Re: [v6ops] Operational Guidance for IPv6 Deployment in Predominantly IPv4 Sites - (pre-draft)
"Gunter Van de Velde (gvandeve)" <gvandeve@cisco.com> Tue, 12 April 2011 11:03 UTC
Return-Path: <gvandeve@cisco.com>
X-Original-To: v6ops@ietfc.amsl.com
Delivered-To: v6ops@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 39387E0704 for <v6ops@ietfc.amsl.com>; Tue, 12 Apr 2011 04:03:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.394
X-Spam-Level:
X-Spam-Status: No, score=-8.394 tagged_above=-999 required=5 tests=[AWL=1.605, BAYES_00=-2.599, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DuK6Qnn3me+Y for <v6ops@ietfc.amsl.com>; Tue, 12 Apr 2011 04:03:14 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by ietfc.amsl.com (Postfix) with ESMTP id 7F6A7E06B6 for <v6ops@ietf.org>; Tue, 12 Apr 2011 04:03:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=gvandeve@cisco.com; l=7486; q=dns/txt; s=iport; t=1302606193; x=1303815793; h=mime-version:content-transfer-encoding:subject:date: message-id:in-reply-to:references:from:to; bh=yoFMWrKoBlSHKXE1QCDNTdRyLGtspfuILcaUkwH5wCc=; b=jsSSDV1mbVUBW6wPytlLdJ1WfJ3jfaNI0RH6u6SScXGi6JfPVVAg0KxJ E+9bgkhAQPrD11WKJJAk12fuMGWJbaYUbDR0HKHB+l5M4qAMdE07URBzT CrrS5siBuJzrqSIzxxDeiz+fszsEFzH8giHN7it0H0+bxmJ6JDYhDQfpk 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAJEwpE2Q/khR/2dsb2JhbACmLHekepx3hW4EkVc
X-IronPort-AV: E=Sophos;i="4.64,194,1301875200"; d="scan'208";a="83223284"
Received: from ams-core-1.cisco.com ([144.254.72.81]) by ams-iport-1.cisco.com with ESMTP; 12 Apr 2011 11:03:12 +0000
Received: from xbh-ams-101.cisco.com (xbh-ams-101.cisco.com [144.254.74.71]) by ams-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id p3CB3CPS011864; Tue, 12 Apr 2011 11:03:12 GMT
Received: from xmb-ams-101.cisco.com ([144.254.74.76]) by xbh-ams-101.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 12 Apr 2011 13:03:12 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 12 Apr 2011 13:03:10 +0200
Message-ID: <4269EA985EACD24987D82DAE2FEC62E503764E39@XMB-AMS-101.cisco.com>
In-Reply-To: <E1829B60731D1740BB7A0626B4FAF0A65C699E721E@XCH-NW-01V.nw.nos.boeing.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [v6ops] Operational Guidance for IPv6 Deployment in Predominantly IPv4 Sites - (pre-draft)
Thread-Index: Acv4RPaAwKW3FKbCS76FU3Oxx/og4QAGIvjAACipH5A=
References: <7B64C6B4-23DB-44AE-8941-ACE9964A3578@cisco.com> <E1829B60731D1740BB7A0626B4FAF0A65C699E721E@XCH-NW-01V.nw.nos.boeing.com>
From: "Gunter Van de Velde (gvandeve)" <gvandeve@cisco.com>
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>, v6ops@ietf.org
X-OriginalArrivalTime: 12 Apr 2011 11:03:12.0046 (UTC) FILETIME=[36D5DCE0:01CBF901]
Subject: Re: [v6ops] Operational Guidance for IPv6 Deployment in Predominantly IPv4 Sites - (pre-draft)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Apr 2011 11:03:15 -0000
Many thanks for sharing. In some way I have a feeling that native-v6 should be promoted above ISATAP. ISATAP is tunneling and eventhough its not as bad as 6to4, it is way worse as native v6. Fact is that my affiliation company is using ISATAP right now, and it is part of the migration strategy for implementing IPv6, but we do want to get away from it asap due to a set of disadvantages it includes. My take is that when a new RFC like this would be generated, it will be too late for actual usage because the world and the enterprises have moved forward. All the best, G/ -----Original Message----- From: v6ops-bounces@ietf.org [mailto:v6ops-bounces@ietf.org] On Behalf Of Templin, Fred L Sent: 11 April 2011 20:18 To: v6ops@ietf.org Subject: [v6ops] Operational Guidance for IPv6 Deployment in Predominantly IPv4 Sites - (pre-draft) Hello, The following should not be construed as a draft, but rather just a set of ideas that might be considered for inclusion in a new or existing draft. Any comments or suggestions? Thanks - Fred fred.l.templin@boeing.com --- cut here --- Introduction ************ Countless end user sites in the Internet today still have predominantly IPv4 infrastructures. These sites range in size from small home/office networks to large corporate enterprise networks, but share the commonality that IPv4 continues to provide satisfactory internal routing and addressing services. As more and more IPv6-only services are deployed in the Internet, however, end user devices within the site will increasingly require at least basic IPv6 functionality for external access. This pre-draft provides operational guidance for predominantly IPv4 sites in making transitional IPv6 services available without disrupting existing IPv4 services. Characteristics of Existing IPv4 Sites ************************************** Existing end user sites use IPv4 routing and addressing internally for normal IT operations such as filesharing, network printing, e-mail, conferencing and numerous other critical site-internal networking services. Such sites typically have an abundance of public or private IPv4 addresses for internal networking, and are separated from the public Internet by firewalls, packet filtering gateways, proxies, address translators and other site border securing devices. To date, such sites have had little incentive to enable IPv6 services internally [RFC1687]. With the emergence of IPv6-only services within the public Internet, however, existing IPv4 sites will increasingly require a means for enabling client-side IPv6 services so that end user devices within the site can access IPv6 Internet services. Such services must be deployable with minimal configuration and in a fashion that will not cause disruptions to existing IPv4 services within the site. The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) [RFC5214] provides a simple-to-use service that sites can deploy in the near term to meet these reqirements while a longer-term site-wide IPv6 deployment plan is conducted in parallel. Enabling Client-Side IPv6 Services with ISATAP ********************************************** Small sites typically arrange to obtain public IPv6 prefixes from an Internet Service Provider (ISP) in the same fashion as for home network users. When the ISP does not yet provide native IPv6 services, it can instead offer a transitional service with native-equivalent capabilities using 6RD [RFC5569][RFC5969]. Large sites typically obtain provider independent IPv6 prefixes from an Internet registry and advertise the prefixes into the IPv6 routing system on their own behalf, i.e., they act as an ISP unto themselves. In both cases, the site can automatically enable ISATAP based IPv6 services by configuring one or more site border routers as ISATAP routers. Each such ISATAP router is added to the Potential Router List (PRL) for the site so that hosts in the network can discover them for default route and prefix auto-configuration purposes. When there are multiple ISATAP site border routers, the routers can advertise the same IPv6 prefix or a different set of IPv6 prefixes of prefix length /64. For example, a first router may advertise 2001:db8:0:0::/64, a second may advertise 2001:db8:0:1::/64, etc. The routers can further be configured to advertise different prefixes to different sets of hosts within the site (e.g., as identified by the host's IPv4 prefix) for the purpose of site partitioning. In all cases, however, the site border routers must take operational measures to avoid routing loops [draft-ietf-v6ops-tunnel-loops]. As a simple mitigation, the site border router can drop any incoming packets that have an IPv4 source or outgoing packets that have an IPv4 destination address of another site border router, e.g., by checking for the address in the site's PRL. ISATAP hosts will automatically discover ISATAP site border routers and configure ISATAP addresses using Stateless Address AutoConfiguration (SLAAC) based on the advertised IPv6 prefixes. In order to provide a simple service that does not interact poorly with existing site topological arrangements, the site can enable client-side only operation so that hosts only use the ISATAP service for accessing IPv6 services on the public Internet, while continuing to use IPv4 services for intra-site communications. In order to maintain a client-side only service, the site should not configure any IPv6 addresses provided by ISATAP within site name service resource records. In this way, intra-site communications will continue to use existing IPv4 networking services instead of ISATAP-served IPv6 services. This arrangement prevents communication failure modes in which a pair of ISATAP hosts are separated by a packet filtering gateway which would prevent direct communications via the tunneled IPv6 service. To further disable host-to-host ISATAP communications within the site, the ISATAP site border routers should advertise their prefixes with the (A,L) flags set to (1,0) in their IPv6 Router Advertisements. In that way, each ISATAP host will autoconfigure an address from the advertised IPv6 prefix and assign it to their ISATAP interface, but they will not assign an IPv6 prefix to the ISATAP interface. Therefore, no two ISATAP hosts will see each other as on-link neighbors, and all IPv6 communications from the hosts will flow through an ISATAP site border router in order to access IPv6 services in the Internet. Migration to Native IPv6 Services ********************************* ISATAP hosts should be configured to prefer native IPv6 services instead of ISATAP whenever available. As the site transitions its internal routers and links to use IPv6 natively, hosts will naturally begin to receive native IPv6 router advertisments and will begin using the native IPv6 service instead of ISATAP. As more and more native IPv6 service is enabled in the site, IPv6 addresses can be entered into site name service resource records to enable intra-site IPv6 service discovery. In that way, predominantly IPv4 sites will begin to operate a parallel native IPv6 service, and legacy IPv4 services will gradually be phased out. _______________________________________________ v6ops mailing list v6ops@ietf.org https://www.ietf.org/mailman/listinfo/v6ops
- [v6ops] WGLC draft-ietf-v6ops-ipv6-multihoming-wi… Fred Baker
- [v6ops] Operational Guidance for IPv6 Deployment … Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Gunter Van de Velde (gvandeve)
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Randy Bush
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Hemant Singh (shemant)
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6Deployme… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6Deployme… Hemant Singh (shemant)
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Ole Troan
- Re: [v6ops] Operational Guidance for IPv6Deployme… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Hemant Singh (shemant)
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Mark Smith
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Mark Smith
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- [v6ops] Simplified Automatic IPv6 Renumbering wit… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Lee Howard
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Philip Homburg
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Philip Homburg
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Philip Homburg
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L