V6OPS Working Group | P. Matthews |
Internet-Draft | Alcatel-Lucent |
Intended status: Informational | V. Kuarsingh |
Expires: October 4, 2015 | Dyn |
April 2, 2015 |
Some Design Choices for IPv6 Networks
draft-ietf-v6ops-design-choices-07
This document presents advice on certain routing-related design choices that arise when designing IPv6 networks (both dual-stack and IPv6-only). The intended audience is someone designing an IPv6 network who is knowledgeable about best current practices around IPv4 network design, and wishes to learn the corresponding practices for IPv6.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 4, 2015.
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
This document discusses certain choices that arise when designing a IPv6-only or dual-stack network. The focus is on routing-related design choices that do not usually come up when designing an IPv4-only network. The document presents each choice and the alternatives, and then discusses the pros and cons of the alternatives in detail. Where consensus currently exists around the best practice, this is documented; otherwise the document simply summarizes the current state of the discussion. Thus this document serves to both document the reasoning behind best current practices for IPv6, and to allow a designer to make an informed choice where no such consensus exists.
This document does not present advice on strategies for adding IPv6 to a network, nor does it discuss transition mechanisms. For advice in these areas, see [RFC6180] for general advice, [RFC6782] for wireline service providers, [RFC6342] for mobile network providers, [RFC5963] for exchange point operators, [RFC6883] for content providers, and both [RFC4852] and [RFC7381] for enterprises. Nor does this document discuss the particulars of creating an IPv6 addressing plan; for advice in this area, see [RFC5375] or [v6-addressing-plan]. The details of ULA usage is also not discussed; for this the reader is referred to [I-D.ietf-v6ops-ula-usage-recommendations].
Finally, this document focuses on unicast routing design only and does not cover multicast or the issues involved in running MPLS over IPv6 transport.
Each subsection below presents a design choice and discusses the pros and cons of the various options. If there is consensus in the industry for a particular option, then the consensus position is noted.
If a network is going to carry both IPv4 and IPv6 traffic, as many networks do today, then a fundamental question arises: Should an operator mix IPv4 and IPv6 traffic or keep them separated? More specifically, should the design:
Option (a) implies a single layer-3 interface at each end of the connection with both IPv4 and IPv6 addresses; while option (b) implies two layer-3 interfaces at each end, one for IPv4 addresses and one with IPv6 addresses.
The advantages of option (a) include:
For these reasons, there is a relatively strong consensus in the operator community that option (a) is the preferred way to go. Most networks today use option (a) wherever possible.
However, there can be times when option (b) is the pragmatic choice. Most commonly, option (b) is used to work around limitations in network equipment. One big example is the generally poor level of support today for individual statistics on IPv4 traffic vs IPv6 traffic when option (a) is used. Other, device-specific, limitations exist as well. It is expected that these limitations will go away as support for IPv6 matures, making option (b) less and less attractive until the day that IPv4 is finally turned off.
As noted in the introduction, this document does not cover the ins and outs around creating an IPv6 addressing plan. However, there is one fundamental question in this area that often arises: Should an interface:
There are two advantages in interfaces with only link-local addresses ("link-local-only interfaces"). The first advantage is ease of configuration. In a network with a large number of link-local-only interfaces, the operator can just enable an IGP on each router, without going through the tedious process of assigning and tracking the addresses for each interface. The second advantage is security. Since packets with Link-Local destination addresses should not be routed, it is very difficult to attack the associated nodes from an off-link device. This implies less effort around maintaining security ACLs.
Countering this advantage are various disadvantages to link-local-only interfaces:
It should be noted that it is quite possible for the same link-local address to be assigned to multiple interfaces. This can happen because the MAC address is duplicated (due to manufacturing process defaults or the use of virtualization), because a device deliberately re-uses automatically-assigned link-local addresses on different links, or because an operator manually assigns the same easy-to-type link-local address to multiple interfaces. All these are allowed in IPv6 as long as the addresses are used on different links.
For more discussion on the pros and cons, see [RFC7404]. See also [RFC5375] for IPv6 unicast address assignment considerations.
Today, most operators use interfaces with global or unique-local addresses (option b).
For the most part, the use of static routes in IPv6 parallels their use in IPv4. There is, however, one exception, which revolves around the choice of next-hop address in the static route. Specifically, should an operator:
Recall that the IPv6 specs for OSPF [RFC5340] and ISIS [RFC5308] dictate that they always use link-locals for next-hop addresses. For static routes, [RFC4861] section 8 says:
This implies that using a GUA or ULA as the next hop will prevent a router from sending Redirect messages for packets that "hit" this static route. All this argues for using a link-local as the next-hop address in a static route.
However, there are two cases where using a link-local address as the next-hop clearly does not work. One is when the static route is an indirect (or multi-hop) static route. The second is when the static route is redistributed into another routing protocol. In these cases, the above text from RFC 4861 notwithstanding, either a GUA or ULA must be used.
Furthermore, many network operators are concerned about the dependency of the default link-local address on an underlying MAC address, as described in the previous section.
Today most operators use GUAs as next-hop addresses.
One of the main decisions for an IPv6 implementer is the choice of IGP (Interior Gateway Protocol) within the network. The primary options are OSPF [RFC2328] [RFC5340] or IS-IS [RFC5120] [RFC5308], though some operators may consider RIP [RFC2080] or non-standardized protocols. Here we limit our discussion to the pros and cons of OSPF vs. IS-IS.
The discussion in this section revolves around the options in the table below:
Option | IGP for IPv4 | IGP for IPv6 | Known to work well | Hard separation | Similar configuration possible |
---|---|---|---|---|---|
a | IS-IS | IS-IS | YES | - | YES |
b | IS-IS | OSPFv3 | - | YES | - |
c | OSPFv2 | IS-IS | YES | YES | - |
d | OSPFv2 | OSPFv3 | YES | YES | YES |
e | OSPFv3 | IS-IS | - | YES | - |
f | OSPFv3 | OSPFv3 | - | - | YES |
Three of the options above are marked as "Known to work well". These options have seen significant deployments and are generally considered to be good choices. The other options represent valid choices, but have not seen widespread use, so it is hard to offer comments on how well they work. In particular, options (e) and (f) use OSPFv3 to route IPv4 [RFC5838], which is still rather new and untested.
A number of options are marked “Hard separation”. These options use a different IGP for IPv4 vs IPv6. With these options, a problem with routing IPv6 is unlikely to affect IPv4 or visa-versa.
Three options are marked “Similar configuration possible”. This means it is possible (but not required) to use very similar IGP configuration for IPv4 and IPv6: for example, the same area boundaries, area numbering, link costing, etc. If you are happy with your IPv4 IGP design, then this will likely be a consideration. By contrast, the options that use IS-IS for one IP version and OSPF for the other version will require considerably different configuration, and will also require the operations staff to become familiar with the difference between the two protocols.
With option (a), there is an additional choice of whether to run IS-IS in single-topology mode (where IPv4 and IPv6 share a single topology and a single set of link costs[RFC5308]) or multi-topology mode (where IPv4 and IPv6 have separate topologies and potentially different link costs[RFC5120]). A big problem with single-topology mode is that it cannot easily accommodate devices that support IPv4-only or IPv6-only. Thus, today there is general agreement that multi-topology is the right choice as this gives the greatest flexibility in network design.
It should be noted that a number of ISPs have run OSPF as their IPv4 IGP for quite a few years, but have selected IS-IS as their IPv6 IGP. However, there are very few (none?) that have made the reverse choice. This is, in part, because routers generally support more nodes in an IS-IS area than in the corresponding OSPF area, and because IS-IS is seen as more secure because it runs at layer 2.
BGP these days is multi-protocol. It can carry routes from many different families, and it can do this when the BGP session, or more accurately the underlying TCP connection, runs over either IPv4 or IPv6 (here referred to as either "IPv4 transport" or "IPv6 transport"). Given this flexibility, one of the biggest questions when deploying BGP in a dual-stack network is the question of which routes should be carried over sessions using IPv4 transport and which should be carried over sessions using IPv6 transport.
To answer this question, consider the following table:
Route Family | Transport | Comments |
---|---|---|
Unlabeled IPv4 | IPv4 | Works well |
Unlabeled IPv4 | IPv6 | Next-hop issues |
Unlabeled IPv6 | IPv4 | Next-hop issues |
Unlabeled IPv6 | IPv6 | Works well |
Labeled IPv4 | IPv4 | Works well |
Labeled IPv4 | IPv6 | Next-hop issues |
Labeled IPv6 | IPv4 | (6PE) Works well |
Labeled IPv6 | IPv6 | Needs MPLS over IPv6 |
VPN IPv4 | IPv4 | Works well |
VPN IPv4 | IPv6 | Next-hop issues |
VPN IPv6 | IPv4 | (6VPE) Works well |
VPN IPv6 | IPv6 | Needs MPLS over IPv6 |
The first column in this table lists various route families, where “unlabeled” means SAFI 1, “labeled” means the routes carry an MPLS label (SAFI 4, see [RFC3107]), and “VPN” means the routes are normally associated with a layer-3 VPN (SAFI 128, see [RFC4364] ). The second column lists the protocol used to transport the BGP session, frequently specified by giving either an IPv4 or IPv6 address in the “neighbor” statement.
The third column comments on the combination in the first two columns:
Also, it is important to note that changing the set of address families being carried over a BGP session requires the BGP session to be reset (unless something like [I-D.ietf-idr-dynamic-cap] or [I-D.ietf-idr-bgp-multisession] is in use). This is generally more of an issue with eBGP sessions than iBGP sessions: for iBGP sessions it is common practice for a router to have two iBGP sessions, one to each member of a route reflector pair, so one can change the set of address families on first one of the sessions and then the other.
The following subsections discuss specific scenarios in more detail.
Unlabeled routes are commonly carried on eBGP sessions, as well as on iBGP sessions in networks where Internet traffic is carried unlabeled across the network. In these scenarios, operators today most commonly use two BGP sessions: one session is transported over IPv4 and carries the unlabeled IPv4 routes, while the second session is transported over IPv6 and carries the unlabeled IPv6 routes.
There are several reasons for this choice:
In these scenarios, it is most common today to carry both the IPv4 and IPv6 routes over sessions transported over IPv4. This can be done with either: (a) one session carrying both route families, or (b) two sessions, one for each family.
Using a single session is usually appropriate for an iBGP session going to a route reflector handling both route families. Using a single session here usually means that the BGP session will reset when changing the set of address families, but as noted above, this is usually not a problem when redundant route reflectors are involved.
In eBGP situations, two sessions are usually more appropriate.
When running eBGP over IPv6, there are two options for the addresses to use at each end of the eBGP session (or more properly, the underlying TCP session):
Note that the choice here is the addresses to use for the eBGP sessions, and not whether the link itself has global (or unique-local) addresses. In particular, it is quite possible for the eBGP session to use link-local addresses even when the link has global addresses.
The big attraction for option (a) is security: an eBGP session using link-local addresses is extremely difficult to attack from a device that is off-link. This provides very strong protection against TCP RST and similar attacks. Though there are other ways to get an equivalent level of security (e.g. GTSM [RFC5082], MD5 [RFC5925], or ACLs), these other ways require additional configuration which can be forgotten or potentially mis-configured.
However, there are a number of small disadvantages to using link-local addresses:
For these reasons, most operators today choose to have their eBGP sessions use global addresses.
There are two themes that run though many of the design choices in this document. This section presents some general discussion on these two themes.
The proper use of link-local addresses is a common theme in the IPv6 network design choices. Link-layer addresses are, of course, always present in an IPv6 network, but current network design practice mostly ignores them, despite efforts such as [RFC7404].
There are three main reasons for this current practice:
Currently, most operators are running or planning to run networks that carry both IPv4 and IPv6 traffic. Hence the question: To what degree should IPv4 and IPv6 be kept separate? As can be seen above, this breaks into two sub-questions: To what degree should IPv4 and IPv6 traffic be kept separate, and to what degree should IPv4 and IPv6 routing information be kept separate?
The general consensus around the first question is that IPv4 and IPv6 traffic should generally be mixed together. This recommendation is driven by the operational simplicity of mixing the traffic, plus the general observation that the service being offered to the end user is Internet connectivity and most users do not know or care about the differences between IPv4 and IPv6. Thus it is very desirable to mix IPv4 and IPv6 on the same link to the end user. On other links, separation is possible but more operationally complex, though it does occasionally allow the operator to work around limitations on network devices. The situation here is roughly comparable to IP and MPLS traffic: many networks mix the two traffic types on the same links without issues.
By contrast, there is more of an argument for carrying IPv6 routing information over IPv6 transport, while leaving IPv4 routing information on IPv4 transport. By doing this, one gets fate-sharing between the control and data plane for each IP protocol version: if the data plane fails for some reason, then often the control plane will too.
This document makes no requests of IANA.
This document introduces no new security considerations that are not already documented elsewhere.
The following is a brief list of pointers to documents related to the topics covered above that the reader may wish to review for security considerations.
For general IPv6 security, [RFC4942] provides guidance on security considerations around IPv6 transition and coexistence.
For OSPFv3, the base protocol specification [RFC5340] has a short security considerations section which notes that the fundamental mechanism for protecting OSPFv3 from attacks is the mechanism described in [RFC4552].
For IS-IS, [RFC5308] notes that ISIS for IPv6 raises no new security considerations over ISIS for IPv4 over those documented in [ISO10589] and [RFC5304].
For BGP, [RFC2545] notes that BGP for IPv6 raises no new security considerations over those present in BGP for IPv4. However, there has been much discussion of BGP security recently, and the interested reader is referred to the documents of the IETF's SIDR working group.
Many, many people in the V6OPS working group provided comments and suggestions that made their way into this document. A partial list includes: Rajiv Asati, Fred Baker, Michael Behringer, Marc Blanchet, Ron Bonica, Randy Bush, Cameron Byrne, Brian Carpenter, KK Chittimaneni, Tim Chown, Lorenzo Colitti, Gert Doering, Francis Dupont, Bill Fenner, Kedar K Gaonkar, Chris Grundemann, Steinar Haug, Ray Hunter, Joel Jaeggli, Victor Kuarsingh, Jen Linkova, Ivan Pepelnjak, Alexandru Petrescu, Rob Shakir, Mark Smith, Jean-Francois Tremblay, Dave Thaler, Tina Tsou, Eric Vyncke, Dan York, and Xuxiaohu.
The authors would also like to thank Pradeep Jain and Alastair Johnson for helpful comments on a very preliminary version of this document.