[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 06 07 08

6man Working Group                                           S. Krishnan
Internet-Draft                                               A. Kavanagh
Intended status: Standards Track                                Ericsson
Expires: February 25, 2011                                      S. Ooghe
                                                          Alcatel-Lucent
                                                                B. Varga
                                                          Magyar Telekom
                                                             E. Nordmark
                                                                  Oracle
                                                         August 24, 2010


        Line identification in IPv6 Router Solicitation messages
                     draft-krishnan-6man-rs-mark-07

Abstract

   In Ethernet and GPON based aggregation networks, several subscriber
   premises may be logically connected to the same interface of an edge
   router.  This document proposes a method for the edge router to
   identify the subscriber premises using the contents of the received
   Router Solicitation messages.  The applicability is limited to the
   N:1 VLAN allocation model.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on February 25, 2011.

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents



Krishnan, et al.        Expires February 25, 2011               [Page 1]


Internet-Draft          Line Identification in RS            August 2010


   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  4
     1.2.  Conventions used in this document  . . . . . . . . . . . .  5
   2.  Issues with identifying the subscriber in an N:1 VLAN model  .  6
   3.  Applicability  . . . . . . . . . . . . . . . . . . . . . . . .  6
   4.  Basic operation  . . . . . . . . . . . . . . . . . . . . . . .  6
   5.  Access Node Behavior . . . . . . . . . . . . . . . . . . . . .  6
     5.1.  On receiving a Router Solicitation from the end-device . .  7
     5.2.  On receiving a Router Advertisement from the Edge
           Router . . . . . . . . . . . . . . . . . . . . . . . . . .  7
   6.  Edge Router Behavior . . . . . . . . . . . . . . . . . . . . .  7
     6.1.  On receiving a Router Solicitation from the Access Node  .  7
     6.2.  On sending a Router Advertisement towards the
           end-device . . . . . . . . . . . . . . . . . . . . . . . .  8
   7.  Line Identification Option . . . . . . . . . . . . . . . . . .  8
   8.  Interactions with Secure Neighbor Discovery  . . . . . . . . .  9
   9.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  9
   10. Security Considerations  . . . . . . . . . . . . . . . . . . . 10
   11. IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
   12. Normative References . . . . . . . . . . . . . . . . . . . . . 10
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11



















Krishnan, et al.        Expires February 25, 2011               [Page 2]


Internet-Draft          Line Identification in RS            August 2010


1.  Introduction

   DSL is a widely deployed access technology for Broadband Access for
   Next Generation Networks.  While traditionally DSL access networks
   were PPP based some networks are migrating from the traditional PPP
   access model into a pure IP-based Ethernet aggregated access
   environment.  Architectural and topological models of an Ethernet
   aggregation network in context of DSL aggregation are described in
   [TR101].


   +----+   +----+    +----------+
   |Host|---| RG |----|          |
   +----+   +----+    |          |
                      |    AN    |\
   +----+   +----+    |          | \
   |Host|---| RG |----|          |  \
   +----+   +----+    +----------+   \                    +----------+
                                      \                   |          |
                                    +-------------+       |          |
                                    | Aggregation |       |  Edge    |
                                    |   Network   |-------|  Router  |
                                    +-------------+       |          |
                                      /                   |          |
                      +----------+   /                    +----------+
                      |          |  /
   +----+   +----+    |          | /
   |Host|---| RG |----|    AN    |/
   +----+   +----+    |          |
                      |          |
                      +----------+


              Figure 1: Broadband Forum Network Architecture

   One of the Ethernet and GPON aggregation models specified in this
   document bridges sessions from multiple user ports behind a DSL
   Access Node (AN), also referred to as a DSLAM, into a single VLAN in
   the aggregation network.  This is called the N:1 VLAN allocation
   model.











Krishnan, et al.        Expires February 25, 2011               [Page 3]


Internet-Draft          Line Identification in RS            August 2010


   +----------+
   |          |
   |          |
   |    AN    |\
   |          | \
   |          |  \ VLANx
   +----------+   \                    +----------+
                   \                   |          |
                 +-------------+       |          |
                 | Aggregation | VLANx |  Edge    |
                 |   Network   |-------|  Router  |
                 +-------------+       |          |
                   /                   |          |
   +----------+   /                    +----------+
   |          |  / VLANx
   |          | /
   |    AN    |/
   |          |
   |          |
   +----------+

                         Figure 2: n:1 VLAN model

1.1.  Terminology

   1:1 VLAN                  It is a broadband network deployment
                             scenario where each user port is mapped to
                             a different VLAN on the Edge Router.  The
                             uniqueness of the mapping is maintained in
                             the Access Node and across the Aggregation
                             Network.
   N:1 VLAN                  It is a broadband network deployment
                             scenario where multiple user ports are
                             mapped to the same VLAN on the Edge Router.
                             The user ports may be located in the same
                             or different Access Nodes.
   AN                        A DSL or GPON Access Node.  The Access Node
                             terminates the phyiscal layer (e.g.  DSL
                             termination function or GPON termination
                             function), may physically aggregate other
                             nodes implementing such functionality, or
                             may perform both functions at the same
                             time.  This node contains at least one
                             standard Ethernet interface that serves as
                             its "northbound" interface into which it
                             aggregates traffic from several user ports
                             or Ethernet-based "southbound" interfaces.
                             It does not implement an IPv6 stack but



Krishnan, et al.        Expires February 25, 2011               [Page 4]


Internet-Draft          Line Identification in RS            August 2010


                             performs some limited inspection of IPv6
                             packets.
   Aggregation Network       The part of the network stretching from the
                             Access Nodes to the Edge Router.  In the
                             context of this document the aggregation
                             network is considered to be Ethernet based,
                             providing standard Ethernet interfaces at
                             the edges, for connecting the Access Nodes
                             and Broadband Network.  It is comprised of
                             ethernet switches that provide very limited
                             IP functionality (e.g.  IGMP snooping, MLD
                             snooping etc.).
   Edge Router               The Edge Router, also known as the
                             Broadband Network Gateway (BNG) is the
                             first IPv6 hop for the user.  In the cases
                             where the RG is bridged, the BNG acts as
                             the default router for the hosts behind the
                             RG.  In cases where the RG is routed, the
                             BNG acts as the default router for the RG
                             itself.  This node implements IPv6 router
                             functionality.
   GPON                      Gigabit-capable Passive Optical Network is
                             an optical access network that has been
                             introduced into the Broadband Forum
                             architecture in [TR156]
   Host                      A node that implements IPv6 host
                             functionality.
   RG                        A residential gateway device.  It can be a
                             Layer 3 (routed) device similar to one
                             specified in or a Layer 2 (bridged) device.
                             The residential gateway for Broadband Forum
                             networks is defined in [TR124]
   End-device                A node that sends Router Solicitations and
                             processes received Router Advertisements.
                             When a Layer 3 RG is used it is considered
                             an end-device in the context of this
                             document.  When a Layer 2 RG is used, the
                             host behind the RG is considered to be an
                             end-device in the context of this document.

1.2.  Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL","SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].






Krishnan, et al.        Expires February 25, 2011               [Page 5]


Internet-Draft          Line Identification in RS            August 2010


2.  Issues with identifying the subscriber in an N:1 VLAN model

   In a DSL or GPON based fixed Broadband Network, IPv6 end-devices are
   connected to an Access Node (AN).  These end-devices today will
   typically send a Router Solicitation Message to the Edge Router, to
   which the Edge Router responds with a Router Advertisement message.
   The Router Advertisement typically contains a prefix that the end-
   devices will use to automatically configure an IPv6 Address.  Upon
   sending the Router Solicitation message the node connecting the end-
   device on the access circuit, typically an Access Node (AN), would
   forward the RS to the Edge Router upstream over a switched network.
   However, in such Ethernet-based aggregation networks, several
   subscriber premises may be connected to the same interface of an edge
   router (e.g. on the same VLAN).  However, the edge router requires
   some information to identify the end-device on the circuit line the
   end-device is connected on.  To accomplish this, the AN needs to add
   line identification information to the Router Solicitation message
   and forward this to the Edge Router.  This is analogous to the case
   where DHCP is being used, and the line identification information is
   inserted by a DHCP relay agent.  This document proposes a method for
   the edge router to identify the subscriber premises using the
   contents of the received Router Solicitation messages.


3.  Applicability

   The line identification option is intended to be used only for the
   N:1 VLAN deployment model.  For the other VLAN deployment models
   there is no need to carry line identification.


4.  Basic operation

   This document recommends tunneling Neighbor discovery packets inside
   another IPv6 packet that uses a destination option to convey line
   identification information.  The Neighbor discovery packets initiated
   by the end-device are left unmodified inside the encapsulating IPv6
   packet.  In particular, the Hop Limit field of the ND message is not
   decremented when the packet is being tunneled.  This is because ND
   messages whose Hop Limit is not 255 will be discarded by the receiver
   of such messages.


5.  Access Node Behavior







Krishnan, et al.        Expires February 25, 2011               [Page 6]


Internet-Draft          Line Identification in RS            August 2010


5.1.  On receiving a Router Solicitation from the end-device

   When an end-device sends out a Router Solicitation, it is received by
   the access node.  The AN then tunnels the received Router
   Solicitation in a newly created IPv6 datagram with the Link
   Identification Option (LIO).  The AN forms a new IPv6 datagram whose
   payload is the received Router Solicitation message as described in
   [RFC2473] except that the Hop Limit field of the Router Solicitation
   message MUST NOT be decremented.  If the AN has an IPv6 address, it
   SHOULD use this address in the Source Address field of the outer IPv6
   datagram.  Otherwise it MUST use the unspecified address as the
   Source Address of the outer IPv6 datagram.  The destination address
   of the outer IPv6 datagram MUST be copied from the destination
   address of the tunneled RS.  The AN MUST insert a destination options
   header between the outer IPv6 header and the payload.  It MUST insert
   a LIO destination option and set the line identification field of the
   option to contain the circuit identifier corresponding to the logical
   access loop port of the Access Node from which the RS was initiated.
   It MUST also insert the hardware address of the client (from the
   source hardware address of the RS) into the client hardware address
   field of the option.

5.2.  On receiving a Router Advertisement from the Edge Router

   Since the Router Advertisements are unicasted by the edge router
   towards the end-devices the access node does not need to intercept
   the downstream Router Advertisements.


6.  Edge Router Behavior

6.1.  On receiving a Router Solicitation from the Access Node

   When the edge router receives a tunneled Router Solicitation
   forwarded by the access node, it needs to check if there is an LIO
   destination option present in the outer datagram.  If an LIO option
   is present, the edge router MUST verify that the Option Length field
   of this option is set to ClientHWALen+LineIDLen+2.  If not the edge
   router MUST discard the tunneled Router Solicitation.  The edge
   router can use the contents of the line identification field to
   lookup the addressing information and policy that need to be applied
   to the line from which the Router Solicitation was received.  The
   edge router MUST then process the inner RS message as specified in
   [RFC4861]







Krishnan, et al.        Expires February 25, 2011               [Page 7]


Internet-Draft          Line Identification in RS            August 2010


6.2.  On sending a Router Advertisement towards the end-device

   When the edge router sends out a Router Advertisement in response to
   a tunneled RS that included an LIO option, it MUST unicast the RA at
   layer 2 back to the sender of the RS.  If the source address of the
   RS was the unspecified address, then the IPv6 destination address of
   the RA MUST be set to the all-nodes multicast address, other wise the
   IPv6 destination address is copied from the inner IPv6 source address
   of the Router Soliciation.  In both cases the link-layer destination
   address MUST be set to the unicast link-layer address which is in
   Client Hardware Address field in the LIO.


7.  Line Identification Option

   The Line Identification Option (LIO) is a destination option that can
   be included in IPv6 datagrams that tunnel Router Solicitation and
   Router Advertisement messages.  Multiple Line Identification options
   MUST NOT be present in the same IPv6 datagram.  The LIO has an
   alignment requirement of (none).

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                                   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
                                   |  Option Type  | Option Length |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   LineIDLen   |     Line Identification...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | ClientHWALen  |     Client Hardware Address...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                Figure 3: Line Identification Option Layout



















Krishnan, et al.        Expires February 25, 2011               [Page 8]


Internet-Draft          Line Identification in RS            August 2010


    Option Type

       8-bit identifier of the type of option. The option identifier
       for the line identification option will be allocated by the IANA.

    Option Length

       8-bit unsigned integer.  The length of the option (excluding
       the Option Type and Option Length fields). The value  0 is
       considered invalid.

    LineIDLen

       Length of the Line Identification field in number of octets.

    Line Identification

       Variable length data inserted by the Access Node describing the
       subscriber agent circuit identifier corresponding to the logical
       access loop port of the Access Node from which the RS was
       initiated.

    ClientHWALen

       Length of the Client Hardware Address in number of octets.

    Client Hardware Address

       Variable length client hardware address as detected by the
       access node.



8.  Interactions with Secure Neighbor Discovery

   Since the SEND [RFC3971] protected RS/RA packets are not modified in
   anyway by the mechanism described in this document, there are no
   issues with SEND verification.


9.  Acknowledgements

   The authors would like to thank Margaret Wasserman, Mark Townsley,
   David Miles, John Kaippallimalil, Eric Levy-Abegnoli, Thomas Narten,
   Olaf Bonness, Thomas Haag, Wojciech Dec, Brian Haberman, Ole Troan
   and Hemant Singh for reviewing this document and suggesting changes.





Krishnan, et al.        Expires February 25, 2011               [Page 9]


Internet-Draft          Line Identification in RS            August 2010


10.  Security Considerations

   The line identification information inserted by the access node or
   the edge router is not protected.  This means that this option may be
   modified, inserted, or deleted without being detected.  In order to
   ensure validity of the contents of the line identification field, the
   network between the access node and the edge router needs to be
   trusted.


11.  IANA Considerations

   This document defines a new IPv6 destination option for carrying line
   identification.  IANA is requested to assign a new destination option
   type in the Destination Options registry maintained at

   http://www.iana.org/assignments/ipv6-parameters

   <TBA> Line Identification Option [RFCXXXX]

   The act bits for this option need to be 10 and the chg bit needs to
   be 0.


12.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2473]  Conta, A. and S. Deering, "Generic Packet Tunneling in
              IPv6 Specification", RFC 2473, December 1998.

   [RFC3971]  Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure
              Neighbor Discovery (SEND)", RFC 3971, March 2005.

   [RFC4861]  Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
              "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
              September 2007.

   [TR101]    Broadband Forum, "Migration to Ethernet-based DSL
              aggregation", <http://www.broadband-forum.org/technical/
              download/TR-101.pdf>.

   [TR124]    Broadband Forum, "Functional Requirements for Broadband
              Residential Gateway Devices", <http://
              www.broadband-forum.org/technical/download/TR-124.pdf>.

   [TR156]    Broadband Forum, "Using GPON Access in the context of TR-



Krishnan, et al.        Expires February 25, 2011              [Page 10]


Internet-Draft          Line Identification in RS            August 2010


              101", <http://www.broadband-forum.org/technical/download/
              TR-156.pdf>.


Authors' Addresses

   Suresh Krishnan
   Ericsson
   8400 Blvd Decarie
   Town of Mount Royal, Quebec
   Canada

   Email: suresh.krishnan@ericsson.com


   Alan Kavanagh
   Ericsson
   8400 Blvd Decarie
   Town of Mount Royal, Quebec
   Canada

   Email: alan.kavanagh@ericsson.com


   Sven Ooghe
   Alcatel-Lucent
   Copernicuslaan 50
   2018 Antwerp,
   Belgium

   Phone:
   Email: sven.ooghe@alcatel-lucent.com


   Balazs Varga
   Magyar Telekom

   Email: varga.balazs@telekom.hu


   Erik Nordmark
   Oracle
   17 Network Circle
   Menlo Park, CA 94025
   USA

   Email: erik.nordmark@oracle.com




Krishnan, et al.        Expires February 25, 2011              [Page 11]


Html markup produced by rfcmarkup 1.129c, available from https://tools.ietf.org/tools/rfcmarkup/