V6ops Working Group Enterprise Design Team INTERNET-DRAFT: draft-pouffary-v6ops-ent-v6net-01.txt OBSOLETES : draft-pouffary-v6ops-ent-v6net-00.txt Yanick Pouffary (Chair) Jim Bound (Editor) Hewlett Packard Yurie Rich Native6 Group Marc Blanchet Viagenie Tony Hain Paul Gilbert Cisco Scott Hahn Intel Margaret Wasserman Wind River Jason Goldschmidt Sun Microsystems Mathew Lehman Microsoft Aldrin Isaac Bloomberg October 2002 IPv6 Enterprise Networks Scenarios Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 1] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 Abstract IPv6 will be deployed in Enterprise networks. This scenario has requirements for the adoption of IPv6. This document will focus upon and define: a set of technology scenarios that shall exist for the Enterprise network, the set of transition variables, transition methods, and tools required by different scenarios. The document using these definitions will define the points of transition for an Enterprise network. draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 2] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 Table of Contents: 1. Introduction.................................................4 2. Requirements.................................................4 3. Terminology..................................................5 4. Enterprise Network Assumptions...............................7 5. Enterprise Network Scenarios Overview........................9 6. Enterprise Points of Transition Methods.....................11 6.1 M1: IPv4 Tunnels to Encapsulate IPv6.......................11 6.2 M2: IPv6 Tunnels to Encapsulate IPv4.......................11 6.3 M3: IPv6 NAT to Communicate with IPv4......................11 6.4 M4: IPv6 Native LANs.......................................12 6.5 M5: IPv6 Native Routing Domains............................12 6.6 M6: Dual Stack Nodes supporting IPv6 and IPv4..............12 6.7 M7: Single Stack IPv6 ONLY Nodes...........................12 7. Enterprise Network Infrastructure Points of Transition......14 7.1 DNS........................................................14 7.2 Routing....................................................14 7.3 Autoconfiguration..........................................14 7.4 Security...................................................14 7.5 Applications and APIs......................................14 7.6 IPv6 Address Scoping.......................................14 7.7 Network Management.........................................14 7.8 Address Planning...........................................14 8. Enterprise Tools Requirements...............................15 8.1 Routing Configuration......................................15 8.2 DNS Configuration..........................................15 8.3 IPv6 Address Allocation and Configuration..................15 8.4 IPv4 Address Allocation and Configuration..................15 8.5 VPN/Tunnel Configuration...................................15 8.6 Mobile Node IPv4/IPv6 Interoperation Configuration.........15 9. Enterprise Network Scenarios in Depth.......................16 10. Enteprise Network Scenarios Matrix Graph...................16 11. Applicability Statement....................................16 12. Security Section...........................................16 Acknowledgments................................................16 References.....................................................16 Authors' Addresses.............................................16 draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 3] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 1. Introduction IPv6 will be deployed in Enterprise networks. This scenario has requirements for the adoption of IPv6. This document will focus upon and define: a set of technology scenarios that shall exist for the Enterprise network, the set of transition variables, transition methods, and tools required by different scenarios. The document using these definitions will define the points of transition for an Enterprise network. An Enterprise network for this document is a user network connected to an Internet Service Provider (ISP) or a Private Network Service Provider (PSNP), is actively managed by the users of that network, and has multiple independent networks within the Enterprise. It may also have mobile IP users accessing the Enterprise Network within the Enterprise network, from the public Internet into the Enterprise, or from a private external Internet network. An Enterprise could be a Fortune 100 company large business (e.g. Manufacturing, Financial, Government) or a small office business (e.g. Law Firm, Stock Brokerage, Discrete Engineering Parts Supplier, Office of 30 users). The Enterprise network rate and methods for the adoption of IPv6 will vary and the only constant we can hope to define are the transition and tools requirements based on what we have learned currently from existing work on IPv6 transition mechanisms, current early adopter deployment, and the results produced from this document. This document will not declare specific transition mechanisms or tools; but rather provide a template that users, implementors, and IETF specifications can use to apply or define such mechanisms and tools. A goal of this document is to have the result be a template for how existing transition mechanism and tools could be used in the Enterprise network scenario. 2. Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 4] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 3. Terminology Enterprise Network (EN) - An Enterprise Network is a network that has multiple links, a router conection to an EN Network Provider, and is actively managed by a network operations entity. EN Provider (ENP) - An Enterprise Network Provider (ENP) is an entity that provides services and connectivity to the Internet or other private external networks for the EN. EN Edge (ENE) - An Enterprise Network Edge is the ingress and egress points connecting an EN to the Internet, EN Extranet, or to another private external network. EN Administrative Domain (ENAD) - An Enterprise Network Administrative Domain are the ingress and egress points connecting nodes across the EN behind any ENEs. EN Extranet (ENX) - An Enterprise Network Extranet are any EN owned network components at the ENE, but not part of the ENAD. EN Border Router (ENBR) - An Enterprise Network Border Router is a a router that is configured at an ENE within the Enterprise. EN Internal Router (ENIR) - An Enterprise Network Internal Router is a router that is NOT configured at an ENE, but within the ENAD. EN Mobile - An Enterprise Network condition when a node changes its network location, or is not attached to the ENAD. EN Mobile Node (ENMN) - An Enterprise Network Mobile Node is any node that is EN Mobile within or not within the ENAD, or as remote telecommuting node. EN Points of Transtion (ENPT) - An Enterprise Network Point of Transition is a general abstraction prefix to note functions within the EN that must be defined for the transition to IPv6. Internet Network Provider (INP) - An ENP that provides connectivity and services to the public Internet. Private Network Provider (PNP) - An ENP that provides connectivity and services to a private Internet. Dual Stack IPv4/IPv6 Node (DSN) - A node that supports IPv4 and IPv6. IPv4 ONLY Node - A node that only supports IPv4. IPv6 ONLY Node - A node that only supports IPv6. draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 5] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 6] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 4. Enterprise Network Assumptions In this section assumptions for this document are provided. Such as no one can tell users how to transition, they will all do it differently. Some users will move right to IPv6 not later simply because it is easier for those using 802.11 technology with Mobile IP, as one example. Some users have hardly any IPv4 address space while others have plenty of IPv4 address space. Global Address space vs private is a point of contention to determine how to transition to IPv6. For ENAD applications to comunicate across an INP or PNP requires global routable addresses for peer to peer communications and security. ENs will vary in size and network complexity from a small office to a large manufacturing operation with multiple sites, across a wide geography. ENPTs functions will need to be defined for the following: - Routers - Non Router Nodes - Network Topology - Network Applications - Network Management and Tools - Network Security - Network Mobility - Network VPNs - Network Telecommuter Work Force - Network Inter Site Communications This document will identify those ENPTs and discuss them within a set of EN scenarios. This document will not provide the solutions for these ENPTs. A set of suggested solutions will be provided in a follow on document to this work. ENs will vary how they approach the transition to IPv6 depending on a set of transition variables (V1..VN): V1: IPv4 NAT and Firewall at the ENBR and ENAD uses IPv4 private addresses. V2: IPv4 Firewall at the ENBR and ENAD uses IPv4 global routable addresses. V3: Applications must be able to communicate between remote ENADs using INPs or PNPs. V4: The methods and security used to access the ENAD for Telecommuters and Mobile Nodes. V5: IPv6 software upgrades are not available for existing EN routers and nodes. V6: Source code for applications have been lost or cannot be upgraded to IPv6. V7: New business function being defined and can exist without extensive access to legacy IPv4 networks and nodes. V8: Mission critical applications must be able to interoperate with legacy IPv4 nodes. V9: Legacy IPv4 nodes can be upgraded to support dual stack IPv4 and IPv6. V10: Legacy IPv4 nodes cannot be upgraded to support dual stack IPv4 and IPv6 V11: What time frames are required for the adoption of IPv6 for a set of business requirements. V12: What sections of the network for an existing EN or new EN will move towards IPv6 deployment first, second, ...., last, and at what rate. V13: What are the network security requirements for the EN. V14: ENP does not support IPv6. draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 7] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 The transition variables are the parameters to the first function to determine the transition needs for a specific EN. These variables will define the approach an EN takes to deploy IPv6. Once the EN transition variables are understood then the EN will select transition methods as follows (M1..MN): M1: IPv4 Tunnels to Encapsulate IPv6 M2: IPv6 Tunnels to Encapsulate IPv4 M3: IPv6 NAT to Communicate with IPv4 M4: IPv6 Native LANs M5: IPv6 Native Routing Domains M6: Dual Stack Nodes supporting IPv6 and IPv4 M7: Single Stack IPv6 ONLY Nodes (no known implementations today) Each EN will need to select the method to best suit their business requirements. Any attempt to define a default or one-size-fits-all set of variables and methods for all ENs would result in failure. These methods are discussed in Section 6 of the document. This document will define a list of sets for transition variables, methods, and tool requirements, which will provide a three dimensional system for analysis that can be used to extrapolate a set of solutions. Where the X axis is the transition variables (V#), the Y axis the transition method (M#), and the Z axis the tools requirement set ( section 8) to support X and Y conditions. This point on the graph will be an EN transtion strategy. After the document describes the EN scenarios in depth (section 9) the graph will be depicted in a matrix for readers of this document (section 10) It will be impossible within a reasonable time frame for the document to define all possible sets, for all ENs, that will transition to IPv6. The documents objective is to provide enough data to those working to define transition for an EN can use this document as analysis. In addition, the document will be useful for implementors to select specific EN transition strategies to support. draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 8] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 5. Enterprise Network Scenarios Overview These are the six scenarios that will be used in the document to drive the ENPTs, which will be determined by the transition variables, methods, and tools. This is an overview of each of the scenarios. Scenario #1 A large (20,000+ node) enterprise has an existing IPv4 network and wishes to turn on IPv6 for an engineering development group of ~100 clients that exist at two geographic sites. Each engineering group is on its own switched subnet. The IPv6 clients need to communicate with each other, but still need access to IPv4 based services provided by the corporation. What needs to be done to enable this deployment and where? Scenario #2 An enterprise decides to deploy wireless services across their network, and for reasons of geography and topology groups of access points end up on different subnets. To optimize their support for IP mobility, they choose to make this service IPv6-only, while to secure the air link they choose to have all connections use a VPN access technology. These mobile IPv6-only nodes will still need access to legacy IPv4-only applications. Scenario #3 A modest sized (<10,0000 nodes) multi-site enterprise has deployed IPv4-NAT with overlapping private address ranges between the sites. They are looking to improve productivity through a peer-to-peer conferencing application, that will need to work between sites. They are willing to update the operating systems running that application to support both IPv4 & IPv6, and over time will do the same for other services on the network. Which transition technologies are applicable initially as they begin using the application? What changes or additional technologies are applicable when the ISP for some, but not all sites, offers native IPv6 service? What transition technologies are applicable when all ISPs offer IPv6 services, but some of the internal nodes remain IPv4-only? Scenario #4 A very large global enterprise interacts with a public and private Internet as a cohesive unit, but is composed of several administratively distinct business units. Some of the business units want to deploy a substantial number of stationary nodes (>10,000) in a single subnet, while having those subnets accessible by all the business units. To accomplish this as well as support wireless mobility and peer-to-peer conferencing, they choose to enable these new services as IPv6-only. At the same time there is need to support legacy IPv4-only applications, and access the public Internet from the wireless mobile nodes. What transition technologies are applicable when only parts of a geographically disperse business unit are capable of IPv6 packet forwarding? What transition technologies become applicable when an entire business unit is capable, but other business units are not fully capable? What transition technologies apply at the boundary to draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 9] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 the public Internet? Scenario #5 Two large enterprises using IPv4-NAT merge with the consequence that large segments of private network address space overlap. To allow the network operations to merge they decide to deploy IPv6 across the network core and support infrastructure first. What transition mechanisms apply to the process of migrating and managing the network core? What transition technologies apply to the support infrastructure? To further integrate the systems, what transition technologies are applicable to the end nodes? Scenario #6 A new Enterprise network is being defined for a new Trucking Business that provides location based services for their Truck Fleet over a wide geography. The network will grow to > 10,000 nodes, and the Truck Fleets and Account Teams will use Mobile devices to access the Enterpise network's data and services. In addition many employees will be able to telecommute and work from home. There is no physical Enterprise network today, and the Enterprise network team for the business wants to build this new network with IPv6. draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 10] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 6. Enterprise Points of Transition Methods The Enterprise network will have varying points of transition that will require different points of interoperability with IPv6 and IPv4. These points of transition are the fulcrum of the template to define what is required for Enterprise networks within the focus of this document. 6.1 M1: IPv4 Tunnels to Encapsulate IPv6 This ENPT exists for the following conditions: 1. Two DSNs want to communicate using IPv6 within an ENAD but IPv4 ENIR is between them. These nodes could also be ENMNs. 2. Two DSNs want to communicate using IPv6 within an ENAD, but they are in remote site ENAD geographies and packets must be sent to INP or PNP. These nodes could also be ENMNs. 3. An ENMN DSN within the ENAD wants to communicate with IPv6 node and services in the ENAD, and is on remote IPv4 network. 4. An ENMN DSN not within the ENAD wants to communicate with IPv6 node and services in the ENAD, and is on remote IPv6 network. 5. Two ENMN DSNs want to communicate using IPv6, and both are on remote IPv4 network. 6. Two ENMN DSNs want to communicate using IPv6, and both are on remote IPv6 network. 7. Others ???? 6.2 M2: IPv6 Tunnels to Encapsulate IPv4 This ENPT exists for the following conditions: 1. A DSN wants to communicate to a legacy ENAD IPv4 service and is on a Native IPv6 link and Routing Domain. EN policy is that IPv6 should be used to encapsulate IPv4 from the DSN, ENIR, or ENBR to legacy IPv4 services and nodes. 2. A DSN wants to communicate to a legacy ENAD IPv4 service and is on a Native IPv6 link and Routing Domain. EN policy is that for DSNs IPv4 can be used if supported by the ENIR or ENBR. 3. Same conditions above but for ENMN DSN within the ENAD and not within the ENAD. 4. Others ?? 6.3 M3: IPv6 NAT to Communicate with IPv4 1. A DSN wants to communicate with a legacy ENAD IPv4 ONLY service or node. EN policy is that IPv6 NAT should be used for this communications. 2. An IPv6 ONLY node wants to communicate with a legacy ENAD IPv4 ONLY node or service. 3. Same conditions above but for ENMN IPv6 ONLY node within the ENAD and not within the ENAD. draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 11] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 4. Others ???? ***IMPORTANT Discussion for Design Team and Working Group*** Should we recommend the following to the working group in the next draft and discuss at the IETF Atlanta meeting with the working group the following: 1. The EN Design Team highly recommends that ENs not adopt the policy in reference "1" above. 2. IPv6 ONLY nodes should not be deployed in an EN until they will not require access to any legacy IPv4. This means that applications and infrastructure has been ported or moved to IPv6. Until that time nodes for transition should be DSNs. This means ENs that want to use IPv6 ONLY nodes will be required to move applications and infrastructure to IPv6 first. We also need to get industry input from IPv6 early adopters and those planning to move to IPv6 or in IPv6 test mode to note in this draft. It is imperative we get all input on this issue because it can mean avoiding NAT for IPv6 and the loss of end-2-end communications and security for the deployment of Next Generation Networks. 6.4 M4: IPv6 Native LANs This ENPT exists when the ENAD wants to support the deployment of Native IPv6 LANs. This condition will be driven by the EN transition variables V1-V14 stated in Section 4. 6.5 M5: IPv6 Native Routing Domains This ENPT exists when the ENAD and/or the ENE wants to support the deployment of IPv6 Native Routing Domains. This condition will be driven by the EN variables V1-14 stated in Section 4. 6.6 M6: Dual Stack Nodes supporting IPv6 and IPv4 This ENPT is a method to deploy IPv6 and a method for transition. An EN that deploys DSNs as they adopt IPv6 are more assured that IPv6 and IPv4 interoperation will be possible between the two nodes or services. It also means for many legacy IPv4 nodes that they can be upgraded to support IPv4 and IPv6, but not turn on IPv6 until the IPv6 operational network has been verified to be interoperable and secure. It also means that both IPv4 and IPv6 can be supported by the nodes that transition to IPv6 and then will be able to communicate with IPv4 nodes using an IPv4 network infrastructure. 6.7 M7: Single Stack IPv6 ONLY Nodes This ENPT will exist when ENs deploy IPv6 ONLY nodes. At this time there are no known implementations of these node types. This method draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 12] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 for transition will require IPv6 NAT and the EN will lose IPv6 capability and end-2-end security for IPv6 ONLY to IPv4 ONLY communications. See IMPORTANT discussion for Design Team and Working Group in Section in Section 6.3. draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 13] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 7. Enterprise Network Infrastructure Points of Transition The Enterprise will be required to determine what network infrastructure will be affected by transtion to IPv6. This infrastructure must be analyzed and understood as a critical resource to manage within the ENAD. Each topic below in this section will be discussed and the issues facing transition for these network infrastructure parts will be discussed. 7.1 DNS This will be discussed in the next draft. 7.2 Routing This will be discussed in the next draft. 7.3 Autoconfiguration This will be discussed in the next draft. 7.4 Security This will be discussed in the next draft. 7.5 Applications and APIs This will be discussed in the next draft. 7.6 IPv6 Address Scoping This will be discussed in the next draft. 7.7 Network Management This will be discussed in the next draft. 7.8 Address Planning This will be discussed in the next draft. draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 14] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 8. Enterprise Tools Requirements This section will identify the tools requirements for an EN transitioning to IPv6 so the configuration issues for the EN are documented for the document. 8.1 Routing Configuration This will be discussed in the next draft. 8.2 DNS Configuration This will be discussed in the next draft. 8.3 IPv6 Address Allocation and Configuration This will be discussed in the next draft. 8.4 IPv4 Address Allocation and Configuration This will be discussed in the next draft. 8.5 VPN/Tunnel Configuration This will be discussed in the next draft. 8.6 Mobile Node IPv4/IPv6 Interoperation Configuration This will be discussed in the next draft. draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 15] INTERNET-DRAFT draft-pouffary-v6ops-ent-v6net-01.txt October 2002 9. Enterprise Network Scenarios in Depth This section will discuss the Scenarios in depth and identify the transition methods options and tools requirements from previous sections. This will be done in the next draft. 10. Enteprise Network Scenarios Matrix Graph This section will provide a set of matrices from the scenarios, transition variables, methods, and tools to define and determine common points of transition across the Scenarios. This will be done in the next draft. 11. Applicability Statement This will be done in a future draft as we get more working group discussion. 12. Security Section The first iteration of this section will be done in the next draft. Acknowledgments This will be added in a future draft. References These will be provided as the drafts mature and we reference related work in the IETF and in the Industry. Authors' Addresses Send email to ent-v6net@viagenie.qc.ca to contact the design team and send comments on the draft to v6ops@ops.ietf.org. Authors contact info will be provided in the next draft. draft-pouffary-v6ops-ent-v6net-01.txt Expires April 2003 [Page 16]