Internet DRAFT - draft-mawatari-v6ops-464xlat
draft-mawatari-v6ops-464xlat
Internet Engineering Task Force M. Mawatari
Internet-Draft Japan Internet Exchange Co.,Ltd.
Intended status: Informational M. Kawashima
Expires: July 18, 2012 NEC AccessTechnica, Ltd.
C. Byrne
T-Mobile USA
January 15, 2012
464XLAT: Combination of Stateful and Stateless Translation
draft-mawatari-v6ops-464xlat-00
Abstract
This document describes an architecture (464XLAT) for providing IPv4
connectivity across an IPv6-only network by combining existing and
well-known stateful protocol translation RFC 6146 and stateless
protocol translation RFC 6145. 464XLAT is a simple and scalable
technique to quickly deploy IPv4 access service to mobile and
wireline IPv6-only networks without encapsulation.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 18, 2012.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
Mawatari, et al. Expires July 18, 2012 [Page 1]
�
Internet-Draft 464XLAT January 2012
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Motivation and Uniqueness of 464XLAT . . . . . . . . . . . . . 4
5. Network Architecture . . . . . . . . . . . . . . . . . . . . . 5
5.1. Wireline Network Architecture . . . . . . . . . . . . . . 6
5.2. Wireless 3GPP Network Architecture . . . . . . . . . . . . 7
6. Applicability . . . . . . . . . . . . . . . . . . . . . . . . 7
6.1. Wireline Network Applicability . . . . . . . . . . . . . . 7
6.2. Wireless 3GPP Network Applicability . . . . . . . . . . . 8
7. Implementation Considerations . . . . . . . . . . . . . . . . 9
7.1. IPv6 Address Format . . . . . . . . . . . . . . . . . . . 9
7.2. IPv4/IPv6 Address Translation Chart . . . . . . . . . . . 10
7.3. Traffic Treatment Scenarios . . . . . . . . . . . . . . . 11
7.4. DNS Proxy Implementation . . . . . . . . . . . . . . . . . 11
7.5. IPv6 Prefix Handling . . . . . . . . . . . . . . . . . . . 11
7.6. IPv6 Fragment Header Consideration . . . . . . . . . . . . 11
7.7. Auto IPv6 Prefix Assignment . . . . . . . . . . . . . . . 11
8. Deployment Considerations . . . . . . . . . . . . . . . . . . 12
9. Security Considerations . . . . . . . . . . . . . . . . . . . 12
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
12.1. Normative References . . . . . . . . . . . . . . . . . . . 13
12.2. Informative References . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14
Mawatari, et al. Expires July 18, 2012 [Page 2]
�
Internet-Draft 464XLAT January 2012
1. Introduction
The IANA unallocated IPv4 address pool was exhausted on February 3,
2011. Each RIR's unallocated IPv4 address pool will exhaust in the
near future. It will be difficult for many networks to assign IPv4
addresses to end users, despite substantial IP connectivity growth
required for mobile devices, smart-grid, and cloud nodes.
This document describes an IPv4 over IPv6 solution as one of the
techniques for IPv4 address extension and encouragement of IPv6
deployment.
The 464XLAT architecture described in this document uses IPv4/IPv6
translation standardized in [RFC6145] and [RFC6146]. It does not
require DNS64 [RFC6147], but it may use DNS64 to enable single
stateful translation [RFC6146] instead of 464XLAT double translation
where possible. It is also possible to provide single IPv4/IPv6
translation service, which will be needed in the future case of IPv6-
only servers and peers to be reached from legacy IPv4-only hosts.
The 464XLAT architecture encourages IPv6 transition by making IPv4
services reachable across IPv6-only networks and providing IPv6 and
IPv4 connectivity to single-stack IPv4 or IPv6 servers and peers.
Running a single-stack IPv6-only network has several operational
benefits in terms of increasing scalability and decreasing
operational complexity. Unfortunately, there are meaningful cases
where IPv6-only networks fail to meet subscriber expectations, as
described in [I-D.arkko-ipv6-only-experience]. The 464XLAT overcomes
the issues described in [I-D.arkko-ipv6-only-experience] to provide
subscribers the full dual-stack functionality while providing the
network operator the benefits of a simple yet highly scalable single-
stack IPv6 network.
2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Terminology
PLAT: PLAT is Provider side translator(XLAT). A stateful
translator complies with [RFC6146] that performs 1:N
translation. It translates IPv6 address to global IPv4
address, and vice versa.
Mawatari, et al. Expires July 18, 2012 [Page 3]
�
Internet-Draft 464XLAT January 2012
CLAT: CLAT is Customer side translator(XLAT). A stateless
translator complies with [RFC6145] that performs 1:1
translation. It algorithmically translates private IPv4
address to global IPv6 address, and vice versa. CLAT
function is applicable to a router, or end-node such as a
mobile phone. The presence of DNS64 [RFC6147] and any port
mapping algorithm are not required.
UE: The 3GPP term for user equipment. The most common type of UE
is a mobile phone.
PDP: A Packet Data Protocol (PDP) Context is the equivalent of a
virtual connection between the host and a gateway.
4. Motivation and Uniqueness of 464XLAT
1. Minimal IPv4 resource requirements
464XLAT is the most efficient use of scarce IPv4 addresses for
networks that have fast growing edges. The primary motivation
for deploying IPv6 is the exhaustion of IPv4 addresses and the
risk that exhaustion poses to future internet growth. 464XLAT
directly takes on the challenge of IPv4 address exhaustion by
providing efficient stateful IPv4 address sharing at the PLAT and
decoupling the edge network growth from the availability of
scarce IPv4 addresses.
464XLAT has low barriers to entry since only a small amount of
IPv4 addresses are needed to support the stateful translation
[RFC6146] function in the PLAT.
Given that network operators are deploying IPv6 because IPv4
resources are scarce, solutions that require dual-stack (no IPv4
multiplexing) or stateless address sharing (bounded static
address multiplexing) are simply not IPv4-efficient enough to
solve the two-pronged challenge of IPv4 address scarcity and
continued exponential network edge growth.
2. No new protocols required
464XLAT can be deployed today, it uses existing RFCs ([RFC6145]
and [RFC6146]), and there exists implementations for both
wireline network (in CLAT in the Home Gateway) and wireless 3GPP
network (in CLAT in the UE). The ability to quickly deploy
464XLAT is a critical feature given the urgency of IPv4
exhaustion and brisk pace of internet growth.
Mawatari, et al. Expires July 18, 2012 [Page 4]
�
Internet-Draft 464XLAT January 2012
3. Cost-effective transition to IPv6
When combined with DNS64 [RFC6147], the 464XLAT architecture only
requires double translation in the case of IPv4-referrals or
IPv4-only socket calls. Consequently, the network traffic in the
ISP backbone network is predominately IPv6 end-to-end or single
translation. This is especially cost-effective in wireless 3GPP
network that would otherwise require two separate PDP connections
to support IPv4 and IPv6.
While translation on the CLAT is not always used, the CLAT
function is crucial for enabling the IPv4-only applications and
providing IP address family service parity to the end-users. All
IPv6-native flows pass end-to-end without any translation. This
is a beneficial solution for end-users, content providers, and
network operators that scale best with end-to-end IPv6
communication.
In summary, the 464XLAT architecture works today for service
providers that require large-scale strategic IPv6 deployments to
overcome the challenges of IPv4 address scarcity. Unlike other
transition architectures associated with tunneling or
[I-D.mdt-softwire-mapping-address-and-port], 464XLAT properly assumes
that IPv4 is scarce and IPv6 must work with today's existing systems
as much as possible. In the case of tunneling, the tunneling
solutions like Dual-Stack Lite [RFC6333] are known to break existing
network based deep packet inspection solutions like 3GPP standardized
Policy and Charging Control (PCC). 464XLAT does not require much IPv4
address space to enable stateful translation [RFC6146] function in
the PLAT while providing global IPv4 and IPv6 reachability to IPv6-
only wireline and wireless subscribers.
5. Network Architecture
464XLAT architecture is shown in the following figure.
Mawatari, et al. Expires July 18, 2012 [Page 5]
�
Internet-Draft 464XLAT January 2012
5.1. Wireline Network Architecture
----
| v6 |
----
|
---- | .---+---. .------.
| v6 |-----+ / \ / \
---- | ------ / IPv6 \ ------ / IPv4 \
+---| CLAT |---+ Internet +---| PLAT |---+ Internet |
------- | ------ \ / ------ \ /
|v4p/v6 |--+ `---------' `----+----'
------- | |
----- | -----
| v4p |----+ | v4g |
----- | -----
<- v4p -> XLAT <--------- v6 --------> XLAT <- v4g ->
v6 : Global IPv6
v4p : Private IPv4
v4g : Global IPv4
Figure 1: Wireline Network Topology
Mawatari, et al. Expires July 18, 2012 [Page 6]
�
Internet-Draft 464XLAT January 2012
5.2. Wireless 3GPP Network Architecture
----
| v6 |
----
|
.---+---.
/ \
/ IPv6 \
| Internet |
\ /
UE / Mobile Phone `---------'
+----------------------+ |
| ---- | | .---+---. .------.
| | v6 |----+ | / \ / \
| ---- | ------| / IPv6 PDP \ ------ / IPv4 \
| +---| CLAT |---+ Mobile Core +---| PLAT |--+ Internet |
| | ------| \ GGSN / ------ \ /
| | | \ ' `----+---'
| ------ | | `-------' |
| | v4p |---+ | -----
| ------ | | | v4g |
+----------------------+ -----
<- v4p -> XLAT <--------- v6 --------> XLAT <- v4g ->
v6 : Global IPv6
v4p : Private IPv4
v4g : Global IPv4
Figure 2: Wireless 3GPP Network Topology
6. Applicability
6.1. Wireline Network Applicability
When an ISP has IPv6 access network infrastructure and 464XLAT, the
ISP can provide IPv4 service to end users across an IPv6 access
network. The result is that edge network growth is no longer tightly
coupled to the availability of scarce IPv4 addresses.
If the IXP or another provider operates the PLAT, the ISP is only
required to deploy an IPv6 access network. All ISPs do not need IPv4
access networks. They can migrate their access network to a simple
and highly scalable IPv6-only environment. Incidentally, Japan
Mawatari, et al. Expires July 18, 2012 [Page 7]
�
Internet-Draft 464XLAT January 2012
Internet Exchange(JPIX) is providing 464XLAT trial service since July
2010.
6.2. Wireless 3GPP Network Applicability
The vast majority of mobile wireless networks are compliant to Pre-
Release 9 3GPP standards. In Pre-Release 9 3GPP networks, GSM and
UMTS networks must signal and support both IPv4 and IPv6 PDP
attachments to access IPv4 and IPv6 network destinations. Since
there are 2 PDPs required to support 2 address families, this is
double the number of PDPs required to support the status quo of 1
address family, which is IPv4. Doubling the PDP count to support
IPv4 and IPv6 is generally not operationally viable since a large
portion of the network cost is derived from the number of PDP
attachments, both in terms of licenses from the network hardware
vendors and in terms of actual hardware resources required to support
and maintain the PDP signaling and mobility events. Doubling the
number of PDP attachments has been one of the major barriers to
introducing IPv6 in mobile networks. Dual-stack IPv4 and IPv6 simply
costs more from the network provider perspective and does not result
in any new revenues.
Now that both global and private IPv4 addresses are scarce to the
extent that it is a substantial business risk and limiting growth in
many areas, the mobile network providers must support IPv6 to solve
the IP address scarcity issue. It is not feasible to simply turn on
additional IPv6 PDP network attachments since that does not solve the
near-term IPv4 scarcity issues and it increases cost. The most
logical path forward is to replace IPv4 with IPv6 and replace the
common NAT44 with stateful translation [RFC6146] and DNS64 [RFC6147].
Extensive live network testing with hundreds of friendly-users has
shown that IPv6-only network attachments for mobile devices covers
over 90% of the common use-cases in Symbian and Android mobile
operating systems. The remaining 10% of use-cases do not work
because the application requires an IPv4 socket or the application
does an IPv4-referral. These findings are consistent with the mobile
IPv6-only user experience in [I-D.arkko-ipv6-only-experience].
464XLAT in combination with stateful translation [RFC6146] and DNS64
[RFC6147] allows 90% of the applications to continue to work with
single translation. For the remaining 10% of applications that
require IPv4 connectivity, the CLAT function on the UE provides a
private IPv4 address and IPv4 default-route on the host for the
applications to reference and bind to. Connections sourced from the
IPv4 interface are immediately routed to the CLAT function and passed
to the IPv6-only mobile network, destine to the PLAT. In summary,
the UE has the CLAT function that does a stateless translation
[RFC6145], but only when required, and the mobile network has a PLAT
Mawatari, et al. Expires July 18, 2012 [Page 8]
�
Internet-Draft 464XLAT January 2012
that does stateful translation [RFC6146].
7. Implementation Considerations
7.1. IPv6 Address Format
IPv6 address format in 464XLAT is presented in the following format.
+-----------------------------------------------+---------------+
| XLAT prefix(96) | IPv4(32) |
+-----------------------------------------------+---------------+
IPv6 Address Format for 464XLAT
Source address and destination address have IPv4 address embedded in
the low-order 32 bits of the IPv6 address. The format is defined in
Section 2.2 of [RFC6052]. However, 464XLAT does not use the Well-
Known IPv6 Prefix "64:ff9b::/96".
Mawatari, et al. Expires July 18, 2012 [Page 9]
�
Internet-Draft 464XLAT January 2012
7.2. IPv4/IPv6 Address Translation Chart
Source IPv4 address
+----------------------------+
| Global IPv4 (32bit) |
| assigned to IPv4 pool@PLAT |
+--------+ +----------------------------+
| IPv4 | Destination IPv4 address
| server | +----------------------------+
+--------+ | Global IPv4 (32bit) |
^ | assigned to IPv4 server |
| +----------------------------+
+--------+
| PLAT | Stateful XLATE(IPv4:IPv6=1:n)
+--------+
^
|
Source IPv6 address (IPv6 cloud)
+--------------------------------------+----------------------------+
| XLAT prefix for source (96bit) | Private IPv4 (32bit) |
| assigned to each consumer of ISP | assigned to IPv4 client |
+--------------------------------------+----------------------------+
Destination IPv6 address
+--------------------------------------+----------------------------+
| XLAT prefix for destination (96bit) | Global IPv4 (32bit) |
| assigned to PLAT | assigned to IPv4 server |
+--------------------------------------+----------------------------+
(IPv6 cloud)
^
|
+--------+
| CLAT | Stateless XLATE(IPv4:IPv6=1:1)
+--------+
^ Source IPv4 address
| +----------------------------+
+--------+ | Private IPv4 (32bit) |
| IPv4 | | assigned to IPv4 client |
| client | +----------------------------+
+--------+ Destination IPv4 address
+----------------------------+
| Global IPv4 (32bit) |
| assigned to IPv4 server |
+----------------------------+
IPv4/IPv6 Address Translation Chart
Mawatari, et al. Expires July 18, 2012 [Page 10]
�
Internet-Draft 464XLAT January 2012
7.3. Traffic Treatment Scenarios
+--------+-------------+-----------------------+-------------+
| Server | Application | Traffic Treatment | Location of |
| | and Host | | Translation |
+--------+-------------+-----------------------+-------------+
| IPv6 | IPv6 | End-to-end IPv6 | None |
+--------+-------------+-----------------------+-------------+
| IPv4 | IPv6 | Stateful Translation | PLAT |
+--------+-------------+-----------------------+-------------+
| IPv4 | IPv4 | 464XLAT | PLAT/CLAT |
+--------+-------------+-----------------------+-------------+
| IPv6 | IPv4 | Stateless Translation | CLAT |
+--------+-------------+-----------------------+-------------+
Traffic Treatment Scenarios
The above chart shows most common traffic types and traffic
treatment.
7.4. DNS Proxy Implementation
If a router implement CLAT function, it performs DNS Proxy for IPv4
hosts and IPv6 hosts in end-user network. It MUST provide name
resolution with IPv6 transport. It does not need DNS64 [RFC6147]
function.
7.5. IPv6 Prefix Handling
If CLAT gets a single /64 prefix from WAN interface, it MUST perform
NDP for 464XLAT IPv6 addresses.
7.6. IPv6 Fragment Header Consideration
In the 464XLAT environment, the PLAT and CLAT SHOULD include an IPv6
Fragment Header, since IPv4 host does not set the DF bit. However,
the IPv6 Fragment Header has been shown to cause operational
difficulties in practice due to limited firewall fragmentation
support, etc. Therefore, the PLAT and CLAT may provide a
configuration function that allows the PLAT and CLAT not to include
the Fragment Header for the non-fragmented IPv6 packets. At any
rate, both behaviors SHOULD match.
7.7. Auto IPv6 Prefix Assignment
Source IPv6 prefix assignment in CLAT is via DHCPv6 prefix delegation
or another method. Destination IPv6 prefix assignment in CLAT is via
Mawatari, et al. Expires July 18, 2012 [Page 11]
�
Internet-Draft 464XLAT January 2012
some method. (e.g., DHCPv6 option, TR-069, DNS, HTTP,
[I-D.ietf-behave-nat64-discovery-heuristic], etc.)
8. Deployment Considerations
Even if the Internet access provider for consumers is different from
the PLAT provider (another Internet access provider or Internet
exchange provider, etc.), it can implement traffic engineering
independently from the PLAT provider. Detailed reasons are below:
1. The Internet access provider for consumers can figure out IPv4
source address and IPv4 destination address from translated IPv6
packet header, so it can implement traffic engineering based on
IPv4 source address and IPv4 destination address (e.g. traffic
monitoring for each IPv4 destination address, packet filtering
for each IPv4 destination address, etc.). The tunneling methods
do not have such a advantage, without any deep packet inspection
for processing the inner IPv4 packet of the tunnel packet.
2. If the Internet access provider for consumers can assign IPv6
prefix greater than /64 for each subscriber, this 464XLAT
architecture can separate IPv6 prefix for native IPv6 packets and
XLAT prefix for IPv4/IPv6 translation packets. Accordingly, it
can identify the type of packets ("native IPv6 packets" and
"IPv4/IPv6 translation packets"), and implement traffic
engineering based on IPv6 prefix.
This 464XLAT architecture has two capabilities. One is a IPv6 ->
IPv4 -> IPv6 translation for sharing global IPv4 addresses, another
is a IPv4 -> IPv6 translation for reaching IPv6-only servers from
IPv4-only clients that can not support IPv6. IPv4-only clients must
be support through the long period of global transition to IPv6.
9. Security Considerations
To implement a PLAT, see security considerations presented in Section
5 of [RFC6146].
To implement a CLAT, see security considerations presented in Section
7 of [RFC6145]. The CLAT MAY comply with [RFC6092].
10. IANA Considerations
This document has no actions for IANA.
Mawatari, et al. Expires July 18, 2012 [Page 12]
�
Internet-Draft 464XLAT January 2012
11. Acknowledgements
The authors would like to thank JPIX NOC members, JPIX 464XLAT trial
service members, Seiichi Kawamura, and Dan Drown for their helpful
comments.
12. References
12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X.
Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052,
October 2010.
[RFC6144] Baker, F., Li, X., Bao, C., and K. Yin, "Framework for
IPv4/IPv6 Translation", RFC 6144, April 2011.
[RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation
Algorithm", RFC 6145, April 2011.
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, April 2011.
12.2. Informative References
[I-D.arkko-ipv6-only-experience]
Arkko, J. and A. Keranen, "Experiences from an IPv6-Only
Network", draft-arkko-ipv6-only-experience-04 (work in
progress), October 2011.
[I-D.ietf-behave-nat64-discovery-heuristic]
Savolainen, T. and J. Korhonen, "Discovery of a Network-
Specific NAT64 Prefix using a Well-Known Name",
draft-ietf-behave-nat64-discovery-heuristic-04 (work in
progress), December 2011.
[I-D.ietf-v6ops-3gpp-eps]
Korhonen, J., Soininen, J., Patil, B., Savolainen, T.,
Bajko, G., and K. Iisakkila, "IPv6 in 3GPP Evolved Packet
System", draft-ietf-v6ops-3gpp-eps-08 (work in progress),
September 2011.
[I-D.mdt-softwire-mapping-address-and-port]
Mawatari, et al. Expires July 18, 2012 [Page 13]
�
Internet-Draft 464XLAT January 2012
Troan, O., "Mapping of Address and Port (MAP)",
draft-mdt-softwire-mapping-address-and-port-02 (work in
progress), November 2011.
[RFC6092] Woodyatt, J., "Recommended Simple Security Capabilities in
Customer Premises Equipment (CPE) for Providing
Residential IPv6 Internet Service", RFC 6092,
January 2011.
[RFC6147] Bagnulo, M., Sullivan, A., Matthews, P., and I. van
Beijnum, "DNS64: DNS Extensions for Network Address
Translation from IPv6 Clients to IPv4 Servers", RFC 6147,
April 2011.
[RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
Stack Lite Broadband Deployments Following IPv4
Exhaustion", RFC 6333, August 2011.
Authors' Addresses
Masataka Mawatari
Japan Internet Exchange Co.,Ltd.
KDDI Otemachi Building 19F, 1-8-1 Otemachi,
Chiyoda-ku, Tokyo 100-0004
JAPAN
Phone: +81 3 3243 9579
Email: mawatari@jpix.ad.jp
Masanobu Kawashima
NEC AccessTechnica, Ltd.
800, Shimomata
Kakegawa-shi, Shizuoka 436-8501
JAPAN
Phone: +81 537 23 9655
Email: kawashimam@vx.jp.nec.com
Cameron Byrne
T-Mobile USA
Bellevue, Washington 98006
USA
Email: cameron.byrne@t-mobile.com
Mawatari, et al. Expires July 18, 2012 [Page 14]
�
