draft-ietf-homenet-arch-03.txt   draft-ietf-homenet-arch-04.txt 
Network Working Group T. Chown, Ed. Network Working Group T. Chown, Ed.
Internet-Draft University of Southampton Internet-Draft University of Southampton
Intended status: Informational J. Arkko Intended status: Informational J. Arkko
Expires: December 31, 2012 Ericsson Expires: January 17, 2013 Ericsson
A. Brandt A. Brandt
Sigma Designs Sigma Designs
O. Troan O. Troan
Cisco Systems, Inc. Cisco Systems, Inc.
J. Weil J. Weil
Time Warner Cable Time Warner Cable
June 29, 2012 July 16, 2012
Home Networking Architecture for IPv6 Home Networking Architecture for IPv6
draft-ietf-homenet-arch-03 draft-ietf-homenet-arch-04
Abstract Abstract
This text describes evolving networking technology within This text describes evolving networking technology within
increasingly large residential home networks. The goal of this increasingly large residential home networks. The goal of this
document is to define the architecture for IPv6-based home networking document is to define an architecture for IPv6-based home networking,
through the associated principles, considerations and requirements. while describing the associated principles, considerations and
The text briefly highlights the implications of the introduction of requirements. The text briefly highlights the specific implications
IPv6 for home networking, discusses topology scenarios, and suggests of the introduction of IPv6 for home networking, discusses the
how standard IPv6 mechanisms and addressing can be employed in home elements of the architecture, and suggests how standard IPv6
networking. The architecture describes the need for specific mechanisms and addressing can be employed in home networking. The
protocol extensions for certain additional functionality. It is architecture describes the need for specific protocol extensions for
assumed that the IPv6 home network is not actively managed, and runs certain additional functionality. It is assumed that the IPv6 home
as an IPv6-only or dual-stack network. There are no recommendations network is not actively managed, and runs as an IPv6-only or dual-
in this text for the IPv4 part of the network. stack network. There are no recommendations in this text for the
IPv4 part of the network.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 31, 2012. This Internet-Draft will expire on January 17, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Terminology and Abbreviations . . . . . . . . . . . . . . 5 1.1. Terminology and Abbreviations . . . . . . . . . . . . . . 5
2. Effects of IPv6 on Home Networking . . . . . . . . . . . . . . 5 2. Effects of IPv6 on Home Networking . . . . . . . . . . . . . . 6
2.1. Multiple subnets and routers . . . . . . . . . . . . . . . 6 2.1. Multiple subnets and routers . . . . . . . . . . . . . . . 6
2.2. Global addressability and elimination of NAT . . . . . . . 6 2.2. Global addressability and elimination of NAT . . . . . . . 7
2.3. Multi-Addressing of devices . . . . . . . . . . . . . . . 7 2.3. Multi-Addressing of devices . . . . . . . . . . . . . . . 7
2.4. Unique Local Addresses (ULAs) . . . . . . . . . . . . . . 8 2.4. Unique Local Addresses (ULAs) . . . . . . . . . . . . . . 8
2.5. Security and borders . . . . . . . . . . . . . . . . . . . 9 2.5. Naming, and manual configuration of IP addresses . . . . . 9
2.6. Naming, and manual configuration of IP addresses . . . . . 10 2.6. IPv6-only operation . . . . . . . . . . . . . . . . . . . 9
3. Architecture . . . . . . . . . . . . . . . . . . . . . . . . . 10 3. Homenet Architecture . . . . . . . . . . . . . . . . . . . . . 10
3.1. Network Models . . . . . . . . . . . . . . . . . . . . . . 11 3.1. General Principles . . . . . . . . . . . . . . . . . . . . 10
3.1.1. A: Single ISP, Single CER, Internal routers . . . . . 12 3.1.1. Reuse existing protocols . . . . . . . . . . . . . . . 11
3.1.2. B: Two ISPs, Two CERs, Shared subnet . . . . . . . . . 14 3.1.2. Minimise changes to hosts and routers . . . . . . . . 11
3.1.3. C: Two ISPs, One CER, Shared subnet . . . . . . . . . 15 3.2. Homenet Topology . . . . . . . . . . . . . . . . . . . . . 11
3.2. Determining the Requirements . . . . . . . . . . . . . . . 15 3.2.1. Supporting arbitrary topologies . . . . . . . . . . . 11
3.3. Considerations . . . . . . . . . . . . . . . . . . . . . . 16 3.2.2. Network topology models . . . . . . . . . . . . . . . 11
3.3.1. Multihoming . . . . . . . . . . . . . . . . . . . . . 16 3.2.3. Dual-stack topologies . . . . . . . . . . . . . . . . 16
3.3.2. Quality of Service . . . . . . . . . . . . . . . . . . 17 3.2.4. Multihoming . . . . . . . . . . . . . . . . . . . . . 17
3.3.3. Operations and Management . . . . . . . . . . . . . . 18 3.3. A Self-Organising Network . . . . . . . . . . . . . . . . 18
3.3.4. Privacy considerations . . . . . . . . . . . . . . . . 18 3.3.1. Homenet realms and borders . . . . . . . . . . . . . . 19
3.4. Design Principles and Requirements . . . . . . . . . . . . 18 3.3.2. Largest possible subnets . . . . . . . . . . . . . . . 19
3.4.1. Reuse existing protocols . . . . . . . . . . . . . . . 19 3.3.3. Handling multiple homenets . . . . . . . . . . . . . . 20
3.4.2. Dual-stack Operation . . . . . . . . . . . . . . . . . 19 3.3.4. Coordination of configuration information . . . . . . 20
3.4.3. Largest Possible Subnets . . . . . . . . . . . . . . . 20 3.4. Homenet Addressing . . . . . . . . . . . . . . . . . . . . 20
3.4.4. Security vs Transparent, End-to-End Communications . . 20 3.4.1. Use of ISP-delegated IPv6 prefixes . . . . . . . . . . 20
3.4.5. Internal IP Connectivity . . . . . . . . . . . . . . . 21 3.4.2. Stable internal IP addresses . . . . . . . . . . . . . 22
3.4.6. Routing functionality . . . . . . . . . . . . . . . . 22 3.4.3. Internal prefix delegation . . . . . . . . . . . . . . 22
3.4.7. A Self-organising Network . . . . . . . . . . . . . . 24 3.4.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . 24
3.4.8. Fewest Topology Assumptions . . . . . . . . . . . . . 26 3.5. Routing functionality . . . . . . . . . . . . . . . . . . 24
3.4.9. Naming and Service Discovery . . . . . . . . . . . . . 26 3.6. Security . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.4.10. Proxy or Extend? . . . . . . . . . . . . . . . . . . . 27 3.6.1. Addressability vs reachability . . . . . . . . . . . . 26
3.4.11. Adapt to ISP constraints . . . . . . . . . . . . . . . 28 3.6.2. Filtering at borders . . . . . . . . . . . . . . . . . 27
3.5. Implementing the Architecture on IPv6 . . . . . . . . . . 29 3.6.3. Device capabilities . . . . . . . . . . . . . . . . . 27
4. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 30 3.6.4. ULAs as a hint of connection origin . . . . . . . . . 27
5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 30 3.7. Naming and Service Discovery . . . . . . . . . . . . . . . 27
5.1. Normative References . . . . . . . . . . . . . . . . . . . 30 3.8. Other Considerations . . . . . . . . . . . . . . . . . . . 30
5.2. Informative References . . . . . . . . . . . . . . . . . . 31 3.8.1. Proxy or Extend? . . . . . . . . . . . . . . . . . . . 30
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 34 3.8.2. Quality of Service . . . . . . . . . . . . . . . . . . 30
Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . . 34 3.8.3. Operations and Management . . . . . . . . . . . . . . 31
B.1. Version 03 . . . . . . . . . . . . . . . . . . . . . . . . 35 3.9. Implementing the Architecture on IPv6 . . . . . . . . . . 31
B.2. Version 02 . . . . . . . . . . . . . . . . . . . . . . . . 36 4. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 32
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 37 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 32
5.1. Normative References . . . . . . . . . . . . . . . . . . . 32
5.2. Informative References . . . . . . . . . . . . . . . . . . 33
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 36
Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . . 36
B.1. Version 04 . . . . . . . . . . . . . . . . . . . . . . . . 36
B.2. Version 03 . . . . . . . . . . . . . . . . . . . . . . . . 36
B.3. Version 02 . . . . . . . . . . . . . . . . . . . . . . . . 38
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 38
1. Introduction 1. Introduction
This document focuses on evolving networking technology within This document focuses on evolving networking technology within
increasingly large residential home networks and the associated increasingly large residential home networks and the associated
challenges with their deployment and operation. There is a growing challenges with their deployment and operation. There is a growing
trend in home networking for the proliferation of networking trend in home networking for the proliferation of networking
technology in an increasingly broad range of devices and media. This technology in an increasingly broad range of devices and media. This
evolution in scale and diversity sets requirements on IETF protocols. evolution in scale and diversity sets requirements on IETF protocols.
Some of these requirements relate to the introduction of IPv6, others Some of these requirements relate to the introduction of IPv6, others
to the introduction of specialised networks for home automation and to the introduction of specialised networks for home automation and
sensors. There are likely to be scenarios where internal routing is sensors.
required, for example to support private and guest networks, in which
case home networks may use increasing numbers of subnets.
While at the time of writing some complex home network topologies While at the time of writing some complex home network topologies
exist, most operate based on IPv4, employ solutions that we would exist, most operate based on IPv4, employ solutions that we would
like to avoid such as (cascaded) network address translation (NAT), like to avoid such as (cascaded) network address translation (NAT),
or require expert assistance to set up. The assumption of this or require expert assistance to set up. In IPv6 home networks, there
document is that the homenet is as far as possible self-organising are likely to be scenarios where internal routing is required, for
and self-configuring, and is thus not pro-actively managed by the example to support private and guest networks, in which case such
residential user. networks may use increasing numbers of subnets, and require methods
for IPv6 prefixes to be delegated to those subnets. The assumption
of this document is that the homenet is as far as possible self-
organising and self-configuring, and is thus not pro-actively managed
by the residential user.
The architectural constructs in this document are focused on the The architectural constructs in this document are focused on the
problems to be solved when introducing IPv6 with an eye towards a problems to be solved when introducing IPv6 with an eye towards a
better result than what we have today with IPv4, as well as a better better result than what we have today with IPv4, as well as a better
result than if the IETF had not given this specific guidance. The result than if the IETF had not given this specific guidance. The
document aims to provide the basis and guiding principles for how document aims to provide the basis and guiding principles for how
standard IPv6 mechanisms and addressing [RFC2460] [RFC4291] can be standard IPv6 mechanisms and addressing [RFC2460] [RFC4291] can be
employed in home networking, while coexisting with existing IPv4 employed in home networking, while coexisting with existing IPv4
mechanisms. In emerging dual-stack home networks it is vital that mechanisms. In emerging dual-stack home networks it is vital that
introducing IPv6 does not adversely affect IPv4 operation. Future introducing IPv6 does not adversely affect IPv4 operation. We assume
deployments, or specific subnets within an otherwise dual-stack home that the IPv4 network architecture in home networks is what it is,
network, may be IPv6-only, in which case considerations for IPv4 and can not be affected by new recommendations. Future deployments,
impact would not apply. We assume that the IPv4 network architecture or specific subnets within an otherwise dual-stack home network, may
in home networks is what it is, and can not be affected by new be IPv6-only, in which case considerations for IPv4 impact would not
recommendations. apply.
This architecture document proposes a baseline homenet architecture, This architecture document proposes a baseline homenet architecture,
based on protocols and implementations that are as far as possible based on protocols and implementations that are as far as possible
proven and robust. The scope of the document is primarily the proven and robust. The scope of the document is primarily the
network layer technologies that provide the basic functionality to network layer technologies that provide the basic functionality to
enable addressing, connectivity, routing, naming and service enable addressing, connectivity, routing, naming and service
discovery. While it may, for example, state that homenet components discovery. While it may, for example, state that homenet components
must be simple to deploy and use, it does not discuss specific user must be simple to deploy and use, it does not discuss specific user
interfaces, nor does it consider specific physical, wireless or data- interfaces, nor does it discuss specific physical, wireless or data-
link layer considerations. link layer considerations.
[RFC6204] defines basic requirements for customer edge routers [RFC6204] defines basic requirements for customer edge routers
(CERs). The scope of this text is the homenet, and thus the relevant (CERs). The scope of this text is the internal homenet, and thus
part of RFC 6204 is the internal facing interface as well as any specific features on the CER are out of scope for this text. While
other components within the home network. While the network may be the network may be dual-stack or IPv6-only, the definition of
dual-stack or IPv6-only, the definition of specific transition tools specific transition tools on the CER, as introduced in RFC 6204-bis
on the CER, as introduced in RFC 6204-bis [I-D.ietf-v6ops-6204bis] [I-D.ietf-v6ops-6204bis] with DS-Lite [RFC6333] and 6rd [RFC5969],
with DS-Lite [RFC6333] and 6rd [RFC5969], are considered issues for are considered issues for that RFC, and are thus also out of scope of
that RFC, and are thus out of scope of this text. this text.
1.1. Terminology and Abbreviations 1.1. Terminology and Abbreviations
In this section we define terminology and abbreviations used In this section we define terminology and abbreviations used
throughout the text. throughout the text.
o "Advanced Security". Describes advanced security functions for a o "Advanced Security". Describes advanced security functions for a
CER, as defined in [I-D.vyncke-advanced-ipv6-security], where the CER, as defined in [I-D.vyncke-advanced-ipv6-security], where the
default inbound connection policy is generally "default allow". default inbound connection policy is generally "default allow".
skipping to change at page 5, line 50 skipping to change at page 6, line 8
Device (IGD) function, which for IPv6 is UPnP IGD Version 2 Device (IGD) function, which for IPv6 is UPnP IGD Version 2
[IGD-2]. [IGD-2].
o VM: Virtual machine. o VM: Virtual machine.
o WPA2: Wi-Fi Protected Access, as defined by the Wi-Fi Alliance. o WPA2: Wi-Fi Protected Access, as defined by the Wi-Fi Alliance.
2. Effects of IPv6 on Home Networking 2. Effects of IPv6 on Home Networking
Service providers are deploying IPv6, content is becoming available Service providers are deploying IPv6, content is becoming available
on IPv6, and support for IPv6 is increasingly available in devices on IPv6 (accelerated recently by the World IPv6 Launch event) and
and software used in the home. While IPv6 resembles IPv4 in many support for IPv6 is increasingly available in devices and software
ways, it changes address allocation principles, making multi- used in the home. While IPv6 resembles IPv4 in many ways, it changes
addressing the norm, and allowing direct IP addressability home address allocation principles, making multi-addressing the norm, and
networking devices from the Internet. This section presents an allowing direct IP addressability of home networking devices from the
overview of some of the key implications of the introduction of IPv6 Internet. This section presents an overview of some of the key
for home networking, that are both promising and problematic. implications of the introduction of IPv6 for home networking, that
are simultaneously both promising and problematic.
2.1. Multiple subnets and routers 2.1. Multiple subnets and routers
The introduction of IPv6 for home networking enables the potential
for every home network to be delegated enough address space to
provision globally unique prefixes for each subnet in the home. Such
subnetting is not common practice in existing IPv4 homenets, but is
very likely to become increasingly standard in future IPv6 homenets.
While simple layer 3 topologies involving as few subnets as possible While simple layer 3 topologies involving as few subnets as possible
are preferred in home networks, the incorporation of dedicated are preferred in home networks, the incorporation of dedicated
(routed) subnets remains necessary for a variety of reasons. For (routed) subnets remains necessary for a variety of reasons. For
instance, an increasingly common feature in modern home routers is instance, an increasingly common feature in modern home routers is
the ability to support both guest and private network subnets. the ability to support both guest and private network subnets.
Likewise, there may be a need to separate building control or Likewise, there may be a need to separate building control or
corporate extensions from the main Internet access network, or corporate extensions from the main Internet access network, or
different subnets may in general be associated with parts of the different subnets may in general be associated with parts of the
homenet that have different routing and security policies. Further, homenet that have different routing and security policies. Further,
link layer networking technology is poised to become more link layer networking technology is poised to become more
heterogeneous, as networks begin to employ both traditional Ethernet heterogeneous, as networks begin to employ both traditional Ethernet
technology and link layers designed for low-power and lossy networks technology and link layers designed for low-power and lossy networks
(LLNs), such as those used for certain types of sensor devices. (LLNs), such as those used for certain types of sensor devices.
Constraining the flow of certain traffic from Ethernet links to much
lower capacity links thus becomes an important topic.
Documents that provide some more specific background and depth on Documents that provide some more specific background and depth on
this topic include: [I-D.herbst-v6ops-cpeenhancements], this topic include: [I-D.herbst-v6ops-cpeenhancements],
[I-D.baker-fun-multi-router], and [I-D.baker-fun-routing-class]. [I-D.baker-fun-multi-router], and [I-D.baker-fun-routing-class].
The addition of routing between subnets raises the issue of how to The addition of routing between subnets raises the issue of how to
extend mechanisms such as service discovery which currently rely on extend mechanisms such as service discovery which currently rely on
link-local addressing to limit scope. There are two broad choices; link-local addressing to limit scope. There are two broad choices;
extend existing protocols to work across the scope of the homenet, or extend existing protocols to work across the scope of the homenet, or
introduce proxies for existing link-layer protocols. This is introduce proxies for existing link-layer protocols. This topic is
discussed later in the document. discussed later in the document.
There will also be the need to discover which routers in the homenet There will also be the need to discover which routers in the homenet
are the border router(s) by an appropriate mechanism. Here, there are the border router(s) by an appropriate mechanism. Here, there
are a number of choices. These include an appropriate service are a number of choices. These include an appropriate service
discovery protocol, or the use of a well-known name, resolved by some discovery protocol, or the use of a well-known name, resolved by some
local name service. Both might have to deal with handling more than local name service. Both might have to deal with handling more than
one router responding in multihomed environments. one router responding in multihomed environments.
2.2. Global addressability and elimination of NAT 2.2. Global addressability and elimination of NAT
skipping to change at page 7, line 47 skipping to change at page 8, line 13
Privacy Addresses [RFC4941]. Privacy Addresses [RFC4941].
Thus it should be considered the norm for devices on IPv6 home Thus it should be considered the norm for devices on IPv6 home
networks to be multi-addressed, and to need to make appropriate networks to be multi-addressed, and to need to make appropriate
address selection decisions for the candidate source and destination address selection decisions for the candidate source and destination
address pairs. Default Address Selection for IPv6 address pairs. Default Address Selection for IPv6
[I-D.ietf-6man-rfc3484bis] provides a solution for this, though it [I-D.ietf-6man-rfc3484bis] provides a solution for this, though it
may face problems in the event of multihoming, where nodes will be may face problems in the event of multihoming, where nodes will be
configured with one address from each upstream ISP prefix. In such configured with one address from each upstream ISP prefix. In such
cases the presence of upstream ingress filtering requires multi- cases the presence of upstream ingress filtering requires multi-
addressed nodes to select the right source address to be used for the addressed nodes to select the correct source address to be used for
corresponding uplink, to avoid ISP BCP 38 ingress filtering, but the the corresponding uplink, to avoid ISP BCP 38 ingress filtering, but
node may not have the information it needs to make that decision the node may not have the information it needs to make that decision
based on addresses alone. We discuss such challenges in multihoming based on addresses alone. We discuss such challenges in the
later in this document. multihoming section later in this document.
2.4. Unique Local Addresses (ULAs) 2.4. Unique Local Addresses (ULAs)
[RFC4193] defines Unique Local Addresses (ULAs) for IPv6 that may be [RFC4193] defines Unique Local Addresses (ULAs) for IPv6 that may be
used to address devices within the scope of a single site. Support used to address devices within the scope of a single site. Support
for ULAs for IPv6 CERs is described in [RFC6204]. A home network for ULAs for IPv6 CERs is described in [RFC6204]. A home network
running IPv6 may deploy ULAs for stable communication between devices running IPv6 may deploy ULAs for stable communication between devices
(on different subnets) within the network where the externally (on different subnets) within the network where the externally
allocated global prefix changes over time (e.g. due to renumbering allocated global prefix changes over time (e.g. due to renumbering
within the subscriber's ISP) or where external connectivity is within the subscriber's ISP) or where external connectivity is
skipping to change at page 8, line 30 skipping to change at page 8, line 44
even then, deprecating prefixes when there is no connectivity may not even then, deprecating prefixes when there is no connectivity may not
be advisable. It should also be noted that there may be timers on be advisable. It should also be noted that there may be timers on
the prefix lease to the homenet, on the internal prefix delegations, the prefix lease to the homenet, on the internal prefix delegations,
and on the Router Advertisements to the hosts. Despite this counter- and on the Router Advertisements to the hosts. Despite this counter-
argument, while setting a network up there may be a period with no argument, while setting a network up there may be a period with no
connectivity, in which case ULAs would be required for inter-subnet connectivity, in which case ULAs would be required for inter-subnet
communication. In the case where LLNs are being set up in a new communication. In the case where LLNs are being set up in a new
home/deployment, individual LLNs may, at least initially, each use home/deployment, individual LLNs may, at least initially, each use
their own /48 ULA prefix. their own /48 ULA prefix.
ULA addresses will allow constrained LLN devices to create permanent
relationships between IPv6 addresses, e.g. from a wall controller to
a lamp. Symbolic host names would require additional non-volatile
memory. Updating global prefixes in sleeping LLN devices might also
be problematic.
It has been suggested that using ULAs would provide an indication to
applications that received traffic is locally sourced. This could
then be used with security settings to designate where a particular
application is allowed to connect to or receive traffic from.
Default address selection mechanisms should ensure a ULA source Default address selection mechanisms should ensure a ULA source
address is used to communicate with ULA destination addresses when address is used to communicate with ULA destination addresses when
appropriate, in particular when the ULA destination lies within a /48 appropriate, in particular when the ULA destination lies within a /48
ULA prefix known to be used within the same homenet. Unlike the IPv4 ULA prefix known to be used within the same homenet. Note that
RFC 1918 space, the use of ULAs does not imply use of host-based IPv6 unlike the IPv4 private RFC 1918 space, the use of ULAs does not
NAT, or NPTv6 prefix-based NAT [RFC6296], rather that external imply use of host-based IPv6 NAT, or NPTv6 prefix-based NAT
communications should use a node's additional globally unique IPv6 [RFC6296], rather that external communications should use a node's
source address. additional globally unique IPv6 source address.
2.5. Security and borders
The filtering policy to/from the homenet is an important
consideration, but the homenet/ISP border may not be the only border
in a homenet. It is desirable that there are mechanisms to detect
other types of borders, and then the means to apply different types
of filtering policies at those borders, e.g. whether naming and
service discovery should pass a given border. Any such policies
should be able to be easily applied by typical home users, e.g. to
give a visitor in a "guest" network access to media services in the
home, or access to a printer in the residence. Simple mechanisms to
apply policy changes, or associations between devices, will be
required.
A simple homenet model may just consider three types of realm and the
borders between them. For example if the realms are the homenet, the
ISP and the visitor network, then the borders will include that from
the homenet to the ISP, and that from the homenet to a guest network.
Regardless, it should be possible for additional types of realms and
borders to be defined, e.g. for some specific Grid or LLN-based
network, and for these to be detected or configured, and for an
appropriate default policy to be applied as to what type of traffic/
data can flow across such borders.
It is desirable to classify the external border of the home network
as a unique logical interface separating the home network from
service provider network/s. This border interface may be a single
physical interface to a single service provider, multiple layer 2
sub-interfaces to a single service provider, or multiple connections
to a single or multiple providers. This border makes it possible to
describe edge operations and interface requirements across multiple
functional areas including security, routing, service discovery, and
router discovery.
while a goal of the homenet architecture is for the network to be as
self-organising as possible, there may be instances where some manual
configuration is required, e.g. the entry of a key to apply wireless
security, or to configure a shared routing secret. The latter may be
relevant when considering how to bootstrap a routing configuration.
It is highly desirable that only one such key is needed for any set
of functions, to increase usability for the homenet user.
Advanced Security for IPv6 CPEs [I-D.vyncke-advanced-ipv6-security]
takes the approach that in order to provide the greatest end-to-end
transparency as well as security, security policies must be updated
by a trusted party which can provide intrusion signatures and other
"active" information on security threats. This might for example
allow different malware detection profiles to be configured on a CER.
Such methods should be able to be automatically updating.
There is no defined "threat model" as such for the type of IPv6
homenet described in this text. Such a document may be very useful.
It may include a variety of perspectives, from probing for specific
types of home appliance being present, to potential denial of service
attacks. Hosts need to be able to operate securely, end-to-end where
required, but also be robust against malicious traffic direct towards
them. We simply note at this point that software on home devices
will have an increase in security if it allows its software to be
updated regularly.
2.6. Naming, and manual configuration of IP addresses 2.5. Naming, and manual configuration of IP addresses
Some IPv4 home networking devices expose IPv4 addresses to users, Some IPv4 home networking devices expose IPv4 addresses to users,
e.g. the IPv4 address of a home IPv4 CER that may be configured via a e.g. the IPv4 address of a home IPv4 CER that may be configured via a
web interface. Users should not be expected to enter IPv6 literal web interface. Users should not be expected to enter IPv6 literal
addresses in homenet devices or applications, given their much addresses in homenet devices or applications, given their much
greater length and apparent randomness to a typical home user. While greater length and apparent randomness to a typical home user. While
shorter addresses, perhaps ones registered with IANA from ULA-C space shorter addresses, perhaps ones registered with IANA from ULA-C space
[I-D.hain-ipv6-ulac], could be used for specific devices/services, in [I-D.hain-ipv6-ulac], could be used for specific devices/services, in
general it is better to not expose users to real IPv6 addresses. general it is better to not expose users to real IPv6 addresses.
Thus, even for the simplest of functions, simple naming and the Thus, even for the simplest of functions, simple naming and the
associated (ideally zero configuration) discovery of services is associated (ideally zero configuration) discovery of services is
imperative for the easy deployment and use of homenet devices and imperative for the easy deployment and use of homenet devices and
applications. applications.
In a multi-subnet homenet, naming and service discovery should be In a multi-subnet homenet, naming and service discovery should be
expected to be capable of operating across the scope of the entire expected to be capable of operating across the scope of the entire
home network, and thus be able to cross subnet boundaries. It should home network, and thus be able to cross subnet boundaries. It should
be noted that in IPv4, such services do not generally function across be noted that in IPv4, such services do not generally function across
home router NAT boundaries, so this is one area where there is scope home router NAT boundaries, so this is one area where there is room
for an improvement in IPv6. for improvement in IPv6.
3. Architecture 2.6. IPv6-only operation
The aim of this architecture text is to outline how to construct home It is likely that IPv6-only networking will be deployed first in
networks involving multiple routers and subnets. In this section, we "greenfield" homenet scenarios, or perhaps as one element of an
present a set of typical home network topology models/scenarios, otherwise dual-stack network. Running IPv6-only adds additional
followed by a list of topics that may influence the architectural requirements, e.g. for devices to get configuration information via
discussions, and a set of architectural principles and requirements IPv6 transport (not relying on an IPv4 protocol such as IPv4 DHCP),
that govern how the various nodes should work together. The and for devices to be able to initiate communications to external
architecture also drives what protocol extensions are necessary, as devices that are IPv4-only. Thus, for example, the following
will be discussed briefly in Section 3.5. requirements are amongst those that should be considered in IPv6-only
environments:
3.1. Network Models o Ensuring there is a way to access content in the IPv4 Internet.
This can be arranged through incorporating NAT64 [RFC6144] and
DNS64 [RFC6145] functionality in the home gateway router, for
instance. Such features are outside the scope of this document
however, being CER functions.
o DNS discovery mechanisms are enabled for IPv6. Both stateless
DHCPv6 [RFC3736] [RFC3646] and Router Advertisement options
[RFC6106] may have to be supported and turned on by default to
ensure maximum compatibility with all types of hosts in the
network. This requires, however, that a working DNS server is
known and addressable via IPv6, and that such discovery options
can operate through multiple routers in the homenet.
o All nodes in the home network support operations in IPv6-only
mode. Some current devices work well with dual-stack but fail to
recognise connectivity when IPv4 DHCP fails, for instance.
The widespread availability of robust solutions to these types of
requirements will help accelerate the uptake of IPv6-only homenets.
3. Homenet Architecture
The aim of this architecture text is to outline how to construct
advanced IPv6-based home networks involving multiple routers and
subnets using standard IPv6 protocols and addressing [RFC2460]
[RFC4291]. In this section, we present the elements of such a home
networking architecture, with discussion of the associated design
principles.
Existing IETF work [RFC6204] defines the "basic" requirements for
Customer Edge Routers, while [I-D.ietf-v6ops-6204bis] extends RFC
6204 to describe additional features. The homenet architecture is
focused on the internal homenet, rather than the CER(s). In general,
home network equipment needs to be able to operate in networks with a
range of different properties and topologies, where home users may
plug components together in arbitrary ways and expect the resulting
network to operate. Significant manual configuration is rarely, if
at all, possible, given the knowledge level of typical home users.
Thus the network should, as far as possible, be self-configuring.
The equipment also needs to be prepared to handle at least
o Routing
o Prefix configuration for routers
o Name resolution
o Service discovery
o Network security
The remainder of this document describes the principles by which a
homenet architecture may deliver these properties.
3.1. General Principles
There is little that the Internet standards community can do about
the physical topologies or the need for some networks to be separated
at the network layer for policy or link layer compatibility reasons.
However, there is a lot of flexibility in using IP addressing and
inter-networking mechanisms. This architecture text discusses how
this flexibility should be used to provide the best user experience
and ensure that the network can evolve with new applications in the
future. The principles described in this text should be followed
when designing homenet solutions.
3.1.1. Reuse existing protocols
It is desirable to reuse existing protocols where possible, but at
the same time to avoid consciously precluding the introduction of new
or emerging protocols. A generally conservative approach, giving
weight to running code, is preferable. Where new protocols are
required, evidence of commitment to implementation by appropriate
vendors or development communities is highly desirable. Protocols
used should be backwardly compatible, and forward compatible where
changes are made.
3.1.2. Minimise changes to hosts and routers
Where possible, any requirement for changes to hosts and routers
should be minimised, though solutions which, for example,
incrementally improve with host changes may be acceptable.
3.2. Homenet Topology
In this section we consider homenet topologies, and the principles we
may apply in designing an architecture to support as wide a range as
possible of such topologies.
3.2.1. Supporting arbitrary topologies
There should ideally be no built-in assumptions about the topology in
home networks, as users are capable of connecting their devices in
"ingenious" ways. Thus arbitrary topologies and arbitrary routing
will need to be supported, or at least the failure mode for when the
user makes a mistake should be as robust as possible, e.g. de-
activating a certain part of the infrastructure to allow the rest to
operate. In such cases, the user should ideally have some useful
indication of the failure mode encountered.
3.2.2. Network topology models
Most IPv4 home network models at the time of writing tend to be Most IPv4 home network models at the time of writing tend to be
relatively simple, typically a single NAT router to the ISP and a relatively simple, typically a single NAT router to the ISP and a
single internal subnet but, as discussed earlier, evolution in single internal subnet but, as discussed earlier, evolution in
network architectures is driving more complex topologies, such as the network architectures is driving more complex topologies, such as the
separation of visitor and private networks. separation of visitor and private networks.
In general, the models described in [RFC6204] and its successor RFC In general, the models described in [RFC6204] and its successor RFC
6204-bis [I-D.ietf-v6ops-6204bis] should be supported by an IPv6 home 6204-bis [I-D.ietf-v6ops-6204bis] should be supported by the IPv6
networking architecture. home networking architecture. The functions resident on the CER
itself are, as stated previously, out of scope of this text.
There are a number of properties or attributes of a home network that There are a number of properties or attributes of a home network that
we can use to describe its topology and operation. The following we can use to describe its topology and operation. The following
properties apply to any IPv6 home network: properties apply to any IPv6 home network:
o Presence of internal routers. The homenet may have one or more o Presence of internal routers. The homenet may have one or more
internal routers, or may only provide subnetting from interfaces internal routers, or may only provide subnetting from interfaces
on the CER. on the CER.
o Presence of isolated internal subnets. There may be isolated o Presence of isolated internal subnets. There may be isolated
internal subnets, with no direct connectivity between them within internal subnets, with no direct connectivity between them within
the homenet. Isolation may be physical, or implemented via IEEE the homenet. Isolation may be physical, or implemented via IEEE
802.1q VLANs. 802.1q VLANs.
o Demarcation of the CER. The CER(s) may or may not be managed by o Demarcation of the CER. The CER(s) may or may not be managed by
the ISP. If the demarcation point is such that the customer can the ISP. If the demarcation point is such that the customer can
provide or manage the CER, its configuration must be simple. Both provide or manage the CER, its configuration must be simple. Both
models must be supported. models must be supported.
It has also been suggested that various forms of multihoming are more Various forms of multihoming are likely to be more prevalent with
prevalent with IPv6 home networks. Thus the following properties may IPv6 home networks, as discussed further below. Thus the following
also apply to such networks: properties should also be considered for such networks:
o Number of upstream providers. A typical homenet might just have a o Number of upstream providers. A typical homenet might just have a
single upstream ISP, but it may become more common for there to be single upstream ISP, but it may become more common for there to be
multiple ISPs, whether for resilience or provision of additional multiple ISPs, whether for resilience or provision of additional
services. Each would offer its own prefix. Some may or may not services. Each would offer its own prefix. Some may or may not
be walled gardens. be walled gardens.
o Number of CERs. The homenet may have a single CER, which might be o Number of CERs. The homenet may have a single CER, which might be
used for one or more providers, or multiple CERs. Multiple CERs used for one or more providers, or multiple CERs. The presence of
adds additional complexity for multihoming scenarios, and multiple CERs adds additional complexity for multihoming
protocols like PCP that need to manage connection-oriented state scenarios, and protocols like PCP that need to manage connection-
mappings. oriented state mappings.
Some separate discussion of physical infrastructures for homenets is A separate discussion of physical infrastructures for homenets is
included in and [I-D.arkko-homenet-physical-standard]. included in and [I-D.arkko-homenet-physical-standard].
In principle, we might argue that an architecture for IPv6 homenets In the following sections we give some examples of the types of
should support any arbitrary topology. We discuss this topic later homenet topologies we may see in the future. This is not intended to
in the text. In the following sections we give some examples of the be an exhaustive or complete list, rather an indicative one to
types of homenet topologies we may see in the future. This is not facilitate the discussion in this text.
intended to be an exhaustive or complete list, rather an indicative
one to facilitate discussion in this text.
3.1.1. A: Single ISP, Single CER, Internal routers 3.2.2.1. A: Single ISP, Single CER, Internal routers
Figure 1 shows a network with multiple local area networks. These Figure 1 shows a network with multiple local area networks. These
may be needed for reasons relating to different link layer may be needed for reasons relating to different link layer
technologies in use or for policy reasons, e.g. classic Ethernet in technologies in use or for policy reasons, e.g. classic Ethernet in
one subnet and a LLN link layer technology in another. In this one subnet and a LLN link layer technology in another. In this
example there is no single router that a priori understands the example there is no single router that a priori understands the
entire topology. The topology itself may also be complex, and it may entire topology. The topology itself may also be complex, and it may
not be possible to assume a pure tree form, for instance. This is a not be possible to assume a pure tree form, for instance (home users
valid consideration as home users may plug routers together to form may plug routers together to form arbitrary topologies including
arbitrary topologies including loops (we discuss support for loops).
arbitrary topologies in layer sections).
+-------+-------+ \ +-------+-------+ \
| Service | \ | Service | \
| Provider | | Service | Provider | | Service
| Router | | Provider | Router | | Provider
+-------+-------+ | network +-------+-------+ | network
| / | /
| Customer / | Customer /
| Internet connection | Internet connection
| |
skipping to change at page 14, line 5 skipping to change at page 15, line 5
Network C | | Network D | Network C | | Network D |
----+-------------+---+- --+---+-------------+--- | ----+-------------+---+- --+---+-------------+--- |
| | | | | | | | | |
+----+-----+ +-----+----+ +----+-----+ +-----+----+ | +----+-----+ +-----+----+ +----+-----+ +-----+----+ |
|IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | | |IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | |
| | | | | | | | / | | | | | | | | /
+----------+ +----------+ +----------+ +----------+ / +----------+ +----------+ +----------+ +----------+ /
Figure 1 Figure 1
3.1.2. B: Two ISPs, Two CERs, Shared subnet 3.2.2.2. B: Two ISPs, Two CERs, Shared subnet
+-------+-------+ +-------+-------+ \ +-------+-------+ +-------+-------+ \
| Service | | Service | \ | Service | | Service | \
| Provider A | | Provider B | | Service | Provider A | | Provider B | | Service
| Router | | Router | | Provider | Router | | Router | | Provider
+------+--------+ +-------+-------+ | network +------+--------+ +-------+-------+ | network
| | / | | /
| Customer | / | Customer | /
| Internet connections | / | Internet connections | /
| | | |
skipping to change at page 14, line 32 skipping to change at page 15, line 32
| | | End-User | | | End-User
---+---------+---+---------------+--+----------+--- | network(s) ---+---------+---+---------------+--+----------+--- | network(s)
| | | | \ | | | | \
+----+-----+ +-----+----+ +----+-----+ +-----+----+ \ +----+-----+ +-----+----+ +----+-----+ +-----+----+ \
|IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | / |IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | /
| | | | | | | | / | | | | | | | | /
+----------+ +----------+ +----------+ +----------+ +----------+ +----------+ +----------+ +----------+
Figure 2 Figure 2
Figure 2 illustrates a multihomed home network model, where the Figure 2 illustrates a multihomed homenet model, where the customer
customer has connectivity via CER1 to ISP A and via CER2 to ISP B. has connectivity via CER1 to ISP A and via CER2 to ISP B. This
This example shows one shared subnet where IPv6 nodes would example shows one shared subnet where IPv6 nodes would potentially be
potentially be multihomed and receive multiple IPv6 global addresses, multihomed and receive multiple IPv6 global addresses, one per ISP.
one per ISP. This model may also be combined with that shown in This model may also be combined with that shown in Figure 1 to create
Figure 1 to create a more complex scenario with multiple internal a more complex scenario with multiple internal routers. Or the above
routers. Or the above shared subnet may be split in two, such that shared subnet may be split in two, such that each CER serves a
each CER serves a separate isolated subnet, which is a scenario seen separate isolated subnet, which is a scenario seen with some IPv4
with some IPv4 networks today. networks today.
3.1.3. C: Two ISPs, One CER, Shared subnet 3.2.2.3. C: Two ISPs, One CER, Shared subnet
+-------+-------+ +-------+-------+ \ +-------+-------+ +-------+-------+ \
| Service | | Service | \ | Service | | Service | \
| Provider A | | Provider B | | Service | Provider A | | Provider B | | Service
| Router | | Router | | Provider | Router | | Router | | Provider
+-------+-------+ +-------+-------+ | network +-------+-------+ +-------+-------+ | network
| | / | | /
| Customer | / | Customer | /
| Internet | / | Internet | /
| connections | | | connections | |
skipping to change at page 15, line 36 skipping to change at page 16, line 36
|IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | / |IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | /
| | | | | | | | / | | | | | | | | /
+----------+ +----------+ +----------+ +----------+ +----------+ +----------+ +----------+ +----------+
Figure 3 Figure 3
Figure 3 illustrates a model where a home network may have multiple Figure 3 illustrates a model where a home network may have multiple
connections to multiple providers or multiple logical connections to connections to multiple providers or multiple logical connections to
the same provider, with shared internal subnets. the same provider, with shared internal subnets.
3.2. Determining the Requirements In general, while the architecture may focus on likely common
topologies, it should not preclude any arbitrary topology from being
[RFC6204] defines "basic" requirements for IPv6 Customer Edge constructed.
Routers, while [I-D.ietf-v6ops-6204bis] extends RFC 6204 to describe
additional features. In general, home network equipment needs to
cope with the different types of network properties and topologies as
exemplified above. Significant manual configuration is rarely, if at
all, possible, given the knowledge level of typical home users. The
network should as far as possible be self-configuring. The equipment
needs to be prepared to handle at least
o Routing
o Prefix configuration for routers
o Name resolution
o Service discovery
o Network security 3.2.3. Dual-stack topologies
The remainder of the architecture document is presented as It is expected that most homenet deployments will for the immediate
considerations and principles that lead to more specific requirements future be dual-stack IPv4/IPv6. In such networks it is important not
for the five general areas listed above. to introduce new IPv6 capabilities that would cause a failure if used
alongside IPv4+NAT, given that such dual-stack homenets will be
commonplace for some time. That said, it is desirable that IPv6
works better than IPv4 in as many scenarios as possible. Further,
the homenet architecture must operate in the absence of IPv4.
3.3. Considerations A general recommendation is to follow the same topology for IPv6 as
is used for IPv4, but not to use NAT. Thus there should be routed
IPv6 where an IPv4 NAT is used, and where there is no NAT there
should be bridging if the link layer allows this.
This section discusses some considerations for home networking that In some cases IPv4 NAT home networks may feature cascaded NATs, which
may affect the architecture and associated requirements. may include cases where NAT routers are included within VMs, or where
Internet connection sharing services are used. IPv6 routed versions
of such cases will be required. We should thus note that routers in
the homenet may not be separate physical devices; they may be
embedded within other devices.
3.3.1. Multihoming 3.2.4. Multihoming
A homenet may be multihomed to multiple providers. This may either A homenet may be multihomed to multiple providers, as the network
take a form where there are multiple isolated networks within the models above illustrate. This may either take a form where there are
home or a more integrated network where the connectivity selection is multiple isolated networks within the home or a more integrated
dynamic. Current practice is typically of the former kind, but the network where the connectivity selection needs to be dynamic.
latter is expected to become more commonplace. Current practice is typically of the former kind, but the latter is
expected to become more commonplace.
The general multihoming problem is broad, and solutions suggested to The general multihoming problem is broad, and solutions suggested to
date within the IETF may include complex architectures for monitoring date within the IETF may include complex architectures for monitoring
connectivity, traffic engineering, identifier-locator separation, connectivity, traffic engineering, identifier-locator separation,
connection survivability across multihoming events, and so on. It is connection survivability across multihoming events, and so on. It is
thus important that the homenet architecture should as far as thus important that the homenet architecture should as far as
possible minimise the complexity of any multihoming support. So we possible minimise the complexity of any multihoming support. So we
should limit the support to the smallest subset of the overall should limit the support to the smallest subset of the overall
problem to meet the requirements of the topologies described above. problem to meet the requirements of the topologies described above.
This means that the homenet architecture should not try to make This means that the homenet architecture should not try to make
another attempt at solving complex multihoming, and we should prefer another attempt at solving complex multihoming, and we should prefer
to support scenarios for which solutions exist today. to support scenarios for which solutions exist today.
In the general homenet architecture, hosts should be multi-addressed In the general homenet architecture, hosts should be multi-addressed
with globally unique prefixes from each ISP they may communicate with with globally unique prefixes from each ISP they may communicate with
or through. The alternative for a homenet would be to deploy NPTv6 or through. An alternative for a homenet would be to deploy NPTv6
[RFC6296] at the CER, with ULAs then typically used internally. [RFC6296] at the CER, with ULAs then typically used internally, but
NPTv6 has some architectural cost, due to the prefix translation this mode is not considered by this text. If NPTv6 is used, the
used, but the internal part of the homenet (which is the scope of internal part of the homenet (which is the scope of this text) simply
this text) sees only the one prefix in use. sees only the one (ULA) prefix in use. It should be noted that
running NPTv6 has an architectural cost, due to the prefix
translation used.
When multi-addressing is in use, hosts need some way to pick source When multi-addressing is in use, hosts need some way to pick source
and destination address pairs for connections. A host may choose a and destination address pairs for connections. A host may choose a
source address to use by various methods, which would typically source address to use by various methods, which would typically
include [I-D.ietf-6man-rfc3484bis]. Applications may of course do include [I-D.ietf-6man-rfc3484bis]. Applications may of course do
different things, and this should not be precluded. different things, and this should not be precluded.
For the single CER Network Model C, multihoming may be offered by For the single CER Network Model C, multihoming may be offered by
source routing at the CER. With multiple exit routers, the source routing at the CER. With multiple exit routers, the
complexity rises. Given a packet with a source address on the complexity rises. Given a packet with a source address on the
network, the packet must be routed to the proper egress to avoid network, the packet must be routed to the proper egress to avoid BCP
ingress filtering at a wrong ISP. While the packet might not take an 38 filtering at an ISP that did not delegate the prefix the address
optimal path to the correct exit CER, the minimum requirement is that is chosen from. While the packet might not take an optimal path to
the packet is not dropped, and it is highly desirable that the packet the correct exit CER, the minimum requirement is that the packet is
is routed in the most efficient manner to the correct exit. not dropped. It is of course highly desirable that the packet is
routed in the most efficient manner to the correct exit.
There are various potential approaches to this problem, one example There are various potential approaches to this problem, one example
being described in [I-D.v6ops-multihoming-without-ipv6nat]. Another being described in [I-D.v6ops-multihoming-without-ipv6nat]. Another
is discussed in [I-D.baker-fun-multi-router], which explores support is discussed in [I-D.baker-fun-multi-router], which explores support
for source routing throughout the homenet. This approach would for source routing throughout the homenet. This approach would
however likely require relatively significant routing changes to however likely require relatively significant routing changes to
route the packet to the correct exit given the source address. Such route the packet to the correct exit given the source address. Such
changes should preferably be minimised. changes should preferably be minimised.
There are some other multihoming considerations for homenet There are some other multihoming considerations for homenet
skipping to change at page 17, line 36 skipping to change at page 18, line 35
[I-D.townsley-troan-ipv6-ce-transitioning]. Second, one upstream may [I-D.townsley-troan-ipv6-ce-transitioning]. Second, one upstream may
be a "walled garden", and thus only appropriate to be used for be a "walled garden", and thus only appropriate to be used for
connectivity to the services of that provider; an example may be a connectivity to the services of that provider; an example may be a
VPN service that only routes back to the enterprise business network VPN service that only routes back to the enterprise business network
of a user in the homenet. While we should not specifically target of a user in the homenet. While we should not specifically target
walled garden multihoming as a principal goal, it should not be walled garden multihoming as a principal goal, it should not be
precluded. precluded.
Host-based methods such as Shim6 [RFC5533] have been defined, but of Host-based methods such as Shim6 [RFC5533] have been defined, but of
course require support in the hosts. There are also application- course require support in the hosts. There are also application-
oriented approaches such as Happy Eyeballs oriented approaches such as Happy Eyeballs [RFC6555]; simplified
[I-D.ietf-v6ops-happy-eyeballs]; simplified versions of this are for versions of this are for example already implemented in some
example implemented in some commonly-used web browsers. The homenet commonly-used web browsers. The homenet architecture should not
architecture should not preclude use of such tools. Solutions that preclude use of such tools should hosts include their support.
require host changes should be avoided, but solutions which
incrementally improve with host changes may be acceptable.
3.3.2. Quality of Service
Support for QoS in a multi-service homenet may be a requirement, e.g.
for a critical system (perhaps healthcare related), or for
differentiation between different types of traffic (file sharing,
cloud storage, live streaming, VoIP, etc). Different media types may
have different such properties or capabilities.
However, homenet scenarios should require no new QoS protocols. A
DiffServ [RFC2475] approach with a small number of predefined traffic
classes should generally be sufficient, though at present there is
little experience of QoS deployment in home networks. It is likely
that QoS, or traffic prioritisation, methods will be required at the
CER, and potentially around boundaries between different media types
(where for example some traffic may simply not be appropriate for
some media, and need to be dropped to avoid drowning the constrained
media).
There may also be complementary mechanisms that could be beneficial
to application performance and behaviour in the homenet domain, such
as ensuring proper buffering algorithms are used as described in
[Gettys11].
3.3.3. Operations and Management
The homenet should be self-organising and configuring as far as
possible, and thus not be pro-actively managed by the home user.
Thus protocols to manage the network are not discussed in this
architecture text.
However, users may be interested in the status of their networks and
devices on the network, in which case simplified monitoring
mechanisms may be desirable. It may also be the case that an ISP, or
a third party, might offer management of the homenet on behalf of a
user, in which case management protocols would be required. How such
management is done is out of scope of this document; many solutions
exist.
3.3.4. Privacy considerations
There are no specific privacy concerns discussed in this text. It
should be noted that many ISPs are expected to offer relatively
stable IPv6 prefixes to customers, and thus the network prefix
associated with the host addresses they use would not generally
change over a reasonable period of time. This exposure is similar to
IPv4 networks that expose the same IPv4 global address via use of
NAT, where the IPv4 address received from the ISP may change over
time.
Hosts inside an IPv6 homenet may get new IPv6 addresses over time
regardless, e.g. through Privacy Addresses [RFC4941].
3.4. Design Principles and Requirements
There is little that the Internet standards community can do about
the physical topologies or the need for some networks to be separated
at the network layer for policy or link layer compatibility reasons.
However, there is a lot of flexibility in using IP addressing and
inter-networking mechanisms. In this section we discuss how this
flexibility should be used to provide the best user experience and
ensure that the network can evolve with new applications in the
future.
The following principles should be followed when designing homenet
solutions. Where requirements are associated with those principles,
they are stated. There is no implied priority by the order in which
the principles themselves are listed.
3.4.1. Reuse existing protocols
It is desirable to reuse existing protocols where possible, but at
the same time to avoid consciously precluding the introduction of new
or emerging protocols. A generally conservative approach, giving
weight to running code, is preferable. Where new protocols are
required, evidence of commitment to implementation by appropriate
vendors or development communities is highly desirable. Protocols
used should be backwardly compatible, and forward compatible where
changes are made.
Where possible, any requirement for changes to hosts and routers 3.3. A Self-Organising Network
should be minimised.
3.4.2. Dual-stack Operation A home network architecture should be naturally self-organising and
self-configuring under different circumstances relating to the
connectivity status to the Internet, number of devices, and physical
topology. While the homenet should be self-organising, it should be
possible to manually adjust (override) the current configuration.
The homenet architecture targets both IPv6-only and dual-stack While a goal of the homenet architecture is for the network to be as
networks. While the CER requirements in RFC 6204 and RFC 6204-bis self-organising as possible, there may be instances where some manual
are aimed at IPv6-only networks, it is likely that dual-stack configuration is required, e.g. the entry of a WPA2 key to apply
homenets will be the norm for some period of time. IPv6-only wireless security, or to configure a shared routing secret. The
networking may first be deployed in "greenfield" homenet scenarios, latter may be relevant when considering how to bootstrap a routing
or perhaps as one element of an otherwise dual-stack network. The configuration. It is highly desirable that only one such key is
homenet architecture must operate in the absence of IPv4. It is needed for any set of functions, to increase usability for the
desirable that IPv6 works better than IPv4 in as many scenarios as homenet user.
possible.
Running IPv6-only may require documentation of additional 3.3.1. Homenet realms and borders
considerations such as:
o Ensuring there is a way to access content in the IPv4 Internet. The homenet will need to be aware of the extent of its own "site",
This can be arranged through incorporating NAT64 [RFC6144] and which will define the borders for ULAs, site scope multicast, service
DNS64 [RFC6145] functionality in the home gateway router, for discovery and security policies. The homenet will have one or more
instance. Such features are outside the scope of this document borders with external connectivity providers and potentially also
however, being CER functions. have borders within the internal network (e.g. for policy-based
reasons). It should be possible to automatically perform border
discovery for the different borders. Such borders determine for
example the scope of where prefixes, routing information, network
traffic, service discovery and naming may be shared. The default
internally should be to share everything.
o DNS discovery mechanisms are enabled for IPv6. Both stateless A simple homenet model may just consider three types of realm and the
DHCPv6 [RFC3736] [RFC3646] and Router Advertisement options borders between them. For example if the realms are the homenet, the
[RFC6106] may have to be supported and turned on by default to ISP and the visitor network, then the borders will include that from
ensure maximum compatibility with all types of hosts in the the homenet to the ISP, and that from the homenet to a guest network.
network. This requires, however, that a working DNS server is Regardless, it should be possible for additional types of realms and
known and addressable via IPv6, and that such discovery options borders to be defined, e.g. for some specific Grid or LLN-based
can operate through multiple routers in the homenet. network, and for these to be detected automatically, and for an
appropriate default policy to be applied as to what type of traffic/
data can flow across such borders.
o All nodes in the home network support operations in IPv6-only It is desirable to classify the external border of the home network
mode. Some current devices work well with dual-stack but fail to as a unique logical interface separating the home network from
recognise connectivity when IPv4 DHCP fails, for instance. service provider network/s. This border interface may be a single
physical interface to a single service provider, multiple layer 2
sub-interfaces to a single service provider, or multiple connections
to a single or multiple providers. This border makes it possible to
describe edge operations and interface requirements across multiple
functional areas including security, routing, service discovery, and
router discovery.
In dual-stack networks, solutions for IPv6 should not adversely It should be possible for the homenet user to override any
affect IPv4 operation. It is desirable that topologies of IPv4 and automatically determined borders and the default policies applied
IPv6 networks would be as congruent as possible. between them.
3.4.3. Largest Possible Subnets 3.3.2. Largest possible subnets
Today's IPv4 home networks generally have a single subnet, and early Today's IPv4 home networks generally have a single subnet, and early
dual-stack deployments have a single congruent IPv6 subnet, possibly dual-stack deployments have a single congruent IPv6 subnet, possibly
with some bridging functionality. More recently, some vendors have with some bridging functionality. More recently, some vendors have
started to introduce "home" and "guest" functions, which in IPv6 started to introduce "home" and "guest" functions, which in IPv6
would be implemented as two subnets. would be implemented as two subnets.
Future home networks are highly likely to have one or more internal Future home networks are highly likely to have one or more internal
routers and thus need multiple subnets, for the reasons described routers and thus need multiple subnets, for the reasons described
earlier. As part of the self-organisation of the network, the earlier. As part of the self-organisation of the network, the
homenet should subdivide itself to the largest possible subnets that homenet should subdivide itself to the largest possible subnets that
can be constructed within the constraints of link layer mechanisms, can be constructed within the constraints of link layer mechanisms,
bridging, physical connectivity, and policy. bridging, physical connectivity, and policy.
While it may be desirable to maximise the chance of link-local While it may be desirable to maximise the chance of link-local
protocols operating across a homenet by maximising the size of a protocols operating across a homenet by maximising the size of a
subnet, multi-subnet home networks are inevitable, so their support subnet, multi-subnet home networks are inevitable, so their support
must be included. A general recommendation is to follow the same must be included.
topology for IPv6 as is used for IPv4, but not to use NAT. Thus
there should be routed IPv6 where an IPv4 NAT is used, and where
there is no NAT there should be bridging if the link layer allows
this.
In some cases IPv4 NAT home networks may feature cascaded NATs, which 3.3.3. Handling multiple homenets
may include cases where NAT routers are included within VMs or
Internet connection sharing services are used. IPv6 routed versions
of such cases will be required. We should thus note that routers in
the homenet may not be separate physical devices; they may be
embedded within devices.
3.4.4. Security vs Transparent, End-to-End Communications It is important that self-configuration with "unintended" devices is
avoided. Methods are needed for devices to know whether they are
intended to be part of the same homenet site or not. Thus methods to
ensure separation between neighbouring homenets are required. This
may require use of some unique "secret" for devices/protocols in each
homenet. Some existing mechanisms exist to assist home users to
associate devices as simply as possible, e.g. "connect" button
support.
An IPv6-based home network architecture should embrace and naturally 3.3.4. Coordination of configuration information
offer a transparent end-to-end communications model as described in
[RFC2775]. Each device should be addressable by a globally unique The network elements will need to be integrated in a way that takes
address, and those addresses must not be altered in transit. account of the various lifetimes on timers that are used on different
Security perimeters can (via policy) restrict end-to-end elements, e.g. DHCPv6 PD, router, valid prefix and preferred prefix
communications, and thus while a host may be globally addressable it timers.
may not be globally reachable.
In IPv4 NAT networks, the NAT provides an implicit firewall function. 3.4. Homenet Addressing
[RFC4864] describes a "Simple Security" model for IPv6 networks,
whereby stateful perimeter filtering can be applied instead where
global addresses are used. RFC 4864 implies an IPv6 "default deny"
policy for inbound connections be used for similar functionality to
IPv4 NAT. It should be noted that such a "default deny" approach
would effectively replace the need for IPv4 NAT traversal protocols
with a need to use a signalling protocol to request a firewall hole
be opened. Thus to support applications wanting to accept
connections initiated into home networks where a "default deny"
policy is in place support for a signalling protocol such as UPnP or
PCP [I-D.ietf-pcp-base] is required. In networks with multiple CERs,
the signalling would need to handle the cases of flows that may use
one or more exit routers. CERs would need to be able to advertise
their existence for such protocols.
[RFC6092] expands on RFC 4864, giving a more detailed discussion of The IPv6 addressing scheme used within a homenet must conform to the
IPv6 perimeter security recommendations, without mandating a "default IPv6 addressing architecture [RFC4291]. The homenet will need to
deny" approach. Indeed, RFC 6092 does not proscribe a particular adapt to the prefixes made available to it through the prefix
mode of operation, instead stating that CERs must provide an easily delegation method used by its upstream ISP.
selected configuration option that permits a "transparent" mode of
operation, thus ensuring a "default allow" model is available. The
homenet architecture text makes no recommendation on the default
setting, and refers the reader to RFC 6092, which in turn simply
states that a CER should provide functionality sufficient to support
the recommendations in that RFC.
In terms of the devices, homenet hosts should implement their own 3.4.1. Use of ISP-delegated IPv6 prefixes
security policies in accordance to their computing capabilities.
They should have the means to request transparent communications to
be initiated to them, either for all ports or for specific services.
Users should have simple methods to associate devices to services
that they wish to operate transparently through (CER) borders.
3.4.5. Internal IP Connectivity A homenet may receive an arbitrary length IPv6 prefix from its
provider, e.g. /60, /56 or /48. The offered prefix may be stable or
change from time to time. Some ISPs may offer relatively stable
prefixes, while others may change the prefix whenever the CER is
reset. Some discussion of IPv6 prefix allocation policies is
included in [RFC6177] which discusses why, for example, a one-size-
fits-all /48 allocation is not desirable. The home network needs to
be adaptable to such ISP policies, and thus make no assumptions about
the stability of the prefix received from an ISP, or the length of
the prefix that may be offered. However, if only a /64 is offered by
the ISP, the homenet may be severely constrained, or even unable to
function.
A logical consequence of the end-to-end communications model is that The internal operation of the home network should also not depend on
the network should by default attempt to provide IP-layer the availability of the ISP network at any given time, other than for
connectivity to services or systems off the home network. This
implies the use of ULAs for stable internal communication, as
described in the next section.
In practice, it is expected that ISPs will deliver a relatively
stable home prefix to customers. The norm for residential customers
of large ISPs may be similar to their single IPv4 address provision;
by default it is likely to remain persistent for some time, but
changes in the ISP's own provisioning systems may lead to the
customer's IP (and in the IPv6 case their prefix pool) changing. It
is not expected that ISPs will support Provider Independent (PI)
addressing for general residential homenets.
When an ISP needs to restructure and in doing so renumber its
customer homenets, "flash" renumbering is likely to be imposed. This
implies a need for the homenet to be able to handle a sudden
renumbering event which, unlike the process described in [RFC4192],
would be a "flag day" event, which means that a graceful renumbering
process moving through a state with two active prefixes in use would
not be possible. While renumbering is an extended version of an
initial numbering process, the difference between flash renumbering
and an initial "cold start" is the need to provide service
continuity.
There may be cases where local law means some ISPs are required to
change IPv6 prefixes (current IPv4 addresses) for privacy reasons for
their customers. In such cases it may be possible to avoid an
instant "flash" renumbering and plan a non-flag day renumbering as
per RFC 4192.
The customer may of course also choose to move to a new ISP, and thus
begin using a new prefix. In such cases the customer should expect a
discontinuity, and not only may the prefix change, but potentially
also the prefix length, if the new ISP offers a different default
size prefix, e.g. a /60 rather than a /56. Regardless, it's
desirable that homenet protocols support rapid renumbering and that
operational processes don't add unnecessary complexity for the
renumbering process.
The 6renum WG is studying IPv6 renumbering for enterprise networks.
It is not currently targetting homenets, but may produce outputs that
are relevant. The introduction of any new homenet protocols should
not make any form of renumbering any more complex than it already is.
3.4.2. Stable internal IP addresses
The network should by default attempt to provide IP-layer
connectivity between all internal parts of the homenet as well as to connectivity between all internal parts of the homenet as well as to
and from the external Internet. and from the external Internet, subject to the filtering policies or
other policy constraints discussed later in the security section.
ULAs should be used within the scope of a homenet to support routing ULAs should be used within the scope of a homenet to support routing
between subnets regardless of whether a globally unique ISP-provided between subnets regardless of whether a globally unique ISP-provided
prefix is available. However, it would be expected that ULAs would prefix is available. It would be expected that ULAs would be used
also be used alongside one or more such global prefixes in a homenet, alongside one or more such global prefixes in a homenet, such that
such that hosts become multi-addressed with both globally unique and hosts become multi-addressed with both globally unique and ULA
ULA prefixes. Default address selection would then enable ULAs to be prefixes. Default address selection would then enable ULAs to be
preferred for internal communications between devices that are using preferred for internal communications between devices that are using
ULA prefixes generated within the same homenet. ULA prefixes generated within the same homenet.
ULA addresses will allow constrained LLN devices to create permanent
relationships between IPv6 addresses, e.g. from a wall controller to
a lamp. Symbolic host names would require additional non-volatile
memory. Updating global prefixes in sleeping LLN devices might also
be problematic.
ULAs may be used for all devices, not just those intended to only ULAs may be used for all devices, not just those intended to only
have internal connectivity. ULAs used in this way provide stable have internal connectivity. ULAs used in this way provide stable
internal communications should the ISP-provided prefix (suddenly) internal communications should the ISP-provided prefix (suddenly)
change, or external connectivity be temporarily lost. The use of change, or external connectivity be temporarily lost. The use of
ULAs should be restricted to the homenet scope through filtering at ULAs should be restricted to the homenet scope through filtering at
the border(s) of the homenet, as described in RFC 6092; thus "end-to- the border(s) of the homenet, as described in RFC 6092.
end" for ULAs is limited to the homenet.
In some cases full internal connectivity may not be desirable, e.g. 3.4.3. Internal prefix delegation
in certain utility networking scenarios, or where filtering is
required for policy reasons against guest network subnet(s). Some
scenarios/models may involve isolated subnet(s) with their own CERs.
In such cases connectivity would only be expected within each
isolated network (though traffic may potentially pass between them
via external providers).
LLNs provide an example of where there may be secure perimeters As mentioned above, there are various sources of prefixes, e.g. they
inside the homenet. Constrained LLN nodes may implement WPA2-style may be globally unique prefixes originating from ISP(s), they may be
network key security but may depend on access policies enforced by globally unique or ULA prefixes allocated by "master" router(s) in
the LLN border router. the homenet, or they may be ULAs allocated by LLN gateways. There
may also be a prefix associated with NAT64, if in use in the homenet.
3.4.6. Routing functionality From the homenet perspective, a single prefix from each ISP should be
received on the border CER [RFC3633]. Then each subnet in the
homenet should receive a prefix from within the ISP-provided
prefix(es). The ISP should only see the aggregate from the homenet,
and not single /64 prefixes allocated within the homenet.
Delegation should be autonomous, and not assume a flat or
hierarchical model. This text makes no assumption about whether the
delegation of prefixes is distributed or centralised. The assignment
mechanism should provide reasonable efficiency, so that typical home
network prefix allocation sizes can accommodate all the necessary /64
allocations in most cases, and not waste prefixes. A currently
typical /60 allocation gives 16 /64 subnets. Duplicate assignment of
multiple /64s to the same network should be avoided. The network
should behave as gracefully as possible in the event of prefix
exhaustion, though the options in such cases may be limited.
Where multiple CERs exist with multiple ISP prefix pools, it is
expected that routers within the homenet would assign themselves
prefixes from each ISP they communicate with/through.
Where ULAs are used, most likely but not necessarily in parallel with
global prefixes, one router should be elected to offer ULA prefixes
for the homenet. The router should generate a /48 ULA for the site,
and then delegate /64's from that ULA prefix to subnets. In the
normal state, a single /48 ULA should be used within the homenet. In
cases where two /48 ULAs are generated within a homenet, the network
should still continue to function.
Delegation within the homenet should give each link a prefix that is
persistent across reboots, power outages and similar short-term
outages. Addition of a new routing device should not affect existing
persistent prefixes, but persistence may not be expected in the face
of significant "replumbing" of the homenet. Persistent prefixes
should not depend on router boot order. Such persistent prefixes may
imply the need for stable storage on routing devices, and also a
method for a home user to "reset" the stored prefix should a
significant reconfiguration be required (though ideally the home user
should not be involved at all).
The delegation method should support renumbering, which would
typically be "flash" renumbering in that the homenet would not have
advance notice of the event or thus be able to apply the types of
approach described in [RFC4192]. As a minimum, delegated ULA
prefixes within the homenet should remain persistent through an ISP-
driven renumbering event.
Several proposals have been made for prefix delegation within a
homenet. One group of proposals is based on DHCPv6 PD, as described
in [I-D.baker-homenet-prefix-assignment],
[I-D.chakrabarti-homenet-prefix-alloc], [RFC3315] and [RFC3633]. The
other uses OSPFv3, as described in
[I-D.arkko-homenet-prefix-assignment]. More detailed analysis of
these approaches needs to be made against the requirements/principles
described above.
3.4.4. Privacy
There are no specific privacy concerns discussed in this text. It
should be noted as above that many ISPs are expected to offer
relatively stable IPv6 prefixes to customers, and thus the network
prefix associated with the host addresses they use may not change
over a reasonably long period of time. This exposure is similar to
IPv4 networks that expose the same IPv4 global address via use of
NAT, where the IPv4 address received from the ISP may change over
time, but not necessarily that frequently.
Hosts inside an IPv6 homenet may get new IPv6 addresses over time
regardless, e.g. through Privacy Addresses [RFC4941].
3.5. Routing functionality
Routing functionality is required when there are multiple routers Routing functionality is required when there are multiple routers
deployed within the internal home network. This functionality could deployed within the internal home network. This functionality could
be as simple as the current "default route is up" model of IPv4 NAT, be as simple as the current "default route is up" model of IPv4 NAT,
or, more likely, it would involve running an appropriate routing or, more likely, it would involve running an appropriate routing
protocol. protocol.
The homenet routing protocol should preferably be an existing The homenet routing protocol should preferably be an existing
deployed protocol that has been shown to be reliable and robust, and deployed protocol that has been shown to be reliable and robust, and
it is preferable that the protocol is "lightweight". It is desirable it is preferable that the protocol is "lightweight". It is desirable
skipping to change at page 23, line 22 skipping to change at page 25, line 7
available. The protocol however should not require upstream ISP available. The protocol however should not require upstream ISP
connectivity to be established to continue routing within the connectivity to be established to continue routing within the
homenet. homenet.
To support multihoming within a homenet, a routing protocol that can To support multihoming within a homenet, a routing protocol that can
make routing decisions based on source and destination addresses is make routing decisions based on source and destination addresses is
desirable, to avoid upstream ISP ingress filtering problems. In desirable, to avoid upstream ISP ingress filtering problems. In
general the routing protocol should support multiple ISP uplinks and general the routing protocol should support multiple ISP uplinks and
delegated prefixes in concurrent use. delegated prefixes in concurrent use.
The routing environment should be self-configuring, as discussed in The routing environment should be self-configuring, as discussed
the next subsection. An example of how OSPFv3 can be self- previously. An example of how OSPFv3 can be self-configuring in a
configuring in a homenet is described in homenet is described in [I-D.acee-ospf-ospfv3-autoconfig].
[I-D.acee-ospf-ospfv3-autoconfig]. Minimising convergence time Minimising convergence time should be a goal in any routed
should be a goal in any routed environment, but as a guideline a environment, but as a guideline a maximum convergence time of around
maximum convergence time of around 30 seconds should be the target. 30 seconds should be the target.
Any routed solution will require a means for determining the Any routed solution will require a means for determining the
boundaries of the homenet. Borders may include but are not limited boundaries of the homenet. Borders may include but are not limited
to the interface to the upstream ISP, or a gateway device to a to the interface to the upstream ISP, or a gateway device to a
separate home network such as a SmartGrid or similar LLN network. In separate home network such as a SmartGrid or similar LLN network. In
some cases there may be no border such as occurs before an upstream some cases there may be no border such as occurs before an upstream
connection has been established. The border discovery functionality connection has been established. The border discovery functionality
may be integrated into the routing protocol itself, but may also be may be integrated into the routing protocol itself, but may also be
imported via a separate discovery mechanism. imported via a separate discovery mechanism.
skipping to change at page 24, line 5 skipping to change at page 25, line 34
participate the same way as the main homenet, or alternatively map/be participate the same way as the main homenet, or alternatively map/be
gatewayed to the main homenet. Current home deployments use largely gatewayed to the main homenet. Current home deployments use largely
different mechanisms in sensor and basic Internet connectivity different mechanisms in sensor and basic Internet connectivity
networks. IPv6 VM solutions may also add additional routing networks. IPv6 VM solutions may also add additional routing
requirements. requirements.
[I-D.howard-homenet-routing-comparison] contains evaluations of [I-D.howard-homenet-routing-comparison] contains evaluations of
common routing protocols made against the type of requirements common routing protocols made against the type of requirements
described above. described above.
3.4.7. A Self-organising Network 3.6. Security
A home network architecture should be naturally self-organising and
self-configuring under different circumstances relating to the
connectivity status to the Internet, number of devices, and physical
topology. While the homenet should be self-organising, it should be
possible to manually adjust (override) the current configuration.
The homenet will need to be aware of the extent of its own "site", as The security of an IPv6 homenet is an important consideration. The
discussed in the previous section. The homenet "site" defines the most notable difference to the IPv4 operational model is the removal
borders for ULAs, site scope multicast, service discovery and of NAT, the introduction of global addressability of devices, and
security policies. The homenet will thus have one or more borders thus a need to consider whether devices should have global
with external connectivity providers and potentially also have reachability. However, there are other challenges introduced, e.g.
borders within the internal network (e.g. for policy-based reasons). default filtering policies at the borders between other homenet
It should be possible to automatically perform border discovery for realms.
the different borders. Such borders determine for example the scope
of where prefixes, routing information, network traffic, service
discovery and naming may be shared. The default internally should be
to share everything.
The most important function in this respect is prefix delegation and There is no defined "threat model" as such for the type of IPv6
management. There are various sources of prefixes, e.g. they may be homenet described in this text. Such a document may be very useful.
globally unique prefixes originating from ISP(s), they may be It may include a variety of perspectives, from probing for specific
globally unique or ULA prefixes allocated by "master" router(s) in types of home appliance being present, to potential denial of service
the homenet, or they may be ULAs allocated by LLN gateways. There attacks. Hosts need to be able to operate securely, end-to-end where
may also be a prefix associated with NAT64, if in use in the homenet. required, but also be robust against malicious traffic direct towards
them. We simply note at this point that software on home devices
will have an increase in security if it allows its software to be
updated regularly.
From the homenet perspective, a single prefix from each ISP should be 3.6.1. Addressability vs reachability
received on the border CER [RFC3633]. Then each subnet in the
homenet should receive a prefix from within the ISP-provided
prefix(es). The ISP should only see the aggregate from the homenet,
and not single /64 prefixes allocated within the homenet.
Delegation should be autonomous, and not assume a flat or An IPv6-based home network architecture should embrace and naturally
hierarchical model. This text makes no assumption about whether the offer a transparent end-to-end communications model as described in
delegation of prefixes is distributed or centralised. The assignment [RFC2775]. Each device should be addressable by a globally unique
mechanism should provide reasonable efficiency, so that typical home address, and those addresses must not be altered in transit.
network prefix allocation sizes can accommodate all the necessary /64 Security perimeters can (via policy) restrict end-to-end
allocations in most cases, and not waste prefixes. A currently communications, and thus while a host may be globally addressable it
typical /60 allocation gives 16 /64 subnets. Duplicate assignment of may not be globally reachable.
multiple /64s to the same network should be avoided. The network
should behave as gracefully as possible in the event of prefix
exhaustion, though the options in such cases may be limited.
Where multiple CERs exist with multiple ISP prefix pools, it is In IPv4 NAT networks, the NAT provides an implicit firewall function.
expected that routers within the homenet would assign themselves [RFC4864] describes a "Simple Security" model for IPv6 networks,
prefixes from each ISP they communicate with/through. whereby stateful perimeter filtering can be applied instead where
global addresses are used. RFC 4864 implies an IPv6 "default deny"
policy for inbound connections be used for similar functionality to
IPv4 NAT. It should be noted that such a "default deny" approach
would effectively replace the need for IPv4 NAT traversal protocols
with a need to use a signalling protocol to request a firewall hole
be opened. Thus to support applications wanting to accept
connections initiated into home networks where a "default deny"
policy is in place support for a signalling protocol such as UPnP or
PCP [I-D.ietf-pcp-base] is required. In networks with multiple CERs,
the signalling would need to handle the cases of flows that may use
one or more exit routers. CERs would need to be able to advertise
their existence for such protocols.
Where ULAs are used, most likely but not necessarily in parallel with [RFC6092] expands on RFC 4864, giving a more detailed discussion of
global prefixes, one router should be elected to offer ULA prefixes IPv6 perimeter security recommendations, without mandating a "default
for the homenet. The router should generate a /48 ULA for the site, deny" approach. Indeed, RFC 6092 does not proscribe a particular
and then delegate /64's from that ULA prefix to subnets. In the mode of operation, instead stating that CERs must provide an easily
normal state, a single /48 ULA should be used within the homenet. In selected configuration option that permits a "transparent" mode of
cases where two /48 ULAs are generated within a homenet, the network operation, thus ensuring a "default allow" model is available. The
should still continue to function. homenet architecture text makes no recommendation on the default
setting, and refers the reader to RFC 6092, which in turn simply
states that a CER should provide functionality sufficient to support
the recommendations in that RFC.
Delegation within the homenet should give each link a prefix that is Advanced Security for IPv6 CPEs [I-D.vyncke-advanced-ipv6-security]
persistent across reboots, power outages and similar short-term takes the approach that in order to provide the greatest end-to-end
outages. Addition of a new routing device should not affect existing transparency as well as security, security policies must be updated
persistent prefixes, but persistence may not be expected in the face by a trusted party which can provide intrusion signatures and other
of significant "replumbing" of the homenet. Persistent prefixes "active" information on security threats. This might for example
should not depend on router boot order. Such persistent prefixes may allow different malware detection profiles to be configured on a CER.
imply the need for stable storage on routing devices, and also a Such methods should be able to be automatically updating.
method for a home user to "reset" the stored prefix should a
significant reconfiguration be required (though ideally the home user
should not be involved at all).
The delegation method should support renumbering, which would 3.6.2. Filtering at borders
typically be "flash" renumbering in that the homenet would not have
advance notice of the event or thus be able to apply the types of
approach described in [RFC4192]. As a minimum, delegated ULA
prefixes within the homenet should remain persistent through an ISP-
driven renumbering event.
Several proposals have been made for prefix delegation within a It is desirable that there are mechanisms to detect different types
homenet. One group of proposals is based on DHCPv6 PD, as described of borders within the homenet, as discussed previously, and then the
in [I-D.baker-homenet-prefix-assignment], means to apply different types of filtering policies at those
[I-D.chakrabarti-homenet-prefix-alloc], [RFC3315] and [RFC3633]. The borders, e.g. whether naming and service discovery should pass a
other uses OSPFv3, as described in given border. Any such policies should be able to be easily applied
[I-D.arkko-homenet-prefix-assignment]. More detailed analysis of by typical home users, e.g. to give a visitor in a "guest" network
these approaches needs to be made against the requirements/principles access to media services in the home, or access to a printer in the
described above. residence. Simple mechanisms to apply policy changes, or
associations between devices, will be required.
Other parameters of the network will need to be self-organising, but There are cases where full internal connectivity may not be
allow manual override of configurations where reasonable to do so. desirable, e.g. in certain utility networking scenarios, or where
The network elements will need to be integrated in a way that takes filtering is required for policy reasons against guest network
account of the various lifetimes on timers that are used on those subnet(s). Some scenarios/models may as a result involve running
different elements, e.g. DHCPv6 PD, router, valid prefix and isolated subnet(s) with their own CERs. In such cases connectivity
preferred prefix timers. would only be expected within each isolated network (though traffic
may potentially pass between them via external providers).
The network cannot be expected to be completely self-organising, e.g. LLNs provide an another example of where there may be secure
some security parameters are likely to need manual configuration, perimeters inside the homenet. Constrained LLN nodes may implement
e.g. WPA2 configuration for wireless access control. Some existing WPA2-style network key security but may depend on access policies
mechanisms exist to assist home users to associate devices as simply enforced by the LLN border router.
as possible, e.g. "connect" button support.
It is important that self-configuration with "unintended" devices is 3.6.3. Device capabilities
avoided. Methods are needed for devices to know whether they are
intended to be part of the same homenet site or not. Thus methods to
ensure separation between neighbouring homenets are required. This
may require use of some unique "secret" for devices/protocols in each
homenet.
3.4.8. Fewest Topology Assumptions In terms of the devices, homenet hosts should implement their own
security policies in accordance to their computing capabilities.
They should have the means to request transparent communications to
be initiated to them, either for all ports or for specific services.
Users should have simple methods to associate devices to services
that they wish to operate transparently through (CER) borders.
There should ideally be no built-in assumptions about the topology in 3.6.4. ULAs as a hint of connection origin
home networks, as users are capable of connecting their devices in
"ingenious" ways. Thus arbitrary topologies and arbitrary routing
will need to be supported. or at least the failure mode for when the
user makes a mistake should be as robust as possible, e.g. de-
activating a certain part of the infrastructure to allow the rest to
operate. In such cases, the user should ideally have some useful
indication of the failure mode encountered.
It is important not to introduce new IPv6 scenarios that would break It has been suggested that using ULAs would provide an indication to
with IPv4+NAT, given that dual-stack homenets will be commonplace for applications that received traffic is locally sourced. This could
some time. There may be IPv6-only topologies that work where IPv4 is then be used with security settings to designate where a particular
not used or required. application is allowed to connect to or receive traffic from.
3.4.9. Naming and Service Discovery 3.7. Naming and Service Discovery
Naming and service discovery must be supported in the homenet. The Naming and service discovery must be supported in the homenet. The
most natural way to think about such naming and service discovery is service(s) providing this function must support unmanaged operation.
to enable it to work across the entire residence (site), disregarding
technical borders such as subnets but potentially respecting policy
borders such as those between visitor and internal networks.
Discovery of a DNS service for access to external Internet resources
is also a fundamental requirement in a multi-subnet homenet; the
problem is not just name and service discovery within the homent
itself.
Users will need simple ways to name devices, or be provided with The most natural way to think about such naming and service discovery
is to enable it to work across the entire homenet residence (site),
disregarding technical borders such as subnets but potentially
respecting policy borders such as those between visitor and internal
network realms.
Users will want simple ways to name devices, or be provided with
appropriate ways for devices to generate unique names within the appropriate ways for devices to generate unique names within the
homenet. The naming system will be required to work internally or homenet. Users may typically perform device (re)naming and discovery
externally, be the user within the homenet or outside it, and there through GUI interfaces that hide the local domain name element from
may be multiple naming domains, e.g. Internet, home or guest them. Users may also wish to associated named devices to Internet
domains. It is highly likely that a home user will want access to domains, so that devices in their homenet can be accessed remotely.
many of the devices and services in their home while "roaming" Thus from the user's perspective a device is given a name; the user
elsewhere. It may be the case that not all devices in the homenet may expect that same unqualified name toy be valid within the local
are made available by name via any Internet-facing domain, and that a name service or through an Internet name service. Thus implies
"split-view" naming system is preferred for certain devices. Also, relative name resolution should be supported, i.e. there is some
name resolution for reachable devices must continue to function if naming convention that allows name resolution while mitigating the
the local network is disconnected from the global Internet. need for the user to know an absolute location in the Internet name
space. Or that there is some means to discover the domain
transparently to the user.
A desirable target may be a fully functional, self-configuring secure Homenet devices may thus appear in one or more local homenet name
local DNS service so that all devices can be referred to by name, and spaces and also in one or more Internet name spaces. While typically
these FQDNs are resolved locally. This could make clean use of ULAs there would be only one local name space, there may be scenarios
and multiple ISP-provided prefixes much easier. Such a local DNS where segmentation of that name space may be desirable. The naming
service should be (by default) authoritative for the local name space system will be required to work internally or externally, be the user
in both IPv4 and IPv6. A dual-stack residential gateway should within the homenet or outside it, and there may be multiple naming
include a dual-stack DNS server. domains used for any given device, e.g. Internet, home or guest
domains. It is likely that a home user will want access to many of
the devices and services in their home while "roaming" elsewhere.
However, it may be the case that not all devices in the homenet are
made available by name via an Internet name space, and that a "split
view" is preferred for certain devices.
There are naming protocols that are designed to be configured and The homenet name service must therefore at the very least co-exist
operate Internet-wide, like unicast-based DNS, but also protocols with Internet name services. There are naming protocols that are
that are designed for zero-configuration environments, like mDNS. designed to be configured and operate Internet-wide, like unicast-
Consideration should be made for how these interact with each other based DNS, but also protocols that are designed for zero-
in a homenet scenario. configuration local environments, like mDNS. Consideration should be
made for how these interact with each other in a homenet scenario.
The homenet name service should support both lookups and discovery.
A lookup would operate via a direct query to a known service, while
discovery may use multicast messages (as per mDNS and DNS-SD) or a
service where applications register in order to be found.
Name resolution and service discovery for reachable devices must
continue to function if the local network is disconnected from the
global Internet, e.g. a local media server should still be available
even if the Internet link is down for an extended period. This
implies the local network should also be able to perform a complete
restart in the absence of external connectivity, and have local
naming and discovery operate correctly. This might be achieved via a
local cache and an authoritative local name service. Also, a change
in ISP should also not affect local naming and service discovery.
There should be consideration of the security of any local name
space. A typical problem here may be that many homenets may use a
common "well-known" local domain suffix, e.g. .local, and this may be
ambiguous to a device that could attach to multiple homenets that use
that name, but this is also part of the "avoid joining unintended
networks" problem. A method to utilise a local trust anchor is
desirable.
With the introduction of new "dotless" top level domains, there is With the introduction of new "dotless" top level domains, there is
potential for ambiguity between for example a local host called potential for ambiguity between for example a local host called
"computer" and (if it is registered) a .computer gTLD. This suggests "computer" and (if it is registered) a .computer gTLD. This suggests
some implicit local name space is probably required. Such a name some implicit local name space is probably required. Such a name
space should also be configurable to something else by the user. space should also be configurable to something else by the user.
Discovery of a name service for access to external Internet resources
is also a fundamental requirement in a multi-subnet homenet; the
problem is not just name and service discovery within the homenet
itself.
The use of standard local domain name across adjacent homenets In some parts of the homenet, e.g. LLNs, devices may be sleeping, in
potentially introduces some ambiguity if, for example, a mobile which case a proxy for such nodes may be required, that can respond
device should move between two such networks. for example to multicast service discovery requests. Those same
parts of the network may have less capacity for multicast traffic
that may be flooded from other parts of the network. In general,
message utilisation should be efficient considering the network
technologies the service may need to operate over.
A desirable target may be a fully functional, self-configuring secure
local name service so that all devices can be referred to by name,
and these FQDNs are resolved locally. This could make clean use of
ULAs and multiple ISP-provided prefixes much easier. Such a local
name service should be (by default) authoritative for the local name
space in both IPv4 and IPv6. A dual-stack residential gateway should
include a dual-stack DNS server.
Current service discovery protocols are generally aimed at single Current service discovery protocols are generally aimed at single
subnets. If service discovery is to operate across the an entire subnets. If service discovery is to operate across the an entire
homenet, by adopting an approach like that proposed as Extended mDNS homenet, by adopting an approach like that proposed as Extended mDNS
(xmDNS) [I-D.lynn-homenet-site-mdns], then support may be required (xmDNS) [I-D.lynn-homenet-site-mdns], then support may be required
for IPv6 multicast across the scope of the whole homenet. for IPv6 multicast across the scope of the whole homenet.
In some parts of the homenet, e.g. LLNs, devices may be sleeping, in 3.8. Other Considerations
which case a proxy for such nodes may be required, that can respond
to multicast service discovery requests. Those same parts of the
network may have less capacity for multicast traffic that may be
flooded from other parts of the network. In general, message
utilisation should be efficient considering the network technologies
the service may need to operate over.
3.4.10. Proxy or Extend? This section discusses some other considerations for home networking
that may affect the architecture.
3.8.1. Proxy or Extend?
There are two broad choices for allowing services that would There are two broad choices for allowing services that would
otherwise be link-local to work across a homenet site. In the otherwise be link-local to work across a homenet site. In the
example of service discovery, one is to take protocols like mDNS and example of service discovery, one is to take protocols like mDNS and
have them run over site multicast within the homenet. This is fine have them run over site multicast within the homenet. This is fine
if all hosts support the extension, and the scope within any internal if all hosts support the extension, and the scope within any internal
borders is well-understood. But it's not backwards-compatible with borders is well-understood. But it's not backwards-compatible with
existing link-local protocols. The alternative is to proxy service existing link-local protocols. The alternative is to proxy service
discovery across each link, to propagate it. This is more complex, discovery across each link, to propagate it. This is more complex,
but is backwards-compatible. It would need to work with IPv6, and but is backwards-compatible. It would need to work with IPv6, and
skipping to change at page 28, line 20 skipping to change at page 30, line 36
those functions. However, while it is desirable to extend protocols those functions. However, while it is desirable to extend protocols
to site scope operation rather than providing proxy functions on to site scope operation rather than providing proxy functions on
subnet boundaries, the reality is that until all hosts can use site- subnet boundaries, the reality is that until all hosts can use site-
scope discovery protocols, existing link-local protocols would need scope discovery protocols, existing link-local protocols would need
to be proxied anyway. to be proxied anyway.
Some protocols already have proxy functions defined and in use, e.g. Some protocols already have proxy functions defined and in use, e.g.
DHCPv6 relays, in which case those protocols would be expected to DHCPv6 relays, in which case those protocols would be expected to
continue to operate that way. continue to operate that way.
3.4.11. Adapt to ISP constraints 3.8.2. Quality of Service
Different homenets may be subject to different behaviour by their
ISP(s). A homenet may receive an arbitrary length IPv6 prefix from
its provider, e.g. /60, /56 or /48. The offered prefix, may be
stable or change from time to time. Some ISPs may offer relatively
stable prefixes, while others may change the prefix whenever the CER
is reset. Some discussion of IPv6 prefix allocation policies is
included in [RFC6177], which discusses why, for example, a one-size-
fits-all /48 allocation is not desirable. The home network needs to
be adaptable to such ISP policies, and thus make no assumptions about
the stability of the prefix received from an ISP, or the length of
the prefix that may be offered. However, if only a /64 is offered by
the ISP, the homenet may be severely constrained, or even unable to
function.
The internal operation of the home network should also not depend on Support for QoS in a multi-service homenet may be a requirement, e.g.
the availability of the ISP network at any given time, other than for for a critical system (perhaps healthcare related), or for
connectivity to services or systems off the home network. This differentiation between different types of traffic (file sharing,
implies the use of ULAs as supported in RFC 6204. If used, ULA cloud storage, live streaming, VoIP, etc). Different media types may
addresses should be stable so that they can always be used have different such properties or capabilities.
internally, independent of the link to the ISP.
In practice, it is expected that ISPs will deliver a relatively However, homenet scenarios should require no new QoS protocols. A
stable home prefix to customers. The norm for residential customers DiffServ [RFC2475] approach with a small number of predefined traffic
of large ISPs may be similar to their single IPv4 address provision; classes should generally be sufficient, though at present there is
by default it is likely to remain persistent for some time, but little experience of QoS deployment in home networks. It is likely
changes in the ISP's own provisioning systems may lead to the that QoS, or traffic prioritisation, methods will be required at the
customer's IP (and in the IPv6 case their prefix pool) changing. It CER, and potentially around boundaries between different media types
is not expected that ISPs will support Provider Independent (PI) (where for example some traffic may simply not be appropriate for
addressing in general residential homenets. some media, and need to be dropped to avoid drowning the constrained
media).
When an ISP needs to restructure and in doing so renumber its There may also be complementary mechanisms that could be beneficial
customer homenets, "flash" renumbering is likely to be imposed. This to application performance and behaviour in the homenet domain, such
implies a need for the homenet to be able to handle a sudden as ensuring proper buffering algorithms are used as described in
renumbering event which, unlike the process described in [RFC4192], [Gettys11].
would be a "flag day" event, which means that a graceful renumbering
process moving through a state with two active prefixes in use would
not be possible. While renumbering is an extended version of an
initial numbering process, the difference between flash renumbering
and an initial "cold start" is the need to provide service
continuity.
There may be cases where local law means some ISPs are required to 3.8.3. Operations and Management
change IPv6 prefixes (current IPv4 addresses) for privacy reasons for
their customers. In such cases it may be possible to avoid an
instant "flash" renumbering and plan a non-flag day renumbering as
per RFC 4192.
The customer may of course also choose to move to a new ISP, and thus The homenet should be self-organising and configuring as far as
begin using a new prefix. In such cases the customer should expect a possible, and thus not be pro-actively managed by the home user.
discontinuity. In such cases, not only may the prefix change, but Thus protocols to manage the network are not discussed in this
potentially the prefix length, if the new ISP offers a different architecture text.
default size prefix, e.g. a /60 rather than a /56. Regardless, it's
desirable that homenet protocols support rapid renumbering and that
operational processes don't add unnecessary complexity for the
renumbering process.
The 6renum WG is studying IPv6 renumbering for enterprise networks. However, users may be interested in the status of their networks and
It is not currently targetting homenets, but may produce outputs that devices on the network, in which case simplified monitoring
are relevant. The introduction of any new homenet protocols should mechanisms may be desirable. It may also be the case that an ISP, or
not make any form of renumbering any more complex than it already is. a third party, might offer management of the homenet on behalf of a
user, in which case management protocols would be required. How such
management is done is out of scope of this document; many solutions
exist.
3.5. Implementing the Architecture on IPv6 3.9. Implementing the Architecture on IPv6
This architecture text encourages re-use of existing protocols. Thus This architecture text encourages re-use of existing protocols. Thus
the necessary mechanisms are largely already part of the IPv6 the necessary mechanisms are largely already part of the IPv6
protocol set and common implementations. There are though some protocol set and common implementations. There are though some
exceptions. For automatic routing, it is expected that existing exceptions. For automatic routing, it is expected that existing
routing protocols can be used as is. However, a new mechanism may be routing protocols can be used as is. However, a new mechanism may be
needed in order to turn a selected protocol on by default. needed in order to turn a selected protocol on by default.
Some functionality, if required by the architecture, would add Some functionality, if required by the architecture, would add
significant changes or require development of new protocols, e.g. significant changes or require development of new protocols, e.g.
skipping to change at page 32, line 26 skipping to change at page 34, line 13
[RFC6177] Narten, T., Huston, G., and L. Roberts, "IPv6 Address [RFC6177] Narten, T., Huston, G., and L. Roberts, "IPv6 Address
Assignment to End Sites", BCP 157, RFC 6177, March 2011. Assignment to End Sites", BCP 157, RFC 6177, March 2011.
[RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix [RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix
Translation", RFC 6296, June 2011. Translation", RFC 6296, June 2011.
[RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
Stack Lite Broadband Deployments Following IPv4 Stack Lite Broadband Deployments Following IPv4
Exhaustion", RFC 6333, August 2011. Exhaustion", RFC 6333, August 2011.
[RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with
Dual-Stack Hosts", RFC 6555, April 2012.
[I-D.baker-fun-multi-router] [I-D.baker-fun-multi-router]
Baker, F., "Exploring the multi-router SOHO network", Baker, F., "Exploring the multi-router SOHO network",
draft-baker-fun-multi-router-00 (work in progress), draft-baker-fun-multi-router-00 (work in progress),
July 2011. July 2011.
[I-D.lynn-homenet-site-mdns] [I-D.lynn-homenet-site-mdns]
Lynn, K. and D. Sturek, "Extended Multicast DNS", Lynn, K. and D. Sturek, "Extended Multicast DNS",
draft-lynn-homenet-site-mdns-00 (work in progress), draft-lynn-homenet-site-mdns-00 (work in progress),
March 2012. March 2012.
skipping to change at page 33, line 34 skipping to change at page 35, line 23
Wing, "IPv6 Multihoming without Network Address Wing, "IPv6 Multihoming without Network Address
Translation", draft-v6ops-multihoming-without-ipv6nat-00 Translation", draft-v6ops-multihoming-without-ipv6nat-00
(work in progress), March 2011. (work in progress), March 2011.
[I-D.baker-homenet-prefix-assignment] [I-D.baker-homenet-prefix-assignment]
Baker, F. and R. Droms, "IPv6 Prefix Assignment in Small Baker, F. and R. Droms, "IPv6 Prefix Assignment in Small
Networks", draft-baker-homenet-prefix-assignment-01 (work Networks", draft-baker-homenet-prefix-assignment-01 (work
in progress), March 2012. in progress), March 2012.
[I-D.arkko-homenet-prefix-assignment] [I-D.arkko-homenet-prefix-assignment]
Arkko, J. and A. Lindem, "Prefix Assignment in a Home Arkko, J., Lindem, A., and B. Paterson, "Prefix Assignment
Network", draft-arkko-homenet-prefix-assignment-01 (work in a Home Network",
in progress), October 2011. draft-arkko-homenet-prefix-assignment-02 (work in
progress), July 2012.
[I-D.acee-ospf-ospfv3-autoconfig] [I-D.acee-ospf-ospfv3-autoconfig]
Lindem, A. and J. Arkko, "OSPFv3 Auto-Configuration", Lindem, A. and J. Arkko, "OSPFv3 Auto-Configuration",
draft-acee-ospf-ospfv3-autoconfig-02 (work in progress), draft-acee-ospf-ospfv3-autoconfig-03 (work in progress),
May 2012. July 2012.
[I-D.ietf-pcp-base] [I-D.ietf-pcp-base]
Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P. Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P.
Selkirk, "Port Control Protocol (PCP)", Selkirk, "Port Control Protocol (PCP)",
draft-ietf-pcp-base-26 (work in progress), June 2012. draft-ietf-pcp-base-26 (work in progress), June 2012.
[I-D.hain-ipv6-ulac] [I-D.hain-ipv6-ulac]
Hain, T., Hinden, R., and G. Huston, "Centrally Assigned Hain, T., Hinden, R., and G. Huston, "Centrally Assigned
IPv6 Unicast Unique Local Address Prefixes", IPv6 Unicast Unique Local Address Prefixes",
draft-hain-ipv6-ulac-02 (work in progress), July 2010. draft-hain-ipv6-ulac-02 (work in progress), July 2010.
[I-D.ietf-v6ops-happy-eyeballs]
Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with
Dual-Stack Hosts", draft-ietf-v6ops-happy-eyeballs-07
(work in progress), December 2011.
[I-D.chakrabarti-homenet-prefix-alloc] [I-D.chakrabarti-homenet-prefix-alloc]
Nordmark, E., Chakrabarti, S., Krishnan, S., and W. Nordmark, E., Chakrabarti, S., Krishnan, S., and W.
Haddad, "Simple Approach to Prefix Distribution in Basic Haddad, "Simple Approach to Prefix Distribution in Basic
Home Networks", draft-chakrabarti-homenet-prefix-alloc-01 Home Networks", draft-chakrabarti-homenet-prefix-alloc-01
(work in progress), October 2011. (work in progress), October 2011.
[I-D.arkko-homenet-physical-standard] [I-D.arkko-homenet-physical-standard]
Arkko, J. and A. Keranen, "Minimum Requirements for Arkko, J. and A. Keranen, "Minimum Requirements for
Physical Layout of Home Networks", Physical Layout of Home Networks",
draft-arkko-homenet-physical-standard-00 (work in draft-arkko-homenet-physical-standard-00 (work in
skipping to change at page 34, line 36 skipping to change at page 36, line 20
[IGD-2] UPnP Gateway Committee, "Internet Gateway Device (IGD) V [IGD-2] UPnP Gateway Committee, "Internet Gateway Device (IGD) V
2.0", September 2010, <http://upnp.org/specs/gw/ 2.0", September 2010, <http://upnp.org/specs/gw/
UPnP-gw-WANIPConnection-v2-Service.pdf>. UPnP-gw-WANIPConnection-v2-Service.pdf>.
Appendix A. Acknowledgments Appendix A. Acknowledgments
The authors would like to thank Aamer Akhter, Mark Andrews, Dmitry The authors would like to thank Aamer Akhter, Mark Andrews, Dmitry
Anipko, Fred Baker, Ray Bellis, Cameron Byrne, Brian Carpenter, Anipko, Fred Baker, Ray Bellis, Cameron Byrne, Brian Carpenter,
Stuart Cheshire, Lorenzo Colitti, Robert Cragie, Ralph Droms, Lars Stuart Cheshire, Lorenzo Colitti, Robert Cragie, Ralph Droms, Lars
Eggert, Jim Gettys, Wassim Haddad, Joel M. Halpern, David Harrington, Eggert, Jim Gettys, olafur Gudmundsson, Wassim Haddad, Joel M.
Lee Howard, Ray Hunter, Joel Jaeggli, Heather Kirksey, Ted Lemon, Halpern, David Harrington, Lee Howard, Ray Hunter, Joel Jaeggli,
Kerry Lynn, Erik Nordmark, Michael Richardson, Barbara Stark, Sander Heather Kirksey, Ted Lemon, Kerry Lynn, Erik Nordmark, Michael
Steffann, Dave Thaler, JP Vasseur, Curtis Villamizar, Dan Wing, Russ Richardson, Barbara Stark, Sander Steffann, Dave Taht, Dave Thaler,
White, and James Woodyatt for their contributions within homenet WG Mark Townsley, JP Vasseur, Curtis Villamizar, Dan Wing, Russ White,
meetings and the mailing list, and Mark Townsley for being an initial and James Woodyatt for their contributions within homenet WG meetings
editor/author of this text before taking his position as homenet WG and on the WG mailing list.
co-chair.
Appendix B. Changes Appendix B. Changes
This section will be removed in the final version of the text. This section will be removed in the final version of the text.
B.1. Version 03 B.1. Version 04
Changes made include:
o Moved border section from IPv6 differences to principles section.
o Restructured principles into areas.
o Added summary of naming and service discovery discussion from WG
list.
B.2. Version 03
Changes made include: Changes made include:
o Various improvements to the readability. o Various improvements to the readability.
o Removed bullet lists of requirements, as requested by chair. o Removed bullet lists of requirements, as requested by chair.
o Noted 6204bis has replaced advanced-cpe draft. o Noted 6204bis has replaced advanced-cpe draft.
o Clarified the topology examples are just that. o Clarified the topology examples are just that.
skipping to change at page 36, line 20 skipping to change at page 38, line 13
the homenet. the homenet.
o Added some ISPs renumber due to privacy laws. o Added some ISPs renumber due to privacy laws.
o Removed extra repeated references to Simple Security. o Removed extra repeated references to Simple Security.
o Removed some solution creep on RIOs/RAs. o Removed some solution creep on RIOs/RAs.
o Load-balancing scenario added as to be supported. o Load-balancing scenario added as to be supported.
B.2. Version 02 B.3. Version 02
Changes made include: Changes made include:
o Made the IPv6 implications section briefer. o Made the IPv6 implications section briefer.
o Changed Network Models section to describe properties of the o Changed Network Models section to describe properties of the
homenet with illustrative examples, rather than implying the homenet with illustrative examples, rather than implying the
number of models was fixed to the six shown in 01. number of models was fixed to the six shown in 01.
o Text to state multihoming support focused on single CER model. o Text to state multihoming support focused on single CER model.
 End of changes. 113 change blocks. 
666 lines changed or deleted 765 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/