Network Working Group N. Matsuhira Internet-Draft Fujitsu Limited Intended status: Informational January 4, 2011 Expires: July 8, 2011 Stateless Automatic IPv4 over IPv6 Tunneling: Specification draft-matsuhira-sa46t-spec-02 Abstract This document specifies Stateless Automatic IPv4 over IPv6 Tunneling (SA46T) base specification. SA46T makes backbone network to IPv6 only. And also, SA46T can stack many IPv4 networks, i.e. the networks using same IPv4 (private) addresses, without interdependence. SA46T is gateway technology, not protocol. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on July 8, 2011. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of Matsuhira Expires July 8, 2011 [Page 1] Internet-Draft SA46T spec January 2011 publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Architecture of SA46T . . . . . . . . . . . . . . . . . . . . 3 3. Basic Network Configuration . . . . . . . . . . . . . . . . . 5 4. Basic Function of SA46T . . . . . . . . . . . . . . . . . . . 6 4.1. IPv4 over IPv6 Tunneling . . . . . . . . . . . . . . . . . 6 4.2. SA46T address architecture . . . . . . . . . . . . . . . . 7 4.3. Route Advertisement . . . . . . . . . . . . . . . . . . . 8 5. SA46T address format . . . . . . . . . . . . . . . . . . . . . 9 5.1. IPv6 Global Unicast Address as SA46T address . . . . . . . 9 5.2. Global SA46T address format . . . . . . . . . . . . . . . 10 6. Stacking IPv4 Networks . . . . . . . . . . . . . . . . . . . . 10 7. Redundancy of SA46T . . . . . . . . . . . . . . . . . . . . . 12 8. Configuration of SA46T and address allocation . . . . . . . . 12 9. Example of SA46T Operation . . . . . . . . . . . . . . . . . . 16 9.1. Basic SA46T Operation . . . . . . . . . . . . . . . . . . 16 9.2. SA46T Operation with plane ID . . . . . . . . . . . . . . 18 10. Characteristic . . . . . . . . . . . . . . . . . . . . . . . . 21 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 12. Security Considerations . . . . . . . . . . . . . . . . . . . 22 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 22 14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23 14.1. Normative References . . . . . . . . . . . . . . . . . . . 23 14.2. References . . . . . . . . . . . . . . . . . . . . . . . . 23 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 24 Matsuhira Expires July 8, 2011 [Page 2] Internet-Draft SA46T spec January 2011 1. Introduction This document provides Stateless Automatic IPv4 over IPv6 Tunneling (SA46T) base specification. The basic strategy for IPv6 deployment is dual stack. Viewing this strategy from operational side, operation cost of dual stack is higher than single stack operation. Viewing from future, IPv6 only operation is more reasonable rather than IPv4 only operation. Therefore IPv6 only operation is desired. SA46T makes backbone network to IPv6 only. And also, SA46T can stack many IPv4 networks, i.e. the networks using same IPv4 (private) address, without interdependence. SA46T is gateway technology, not protocol. 2. Architecture of SA46T IP address contain two information, one is locator information, and another is identifier information. This is basic architecture of internet protocol, and also the Internet, and no difference between IPv4 and IPv6. Locater is a information related "Where", and indentifier is a information related "Who". That mean, IP address's semantics is "Where's Who" meaning. Host is identified whole IP address information, that is "Where's Who", however route to the host is identified just locator information in IP address, that is "Where". See Figure 1. |<------ IP address ------------------>| |<----- Locator ----->|<--Identifier-->| (Where ) (Who) +---------------------+----------------+ | | | +---------------------+----------------+ Figure 1 In IPv4 address space, some host has IPv4 address, which consist n bits length identifier and 32 - n bits locator. In Where's Who representation, 32 - n bits "Where" and n bits "Who". Keeping such "Where's Who" relation, IPv4 address can be represent as Matsuhira Expires July 8, 2011 [Page 3] Internet-Draft SA46T spec January 2011 IPv6 address by expanding "Where" information from 32 - n bits to 128 - n bits. Expanding " Where" information, IPv4 address can be mapped to IPv6 address. Figure 2 shows such expanding. |<------------------------ 128 bits ----------------------------->| |<-------------------- 96 bits ------------------->|<-- 32 bits ->| | : | | : | | +-------:------+ | | IPv4 address | | +-------:------+ | |<-Loc->:<-ID->| | | 32-n : n | | | bits : bits | | | : | +--------------------------------------------------+-------:------+ | SA46T address prefix (no IPv4 network plane ID) | IPv4 address | +--------------------------------------------------+-------:------+ | : | |<------------- Locator (128 - n bits ) ------------------>:<-ID->| | : n | | : bits | Figure 2 IPv4 address space contain private address, that is non globally unique IP address. If some identifier which distinguish private address can introduce in IPv6 address space, we can treate IPv4 private address as different address in IPv6 address space. This document define such identifier as "IPv4 network plane ID". "IPv6 network plane ID" can provide VPN (Virtual Private Network) like service. That is SA46T address. In SA46T address, "Where" information's bit length is 128 -n bits, and "Who" information's bit length is n bits. Figure 3 shows summary of IPv4 address and SA46T address relation. Matsuhira Expires July 8, 2011 [Page 4] Internet-Draft SA46T spec January 2011 |<------------------------ 128 bits ----------------------------->| |<-------------------- 96 bits ------------------->|<-- 32 bits ->| | : | | : | | +-------:------+ | | IPv4 address | | +-------:------+ | |<-Loc->:<-ID->| | | 32-n : n | | | bits : bits | | | : | +--------------------------------------------------+-------:------+ | SA46T address prefix (no IPv4 network plane ID) | IPv4 address | +--------------------------------------------------+-------:------+ | : | | : | | 96 - m bits | m bits | 32 bits | +-----------------------+--------------------------+-------:------+ | SA46T address prefix | IPv4 network plane ID | IPv4 address | +-----------------------+--------------------------+-------:------+ |<------------- Locator (128 - n bits ) ------------------>:<-ID->| | : n | | : bits | Figure 3 3. Basic Network Configuration Figure 4 shows network configuration with SA46T. The network consists of three parts. Backbone network, stub network, and SA46T. Backbone network is operated with IPv6 only. Stub network has three cases. IPv4 only, Dual Stack (both IPv4 and IPv6), and IPv6 only. SA46T connects backbone network and stub network in case IPv4 still works in that stub network. If stub network is IPv6 only, SA46T is not needed. Campus network, corporate network, and ISP network are the example for such network. Matsuhira Expires July 8, 2011 [Page 5] Internet-Draft SA46T spec January 2011 /---------------------------------------------------\ | | | Backbone Network | | (IPv6 only) | | | \---------------------------------------------------/ | | | +-------+ +-------+ | | SA46T | | SA46T | | +-------+ +-------+ | | | | /--------------\ /--------------\ /--------------\ | | | | | | | Stub Network | | Stub Network | | Stub Network | | (IPv4 only) | | (Dual Stack) | | (IPv6 only) | | | | | | | \--------------/ \--------------/ \--------------/ Figure 4 4. Basic Function of SA46T SA46T has mainly two function. One is IPv4 over IPv6 Tunneling, and another is advertise route for stub network. 4.1. IPv4 over IPv6 Tunneling SA46T encapsulates IPv4 packet to IPv6 from stub network to backbone network, and decapsulates IPv6 packet to IPv4 from backbone network to stub network. Figure 5 shows such movement. +--------+------------+ +----------+--------+------------+ |IPv4 Hdr| Data | --> | IPv6 Hdr |IPv4 Hdr| Data | +--------+------------+ +----------+--------+------------+ +--------+------------+ +----------+--------+------------+ |IPv4 Hdr| Data | <-- | IPv6 Hdr |IPv4 Hdr| Data | +--------+------------+ +----------+--------+------------+ /-------------------\ +-------+ /-----------------------------\ | Stub Network |--| SA46T |--| Backbone Network | | (IPv4) | +-------+ | (IPv6 only) | \-------------------/ \-----------------------------/ Figure 5 Matsuhira Expires July 8, 2011 [Page 6] Internet-Draft SA46T spec January 2011 SA46T MUST support tunnel MTU discovery [RFC1853]. When encapsulated IPv6 Packet size exceed path MTU and inner IPv4 packet have the Don't Fragment bit is set, SA46T MUST return ICMP Destination unreachable message with Type3 Code4, fragmentation needed and DS set [RFC0792]. In case IPv6, SA46T just relays IPv6 packet. +----------+------------+ +----------+------------+ | IPv6 Hdr | data | --> | IPv6 Hdr | data | +----------+------------+ +----------+------------+ +----------+------------+ +----------+------------+ | IPv6 Hdr | data | <-- | IPv6 Hdr | data | +----------+------------+ +----------+------------+ /---------------------\ +-------+ /--------------------\ | Stub Network |--| SA46T |--| Backbone Network | | (IPv6) | +-------+ | (IPv6 only) | \--------------------/ \---------------------/ Figure 6 By IPv4 over IPv6 function, SA46T make backbone network to IPv6 only. 4.2. SA46T address architecture SA46T address is a IPv6 address used in outer IPv6 header which encapsulate IPv4 packet by SA46T. Figure 7 shows SA46T address architecture | 96 - m bits | m bits | 32 bits | +-----------------------+--------------------------+--------------+ | SA46T address prefix | IPv4 network plane ID | IPv4 address | +-----------------------+--------------------------+--------------+ Figure 7 SA46T address consists of three parts as follows. SA46T address prefix SA46T address prefix indicates this packet is encapsulated by SA46T and MUST be encapsulated by SA46T. This value is preconfigured to all SA46T in the networks. Matsuhira Expires July 8, 2011 [Page 7] Internet-Draft SA46T spec January 2011 IPv4 network plane ID IPv4 network plane ID is an identifier of IPv4 network stack over IPv6 backbone network. This value is preconfigured depend on the SA46T belong which IPv4 network plane. For more detail see Section 6. IPv4 address IPv4 address in inner IPv4 packet. SA46T address is resolved copying IPv4 address in inner IPv4 packet, and preconfigured values, SA46T prefix and IPv4 network plane ID. Table 1 shows SA46T IPv4 network plane ID length (m) and number of plane. +----+----------------------+ | m | # of plane | +----+----------------------+ | 16 | 65536 | | 32 | 4294967296 | | 64 | 18446744073709551616 | +----+----------------------+ Table 1 4.3. Route Advertisement SA46T converts stub network's IPv4 route to SA46T IPv6 route and advertises to backbone network. And reverse direction, SA46T converts SA46T IPv6 route to IPv4 route, that advertises other IPv4 stub networks. If IPv4 stub network's prefix length is n, the prefix length of SA46T IPv6 route which converts from that IPv4 prefix is 128 - 32 + n. Table 2 shows detail value. +--------------------+--------------------------+ | IPv4 prefix length | SA46T IPv6 prefix length | +--------------------+--------------------------+ | /8 | /104 | | /16 | /112 | | /24 | /120 | +--------------------+--------------------------+ Table 2 Matsuhira Expires July 8, 2011 [Page 8] Internet-Draft SA46T spec January 2011 The IPv4 route for stub network is map to SA46T IPv6 route one to one, so number of route of IPv4 is same as number of route of SA46T IPv6 route. Total number of route is same as when backbone network operate dual stack, without SA46T. In stub network, usual dynamic routing protocol for IPv4 and IPv6 can be used such as RIPv2 [RFC2453], RIPng [RFC2080], OSPFv2 [RFC2328], OSPFv3 [RFC2740] and IS-IS [RFC1195][RFC5308]. Similarly, in backbone network, usual dynamic routing protocol for IPv6 can be used such as RIPng [RFC2080], OSPFv3 [RFC2740] and IS-IS [RFC5308] . If want using default route, default SA46T advertise the route [SA46T address prefix/( 96 - m )] as default route. If want using different default route by IPv4 network plane ID, default SA46T in IPv4 network plane #1 advertise the route [ SA46T address prefix + IPv4 network plane ID #1 / 96] as default route. Figure 15 in Section 9 show the example using default route. 5. SA46T address format SA46T can be used closely in the backbone network, so SA46T address does not be advertised outside of the backbone network, and IPv6 packet which contains SA46T address does not be forwarded outside of the backbone network. So, SA46T address format and SA46T address prefix can be decided each backbone network. But for your information, one example is shown as follows. That is based on IPv6 Global Unicast Address. Of course, SA46T can be used in the Internet, or between the ASs. This case is discussed shortly in Section 5.2. 5.1. IPv6 Global Unicast Address as SA46T address This example is based on IPv6 Global Unicast Address Format [RFC3587]. Figure 8 shows IPv6 Global Unicast Address Format. | 3 | 45bits | 16bits | 64bits | +---+-----------------------+-----------+--------------------------+ |001| Global routing prefix | subnet id | Interface ID | +---+-----------------------+-----------+--------------------------+ Figure 8 Matsuhira Expires July 8, 2011 [Page 9] Internet-Draft SA46T spec January 2011 Figure 9 shows SA46T address format using part of IPv6 Global Unicast Address. | 3 | 45bits | 16bits | 32bits | 32bits | +---+-----------------------+-----------+--------------------------+ |001| Global routing prefix | subnet id | plane ID | IPv4 address | +---+-----------------------+-----------+--------------------------+ <---SA46T address prefix---------------> Figure 9 Where: Global routing prefix global routing prefix subnet id indication for SA46T prefix. Example is 0x5A46. plane id IPv4 network plane ID. The value 0 should be for the global IPv4 Internet. IPv4 address IPv4 address of inner IPv4 packet 5.2. Global SA46T address format SA46T can be used in The Internet, or between AS. This is achieved by recognizing SA46T address format as common address. Such address should be Global SA46T address. Global SA46T address format and prefix requires IANA assignment of IPv6 address prefix. Global SA46T address is proposed in [I-D.draft-matsuhira-sa46t-gaddr]. 6. Stacking IPv4 Networks SA46T can provide VPN like service to stub networks by using different IPv4 network plane ID value. Table 3 shows example of IPv4 network plane ID and its usage. Matsuhira Expires July 8, 2011 [Page 10] Internet-Draft SA46T spec January 2011 If backbone network operator provide IPv4 privates network service to Organization A, backbone network operator sets IPv4 network plane ID value =1 to the SA46T which connects stub network of organization A. If there are five stub network of organization A, backbone network operator sets same IPv4 network plane ID = 1, to five SA46Ts which connect stub network of organization A. If there are one hundred stub network of organization B, backbone network operator sets same IPv4 network plane ID = 2, to one hundred SA46Ts which connect stub network of organization B. If a new stub network in organization B join, backbone network operator configures same IPv4 network plane ID = 2, to the new stub network only, which connect stub network of organization B, and no configuration is needed to one hundred SA46Ts which are already connected. Such configuration, that means same stub network group to same IPv4 network plane ID value, is simple and easy to understand, so, it is expected that possibility of misconfiguration is very low. And also, number of configuration is minimum, that mean, number of configuration is same as number of stub networks, and add new stub network, configure to new one only. Describe above, SA46T can provide VPN like service, for example, Intranet or extranet. And, after IPv4 global address running out, some service provider may want to reuse IPv4 private address. SA46T can provide such IPv4 private address networks over single IPv6 backbone network. By SA46T, some service providers may reuse IPv4 private address. +---------------------+---------------------------------------------+ | IPv4 network plane | usage | | ID value | | +---------------------+---------------------------------------------+ | 0 | IPv4 Internet (Global) | | 1 | IPv4 Private network for Organization A | | | (Intranet) | | 2 | IPv4 Private network for Organization B | | | (Intranet) | | 3 | IPv4 Private network for Group A (Extranet) | | 4 | IPv4 Private network for Group B (Extranet) | | 5 | Net10 reuse network for consumer group A | | | (Private address access) | | 6 | Net10 reuse network for consumer group B | | | (Private address access) | | 7 | Net10 reuse network for consumer group C | | | (Private address access ) | | .... | .... | +---------------------+---------------------------------------------+ Matsuhira Expires July 8, 2011 [Page 11] Internet-Draft SA46T spec January 2011 Table 3 7. Redundancy of SA46T SA46T brings no limit for redundancy. Figure 10 shows such example in case two connection between backbone network and stub network. Number of link between backbone network and stub network is not limited, and different type of link can be used, for example, for wire and wireless. Configuration of SA46Ts, which connect same stub network, is same. That mean same SA46T prefix and same IPv4 network plane ID value. /---------------------------------------------------\ | | | Backbone Network | | (IPv6 only) | | | \---------------------------------------------------/ | | | | +-------+ +-------+ +-------+ +-------+ | SA46T | | SA46T | | SA46T | | SA46T | +-------+ +-------+ +-------+ +-------+ | | | | /---------------------\ /---------------------\ | | | | | Stub Network | | Stub Network | | (IPv4 only) | | (Dual Stack) | | | | | \---------------------/ \---------------------/ Figure 10 8. Configuration of SA46T and address allocation Configuration of SA46T require just three information, SA46T address prefix, IPv4 Network plane ID, and prefix length of SA46T route. These information could explain just only one line, "/ prefix length of SA46T route". When there are N numbers SA46Ts in a certain backbone network, configure one line per SA46T to the N numbers SA46Ts are needed. Total line is just N. If adding new SA46T to the backbone network, configure one line to the new SA46T only is needed, and addition or change does not needed to existing N numbers SA46Ts. Now new 1 line Matsuhira Expires July 8, 2011 [Page 12] Internet-Draft SA46T spec January 2011 and total numbers of line is N+1. Static configured tunnel require N(N-1) configurations. So, SA46T needs less configuration than static configured tunnel, especially when value of N is large number. SA46T require few configuration, so when numbers of SA46T is small, manual configuration may be enough. However, when large number of SA46T needed in big network, configuration via server may useful. For automatic configuration of SA46T, IPv4 address allocation in stub network should consider, both static address allocation and automatic address allocation. In the latter case, using DHCP should be reasonable. Figure 11 shows example of configuration database for SA46T. As identifier of SA46T, MAC address is used, however, other information may be used. When stub network connected SA46T is configured with dynamic address, allocate IPv4 address in allocatable IPv4 address block to the stub network side interface of SA46T at startup phase. That is default router address in the stub network. When SA46T receive DHCP request from a host in stub network, DHCP server allocate IP address from allocatable IPv4 address block, and notify IP address of DNS server and IP address of default router. When stub network connected SA46T is configuraed with static address, a value of allocatable IPv4 address block should be 0.0.0.0/0 and a value of DNS Server should be 0.0.0.0.. Matsuhira Expires July 8, 2011 [Page 13] Internet-Draft SA46T spec January 2011 +---------------++------------------------+-------------+-------------+ |Identifier || SA46T address prefix | Allocatable | DNS Server | |of SA46T || + IPv4 network plane ID| IPv4 address| (IPv4) | |(e.g. MAC addr)|| + prefix length | block | | +---------------++------------------------+-------------+-------------+ |Identifier || SA46T address prefix | Allocatable | DNS Server | |of SA46T || + IPv4 network plane ID| IPv4 address| (IPv4) | |(e.g. MAC addr)|| + prefix length | block | | +---------------++------------------------+-------------+-------------+ |Identifier || SA46T address prefix | Allocatable | DNS Server | |of SA46T || + IPv4 network plane ID| IPv4 address| (IPv4) | |(e.g. MAC addr)|| + prefix length | block | | +---------------++------------------------+-------------+-------------+ | || | | | ~ : ~~ : ~ : ~ : ~ | || | | | +---------------++------------------------+-------------+-------------+ |Identifier || SA46T address prefix | Allocatable | DNS Server | |of SA46T || + IPv4 network plane ID| IPv4 address| (IPv4) | |(e.g. MAC addr)|| + prefix length | block | | +---------------++------------------------+-------------+-------------+ Figure 11 Figure 12 shows timeline diagram of message exchange between SA46T and host in stub network and SA46T configuration server when stub network is configured with dynamic address. Protocol between SA46T and SA46T configuration server including SA46T server discovery may be defined in future. Matsuhira Expires July 8, 2011 [Page 14] Internet-Draft SA46T spec January 2011 <--- Backbone (IPv6 only) --><--- Stub Network ------> SA46T Configuration SA46T Host Server with DHCP Server (Dynamic address) | | | ~ ~ ~ | | | |<--Request -----------| | | (MAC Address) | | |-----Response-------->| | | (SA46t Prefix | | | + IPv4 plane ID | | | + prefix length, | | | Allocate IPv4 | | | address block | | | | | | ( address allocation | | to the interface | | of stub network side ) | | | | | | | | |<--DHCP Request ----| | |---DHCP Response -->| | | (address configured) | | | ~ ~ ~ <============================<-------------------| | Encap | | | | | ~ ~ ~ | | | ===========================>------------------->| | Decap | | Figure 12 Figure 13 shows timeline diagram of message exchange between SA46T and host in stub network and SA46T configuration server when stub network is configured with static address. Such static address configuration may be used mainly at server zone, so such stub network may be well managed, so SA46T may also configured manually. Matsuhira Expires July 8, 2011 [Page 15] Internet-Draft SA46T spec January 2011 <--- Backbone (IPv6 only) --><--- Stub Network ------> SA46T Configuration SA46T Host Server (Static address) | | | ~ ~ ~ | | | |<--Request -----------| | | (MAC Address) | | |-----Response-------->| | | (SA46t Prefix | | | + IPv4 plane ID | | | + prefix length | | | | | ~ ~ ~ | | | ===========================>------------------->| | Decap | | ~ ~ ~ | Encap | | <============================<-------------------| | | | Figure 13 9. Example of SA46T Operation 9.1. Basic SA46T Operation Figure 14 shows SA46T operation which does not use IPv4 network plane ID. In this example, two stub network is connected to backbone network via SA46T. One stub network is 10.1.1.0/24 sub network, and the other is 10.1.2.0/24 sub network. When SA46T receives IPv4 route advertisement, then SA46T convert this IPv4 route to IPv6 route by address resolution to SA46T address, and advertise this IPv6 route to backbone network. When SA46T receives IPv6 route advertisements, then SA46T converts this IPv6 route to IPv4 route if this IPv6 route is match SA46T address ( same prefix with SA46T), and advertise this IPv4 route to stub network. In this example. IPv4 route, 10.1.1.0/24 is converted to IPv6 route, :10.1.1.0/120,and IPv4 route, 10.1.2.0/24 is converted to IPv6 route, :10.1.2.0/120 at SA46T from stub network to backbone network. And, from backbone network to stub network, IPv6 route, :10.1.1.0/120 is converted to IPv4 route, Matsuhira Expires July 8, 2011 [Page 16] Internet-Draft SA46T spec January 2011 10.1.1.0/24, and IPv6 route, :10.1.2.0/120 is converted to IPv4 route, 10.1.2.0/24. /-------------\ +-----+ /------------\ +-----+ /-------------\ |Stub Network | | | | Backbone | | | |Stub Network | |(10.1.1.0/24)|--|SA46T|--| Network |--|SA46T|--|(10.1.2.0/24)| | | | | |(IPv6 only) | | | | | \-------------/ +-----+ \------------/ +-----+ \-------------/ [10.1.1.0/24] ---> [:10.1.1.0/120] ---> [10.1.1.0/24] [10.1.2.0/24] <--- [:10.1.2.0/120] <--- [10.1.2.0/24] +---------+----+ +---------+----+----+ +---------+----+ | data |IPv4| --> | data |IPv4|IPv6| --> | data |IPv4| +---------+----+ +---------+----+----+ +---------+----+ src: 10.1.1.1 src: :10.1.1.1 src: 10.1.1.1 dst: 10.1.2.1 dst: :10.1.2.1 dst: 10.1.2.1 Figure 14 Figure 15 shows the example using default route. Default route is useful in case most packets are routed same path. Typically, access network is one of the example. Although using default route, communication between stub networks can be done. Communication between host 10.1.1.1 and host 10.1.2.1 can be done inside in access network, and does not pass over default SA46T. Matsuhira Expires July 8, 2011 [Page 17] Internet-Draft SA46T spec January 2011 /------------\ | | /-------------\ +-----+ | | +-----+ /-------------\ | Backbone | | | | Access | | | |Stub Network | | Network |--|SA46T|--| Network |--|SA46T|--|(10.1.1.0/24)| | | | | |(IPv6 only) | | | | | \-------------/ +-----+ | | +-----+ \-------------/ (default) | <--[:10.1.1.0/120] [/96] --> | | | | | +-----+ /-------------\ | | | | |Stub Network | | |--|SA46T|--|(10.1.2.0/24)| | | | | | | | | +-----+ \-------------/ | <--[:10.1.2.0/120] | | | | | | +-----+ /-------------\ | | | | |Stub Network | | |--|SA46T|--|(10.1.3.0/24)| | | | | | | | | +-----+ \-------------/ | <--[:10.1.3.0/120] | | \------------/ Figure 15 9.2. SA46T Operation with plane ID Figure 16 shows SA46T operation which uses IPv4 network plane ID. In this example, there are two planes, and two stub network in each plane is connected to backbone network via SA46T. In each plane, one stub network is 10.1.1.0/24 sub network, and the other is 10.1.2.0/24 sub network, that means same IPv4 address is used in different plane. When SA46T receives IPv4 route advertisements, then SA46T converts this IPv4 route to IPv6 route by address resolution to SA46T address, and advertise this IPv6 route to backbone network. When SA46T receives IPv6 route advertisements, then SA46T converts this IPv6 route to IPv4 route if this IPv6 route is match SA46T address ( same prefix with SA46T), and advertises this IPv4 route to stub network. In this example in plane #1. IPv4 route, 10.1.1.0/24 is converted to IPv6 route, <#1>:10.1.1.0/120,and IPv4 route, 10.1.2.0/24 is converted to IPv6 route, <#1>:10.1.2.0/ Matsuhira Expires July 8, 2011 [Page 18] Internet-Draft SA46T spec January 2011 120 at SA46T from stub network to backbone network. And, from backbone network to stub network, IPv6 route, <# 1>:10.1.1.0/120 is converted to IPv4 route, 10.1.1.0/24, and IPv6 route, <#1>:10.1.2.0/120 is converted to IPv4 route, 10.1.2.0/24. And also, In this example in plane #2. IPv4 route, 10.1.1.0/24 is converted to IPv6 route, <#2>:10.1.1.0/120,and IPv4 route, 10.1.2.0/24 is converted to IPv6 route, <# 2>:10.1.2.0/120 at SA46T from stub network to backbone network. And, from backbone network to stub network, IPv6 route, <# 2>:10.1.1.0/120 is converted to IPv4 route, 10.1.1.0/24, and IPv6 route, <#2>:10.1.2.0/120 is converted to IPv4 route, 10.1.2.0/24. In IPv6 space, address <#1>:10.1.1.1 and address <#2>:10.1.1.1 are different address, route <#1>:10.1.1.0/120 and route <#2>:10.1.1.0/ 120 are different route, although in IPv4 space, address 10.1.1.1 in plane #1 and 10.1.1.1 in plane#2 are same address, route 10.1.1.0/24 in plane#1 and route 10.1.1.0/24 in plane#2 are same route. Matsuhira Expires July 8, 2011 [Page 19] Internet-Draft SA46T spec January 2011 /------------\ ...................|............|............................ : /-------------\ +-----+ | | +-----+ /-------------\ : : | Stub Network| | | | | | | | Stub Network| : : |(10.1.1.0/24)|--|SA46T|--| Backbone |--|SA46T|--|(10.1.2.0/24)| : : | | | | | Network | | | | | : : \-------------/ +-----+ |(IPv6 only) | +-----+ \-------------/ : :...........................|............|...........................: | | ...................|............|............................ : /-------------\ +-----+ | | +-----+ /-------------\ : : | Stub Network| | | | | | | | Stub Network| : : |(10.1.1.0/24)|--|SA46T|--| |--|SA46T|--|(10.1.2.0/24)| : : | | | | | | | | | | : : \-------------/ +-----+ | | +-----+ \-------------/ : :...........................|............|...........................: \------------/ <> [10.1.1.0/24] --->[<#1>:10.1.1.0/120] ---> [10.1.1.0/24] [10.1.2.0/24] <---[<#1>:10.1.2.0/120] <--- [10.1.2.0/24] +---------+----+ +---------+----+----+ +---------+----+ | data |IPv4| --> | data |IPv4|IPv6| --> | data |IPv4| +---------+----+ +---------+----+----+ +---------+----+ src: 10.1.1.1 src: <#1>:10.1.1.1 src: 10.1.1.1 dst: 10.1.2.1 dst: <#1>:10.1.2.1 dst: 10.1.2.1 <> [10.1.1.0/24] --->[<#2>:10.1.1.0/120] ---> [10.1.1.0/24] [10.1.2.0/24] <---[<#2>:10.1.2.0/120] <--- [10.1.2.0/24] +---------+----+ +---------+----+----+ +---------+----+ | data |IPv4| --> | data |IPv4|IPv6| --> | data |IPv4| +---------+----+ +---------+----+----+ +---------+----+ src: 10.1.1.1 src: <#2>:10.1.1.1 src: 10.1.1.1 dst: 10.1.2.1 dst: <#2>:10.1.2.1 dst: 10.1.2.1 Figure 16 Figure 17shows the example using default route with IPv4 network plane. In this case, default SA46T may configure different by each IPv4 network plane. Matsuhira Expires July 8, 2011 [Page 20] Internet-Draft SA46T spec January 2011 /------------\ ...................|............|............................ : /-------------\ +-----+ | | +-----+ /-------------\ : : | Backbone | | | | | | | | Stub Network| : : | Network |--|SA46T|--| Access |--|SA46T|--|(10.1.1.0/24)| : : | | | | | Network | | | | | : : \-------------/ +-----+ |(IPv6 only) | +-----+ \-------------/ : : (default) | <--[<#1>:10.1.1.0/120]: : [<#1>/96] --> | : : | | : : | | : : | | +-----+ /-------------\ : : | | | | | Stub Network| : : | |--|SA46T|--|(10.1.2.0/24)| : : | | | | | | : : | | +-----+ \-------------/ : : | <--[<#1>:10.1.2.0/120] : :...........................|............|...........................: | | ...................|............|............................ : /-------------\ +-----+ | | +-----+ /-------------\ : : | Backbone | | | | | | | | Stub Network| : : | Network |--|SA46T|--| |--|SA46T|--|(10.1.1.0/24)| : : | | | | | | | | | | : : \-------------/ +-----+ | | +-----+ \-------------/ : : (default) | <--[<#2>:10.1.1.0/120]: : [<#2>/96] --> | : : | | : : | | : : | | +-----+ /-------------\ : : | | | | | Stub Network| : : | |--|SA46T|--|(10.1.2.0/24)| : : | | | | | | : : | | +-----+ \-------------/ : : | <--[<#2>:10.1.2.0/120] : :...........................|............|...........................: | | \------------/ Figure 17 10. Characteristic SA46T has following useful characteristics. Matsuhira Expires July 8, 2011 [Page 21] Internet-Draft SA46T spec January 2011 o Reduce backbone network operation cost with IPv6 single stack ( at least less than Dual Stack) o Can allocate IPv4 address to stub networks, which used in backbone network before installing SA46T o Less configuration o No need for special protocol o No dependent Layer 2 network o Can Stack IPv4 Private networks o Easy stop IPv4 operation in stub network for future ( just remove SA46T) o Provide redundancy 11. IANA Considerations This document makes no request of IANA. Note to RFC Editor: this section may be removed on publication as an RFC. 12. Security Considerations SA46T use automatic tunneling technologies. Security consideration related tunneling technologies are discussed in RFC2893[RFC2893], RFC2267[RFC2267], etc. 13. Acknowledgements This document is based on Naoki Matsuhira's original ideas and an individual effort of the author. Review and encouragement have been provided by many peoples. Particulary Akira Kato at WIDE Project / Keio University and Masanobu Katoh at Fujitsu in initial stage. And many discussions and assists are provided from Toshiya Asaba, Osamu Nakamura, Yoshiki Ishida, Ichiro Mizukoshi, Noriyuki Shigechika, Miya Kohno, Yoshinobu Matsuzaki, Akira Nakagawa. And comments and discussions are provided in IETF meeting from Fred Baker, Brian Carpenter, Randy Bush, Dave Thaler and Alain Duland. If there is a comment not refrected, it is Matsuhira Expires July 8, 2011 [Page 22] Internet-Draft SA46T spec January 2011 surely because of my English language capability, and the author still want reflect it include missing. The author would like to thank all above people, and others discussed with in WIDE project meeting and inside Fujitsu. 14. References 14.1. Normative References [I-D.draft-matsuhira-sa46t-gaddr] Matsuhira, N., "Stateless Automatic IPv4 over IPv6 Tunneling: Global SA46T Address Format", January 2010. [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, RFC 792, September 1981. [RFC1853] Simpson, W., "IP in IP Tunneling", RFC 1853, October 1995. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3587] Hinden, R., Deering, S., and E. Nordmark, "IPv6 Global Unicast Address Format", RFC 3587, August 2003. 14.2. References [RFC1195] Callon, R., "Use of OSI IS-IS for routing in TCP/IP and dual environments", RFC 1195, December 1990. [RFC2080] Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080, January 1997. [RFC2267] Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", RFC 2267, January 1998. [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998. [RFC2453] Malkin, G., "RIP Version 2", STD 56, RFC 2453, November 1998. [RFC2740] Coltun, R., Ferguson, D., and J. Moy, "OSPF for IPv6", RFC 2740, December 1999. [RFC2893] Gilligan, R. and E. Nordmark, "Transition Mechanisms for IPv6 Hosts and Routers", RFC 2893, August 2000. Matsuhira Expires July 8, 2011 [Page 23] Internet-Draft SA46T spec January 2011 [RFC5308] Hopps, C., "Routing IPv6 with IS-IS", RFC 5308, October 2008. Author's Address Naoki Matsuhira Fujitsu Limited 17-25, Shinkamata 1-chome, Ota-ku Tokyo, 144-8588 Japan Phone: +81-3-6424-6270 Fax: Email: matsuhira@jp.fujitsu.com Matsuhira Expires July 8, 2011 [Page 24]