[v6ops] Operational Guidance for IPv6 Deployment in Predominantly IPv4 Sites - (pre-draft)
"Templin, Fred L" <Fred.L.Templin@boeing.com> Mon, 11 April 2011 18:18 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: v6ops@core3.amsl.com
Delivered-To: v6ops@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 30E843A6A47 for <v6ops@core3.amsl.com>; Mon, 11 Apr 2011 11:18:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.36
X-Spam-Level:
X-Spam-Status: No, score=-6.36 tagged_above=-999 required=5 tests=[AWL=0.239, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id soJEpbBNkR-Y for <v6ops@core3.amsl.com>; Mon, 11 Apr 2011 11:18:19 -0700 (PDT)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by core3.amsl.com (Postfix) with ESMTP id 329E93A6A09 for <v6ops@ietf.org>; Mon, 11 Apr 2011 11:18:19 -0700 (PDT)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by stl-smtpout-01.ns.cs.boeing.com (8.14.4/8.14.4/8.14.4/SMTPOUT) with ESMTP id p3BIIHA5026779 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <v6ops@ietf.org>; Mon, 11 Apr 2011 13:18:17 -0500 (CDT)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.4/8.14.4/DOWNSTREAM_RELAY) with ESMTP id p3BIIHCZ012593 for <v6ops@ietf.org>; Mon, 11 Apr 2011 13:18:17 -0500 (CDT)
Received: from XCH-NWHT-08.nw.nos.boeing.com (xch-nwht-08.nw.nos.boeing.com [130.247.25.112]) by stl-av-01.boeing.com (8.14.4/8.14.4/UPSTREAM_RELAY) with ESMTP id p3BIIFtW012546 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK) for <v6ops@ietf.org>; Mon, 11 Apr 2011 13:18:16 -0500 (CDT)
Received: from XCH-NW-01V.nw.nos.boeing.com ([130.247.64.120]) by XCH-NWHT-08.nw.nos.boeing.com ([130.247.25.112]) with mapi; Mon, 11 Apr 2011 11:18:15 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: "v6ops@ietf.org" <v6ops@ietf.org>
Date: Mon, 11 Apr 2011 11:18:14 -0700
Thread-Topic: Operational Guidance for IPv6 Deployment in Predominantly IPv4 Sites - (pre-draft)
Thread-Index: Acv4RPaAwKW3FKbCS76FU3Oxx/og4QAGIvjA
Message-ID: <E1829B60731D1740BB7A0626B4FAF0A65C699E721E@XCH-NW-01V.nw.nos.boeing.com>
References: <7B64C6B4-23DB-44AE-8941-ACE9964A3578@cisco.com>
In-Reply-To: <7B64C6B4-23DB-44AE-8941-ACE9964A3578@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [v6ops] Operational Guidance for IPv6 Deployment in Predominantly IPv4 Sites - (pre-draft)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Apr 2011 18:18:20 -0000
Hello, The following should not be construed as a draft, but rather just a set of ideas that might be considered for inclusion in a new or existing draft. Any comments or suggestions? Thanks - Fred fred.l.templin@boeing.com --- cut here --- Introduction ************ Countless end user sites in the Internet today still have predominantly IPv4 infrastructures. These sites range in size from small home/office networks to large corporate enterprise networks, but share the commonality that IPv4 continues to provide satisfactory internal routing and addressing services. As more and more IPv6-only services are deployed in the Internet, however, end user devices within the site will increasingly require at least basic IPv6 functionality for external access. This pre-draft provides operational guidance for predominantly IPv4 sites in making transitional IPv6 services available without disrupting existing IPv4 services. Characteristics of Existing IPv4 Sites ************************************** Existing end user sites use IPv4 routing and addressing internally for normal IT operations such as filesharing, network printing, e-mail, conferencing and numerous other critical site-internal networking services. Such sites typically have an abundance of public or private IPv4 addresses for internal networking, and are separated from the public Internet by firewalls, packet filtering gateways, proxies, address translators and other site border securing devices. To date, such sites have had little incentive to enable IPv6 services internally [RFC1687]. With the emergence of IPv6-only services within the public Internet, however, existing IPv4 sites will increasingly require a means for enabling client-side IPv6 services so that end user devices within the site can access IPv6 Internet services. Such services must be deployable with minimal configuration and in a fashion that will not cause disruptions to existing IPv4 services within the site. The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) [RFC5214] provides a simple-to-use service that sites can deploy in the near term to meet these reqirements while a longer-term site-wide IPv6 deployment plan is conducted in parallel. Enabling Client-Side IPv6 Services with ISATAP ********************************************** Small sites typically arrange to obtain public IPv6 prefixes from an Internet Service Provider (ISP) in the same fashion as for home network users. When the ISP does not yet provide native IPv6 services, it can instead offer a transitional service with native-equivalent capabilities using 6RD [RFC5569][RFC5969]. Large sites typically obtain provider independent IPv6 prefixes from an Internet registry and advertise the prefixes into the IPv6 routing system on their own behalf, i.e., they act as an ISP unto themselves. In both cases, the site can automatically enable ISATAP based IPv6 services by configuring one or more site border routers as ISATAP routers. Each such ISATAP router is added to the Potential Router List (PRL) for the site so that hosts in the network can discover them for default route and prefix auto-configuration purposes. When there are multiple ISATAP site border routers, the routers can advertise the same IPv6 prefix or a different set of IPv6 prefixes of prefix length /64. For example, a first router may advertise 2001:db8:0:0::/64, a second may advertise 2001:db8:0:1::/64, etc. The routers can further be configured to advertise different prefixes to different sets of hosts within the site (e.g., as identified by the host's IPv4 prefix) for the purpose of site partitioning. In all cases, however, the site border routers must take operational measures to avoid routing loops [draft-ietf-v6ops-tunnel-loops]. As a simple mitigation, the site border router can drop any incoming packets that have an IPv4 source or outgoing packets that have an IPv4 destination address of another site border router, e.g., by checking for the address in the site's PRL. ISATAP hosts will automatically discover ISATAP site border routers and configure ISATAP addresses using Stateless Address AutoConfiguration (SLAAC) based on the advertised IPv6 prefixes. In order to provide a simple service that does not interact poorly with existing site topological arrangements, the site can enable client-side only operation so that hosts only use the ISATAP service for accessing IPv6 services on the public Internet, while continuing to use IPv4 services for intra-site communications. In order to maintain a client-side only service, the site should not configure any IPv6 addresses provided by ISATAP within site name service resource records. In this way, intra-site communications will continue to use existing IPv4 networking services instead of ISATAP-served IPv6 services. This arrangement prevents communication failure modes in which a pair of ISATAP hosts are separated by a packet filtering gateway which would prevent direct communications via the tunneled IPv6 service. To further disable host-to-host ISATAP communications within the site, the ISATAP site border routers should advertise their prefixes with the (A,L) flags set to (1,0) in their IPv6 Router Advertisements. In that way, each ISATAP host will autoconfigure an address from the advertised IPv6 prefix and assign it to their ISATAP interface, but they will not assign an IPv6 prefix to the ISATAP interface. Therefore, no two ISATAP hosts will see each other as on-link neighbors, and all IPv6 communications from the hosts will flow through an ISATAP site border router in order to access IPv6 services in the Internet. Migration to Native IPv6 Services ********************************* ISATAP hosts should be configured to prefer native IPv6 services instead of ISATAP whenever available. As the site transitions its internal routers and links to use IPv6 natively, hosts will naturally begin to receive native IPv6 router advertisments and will begin using the native IPv6 service instead of ISATAP. As more and more native IPv6 service is enabled in the site, IPv6 addresses can be entered into site name service resource records to enable intra-site IPv6 service discovery. In that way, predominantly IPv4 sites will begin to operate a parallel native IPv6 service, and legacy IPv4 services will gradually be phased out.
- [v6ops] WGLC draft-ietf-v6ops-ipv6-multihoming-wi… Fred Baker
- [v6ops] Operational Guidance for IPv6 Deployment … Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Gunter Van de Velde (gvandeve)
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Randy Bush
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Hemant Singh (shemant)
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6Deployme… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6Deployme… Hemant Singh (shemant)
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Ole Troan
- Re: [v6ops] Operational Guidance for IPv6Deployme… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Hemant Singh (shemant)
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Mark Smith
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Mark Smith
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- [v6ops] Simplified Automatic IPv6 Renumbering wit… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Lee Howard
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Philip Homburg
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Philip Homburg
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Philip Homburg
- Re: [v6ops] Operational Guidance for IPv6 Deploym… Templin, Fred L