IETF IPv6 Working Group Haibo Wen Internet-Draft Alcatel Shanghai Bell Expires: December 22, 2006 June 23, 2006 Port Identifier option for RS/RA messages in IPv6 access network draft-wen-ipv6-rsra-opt-pid-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on December 22, 2006. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document makes an extension to stateless address auto- configuration (SAAC) mechanism by defining Port Identifier option for RS/RA messages in IPv6 access network. This option can make SAAC possible without upgrading access node and CPE to be layer 3 devices. Wen Expires December 22, 2006 [Page 1] Internet-Draft Port Identifier option for RS/RA June 2006 Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [3]. Terminology This document uses the terminology described in [1][2][3]. In addition, some new terms are defined below: Access node Access node is the point to which the subscriber network physically connects. In this document, Layer 3 access node is an access node that works at layer 3, acts as a router with access management functions in access network. Layer 2 access node is an access node that works at layer 2 and can handle some special layer 3 packet. Aggregation network The part of the network stretching from from access node to the Broadband Network Gateways(BNG, i.e., IP edge router). BRAS Broadband Remote Access Server is a broadband network gateway and is the aggregation point for the subscriber traffic. It also provides subscriber authentication, management and other functions before forwarding IP traffic to and receiving it from the Internet. Subscriber Network a network which is owned by a subscriber, and attached to an access node. In this network, all the terminals/hosts share same prefixes, each can be trusted to behave correctly, so they are friendly to each other. Subscriber network can also be called home network. 1. Introduction Stateless Address Auto-Configuration [1] (SAAC) is a very important feature for IPv6 technology. And SAAC has been proposed with the following goals: (1) No manual configuration of individual machines before connecting them to the network. (2)No DHCP server or router as a prerequistie for the communication between a set of machines attached to a single link. The machines can form their IPv6 addresses by appending their 64-bit interface identifier to a well-known link- local prefix. (3)No requirement of the presence of DHCP server for Wen Expires December 22, 2006 [Page 2] Internet-Draft Port Identifier option for RS/RA June 2006 address configuration in a large site with multiple networks and routers. (4) Facilitating the graceful renumbering of a site's machines. With the explosive growth of Internet and end user, Network Service Providers (NAP) are considering evolving their network architecture to support IPv6 technology. It's a trend that many terminals/hosts in subscriber network will connect to Internet via CPE in the future, thus the devices in subscriber network can form a subnet. Considering simple management and maintenance, the policy of one prefix per subscriber network, i.e., a /64 prefix will be assigned to each subscriber network, will be deployed by NAP. And in current access network, most of the CPEs in the subscriber networks are layer 2 devices, and the access nodes in aggregrate network are layer 2 devices, too. Because replacing CPE and access node to be layer 3 devices will require much more investment, it is a better way to make current access network support SAAC without this kind of investment. And this will help operators protect exiting investment. This document contributes on how to implement SAAC with one prefix per subscriber network in IPv6 access network without replacing current CPE and access node with layer 3 devices. This is done by defining a new option for Router Advertisment (RA) /Router Solicitation (RS) messages. 2. Port Identifier option 2.1 Motivation In the standard IPv6 stateless configuration, a router sends periodical as well as solicited RA messages out its advertising interfaces. The RA messages are encapsulated in ICMPv6 packets. Within the RA messages, global IP prefixes are advertised to the directly attached link. Thus all the terminals can obtain the IPv6 prefixes to form their global IPv6 addresses by appending their interface identifier to the IPv6 prefixes. When an interface of an IPv6 terminal becomes enabled, the terminal which may be unwilling to wait for the next unsolicited RA message to locate default routers or learn prefixes, will transimit RS message. In IPv6 access network with layer 2 CPE and layer 2 access node, RA messages will be advertised from BRAS/BNG to subscriber networks. For RS/RA messages, each subscriber network and the BRAS's interface that will advertise RA message must be formed into a logical LAN. If not, the following problems occur: (1) Because the subscriber network information (or subscriber line information) is terminated at the access node, BRAS/BNG cannot identify the originating subscriber network of any upstream RS message, then it doesn't know how to Wen Expires December 22, 2006 [Page 3] Internet-Draft Port Identifier option for RS/RA June 2006 choose correct prefix to form an appropriate RA to respond. (2) Access node couldn't know the exact destination subscriber network of each downstream RA message, if the RA message is broadcasted to all the subscriber networks connecting to the same access node, this may lead to prefix spoofing. Port Identifier (PID) option is defined in this document to solve the problems above-mentioned. It is kind of DHCP relay agent option (option 82) for Dynamic Host Configuration Protocol in IPv4. For the upstream RS message, access node inserts the subscriber line information (i.e., the Port Identifier of the user port on the access node) into RS with PID option. In downstream RA message, BRAS/BNG should arrange the PID option with the corresponding Prefix Information in pair (i.e., each RA contains a Port Identifier and the Prefix information that has been assigned to the subscriber network that connects to the port that is identified by Port identifier). 2.1 Port Identifier option Port Identifier (PID) option contains a subscriber network identifier , or the identifier of the port in relay agent (i.e., access node) which connects the subscriber network. In additon, it contains the relay agent ID which can be used by operator for network management purpose and also it can be used to help the BNG or BRAS forwards the RA to the correct relay agent efficiently. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved |I|Relay agent ID +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Relay agent ID ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Port Infomation ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Fields: Type 8-bit identifier of the option type (TBD: IANA) Option Name Type Port Identifier option (TBD) Length 8-bit unsigned integer. The length of the option (including the type and length fields) is in units of 8 octets. The value 0 is invalid. Nodes MUST silently discard an ND packet that contains an Wen Expires December 22, 2006 [Page 4] Internet-Draft Port Identifier option for RS/RA June 2006 option with length zero. Reserved 7-bit reserved field. It is set 0. I 1-bit field. If set to 1, it indicates Relay agent ID field carrys IPv6 address as Relay agent ID. Relay agent ID This field uniquely identifies an RS/RA relay agent (i.e., an access node). When field I is set to 1,an IPv6 address identifies the relay agent. Any layer 2/3 ID can be used by the service provider to identify the access node in its network if needed. Port Information This field consists of a sequence of SubOpt/Length /Value turples for each sub-option, encoded in the following manner(which will be discussed in 2.1.1): +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - | SubOpt Type |SubOpt Data Len| Option Data +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - SubOpt Data Len is the length of the Option Data field of this sub-option, in octets. Description This option is used in the network environment when RS/RA is running in aggregationn network, i.e., between subscriber network and BRAS/BNG; in another word, access node is not a layer3 access node and CPE is not a layer3 device either. This option is used to indicate which subscriber network sends the RS message or which subscriber network this RA message will be sent to. In upstream direction, access node is responsible for inserting this option in the incoming RS messages, then forwarding it to BNG (or BRAS). In downstream direction, BRAS/BNG addes this option to the corresponding RA, access nodes identify the option, remove it and forward the RA to correct subscriber network. This option has no influence of the protocol stack on hosts/terminals. Wen Expires December 22, 2006 [Page 5] Internet-Draft Port Identifier option for RS/RA June 2006 2.1.1 Sub-Options 2.1.1.1 Pad sub-options There are two pad sub-options which are used to insert to the Port Information field area of Port Identifier option. Normally, Pad sub- option appears in the end of Port Informaiton field to make sure that the whole Port Identifier option to be in units of 8 octets. Pad1 sub-option (alignment requirement: none) +-+-+-+-+-+-+-+-+ | 0 | +-+-+-+-+-+-+-+-+ NOTE! the format of the Pad1 option is a special case -- it does not have length and value fields. The Pad1 option is used to insert one octet of padding into the Port Information field of Port Identifier option. If more than one octet of padding is required, the PadN option, described next, should be used, rather than multiple Pad1 options. PadN option (alignment requirement: none) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - | 1 |SubOpt Data Len| Option Data +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - The PadN option is used to insert two or more octets. For N octets of padding, the SubOpt Data Len field contains the value N-2, and the Option Data consists of N-2 zero-valued octets. 2.1.1.2 Agent Circuit ID Sub-option This sub-option may be added by access nodes (or Relay Agent) which terminate switched or permanent circuits or port or logical port. It encodes an agent-local identifier of the circuit (i.e., port identifier) from which a RS message was received. It is intended for use by access nodes/agents in relaying RA messages back to the proper circuit/DSL-line/subscriber network. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SubOpt Type(2)|SubOpt Data Len| Circuit ID Info ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Wen Expires December 22, 2006 [Page 6] Internet-Draft Port Identifier option for RS/RA June 2006 Fields: SubOpt Type 8-bit identifier of the option type: 2. SubOpt Data Len 8-bit unsigned integer. The length of Circuit Information field is in octets. The value 0 is invalid. Nodes MUST silently discard an ND packet that contains an option with length zero. Circuit ID Info. This field is possible be the user port number of access node, or cable data virtual circuit number, or other local number which can be used to identify the connection to subscriber network. 3. Scenarios for usage of new option for stateless auto-configuration in IPv6 access network 3.1 No router in the subscriber network Figure 1 illustrates a network architecture where there is no routed gateway in the subscriber network. The terminals in the subscriber network are connected to layer 2 access node located in NAP network through bridged CPE. Terminals initiate RS message to access network, and BRAS can advertise RA message to the subscriber network. The Figure 2 shows the procedure of stateless auto-configuration in this IPv6 access network. ____________________ / \ | ISP core network | \__________ _________/ | +-------+-------+ | BRAS | \ +-------+-------+ \ __________|___________ \ / \ | | aggregation network | | \__________ ___________/ | | | +-------+-------+ | | layer 2 | | access | access node | | network +-------+-------+ | / | / Wen Expires December 22, 2006 [Page 7] Internet-Draft Port Identifier option for RS/RA June 2006 / | +------+------+ |DSL to subscriber / | subscriber | |premises / | network 2 | | +------+------+ | \ +------+------+ \ | CPE | \ | (bridge) | \ +------+------+ | | | Subscriber +------------+--------------+ | network | | | | +-----+----+ +----+-----+ +-----+----+ / | terminal | | terminal | | terminal | / +----------+ +----------+ +----------+ / Figure 1: network architecture for IPv6 access The procedure consists of the following steps: Step (a) : IPv6 terminal/Host sends RS (Router Solicitation) message to get RA message. Step (b) : Layer 2 access node inserts PID option to the incoming RS message, and forward this RS to the BRAS/BNG. Step (c) : BRAS/BNG forms the appropriate RA message according to the Port ID in RS message, and then advertise it. The RA message will containing the appropriate PID option and Prefix Information option. The Port ID option is copied from the corresponding RS message. Step (d) : Access node receives the RA message, removes the PID option from RA message, and then forward it to the corresponding subscriber network. Then the terminal can obtain the prefix from the RA message. +---------+ +-----------+ +------------------+ |User IPv6| | layer2 | |ISP's edge router | | terminal| |access node| | or BNG | +---------+ +-----------+ +------------------+ | | | (a)|------RS message------>| | | | (b)|--------RS with PID option-------->| (c)|<-------RA with PID and Prefix-----| | Information option | Wen Expires December 22, 2006 [Page 8] Internet-Draft Port Identifier option for RS/RA June 2006 | | (d)|<--RA with Prefix --| | Information option | Figure 2. Procedure of stateless auto-configuration for scenario 1 In this procedure, access node and BRAS/BNG are reponsible for inserting/removing/identifying the Port Identifier option. It only request access node and BRAS/BNG to implement this functionality. There is no any requirement on terminals/hosts. 3.2 Co-existence for different subscriber networks subscriber neteworks access network ___________/\________________ ___________/\_______________ / \ / \ +--------+ +---------+ +--+------+ +--------------+ | host1 |----| router1 |--------| L2 AN |----| BRAS/router | +--------+ +---------+ +---+-----+ +--------------+ +-----+ | | | +--------+ +---------+ | | host2 |-------| L2 CPE | | +--------+ +---------+ | +-----------+ +--------+ | | host3 |--+ +-----+---+ +--------+ +-----| L2 CPE | +---------+ +------+/ | host | +------+ Figure 3. the coexitence of different subscriber networks Figure 3 shows the coexistence of different subscriber networks are connected to access network: there are three subscriber networks, one subscriber network has a router (i.e., router1) as its home gateway, the other two subscriber networks have L2 CPE (i.e., layer2 CPE) as their home gateway. L2 AN is Layer2 access node. The policy of one prefix per subscriber network is still adopted. There are two cases for SAAC: (1) the subscriber network with router as its home gateway: Router1 will get its IPv6 prefix via DHCPv6 Prefix Delegation from BRAS/router, then SAAC will be carried out within this subscriber network. No RS message will be sent to the access network by this Wen Expires December 22, 2006 [Page 9] Internet-Draft Port Identifier option for RS/RA June 2006 subscriber network. RS/RA is running only within this subscriber network. (2) the subscriber network without router in itself: RS will be sent to the access network, and L2 AN will insert the corresponding PID option and then forward to BRAS/router, a RA with PID option and Prefix Information option will be advertised to the corresponding L2 AN, then this AN removes the PID option and forwards the RA to the correct subscriber network. 4. Acknowledgements The author would like to thank Songwei Ma, David Watkinson, Stefaan De Cnodder, Jan Van den Abeele, Sven Ooghe, and the other members in R&I wired access group in Alcatel Shanghai Bell for their comments and help, and aslo thank the experts in IPv6 working group. 5. References 5.1 Normative References [1] S. Thomson, and T. Narten, "IPv6 Stateless Address Autoconfiguration", RFC2462, December 1998. [2] S. Deering, and R. Hiden, "Internet Protocol, Version 6 (IPv6) Specification", RFC2460, December 1998. [3] S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. Authors' Addresses Haibo Wen Alcatel Shanghai Bell Co., Ltd. 388#, NingQiao Road, Pudong Jinqiao Shanghai 201206 P.R. China Phone: +86 (21) 5854-1240, ext.: 9273 Email: Haibo.WEN@alcatel-sbell.com.cn Wen Expires December 22, 2006 [Page 10] Internet-Draft Port Identifier option for RS/RA June 2006 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Wen Expires December 22, 2006 [Page 11]