[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Nits]

Versions: 00

Network Working Group                                           F. Baker
Internet-Draft                                             Cisco Systems
Intended status: Informational                              July 1, 2011
Expires: January 2, 2012

                Exploring the multi-router SOHO network


   This note explores the ramifications of a multi-router or multihomed
   small network, such as a residential or SOHO network.


   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [RFC2119].

   For clarity, in this document the word "may" is distinguished from
   "MAY".  Consistent with [RFC2119], "MAY" refers to permission -
   something MAY or MAY NOT be done within a context.  The word "may"
   refers to possibility; it is possible and correct for something to

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 2, 2012.

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Baker                    Expires January 2, 2012                [Page 1]

Internet-Draft   Exploring the multi-router SOHO network       July 2011

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Definitions  . . . . . . . . . . . . . . . . . . . . . . .  3
     1.2.  Use Cases  . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.  Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7
     2.1.  Routing in a small network . . . . . . . . . . . . . . . .  7
     2.2.  Assigning Subnet Numbers . . . . . . . . . . . . . . . . .  8
   3.  Possible Requirements  . . . . . . . . . . . . . . . . . . . .  9
     3.1.  Source/Destination Routing . . . . . . . . . . . . . . . .  9
     3.2.  Subnet assignment  . . . . . . . . . . . . . . . . . . . .  9
     3.3.  Recommended upstream route . . . . . . . . . . . . . . . . 10
   4.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 10
     5.1.  Privacy Considerations . . . . . . . . . . . . . . . . . . 10
   6.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
   7.  Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . 11
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
     8.1.  Normative References . . . . . . . . . . . . . . . . . . . 11
     8.2.  Informative References . . . . . . . . . . . . . . . . . . 11
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 12

Baker                    Expires January 2, 2012                [Page 2]

Internet-Draft   Exploring the multi-router SOHO network       July 2011

1.  Introduction

   This note explores the ramifications of a multi-router or multihomed
   small network, such as a residential or SOHO network.  It has
   relevance to the IETF CPE Router discussion in the IPv6 Operations
   Working Group, numbering and renumbering in the "renum" effort, and
   scoping of the "fun" effort.

   Much of the commentary in this draft applies equally to IPv4
   [RFC0791] or IPv6 [RFC2460].  As such, the protocol will simply be
   called "IP" unless there is a reason to distinguish.  References will
   be IPv6-related unless there is a reason for an IPv4-specific

1.1.  Definitions

   I don't think I'm introducing new terms, but let me state the
   definitions of the terms I'm using for clarity.

   LAN:  A Local Area Network (LAN) is a network of link layer
      interfaces that can directly communicate without the use of a
      router.  Example of LANs include IEEE 802.3 Ethernet, IEEE 802.11
      WiFi, and IEEE 802.15.1 and IEEE 802.15.4 WPANs.

   Subnet:  A Subnet is a set of IP interfaces connected by a LAN.  It
      by definition has a prefix, which serves as a locator in routing.
      Multiple subnets may use the same LAN, and the membership of those
      subnets may or may not be congruent.

   LAN Switch:  A LAN switch connects different physical media (wired or
      wireless) in a LAN, switching packets to make them appear to be a
      single LAN from the perspective of the systems attached to it.

   Host:  With respect to a given subnet, a host is a system that has an
      address in it and may originate traffic using that address, but
      does not switch packets between it and other subnets.  See

   Router:  With respect to a given subnet, a router is a system that
      has an address in it, may originate traffic using that address,
      and additionally switches packets between it and other subnets.
      See [RFC2460].

   CPE Router:  The Customer Premises Equipment (CPE) Router is the
      router on the customer premises that connects it to another
      network.  The term is often used in the context of a Managed
      Service, which is a service in which an upstream network own and
      operates the router.  In residential broadband networks, it is

Baker                    Expires January 2, 2012                [Page 3]

Internet-Draft   Exploring the multi-router SOHO network       July 2011

      more common for the customer to own the router.  For the purposes
      of this document, the term "CPE" simply means that it is on the
      customer's premises.

1.2.  Use Cases

   The Basic Requirements for IPv6 Customer Edge Routers [RFC6204]
   postulate a very simple network: a single router connecting a single
   subnet to a single upstream ISP.  In general, one would expect that
   router to also implement a simple firewall implementing the
   Recommended Simple Security Capabilities [RFC6092].

   However, it is common, and in the future perhaps normal, for
   residential and SOHO networks to be more complex, with separate
   domains for

   o  domain-wide wired and/or wireless LANs with IP subnets,

   o  offices with differing corporate security requirements for the

   o  networks with different PHY/MAC layers supporting the Smart Grid
      HAN or medical telemetry, and

   o  networks for entertainment such as home-wide audio systems or high
      definition TV.

   In addition, there is evidence that individual residences are likely
   to be multihomed, in the sense of having multiple upstream networks.
   There are at least three obvious cases:

   o  One obvious case is a home using traditional broadband (DSL or
      Cable Modem) and additionally using 3GPP or LTE as an upstream.

   o  Another is a home equipped with a Smart Grid Energy Services
      Interface (ESI); such a home could be assigned a prefix by the
      utility for use in communications through the Advanced Metering
      Infrastructure (AMI).  This is not an "ISP" in the usual sense of
      the term, as it provides limited services and only communicates to
      the relevant utility.  It is, however, an "upstream" network in
      the sense that it allocates a prefix to the home and provides
      services for hire.

   o  A third, which has been proposed in Japan, is a Content Delivery
      Network (CDN) that delivers entertainment via IP, and allocates a
      prefix to the home for communication with it.  Again, this is not
      an "ISP" in the usual sense of the term, as it provides limited
      services and only communicates to the CDN servers.  It is,

Baker                    Expires January 2, 2012                [Page 4]

Internet-Draft   Exploring the multi-router SOHO network       July 2011

      however, an "upstream" network in the sense that it allocates a
      prefix to the home and provides services for hire.

   As such services are deployed, it is reasonable to expect that the
   typical residence or SOHO will be multihomed.

   If one takes [RFC6204]'s view of such a network, one gets a picture
   something like Figure 1 (in that picture, consider "ISP" to be a
   generalized upstream network, not specifically one that delivers
   Internet access as a service).  From the perspective of some, this
   would be a wireless LAN, or at most a wired LAN and a wireless LAN
   bridged together.

               ---.       +--------+     | HAN Sensors, ESI,.
                   \      |        |     |
               ISP1 )-----+        |     | Medical Sensors, .
                   /      |        |     |
               ---'       | CPE    |     | Office Equipment
                          | Router +-----+
               ---.       |        |     | A/V Equipment
                   \      |        |     |
               ISP2 )-----+        |     |
                   /      |        |     |
               ---'       +--------+     |
                                   LAN   |

               Figure 1: Single router multihomed residence

   The model in Figure 1 has some obvious problems, however.  Cisco
   Systems, for example, requires that telecommuter's offices have a
   security guard (firewall or separate Internet access) between the
   office and the home.  There are known cases in which husband and wife
   or roommates each work for different companies and each company has
   such an information security guideline.  In addition, especially with
   a single SSID 802.11 implementation, one could readily imagine HD TV
   crowding out other uses, or BitTorrent crowding out the A/V uses.
   Separating the uses into separate LANs for manageability and service
   isolation, and especially with the Smart Grid's Home Area Network
   having a different physical interface (IEEE 802.15.4 being a
   prominent option), such a network begins to look like Figure 2.

Baker                    Expires January 2, 2012                [Page 5]

Internet-Draft   Exploring the multi-router SOHO network       July 2011

                           +--------+  HAN Sensors, ESI,...
                           |        +------------------
                           |        |
                ---.       |        |  Medical Sensors, ...
                    \      |        +------------------
                ISP1 )-----+        |
                    /      |        |  Office Equipment
                ---'       | CPE    +------------------
                           | Router |
                ---.       |        |  Office Equipment
                    \      |        +------------------
                ISP2 )-----+        |
                    /      |        |  A/V Equipment
                ---'       |        +------------------
                           |        |
                           |        |  SOHO-wide LAN
                           |        +------------------

                  Figure 2: Single router multihomed SOHO

   Modulo the 802.15.4 interface, such routers exist today, providing
   multiple 802.3 and 802.11 LANs and routing between their subnets.
   However, such a router begins to look like the IT counterpart to a
   Swiss Army knife, and networks are constrained by their interface
   count and type.  An alternative would be to build the network out of
   two-port routers, as in Figure 3.

Baker                    Expires January 2, 2012                [Page 6]

Internet-Draft   Exploring the multi-router SOHO network       July 2011

                               |  +------+
                               +--+HAN   |  HAN Sensors, ESI,...
                               |  |Router+-------------------
                               |  +------+
           ---.       +------+ | +-------+
               \      |CPE   +-+ |Medical|  Medical Sensors, ...
           ISP1 )-----+Router| +-+Router +-------------------
               /      +------+ | +-------+
           ---'                | +---------+
                               | |Office #1| Office Equipment
           ---.       +------+ +-+FW/Router+-----------------
               \      |CPE   +-+ +---------+
           ISP2 )-----+Router| | +---------+
               /      +------+ | |Office #2| Office Equipment
           ---'                +-+FW/Router+-----------------
                               | +---------+
                               | +----------+
                      SOHO-wide+-+A/V Domain| A/V Equipment
                         LAN   | |Router    +----------------
                               | +----------+

                 Figure 3: Multiple router multihomed SOHO

   Reality is probably somewhere in the middle - some multiport routers
   and some two-port routers, depending on the application.

2.  Issues

   Three obvious questions arise in such networks:

   o  How does routing, including routing between interior routers and
      to exit routers, actually work?  What features are needed?

   o  How does the network identify and number its subnets?

2.1.  Routing in a small network

   A brief analysis of the advertised features of commercial residential
   routers - products designed for use by the uninitiated in their homes
   - found that almost without exception, they support RIP Version 2
   [RFC2453].  At least one was found that supports RIP Version 1
   [RFC1058], and one that supports OSPF Version 2 [RFC2328].  By
   analogy, it seems rational to expect residential and SOHO routers for
   IPv6 to support RIPng [RFC2080], and possibly OSPF [RFC5340].

   The issues in distance vector routing, which are discussed in some
   detail in [RFC1058], primarily relate to bogus information that has

Baker                    Expires January 2, 2012                [Page 7]

Internet-Draft   Exploring the multi-router SOHO network       July 2011

   not been removed from the routing system, especially during a "count
   to infinity" event.  Such events happen in networks that have
   parallel connectivity, which is usually implemented for robustness.
   The network in Figure 3 does not have parallel paths, and so would be
   unlikely to have that issue.  More generally, an outage in a small
   network would likely result in the network administrator resetting
   the router in question.  So RIPng should be adequate for the purpose.

   Another issue that arises, however, has to do with upstream Ingress
   Filtering [RFC2827].  In a network with a router per upstream
   network, one would really like to direct traffic intended for a
   specific upstream network to the correct router.  If hosts select the
   correct source address using [I-D.ietf-6man-rfc3484-revise],
   [RFC3704] addresses that in part by suggesting that such routers
   redirect traffic to each other; a better approach would be to have a
   routing protocol that looks at {source, destination} address pairs
   and routes traffic to the appropriate exit.

2.2.  Assigning Subnet Numbers

   In order for an upstream network such as an ISP or utility to assign
   a prefix to a small network, the CPE router must support DHCPv6
   [RFC3315] and its IPv6 Prefix Options [RFC3633].  This enables the
   CPE Router to obtain a prefix from its upstream network, be it an
   ISP, a content delivery service, or a utility, and begin to use it.

   If, for example, an ISP allocated a global prefix to the CPE, one
   would expect the CPE to allocate a default unicast route (in IPv6, a
   route to 2000::/3, which is to say "all unicast addresses", as
   opposed to ::/0, which would include link-local addresses, ULAs, and
   multicast traffic) toward the ISP.  In the more limited cases of a
   CDN or utility, it may be appropriate for the upstream prefix to be
   more limited - it might recommend an upstream route to exactly the
   CDN service, or the address of a single anycast server/service.

   Within the small network, one would also hope for a way to assign
   subnet numbers; as others have suggested, this could build on the
   same capability as in [RFC3633].  If the CPE router has a prefix
   shorter than /64, other routers within the domain could ask it for
   /64s and have them assigned by the same mechanism.  A hand-wave
   description would have any small-network router

   1.  Come up as a host on each interface, emitting an RS and awaiting
       an RA from another router.  On any interface that calculates its
       address using SLAAC, one would expect the router to use the same
       prefix(es) that it learned.

Baker                    Expires January 2, 2012                [Page 8]

Internet-Draft   Exploring the multi-router SOHO network       July 2011

   2.  If no address is allocated on an interface via SLAAC within some
       interval, perhaps sixty microfortnights, the router could request
       a prefix using the mechanisms in [RFC3315] and [RFC3633].  For
       the ISP-facing CPE Router, this would result in a prefix shorter
       than /64; within the domain, it should result in a /64.  In the
       ISP-facing case, one would expect the router to allocate a /64 to
       each of its non-ISP-facing interfaces and immediately emitting an
       RA; routers in those subnets would then create addresses using

   3.  If an additional interval of (perhaps) sixty microfortnights
       elapses, and the router has an IPv6 address on one or more of its
       interfaces, one could imagine the router requesting a new /64 on
       one of its addressed interfaces and assigning it to an un-
       addressed interface.

   This procedure has an obvious race condition: if there are two
   routers on the same LAN, they could both request a prefix and
   simultaneously apply it.  While not incorrect (IPv6 allows for
   multiple subnets on a LAN), it is inefficient.  Two obvious
   mechanisms exist to counter this.  If an SPF-based protocol such as
   OSPF or IS-IS is in use, and only the designated router requests a
   prefix, there will be a minimum number of subnets on the LAN.
   Alternatively, if the DHCPv6 server allocates prefixes with some non-
   trivial inter-assignment interval, the LANs should similarly have a
   minimum number of subnets.

3.  Possible Requirements

   As the document is written, various possible requirements have popped
   up.  These include at least the following.

3.1.  Source/Destination Routing

   Section 2.1 notes that it would be nice to have a routing protocol
   that steered traffic toward an appropriate exit.  Stated generally,
   it would be nice to have a routing protocol that could generate
   routes *from* a source *to* a destination, as opposed to being simply
   *to* a destination.

3.2.  Subnet assignment

   A subnet assignment procedure such as described in Section 2.2 is
   needed.  That section shows a "hand-wavy" mechanism, but the
   mechanism needs to be worked out in detail.

Baker                    Expires January 2, 2012                [Page 9]

Internet-Draft   Exploring the multi-router SOHO network       July 2011

3.3.  Recommended upstream route

   Section 2.2 notes that it would be nice to have a way for the
   upstream network that provides a prefix to a customer also be able to
   give it a recommended upstream route.  One obvious solution would be
   a DHCPv6 option that indicated some number of tuples, each consisting

   o  A source prefix (which could be ::/0, the prefix assigned to the
      small network, or something else)

   o  A destination prefix (which could be ::/0, 2000::/3, or a more
      specific appropriate to the service such as an anycast address or
      a data center prefix for a specific service offered by the ISP)

   o  A set of DSCP values, which could be "any" or any more specific

   o  One or more next hop router addresses

   If source/destination routing is implemented as described in
   Section 3.1, it might want to be able to specify that such datagrams
   must come *from* the prefix it assigned to the network.  This could
   be implemented using a routing protocol, but that is a big change to
   the way residential broadband networks usually work; a more
   acceptable approach may be a DHCPv6 option.

4.  IANA Considerations

   This memo asks the IANA for no new parameters.

   Note to RFC Editor: This section will have served its purpose if it
   correctly tells IANA that no new assignments or registries are
   required, or if those assignments or registries are created during
   the RFC publication process.  From the author"s perspective, it may
   therefore be removed upon publication as an RFC at the RFC Editor"s

5.  Security Considerations

5.1.  Privacy Considerations

Baker                    Expires January 2, 2012               [Page 10]

Internet-Draft   Exploring the multi-router SOHO network       July 2011

6.  Acknowledgements

7.  Change Log

   Initial Version:  17 June 2011

8.  References

8.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, December 1998.

8.2.  Informative References

              Matsumoto, A., Kato, J., and T. Fujisaki, "Update to RFC
              3484 Default Address Selection for IPv6",
              draft-ietf-6man-rfc3484-revise-01 (work in progress),
              October 2010.

   [RFC0791]  Postel, J., "Internet Protocol", STD 5, RFC 791,
              September 1981.

   [RFC1058]  Hedrick, C., "Routing Information Protocol", RFC 1058,
              June 1988.

   [RFC2080]  Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080,
              January 1997.

   [RFC2328]  Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998.

   [RFC2453]  Malkin, G., "RIP Version 2", STD 56, RFC 2453,
              November 1998.

   [RFC2827]  Ferguson, P. and D. Senie, "Network Ingress Filtering:
              Defeating Denial of Service Attacks which employ IP Source
              Address Spoofing", BCP 38, RFC 2827, May 2000.

   [RFC3315]  Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
              and M. Carney, "Dynamic Host Configuration Protocol for
              IPv6 (DHCPv6)", RFC 3315, July 2003.

Baker                    Expires January 2, 2012               [Page 11]

Internet-Draft   Exploring the multi-router SOHO network       July 2011

   [RFC3633]  Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
              Host Configuration Protocol (DHCP) version 6", RFC 3633,
              December 2003.

   [RFC3704]  Baker, F. and P. Savola, "Ingress Filtering for Multihomed
              Networks", BCP 84, RFC 3704, March 2004.

   [RFC5340]  Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
              for IPv6", RFC 5340, July 2008.

   [RFC6092]  Woodyatt, J., "Recommended Simple Security Capabilities in
              Customer Premises Equipment (CPE) for Providing
              Residential IPv6 Internet Service", RFC 6092,
              January 2011.

   [RFC6204]  Singh, H., Beebee, W., Donley, C., Stark, B., and O.
              Troan, "Basic Requirements for IPv6 Customer Edge
              Routers", RFC 6204, April 2011.

Author's Address

   Fred Baker
   Cisco Systems
   Santa Barbara, California  93117

   Email: fred@cisco.com

Baker                    Expires January 2, 2012               [Page 12]

Html markup produced by rfcmarkup 1.129b, available from https://tools.ietf.org/tools/rfcmarkup/