Internet DRAFT - draft-durand-softwire-pb-statement
draft-durand-softwire-pb-statement
Network Working Group A. Durand (Editor)
Internet-Draft Comcast
Expires: April 23, 2006 October 20, 2005
Softwire Problem Statement
draft-durand-softwire-pb-statement-00.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 23, 2006.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document defines problem statements for the Softwire Working
Group to solve. At the highest level, the softwire WG is tasked to
identify, and extend where necessary, standard protocols to support a
selected set of IPv4 in IPv6 and IPv6 in IPv4 transition problems.
This document describes the distinct problems that will be solved as
part of a solution phase following the completion of this document.
Some individual requirements (and non-requirements) are also
identified in this document at times in order to better describe the
specific scope for a given problem definition.
Durand Expires April 23, 2006 [Page 1]
�
Internet-Draft Softwire Problem Statement October 2005
Table of Contents
1. Requirements Notation . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
3. Hubs and Spokes Problem . . . . . . . . . . . . . . . . . . . 5
3.1. Description . . . . . . . . . . . . . . . . . . . . . . . 5
3.2. Network Address Translation (NAT) and Port Address
Translation (PAT) . . . . . . . . . . . . . . . . . . . . 5
3.3. Non upgradable CPE router . . . . . . . . . . . . . . . . 5
3.4. Static Prefix Delegation . . . . . . . . . . . . . . . . . 6
3.5. Softwire Initiator . . . . . . . . . . . . . . . . . . . . 6
3.6. Softwire Concentrators . . . . . . . . . . . . . . . . . . 6
3.7. Softwire Concentrator Discovery . . . . . . . . . . . . . 7
3.8. Scaling . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.9. Routing . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.10. Multicast . . . . . . . . . . . . . . . . . . . . . . . . 7
3.11. Security . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.12. Operations and Management (OAM) . . . . . . . . . . . . . 7
3.13. Encapsulations . . . . . . . . . . . . . . . . . . . . . . 8
4. Mesh Problem . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.1. Mesh Problem . . . . . . . . . . . . . . . . . . . . . . . 9
4.2. Mesh Description . . . . . . . . . . . . . . . . . . . . . 10
4.3. Scaling . . . . . . . . . . . . . . . . . . . . . . . . . 10
4.4. Persistence, Discovery and Setup Time . . . . . . . . . . 11
4.5. AF/SAF Reachability . . . . . . . . . . . . . . . . . . . 11
4.6. Softwire Encapsulation . . . . . . . . . . . . . . . . . . 11
4.7. Security . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.8. OAM . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.9. Encapsulations . . . . . . . . . . . . . . . . . . . . . . 12
5. Problems: Contrast & Compare . . . . . . . . . . . . . . . . . 13
6. Security Considerations . . . . . . . . . . . . . . . . . . . 14
7. Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 16
Intellectual Property and Copyright Statements . . . . . . . . . . 17
Durand Expires April 23, 2006 [Page 2]
�
Internet-Draft Softwire Problem Statement October 2005
1. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Durand Expires April 23, 2006 [Page 3]
�
Internet-Draft Softwire Problem Statement October 2005
2. Introduction
The Softwires Working Group is specifying the standardization of
discovery, control and encapsulation methods for connecting IPv4
networks across IPv6 networks, IPv6 networks across IPv4 networks in
a way that will encourage multiple, inter-operable vendor
implementations.
An important aspect of the problem to keep in mind is that softwires
are to be used in IP based networks to forward both unicast and
multicast trafic. They are also assumed to be non-ephemeral in
nature thus, they are peristent or long-lived. Last, the setup time
of a softwire is expected to be a very small fraction of the total
setup time of the CPE/Address Family Boundry Router (AFBR)
At the Paris softwire interim meeting in October, 2005, participants
divided the overall problem space into two separate "sub-problems" to
solve based on network topology. These two problems are referred to
as "Hub and Spoke" (Described in Section 4) and "Mesh" (Described in
Section 5). The primary difference between these two problems are
how many connections and associated routes are managed by each IPv4
or IPv6 island. Hub and Spoke is characterized with one connection
and associated static default route, and Mesh is characterized by
multiple connections and routing prefixes. During the solution phase
of the WG, these problems will be treated as related, but separable,
problem spaces. Similar protocols and mechanisms will be used when
necessary, but may vary when necessary to optimize for the
requirements of the given problem space.
2.1. Terminology
Address Family - IPv4 or IPv6
AFBR - Address Family Boundry Router (aka PE)
CPE - Customer Premisis equipment (Host, small router, or "modem")
Softwire (SW) - A "tunnel" that is created on the basis of a control
protocol setup between softwire endpoints with shared point-to-point
or multipoint-to-point state. Softwires are generally dynamic in
nature (they may be brought up and down on demand from any side of
the softwire), but may be very long-lived.
The node hosting the end of the softwire within the customer network
is called the softwire initiator.
The node hosting the end of the softwire within the ISP network is
called the softwire concentrator.
Durand Expires April 23, 2006 [Page 4]
�
Internet-Draft Softwire Problem Statement October 2005
3. Hubs and Spokes Problem
The "Hubs and Spokes" problem is named in reference to the airline
industry where major companies have establised a relatively small
number of well connected hubs and then deserve smaller airports from
those hubs.
3.1. Description
In this problem, ISPs (or large enterprise networks acting as ISP for
their internal resources) establish a dual stack core (either
natively or by running tunnels, potentially managed by softwires in a
"Mesh" problem) and a number of dual stack Points of Presence (POP)
where they connect their customers. However, one or two things may
happen:
a) the networks between the CPE router and the POP supports only one
address family.
b) the CPE router cannot be easily upgraded to support both address
families.
Equipment cost, operational cost, complexity of running a dual-stack
network, reluctance to touch CPE, etc. are all reasons brought
forward when asked why the invervening network cannot be dual-stack
throughout.
3.2. Network Address Translation (NAT) and Port Address Translation
(PAT)
When connecting IPv6 islands through IPv4 networks, it is assumed
that one or more IPv4 NAT/PATs MAY exist on the intervening IPv4
network. At this point in time, neither IPv6 NAT nor IPv6 PAT has
been defined, so no special consideration will be made for those
cases.
There is no requirement to be able to "autodetect" NAT or PAT
presence during softwire setup.
3.3. Non upgradable CPE router
When the CPE router cannot run in dual stack mode, a softwire will
have to be established by a node located behind that CPE router.
This can be accomplished either by a regular PC in the home running
some ad-hoc software or by a dedicated piece of hardware acting as
the "IPv6 router". Such a device is fairly simple in design and only
requires one physical network interface.
Durand Expires April 23, 2006 [Page 5]
�
Internet-Draft Softwire Problem Statement October 2005
3.4. Static Prefix Delegation
An important characteristic of this problem in IPv4 networks is that
the ISP-facing CPE IP address is typically dynamically assigned.
Also, if the softwire has to be establish from a node behind a CPE
router, that node IP address can also be dynamically assigned. In
cases where static IP addresses are unavailable, dynamic addresses
are a problem for some Internet accessible services. Solutions like
external dynamic DNS and dynamic NAT port forwarding have been
deployed, but it would be simpler if, in IPv6 netwroks, a static
prefix was delegated to the customer, even in the case of single node
network. That prefix would allow for the registration of stable
addresses in the DNS and also enough room to use either RFC3041
privacy extension or cryptographically generated addresses (CGA).
The softwire protocol does not need to define a new method for prefix
delegation however DHCPv6 prefix delegation MUST be able to run over
a softwire. Note also that the IP addresses of the softwire link
itself do not need to be stable, as, even in the single PC being
attached behind it, a /64 prefix will be delegated.
Similarly, in the case of an IPv4 softwire, the address could be
provided by means of DHCP.
3.5. Softwire Initiator
In the Hub and Spoke problem, softwires are always initiated by the
customer side. Thus, the node hosting the end of the softwire within
the customer network is called the softwire initiator. It can run on
a simple dual stack host or a local dual stack router. As noticed
earlier, this can be the CPE access router, another dedicated CPE
router behind the CPE access router or simply a host.
The softwire initiator does not have to be always the same node
and/or always have the same IP address. In particular, in the
nomadic case (e.g. a user opening up his laptop in various wifi hot-
spots), the softwire initiator could potentially obtain an IP address
of one address family outside its original ISP network and still want
to obtain the other address family addresses from its original ISP.
3.6. Softwire Concentrators
On the ISP side, softwires are termintated on a softwire
contentrator. An ISP may deploy several concentrators (for example
one per POP) for scaling reasons. A concentrator is in practice a
dual stack router connected to the dual stack core ISP
infrastructure. Softwire concentrators are not nomadic and have
fixed IP addresses.
Durand Expires April 23, 2006 [Page 6]
�
Internet-Draft Softwire Problem Statement October 2005
3.7. Softwire Concentrator Discovery
When the initiator of the softwire is a CPE, the IP address or DNS
hostname of the softwire concentrator must be known. The simplest
way for this to be known by the CPE is for it to be configured by the
user, or by the provider of the CPE in advance. Alternatively, an
automated discovery phase may be run in order to return the IP
address(s), or hostname(s) of the concentrator. The details of this
discovery problem are outside the scope of this document.
3.8. Scaling
In a hub and spoke model, an ISP MUST scale the solution to millions
of softwire inititators by adding more hubs (i.e. softwire
concentrator).
3.9. Routing
As customers networks are typically attached via a single link to
their ISP, a default or static route is the only thing that is needed
for both address families.
3.10. Multicast
The "classic" multicast solutions can be used over the softwire.
Typically, such solution would be either proxy MLD/IGMP and PIM.
NOTE: need to add a reference to "classic" multicast.
3.11. Security
User Authentication
The softwire must support some method of simple user authentication
in order to accept or deny access to this service, provide adequate
logging of activity, etc.
Privacy, Integrity, and Replay protection
The softwire Control and/or Data plane MUST be able to provide full
payload security (such as IPsec or SSL) when desired. This
additional protection MUST be separable from the tunneling aspect of
the softwire mechanism itself. For IPsec, default profiles MUST be
defined (as per Steve Bellovin documents, insert reference).
3.12. Operations and Management (OAM)
As it is assume that the softwire may have to go accross NAT or PAT,
Durand Expires April 23, 2006 [Page 7]
�
Internet-Draft Softwire Problem Statement October 2005
a keepalive mechanism MUST be define. Such a mechanism is also
useful for dead peer detection. However it may consume unnecessary
bandwidth, so turning it on or off MUST be an administrative option.
Other OAM needed features include:
- Usage accounting
- End-point failure detection (must be encapsulated w/in the tunnel
in the transmitting direction
- Path failure detection)
3.13. Encapsulations
IPv6/IPv4, IPv6/UDP/IPV4 and IPv4/IPv6 are on the critical path for
softwires. Other encapsulations, like IPv6/IPv6 or IPv4/IPv4, are
nice to have but not on the critical path.
Durand Expires April 23, 2006 [Page 8]
�
Internet-Draft Softwire Problem Statement October 2005
4. Mesh Problem
Reference Diagram
._._._._ ._._._._
| | | |
| V4 | | V4 |
|access | |access |
|island | |island |
._._._._ ._._._._
| |
| |
BGP BGP
Dual-Stack Dual-Stack
"AFBR" "AFBR"
| |
| |
._._._._._._._._._._._._._._
| |
| |
._._._._ | | ._._._.
| | | V6 only | | |
| V6 |-------| transit core |-------| V6 |
|access | | | |access |
|network| | | |network|
._._._._ | | ._._._.
| |
._._._._._._._._._._._._._._
| / \ |
|/ \ |
BGP BGP
Dual-Stack Dual-Stack
"AFBR" "AFBR"
| | |
| | |
._._._._ ._._._._
| | | |
| V4 | | V4 |
|access | |access |
|island | |island |
._._._._ ._._._._
Figure 1
4.1. Mesh Problem
The "Mesh" problem in named in reference to typical routing problems.
Durand Expires April 23, 2006 [Page 9]
�
Internet-Draft Softwire Problem Statement October 2005
4.2. Mesh Description
In this problem, ISPs (or large enterprise networks acting as ISP for
their internal resources) establish connectivity to 'islands' of
networks of one address family type across a transit core of a
differing address family type. For an example, See Figure 1. Note
that this is just an example and the converse AF problem may exist.
To provide reachability across the transit core, dual-stack devices
are installed that act as "Address Family Boundary Routers." These
AFBRs can be performing peering across autonomous systems or,
performing as Provider Edge routers (PE) within an autonomous system.
The islands do not have to be upgraded at the time of deploying the
transit core and interwork as if there was no awareness of the AFBR.
The AFBR's are the only devices in the network that must be able to
perform dual-stack operations and setup and encapsulate softwires in
a mesh to the other islands. They then pass reachability information
as appropriate according to policy. They may be multiply connected
to the transit network and thus, have to be able to exchange
appropriate informations and make a routing selection choice as to
the best exit point. Note that this creates a multipoint to point
reachability but, in essence a point to point logical overlay of
softwire connectivity.
It should be noted that according to reports the islands do not want
to achieve network connectivity via tunneled Layer 2 mechanisms but,
as distinct Layer 3 or MPLS routers. This clearly helps scaling and
Layer 2 discovery performance issues. It also prevents having to
have fully meshed point to point Layer 2 connectivity between the
nodes in differing islands as Layer 2 technology choice must be
preserved.
4.3. Scaling
In the mesh problem, the number of AFBRs is on the order of the
number of islands though it should be clear that an AFBR could handle
many islands if they have distinct routing and forwarding tables. A
primary issue in the Mesh problem is that the size of the routing
tables exchanged between the islands is of the order of the 'full
Internet' (with respect to the islands native AF) plus, VPNs. The
number of peering points of an AFBR will be on the order of any
Autonomous System Border Router (ASBR) which are assumed to be
multiply peered to the transit core for reliability. An island can
also have multiple AFBRs for reliability as well. Both the island or
the transit core can contain route reflectors or hierarchical routing
with impunity.
Durand Expires April 23, 2006 [Page 10]
�
Internet-Draft Softwire Problem Statement October 2005
4.4. Persistence, Discovery and Setup Time
Discovery of the AFBRs and softwire encapsulation can be accomplished
by the routing protocol (e.g. BGP) during capability advertisement.
Or, the endpoints can be passed in new data formats or attributes,
yet to be defined. The duration of the softwire for inter-island
reachability is considered to be as long as the BGP peering session.
Thus, dynamicity is very low. The setup time should be on the order
of the same duration to setup L3VPNs.
4.5. AF/SAF Reachability
It has been reported that the softwires to connect the islands will
need to be able to perform IPv4 in IPv6, IPv6 in IPv4 and be able to
exchange L3VPN routing tables. The islands will need to be able to
perform multicast routing and if the transit core does not provide
native multicast services, the "classic" multicast solutions can be
used over the softwire. If native multicast services are enabled,
further work may need to be accomplished to optimize the multicast
forwarding path, receiver transmission load or receiver load.
4.6. Softwire Encapsulation
In the strictest sense, the softwire encapsulation has to be dual
stack. There is no requirement that only one encapsulation technique
must be used. It could be possible to have more than one available
at each AFBR. The AFBR must be able to prioritize which
encapsulation technique it will use if there is more than one
available.
4.7. Security
In contrast with the hub and spoke problem, routers are advertizing
routers for relatively large islands, and never a single user so
there is no "user authentication" necessary. However, if running
over an untrusted network, control or data plane security may be
necessary.
In the control plane, the softwire solution has to support
authentication, but an ISP may decide to turn it off in some
circumstances.
In the data plane, the softwire solution must support IPsec and an
IPsec profile will have to be defined. (see Steve Bellovin
recomendations)
Durand Expires April 23, 2006 [Page 11]
�
Internet-Draft Softwire Problem Statement October 2005
4.8. OAM
There have been no reports of NATs between the AFBRs (in the transit
core) so a NAT detection solution is not needed.
Other OAM needed features include:
- Usage accounting
- End-point failure detection (must be encapsulated w/in the tunnel
in the transmitting direction
- Path failure detection)
4.9. Encapsulations
IPv6/IPv4,IPv4/IPv6 and overlapping address space as defined in the
L3VPN working group are on the critical path for softwires. Other
encapsulations, like IPv4/IPv4 or IPLS as defined in the L2VPN
working group, are nice to have but not on the critical path.
Durand Expires April 23, 2006 [Page 12]
�
Internet-Draft Softwire Problem Statement October 2005
5. Problems: Contrast & Compare
An important distinction between the "Hub & Spokes" and " Mesh"
problems is that the former defines client-initiated tunnels and the
"spoke" is a device on the client premises (and may be owned by the
client). The latter discusses about provider-initiated tunnels, and
the devices participating in the mesh are on the provider premises
and owned/managed by the provider.
Durand Expires April 23, 2006 [Page 13]
�
Internet-Draft Softwire Problem Statement October 2005
6. Security Considerations
None.
Durand Expires April 23, 2006 [Page 14]
�
Internet-Draft Softwire Problem Statement October 2005
7. Authors
This document has been edited by Alain Durand after the Paris interim
meeting. The contributing authors include:
o Xing Li
o Shin Miyakawa
o Jordi Palet
o Florent Parent
o David Ward
8. References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
Durand Expires April 23, 2006 [Page 15]
�
Internet-Draft Softwire Problem Statement October 2005
Author's Address
Alain Durand-editor
Comcast
Durand Expires April 23, 2006 [Page 16]
�
Internet-Draft Softwire Problem Statement October 2005
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Durand Expires April 23, 2006 [Page 17]
�
