[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Nits]

Versions: 00 draft-chown-homenet-arch

Network Working Group                                           J. Arkko
Internet-Draft                                                  Ericsson
Intended status: Informational                               M. Townsley
Expires: January 6, 2012                                           Cisco
                                                            July 5, 2011


                 Home Networking Architecture for IPv6
                  draft-arkko-townsley-homenet-arch-00

Abstract

   This memo focuses on the evolving networking technology within and
   among relatively small "residential home" networks.  The goal of this
   memo is to define the architecture for IPv6-based home networking
   that supports the demands placed on it.  This architecture shows how
   standard IPv6 mechanisms and addressing can be employed in home
   networking, and outlines the need for specific protocol extensions
   for certain additional functionality.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 6, 2012.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must



Arkko & Townsley         Expires January 6, 2012                [Page 1]


Internet-Draft            IPv6 Home Networking                 July 2011


   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Effects of IPv6 on Home Networking . . . . . . . . . . . . . .  3
   3.  Architecture . . . . . . . . . . . . . . . . . . . . . . . . .  5
     3.1.  Requirements . . . . . . . . . . . . . . . . . . . . . . .  8
     3.2.  Principles . . . . . . . . . . . . . . . . . . . . . . . .  9
     3.3.  Implementing the Architecture on IPv6  . . . . . . . . . . 10
   4.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
     4.1.  Normative References . . . . . . . . . . . . . . . . . . . 11
     4.2.  Informative References . . . . . . . . . . . . . . . . . . 11
   Appendix A.  Acknowledgments . . . . . . . . . . . . . . . . . . . 12
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 12

































Arkko & Townsley         Expires January 6, 2012                [Page 2]


Internet-Draft            IPv6 Home Networking                 July 2011


1.  Introduction

   This memo focuses on the evolving networking technology within and
   among relatively small "residential home" networks and the associated
   challenges.  For example, an obvious trend in home networking is the
   proliferation of networking technology in an increasingly broad range
   and number of devices.  This evolution in scale and diversity sets
   some requirements on IETF protocols.  Some of these requirements
   relate to the need for supporting multiple subnets for private and
   guest networks, the introduction of IPv6, and the introduction of
   specialized networks for home automation and sensors.

   While many advanced home networks have been built, most operate based
   on IPv4, employ solutions that we would like to avoid such as network
   address translation (NAT), or require an expert assistance to set up.
   The architectural constructs in this document are focused on the
   problems to be solved when introducing IPv6 with a eye towards a
   better result than what we have today with IPv4, as well as a better
   result than if the IETF had not given this specific guidance.

   This architecture document aims to provide the basis for how standard
   IPv6 mechanisms and addressing [RFC2460] [RFC4291] can be employed in
   home networking, while coexisting with existing IPv4 mechanisms that
   are widely deployed.


2.  Effects of IPv6 on Home Networking

   Service providers are deploying IPv6, widely accessed content is
   becoming available on IPv6, and support for IPv6 is increasingly
   available in devices and software used in the home.  While IPv6
   resembles IPv4 in many ways, it changes address allocation principles
   and allows direct IP addressability and routing to devices in the
   home from the Internet.  Following is an overview of some of the
   areas of that are both promising and problematic:

   Multiple segments

      While less complex L3-topologies involving as few subnets as
      possible are preferred in home networks for a variety of reasons
      including simpler management and service discovery, incorporation
      of dedicated segments remain necessary for some cases.  For
      instance, a common feature in modern home routers in the ability
      to support both guest and private network segments.  Also, link
      layer networking technology is poised to become more
      heterogeneous, as networks begin to employ both traditional
      Ethernet technology and link layers designed for low-powered
      sensor networks.  Finally, similar needs for segmentation may



Arkko & Townsley         Expires January 6, 2012                [Page 3]


Internet-Draft            IPv6 Home Networking                 July 2011


      occur in other cases, such as separating building control or
      corporate extensions from the Internet access network.  Different
      segments may be associated with subnets that have different
      routing and security policies.

      Documents that provide some more specific background and depth on
      this topic include: [I-D.herbst-v6ops-cpeenhancements], r
      [I-D.baker-fun-multi-router], and [I-D.baker-fun-routing-class].

      In addition to routing, rather than natting, between subnets,
      there are issues of when and how to extend mechanisms such as
      service discovery which currently rely on link-local addressing to
      limit scope.

   Security, Borders, and the elimination of NAT

      The End-to-end communication that is promised with IPv6 is both an
      incredible opportunity for innovation and easy of network
      operation, but it is also a concern as it it exposes nodes in the
      internal networks to receipt of otherwise unwanted traffic from
      the Internet.  Firewalls that restrict incoming connections may be
      used to prevent exposure, however, this reduces the efficacy of
      end-to-end connectivity that IPv6 has the potential to restore.
      [RFC6092] provides recommendations for an IPv6 firewall that
      applies "limitations on end-to-end transparency where security
      considerations are deemed important to promote local and Internet
      security."  The firewall operation is "Simple" in that there is an
      assumption that traffic which is to be blocked by default is
      defined in the RFC and not expected to be updated by the user or
      otherwise.  Advanced Security for IPv6 CPE
      [I-D.vyncke-advanced-ipv6-security] takes the approach that in
      order to provide the greatest end-to-end transparency as well as
      security, security polices must be updated by a trusted party
      which can provide intrusion signatures an other "active"
      information on security threats.  This is much like a virus-
      scanning tool which must receive updates in order to detect and/or
      neutralize the latest attacks as they arrive.  As the name implies
      "Advanced" security requires significantly more resources and
      infrastructure (including a source for attack signatures) vs.
      "Simple" security.

      In addition to the security mechanisms themselves, it is important
      to know where to enable them.  If there is some indication as to
      which router is connected to the "outside" of the home network,
      this is feasible.  Otherwise, it can be difficult to know which
      security policies to apply where.  Further, security policies may
      be different for various address ranges if ULA addressing is setup
      to only operate within the homenet itself and not be routed to the



Arkko & Townsley         Expires January 6, 2012                [Page 4]


Internet-Draft            IPv6 Home Networking                 July 2011


      Internet at large.

   Naming, and manual configuration of IP addresses

      In IPv4, it is common practice to reach a router for
      configuration, DNS resolver functions, or otherwise via
      192.168.1.1 or some other well-known RFC 1918 address.  In IPv6,
      there is no such address space available, and generally IPv6
      addresses are more cumbersome for humans to manually configure.
      As such, even for the simplest of functions, naming and the
      associated discovery of service is imperative for an easy to
      administer homenet.


3.  Architecture

   An architecture outlines how to construct home networks involving
   multiple routers and subnets.  In the following this memo presents a
   few typical home network topology models, followed by architectural
   principles that govern how the various nodes should work together.
   Finally, some guidelines are given for realizing the architecture
   with the IPv6 addressing architecture, prefix delegation, global and
   ULA addresses, source address selection rules and other existing
   components of the IPv6 architecture.  The architecture also drives
   what protocols extensions are necessary, as will be discussed in
   Section 3.3.

   Figure 1 shows the simplest possible home network topology, involving
   just one router, a local area network, and a set of hosts.  Setting
   up such networks is well understood today [RFC6204].





















Arkko & Townsley         Expires January 6, 2012                [Page 5]


Internet-Draft            IPv6 Home Networking                 July 2011


                +-------+-------+                      \
                |   Service     |                       \
                |   Provider    |                        | Service
                |    Router     |                        | Provider
                +-------+-------+                        | network
                        |                               /
                        | Customer                     /
                        | Internet connection         /
                        |
                 +------+--------+                    \
                 |     IPv6      |                     \
                 | Customer Edge |                      \
                 |    Router     |                      /
                 +------+--------+                     /
                        |                             | End-User
          Local Network |                             | network(s)
               ---+-----+-------+---                   \
                  |             |                       \
             +----+-----+ +-----+----+                   \
             |IPv6 Host | |IPv6 Host |                   /
             |          | |          |                  /
             +----------+ +-----+----+                 /

                                 Figure 1

   Figure 2 shows another network that now introduces multiple local
   area networks.  These may be needed for reasons relating to different
   link layer technology or for policy reasons.  Note that a common
   arrangement is to have different link types supported on the same
   router, bridged together.  For the purposes of this memo and IP layer
   operation this arrangement is considered equivalent to the topology
   in Figure 1.  This topology is also relatively well understood today
   [RFC6204], though it certainly presents additional demands with
   regards suitable firewall policies and limits the operation of
   certain applications and discovery mechanisms.
















Arkko & Townsley         Expires January 6, 2012                [Page 6]


Internet-Draft            IPv6 Home Networking                 July 2011


                      +-------+-------+                    \
                      |   Service     |                     \
                      |   Provider    |                      | Service
                      |    Router     |                      | Provider
                      +------+--------+                      | network
                             |                              /
                             | Customer                    /
                             | Internet connection        /
                             |
                      +------+--------+                     \
                      |     IPv6      |                      \
                      | Customer Edge |                       \
                      |    Router     |                       /
                      +----+-------+--+                      /
           Network A       |       |   Network B            | End-User
     ---+-------------+----+-    --+--+-------------+---    | network(s)
        |             |               |             |        \
   +----+-----+ +-----+----+     +----+-----+ +-----+----+    \
   |IPv6 Host | |IPv6 Host |     | IPv6 Host| |IPv6 Host |    /
   |          | |          |     |          | |          |   /
   +----------+ +-----+----+     +----------+ +----------+  /

                                 Figure 2

   ...

   Figure 3 shows a little bit more complex network with two routers and
   eight devices connected to one ISP.  This network is similar to the
   one discussed in [I-D.ietf-v6ops-ipv6-cpe-router-bis].  The main
   complication in this topology compared to the ones described earlier
   is that there is no longer a single router that a priori understand
   the entire topology.  The topology itself may also be complex, it may
   not be possible to assume a pure tree form, for instance.


















Arkko & Townsley         Expires January 6, 2012                [Page 7]


Internet-Draft            IPv6 Home Networking                 July 2011


                     +-------+-------+                     \
                     |   Service     |                      \
                     |   Provider    |                       | Service
                     |    Router     |                       | Provider
                     +-------+-------+                       | network
                             |                              /
                             | Customer                    /
                             | Internet connection
                             |
                      +------+--------+                    \
                      |     IPv6      |                     \
                      | Customer Edge |                      \
                      |    Router     |                      |
                      +----+-+---+----+                      |
          Network A        | |   |      Network B/E          |
    ----+-------------+----+ |   +---+-------------+------+  |
        |             |    | |       |             |      |  |
   +----+-----+ +-----+----+ |  +----+-----+ +-----+----+ |  |
   |IPv6 Host | |IPv6 Host | |  | IPv6 Host| |IPv6 Host | |  |
   |          | |          | |  |          | |          | |  |
   +----------+ +-----+----+ |  +----------+ +----------+ |  |
                             |        |             |     |  |
                             |     ---+------+------+-----+  |
                             |               | Network B/E   |
                      +------+--------+      |               | End-User
                      |     IPv6      |      |               | networks
                      |   Interior    +------+               |
                      |    Router     |                      |
                      +---+-------+-+-+                      |
          Network C       |       |   Network D              |
    ----+-------------+---+-    --+---+-------------+---     |
        |             |               |             |        |
   +----+-----+ +-----+----+     +----+-----+ +-----+----+   |
   |IPv6 Host | |IPv6 Host |     | IPv6 Host| |IPv6 Host |   |
   |          | |          |     |          | |          |   /
   +----------+ +-----+----+     +----------+ +----------+  /

                                 Figure 3

3.1.  Requirements

   [RFC6204] defines "Basic" requirements for IPv6 Customer Edge
   Routers, while [I-D.ietf-v6ops-ipv6-cpe-router-bis] describes
   "advanced" features.  In general, home network equipment needs to
   cope with different types of network topologies discussed above.
   Manual configuration is rarely, if at all, possible.  The equipment
   needs to be prepared to handle at least




Arkko & Townsley         Expires January 6, 2012                [Page 8]


Internet-Draft            IPv6 Home Networking                 July 2011


   o  prefix configuration for routers

   o  managing routing

   o  name resolution

   o  service discovery

   o  network security

   Additional requirements may stem from support for multi-homing or
   multiple exit routers [I-D.baker-fun-multi-router].

3.2.  Principles

   There is little that the Internet standards community can do about
   the physical topologies or the need for some networks to be separated
   at the network layer for policy or link layer compatibility reasons.
   However, there is a lot of flexibility in using IP addressing and
   internetworking mechanisms.  It would be desirable to provide some
   guidance on how this flexibility should be used to provide the best
   user experience and ensure that the network can evolve with new
   applications in the future.

   The authors believe that the following principles guide us in
   designing these networks in the correct manner:

   Largest Possible Subnets

      As part of the self-organization of the netowrk, the network
      should subdivide itself to the largest possible subnets that can
      be constructed with the constraints of link layer mechanisms,
      bridging, physical connectivity, and policy.  For instance,
      separate subnetworks are necessary where two different links
      cannot be bridged, or when a policy requires the separation of a
      private and visitor parts of the network.

   Transparent End-to-End Communications

      An IPv6-based home network architecture should naturally offer a
      transparent end-to-end communications model.  Each device should
      be addressable by a unique address.  Security perimeters can of
      course restrict the end-to-end communications, but it is much
      easier to block certain nodes from communicating than it is to re-
      enable nodes to communicate if they have been hidden behind local
      addressing domains and address translation.





Arkko & Townsley         Expires January 6, 2012                [Page 9]


Internet-Draft            IPv6 Home Networking                 July 2011


   IP Connectivity between All Nodes

      A logical consequence of the end-to-end communications model is
      that the network should attempt to provide IP-layer connectivity
      between all internal parts as well as between the internal parts
      and the Internet.  This connectivity should be established at the
      link layer, if possible, and using routing at the IP layer
      otherwise.

   Self-Organization

      A home network architecture should be naturally self-organizing
      and self-configuring under different circumstances relating to
      connectivity status to the Internet, number of devices, and
      physical topology.

   Least Topology Assumptions

      There should be ideally no built-in assumptions about the topology
      in home networks, as users area capable of connecting their
      devices in ingenious ways.

   Discovery

      The most natural way to think about name and service discovery
      within a home is to enable it to work across the entire residence,
      disregarding technical borders such as subnets but respecting
      policy borders such as those between visitor and internal
      networks.

   Intelligent Policy

      As the Internet continues to evolve, no part of the architecture
      or security design should depend on hardcoding acceptable or
      unacceptable traffic patterns into the devices.  Rather, these
      traffic patterns should be driven off up-to-date databases in the
      Internet.

3.3.  Implementing the Architecture on IPv6

   The necessary mechanisms are largely already part of the IPv6
   protocol set and common implementations.  The few known counter-
   examples are discussed in the following.  For prefix configuration,
   existing protocols are likely sufficient, but may at worst may need
   some small enhancements, such as new options.  For automatic routing,
   it is expected that existing routing protocols can be used as is,
   however, a new mechanism may be needed in order to turn a selected
   protocol on by default.  Support for multiple exit routers and multi-



Arkko & Townsley         Expires January 6, 2012               [Page 10]


Internet-Draft            IPv6 Home Networking                 July 2011


   homing would also require extensions.  For name resolution and
   service discovery, extensions to existing multicast-based name
   resolution protocols are needed to enable them to work across
   subnets.

   The hardest problems in developing solutions for home networking IPv6
   architectures include discovering the right borders where the domain
   "home" ends and the service provider domain begins, deciding whether
   some of necessary discovery mechanism extensions should affect only
   the network infrastructure or also hosts, and the ability to turn on
   routing, prefix delegation and other functions in a backwards
   compatible manner.


4.  References

4.1.  Normative References

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, December 1998.

   [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing
              Architecture", RFC 4291, February 2006.

   [RFC6092]  Woodyatt, J., "Recommended Simple Security Capabilities in
              Customer Premises Equipment (CPE) for Providing
              Residential IPv6 Internet Service", RFC 6092,
              January 2011.

   [RFC6204]  Singh, H., Beebee, W., Donley, C., Stark, B., and O.
              Troan, "Basic Requirements for IPv6 Customer Edge
              Routers", RFC 6204, April 2011.

4.2.  Informative References

   [I-D.baker-fun-multi-router]
              Baker, F., "Exploring the multi-router SOHO network",
              draft-baker-fun-multi-router-00 (work in progress),
              July 2011.

   [I-D.baker-fun-routing-class]
              Baker, F., "Routing a Traffic Class",
              draft-baker-fun-routing-class-00 (work in progress),
              July 2011.

   [I-D.herbst-v6ops-cpeenhancements]
              Herbst, T. and D. Sturek, "CPE Considerations in IPv6
              Deployments", draft-herbst-v6ops-cpeenhancements-00 (work



Arkko & Townsley         Expires January 6, 2012               [Page 11]


Internet-Draft            IPv6 Home Networking                 July 2011


              in progress), October 2010.

   [I-D.vyncke-advanced-ipv6-security]
              Vyncke, E. and M. Townsley, "Advanced Security for IPv6
              CPE", draft-vyncke-advanced-ipv6-security-01 (work in
              progress), March 2010.

   [I-D.ietf-v6ops-ipv6-cpe-router-bis]
              Singh, H., Beebee, W., Donley, C., Stark, B., and O.
              Troan, "Advanced Requirements for IPv6 Customer Edge
              Routers", draft-ietf-v6ops-ipv6-cpe-router-bis-00 (work in
              progress), March 2011.


Appendix A.  Acknowledgments

   The authors would like to thank to Stuart Cheshire, James Woodyatt,
   Ole Troan, Lars Eggert, Ray Bellis, David Harrington, Wassim Haddad,
   Heather Kirksey, Dave Thaler, Fred Baker, and Ralph Droms for
   interesting discussions in this problem space.


Authors' Addresses

   Jari Arkko
   Ericsson
   Jorvas  02420
   Finland

   Email: jari.arkko@piuha.net


   Mark Townsley
   Cisco
   Paris  75006
   France

   Email: townsley@cisco.com













Arkko & Townsley         Expires January 6, 2012               [Page 12]


Html markup produced by rfcmarkup 1.120, available from https://tools.ietf.org/tools/rfcmarkup/