Softwires C. Zhou Internet-Draft T. Tsou Intended status: Standards Track Huawei Technologies Expires: December 20, 2010 Y. Lee, Ed. Comcast June 18, 2010 Deployment DS-lite in Point-to-Point Access Network draft-zhou-softwire-ds-lite-p2p-01 Abstract Gateway-Initiated Dual-Stack lite (GI-DS-lite) is a proposal to logically extend existing access tunnels beyond the access gateway to DS-Lite Address Family Transition Router element (AFTR) using softwires with an embedded context identifier. This memo describes a deployment model using GI-DS-lite in Point-to-Point access network. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on December 20, 2010. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Zhou, et al. Expires December 20, 2010 [Page 1] Internet-Draft DS-lite on Pt-to-Pt Access Network June 2010 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Scope and Requirements . . . . . . . . . . . . . . . . . . . . 3 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Current Deployment . . . . . . . . . . . . . . . . . . . . 4 3.2. DS-lite in Point-to-Point Access Network . . . . . . . . . 5 4. Requirements Language . . . . . . . . . . . . . . . . . . . . . 6 5. Proposed Alternative Context Identifier . . . . . . . . . . . . 6 6. Management of Devices behind CPE . . . . . . . . . . . . . . . 7 7. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 7 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8 10. Security Considerations . . . . . . . . . . . . . . . . . . . . 8 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 11.1. Normative References . . . . . . . . . . . . . . . . . . . 8 11.2. Informative References . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 Zhou, et al. Expires December 20, 2010 [Page 2] Internet-Draft DS-lite on Pt-to-Pt Access Network June 2010 1. Introduction GI-DS-lite [I-D.ietf-softwire-gateway-init-ds-lite] describes the use of Gateway-Initiated softwire tunnels operating between the Gateway and the Address Family Transition Router (AFTR) to conserve IPv4 addresses. Flows from multiple access devices (CPEs) can be distinguished through use of Context Identifiers (CID). GI-DS-lite describes an architecture where each CPE is a single device. It does not cover the case where each CPE manages multiple hosts. This is common in fixed network deployment and home network deployment over air. GI-DS-lite proposes few tunnel modes used for CID. One option is to use Plain IP-in-IP. In this mode, a unique IPv4 address must be assigned for each CPE from the gateway. As such, it does not support CPEs using overlapped address. To support overlapped address space, stateful tunnel (eg. GRE) is required between gateway and AFTR. It is expensive to create one stateful tunnel per CPE especially in fixed network non-mobility deployment. DS-Extra-lite [I-D.arkko-dual-stack-extra-lite] describes that when the CPE is connected to the gateway by point-to-point link rather than shared media connection, it is unnecessary for the CID to be an IP address. If another identifier with the required uniqueness properties can be found (eg. VLAN and ATM PVC), the gateway can use the per-interface identity to uniquely identify the CPE. This relaxes the contraint of using CPE's IPv4 address for uniqueness. This memo describes a framework to use the point-to-point identifier and the IPv6 Flow Label [RFC3697] to create a unique binding in the AFTR for CPEs using overlapped address space in the point-to-point access network. 2. Scope and Requirements This specification focuses on the point-to-point access network deployment using GI-DS-lite. Other deployment scenarios are out of scope. These are the assumptions of the network: 1. The access network is point-to-point. 2. The access network is not yet IPv6 enabled. 3. Avoid double-NAT. 4. Edge router does not perform NAT. Zhou, et al. Expires December 20, 2010 [Page 3] Internet-Draft DS-lite on Pt-to-Pt Access Network June 2010 5. Edge router uses plain IP-in-IPv6 to connect to AFTR. 6. Extend the point-to-point mapping to AFTR. 3. Overview 3.1. Current Deployment Many operators use point-to-point (eg. PPP) to connect to their customers. The operators give each customer a public IPv4 address. Many customers also have a gateway (managed or unmanaged) which is a NAT device managing the customer's internal network. Figure 1 shows a common deployment architecture. | | IPv4 Internet | +------+------+ | Gateway | +-------------+ / \ Layer-3 / \ Layer-3 +----+ +----+ | ER | | ER | +----+ +----+ /\ /\ / \ / \ Pt-to-Pt NAT/ \NAT NAT/ \NAT +===+ +===+ +===+ +===+ | A | | B | | C | | D | +===+ +===+ +===+ +===+ | | | | --+-- --+-- --+-- --+-- | | | | | | | | H1 H2 H3 H4 H5 H6 H7 H8 Access CPEs A,B,C,D all use 192.168.1.0/24 for their internal network. Figure 1 Each CPE has been assigned a unique global IPv4 address and performs NAT for the hosts, so Edge Router (ER) can uniquely identify the CPEs by their IP addresses. Zhou, et al. Expires December 20, 2010 [Page 4] Internet-Draft DS-lite on Pt-to-Pt Access Network June 2010 3.2. DS-lite in Point-to-Point Access Network When IPv4 addresses are scarce, operators may want to increase the IPv4 address utilization by sharing a single IPv4 address to multiple users. DS-Lite [I-D.ietf-softwire-dual-stack-lite] describes a framework to implement B4 element in the CPE and encapsulate the IPv4 datagram inside an IPv6 datagram (IP-in-IPv6) to AFTR in the operator network for NAT-ing. The AFTR uses the unique IPv6 address of the B4 to identify the CPE. This framework works well for both shared media network and point-to-point access network, but it requires the operator to upgrade the access network to IPv6. In point-to-point access network, each CPE has a unique point-to- point link. The operator can use the link information to identify the CPE. In this specification, the operator does not give any IPv4 or IPv6 address to the CPE. Instead, each point-to-point interface is an unnumbered interface. The CPE is still an IPv4 DHCP server for its internal network, it continues to offer [RFC1918] addresses to its managed hosts. In this memo, the CPE does not NAT the packets coming from its hosts. Instead, the CPE simply puts the packets to the point-to-point link and forward to the ER. When ER receives the packet, it maps the point-to-point identifier to the IPv6 Flow Label [RFC3697] and send to the AFTR for NAT. Figure 2 shows the architecture. Zhou, et al. Expires December 20, 2010 [Page 5] Internet-Draft DS-lite on Pt-to-Pt Access Network June 2010 | | IPv4 Internet +--------+ | DS-lite| NAT Mappings: | AFTR | (Flow Label, TCP port1 <-> +---++---+ a.b.c.d, TCP port2) || IPv6 || Softwire Tunnel (IP-in-IPv6) || (CID is the Flow Label) || +-----++------+ | Edge Router | Map IPv6 Flow Label to CID +-------------+ / \ Pt-to-Pt / \ unnumbered I/F +===+ +===+ | A | | B | Access CPE A and B +===+ +===+ use 192.168.1.0/24 | | --+-- --+-- | | | | H1 H2 H3 H4 .5 .6 .5 .6 Figure 2 In Figure 2, H1 and H3, and H2 and H4 use duplicate IP addresses. Since CPE A and B do not have IP address, the ER cannot use the IP address to returned packets to the hosts behind CPE A and B. Instead, ER creates a binding table to map the point-to-point identifier to the CPEs. Then, ER uses the IPv6 Flow Label [RFC3697] as the Context Identifier for the GI-DS-lite tunnel. No stateful tunnel is required between AFTR and ER. 4. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 5. Proposed Alternative Context Identifier This memo proposes that an additional type of context identifier be added to the set identified in GI-DS-lite. Where the tunnel between Zhou, et al. Expires December 20, 2010 [Page 6] Internet-Draft DS-lite on Pt-to-Pt Access Network June 2010 the Gateway and the AFTR is IP-in-IPv6, it is proposed to use the IPv6 Flow Label as the context identifier. The Flow Label is 20 bits, where the Context ID in GI-DS-lite is 32 bits. So, each softwire can support up to 2^20 or 1,048,576 CPEs. To support more CPEs in a single ER, multiple softwires can be provisioned between the ER and the AFTR. 6. Management of Devices behind CPE Some operators manage the home devices (eg. IP STB and VoIP adaptor) behind the CPE. This is done by port-forwarding the pre-configured ports in the CPE. If the CPE implemented this specification, the home device management traffic would be tunneled to the AFTR. The AFTR would also need to support special port-forwarding rules to allow in-bound connections to the home devices. This adds extra complexity to the AFTR and consumes many ports in the AFTR for port- forwarding. Since this management traffic is internally used by the operator only, the operator could address the CPE with [RFC1918]. This address space is managed by the operator and each CPE is assigned a unique RFC1918 address. The CPE contains the same port-forwarding rules for the managed home devices. When the CPE receives packets from the home devices, it will NAT the packet to the address assigned to the point-to-point link and forward to the ER. For the packets generated by the hosts, the CPE will use the specification to send the traffic unmodified to the ER. When the ER receives packets sourced from this [RFC1918] address space, it should not forward these packets to the AFTR via the softwire. Instead, the ER should forward the packets to the internal management network. To make the ER forwarding rule simple, the CPE management address space must not overlap with the address space used by the CPE for its internal hosts. 7. Conclusion We present a framework to deploy GI-DS-lite in point-to-point access network. This framework promotes IPv6 deployment from the core to the edge. When IPv6 is ready in the access network, the operators can either upgrade the CPE to B4 element and migrate to classic DS- lite deployment or provision dual-stack to the CPE and continue to use GI-DS-lite. Zhou, et al. Expires December 20, 2010 [Page 7] Internet-Draft DS-lite on Pt-to-Pt Access Network June 2010 8. Acknowledgements TBD 9. IANA Considerations This memo includes no request to IANA. 10. Security Considerations See the security considerations for [RFC3697] and [I-D.ietf-softwire-dual-stack-lite]. This proposal adds no further security considerations. 11. References 11.1. Normative References [I-D.ietf-softwire-dual-stack-lite] Durand, A., Droms, R., Haberman, B., Woodyatt, J., Lee, Y., and R. Bush, "Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion", draft-ietf-softwire-dual-stack-lite-04 (work in progress), March 2010. [I-D.ietf-softwire-gateway-init-ds-lite] Brockners, F., Gundavelli, S., Speicher, S., and D. Ward, "Gateway Initiated Dual-Stack Lite Deployment", draft-ietf-softwire-gateway-init-ds-lite-00 (work in progress), May 2010. [RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and E. Lear, "Address Allocation for Private Internets", BCP 5, RFC 1918, February 1996. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3697] Rajahalme, J., Conta, A., Carpenter, B., and S. Deering, "IPv6 Flow Label Specification", RFC 3697, March 2004. 11.2. Informative References [I-D.arkko-dual-stack-extra-lite] Arkko, J. and L. Eggert, "Scalable Operation of Address Zhou, et al. Expires December 20, 2010 [Page 8] Internet-Draft DS-lite on Pt-to-Pt Access Network June 2010 Translators with Per-Interface Bindings", draft-arkko-dual-stack-extra-lite-00 (work in progress), February 2010. Authors' Addresses Cathy Zhou Huawei Technologies Section B, Huawei Industrial Base Bantian Longgang Shenzhen 518129 P.R. China Email: cathyzhou@huawei.com URI: http://www.huawei.com Tina Tsou Huawei Technologies Bantian, Longgang District Shenzhen 518129 P.R. China Email: tena@huawei.com URI: http://www.huawei.com Yiu L. Lee (editor) Comcast One Comcast Center Philadelphia 19103 U.S.A. Email: yiu_lee@cable.comcast.com URI: http://www.comcast.com Zhou, et al. Expires December 20, 2010 [Page 9]