[homenet] Comments requested for draft CER-ID
Michael Kloberdans <M.Kloberdans@cablelabs.com> Mon, 27 October 2014 13:03 UTC
Return-Path: <M.Kloberdans@cablelabs.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69DB21A8ADF for <homenet@ietfa.amsl.com>; Mon, 27 Oct 2014 06:03:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.227
X-Spam-Level:
X-Spam-Status: No, score=0.227 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rfQwqvfzXaAd for <homenet@ietfa.amsl.com>; Mon, 27 Oct 2014 06:03:50 -0700 (PDT)
Received: from ondar.cablelabs.com (ondar.cablelabs.com [192.160.73.61]) by ietfa.amsl.com (Postfix) with ESMTP id B59BB1A0366 for <homenet@ietf.org>; Mon, 27 Oct 2014 06:03:49 -0700 (PDT)
Received: from kyzyl.cablelabs.com (kyzyl [10.253.0.7]) by ondar.cablelabs.com (8.14.7/8.14.7) with ESMTP id s9RD3nXN017786 for <homenet@ietf.org>; Mon, 27 Oct 2014 07:03:49 -0600
Received: from exchange.cablelabs.com (10.5.0.19) by kyzyl.cablelabs.com (F-Secure/fsigk_smtp/407/kyzyl.cablelabs.com); Mon, 27 Oct 2014 07:03:49 -0600 (MDT)
X-Virus-Status: clean(F-Secure/fsigk_smtp/407/kyzyl.cablelabs.com)
Received: from EXCHANGE.cablelabs.com ([::1]) by EXCHANGE.cablelabs.com ([::1]) with mapi id 14.03.0195.001; Mon, 27 Oct 2014 07:03:48 -0600
From: Michael Kloberdans <M.Kloberdans@cablelabs.com>
To: "homenet@ietf.org" <homenet@ietf.org>
Thread-Topic: Comments requested for draft CER-ID
Thread-Index: AQHP8eZyBnMT2tvAoEOB5hY9+dInug==
Date: Mon, 27 Oct 2014 13:03:48 +0000
Message-ID: <D0739ED2.D31D%m.kloberdans@cablelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.4.2.9]
Content-Type: multipart/alternative; boundary="_000_D0739ED2D31Dmkloberdanscablelabscom_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/PziPzCVTiqGadEt2EGa_XLjrwDA
Subject: [homenet] Comments requested for draft CER-ID
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Oct 2014 13:03:54 -0000
As co-chair of the Homenet working group, Mark Townsley suggested that the Homenet group provide comments on the CER-ID (Customer Edge Router Identification), draft before adding it to the Homenet agenda for IETF-91. This draft proposes a DHCP option that explicitly identifies a specific home router as the edge between the boundary of the public and private networks at the home. The CER has a public-facing interface and one or more internal-facing interface(s). Conversely, it also identifies internal routers that are not at the boundary edge. Knowing the edge is important for applying services such as a firewall, NAPT and requesting IPv6 PDs. This draft also provides a mechanism to change the default automatically or manually assigned edge router. This draft peacefully co-exists with other border detection and other assignment methods. The CER-ID draft features have already been incorporated into Cable Industry specifications for eRouter (Cable Modem integrated into a routing, switching unit), but could also be helpful to TELCO and other industries. Flexibility was built-in by allowing multiple numbering schemes to identify the CER, including up to 128-bits for an IPv6 address. A simple number can also be used to act as a flag if desired. Again, the ability to manually or automatically move the designation of the edge router is available by using a double colon ‘::’ in the CER-ID field and indicates that router is NOT the Edge router. Behaviors resulting from the knowledge of the CER are left to other implementations. One implementation detects the CER and disables firewall, NAPT and allocates PD requests for all Internal Routers (non-CER), but this is just one example of applying behaviors based on knowing where the CER lies. Please read this short draft below and provide comments. Regards, Network Working Group C. Donley Internet-Draft M. Kloberdans Intended status: Informational CableLabs Expires: February 13, 2015 J. Brzozowski Comcast C. Grundemann ISOC August 12, 2014 Customer Edge Router Identification Option draft-donley-dhc-cer-id-option-04 Abstract Addressing mechanisms supporting DHCPv6 Prefix Delegation in home networks such as those described in CableLabs' eRouter specification and the HIPnet Internet-Draft require identification of the customer edge router (CER) as the demarcation between the customer network and the service provider network. This document reserves a DHCPv6 option to identify the CER. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on February 13, 2015. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents Donley, et al. Expires February 13, 2015 [Page 1] Internet-Draft cer-id-option August 2014 carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 2. CER Identification Option . . . . . . . . . . . . . . . . . . 2 3. CER-ID Compatibility . . . . . . . . . . . . . . . . . . . . 4 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 7.2. Informative References . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction Some addressing mechanisms supporting DHCPv6 Prefix Delegation in home networks such as those described in [I-D.grundemann-homenet-hipnet] and [EROUTER] require identification of the customer edge router as the demarcation between the customer network and the service provider network. For prefix delegation purposes, it is desirable for other routers within the home to know which device is the CER so that the customer home network only requests a single prefix from the ISP DHCPv6 server, and efficiently distributes this prefix within the home. CER-ID is a 128-bit string that optionally represents an IPV6 address, or another arbitrary number. The CER-ID maybe treated as a hint to be used with border detection methods. This document reserves a DHCPv6 option to be used to identify the CER. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 2. CER Identification Option A Customer Edge Router (CER) sets the CER_ID to the IPv6 address of its LAN interface. If it has more than one LAN IPv6 address, it selects one of its LAN or loopback IPv6 addresses to be used in the CER_ID. An ISP server does not respond with the CER_ID or sets the Donley, et al. Expires February 13, 2015 [Page 2] Internet-Draft cer-id-option August 2014 CER_ID to ::. Such a response or lack of response indicates to the DHCPv6 client that it is the CER. The format of the CER Identification option is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | option-code | option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | CER_ID | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ option-code OPTION_CER_ID (TBD). option-len 36 CER_ID value IPv6 address of CER or :: Figure 1. A DHCPv6 client SHOULD include the CER Identification option code in an Option Request option [RFC3315] in its DHCP Solicit messages. The DHCPv6 server MAY include the CER Identification option in any response it sends to a client that has included the CER Identification option code in an Option Request option. The CER Identification option is sent in the main body of the message to client, not as a sub-option in, e.g., an IA_NA, IA_TA [RFC3315]option. When sending the CER Identification option, the DHCPv6 server MUST set the CER_ID value to either one of its IPv6 addresses, another identifier, or ::. If a device does not receive the CER Identification Option or receives a CER ID of :: from the DHCPv6 server, it MUST include one of its Globally Unique IPv6 addresses (unless another identifier is used), in the CER_ID value in response to DHCPv6 messages received by its DHCPv6 server that contains the CER Identification option code in an Option Request option. If the device has only one LAN interface, it SHOULD use its LAN IPv6 address as the CER_ID value. If the device has more than one LAN interface, it SHOULD use the lowest Globally Unique address not assigned to its WAN interface. Donley, et al. Expires February 13, 2015 [Page 3] Internet-Draft cer-id-option August 2014 3. CER-ID Compatibility CER-ID explicitly indicates that a gateway is, or is not, the demarcation point between public and private networks by containing a reachable IPv6 address, other identifier or a double colon '::' (double colon indicates that the CER-ID sender is NOT the edge router), and as a compliment, can be applied to various border definitions and detection methods such as: o I.D. Draft-IETF-Homenet-Arch-16 [I-D.ietf-homenet-arch] o I.D. Draft-Grundemann-homenet-HIPnet-01 [I-D.grundemann-homenet-hipnet] o I.D. Draft-IETF-Kline-Homenet-Default-Perimeter-01 [I-D.kline-default-perimeter] o Others, including manual configuration 4. IANA Considerations IANA is requested to assign an option code from the "DHCP Option Codes" Registry for OPTION_CER_ID. IANA is also requested to maintain a list of authentication options. 5. Security Considerations The security of a home network is an important consideration. Both the HIPNet [I-D.grundemann-homenet-hipnet] and Homenet [I-D.ietf-homenet-arch] approaches change the operational model of the home network vs. today's IPv4-only paradigm. Specifically, these networks eliminate NAT inside the home network (and only enable it for IPv4 at the edge router, if required), support global addressability of devices, and thus need to consider firewall and/or filter support in various home routers. As the security profile of these home routers can shift based on their position in the network (e.g., edge vs. internal), security can be severely compromised if routers misidentify their border and mistakenly reduce or eliminate firewall rules. If the CER-ID option is used as part of the border detection algorithm, it becomes a natural, but not the only place to enact firewall, NAT, Prefix Delegation and other functions in the home network. 6. Acknowledgements Donley, et al. Expires February 13, 2015 [Page 4] Internet-Draft cer-id-option August 2014 7. References 7.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003. 7.2. Informative References [EROUTER] CableLabs, "CableLabs IPv4 and IPv6 eRouter Specification (CM-SP-eRouter-I12-131120)", April 2014. [I-D.grundemann-homenet-hipnet] Grundemann, C., Donley, C., Brzozowski, J., Howard, L., and V. Kuarsingh, "A Near Term Solution for Home IP Networking (HIPnet)", draft-grundemann-homenet-hipnet-01 (work in progress), February 2013. [I-D.ietf-homenet-arch] Chown, T., Arkko, J., Brandt, A., Troan, O., and J. Weil, "IPv6 Home Networking Architecture Principles", draft- ietf-homenet-arch-16 (work in progress), June 2014. [I-D.kline-default-perimeter] Kline, E., "Default Border Definition", draft-kline- default-perimeter-01 (work in progress), November 2012. Authors' Addresses Chris Donley CableLabs 858 Coal Creek Cir. Louisville, CO 80027 US Email: c.donley@cablelabs.com<mailto:c.donley@cablelabs.com> Donley, et al. Expires February 13, 2015 [Page 5] Internet-Draft cer-id-option August 2014 Michael Kloberdans CableLabs 858 Coal Creek Cir Louisville, CO 80027 US Email: m.kloberdans@cablelabs.com<mailto:m.kloberdans@cablelabs.com> John Brzozowski Comcast 1306 Goshen Parkway West Chester, PA 19380 US Email: john_brzozowski@cable.comcast.com<mailto:john_brzozowski@cable.comcast.com> Chris Grundemann ISOC Denver CO Email: cgrundemann@gmail.com<mailto:cgrundemann@gmail.com> Donley, et al. Expires February 13, 2015 [Page 6] Michael Kloberdans Lead Architect / Home Networking CableLabs® 858 Coal Creek Circle. Louisville, CO. 80027 303-661-3813 (v)
- [homenet] Comments requested for draft CER-ID Michael Kloberdans
- Re: [homenet] Comments requested for draft CER-ID Markus Stenberg
- Re: [homenet] Comments requested for draft CER-ID Michael Kloberdans
- Re: [homenet] Comments requested for draft CER-ID Markus Stenberg
- Re: [homenet] Comments requested for draft CER-ID Ola Thoresen
- Re: [homenet] Comments requested for draft CER-ID Michael Kloberdans
- Re: [homenet] Comments requested for draft CER-ID Michael Kloberdans
- Re: [homenet] Comments requested for draft CER-ID STARK, BARBARA H
- Re: [homenet] Comments requested for draft CER-ID David R Oran
- Re: [homenet] Comments requested for draft CER-ID Ola Thoresen
- Re: [homenet] Comments requested for draft CER-ID Ray Hunter
- Re: [homenet] Comments requested for draft CER-ID Michael Richardson
- Re: [homenet] Comments requested for draft CER-ID Mikael Abrahamsson
- Re: [homenet] Comments requested for draft CER-ID Michael Kloberdans