[Docs] [txt|pdf] [Tracker] [Email] [Nits]

Versions: 00 01 draft-ietf-v6ops-design-choices

V6OPS Working Group                                          P. Matthews
Internet-Draft                                            Alcatel-Lucent
Intended status: Informational                             June 29, 2012
Expires: December 31, 2012


                  Design Guidelines for IPv6 Networks
               draft-matthews-v6ops-design-guidelines-00

Abstract

   This document presents advice on the design choices that arise when
   designing IPv6 networks (both dual-stack and IPv6-only).  The
   intended audience is someone designing an IPv6 network who is
   knowledgeable about best current practices around IPv4 network
   design, and wishes to learn the corresponding practices for IPv6.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on December 31, 2012.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.



Matthews                Expires December 31, 2012               [Page 1]


Internet-Draft     Design Guidelines for IPv6 Networks         June 2012


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  General Observations . . . . . . . . . . . . . . . . . . . . .  3
     2.1.  Link-Local Addresses . . . . . . . . . . . . . . . . . . .  3
     2.2.  Separation of IPv4 and IPv6  . . . . . . . . . . . . . . .  4
   3.  Point-to-Point Links . . . . . . . . . . . . . . . . . . . . .  4
     3.1.  Mix IPv4 and IPv6? . . . . . . . . . . . . . . . . . . . .  4
     3.2.  Addressing?  . . . . . . . . . . . . . . . . . . . . . . .  5
   4.  Static Routing . . . . . . . . . . . . . . . . . . . . . . . .  6
     4.1.  Next-Hop Address?  . . . . . . . . . . . . . . . . . . . .  6
   5.  eBGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  7
     5.1.  One or Two eBGP Sessions?  . . . . . . . . . . . . . . . .  7
     5.2.  eBGP Endpoints: Global or Link-Local Addresses?  . . . . .  7
   6.  iBGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  8
   7.  IS-IS  . . . . . . . . . . . . . . . . . . . . . . . . . . . .  9
   8.  OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  9
   9.  LDP  . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  9
   10. RSVP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  9
   11. IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  9
   12. Security Considerations  . . . . . . . . . . . . . . . . . . .  9
   13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  9
   14. Informative References . . . . . . . . . . . . . . . . . . . .  9
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 10



























Matthews                Expires December 31, 2012               [Page 2]


Internet-Draft     Design Guidelines for IPv6 Networks         June 2012


1.  Introduction

   This document presents advice on the design choices that arise when
   designing IPv6 networks (both dual-stack and IPv6-only).  The
   intended audience is someone designing an IPv6 network who is
   knowledgeable about best current practices around IPv4 network
   design, and wishes to learn the corresponding practices for IPv6.

   The focus of the document is on design choices where there are
   differences between IPv4 and IPv6, either in the range of possible
   alternatives (e.g. the extra possibilities introduced by link-local
   addresses in IPv6) or the recommended alternative.  The document
   presents the alternatives and discusses the pros and cons in detail.
   Where consensus currently exists around the best practice, this is
   documented; otherwise the document simply summarizes the current
   state of the discussion.  Thus this document serves to both to
   document the reasoning behind best current practices for IPv6, and to
   allow a designer to make an intelligent choice where no such
   consensus exists.

   This document does not present advice on strategies for adding IPv6
   to a network, nor does it discuss transition mechanisms.  For advice
   in these areas, see [RFC6180] for general advice,
   [I-D.ietf-v6ops-wireline-incremental-ipv6] for wireline service
   providers, [RFC6342] for mobile network providers, [RFC5963] for
   exchange point operators, [I-D.ietf-v6ops-icp-guidance] for content
   providers, or [RFC4852] for enterprises.

   The current preliminary version of this document focuses on unicast
   network design only.  It does not cover multicast, nor IPv6
   addressing plan development, nor supporting infrastructure such as
   DNS.  Some of these deficiencies may be lifted in future versions.


2.  General Observations

   There are two themes that run though most of the design questions in
   this document.  These themes are so pervasive that it seems
   worthwhile to have a bit of meta discussion on them before
   considering individual cases in the rest of the document.

2.1.  Link-Local Addresses

   The proper use of link-local addresses is a common theme in the IPv6
   network design questions below.  Link-layer addresses are, of course,
   always present in an IPv6 network, but current network design
   practice seems to view them more as a necessary evil rather than as a
   feature to exploited as much as possible.  For the most part, their



Matthews                Expires December 31, 2012               [Page 3]


Internet-Draft     Design Guidelines for IPv6 Networks         June 2012


   presence is ignored in most IPv6 network designs.

   It remains unclear whether they are viewed this way because of
   inherent deficiencies, or are currently viewed this way because today
   most operators need to operate networks that run both IPv4 and IPv6
   and wish to utilize common procedures.

2.2.  Separation of IPv4 and IPv6

   Currently, most operators are running or planning to run networks
   that carry both IPv4 and IPv6 traffic.  Hence the question: To what
   degree should IPv4 and IPv6 be kept separate?  As can be seen above,
   this breaks into two sub-questions: To what degree should IPv4 and
   IPv6 traffic be kept separate, and to what degree should IPv4 and
   IPv6 routing information be kept separate?

   The end user wants Internet or VPN connectivity and often knows
   nothing about IPv4 vs. IPv6.  Thus it is very desirable to mix IPv4
   and IPv6 on the same link to the end user.  On other links,
   separation is possible, but doesn't give a lot of advantages, except
   perhaps ease of measuring traffic volumes.  The situation here is
   roughly comparable to IP and MPLS traffic: many networks mix the two
   traffic types on the same links without issues.

   However, there is more of an argument for carrying IPv6 routing
   information over IPv6 transport, while leaving IPv4 routing
   information on IPv4 transport.  By doing this, one gets fate-sharing
   between the control and data plane for each IP protocol version: if
   the data plane fails for some reason, then often the control plane
   will too.




   The rest of this document is organized as a list of specific network
   design questions, the choices a network designer has in answering the
   questions, and a discussion of the choices.


3.  Point-to-Point Links

3.1.  Mix IPv4 and IPv6?

   Should IPv4 and IPv6 traffic be logically separated on the link, or
   should the two traffic types be mixed?  That is:

   a.  Mix IPv4 and IPv6 traffic on the same logical link between the
       two routers, OR



Matthews                Expires December 31, 2012               [Page 4]


Internet-Draft     Design Guidelines for IPv6 Networks         June 2012


   b.  Separate IPv4 and IPv6 by using separate physical or logical
       links (e.g., two physical links or two VLANs on the same link)?

   Option (a) implies a single layer 3 interface at each end with both
   IPv4 and IPv6 addresses; while option (b) implies two layer 3
   interfaces, one for IPv4 addresses and one with IPv6 addresses.

   An advantage of option (a) is in producing traffic measurements.
   From time-to-time, operators to want to separately measure IPv4 and
   IPv6 traffic on a link, and this can be difficult to do with option
   (a).  Some routers today will only provide aggregate measurements for
   traffic (i.e.  IPv4 and IPv6 combined) if option (a) is used.

   An advantage of option (b) is there is only half as many layer 3
   interfaces, which can help with scaling.  If physical links are used,
   then there is also a capex advantage.

   Most networks today use option (a).

3.2.  Addressing?

   Should the link:

   a.  Use only link-local addresses ("unnumbered"), OR

   b.  Have global or unique-local addresses assigned in addition to
       link-locals?

   There are two advantages of unnumbered links.  The first advantage is
   ease of configuration.  In a network with a large number of
   unnumbered links, the operator can just enable an IGP on each router,
   without going through the tedious process of assigning and tracking
   the addresses for each link.  The second advantage is security.
   Since link-local addresses are unroutable, the associated interfaces
   cannot be attacked from an off-link device.  This implies less effort
   around maintaining security ACLs.

   Countering this advantage are various disadvantages to unnumbered
   links in IPv6:

   o  It is not possible to ping an interface that has only a link-local
      address from a device that is not directly attached to the link.
      Thus, to troubleshoot, one must typically log into a device that
      is directly attached to the device in question, and execute the
      ping from there.

   o  A traceroute passing over the unnumbered link will return the
      loopback or system address of the router, rather than the address



Matthews                Expires December 31, 2012               [Page 5]


Internet-Draft     Design Guidelines for IPv6 Networks         June 2012


      of the interface itself.

   o  On some devices, by default the link-layer address of the
      interface is derived from the MAC address assigned to interface.
      When this is done, swapping out the interface hardware (e.g.
      interface card) will cause the link-layer address to change.  In
      some cases (peering config, ACLs, etc) this may require additional
      changes.  However, many devices allow the link-layer address of an
      interface to be explicitly configured, which avoids this issue.

   o  It is not possible to identify the interface or link (in a
      database, email, etc) by just giving its address

   For more discussion on these points see [recent I-D].


4.  Static Routing

4.1.  Next-Hop Address?

   What next-hop should one use in a (one-hop) static route?

   a.  Use the far-end's link-local address as the next-hop address, OR

   b.  Use the far-end's GUA/ULA address as the next-hop address?

   RFC 4861 section 8 says:

      A router MUST be able to determine the link-local address for each
      of its neighboring routers in order to ensure that the target
      address in a Redirect message identifies the neighbor router by
      its link-local address.  For static routing, this requirement
      implies that the next-hop router's address should be specified
      using the link-local address of the router.

   This implies that option (b) will prevent the router from sending
   Redirect messages for packets that "hit" this static route.  This is
   typically only an issue when there are two or more routers plus one
   or more hosts attached to a LAN, and the static route, which is
   installed on one of the routers and points at a second router on the
   LAN, could reroute packets coming from the hosts to the second
   router.  See RFC 4861 for the exact conditions under which a router
   sends and a host accepts an ICMPv6 Redirect.  In cases where
   Redirects are not a concern, then either option (a) or (b) can be
   used.






Matthews                Expires December 31, 2012               [Page 6]


Internet-Draft     Design Guidelines for IPv6 Networks         June 2012


5.  eBGP

5.1.  One or Two eBGP Sessions?

   For a dual-stack peering connection where eBGP is used as the routing
   protocol, then one can either:

   a.  Use one BGP session to carry both IPv4 and IPv6 routes, OR

   b.  Use two BGP sessions, a session over IPv4 carrying IPv4 routes
       and a session over IPv6 carrying IPv6 routes.

   The main advantage of (a) is a reduction in the number of BGP
   sessions compared with (b).

   However, there are three main concerns with option (a).  First, on
   most existing implementations, adding or removing an address family
   to an established BGP session will cause the router to tear down and
   re-establish the session.  Thus adding the IPv6 family to an existing
   session carrying just IPv4 routes will disrupt the session, and the
   eventual removal of IPv4 from the dual IPv4/IPv6 session will also
   disrupt the session.  This disruption problem will persist until
   something similar to draft-ietf-idr-dynamic-cap is widely deployed.
   Second, there is the question of which protocol to use to carry the
   dual IPv4/IPv6 session: over IPv4 or over IPv6?  Carrying it over
   IPv4 makes sense initially from a stability and troubleshooting
   perspective, but will eventually seem out-of-date.  Third, carrying
   (for example) IPv6 routes over IPv4 means that route information is
   transported over a different transport plane than the data packets
   themselves.  If the IPv6 data plane was to fail, then IPv6 routes
   would still be exchanged, but any IPv6 traffic resulting from these
   routes would be dropped.

   Given these disadvantages, option (b) is the better choice in most
   situations.

5.2.  eBGP Endpoints: Global or Link-Local Addresses?

   If eBGP running over IPv6 is used for the peering connection, then
   depending on the addresses used on the link, there are two options
   for the addresses to use at each end of the eBGP session (or more
   properly, the underlying TCP session):

   a.  Use link-local addresses for the eBGP session, OR

   b.  Use global addresses for the eBGP session.

   Note that the choice here is the addresses to use for the eBGP



Matthews                Expires December 31, 2012               [Page 7]


Internet-Draft     Design Guidelines for IPv6 Networks         June 2012


   sessions, and not whether the link itself has global (or unique-
   local) addresses.  In particular, it is quite possible for the eBGP
   session to use link-local addresses even when the link has global
   addresses.

   The big attraction for option (a) is security: an eBGP session using
   link-local addresses is impossible to attack from a device that is
   off-link.  This provides very strong protection against TCP RST and
   similar attacks.  Though there are other ways to get an equivalent
   level of security (e.g.  GTSM and MD5), these other ways require
   additional configuration which can be forgotten or potentially mis-
   configured.

   However, there are a number of small disadvantages to using link-
   local addresses:

   o  One must use "next-hop self" at both endpoints, otherwise
      redistributing routes learned via eBGP into iBGP will not work.
      (Some products enable "next-hop self" in this situation
      automatically).

   o  Operators and their tools are used to referring to eBGP sessions
      by address only, something that is not possible with link-local
      addresses.

   o  If one is configuring parallel eBGP sessions for IPv4 and IPv6
      routes, then using link-local addresses for the IPv6 session
      introduces an extra difference between the two sessions which
      could otherwise be avoided.

   o  On some products, an eBGP session using a link-local address is
      more complex to configure than a session that use a global
      address.

   o  Finally, a strict interpretation of RFC 2545 can be seen as
      forbidding running eBGP between link-local addresses, as RFC 2545
      requires the BGP next-hop field to contain at least a global
      address.

   For these reasons, most operators today choose to have their eBGP
   sessions use global addresses.


6.  iBGP

   (TBD)





Matthews                Expires December 31, 2012               [Page 8]


Internet-Draft     Design Guidelines for IPv6 Networks         June 2012


7.  IS-IS

   (TBD)


8.  OSPF

   (TBD)


9.  LDP

   (TBD)


10.  RSVP

   (TBD)


11.  IANA Considerations

   This document makes no requests of IANA.


12.  Security Considerations

   This document introduces no new security concerns.  Some pre-existing
   security concerns are discussed in the sections above.


13.  Acknowledgements

   Thanks to Alastair Johnson and Pradeep Jain for helpful comments on a
   preliminary version of this document.


14.  Informative References

   [I-D.ietf-v6ops-icp-guidance]
              Carpenter, B. and S. Jiang, "IPv6 Guidance for Internet
              Content and Application Service Providers",
              draft-ietf-v6ops-icp-guidance-01 (work in progress),
              June 2012.

   [I-D.ietf-v6ops-wireline-incremental-ipv6]
              Kuarsingh, V. and L. Howard, "Wireline Incremental IPv6",
              draft-ietf-v6ops-wireline-incremental-ipv6-04 (work in



Matthews                Expires December 31, 2012               [Page 9]


Internet-Draft     Design Guidelines for IPv6 Networks         June 2012


              progress), May 2012.

   [RFC4852]  Bound, J., Pouffary, Y., Klynsma, S., Chown, T., and D.
              Green, "IPv6 Enterprise Network Analysis - IP Layer 3
              Focus", RFC 4852, April 2007.

   [RFC5963]  Gagliano, R., "IPv6 Deployment in Internet Exchange Points
              (IXPs)", RFC 5963, August 2010.

   [RFC6180]  Arkko, J. and F. Baker, "Guidelines for Using IPv6
              Transition Mechanisms during IPv6 Deployment", RFC 6180,
              May 2011.

   [RFC6342]  Koodli, R., "Mobile Networks Considerations for IPv6
              Deployment", RFC 6342, August 2011.


Author's Address

   Philip Matthews
   Alcatel-Lucent
   600 March Road
   Ottawa, Ontario  K2K 2E6
   Canada

   Phone: +1 613-784-3139
   Email: philip_matthews@magma.ca
























Matthews                Expires December 31, 2012              [Page 10]


Html markup produced by rfcmarkup 1.129c, available from https://tools.ietf.org/tools/rfcmarkup/