Internet DRAFT - draft-xli-softwire-divi-pd
draft-xli-softwire-divi-pd
Network Working Group X. Li
Internet-Draft C. Bao
Intended status: Standards Track CERNET Center/Tsinghua
Expires: May 3, 2012 University
W. Dec
R. Asati
Cisco Systems
C. Xie
Q. Sun
China Telecom
October 31, 2011
dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation
draft-xli-softwire-divi-pd-01
Abstract
This document presents the address specifications and deployment
considerations of address-sharing dual stateless IPv4/IPv6
translation with prefix delegation (dIVI-pd). The dIVI-pd keeps the
features of stateless, end-to-end address transparency and
bidirectional-initiated communications of the original stateless
IPv4/IPv6 translation, while it can utilize the IPv4 addresses more
effectively. In addition, it does not require the DNS64 and ALG, and
can be used with prefix delegation.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 3, 2012.
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
Li, et al. Expires May 3, 2012 [Page 1]
Internet-Draft dIVI with PD October 2011
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Applicability . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Terminologies . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Port Mapping Algorithm and Address Format . . . . . . . . . . 5
4.1. Port Mapping Algorithm . . . . . . . . . . . . . . . . . . 5
4.2. Basic Mapping Rule (BMR) . . . . . . . . . . . . . . . . . 6
4.3. Default Mapping Rule (DMR) . . . . . . . . . . . . . . . . 7
4.4. Address Specifications . . . . . . . . . . . . . . . . . . 7
5. Header Translation and MTU Handling . . . . . . . . . . . . . 7
6. Dual Stateless Translation . . . . . . . . . . . . . . . . . . 8
7. Deployment Considerations . . . . . . . . . . . . . . . . . . 9
8. CE Configuration via DHCP Option . . . . . . . . . . . . . . . 9
9. Experimental Evaluation . . . . . . . . . . . . . . . . . . . 10
10. Security Considerations . . . . . . . . . . . . . . . . . . . 10
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
13.1. Normative References . . . . . . . . . . . . . . . . . . . 11
13.2. Informative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
Li, et al. Expires May 3, 2012 [Page 2]
Internet-Draft dIVI with PD October 2011
1. Introduction
The experiences for the IPv6 deployment in the past 10 years strongly
indicate that for a successful transition, the communication between
IPv4 and IPv6 address families should be supported.
Recently, the stateless and stateful IPv4/IPv6 translation methods
are developed and became the IETF standards. The original stateless
IPv4/IPv6 translation (stateless 1:1 IVI) is scalable, maintains the
end-to-end address transparency and support both IPv6 initiated and
IPv4 initiated communications [RFC6052], [RFC6144], [RFC6145],
[RFC6147], [RFC6219]. But it can not use the IPv4 addresses
effectively. The stateful IPv4/IPv6 translation can share the IPv4
addresses among IPv6 hosts, but it only supports IPv6 initiated
communication [RFC6052], [RFC6144], [RFC6145], [RFC6146], [RFC6147].
In addition, both stateless and stateful IPv4/IPv6 translation
technologies require the application layer gateway (ALG) for the
applications which embed IP address literals. Furthermore, in ADSL
and 3G environment, it requires the prefix delegation (assigning an
IPv6 /64 or shorter) to the customer router/L3-device rather than
assigning a single IPv4-translatable address to the customer device
defined in [RFC6052].
In this document, we present address specifications and deployment
considerations for address-sharing dual stateless IPv4/IPv6
translation with prefix delegation (dIVI-pd), which is based on basic
dIVI model [I-D.xli-behave-divi] with the support of prefix
delegation. The dIVI-pd can solve the IPv4 address sharing, the ALG
and prefix delegation problems mentioned above, though still keeps
the stateless, end-to-end address transparency and supporting of both
IPv6 initiated and IPv4 initiated communications.
Due to the introduction of the second translation and the prefix
delegation, the dIVI-PD is 4-6-4 model and there is a strong
correlation to the stateless encapsulation approach
[I-D.murakami-softwire-4rd]. This document uses the address format,
the port mapping algorithm and DHCP options defined in
[I-D.mdt-softwire-mapping-address-and-port].
[I-D.mdt-softwire-map-dhcp-option], which are the joint design works
of stateless encapsulation and dual stateless translation.
2. Applicability
The address-sharing dual stateless IPv4/IPv6 translation with prefix
delegation (dIVI-pd) can be used in ADSL or 3G environment when
prefix delegation is required. An ADSL example is shown in the
following figure.
Li, et al. Expires May 3, 2012 [Page 3]
Internet-Draft dIVI with PD October 2011
---- -----
// \\ // \\ -----
/ \ / \ // \|------[CPE.1]--{H.1}
| +-----+ +----+ |
| | | Metro |BRAS| |------[CPE.2]--{H.2}
| Backbone|Core | Area |/SR | Access |
| Network |Route| Network +----+ Network |------[CPE.k]--{H.k}
| | | |AAA | |
| +-----+ +----+ |------[CPE.n]--{H.n}
\ / \ / \\ /|
\\ // \\ // ----
---- ----|-- |
| |
IPv4/IPv6 [XLAT1] IPv6-only [XLAT2.x] IPv4/IPv6
Internet | Network | Hosts
| |
Data path: | |
IPv6 --------------------------------IPv6-----------|------IPv6----
IPv4 -------------------|------------IPv6-----------|------IPv4----
| |
Address assignment: | |
IPv6 | [BRAS]->(DHCPv6 PD)->[CPE]->SLAAC->[Host]
IPv4 | | \-DHCP-/
Figure 1: BRAS
Where the ISP's backbone network is dual stack, as well as part of
the metro-area network. The core IPv4/IPv6 translator (XLAT1) is
performing the IPv4 address-sharing stateless IPv4/IPv6 translation
and connects the dual-stack part and the IPv6-only part of the metro-
area networks. The access network is IPv6-only and multiple IPv4/
IPv6 translators (XLAT2.x) are connected to the access network and
provide dual-stack access to the customer devices. Each dual-stack
customer get a whole IPv6 /64 (or shorter) and a fractional public
IPv4 address.
The data path of this user case are: The IPv6 packets from customer
devices and the IPv6 Internet are not translated, while the IPv4
packets from customer devices and the IPv4 Internet are translated
twice via stateless IPv4/IPv6 translation technology. Due to the
stateless nature, the dual stateless IPv4/IPv6 translation is almost
equivalent to tunneling with header compression.
There are two address assignment processes: (1) From BRAS to CPE is
via IPv6CP and DHCPv6 prefix delegation; (2) From CPE to customer
device, the IPv6 is via SLAAC and the IPv4 is via DHCP. Note that if
more than one customer device requires IPv4 addresses, a built-in
NAT44 in each CPE can be used to translate a fractional IPv4 address
Li, et al. Expires May 3, 2012 [Page 4]
Internet-Draft dIVI with PD October 2011
to several [RFC1918] defined IPv4 addresses.
3. Terminologies
This document uses the terminologies defined in
[I-D.mdt-softwire-mapping-address-and-port].
This document uses the terminologies defined in [RFC6144].
Since [I-D.mdt-softwire-mapping-address-and-port] is used for both
encapsulation and stateless translation, the equivallent
terminologies in [RFC6144] are:
MAP Border Relay (BR) Address: The MAP Border Relay (BR) Address is
the IPv4-converted address defined in [RFC6144] and in [RFC6052].
MAP Customer Edge (CE) Address: The MAP Customer Edge (CE) Address
is the IPv4-translatable address defined in [RFC6144] and in
[RFC6052].
The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in [RFC2119].
4. Port Mapping Algorithm and Address Format
The port mapping algorithm and address format are defined in
[I-D.mdt-softwire-mapping-address-and-port].
4.1. Port Mapping Algorithm
Port mapping algorithm is defined in Section 4.1 of
[I-D.mdt-softwire-mapping-address-and-port].
For given sharing ratio (R) and the maximum number of continue ports
(M), the generalized modulus algorithm is defined as
1. The port number (P) of a given PSID (K) is composed of
P = R*M*j + M*K + i
Where
o PSID: K=0 to R-1
o Port range index: j = (1024/M)/R to ((65536/M)/R)-1, if the
well-known port numbers (0-1023) are excluded.
o Port continue index: i=0 to M-1
Li, et al. Expires May 3, 2012 [Page 5]
Internet-Draft dIVI with PD October 2011
2. The PSID (K) of a given port number (P) is determined by
K = (floor(P/M)) % R
Where
o % is modular operator
o floor(arg) is a function returns the largest integer not
greater than arg
4.2. Basic Mapping Rule (BMR)
Basic mapping rule is used for IPv4 prefix, address or port set
assignment.
| n bits | o bits | m bits | 128-n-o-m bits |
+--------------------+-----------+---------+------------+----------+
| Domain IPv6 prefix | EA bits |subnet ID| interface ID |
+--------------------+-----------+---------+-----------------------+
|<--- End-user IPv6 prefix --->|
Figure 2: IPv6 address format
The Embedded Address bits (EA bits) are unique per end user within a
Domain IPv6 prefix. The EA bits encode the CE specific IPv4 address
and port information. The EA bits can contain a full or part of an
IPv4 prefix or address, and in the shared IPv4 address case contains
a Port Set Identifier (PSID).
|<------------- EA bits----------->|
| r bits | p bits | q bits |
+-------------+---------------------+------------+
| Domain IPv4 | IPv4 Address suffix |Port Set ID |
+-------------+---------------------+------------+
| 32 bits |
Figure 3: Shared IPv4 address
The interface ID is defined as
<-8-><-------- L>=32 -------><48-L><8->
+---+----------------+------+-----+---+
| u | IPv4 address | PSID | 0 | L |
+---+----------------+------+-----+---+
Li, et al. Expires May 3, 2012 [Page 6]
Internet-Draft dIVI with PD October 2011
Figure 4: Interface ID
Forwarding Mapping Rule (FMR) is used for forwarding, whcih has
similar address format to BMR. Specifying forwarding mapping rule
determines the prefix of the IPv4-translatable addresses for other
CEs, which results in different routing behaviors (Hubs and Spokes or
Mesh).
4.3. Default Mapping Rule (DMR)
The Defualt mapping rule defines an IPv6 prefix (BR's IPv6 prefix).
The full destination IPv4 address must be encoded in the IPv6
address.
4.4. Address Specifications
Based on the above discussion, the addresses are defined in the
following figure.
Source address from a CE to any destination
(IPv4-translatable address)
<--------- 64 ------------><8 ><-------- L>=32 -----<>-44-L-<>8 <
+-------------+--------+---+---+----------------+----+-----+-+---+
|Domain prefix|EA bits | 0 | u | IPv4 address |PSID| 0 | L |
+-------------+--------+---+---+----------------+----+-----+-+---+
Destination address from a CE to the outside IPv4 Internet
(IPv4-converted address)
<--------- 64 ------------>< 8 ><---- 32 ----><----- 24 ----- >
+--------------------------+----+---------------+----------------+
| BR prefix | u | IPv4 address | 0 |
+--------------------------+----+---------------+----------------+
Figure 5: Extended IPv4-translatable address format
5. Header Translation and MTU Handling
The general header and ICMP translation specifications are defined in
[RFC6145].
Special MTU and fragmentation actions must be taken in the case of
dual translation.
Li, et al. Expires May 3, 2012 [Page 7]
Internet-Draft dIVI with PD October 2011
6. Dual Stateless Translation
When dual stateless IPv4/IPv6 translation is deployed, its behavior
is similar to tunneling. Tunneling do not require DNS64 and ALG.,
because the communication occurs in same address family. Dual
translation don't need DNS64 and ALG as well, even in each translator
the communication occurs between different address families.
However, there are following differences:
o Scalability. Dual stateless translation is based on routing,
there is nothing needed to maintain in the translator, operator's
management loads are minimum compared with tunneling scheme, which
has to maintain tunnel states.
o Low OPEX. Dual stateless translation can do traffic engineering
and flow analysis without decapsulation which is a must in tunnel
case.
o Header Compression. The dual stateless IPv4/IPv6 translation does
not need to do encapsulation and 12 octets header overhead are
reduced.
o Transparent transition to IPv6. The dual stateless translation
can be treated as a special case of single stateless translation,
the first XLAT performances exactly the same function, no matter
there is a XLAT.x or not. Hence it is a unified approach, rather
than special setup for the coexistence and transition. This is to
say that the ISP can deploy IPv6-only network with XLAT, so the
IPv6-only hosts can communicate with both the IPv6 Internet and
the IPv4 Internet. However, if for some reason a specific ALG
cannot be supported, and for users, who need that specific
application, can deploy XLAT.x. When the application is updated,
the XLAT.x can be removed. There is nothing to change to XLAT.
with more and more contents and users move to IPv6, the working
load of XLAT will be less and less, and eventually can be removed.
The whole process is transparent, smooth and incremental.
Due to the differences between the IPv4 header and the IPv6 header,
the dual stateless IPv4/IPv6 translation cannot be entirely lossless
[RFC6145], for example the IPv4 options are lost. The experimental
data shows that the IPv4 packets which contain options are very few
(10e-6) and causes no harm. Another corner case is the fragmetation
handling. For IPv4 packets with DF=1 and MF=1, the dual stateless
translation will results in DF=0. The experimental data shows that
the IPv4 packets with DF=1 and MF=1 are very few (10e-5) and causes
no harm.
Note that for dual stateless translation, the encapsulation (from
Li, et al. Expires May 3, 2012 [Page 8]
Internet-Draft dIVI with PD October 2011
IPv4 to IPv6) and decapsulation (from IPv6 to IPv4) defined by
[RFC2473] can be implemented in the translators. In this case, the
dual stateless translation processes are entirely lossless, it still
has the operation and management conveniences of the dual stateless
translation in layer 3, but the control in layer 4 is lost.
7. Deployment Considerations
Given:
1. The total number of CEs in this domain.
2. The sharing ratio R.
3. The port continue parameter M.
4. The customer prefix length.
5. The ISP's IPv6 prefix.
6. The ISP's IPv4 prefix.
7. The BR IPv6 prefix.
Other dIVI-PD configuration parameters can be derived using the port
mapping algorithm and address format defined in this document.
8. CE Configuration via DHCP Option
Based on the address format and the port mapping algorithm defined in
this document, the CE needs to get the corresponding parameters via
DHCPv6 [RFC3315][RFC3633] or others signaling scheme. These
parameters are:
1. The IPv6 prefix
2. The IPv6 prefix length
3. The IPv4 prefix
4. The IPv4 prefix length
5. The sharing ratio (R)
6. The maximum number of continue ports (M)
Li, et al. Expires May 3, 2012 [Page 9]
Internet-Draft dIVI with PD October 2011
7. The PSID (K)
8. The PSID length (c)
9. Experimental Evaluation
The basic stateless IPv4/IPv6 translation (IVI) has been deployed
since 2007. It connects [CERNET] and [CNGI-CERNET2].
The dual stateless translation with IPv4 address sharing (dIVI) has
been deployed in [CERNET] and [CNGI-CERNET2] since 2009. The design
and implementation results are presented in [I-D.xli-behave-divi].
The dIVI has also been tested in China Telecom. The
[I-D.sunq-v6ops-ivi-sp] summarizes the testing results.
The dIVI-pd presented in this document has been running in [CERNET]
and [CNGI-CERNET2] since Jan. 2011. The experimental results
indicate that the CPE index coding, the suffix coding and port-set ID
mapping algorithm work for existing applications without any problem.
10. Security Considerations
See security considerations presented in [RFC6052] and [RFC6145].
11. IANA Considerations
This memo adds no new IANA considerations.
Note to RFC Editor: This section will have served its purpose if it
correctly tells IANA that no new assignments or registries are
required, or if those assignments or registries are created during
the RFC publication process. From the author's perspective, it may
therefore be removed upon publication as an RFC at the RFC Editor's
discretion.
12. Acknowledgments
The authors would like to acknowledge the following contributors in
the different phases of the address-sharing IVI and dIVI development:
Hong Zhang, Yu Zhai, Wentao Shang, Weifeng Jiang, Bizhen Fu, Guoliang
Han and Weicai Wang.
The authors would like to acknowledge the following contributors who
Li, et al. Expires May 3, 2012 [Page 10]
Internet-Draft dIVI with PD October 2011
provided helpful inputs: Heyu Wang, Lu Yan, Dan Wing, Fred Baker,
Dave Thaler, Randy Bush, Kevin Yin and Bobby Li.
The authors would like to thank the MAP team for the technical
discussions, which make the continue improvements of dIVI-PD.
13. References
13.1. Normative References
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, February 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in
IPv6 Specification", RFC 2473, December 1998.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
Host Configuration Protocol (DHCP) version 6", RFC 3633,
December 2003.
[RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X.
Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052,
October 2010.
[RFC6144] Baker, F., Li, X., Bao, C., and K. Yin, "Framework for
IPv4/IPv6 Translation", RFC 6144, April 2011.
[RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation
Algorithm", RFC 6145, April 2011.
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, April 2011.
[RFC6147] Bagnulo, M., Sullivan, A., Matthews, P., and I. van
Beijnum, "DNS64: DNS Extensions for Network Address
Translation from IPv6 Clients to IPv4 Servers", RFC 6147,
April 2011.
Li, et al. Expires May 3, 2012 [Page 11]
Internet-Draft dIVI with PD October 2011
[RFC6219] Li, X., Bao, C., Chen, M., Zhang, H., and J. Wu, "The
China Education and Research Network (CERNET) IVI
Translation Design and Deployment for the IPv4/IPv6
Coexistence and Transition", RFC 6219, May 2011.
[RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix
Translation", RFC 6296, June 2011.
13.2. Informative References
[CERNET] "CERNET Homepage:
http://www.edu.cn/english_1369/index.shtml".
[CNGI-CERNET2]
"CNGI-CERNET2 Homepage:
http://www.cernet2.edu.cn/index_en.htm".
[I-D.bcx-behave-address-fmt-extension]
Bao, C. and X. Li, "Extended IPv6 Addressing for Encoding
Port Range", draft-bcx-behave-address-fmt-extension-01
(work in progress), October 2011.
[I-D.mdt-softwire-map-dhcp-option]
Mrugalski, T., Boucadair, M., and O. Troan, "DHCPv6
Options for Mapping of Address and Port",
draft-mdt-softwire-map-dhcp-option-00 (work in progress),
October 2011.
[I-D.mdt-softwire-mapping-address-and-port]
Troan, O., "Mapping of Address and Port (MAP)",
draft-mdt-softwire-mapping-address-and-port-00 (work in
progress), October 2011.
[I-D.murakami-softwire-4rd]
Murakami, T., Troan, O., and S. Matsushima, "IPv4 Residual
Deployment on IPv6 infrastructure - protocol
specification", draft-murakami-softwire-4rd-01 (work in
progress), September 2011.
[I-D.sunq-v6ops-ivi-sp]
Sun, Q., Xie, C., Li, X., Bao, C., and M. Feng,
"Considerations for Stateless Translation (IVI/dIVI) in
Large SP Network", draft-sunq-v6ops-ivi-sp-02 (work in
progress), March 2011.
[I-D.xli-behave-divi]
Bao, C., Li, X., Zhai, Y., and W. Shang, "dIVI: Dual-
Stateless IPv4/IPv6 Translation", draft-xli-behave-divi-04
Li, et al. Expires May 3, 2012 [Page 12]
Internet-Draft dIVI with PD October 2011
(work in progress), October 2011.
[RFC6346] Bush, R., "The Address plus Port (A+P) Approach to the
IPv4 Address Shortage", RFC 6346, August 2011.
Authors' Addresses
Xing Li
CERNET Center/Tsinghua University
Room 225, Main Building, Tsinghua University
Beijing 100084
CN
Phone: +86 10-62785983 begin_of_the_skype_highlighting +86 10-62785983 end_of_the_skype_highlighting
Email: xing@cernet.edu.cn
Congxiao Bao
CERNET Center/Tsinghua University
Room 225, Main Building, Tsinghua University
Beijing 100084
CN
Phone: +86 10-62785983 begin_of_the_skype_highlighting +86 10-62785983 end_of_the_skype_highlighting
Email: congxiao@cernet.edu.cn
Wojciech Dec
Cisco Systems
Haarlerberdweg 13-19
Amsterdam 1101 CH
NL
Email: wdec@cisco.com
Rajiv Asati
Cisco Systems
7025-6 Kit Creek Road
Research Triangle Park NC 27709
USA
Email: rajiva@cisco.com
Li, et al. Expires May 3, 2012 [Page 13]
Internet-Draft dIVI with PD October 2011
Chongfeng Xie
China Telecom
Room 708, No.118, Xizhimennei Street
Beijing 100035
CN
Phone: +86-10-58552116 begin_of_the_skype_highlighting +86-10-58552116 end_of_the_skype_highlighting
Email: xiechf@ctbri.com.cn
Qiong Sun
China Telecom
Room 708, No.118, Xizhimennei Street
Beijing 100035
CN
Phone: +86-10-58552936 begin_of_the_skype_highlighting +86-10-58552936 end_of_the_skype_highlighting
Email: sunqiong@ctbri.com.cn
Li, et al. Expires May 3, 2012 [Page 14]