common in current situation, and maybe starting with IPv6 only network base with SA46T may possible. These approach may skip some investment, such as IPv6 over IPv4 tunneling at IPv4 only network base. Figure 2 shows such stages and starting options. Matsuhira Expires January 7, 2012 [Page 4] Internet-Draft SA46T applicability July 2011 : : IPv4 only : Dual Stack : IPv6 only network base : network : network base : base : (Start from IPv4 only) : : +---------+ +----------+ : +----------+ : +---------+ +---------+ |IPv4 only|-->|IPv4 only |-->|Dual Stack|-->|IPv6 only|-->|IPv6 only| |network | |network w/| : |network | : |network | |network | | | |v6 over v4| : | | : |with | | | | | |Tunnel | : | | : |SA46T | | | +---------+ +----------+ : +----------+ : +---------+ +---------+ ............................: : ..................: (Start from Dual Stack) : +----------+ : +----------+ +---------+ |Dual Stack|---------------->|IPv6 only |---------------->|IPv6 only| |network | : |network | |network | | | : |with | | | | | : |SA46T | | | +----------+ : +----------+ +---------+ .........................: (Start from IPv6 only) +----------+ +---------+ |IPv6 only |--------------------------------------------->|IPv6 only| |network | |network | |with | | | |SA46T | | | +----------+ +---------+ Figure 2 On a well stable IPv4 network, enabling IPv6 may bring something not predictable and not desirable. Nobody can say something should happen, or something does not happen, because there are no experiences. It may be pressure for opeator. If operator can stop the service, some test for enabling IPv6 should be done in out of service time. Enterprise network may be stop in holiday, however network service for consumer may be difficult to stop. One solution for such case, well stable network should leave as it is and buiding new network, that should be IPv6 base, and well test and get more stable with early adaptor, and then starting trial service, and finally staring formal service. At this IPv6 based network, IPv4 over IPv6 Tunneling should also test from the beginning, and after this new network get stable, moving IPv4 service from old IPv4 only based network to new IPv6 based network with SA46T. Figure 3 shows Matsuhira Expires January 7, 2012 [Page 5] Internet-Draft SA46T applicability July 2011 such transition scenario. Adding IPv6 over IPv4 Tunnel to existing IPv4 only network may possible for providing early IPv6 service. -//------------------------------------------+ IPv4 only network (exinting & stable ) | |Stop old network | operation -//---+--------------------------------------+ : add IPv6 over IPv4 Tunnel (option) : +......................................+ | | | early adaptor trial user all user | | | v v v +---------------------------------------------------//-------//-- | IPv6 only network | | test phase -> trial servie -> formal service +---------------------------------------------------//---+---//-- | SA46T | +---------------------------------------------------//---+ Shutdown IPv4 service after IPv4 Traffic disappear (Just remove SA46T) Figure 3 There may be other transition senarios, anyway, SA46T provide the scenario that start with new IPv6 only network base, and transition from existing IPv4 based network to new IPv6 based network. 3. Applicability of SA46T 3.1. IPv6 only backbone network As descrive above, SA46T make IP backbone network IPv6 only. This case, IPv4 plane ID does not needed. Type of possible network described below. Intranet Campus backbone network, Corporate backbone network, Enterprise backbone network, etc. In technically, may using IPv4 private address and connect to the Internet via firewall. Matsuhira Expires January 7, 2012 [Page 6] Internet-Draft SA46T applicability July 2011 ISP backbone ISP backbone network. Access Network xDSL, FTTH, CATV are example for access network. WIreless access network Public Wireless LAN servie is example of wireless access network. Data Center network DataCenter network. 3.2. IPv4 VPNs over IPv6 backbone network SA46T can provide IPv4 VPN (Virtual Private Network) service for enterprise using IPv4 network plane id. This mechanism also provide closed IPv4 service. Type of VPN like service describe below. o IPv4 VPN service o IPv4 based extranet o Closed IPv4 service If allocated SA46T global address [I-D.draft-matsuhira-sa46t-gaddr], inter AS service would possible using SA46T global address. These service may not recommended, however providing network service for IPv4 service may be useful for service provider who does not have enough readyness for IPv6 version. This mean SA46T may provide smooth service transition network infrastructure from IPv4 to IPv6. 3.3. IPv4 address reuse over IPv6 backbone network After IPv4 address running out, some provider may still want IPv4 address. Using SA46T's IPv4 network plane ID, private address can reuse in different IPv4 network plane which provided SA46T. This case, IPv4 network plane may connect with the Internet via NAT (Network address translator). Figure 4 shows such example. In this case, communication between hosts in the same IPv4 network plane can be done in IP layer directly. Matsuhira Expires January 7, 2012 [Page 7] Internet-Draft SA46T applicability July 2011 /--------\ /------------\ | | .....|............|............................ | | +-:-+ +-----+ | | +-----+ /-------------\ : | | | | | | | |--|SA46T|--|Stub Network | : | |--|NAT|--|SA46T|--| Access | +-----+ \-------------/ : | | | | | | | | +-----+ /-------------\ : | The | | | | | | Network |--|SA46T|--|Stub Network | : | | +-:-+ +-----+ |(IPv6 only) | +-----+ \-------------/ : |Internet| :.............|............|...........................: | | | | | | .....|............|............................ | | +-:-+ +-----+ | | +-----+ /-------------\ : | | | | | | | |--|SA46T|--|Stub Network | : | |--|NAT|--|SA46T|--| | +-----+ \-------------/ : | | | | | | | | +-----+ /-------------\ : | | | | | | | |--|SA46T|--|Stub Network | : | | +-:-+ +-----+ | | +-----+ \-------------/ : | | :.............|............|...........................: | | | | | | .....|............|............................ | | +-:-+ +-----+ | | +-----+ /-------------\ : | | | | | | | |--|SA46T|--|Stub Network | : | |--|NAT|--|SA46T|--| | +-----+ \-------------| : | | | | | | | | +-----+ /-------------\ : | | | | | | | |--|SA46T|--|Stub Network | : | | +-:-+ +-----+ | | +-----+ \-------------/ : | | :.............|............|...........................: | | | | | | | | | | .....|............|............................ | | +-:-+ +-----+ | | +-----+ /-------------\ : | | | | | | | |--|SA46T|--| Stub Network| : | |--|NAT|--|SA46T|--| | +-----+ \-------------/ : | | | | | | | | +-----+ /-------------\ : | | | | | | | |--|SA46T|--|Stub Network | : | | +-:-+ +-----+ | | +-----+ \-------------/ : | | :.............|............|...........................: | | | | \--------/ \------------/ Figure 4 DS-Lite [I-D.draft-ietf-softwire-dual-stack-lite] specify tunneling method. SA46T may one of the option for IPv4 over IPv6 tunneling technology which used with DS-Lite. Matsuhira Expires January 7, 2012 [Page 8] Internet-Draft SA46T applicability July 2011 3.4. IPv4 address separation in Data Center In data center, there are many servers which owned corporate, and accessed from corporate network. These server may have private address which managed owner corporate. Viewing from data center, there should be servers which static allocated same IPv4 private address, so data center network should separate IP address space. There are several separation method, one is physically separated ( not connected each other), other is using IEEE802.1Q VLAN technologies, other is using MPLS VPN technologies. SA46T also provide such separation using IPv4 network plane ID. With IEEE802.1Q VLAN, up to 4095 separation possible, that mean, up to 4095 company's server could be hosting. SA46T provide over 4096 separation and up to 4.3 billion possible with 32bits IPv4 network plane id, that mean there are no limmit for such separation. 4. IANA Considerations This document makes no request of IANA. Note to RFC Editor: this section may be removed on publication as an RFC. 5. Security Considerations This document shows tranition scenario and applicability. There is no need description concerning about security. 6. Acknowledgements 7. References 7.1. Normative References [I-D.draft-matsuhira-sa46t-gaddr] Matsuhira, N., "Stateless Automatic IPv4 over IPv6 Tunneling: Global SA46T Address Format", January 2010. [I-D.draft-matsuhira-sa46t-spec] Matsuhira, N., "Stateless Automatic IPv4 over IPv6 Tunneling: Specification", January 2010. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Matsuhira Expires January 7, 2012 [Page 9] Internet-Draft SA46T applicability July 2011 Requirement Levels", BCP 14, RFC 2119, March 1997. 7.2. Informative References [I-D.draft-ietf-softwire-dual-stack-lite] Durand, A., Droms, R., Haberman, B., Woodyatt, J., Lee, Y., and R. Bush, "Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion", March 2010. Author's Address Naoki Matsuhira Fujitsu Limited 17-25, Shinkamata 1-chome, Ota-ku Tokyo, 144-8588 Japan Phone: +81-3-6424-6270 Fax: Email: matsuhira@jp.fujitsu.com Matsuhira Expires January 7, 2012 [Page 10]