draft-ietf-homenet-arch-02.txt   draft-ietf-homenet-arch-03.txt 
Network Working Group T. Chown, Ed. Network Working Group T. Chown, Ed.
Internet-Draft University of Southampton Internet-Draft University of Southampton
Intended status: Informational J. Arkko Intended status: Informational J. Arkko
Expires: September 13, 2012 Ericsson Expires: December 31, 2012 Ericsson
A. Brandt A. Brandt
Sigma Designs Sigma Designs
O. Troan O. Troan
Cisco Systems, Inc. Cisco Systems, Inc.
J. Weil J. Weil
Time Warner Cable Time Warner Cable
March 12, 2012 June 29, 2012
Home Networking Architecture for IPv6 Home Networking Architecture for IPv6
draft-ietf-homenet-arch-02 draft-ietf-homenet-arch-03
Abstract Abstract
This text describes evolving networking technology within small This text describes evolving networking technology within
residential home networks. The goal of this memo is to define the increasingly large residential home networks. The goal of this
architecture for IPv6-based home networking and the associated document is to define the architecture for IPv6-based home networking
principles, considerations and requirements. The text briefly through the associated principles, considerations and requirements.
highlights the implications of the introduction of IPv6 for home The text briefly highlights the implications of the introduction of
networking, discusses topology scenarios, and suggests how standard IPv6 for home networking, discusses topology scenarios, and suggests
IPv6 mechanisms and addressing can be employed in home networking. how standard IPv6 mechanisms and addressing can be employed in home
The architecture describes the need for specific protocol extensions networking. The architecture describes the need for specific
for certain additional functionality. It is assumed that the IPv6 protocol extensions for certain additional functionality. It is
home network is not actively managed, and runs as an IPv6-only or assumed that the IPv6 home network is not actively managed, and runs
dual-stack network. There are no recommendations in this text for as an IPv6-only or dual-stack network. There are no recommendations
the IPv4 part of the network. in this text for the IPv4 part of the network.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 13, 2012. This Internet-Draft will expire on December 31, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 10 skipping to change at page 3, line 10
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Terminology and Abbreviations . . . . . . . . . . . . . . 5 1.1. Terminology and Abbreviations . . . . . . . . . . . . . . 5
2. Effects of IPv6 on Home Networking . . . . . . . . . . . . . . 5 2. Effects of IPv6 on Home Networking . . . . . . . . . . . . . . 5
2.1. Multiple subnets and routers . . . . . . . . . . . . . . . 5 2.1. Multiple subnets and routers . . . . . . . . . . . . . . . 6
2.2. Global addressability and elimination of NAT . . . . . . . 6 2.2. Global addressability and elimination of NAT . . . . . . . 6
2.3. Multi-Addressing of devices . . . . . . . . . . . . . . . 7 2.3. Multi-Addressing of devices . . . . . . . . . . . . . . . 7
2.4. Unique Local Addresses (ULAs) . . . . . . . . . . . . . . 7 2.4. Unique Local Addresses (ULAs) . . . . . . . . . . . . . . 8
2.5. Security and borders . . . . . . . . . . . . . . . . . . . 8 2.5. Security and borders . . . . . . . . . . . . . . . . . . . 9
2.6. Naming, and manual configuration of IP addresses . . . . . 8 2.6. Naming, and manual configuration of IP addresses . . . . . 10
3. Architecture . . . . . . . . . . . . . . . . . . . . . . . . . 9 3. Architecture . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.1. Network Models . . . . . . . . . . . . . . . . . . . . . . 9 3.1. Network Models . . . . . . . . . . . . . . . . . . . . . . 11
3.1.1. A: Single ISP, Single CER, Internal routers . . . . . 10 3.1.1. A: Single ISP, Single CER, Internal routers . . . . . 12
3.1.2. B: Two ISPs, Two CERs, Shared subnet . . . . . . . . . 12 3.1.2. B: Two ISPs, Two CERs, Shared subnet . . . . . . . . . 14
3.1.3. C: Two ISPs, One CER, Shared subnet . . . . . . . . . 13 3.1.3. C: Two ISPs, One CER, Shared subnet . . . . . . . . . 15
3.2. Determining the Requirements . . . . . . . . . . . . . . . 13 3.2. Determining the Requirements . . . . . . . . . . . . . . . 15
3.3. Considerations . . . . . . . . . . . . . . . . . . . . . . 14 3.3. Considerations . . . . . . . . . . . . . . . . . . . . . . 16
3.3.1. Multihoming . . . . . . . . . . . . . . . . . . . . . 14 3.3.1. Multihoming . . . . . . . . . . . . . . . . . . . . . 16
3.3.2. Quality of Service . . . . . . . . . . . . . . . . . . 16 3.3.2. Quality of Service . . . . . . . . . . . . . . . . . . 17
3.3.3. Operations and Management . . . . . . . . . . . . . . 16 3.3.3. Operations and Management . . . . . . . . . . . . . . 18
3.3.4. Privacy considerations . . . . . . . . . . . . . . . . 16 3.3.4. Privacy considerations . . . . . . . . . . . . . . . . 18
3.4. Design Principles and Requirements . . . . . . . . . . . . 17 3.4. Design Principles and Requirements . . . . . . . . . . . . 18
3.4.1. Reuse existing protocols . . . . . . . . . . . . . . . 17 3.4.1. Reuse existing protocols . . . . . . . . . . . . . . . 19
3.4.2. Dual-stack Operation . . . . . . . . . . . . . . . . . 18 3.4.2. Dual-stack Operation . . . . . . . . . . . . . . . . . 19
3.4.3. Largest Possible Subnets . . . . . . . . . . . . . . . 19 3.4.3. Largest Possible Subnets . . . . . . . . . . . . . . . 20
3.4.4. Security vs Transparent, End-to-End Communications . . 19 3.4.4. Security vs Transparent, End-to-End Communications . . 20
3.4.5. IP Connectivity between All Nodes . . . . . . . . . . 20 3.4.5. Internal IP Connectivity . . . . . . . . . . . . . . . 21
3.4.6. Routing functionality . . . . . . . . . . . . . . . . 21 3.4.6. Routing functionality . . . . . . . . . . . . . . . . 22
3.4.7. Self-Organising . . . . . . . . . . . . . . . . . . . 23 3.4.7. A Self-organising Network . . . . . . . . . . . . . . 24
3.4.8. Fewest Topology Assumptions . . . . . . . . . . . . . 26 3.4.8. Fewest Topology Assumptions . . . . . . . . . . . . . 26
3.4.9. Naming and Service Discovery . . . . . . . . . . . . . 26 3.4.9. Naming and Service Discovery . . . . . . . . . . . . . 26
3.4.10. Proxy or Extend? . . . . . . . . . . . . . . . . . . . 27 3.4.10. Proxy or Extend? . . . . . . . . . . . . . . . . . . . 27
3.4.11. Adapt to ISP constraints . . . . . . . . . . . . . . . 27 3.4.11. Adapt to ISP constraints . . . . . . . . . . . . . . . 28
3.5. Implementing the Architecture on IPv6 . . . . . . . . . . 29 3.5. Implementing the Architecture on IPv6 . . . . . . . . . . 29
4. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 29 4. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 30
5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5.1. Normative References . . . . . . . . . . . . . . . . . . . 29 5.1. Normative References . . . . . . . . . . . . . . . . . . . 30
5.2. Informative References . . . . . . . . . . . . . . . . . . 31 5.2. Informative References . . . . . . . . . . . . . . . . . . 31
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 34 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 34
Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . . 34 Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . . 34
B.1. Version 02 . . . . . . . . . . . . . . . . . . . . . . . . 34 B.1. Version 03 . . . . . . . . . . . . . . . . . . . . . . . . 35
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 B.2. Version 02 . . . . . . . . . . . . . . . . . . . . . . . . 36
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 37
1. Introduction 1. Introduction
This document focuses on evolving networking technology within small This document focuses on evolving networking technology within
residential home networks and the associated challenges. There is a increasingly large residential home networks and the associated
growing trend in home networking for the proliferation of networking challenges with their deployment and operation. There is a growing
trend in home networking for the proliferation of networking
technology in an increasingly broad range of devices and media. This technology in an increasingly broad range of devices and media. This
evolution in scale and diversity sets requirements on IETF protocols. evolution in scale and diversity sets requirements on IETF protocols.
Some of these requirements relate to the introduction of IPv6, others Some of these requirements relate to the introduction of IPv6, others
to the introduction of specialised networks for home automation and to the introduction of specialised networks for home automation and
sensors. There are also likely to be scenarios where internal sensors. There are likely to be scenarios where internal routing is
routing is required, for example to support private and guest required, for example to support private and guest networks, in which
networks, in which case home networks will use multiple subnets. case home networks may use increasing numbers of subnets.
While some advanced home networks exist, most operate based on IPv4, While at the time of writing some complex home network topologies
employ solutions that we would like to avoid such as (cascaded) exist, most operate based on IPv4, employ solutions that we would
network address translation (NAT), or require expert assistance to like to avoid such as (cascaded) network address translation (NAT),
set up. The assumption of this document is that the homenet is as or require expert assistance to set up. The assumption of this
far as possible self-organising and self-configuring, and is thus not document is that the homenet is as far as possible self-organising
pro-actively managed by the residential user. The architectural and self-configuring, and is thus not pro-actively managed by the
constructs in this document are focused on the problems to be solved residential user.
when introducing IPv6 with an eye towards a better result than what
we have today with IPv4, as well as a better result than if the IETF
had not given this specific guidance.
This architecture document aims to provide the basis and guiding The architectural constructs in this document are focused on the
principles for how standard IPv6 mechanisms and addressing [RFC2460] problems to be solved when introducing IPv6 with an eye towards a
[RFC4291] can be employed in home networking, while coexisting with better result than what we have today with IPv4, as well as a better
existing IPv4 mechanisms. In emerging dual-stack home networks it is result than if the IETF had not given this specific guidance. The
vital that introducing IPv6 does not adversely affect IPv4 operation. document aims to provide the basis and guiding principles for how
Future deployments, or specific subnets within an otherwise dual- standard IPv6 mechanisms and addressing [RFC2460] [RFC4291] can be
stack home network, may be IPv6-only, in which case considerations employed in home networking, while coexisting with existing IPv4
for IPv4 impact would not apply. mechanisms. In emerging dual-stack home networks it is vital that
introducing IPv6 does not adversely affect IPv4 operation. Future
deployments, or specific subnets within an otherwise dual-stack home
network, may be IPv6-only, in which case considerations for IPv4
impact would not apply. We assume that the IPv4 network architecture
in home networks is what it is, and can not be affected by new
recommendations.
This architecture document proposes a baseline homenet architecture,
based on protocols and implementations that are as far as possible
proven and robust. The scope of the document is primarily the
network layer technologies that provide the basic functionality to
enable addressing, connectivity, routing, naming and service
discovery. While it may, for example, state that homenet components
must be simple to deploy and use, it does not discuss specific user
interfaces, nor does it consider specific physical, wireless or data-
link layer considerations.
[RFC6204] defines basic requirements for customer edge routers [RFC6204] defines basic requirements for customer edge routers
(CERs). The scope of this text is the homenet, and thus the relevant (CERs). The scope of this text is the homenet, and thus the relevant
part of RFC 6204 is the internal facing interface as well as any part of RFC 6204 is the internal facing interface as well as any
other components within the home network. While the network may be other components within the home network. While the network may be
dual-stack or IPv6-only, the definition of specific transition tools dual-stack or IPv6-only, the definition of specific transition tools
on the CER are out of scope of this text, as is any advice regarding on the CER, as introduced in RFC 6204-bis [I-D.ietf-v6ops-6204bis]
architecture of the IPv4 part of the network. We assume that IPv4 with DS-Lite [RFC6333] and 6rd [RFC5969], are considered issues for
network architecture in home networks is what it is, and can not be that RFC, and are thus out of scope of this text.
affected by new recommendations.
This architecture document proposes a baseline homenet architecture,
based on protocols and implementations that are as far as possible
proven and robust, and as such is a "version 1" architecture. A
future architecture may incorporate more advanced elements at a later
date.
1.1. Terminology and Abbreviations 1.1. Terminology and Abbreviations
In this section we define terminology and abbreviations used In this section we define terminology and abbreviations used
throughout the text. throughout the text.
o CER: Customer Edge Router. The border router at the edge of the o "Advanced Security". Describes advanced security functions for a
CER, as defined in [I-D.vyncke-advanced-ipv6-security], where the
default inbound connection policy is generally "default allow".
o CER: Customer Edge Router. A border router at the edge of the
homenet. homenet.
o LLN: Low-power and lossy network. o LLN: Low-power and lossy network.
o NAT: Network Address Translation. Typically referring to Network o NAT: Network Address Translation. Typically referring to IPv4
Address and Port Translation (NAPT) [RFC3022]. Network Address and Port Translation (NAPT) [RFC3022].
o NPTv6: Network Prefix Translation for IPv6 [RFC6296]. o NPTv6: Network Prefix Translation for IPv6 [RFC6296].
o PCP: Port Control Protocol [I-D.ietf-pcp-base]. o PCP: Port Control Protocol [I-D.ietf-pcp-base].
o ULA: Unique Local Addresses [RFC4193]. o "Simple Security". Defined in [RFC4864] and expanded further in
[RFC6092]; describes recommended perimeter security capabilities
for IPv6 networks.
o UPnP: Universal Plug and Play. Includes Internet Gateway Device o ULA: IPv6 Unique Local Addresses [RFC4193].
(IGD) function, which for IPv6 is UPnP IGD Version 2 [IGD-2].
o UPnP: Universal Plug and Play. Includes the Internet Gateway
Device (IGD) function, which for IPv6 is UPnP IGD Version 2
[IGD-2].
o VM: Virtual machine. o VM: Virtual machine.
o WPA: Wi-Fi Protected Access, as defined by the Wi-Fi Alliance. o WPA2: Wi-Fi Protected Access, as defined by the Wi-Fi Alliance.
2. Effects of IPv6 on Home Networking 2. Effects of IPv6 on Home Networking
Service providers are deploying IPv6, content is becoming available Service providers are deploying IPv6, content is becoming available
on IPv6, and support for IPv6 is increasingly available in devices on IPv6, and support for IPv6 is increasingly available in devices
and software used in the home. While IPv6 resembles IPv4 in many and software used in the home. While IPv6 resembles IPv4 in many
ways, it changes address allocation principles, makes multi- ways, it changes address allocation principles, making multi-
addressing the norm, and allows direct IP addressability and routing addressing the norm, and allowing direct IP addressability home
to devices in the home from the Internet. This section presents an networking devices from the Internet. This section presents an
overview of some of the key implications of the introduction of IPv6 overview of some of the key implications of the introduction of IPv6
for home networking, that are both promising and problematic. for home networking, that are both promising and problematic.
2.1. Multiple subnets and routers 2.1. Multiple subnets and routers
While simple layer 3 topologies involving as few subnets as possible While simple layer 3 topologies involving as few subnets as possible
are preferred in home networks, the incorporation of dedicated are preferred in home networks, the incorporation of dedicated
(routed) subnets remains necessary for a variety of reasons. (routed) subnets remains necessary for a variety of reasons. For
instance, an increasingly common feature in modern home routers is
For instance, a common feature in modern home routers is the ability the ability to support both guest and private network subnets.
to support both guest and private network subnets. Also, link layer Likewise, there may be a need to separate building control or
networking technology is poised to become more heterogeneous, as corporate extensions from the main Internet access network, or
networks begin to employ both traditional Ethernet technology and different subnets may in general be associated with parts of the
link layers designed for low-power and lossy networks (LLNs) such as homenet that have different routing and security policies. Further,
those used for certain types of sensor devices. There may also be a link layer networking technology is poised to become more
need to separate building control or corporate extensions from the heterogeneous, as networks begin to employ both traditional Ethernet
main Internet access network. Also, different subnets may be technology and link layers designed for low-power and lossy networks
associated with parts of the homenet that have different routing and (LLNs), such as those used for certain types of sensor devices.
security policies.
Documents that provide some more specific background and depth on Documents that provide some more specific background and depth on
this topic include: [I-D.herbst-v6ops-cpeenhancements], this topic include: [I-D.herbst-v6ops-cpeenhancements],
[I-D.baker-fun-multi-router], and [I-D.baker-fun-routing-class]. [I-D.baker-fun-multi-router], and [I-D.baker-fun-routing-class].
The addition of routing between subnets raises the issue of how to The addition of routing between subnets raises the issue of how to
extend mechanisms such as service discovery which currently rely on extend mechanisms such as service discovery which currently rely on
link-local addressing to limit scope. There will also be the need to link-local addressing to limit scope. There are two broad choices;
discover which are the border router(s) by an appropriate mechanism. extend existing protocols to work across the scope of the homenet, or
introduce proxies for existing link-layer protocols. This is
discussed later in the document.
There will also be the need to discover which routers in the homenet
are the border router(s) by an appropriate mechanism. Here, there
are a number of choices. These include an appropriate service
discovery protocol, or the use of a well-known name, resolved by some
local name service. Both might have to deal with handling more than
one router responding in multihomed environments.
2.2. Global addressability and elimination of NAT 2.2. Global addressability and elimination of NAT
Current IPv4 home networks typically receive a single global IPv4 Current IPv4 home networks typically receive a single global IPv4
address from their ISP and use NAT with private [RFC1918] addresses address from their ISP and use NAT with private [RFC1918] addresses
for devices within the network. An IPv6 home network removes the for devices within the network. An IPv6 home network removes the
need to use NAT given the ISP offers a sufficiently large globally need to use NAT given the ISP offers a sufficiently large globally
unique IPv6 prefix to the homenet, allowing every device on every unique IPv6 prefix to the homenet, allowing every device on every
link to be assigned a globally unique IPv6 address. link to be assigned a globally unique IPv6 address.
The end-to-end communication that is potentially enabled with IPv6 is The end-to-end communication that is potentially enabled with IPv6 is
on the one hand an incredible opportunity for innovation and simpler on the one hand an incredible opportunity for innovation and simpler
network operation, but it is also a concern as it exposes nodes in network operation, but it is also a concern as it exposes nodes in
the internal networks to receipt of otherwise unwanted traffic from the internal networks to receipt of otherwise unwanted traffic from
the Internet. the Internet. There may thus be an expectation of improved host
security to compensate for this, at least in general networked
In IPv4 NAT networks, the NAT provides an implicit firewall function. devices, but it must be noted that many devices may also (for
[RFC4864] suggests that IPv6 networks with global addresses utilise example) ship with default settings that make them readily vulnerable
"Simple Security" in border firewalls to restrict incoming to compromise by external attackers if globally accessible, or may
connections through a default deny policy. Applications or hosts simply not have robustness designed-in because it was either assumed
wanting to accept inbound connections in networks that are compliant such devices would only be used on private networks or the device
with the architecture presented in this document would then need to itself doesn't have the computing power to apply the necessary
signal that desire through a protocol such as UPnP or PCP security methods.
[I-D.ietf-pcp-base]. In networks with multiple CERs, the signalling
would need to handle the cases of flows that may use one or both exit
routers.
The "Simple Security" default deny approach effectively replaces the
need for IPv4 NAT traversal by a need to use a signalling protocol to
request a firewall hole be opened. [RFC6092] states that while the
default should be default deny, CERs should also have an option to be
put into a "transparent" mode of operation which enables a default
allow model.
It is important to distinguish between addressability and IPv6 networks may or may not have filters applied at their borders,
reachability. While IPv6 offers global addressability through use of i.e. at the homenet CER. [RFC4864], [RFC6092] and
globally unique addresses in the home, whether they are globally [I-D.vyncke-advanced-ipv6-security] discuss such filtering, and the
reachable or not would depend on the firewall or filtering merits of "default allow" against "default deny" policies for
configuration, and not presence or use of NAT. external traffic initiated into a homenet. It is important to
distinguish between addressability and reachability. While IPv6
offers global addressability through use of globally unique addresses
in the home, whether they are globally reachable or not would depend
on the firewall or filtering configuration, and not, as is commonly
the case with IPv4, the presence or use of NAT.
2.3. Multi-Addressing of devices 2.3. Multi-Addressing of devices
In an IPv6 network, devices may acquire multiple addresses, typically In an IPv6 network, devices may acquire multiple addresses, typically
at least a link-local address and a globally unique address. They at least a link-local address and a globally unique address. They
may also have an IPv4 address if the network is dual-stack, a Unique may also have an IPv4 address if the network is dual-stack, a Unique
Local Address (ULA) [RFC4193] (see below), and one or more IPv6 Local Address (ULA) [RFC4193] (see below), and one or more IPv6
Privacy Addresses [RFC4941]. Privacy Addresses [RFC4941].
Thus it should be considered the norm for devices on IPv6 home Thus it should be considered the norm for devices on IPv6 home
networks to be multi-addressed, and to need to make appropriate networks to be multi-addressed, and to need to make appropriate
address selection decisions for the candidate source and destination address selection decisions for the candidate source and destination
address pairs. Default Address Selection for IPv6 address pairs. Default Address Selection for IPv6
[I-D.ietf-6man-rfc3484bis] provides a solution for this, but may face [I-D.ietf-6man-rfc3484bis] provides a solution for this, though it
problems in the event of multihoming, where nodes will be configured may face problems in the event of multihoming, where nodes will be
with one address from each upstream ISP prefix. In such cases the configured with one address from each upstream ISP prefix. In such
presence of upstream ingress filtering requires multi-addressed nodes cases the presence of upstream ingress filtering requires multi-
to select the right source address to be used for the corresponding addressed nodes to select the right source address to be used for the
uplink, but the node may not have the information it needs to make corresponding uplink, to avoid ISP BCP 38 ingress filtering, but the
that decision based on addresses alone. node may not have the information it needs to make that decision
based on addresses alone. We discuss such challenges in multihoming
later in this document.
2.4. Unique Local Addresses (ULAs) 2.4. Unique Local Addresses (ULAs)
[RFC4193] defines Unique Local Addresses (ULAs) for IPv6 that may be [RFC4193] defines Unique Local Addresses (ULAs) for IPv6 that may be
used to address devices within the scope of a single site. Support used to address devices within the scope of a single site. Support
for ULAs for IPv6 CERs is described in [RFC6204]. A home network for ULAs for IPv6 CERs is described in [RFC6204]. A home network
running IPv6 may deploy ULAs for stable communication between devices running IPv6 may deploy ULAs for stable communication between devices
(on different subnets) within the network where externally allocated (on different subnets) within the network where the externally
global prefix changes over time (either due to renumbering within the allocated global prefix changes over time (e.g. due to renumbering
subscriber's ISP or a change of ISP) or where external connectivity within the subscriber's ISP) or where external connectivity is
is temporarily unavailable. temporarily unavailable.
A counter-argument to using ULAs is that it is undesirable to A counter-argument to using ULAs is that it is undesirable to
aggressively deprecate global prefixes for temporary loss of aggressively deprecate global prefixes for temporary loss of
connectivity, so for a host to lose its global address there would connectivity, so for a host to lose its global address there would
have to be a connection breakage longer than the lease period, and have to be a connection breakage longer than the lease period, and
even then, deprecating prefixes when there is no connectivity may not even then, deprecating prefixes when there is no connectivity may not
be advisable. It should also be noted that there are timers on the be advisable. It should also be noted that there may be timers on
prefix lease to the homenet, on the internal prefix delegations, and the prefix lease to the homenet, on the internal prefix delegations,
on the Router Advertisements to the hosts. Despite this counter- and on the Router Advertisements to the hosts. Despite this counter-
argument, while setting a network up there may be a period with no argument, while setting a network up there may be a period with no
connectivity, in which case ULAs would be required for inter-subnet connectivity, in which case ULAs would be required for inter-subnet
communication. communication. In the case where LLNs are being set up in a new
home/deployment, individual LLNs may, at least initially, each use
their own /48 ULA prefix.
ULA addresses will allow constrained LLN devices to create permanent
relationships between IPv6 addresses, e.g. from a wall controller to
a lamp. Symbolic host names would require additional non-volatile
memory. Updating global prefixes in sleeping LLN devices might also
be problematic.
It has been suggested that using ULAs would provide an indication to It has been suggested that using ULAs would provide an indication to
applications that received traffic is locally sourced. This could applications that received traffic is locally sourced. This could
then be used with security settings to designate where a particular then be used with security settings to designate where a particular
application is allowed to connect to or receive traffic from. application is allowed to connect to or receive traffic from.
ULA addresses will allow constrained LLN devices to create permanent
relations between IPv6 addresses, e.g. from a wall controller to a
lamp. Symbolic host names would require additional non-volatile
memory. Updating global prefixes in sleeping LLN devices might also
be problematic.
Default address selection mechanisms should ensure a ULA source Default address selection mechanisms should ensure a ULA source
address is used to communicate with ULA destination addresses when address is used to communicate with ULA destination addresses when
appropriate. Unlike the IPv4 RFC1918 space, the use of ULAs does not appropriate, in particular when the ULA destination lies within a /48
imply use of host-based IPv6 NAT, or NPTv6 prefix-based NAT ULA prefix known to be used within the same homenet. Unlike the IPv4
[RFC6296], rather that external communications should use a node's RFC 1918 space, the use of ULAs does not imply use of host-based IPv6
globally unique IPv6 source address. NAT, or NPTv6 prefix-based NAT [RFC6296], rather that external
communications should use a node's additional globally unique IPv6
source address.
2.5. Security and borders 2.5. Security and borders
Advanced Security for IPv6 CPEs [I-D.vyncke-advanced-ipv6-security] The filtering policy to/from the homenet is an important
takes the approach that in order to provide the greatest end-to-end consideration, but the homenet/ISP border may not be the only border
transparency as well as security, security policies must be updated in a homenet. It is desirable that there are mechanisms to detect
by a trusted party which can provide intrusion signatures and other other types of borders, and then the means to apply different types
"active" information on security threats. Such methods should be of filtering policies at those borders, e.g. whether naming and
able to be automatically updating. service discovery should pass a given border. Any such policies
should be able to be easily applied by typical home users, e.g. to
give a visitor in a "guest" network access to media services in the
home, or access to a printer in the residence. Simple mechanisms to
apply policy changes, or associations between devices, will be
required.
In addition to establishing the security mechanisms themselves, it is A simple homenet model may just consider three types of realm and the
important to know where the borders are at which they need to be borders between them. For example if the realms are the homenet, the
enabled. Any required policies must be able to be applied by typical ISP and the visitor network, then the borders will include that from
home users, e.g. to give a visitor in a "guest" network access to the homenet to the ISP, and that from the homenet to a guest network.
media services in the home. Thus simple "association" mechanisms Regardless, it should be possible for additional types of realms and
will be required. borders to be defined, e.g. for some specific Grid or LLN-based
network, and for these to be detected or configured, and for an
appropriate default policy to be applied as to what type of traffic/
data can flow across such borders.
It may be useful to classify the external border of the home network It is desirable to classify the external border of the home network
as a unique logical interface separating the home network from as a unique logical interface separating the home network from
service provider network/s. This border interface may be a single service provider network/s. This border interface may be a single
physical interface to a single service provider, multiple layer 2 physical interface to a single service provider, multiple layer 2
sub-interfaces to a single service provider, or multiple connections sub-interfaces to a single service provider, or multiple connections
to a single or multiple providers. This border is useful for to a single or multiple providers. This border makes it possible to
describing edge operations and interface requirements across multiple describe edge operations and interface requirements across multiple
functional areas including security, routing, service discovery, and functional areas including security, routing, service discovery, and
router discovery. router discovery.
while a goal of the homenet architecture is for the network to be as
self-organising as possible, there may be instances where some manual
configuration is required, e.g. the entry of a key to apply wireless
security, or to configure a shared routing secret. The latter may be
relevant when considering how to bootstrap a routing configuration.
It is highly desirable that only one such key is needed for any set
of functions, to increase usability for the homenet user.
Advanced Security for IPv6 CPEs [I-D.vyncke-advanced-ipv6-security]
takes the approach that in order to provide the greatest end-to-end
transparency as well as security, security policies must be updated
by a trusted party which can provide intrusion signatures and other
"active" information on security threats. This might for example
allow different malware detection profiles to be configured on a CER.
Such methods should be able to be automatically updating.
There is no defined "threat model" as such for the type of IPv6
homenet described in this text. Such a document may be very useful.
It may include a variety of perspectives, from probing for specific
types of home appliance being present, to potential denial of service
attacks. Hosts need to be able to operate securely, end-to-end where
required, but also be robust against malicious traffic direct towards
them. We simply note at this point that software on home devices
will have an increase in security if it allows its software to be
updated regularly.
2.6. Naming, and manual configuration of IP addresses 2.6. Naming, and manual configuration of IP addresses
Some IPv4 home networking devices expose IPv4 addresses to users, Some IPv4 home networking devices expose IPv4 addresses to users,
e.g. the IPv4 address of a home IPv4 CER that may be configured via a e.g. the IPv4 address of a home IPv4 CER that may be configured via a
web interface. Users should not be expected to enter IPv6 literal web interface. Users should not be expected to enter IPv6 literal
addresses in homenet devices or applications, given their much addresses in homenet devices or applications, given their much
greater length and apparent randomness to a typical home user. While greater length and apparent randomness to a typical home user. While
shorter addresses, perhaps ones registered with IANA from ULA-C shorter addresses, perhaps ones registered with IANA from ULA-C space
space, could be used for specific devices/services, in general it is [I-D.hain-ipv6-ulac], could be used for specific devices/services, in
better to not expose users to real IPv6 addresses. Thus, even for general it is better to not expose users to real IPv6 addresses.
the simplest of functions, simple naming and the associated discovery Thus, even for the simplest of functions, simple naming and the
of services is imperative for easy use of homenet devices and associated (ideally zero configuration) discovery of services is
imperative for the easy deployment and use of homenet devices and
applications. applications.
In a multi-subnet homenet, naming and service discovery should be In a multi-subnet homenet, naming and service discovery should be
expected to operate across the scope of the entire home network, and expected to be capable of operating across the scope of the entire
thus be able to cross subnet boundaries. It should be noted that in home network, and thus be able to cross subnet boundaries. It should
IPv4, such services do not generally function across home router NAT be noted that in IPv4, such services do not generally function across
boundaries, so this is one area where there is scope for an home router NAT boundaries, so this is one area where there is scope
improvement in IPv6. for an improvement in IPv6.
3. Architecture 3. Architecture
An architecture outlines how to construct home networks involving The aim of this architecture text is to outline how to construct home
multiple routers and subnets. In this section, we present a set of networks involving multiple routers and subnets. In this section, we
typical home network topology models/scenarios, followed by a list of present a set of typical home network topology models/scenarios,
topics that may influence the architecture discussions, and a set of followed by a list of topics that may influence the architectural
architectural principles that govern how the various nodes should discussions, and a set of architectural principles and requirements
work together. Finally, some guidelines are given for realising the that govern how the various nodes should work together. The
architecture with the IPv6 addressing, prefix delegation, global and architecture also drives what protocol extensions are necessary, as
ULA addresses, source address selection rules and other existing will be discussed briefly in Section 3.5.
components of the IPv6 architecture. The architecture also drives
what protocol extensions are necessary, as will be discussed in
Section 3.5.
3.1. Network Models 3.1. Network Models
Most IPv4 home network models tend to be relatively simple, typically Most IPv4 home network models at the time of writing tend to be
a single NAT router to the ISP and a single internal subnet, but as relatively simple, typically a single NAT router to the ISP and a
discussed earlier, evolution in network architectures is driving more single internal subnet but, as discussed earlier, evolution in
complex architectures, such as separation of visitors and private network architectures is driving more complex topologies, such as the
networks. These considerations apply to IPv6 networks as well. separation of visitor and private networks.
In general, the models described in [RFC6204] and In general, the models described in [RFC6204] and its successor RFC
[I-D.ietf-v6ops-ipv6-cpe-router-bis] should be supported by an IPv6 6204-bis [I-D.ietf-v6ops-6204bis] should be supported by an IPv6 home
home networking architecture. networking architecture.
The following properties apply to any IPv6 home network: There are a number of properties or attributes of a home network that
we can use to describe its topology and operation. The following
properties apply to any IPv6 home network:
o Presence of internal routers. The homenet may have one or more o Presence of internal routers. The homenet may have one or more
internal routers, or may only provide subnetting from interfaces internal routers, or may only provide subnetting from interfaces
on the CER. on the CER.
o Presence of isolated internal subnets. There may be isolated o Presence of isolated internal subnets. There may be isolated
internal subnets, with no direct connectivity between them within internal subnets, with no direct connectivity between them within
the homenet. Isolation may be physical, or implemented via IEEE the homenet. Isolation may be physical, or implemented via IEEE
802.1q VLANs. 802.1q VLANs.
skipping to change at page 10, line 38 skipping to change at page 12, line 5
o Number of CERs. The homenet may have a single CER, which might be o Number of CERs. The homenet may have a single CER, which might be
used for one or more providers, or multiple CERs. Multiple CERs used for one or more providers, or multiple CERs. Multiple CERs
adds additional complexity for multihoming scenarios, and adds additional complexity for multihoming scenarios, and
protocols like PCP that need to manage connection-oriented state protocols like PCP that need to manage connection-oriented state
mappings. mappings.
Some separate discussion of physical infrastructures for homenets is Some separate discussion of physical infrastructures for homenets is
included in and [I-D.arkko-homenet-physical-standard]. included in and [I-D.arkko-homenet-physical-standard].
In the following sections we show some example homenet models. In principle, we might argue that an architecture for IPv6 homenets
should support any arbitrary topology. We discuss this topic later
in the text. In the following sections we give some examples of the
types of homenet topologies we may see in the future. This is not
intended to be an exhaustive or complete list, rather an indicative
one to facilitate discussion in this text.
3.1.1. A: Single ISP, Single CER, Internal routers 3.1.1. A: Single ISP, Single CER, Internal routers
Figure 1 shows a network with multiple local area networks. These Figure 1 shows a network with multiple local area networks. These
may be needed for reasons relating to different link layer may be needed for reasons relating to different link layer
technologies in use or for policy reasons, e.g. classic Ethernet in technologies in use or for policy reasons, e.g. classic Ethernet in
one subnet and a LLN link layer technology in another. In this one subnet and a LLN link layer technology in another. In this
example there is no single router that a priori understands the example there is no single router that a priori understands the
entire topology. The topology itself may also be complex, and it may entire topology. The topology itself may also be complex, and it may
not be possible to assume a pure tree form, for instance. This is a not be possible to assume a pure tree form, for instance. This is a
skipping to change at page 13, line 39 skipping to change at page 15, line 39
Figure 3 Figure 3
Figure 3 illustrates a model where a home network may have multiple Figure 3 illustrates a model where a home network may have multiple
connections to multiple providers or multiple logical connections to connections to multiple providers or multiple logical connections to
the same provider, with shared internal subnets. the same provider, with shared internal subnets.
3.2. Determining the Requirements 3.2. Determining the Requirements
[RFC6204] defines "basic" requirements for IPv6 Customer Edge [RFC6204] defines "basic" requirements for IPv6 Customer Edge
Routers, while [I-D.ietf-v6ops-ipv6-cpe-router-bis] describes Routers, while [I-D.ietf-v6ops-6204bis] extends RFC 6204 to describe
"advanced" features. In general, home network equipment needs to additional features. In general, home network equipment needs to
cope with the different types of network properties and topologies cope with the different types of network properties and topologies as
discussed above. Manual configuration is rarely, if at all, exemplified above. Significant manual configuration is rarely, if at
possible, given the knowledge level of typical home users. The all, possible, given the knowledge level of typical home users. The
equipment needs to be prepared to handle at least network should as far as possible be self-configuring. The equipment
needs to be prepared to handle at least
o Routing o Routing
o Prefix configuration for routers o Prefix configuration for routers
o Name resolution o Name resolution
o Service discovery o Service discovery
o Network security o Network security
The remainder of the architecture document is presented as The remainder of the architecture document is presented as
considerations and principles that lead to more specific requirements considerations and principles that lead to more specific requirements
for the five general areas listed above. for the five general areas listed above.
3.3. Considerations 3.3. Considerations
skipping to change at page 14, line 14 skipping to change at page 16, line 16
o Service discovery o Service discovery
o Network security o Network security
The remainder of the architecture document is presented as The remainder of the architecture document is presented as
considerations and principles that lead to more specific requirements considerations and principles that lead to more specific requirements
for the five general areas listed above. for the five general areas listed above.
3.3. Considerations 3.3. Considerations
This section lists some considerations for home networking that may This section discusses some considerations for home networking that
affect the architecture and associated requirements. may affect the architecture and associated requirements.
3.3.1. Multihoming 3.3.1. Multihoming
A homenet may be multihomed to multiple providers. This may either A homenet may be multihomed to multiple providers. This may either
take a form where there are multiple isolated networks within the take a form where there are multiple isolated networks within the
home a more integrated network where the connectivity selection is home or a more integrated network where the connectivity selection is
dynamic. Current practice is typically of the former kind, but the dynamic. Current practice is typically of the former kind, but the
latter is expected to become more commonplace. latter is expected to become more commonplace.
In an integrated network, specific appliances or applications may use The general multihoming problem is broad, and solutions suggested to
their own external connectivity, or the entire network may change its date within the IETF may include complex architectures for monitoring
connectivity based on the status of the different upstream
connections. The complexity of the multihoming solution required
will depend on the Network Model deployed. For example, Network
Model C in the previous section has a single CER and thus could
perform source routing at the single network exit point.
The general approach for IPv6 multihoming is for a host to receive
multiple addresses from multiple providers, and to select the
appropriate source address to communicate via a given provider. An
alternative is to deploy ULAs with a site and then use NPTv6
[RFC6296], a prefix translation-based mechanism, at the edge. This
obviously comes at some architectural cost, which is why approaches
such as [I-D.v6ops-multihoming-without-ipv6nat] have been suggested.
There has been much work on multihoming in the IETF, without (yet)
widespread deployment of proposed solutions.
Host-based methods such as Shim6 [RFC5533] have been defined, but of
course require support in the hosts. There are also application-
oriented approaches such as Happy Eyeballs
[I-D.ietf-v6ops-happy-eyeballs] exist; simplified versions of this
are implemented in some commonly used web browsers for example.
There are some other multihoming considerations for homenet
scenarios. First, it may be the case that multihoming applies due to
an ISP migration from a transition method to a native deployment,
e.g. a 6rd [RFC5969] sunset scenario. Second, one upstream may be a
"walled garden", and thus only appropriate to be used for
connectivity to the services of that provider.
If the homenet architecture supports multihoming, additional
requirements apply. The general multihoming problem is broad, and
solutions may include complex architectures for monitoring
connectivity, traffic engineering, identifier-locator separation, connectivity, traffic engineering, identifier-locator separation,
connection survivability across multihoming events, and so on. This connection survivability across multihoming events, and so on. It is
implies that if there is any support for multihoming defined in the thus important that the homenet architecture should as far as
homenet architecture it should be limited to a very small subset of possible minimise the complexity of any multihoming support. So we
the overall problem. should limit the support to the smallest subset of the overall
problem to meet the requirements of the topologies described above.
The current set of assumptions and requirements proposed by the This means that the homenet architecture should not try to make
homenet architecture team is: another attempt at solving complex multihoming, and we should prefer
to support scenarios for which solutions exist today.
MH1) The homenet WG should not try to make another attempt at
solving complex multihoming; we should prefer to support
scenarios for which solutions exist today.
MH2) Single CER Network Model C is in scope, and may be solved by
source routing at the CER.
MH3) The architecture does not support deployment of NPTv6 [RFC6296]
at the CER. Hosts should be multi-addressed with globally
unique prefixes from each ISP they may communicate with or
through.
MH4) Solutions that require host changes should be avoided, but In the general homenet architecture, hosts should be multi-addressed
solutions which incrementally improve with host changes may be with globally unique prefixes from each ISP they may communicate with
acceptable. or through. The alternative for a homenet would be to deploy NPTv6
[RFC6296] at the CER, with ULAs then typically used internally.
NPTv6 has some architectural cost, due to the prefix translation
used, but the internal part of the homenet (which is the scope of
this text) sees only the one prefix in use.
MH5) Walled garden multihoming is in scope. When multi-addressing is in use, hosts need some way to pick source
and destination address pairs for connections. A host may choose a
source address to use by various methods, which would typically
include [I-D.ietf-6man-rfc3484bis]. Applications may of course do
different things, and this should not be precluded.
MH6) Transition method sunsetting is in scope. The topic of For the single CER Network Model C, multihoming may be offered by
multihoming with specific (6rd) transition coexistence is source routing at the CER. With multiple exit routers, the
discussed in [I-D.townsley-troan-ipv6-ce-transitioning]. complexity rises. Given a packet with a source address on the
network, the packet must be routed to the proper egress to avoid
ingress filtering at a wrong ISP. While the packet might not take an
optimal path to the correct exit CER, the minimum requirement is that
the packet is not dropped, and it is highly desirable that the packet
is routed in the most efficient manner to the correct exit.
MH7) "Just" picking the right source address to use to fall foul of There are various potential approaches to this problem, one example
ingress filtering on upstream ISP connections (as per Network being described in [I-D.v6ops-multihoming-without-ipv6nat]. Another
Model B) is not a trivial task. A solution is highly is discussed in [I-D.baker-fun-multi-router], which explores support
desirable, but not required in the baseline homenet for source routing throughout the homenet. This approach would
architecture. however likely require relatively significant routing changes to
route the packet to the correct exit given the source address. Such
changes should preferably be minimised.
MH8) A multihoming model for multiple CERs based on There are some other multihoming considerations for homenet
[I-D.baker-fun-multi-router] requires source routing throughout scenarios. First, it may be the case that multihoming applies due to
the homenet and thus relatively significant routing changes to an ISP migration from a transition method to a native deployment,
"guarantee" routing the packet to the correct exit given the e.g. a 6rd [RFC5969] sunset scenario, as discussed in
source address. Thus this approach is currently out of scope [I-D.townsley-troan-ipv6-ce-transitioning]. Second, one upstream may
for homenet. be a "walled garden", and thus only appropriate to be used for
connectivity to the services of that provider; an example may be a
VPN service that only routes back to the enterprise business network
of a user in the homenet. While we should not specifically target
walled garden multihoming as a principal goal, it should not be
precluded.
Thus the homenet multihoming support is focused on the single CER Host-based methods such as Shim6 [RFC5533] have been defined, but of
model. course require support in the hosts. There are also application-
oriented approaches such as Happy Eyeballs
[I-D.ietf-v6ops-happy-eyeballs]; simplified versions of this are for
example implemented in some commonly-used web browsers. The homenet
architecture should not preclude use of such tools. Solutions that
require host changes should be avoided, but solutions which
incrementally improve with host changes may be acceptable.
3.3.2. Quality of Service 3.3.2. Quality of Service
Support for QoS in a multi-service homenet may be a requirement, e.g. Support for QoS in a multi-service homenet may be a requirement, e.g.
for a critical system (perhaps healthcare related), or for for a critical system (perhaps healthcare related), or for
differentiation between different types of traffic (file sharing, differentiation between different types of traffic (file sharing,
cloud storage, live streaming, VoIP, etc). Different media types may cloud storage, live streaming, VoIP, etc). Different media types may
have different such properties or capabilities. have different such properties or capabilities.
However, homenet scenarios should require no new QoS protocols. A However, homenet scenarios should require no new QoS protocols. A
DiffServ [RFC2475] approach with a small number of predefined traffic DiffServ [RFC2475] approach with a small number of predefined traffic
classes should generally be sufficient, though at present there is classes should generally be sufficient, though at present there is
little experience of QoS deployment in home networks. little experience of QoS deployment in home networks. It is likely
that QoS, or traffic prioritisation, methods will be required at the
CER, and potentially around boundaries between different media types
(where for example some traffic may simply not be appropriate for
some media, and need to be dropped to avoid drowning the constrained
media).
There may also be complementary mechanisms that could be beneficial There may also be complementary mechanisms that could be beneficial
to application performance and behaviour in the homenet domain, such to application performance and behaviour in the homenet domain, such
as ensuring proper buffering algorithms are used as described in as ensuring proper buffering algorithms are used as described in
[Gettys11]. [Gettys11].
3.3.3. Operations and Management 3.3.3. Operations and Management
The homenet should be self-organising and configuring as far as The homenet should be self-organising and configuring as far as
possible, and thus not be pro-actively managed by the home user. possible, and thus not be pro-actively managed by the home user.
Thus protocols to manage the network are not discussed in detail in Thus protocols to manage the network are not discussed in this
the architecture text. architecture text.
However, users may be interested in the status of their networks and However, users may be interested in the status of their networks and
devices on the network, in which case simplified monitoring devices on the network, in which case simplified monitoring
mechanisms may be desirable. It may also be the case that an ISP, or mechanisms may be desirable. It may also be the case that an ISP, or
a third party, might offer management of the homenet on behalf of a a third party, might offer management of the homenet on behalf of a
user, in which case management protocols would be required. The user, in which case management protocols would be required. How such
SNMPv3 family of protocols described in [RFC3411] and friends may be management is done is out of scope of this document; many solutions
appropriate (previous versions are not deemed secure and have been exist.
marked as Historic by the IETF).
3.3.4. Privacy considerations 3.3.4. Privacy considerations
There are no specific privacy concerns discussed in this text. It There are no specific privacy concerns discussed in this text. It
should be noted that many ISPs are expected to offer relatively should be noted that many ISPs are expected to offer relatively
stable IPv6 prefixes to customers, and thus the network prefix stable IPv6 prefixes to customers, and thus the network prefix
associated with the host addresses they use would not generally associated with the host addresses they use would not generally
change over a reasonable period of time. This exposure is similar to change over a reasonable period of time. This exposure is similar to
IPv4 networks that expose the same IPv4 global address via use of IPv4 networks that expose the same IPv4 global address via use of
NAT, where the IPv4 address received from the ISP may change over NAT, where the IPv4 address received from the ISP may change over
time. time.
Hosts inside an IPv6 homenet may get new IPv6 addresses over time
regardless, e.g. through Privacy Addresses [RFC4941].
3.4. Design Principles and Requirements 3.4. Design Principles and Requirements
There is little that the Internet standards community can do about There is little that the Internet standards community can do about
the physical topologies or the need for some networks to be separated the physical topologies or the need for some networks to be separated
at the network layer for policy or link layer compatibility reasons. at the network layer for policy or link layer compatibility reasons.
However, there is a lot of flexibility in using IP addressing and However, there is a lot of flexibility in using IP addressing and
inter-networking mechanisms. In this section we discuss how this inter-networking mechanisms. In this section we discuss how this
flexibility should be used to provide the best user experience and flexibility should be used to provide the best user experience and
ensure that the network can evolve with new applications in the ensure that the network can evolve with new applications in the
future. future.
The following principles should be followed when designing homenet The following principles should be followed when designing homenet
solutions. Where requirements are associated with those principles, solutions. Where requirements are associated with those principles,
they are listed here. There is no implied priority by the order in they are stated. There is no implied priority by the order in which
which the principles themselves are listed. the principles themselves are listed.
3.4.1. Reuse existing protocols 3.4.1. Reuse existing protocols
It is desirable to reuse existing protocols where possible, but at It is desirable to reuse existing protocols where possible, but at
the same time to avoid consciously precluding the introduction of new the same time to avoid consciously precluding the introduction of new
or emerging protocols. A generally conservative approach, giving or emerging protocols. A generally conservative approach, giving
weight to running code, is preferable. Where new protocols are weight to running code, is preferable. Where new protocols are
required, evidence of commitment to implementation by appropriate required, evidence of commitment to implementation by appropriate
vendors or development communities is highly desirable. Protocols vendors or development communities is highly desirable. Protocols
used should be backwardly compatible. used should be backwardly compatible, and forward compatible where
changes are made.
Where possible, changes to hosts should be minimised. Some changes
may be unavoidable however, e.g. signalling protocols to punch holes
in firewalls where "Simple Security" is deployed in a CER. Changes
to routers should also be minimised, e.g.
[I-D.baker-fun-routing-class] suggests introducing a routing protocol
that may route on both source and destination addresses, which would
be a significant change compared to current practices.
Liaisons with other appropriate standards groups and related
organisations is desirable, e.g. the IEEE and Wi-Fi Alliance.
RE1) Reuse existing protocols, giving weight to running code.
RE2) Minimise changes to hosts and routers.
RE3) Maintain backwards compatibility where possible. Where possible, any requirement for changes to hosts and routers
should be minimised.
3.4.2. Dual-stack Operation 3.4.2. Dual-stack Operation
The homenet architecture targets both IPv6-only and dual-stack The homenet architecture targets both IPv6-only and dual-stack
networks. While the CER requirements in RFC 6204 are aimed at IPv6- networks. While the CER requirements in RFC 6204 and RFC 6204-bis
only networks, it is likely that dual-stack homenets will be the norm are aimed at IPv6-only networks, it is likely that dual-stack
for some period of time. IPv6-only networking may first be deployed homenets will be the norm for some period of time. IPv6-only
in home networks in "greenfield" scenarios, or perhaps as one element networking may first be deployed in "greenfield" homenet scenarios,
of an otherwise dual-stack network. The homenet architecture must or perhaps as one element of an otherwise dual-stack network. The
operate in the absence of IPv4, and IPv6 must work in the same homenet architecture must operate in the absence of IPv4. It is
scenarios as IPv4 today. desirable that IPv6 works better than IPv4 in as many scenarios as
possible.
Running IPv6-only may require documentation of additional Running IPv6-only may require documentation of additional
considerations such as: considerations such as:
o Ensuring there is a way to access content in the IPv4 Internet. o Ensuring there is a way to access content in the IPv4 Internet.
This can be arranged through incorporating NAT64 [RFC6144] and This can be arranged through incorporating NAT64 [RFC6144] and
DNS64 [RFC6145] functionality in the home gateway router, for DNS64 [RFC6145] functionality in the home gateway router, for
instance. instance. Such features are outside the scope of this document
however, being CER functions.
o DNS discovery mechanisms are enabled for IPv6. Both stateless o DNS discovery mechanisms are enabled for IPv6. Both stateless
DHCPv6 [RFC3736] [RFC3646] and Router Advertisement options DHCPv6 [RFC3736] [RFC3646] and Router Advertisement options
[RFC6106] may have to be supported and turned on by default to [RFC6106] may have to be supported and turned on by default to
ensure maximum compatibility with all types of hosts in the ensure maximum compatibility with all types of hosts in the
network. This requires, however, that a working DNS server is network. This requires, however, that a working DNS server is
known and addressable via IPv6. known and addressable via IPv6, and that such discovery options
can operate through multiple routers in the homenet.
o All nodes in the home network support operations in IPv6-only o All nodes in the home network support operations in IPv6-only
mode. Some current devices work well with dual-stack but fail to mode. Some current devices work well with dual-stack but fail to
recognise connectivity when IPv4 DHCP fails, for instance. recognise connectivity when IPv4 DHCP fails, for instance.
In dual-stack networks, solutions for IPv6 should not adversely In dual-stack networks, solutions for IPv6 should not adversely
affect IPv4 operation. It is likely that topologies of IPv4 and IPv6 affect IPv4 operation. It is desirable that topologies of IPv4 and
networks would be as congruent as possible. IPv6 networks would be as congruent as possible.
Note that specific transition tools, particularly those running on
the border CER to support transition tools being used inside the
homenet, are out of scope. Use of tools, such as 6rd, on the border
CER to support ISP access network transition are to be expected, but
not within scope of homenet, which focuses on the internal
networking.
DS1) The homenet must support IPv6-only or dual-stack operation; it
must thus operate in the absence of IPv4 and IPv6 must work in
the same scenarios as IPv4 today.
DS2) IPv6 solutions should not adversely affect IPv4 operation.
3.4.3. Largest Possible Subnets 3.4.3. Largest Possible Subnets
Today's IPv4 home networks generally have a single subnet, and early Today's IPv4 home networks generally have a single subnet, and early
dual-stack deployments have a single congruent IPv6 subnet, possibly dual-stack deployments have a single congruent IPv6 subnet, possibly
with some bridging functionality. with some bridging functionality. More recently, some vendors have
started to introduce "home" and "guest" functions, which in IPv6
would be implemented as two subnets.
Future home networks are highly likely to have one or more internal Future home networks are highly likely to have one or more internal
routers and thus need multiple subnets, for the reasons described routers and thus need multiple subnets, for the reasons described
earlier. As part of the self-organisation of the network, the earlier. As part of the self-organisation of the network, the
network should subdivide itself to the largest possible subnets that homenet should subdivide itself to the largest possible subnets that
can be constructed within the constraints of link layer mechanisms, can be constructed within the constraints of link layer mechanisms,
bridging, physical connectivity, and policy. For instance, separate bridging, physical connectivity, and policy.
subnetworks are necessary where two different link layers cannot be
bridged, or when a policy requires the separation of private and
visitor parts of the network.
While it may be desirable to maximise the chance of link-local While it may be desirable to maximise the chance of link-local
protocols operating across a homenet by maximising the size of a protocols operating across a homenet by maximising the size of a
subnet across the homenet, multiple subnet home networks are subnet, multi-subnet home networks are inevitable, so their support
inevitable, so their support must be included. A general must be included. A general recommendation is to follow the same
recommendation is to follow the same topology for IPv6 as is used for topology for IPv6 as is used for IPv4, but not to use NAT. Thus
IPv4, but not to use NAT. Thus there should be routed IPv6 where an there should be routed IPv6 where an IPv4 NAT is used, and where
IPv4 NAT is used, and where there is no NAT there should be bridging there is no NAT there should be bridging if the link layer allows
if the link layer allows this. this.
In some cases IPv4 NAT home networks may feature cascaded NATs, e.g.
where NAT routers are included within VMs or Internet connection
services are used. IPv6 routed versions of such tools will be
required.
SN1) The network should subdivide itself to the largest possible
subnets that can be formed.
SN2) The IPv6 topology should follow the IPv4 topology, but not use In some cases IPv4 NAT home networks may feature cascaded NATs, which
NAT, thus there should be routed IPv6 where IPv4 NAT is used. may include cases where NAT routers are included within VMs or
Internet connection sharing services are used. IPv6 routed versions
of such cases will be required. We should thus note that routers in
the homenet may not be separate physical devices; they may be
embedded within devices.
3.4.4. Security vs Transparent, End-to-End Communications 3.4.4. Security vs Transparent, End-to-End Communications
An IPv6-based home network architecture should naturally offer a An IPv6-based home network architecture should embrace and naturally
transparent end-to-end communications model as described in offer a transparent end-to-end communications model as described in
[RFC2775]. Each device should be addressable by a globally unique [RFC2775]. Each device should be addressable by a globally unique
address, and those addresses must not be altered in transit. address, and those addresses must not be altered in transit.
Security perimeters can of course restrict the end-to-end Security perimeters can (via policy) restrict end-to-end
communications, and thus while a host may be globally addressable it communications, and thus while a host may be globally addressable it
may not be globally reachable. RFC 4864 sets a default deny "Simple may not be globally reachable.
Security" model, in which filtering is to be expected (while host-
based IPv6 NAT is not). However, RFC 6092 states that while the
default should be default deny, CERs should also have an option to be
put into a "transparent" mode of operation which enables a default
allow model (in which case home devices must be independently
secure). Such end-to-end communications are important for their
robustness against failure of intermediate systems, where in contrast
NAT is dependent on state machines which are not self-healing.
In the presence of "Simple Security" the use of signalling protocols
such as UPnP IGD (Version 2) or PCP may be expected to punch holes in
the firewall (and be able to handle cases where there are multiple
CERs/firewall(s). When configuring holes in filters, protocols for
securely associating devices are desirable.
EE1) The homenet should embrace transparent, end-to-end
communications to, from and within the homenet.
EE2) The default security model at the homenet border is "Simple
Security" (default deny).
EE3) Where "Simple Security" is applied, there must be support for In IPv4 NAT networks, the NAT provides an implicit firewall function.
an appropriate signalling protocol to open per-application [RFC4864] describes a "Simple Security" model for IPv6 networks,
holes for communications. whereby stateful perimeter filtering can be applied instead where
global addresses are used. RFC 4864 implies an IPv6 "default deny"
policy for inbound connections be used for similar functionality to
IPv4 NAT. It should be noted that such a "default deny" approach
would effectively replace the need for IPv4 NAT traversal protocols
with a need to use a signalling protocol to request a firewall hole
be opened. Thus to support applications wanting to accept
connections initiated into home networks where a "default deny"
policy is in place support for a signalling protocol such as UPnP or
PCP [I-D.ietf-pcp-base] is required. In networks with multiple CERs,
the signalling would need to handle the cases of flows that may use
one or more exit routers. CERs would need to be able to advertise
their existence for such protocols.
EE4) The homenet should also support a "transparent" mode of [RFC6092] expands on RFC 4864, giving a more detailed discussion of
operation at its borders if configured to do so. IPv6 perimeter security recommendations, without mandating a "default
deny" approach. Indeed, RFC 6092 does not proscribe a particular
mode of operation, instead stating that CERs must provide an easily
selected configuration option that permits a "transparent" mode of
operation, thus ensuring a "default allow" model is available. The
homenet architecture text makes no recommendation on the default
setting, and refers the reader to RFC 6092, which in turn simply
states that a CER should provide functionality sufficient to support
the recommendations in that RFC.
EE5) Users should have simple methods to associate devices to In terms of the devices, homenet hosts should implement their own
services that are expected to operate through borders at which security policies in accordance to their computing capabilities.
"Simple Security" is applied. They should have the means to request transparent communications to
be initiated to them, either for all ports or for specific services.
Users should have simple methods to associate devices to services
that they wish to operate transparently through (CER) borders.
3.4.5. IP Connectivity between All Nodes 3.4.5. Internal IP Connectivity
A logical consequence of the end-to-end communications model is that A logical consequence of the end-to-end communications model is that
the network should by default attempt to provide IP-layer the network should by default attempt to provide IP-layer
connectivity between all internal parts as well as between the connectivity between all internal parts of the homenet as well as to
internal parts and the Internet. This connectivity should be and from the external Internet.
established at the link layer, if possible, and using routing at the
IP layer otherwise.
Local addressing (ULAs) may be used within the scope of a home ULAs should be used within the scope of a homenet to support routing
network to provide a method to route between subnets. It would be between subnets regardless of whether a globally unique ISP-provided
expected that ULAs may be used alongside one or more globally unique prefix is available. However, it would be expected that ULAs would
ISP-provided addresses/prefixes in a homenet. ULAs may be used for also be used alongside one or more such global prefixes in a homenet,
all devices, not just those intended to have internal connectivity such that hosts become multi-addressed with both globally unique and
only. ULAs may then be used for stable internal communications ULA prefixes. Default address selection would then enable ULAs to be
should the ISP-provided prefix (suddenly) change, or external preferred for internal communications between devices that are using
connectivity be temporarily lost. The use of ULAs should be ULA prefixes generated within the same homenet.
restricted to the homenet scope through filtering at the border(s) of
the homenet; thus "end-to-end" for ULAs is limited to the homenet. ULAs may be used for all devices, not just those intended to only
have internal connectivity. ULAs used in this way provide stable
internal communications should the ISP-provided prefix (suddenly)
change, or external connectivity be temporarily lost. The use of
ULAs should be restricted to the homenet scope through filtering at
the border(s) of the homenet, as described in RFC 6092; thus "end-to-
end" for ULAs is limited to the homenet.
In some cases full internal connectivity may not be desirable, e.g. In some cases full internal connectivity may not be desirable, e.g.
in certain utility networking scenarios, or where filtering is in certain utility networking scenarios, or where filtering is
required for policy reasons against guest network subnet(s). Certain required for policy reasons against guest network subnet(s). Some
scenarios may require co-existence of ISP connectivity providing a scenarios/models may involve isolated subnet(s) with their own CERs.
general Internet service with provider connectivity to a private In such cases connectivity would only be expected within each
"walled garden" network. isolated network (though traffic may potentially pass between them
via external providers).
Some home networking scenarios/models may involve isolated subnet(s)
with their own CERs. In such cases connectivity would only be
expected within each isolated network (though traffic may potentially
pass between them via external providers).
LLNs provide an example of where there may be secure perimeters LLNs provide an example of where there may be secure perimeters
inside the homenet. Constrained LLN nodes may implement WPA-style inside the homenet. Constrained LLN nodes may implement WPA2-style
network key security but may depend on access policies enforced by network key security but may depend on access policies enforced by
the LLN border router. the LLN border router.
CN1) The homenet should utilise ULAs to provide stable addressing in
the event of there being no global prefix available or changes
in the global prefix.
CN2) ULAs must be filtered at the homenet site border(s).
CN3) Walled garden connectivity must be supported.
CN4) Isolated networks within the homenet must be supported.
3.4.6. Routing functionality 3.4.6. Routing functionality
Routing functionality is required when there are multiple routers Routing functionality is required when there are multiple routers
deployed within the internal home network. This functionality could deployed within the internal home network. This functionality could
be as simple as the current "default route is up" model of IPv4 NAT, be as simple as the current "default route is up" model of IPv4 NAT,
or it could involve running an appropriate routing protocol. or, more likely, it would involve running an appropriate routing
protocol.
The homenet routing environment may include traditional IP networking
where existing link-state or distance-vector protocols may be used,
but also new LLN or other "constrained" networks where other
protocols may be more appropriate. IPv6 VM solutions may also add
additional routing requirements. Current home deployments use
largely different mechanisms in sensor and basic Internet
connectivity networks.
In this section we list the assumptions and requirements for routing
functionality within the homenet environment.
RT1) The protocol should preferably be an existing deployed
protocol that has been shown to be reliable and robust.
RT2) It is preferable that the protocol is "lightweight".
RT3) The protocol should be able to provide reachability between
all nodes in the homenet.
RT4) In general, LLN or other networks should be able to attach and
participate the same way as the main homenet, or alternatively
map/be gatewayed to the main homenet.
RT5) Multiple interface PHYs must be accounted for in the homenet
routed topology. Technologies such as Ethernet, WiFi, MoCA,
etc must be capable of coexisting in the same environment and
should be treated as part of any routed deployment. The
inclusion of the PHY layer characteristics including
bandwidth, loss, and latency in path computation should be
considered for optimising communication in the homenet.
RT6) Minimising convergence time should be a goal in any routed
environment, but as a guideline a maximum convergence time of
a couple of minutes should be the target.
RT7) It is desirable that the routing protocol has knowledge of the
homenet topology, which implies a link-state protocol may be
preferable. If so, it is also desirable that the
announcements and use of LSAs and RAs are appropriately
coordinated.
RT8) Any routed solution will require a means for determining the
boundaries of the homenet. Borders may include but are not
limited to the interface to the upstream ISP, a gateway device
to a separate home network such as a SmartGrid or similar LLN
network. In some cases there may be no border such as before
an upstream connection has been established. Devices in the
homenet must be able to find the path to the Internet as well
as other devices on the home intranet. The border discovery
functionality may be integrated into the routing protocol
itself, but may also be imported via a separate discovery
mechanism.
RT9) The routing environment should be self-configuring, as The homenet routing protocol should preferably be an existing
discussed in the next subsection. An example of how OSPFv3 deployed protocol that has been shown to be reliable and robust, and
can be self-configuring in a homenet is described in it is preferable that the protocol is "lightweight". It is desirable
[I-D.acee-ospf-ospfv3-autoconfig]. An exception is that the routing protocol has knowledge of the homenet topology,
configuration of a "secret" for authentication methods. which implies a link-state protocol is preferable. If so, it is also
desirable that the announcements and use of LSAs and RAs are
appropriately coordinated. This would mean the routing protocol
gives a consistent view of the network, and that it can pass around
more than just routing information.
RT10) The protocol should not require upstream ISP connectivity to Multiple interface PHYs must be accounted for in the homenet routed
be established to continue routing within the homenet. topology. Technologies such as Ethernet, WiFi, MoCA, etc must be
capable of coexisting in the same environment and should be treated
as part of any routed deployment. The inclusion of the PHY layer
characteristics including bandwidth, loss, and latency in path
computation should be considered for optimising communication in the
homenet. Multiple upstreams should be supported, as described in the
multihoming section earlier. This should include load-balancing to
multiple providers, and failover from a primary to a backup link when
available. The protocol however should not require upstream ISP
connectivity to be established to continue routing within the
homenet.
RT11) Multiple upstreams should be supported, as described in the To support multihoming within a homenet, a routing protocol that can
multihoming section earlier. The primary target for make routing decisions based on source and destination addresses is
multihoming support is the single CER case (where source desirable, to avoid upstream ISP ingress filtering problems. In
routing may assist path selection). general the routing protocol should support multiple ISP uplinks and
delegated prefixes in concurrent use.
RT12) To support multihoming within a homenet, a routing protocol The routing environment should be self-configuring, as discussed in
that can make routing decisions based on source and the next subsection. An example of how OSPFv3 can be self-
destination addresses is desirable, to avoid upstream ISP configuring in a homenet is described in
ingress filtering problems. In general the routing protocol [I-D.acee-ospf-ospfv3-autoconfig]. Minimising convergence time
should support multiple ISP uplinks and delegated prefixes in should be a goal in any routed environment, but as a guideline a
concurrent use. maximum convergence time of around 30 seconds should be the target.
RT13) Load-balancing to multiple providers is not a requirement, but Any routed solution will require a means for determining the
failover from a primary to a backup link when available must boundaries of the homenet. Borders may include but are not limited
be a requirement. to the interface to the upstream ISP, or a gateway device to a
separate home network such as a SmartGrid or similar LLN network. In
some cases there may be no border such as occurs before an upstream
connection has been established. The border discovery functionality
may be integrated into the routing protocol itself, but may also be
imported via a separate discovery mechanism.
RT14) It is assumed that the typical router designed for residential In general, LLN or other networks should be able to attach and
use does not contain the memory or CPU required to process a participate the same way as the main homenet, or alternatively map/be
full Internet routing table this should not be a requirement gatewayed to the main homenet. Current home deployments use largely
for any homenet device. different mechanisms in sensor and basic Internet connectivity
networks. IPv6 VM solutions may also add additional routing
requirements.
A new I-D has been published on homenet routing requirements, see [I-D.howard-homenet-routing-comparison] contains evaluations of
[I-D.howard-homenet-routing-comparison] and evaluations of common common routing protocols made against the type of requirements
routing protocols made against those requirements, see described above.
[I-D.howard-homenet-routing-requirements]. The requirements from the
former document have been worked into this architecture text.
3.4.7. Self-Organising 3.4.7. A Self-organising Network
A home network architecture should be naturally self-organising and A home network architecture should be naturally self-organising and
self-configuring under different circumstances relating to the self-configuring under different circumstances relating to the
connectivity status to the Internet, number of devices, and physical connectivity status to the Internet, number of devices, and physical
topology. While the homenet should be self-organising, it should be topology. While the homenet should be self-organising, it should be
possible to manually adjust (override) the current configuration. possible to manually adjust (override) the current configuration.
The homenet will need to be aware of the extent of its own "site". The homenet will need to be aware of the extent of its own "site", as
The homenet will have one or more borders, with external connectivity discussed in the previous section. The homenet "site" defines the
providers and potentially parts of the internal network (e.g. for borders for ULAs, site scope multicast, service discovery and
policy-based reasons). It should be possible to automatically security policies. The homenet will thus have one or more borders
perform border discovery at least for the ISP borders. Such borders with external connectivity providers and potentially also have
determine for example the scope of ULAs, service discovery borders within the internal network (e.g. for policy-based reasons).
boundaries, site scope multicast boundaries and where firewall It should be possible to automatically perform border discovery for
policies may be applied. the different borders. Such borders determine for example the scope
of where prefixes, routing information, network traffic, service
discovery and naming may be shared. The default internally should be
to share everything.
The most important function in this respect is prefix delegation and The most important function in this respect is prefix delegation and
management. The assumptions and requirements for the prefix management. There are various sources of prefixes, e.g. they may be
delegation function are summarised as follows: globally unique prefixes originating from ISP(s), they may be
globally unique or ULA prefixes allocated by "master" router(s) in
PD1) From the homenet perspective, a single prefix from each ISP the homenet, or they may be ULAs allocated by LLN gateways. There
should be received on the border CER [RFC3633]. The ISP may also be a prefix associated with NAT64, if in use in the homenet.
should only see that aggregate, and not single /64 prefixes
allocated within the homenet.
PD2) Each link in the homenet should receive a prefix from within
the ISP-provided prefix(es).
PD3) Delegation should be autonomous, and not assume a flat or
hierarchical model.
PD4) The assignment mechanism should provide reasonable efficiency,
so that typical home network prefix allocation sizes can
accommodate all the necessary /64 allocations in most cases.
A currently typical /60 allocation gives 16 /64 subnets.
PD5) Duplicate assignment of multiple /64s to the same network
should be avoided.
PD6) The network should behave as gracefully as possible in the
event of prefix exhaustion. The options in such cases may
however be limited.
PD7) Where multiple CERs exist with multiple ISP prefix pools, it
is expected that routers within the homenet would assign
themselves prefixes from each ISP they communicate with/
through.
PD8) Where ULAs are used, most likely but not necessarily in From the homenet perspective, a single prefix from each ISP should be
parallel with global prefixes, one router will need to be received on the border CER [RFC3633]. Then each subnet in the
elected to offer ULA prefixes for the homenet. The router homenet should receive a prefix from within the ISP-provided
should generate a /48 ULA for the site, and then delegate prefix(es). The ISP should only see the aggregate from the homenet,
/64's from that ULA prefix to subnets. and not single /64 prefixes allocated within the homenet.
PD9) Delegation within the homenet should give each link a prefix Delegation should be autonomous, and not assume a flat or
that is persistent across reboots, power outages and similar hierarchical model. This text makes no assumption about whether the
short-term outages. delegation of prefixes is distributed or centralised. The assignment
mechanism should provide reasonable efficiency, so that typical home
network prefix allocation sizes can accommodate all the necessary /64
allocations in most cases, and not waste prefixes. A currently
typical /60 allocation gives 16 /64 subnets. Duplicate assignment of
multiple /64s to the same network should be avoided. The network
should behave as gracefully as possible in the event of prefix
exhaustion, though the options in such cases may be limited.
PD10) Addition of a new routing device should not affect existing Where multiple CERs exist with multiple ISP prefix pools, it is
persistent prefixes, but persistence may not be expected in expected that routers within the homenet would assign themselves
the face of significant "replumbing" of the homenet. prefixes from each ISP they communicate with/through.
PD11) Persistent prefixes should not depend on router boot order. Where ULAs are used, most likely but not necessarily in parallel with
global prefixes, one router should be elected to offer ULA prefixes
for the homenet. The router should generate a /48 ULA for the site,
and then delegate /64's from that ULA prefix to subnets. In the
normal state, a single /48 ULA should be used within the homenet. In
cases where two /48 ULAs are generated within a homenet, the network
should still continue to function.
PD12) Persistent prefixes may imply the need for stable storage on Delegation within the homenet should give each link a prefix that is
routing devices, and also a method for a home user to "reset" persistent across reboots, power outages and similar short-term
the stored prefix should a significant reconfiguration be outages. Addition of a new routing device should not affect existing
required (though ideally the home user should not be involved persistent prefixes, but persistence may not be expected in the face
at all). of significant "replumbing" of the homenet. Persistent prefixes
should not depend on router boot order. Such persistent prefixes may
imply the need for stable storage on routing devices, and also a
method for a home user to "reset" the stored prefix should a
significant reconfiguration be required (though ideally the home user
should not be involved at all).
PD13) The delegation method should support "flash" renumbering. As The delegation method should support renumbering, which would
a minimum, delegated ULA prefixes within the homenet should typically be "flash" renumbering in that the homenet would not have
remain persistent through an ISP-driven renumbering event. advance notice of the event or thus be able to apply the types of
approach described in [RFC4192]. As a minimum, delegated ULA
prefixes within the homenet should remain persistent through an ISP-
driven renumbering event.
Several proposals have been made for prefix delegation within a Several proposals have been made for prefix delegation within a
homenet. One group of proposals is based on DHCPv6 PD, as described homenet. One group of proposals is based on DHCPv6 PD, as described
in [I-D.baker-homenet-prefix-assignment], in [I-D.baker-homenet-prefix-assignment],
[I-D.chakrabarti-homenet-prefix-alloc], [RFC3315] and [RFC3633]. The [I-D.chakrabarti-homenet-prefix-alloc], [RFC3315] and [RFC3633]. The
other uses OSPFv3, as described in other uses OSPFv3, as described in
[I-D.arkko-homenet-prefix-assignment]. More detailed analysis of [I-D.arkko-homenet-prefix-assignment]. More detailed analysis of
these approaches needs to be made against the requirements/ these approaches needs to be made against the requirements/principles
assumptions listed above. described above.
Other parameters of the network will need to be self-organising. The Other parameters of the network will need to be self-organising, but
network elements will need to be integrated in a way that takes allow manual override of configurations where reasonable to do so.
The network elements will need to be integrated in a way that takes
account of the various lifetimes on timers that are used on those account of the various lifetimes on timers that are used on those
different elements, e.g. DHCPv6 PD, router, valid prefix and different elements, e.g. DHCPv6 PD, router, valid prefix and
preferred prefix timers. preferred prefix timers.
The network cannot be expected to be completely self-organising, e.g. The network cannot be expected to be completely self-organising, e.g.
some security parameters are likely to need manual configuration, some security parameters are likely to need manual configuration,
e.g. WPA2 configuration for wireless access control. Some existing e.g. WPA2 configuration for wireless access control. Some existing
mechanisms exist to assist home users to associate devices as simply mechanisms exist to assist home users to associate devices as simply
as possible, e.g. "connect" button support. as possible, e.g. "connect" button support.
ZC1) The homenet must as far as possible be self-organising and It is important that self-configuration with "unintended" devices is
self-configuring. avoided. Methods are needed for devices to know whether they are
intended to be part of the same homenet site or not. Thus methods to
ZC2) Manual override of the configuration should be possible. ensure separation between neighbouring homenets are required. This
may require use of some unique "secret" for devices/protocols in each
ZC3) The homenet must be able to determine where its own borders homenet.
lie.
ZC4) The homenet "site" defines the borders for ULAs, site scope
multicast, service discovery and security policies.
ZC5) It is important that self-configuration with "unintended"
devices is avoided. Methods are needed for devices to know
whether they are intended to be part of the same homenet site
or not.
3.4.8. Fewest Topology Assumptions 3.4.8. Fewest Topology Assumptions
There should ideally be no built-in assumptions about the topology in There should ideally be no built-in assumptions about the topology in
home networks, as users are capable of connecting their devices in home networks, as users are capable of connecting their devices in
ingenious ways. Thus arbitrary topologies will need to be supported. "ingenious" ways. Thus arbitrary topologies and arbitrary routing
will need to be supported. or at least the failure mode for when the
user makes a mistake should be as robust as possible, e.g. de-
activating a certain part of the infrastructure to allow the rest to
operate. In such cases, the user should ideally have some useful
indication of the failure mode encountered.
It is important not to introduce new IPv6 scenarios that would break It is important not to introduce new IPv6 scenarios that would break
with IPv4+NAT, given that dual-stack homenets will be commonplace for with IPv4+NAT, given that dual-stack homenets will be commonplace for
some time. There may be IPv6-only topologies that work where IPv4 is some time. There may be IPv6-only topologies that work where IPv4 is
not used or required. not used or required.
ZC1) Arbitrary topologies should be supported.
3.4.9. Naming and Service Discovery 3.4.9. Naming and Service Discovery
The most natural way to think about naming and service discovery Naming and service discovery must be supported in the homenet. The
within a homenet is to enable it to work across the entire residence most natural way to think about such naming and service discovery is
(site), disregarding technical borders such as subnets but respecting to enable it to work across the entire residence (site), disregarding
policy borders such as those between visitor and internal networks. technical borders such as subnets but potentially respecting policy
borders such as those between visitor and internal networks.
Discovery of a DNS service for access to external Internet resources
is also a fundamental requirement in a multi-subnet homenet; the
problem is not just name and service discovery within the homent
itself.
Homenet naming systems will be required that work internally or Users will need simple ways to name devices, or be provided with
externally, be the user within the homenet or outside it, though the appropriate ways for devices to generate unique names within the
domains used may be different from those different perspectives. It homenet. The naming system will be required to work internally or
is possible that not all internal devices should be reflected by name externally, be the user within the homenet or outside it, and there
in an external-facing domain. may be multiple naming domains, e.g. Internet, home or guest
domains. It is highly likely that a home user will want access to
many of the devices and services in their home while "roaming"
elsewhere. It may be the case that not all devices in the homenet
are made available by name via any Internet-facing domain, and that a
"split-view" naming system is preferred for certain devices. Also,
name resolution for reachable devices must continue to function if
the local network is disconnected from the global Internet.
A desirable target may be a fully functional self-configuring secure A desirable target may be a fully functional, self-configuring secure
local DNS service so that all devices can be referred to by name, and local DNS service so that all devices can be referred to by name, and
these FQDNs are resolved locally. This would make clean use of ULAs these FQDNs are resolved locally. This could make clean use of ULAs
and multiple ISP-provided prefixes much easier. Such a local DNS and multiple ISP-provided prefixes much easier. Such a local DNS
service should be (by default) authoritative for the local name space service should be (by default) authoritative for the local name space
in both IPv4 and IPv6. A dual-stack residential gateway should in both IPv4 and IPv6. A dual-stack residential gateway should
include a dual-stack DNS server. include a dual-stack DNS server.
Consideration will also need to be given for existing protocols that There are naming protocols that are designed to be configured and
may be used within a network, e.g. mDNS, and how these interact with operate Internet-wide, like unicast-based DNS, but also protocols
unicast-based DNS services. that are designed for zero-configuration environments, like mDNS.
Consideration should be made for how these interact with each other
in a homenet scenario.
With the introduction of new "dotless" top level domains, there is With the introduction of new "dotless" top level domains, there is
potential for ambiguity between for example a local host called apple potential for ambiguity between for example a local host called
and (if it is registered) an apple gTLD, so some local name space is "computer" and (if it is registered) a .computer gTLD. This suggests
probably required, which should also be configurable to something some implicit local name space is probably required. Such a name
else by a home user, e.g. ".home", if desired. There is also space should also be configurable to something else by the user.
potential ambiguity if, for example, a mobile device should move
between two local name spaces called ".home".
For service discovery, support may be required for IPv6 multicast
across the scope of the home network. This would be the case if an
approach to create Extended mDNS (xmDNS) is followed as described in
[I-D.lynn-homenet-site-mdns].
SD1) The homenet must support naming and service discovery
functions.
SD2) All naming and service discovery functions should be able to
function across the entire homenet site if required.
SD3) Disconnected operation ("fate sharing"): name resolution for
reachable devices continues if the local network is
disconnected from the global Internet.
SD4) Message utilisation should be efficient considering the network The use of standard local domain name across adjacent homenets
technologies the service may need to operate over. potentially introduces some ambiguity if, for example, a mobile
device should move between two such networks.
SD5) Devices represented in the homenet name space may also be Current service discovery protocols are generally aimed at single
represented in the global DNS namespace. subnets. If service discovery is to operate across the an entire
homenet, by adopting an approach like that proposed as Extended mDNS
(xmDNS) [I-D.lynn-homenet-site-mdns], then support may be required
for IPv6 multicast across the scope of the whole homenet.
SD6) Site scope IPv6 multicast should be supported across the In some parts of the homenet, e.g. LLNs, devices may be sleeping, in
homenet. which case a proxy for such nodes may be required, that can respond
to multicast service discovery requests. Those same parts of the
network may have less capacity for multicast traffic that may be
flooded from other parts of the network. In general, message
utilisation should be efficient considering the network technologies
the service may need to operate over.
3.4.10. Proxy or Extend? 3.4.10. Proxy or Extend?
Related to the above, the architecture proposes that any existing There are two broad choices for allowing services that would
protocols (e.g. service discovery) that are designed to only work otherwise be link-local to work across a homenet site. In the
within a subnet should be modified/extended to work across subnets, example of service discovery, one is to take protocols like mDNS and
rather than defining proxy capabilities for each of those functions. have them run over site multicast within the homenet. This is fine
if all hosts support the extension, and the scope within any internal
borders is well-understood. But it's not backwards-compatible with
existing link-local protocols. The alternative is to proxy service
discovery across each link, to propagate it. This is more complex,
but is backwards-compatible. It would need to work with IPv6, and
dual-stack.
The homenet architecture proposes that any existing protocols that
are designed to only work within a subnet should be extended to work
across subnets, rather than defining proxy capabilities for each of
those functions. However, while it is desirable to extend protocols
to site scope operation rather than providing proxy functions on
subnet boundaries, the reality is that until all hosts can use site-
scope discovery protocols, existing link-local protocols would need
to be proxied anyway.
Some protocols already have proxy functions defined and in use, e.g. Some protocols already have proxy functions defined and in use, e.g.
DHCPv6 relays, in which case those protocols would be expected to DHCPv6 relays, in which case those protocols would be expected to
continue to operate that way. continue to operate that way.
Feedback is desirable on which other functions/protocols assume
subnet-only operation, in the context of existing home networks.
Some experience from enterprises may be relevant here.
SD1) Prefer to extend protocols to site scope operation rather than
providing proxy functions on subnet boundaries.
3.4.11. Adapt to ISP constraints 3.4.11. Adapt to ISP constraints
Different homenets may be subject to different behaviour by its Different homenets may be subject to different behaviour by their
ISP(s). The home network may receive an arbitrary length IPv6 prefix ISP(s). A homenet may receive an arbitrary length IPv6 prefix from
from its provider, e.g. /60 or /56. The offered prefix may be stable its provider, e.g. /60, /56 or /48. The offered prefix, may be
over time or change from time to time. Some ISPs may offer stable or change from time to time. Some ISPs may offer relatively
relatively stable prefixes, while others may change the prefix stable prefixes, while others may change the prefix whenever the CER
whenever the CER is reset. Some discussion of IPv6 prefix allocation is reset. Some discussion of IPv6 prefix allocation policies is
policies is included in [RFC6177], which discusses why, for example, included in [RFC6177], which discusses why, for example, a one-size-
a one-size-fits-all /48 allocation is not appropriate. The home fits-all /48 allocation is not desirable. The home network needs to
network needs to be adaptable to such ISP policies. be adaptable to such ISP policies, and thus make no assumptions about
the stability of the prefix received from an ISP, or the length of
the prefix that may be offered. However, if only a /64 is offered by
the ISP, the homenet may be severely constrained, or even unable to
function.
The internal operation of the home network should also not depend on The internal operation of the home network should also not depend on
the availability of the ISP network at any given time, other than for the availability of the ISP network at any given time, other than for
connectivity to services or systems off the home network. This connectivity to services or systems off the home network. This
implies the use of ULAs as supported in RFC6204. If used, ULA implies the use of ULAs as supported in RFC 6204. If used, ULA
addresses should be stable so that they can always be used addresses should be stable so that they can always be used
internally, independent of the link to the ISP. internally, independent of the link to the ISP.
It is expected that ISPs will deliver a relatively stable home prefix In practice, it is expected that ISPs will deliver a relatively
to customers. The norm for residential customers of large ISPs may stable home prefix to customers. The norm for residential customers
be similar to their single IPv4 address provision; by default it is of large ISPs may be similar to their single IPv4 address provision;
likely to remain persistent for some time, but changes in the ISP's by default it is likely to remain persistent for some time, but
own provisioning systems may lead to the customer's IP (and in the changes in the ISP's own provisioning systems may lead to the
IPv6 case their prefix pool) changing. It is not expected that ISPs customer's IP (and in the IPv6 case their prefix pool) changing. It
will support Provider Independent (PI) addressing in general is not expected that ISPs will support Provider Independent (PI)
residential homenets. addressing in general residential homenets.
When an ISP needs to restructure and in doing so renumber its When an ISP needs to restructure and in doing so renumber its
customer homenets, "flash" renumbering is likely to be imposed. This customer homenets, "flash" renumbering is likely to be imposed. This
implies a need for the homenet to be able to handle a sudden implies a need for the homenet to be able to handle a sudden
renumbering event which, unlike the process described in [RFC4192], renumbering event which, unlike the process described in [RFC4192],
would be a "flag day" event, which means that a graceful renumbering would be a "flag day" event, which means that a graceful renumbering
process moving through a state with two active prefixes in use would process moving through a state with two active prefixes in use would
not be possible. While renumbering is an extended version of an not be possible. While renumbering is an extended version of an
initial numbering process, the difference between flash renumbering initial numbering process, the difference between flash renumbering
and an initial "cold start" is the need to provide service and an initial "cold start" is the need to provide service
continuity. The customer may of course also choose to move to a new continuity.
ISP, and thus begin using a new prefix, though in such cases the
customer may expect a discontinuity. Regardless, it's desirable that
homenet protocols support rapid renumbering and operational processes
don't add unnecessary complexity for the renumbering process.
The 6renum WG is studying IPv6 renumbering for enterprise networks.
It is not currently targetting homenets, but may produce outputs that
are relevant.
AD1) The homenet should make no assumptions about the stability of There may be cases where local law means some ISPs are required to
the prefix received from an ISP, or the length of the prefix change IPv6 prefixes (current IPv4 addresses) for privacy reasons for
that may be offered. their customers. In such cases it may be possible to avoid an
instant "flash" renumbering and plan a non-flag day renumbering as
per RFC 4192.
AD2) The operation of the homenet must not depend on the The customer may of course also choose to move to a new ISP, and thus
availability of the ISP connection. begin using a new prefix. In such cases the customer should expect a
discontinuity. In such cases, not only may the prefix change, but
potentially the prefix length, if the new ISP offers a different
default size prefix, e.g. a /60 rather than a /56. Regardless, it's
desirable that homenet protocols support rapid renumbering and that
operational processes don't add unnecessary complexity for the
renumbering process.
AD3) The homenet should support "flash" renumbering. Applications The 6renum WG is studying IPv6 renumbering for enterprise networks.
and services operating within or to/from the homenet should be It is not currently targetting homenets, but may produce outputs that
as resilient as possible to an external change of delegated are relevant. The introduction of any new homenet protocols should
prefix(es). not make any form of renumbering any more complex than it already is.
3.5. Implementing the Architecture on IPv6 3.5. Implementing the Architecture on IPv6
This architecture text encourages re-use of existing protocols. Thus This architecture text encourages re-use of existing protocols. Thus
the necessary mechanisms are largely already part of the IPv6 the necessary mechanisms are largely already part of the IPv6
protocol set and common implementations. There are though some protocol set and common implementations. There are though some
exceptions. For automatic routing, it is expected that existing exceptions. For automatic routing, it is expected that existing
routing protocols can be used as is. However, a new mechanism may be routing protocols can be used as is. However, a new mechanism may be
needed in order to turn a selected protocol on by default. needed in order to turn a selected protocol on by default.
Some functionality, if required by the architecture, would add Some functionality, if required by the architecture, would add
significant changes or require development of new protocols, e.g. significant changes or require development of new protocols, e.g.
support for multihoming with multiple exit routers would require support for multihoming with multiple exit routers would likely
extensions to support source and destination address based routing require extensions to support source and destination address based
within the homenet. routing within the homenet.
Some protocol changes are however required in the architecture, e.g. Some protocol changes are however required in the architecture, e.g.
for name resolution and service discovery, extensions to existing for name resolution and service discovery, extensions to existing
multicast-based name resolution protocols are needed to enable them multicast-based name resolution protocols are needed to enable them
to work across subnets, within the scope of the home network site. to work across subnets, within the scope of the home network site.
Some of the hardest problems in developing solutions for home Some of the hardest problems in developing solutions for home
networking IPv6 architectures include discovering the right borders networking IPv6 architectures include discovering the right borders
where the domain "home" ends and the service provider domain begins, where the domain "home" ends and the service provider domain begins,
deciding whether some of the necessary discovery mechanism extensions deciding whether some of the necessary discovery mechanism extensions
should affect only the network infrastructure or also hosts, and the should affect only the network infrastructure or also hosts, and the
ability to turn on routing, prefix delegation and other functions in ability to turn on routing, prefix delegation and other functions in
a backwards compatible manner. a backwards compatible manner.
4. Conclusions 4. Conclusions
This text defines principles and requirements for a homenet This text defines principles and requirements for a homenet
architecture. (More to be added.) architecture. The principles and requirements documented here should
be observed by any future texts describing homenet protocols for
routing, prefix management, security, naming or service discovery.
5. References 5. References
5.1. Normative References 5.1. Normative References
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, February 1996.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
[RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.,
and W. Weiss, "An Architecture for Differentiated
Services", RFC 2475, December 1998.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022,
January 2001.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003. IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An
Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks", STD 62, RFC 3411,
December 2002.
[RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic
Host Configuration Protocol (DHCP) version 6", RFC 3633, Host Configuration Protocol (DHCP) version 6", RFC 3633,
December 2003. December 2003.
[RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for [RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol
Renumbering an IPv6 Network without a Flag Day", RFC 4192, (DHCP) Service for IPv6", RFC 3736, April 2004.
September 2005.
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", RFC 4193, October 2005. Addresses", RFC 4193, October 2005.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006. Architecture", RFC 4291, February 2006.
[RFC4864] Van de Velde, G., Hain, T., Droms, R., Carpenter, B., and [RFC4864] Van de Velde, G., Hain, T., Droms, R., Carpenter, B., and
E. Klein, "Local Network Protection for IPv6", RFC 4864, E. Klein, "Local Network Protection for IPv6", RFC 4864,
May 2007. May 2007.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy [RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration in Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, September 2007. IPv6", RFC 4941, September 2007.
[RFC5533] Nordmark, E. and M. Bagnulo, "Shim6: Level 3 Multihoming
Shim Protocol for IPv6", RFC 5533, June 2009.
[RFC5969] Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4
Infrastructures (6rd) -- Protocol Specification",
RFC 5969, August 2010.
[RFC6092] Woodyatt, J., "Recommended Simple Security Capabilities in [RFC6092] Woodyatt, J., "Recommended Simple Security Capabilities in
Customer Premises Equipment (CPE) for Providing Customer Premises Equipment (CPE) for Providing
Residential IPv6 Internet Service", RFC 6092, Residential IPv6 Internet Service", RFC 6092,
January 2011. January 2011.
[RFC6204] Singh, H., Beebee, W., Donley, C., Stark, B., and O. [RFC6204] Singh, H., Beebee, W., Donley, C., Stark, B., and O.
Troan, "Basic Requirements for IPv6 Customer Edge Troan, "Basic Requirements for IPv6 Customer Edge
Routers", RFC 6204, April 2011. Routers", RFC 6204, April 2011.
[RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix [I-D.ietf-v6ops-6204bis]
Translation", RFC 6296, June 2011. Singh, H., Beebee, W., Donley, C., and B. Stark, "Basic
Requirements for IPv6 Customer Edge Routers",
draft-ietf-v6ops-6204bis-09 (work in progress), May 2012.
5.2. Informative References 5.2. Informative References
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, February 1996.
[RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.,
and W. Weiss, "An Architecture for Differentiated
Services", RFC 2475, December 1998.
[RFC2775] Carpenter, B., "Internet Transparency", RFC 2775, [RFC2775] Carpenter, B., "Internet Transparency", RFC 2775,
February 2000. February 2000.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022,
January 2001.
[RFC3646] Droms, R., "DNS Configuration options for Dynamic Host [RFC3646] Droms, R., "DNS Configuration options for Dynamic Host
Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, Configuration Protocol for IPv6 (DHCPv6)", RFC 3646,
December 2003. December 2003.
[RFC3736] Droms, R., "Stateless Dynamic Host Configuration Protocol [RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for
(DHCP) Service for IPv6", RFC 3736, April 2004. Renumbering an IPv6 Network without a Flag Day", RFC 4192,
September 2005.
[RFC5533] Nordmark, E. and M. Bagnulo, "Shim6: Level 3 Multihoming
Shim Protocol for IPv6", RFC 5533, June 2009.
[RFC5969] Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4
Infrastructures (6rd) -- Protocol Specification",
RFC 5969, August 2010.
[RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, [RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli,
"IPv6 Router Advertisement Options for DNS Configuration", "IPv6 Router Advertisement Options for DNS Configuration",
RFC 6106, November 2010. RFC 6106, November 2010.
[RFC6144] Baker, F., Li, X., Bao, C., and K. Yin, "Framework for [RFC6144] Baker, F., Li, X., Bao, C., and K. Yin, "Framework for
IPv4/IPv6 Translation", RFC 6144, April 2011. IPv4/IPv6 Translation", RFC 6144, April 2011.
[RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation [RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation
Algorithm", RFC 6145, April 2011. Algorithm", RFC 6145, April 2011.
[RFC6177] Narten, T., Huston, G., and L. Roberts, "IPv6 Address [RFC6177] Narten, T., Huston, G., and L. Roberts, "IPv6 Address
Assignment to End Sites", BCP 157, RFC 6177, March 2011. Assignment to End Sites", BCP 157, RFC 6177, March 2011.
[RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix
Translation", RFC 6296, June 2011.
[RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
Stack Lite Broadband Deployments Following IPv4
Exhaustion", RFC 6333, August 2011.
[I-D.baker-fun-multi-router] [I-D.baker-fun-multi-router]
Baker, F., "Exploring the multi-router SOHO network", Baker, F., "Exploring the multi-router SOHO network",
draft-baker-fun-multi-router-00 (work in progress), draft-baker-fun-multi-router-00 (work in progress),
July 2011. July 2011.
[I-D.lynn-homenet-site-mdns] [I-D.lynn-homenet-site-mdns]
Lynn, K. and D. Sturek, "Extended Multicast DNS", Lynn, K. and D. Sturek, "Extended Multicast DNS",
draft-lynn-homenet-site-mdns-00 (work in progress), draft-lynn-homenet-site-mdns-00 (work in progress),
March 2012. March 2012.
skipping to change at page 32, line 19 skipping to change at page 33, line 5
[I-D.baker-fun-routing-class] [I-D.baker-fun-routing-class]
Baker, F., "Routing a Traffic Class", Baker, F., "Routing a Traffic Class",
draft-baker-fun-routing-class-00 (work in progress), draft-baker-fun-routing-class-00 (work in progress),
July 2011. July 2011.
[I-D.howard-homenet-routing-comparison] [I-D.howard-homenet-routing-comparison]
Howard, L., "Evaluation of Proposed Homenet Routing Howard, L., "Evaluation of Proposed Homenet Routing
Solutions", draft-howard-homenet-routing-comparison-00 Solutions", draft-howard-homenet-routing-comparison-00
(work in progress), December 2011. (work in progress), December 2011.
[I-D.howard-homenet-routing-requirements]
Howard, L., "Homenet Routing Requirements",
draft-howard-homenet-routing-requirements-00 (work in
progress), December 2011.
[I-D.herbst-v6ops-cpeenhancements] [I-D.herbst-v6ops-cpeenhancements]
Herbst, T. and D. Sturek, "CPE Considerations in IPv6 Herbst, T. and D. Sturek, "CPE Considerations in IPv6
Deployments", draft-herbst-v6ops-cpeenhancements-00 (work Deployments", draft-herbst-v6ops-cpeenhancements-00 (work
in progress), October 2010. in progress), October 2010.
[I-D.vyncke-advanced-ipv6-security] [I-D.vyncke-advanced-ipv6-security]
Vyncke, E., Yourtchenko, A., and M. Townsley, "Advanced Vyncke, E., Yourtchenko, A., and M. Townsley, "Advanced
Security for IPv6 CPE", Security for IPv6 CPE",
draft-vyncke-advanced-ipv6-security-03 (work in progress), draft-vyncke-advanced-ipv6-security-03 (work in progress),
October 2011. October 2011.
[I-D.ietf-v6ops-ipv6-cpe-router-bis]
Singh, H., Beebee, W., Donley, C., Stark, B., and O.
Troan, "Advanced Requirements for IPv6 Customer Edge
Routers", draft-ietf-v6ops-ipv6-cpe-router-bis-01 (work in
progress), July 2011.
[I-D.ietf-6man-rfc3484bis] [I-D.ietf-6man-rfc3484bis]
Thaler, D., Draves, R., Matsumoto, A., and T. Chown, Thaler, D., Draves, R., Matsumoto, A., and T. Chown,
"Default Address Selection for Internet Protocol version 6 "Default Address Selection for Internet Protocol version 6
(IPv6)", draft-ietf-6man-rfc3484bis-01 (work in progress), (IPv6)", draft-ietf-6man-rfc3484bis-06 (work in progress),
March 2012. June 2012.
[I-D.v6ops-multihoming-without-ipv6nat] [I-D.v6ops-multihoming-without-ipv6nat]
Troan, O., Miles, D., Matsushima, S., Okimoto, T., and D. Troan, O., Miles, D., Matsushima, S., Okimoto, T., and D.
Wing, "IPv6 Multihoming without Network Address Wing, "IPv6 Multihoming without Network Address
Translation", draft-v6ops-multihoming-without-ipv6nat-00 Translation", draft-v6ops-multihoming-without-ipv6nat-00
(work in progress), March 2011. (work in progress), March 2011.
[I-D.baker-homenet-prefix-assignment] [I-D.baker-homenet-prefix-assignment]
Baker, F. and R. Droms, "IPv6 Prefix Assignment in Small Baker, F. and R. Droms, "IPv6 Prefix Assignment in Small
Networks", draft-baker-homenet-prefix-assignment-01 (work Networks", draft-baker-homenet-prefix-assignment-01 (work
in progress), March 2012. in progress), March 2012.
[I-D.arkko-homenet-prefix-assignment] [I-D.arkko-homenet-prefix-assignment]
Arkko, J. and A. Lindem, "Prefix Assignment in a Home Arkko, J. and A. Lindem, "Prefix Assignment in a Home
Network", draft-arkko-homenet-prefix-assignment-01 (work Network", draft-arkko-homenet-prefix-assignment-01 (work
in progress), October 2011. in progress), October 2011.
[I-D.acee-ospf-ospfv3-autoconfig] [I-D.acee-ospf-ospfv3-autoconfig]
Lindem, A. and J. Arkko, "OSPFv3 Auto-Configuration", Lindem, A. and J. Arkko, "OSPFv3 Auto-Configuration",
draft-acee-ospf-ospfv3-autoconfig-01 (work in progress), draft-acee-ospf-ospfv3-autoconfig-02 (work in progress),
March 2012. May 2012.
[I-D.ietf-pcp-base] [I-D.ietf-pcp-base]
Cheshire, S., Boucadair, M., Selkirk, P., Wing, D., and R. Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P.
Penno, "Port Control Protocol (PCP)", Selkirk, "Port Control Protocol (PCP)",
draft-ietf-pcp-base-23 (work in progress), February 2012. draft-ietf-pcp-base-26 (work in progress), June 2012.
[I-D.hain-ipv6-ulac]
Hain, T., Hinden, R., and G. Huston, "Centrally Assigned
IPv6 Unicast Unique Local Address Prefixes",
draft-hain-ipv6-ulac-02 (work in progress), July 2010.
[I-D.ietf-v6ops-happy-eyeballs] [I-D.ietf-v6ops-happy-eyeballs]
Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with
Dual-Stack Hosts", draft-ietf-v6ops-happy-eyeballs-07 Dual-Stack Hosts", draft-ietf-v6ops-happy-eyeballs-07
(work in progress), December 2011. (work in progress), December 2011.
[I-D.chakrabarti-homenet-prefix-alloc] [I-D.chakrabarti-homenet-prefix-alloc]
Nordmark, E., Chakrabarti, S., Krishnan, S., and W. Nordmark, E., Chakrabarti, S., Krishnan, S., and W.
Haddad, "Simple Approach to Prefix Distribution in Basic Haddad, "Simple Approach to Prefix Distribution in Basic
Home Networks", draft-chakrabarti-homenet-prefix-alloc-01 Home Networks", draft-chakrabarti-homenet-prefix-alloc-01
skipping to change at page 34, line 7 skipping to change at page 34, line 33
Gettys, J., "Bufferbloat: Dark Buffers in the Internet", Gettys, J., "Bufferbloat: Dark Buffers in the Internet",
March 2011, March 2011,
<http://www.ietf.org/proceedings/80/slides/tsvarea-1.pdf>. <http://www.ietf.org/proceedings/80/slides/tsvarea-1.pdf>.
[IGD-2] UPnP Gateway Committee, "Internet Gateway Device (IGD) V [IGD-2] UPnP Gateway Committee, "Internet Gateway Device (IGD) V
2.0", September 2010, <http://upnp.org/specs/gw/ 2.0", September 2010, <http://upnp.org/specs/gw/
UPnP-gw-WANIPConnection-v2-Service.pdf>. UPnP-gw-WANIPConnection-v2-Service.pdf>.
Appendix A. Acknowledgments Appendix A. Acknowledgments
The authors would like to thank Brian Carpenter, Mark Andrews, Fred The authors would like to thank Aamer Akhter, Mark Andrews, Dmitry
Baker, Ray Bellis, Cameron Byrne, Brian Carpenter, Stuart Cheshire, Anipko, Fred Baker, Ray Bellis, Cameron Byrne, Brian Carpenter,
Lorenzo Colitti, Ralph Droms, Lars Eggert, Jim Gettys, Wassim Haddad, Stuart Cheshire, Lorenzo Colitti, Robert Cragie, Ralph Droms, Lars
Joel M. Halpern, David Harrington, Lee Howard, Ray Hunter, Joel Eggert, Jim Gettys, Wassim Haddad, Joel M. Halpern, David Harrington,
Jaeggli, Heather Kirksey, Ted Lemon, Kerry Lynn, Erik Nordmark, Lee Howard, Ray Hunter, Joel Jaeggli, Heather Kirksey, Ted Lemon,
Michael Richardson, Barbara Stark, Sander Steffann, Dave Thaler, JP Kerry Lynn, Erik Nordmark, Michael Richardson, Barbara Stark, Sander
Vasseur, Curtis Villamizar, Dan Wing, Russ White, and James Woodyatt Steffann, Dave Thaler, JP Vasseur, Curtis Villamizar, Dan Wing, Russ
for their contributions within homenet WG meetings and the mailing White, and James Woodyatt for their contributions within homenet WG
list, and Mark Townsley for being an initial editor/author of this meetings and the mailing list, and Mark Townsley for being an initial
text before taking his position as homenet WG co-chair. editor/author of this text before taking his position as homenet WG
co-chair.
Appendix B. Changes Appendix B. Changes
This section will be removed in the final version of the text. This section will be removed in the final version of the text.
B.1. Version 02 B.1. Version 03
Changes made include:
o Various improvements to the readability.
o Removed bullet lists of requirements, as requested by chair.
o Noted 6204bis has replaced advanced-cpe draft.
o Clarified the topology examples are just that.
o Emphasised we are not targetting walled gardens, but they should
not be precluded.
o Also changed text about requiring support for walled gardens.
o Noted that avoiding falling foul of ingress filtering when
multihomed is desirable.
o Improved text about realms, detecting borders and policies at
borders.
o Stated this text makes no recommendation about default security
model.
o Added some text about failure modes for users plugging things
arbitrarily.
o Expanded naming and service discovery text.
o Added more text about ULAs.
o Removed reference to version 1 on chair feedback.
o Stated that NPTv6 adds architectural cost but is not a homenet
matter if deployed at the CER. This text only considers the
internal homenet.
o Noted multihoming is supported.
o Noted routers may not by separate devices, they may be embedded in
devices.
o Clarified simple and advanced security some more, and RFC 4864 and
6092.
o Stated that there should be just one secret key, if any are used
at all.
o For multihoming, support multiple CERs but note that routing to
the correct CER to avoid ISP filtering may not be optimal within
the homenet.
o Added some ISPs renumber due to privacy laws.
o Removed extra repeated references to Simple Security.
o Removed some solution creep on RIOs/RAs.
o Load-balancing scenario added as to be supported.
B.2. Version 02
Changes made include: Changes made include:
o Made the IPv6 implications section briefer. o Made the IPv6 implications section briefer.
o Changed Network Models section to describe properties of the o Changed Network Models section to describe properties of the
homent with illustrative examples, rather than implying the number homenet with illustrative examples, rather than implying the
of models was fixed to the six shown in 01. number of models was fixed to the six shown in 01.
o Text to state multihoming support focused on single CER model. o Text to state multihoming support focused on single CER model.
Multiple CER support is desirable, but not required. Multiple CER support is desirable, but not required.
o Stated that NPTv6 not supported. o Stated that NPTv6 not supported.
o Added considerations section for operations and management. o Added considerations section for operations and management.
o Added bullet point principles/requirements to Section 3.4. o Added bullet point principles/requirements to Section 3.4.
 End of changes. 144 change blocks. 
738 lines changed or deleted 804 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/