draft-ietf-homenet-arch-06.txt   draft-ietf-homenet-arch-07.txt 
Network Working Group T. Chown, Ed. Network Working Group T. Chown, Ed.
Internet-Draft University of Southampton Internet-Draft University of Southampton
Intended status: Informational J. Arkko Intended status: Informational J. Arkko
Expires: April 25, 2013 Ericsson Expires: August 14, 2013 Ericsson
A. Brandt A. Brandt
Sigma Designs Sigma Designs
O. Troan O. Troan
Cisco Systems, Inc. Cisco Systems, Inc.
J. Weil J. Weil
Time Warner Cable Time Warner Cable
October 22, 2012 February 10, 2013
Home Networking Architecture for IPv6 Home Networking Architecture for IPv6
draft-ietf-homenet-arch-06 draft-ietf-homenet-arch-07
Abstract Abstract
This text describes evolving networking technology within This text describes evolving networking technology within
increasingly large residential home networks. The goal of this increasingly large residential home networks. The goal of this
document is to define an architecture for IPv6-based home networking, document is to define a general architecture for IPv6-based home
while describing the associated principles, considerations and networking, describing the associated principles, considerations and
requirements. The text briefly highlights the specific implications requirements. The text briefly highlights specific implications of
of the introduction of IPv6 for home networking, discusses the the introduction of IPv6 for home networking, discusses the elements
elements of the architecture, and suggests how standard IPv6 of the architecture, and suggests how standard IPv6 mechanisms and
mechanisms and addressing can be employed in home networking. The addressing can be employed in home networking. The architecture
architecture describes the need for specific protocol extensions for describes the need for specific protocol extensions for certain
certain additional functionality. It is assumed that the IPv6 home additional functionality. It is assumed that the IPv6 home network
network is not actively managed, and runs as an IPv6-only or dual- is not actively managed, and runs as an IPv6-only or dual-stack
stack network. There are no recommendations in this text for the network. There are no recommendations in this text for the IPv4 part
IPv4 part of the network. of the network.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 25, 2013. This Internet-Draft will expire on August 14, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 29 skipping to change at page 2, line 29
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Terminology and Abbreviations . . . . . . . . . . . . . . 5 1.1. Terminology and Abbreviations . . . . . . . . . . . . . . 5
2. Effects of IPv6 on Home Networking . . . . . . . . . . . . . . 6 2. Effects of IPv6 on Home Networking . . . . . . . . . . . . . . 6
2.1. Multiple subnets and routers . . . . . . . . . . . . . . . 6 2.1. Multiple subnets and routers . . . . . . . . . . . . . . . 6
2.2. Global addressability and elimination of NAT . . . . . . . 7 2.2. Global addressability and elimination of NAT . . . . . . . 7
2.3. Multi-Addressing of devices . . . . . . . . . . . . . . . 8 2.3. Multi-Addressing of devices . . . . . . . . . . . . . . . 8
2.4. Unique Local Addresses (ULAs) . . . . . . . . . . . . . . 8 2.4. Unique Local Addresses (ULAs) . . . . . . . . . . . . . . 8
2.5. Naming, and manual configuration of IP addresses . . . . . 9 2.5. Avoiding manual configuration of IP addresses . . . . . . 9
2.6. IPv6-only operation . . . . . . . . . . . . . . . . . . . 9 2.6. IPv6-only operation . . . . . . . . . . . . . . . . . . . 10
3. Homenet Architecture . . . . . . . . . . . . . . . . . . . . . 10 3. Homenet Architecture . . . . . . . . . . . . . . . . . . . . . 10
3.1. General Principles . . . . . . . . . . . . . . . . . . . . 11 3.1. General Principles . . . . . . . . . . . . . . . . . . . . 11
3.1.1. Reuse existing protocols . . . . . . . . . . . . . . . 11 3.1.1. Reuse existing protocols . . . . . . . . . . . . . . . 11
3.1.2. Minimise changes to hosts and routers . . . . . . . . 11 3.1.2. Minimise changes to hosts and routers . . . . . . . . 12
3.2. Homenet Topology . . . . . . . . . . . . . . . . . . . . . 11 3.2. Homenet Topology . . . . . . . . . . . . . . . . . . . . . 12
3.2.1. Supporting arbitrary topologies . . . . . . . . . . . 11 3.2.1. Supporting arbitrary topologies . . . . . . . . . . . 12
3.2.2. Network topology models . . . . . . . . . . . . . . . 12 3.2.2. Network topology models . . . . . . . . . . . . . . . 12
3.2.3. Dual-stack topologies . . . . . . . . . . . . . . . . 16 3.2.3. Dual-stack topologies . . . . . . . . . . . . . . . . 17
3.2.4. Multihoming . . . . . . . . . . . . . . . . . . . . . 17 3.2.4. Multihoming . . . . . . . . . . . . . . . . . . . . . 18
3.3. A Self-Organising Network . . . . . . . . . . . . . . . . 18 3.3. A Self-Organising Network . . . . . . . . . . . . . . . . 19
3.3.1. Homenet realms and borders . . . . . . . . . . . . . . 19 3.3.1. Differentiating neighbouring homenets . . . . . . . . 20
3.3.2. Largest practical subnets . . . . . . . . . . . . . . 20 3.3.2. Largest practical subnets . . . . . . . . . . . . . . 20
3.3.3. Handling multiple homenets . . . . . . . . . . . . . . 20 3.3.3. Homenet realms and borders . . . . . . . . . . . . . . 20
3.3.4. Coordination of configuration information . . . . . . 20
3.4. Homenet Addressing . . . . . . . . . . . . . . . . . . . . 21 3.4. Homenet Addressing . . . . . . . . . . . . . . . . . . . . 21
3.4.1. Use of ISP-delegated IPv6 prefixes . . . . . . . . . . 21 3.4.1. Use of ISP-delegated IPv6 prefixes . . . . . . . . . . 22
3.4.2. Stable internal IP addresses . . . . . . . . . . . . . 22 3.4.2. Stable internal IP addresses . . . . . . . . . . . . . 23
3.4.3. Internal prefix delegation . . . . . . . . . . . . . . 23 3.4.3. Internal prefix delegation . . . . . . . . . . . . . . 24
3.4.4. Privacy . . . . . . . . . . . . . . . . . . . . . . . 24 3.4.4. Coordination of configuration information . . . . . . 25
3.5. Routing functionality . . . . . . . . . . . . . . . . . . 25 3.4.5. Privacy . . . . . . . . . . . . . . . . . . . . . . . 26
3.5.1. Multicast support . . . . . . . . . . . . . . . . . . 26 3.5. Routing functionality . . . . . . . . . . . . . . . . . . 26
3.5.1. Multicast support . . . . . . . . . . . . . . . . . . 27
3.6. Security . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.6. Security . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.6.1. Addressability vs reachability . . . . . . . . . . . . 27 3.6.1. Addressability vs reachability . . . . . . . . . . . . 28
3.6.2. Filtering at borders . . . . . . . . . . . . . . . . . 28 3.6.2. Filtering at borders . . . . . . . . . . . . . . . . . 29
3.6.3. Marginal Effectiveness of NAT and Firewalls . . . . . 28 3.6.3. Marginal Effectiveness of NAT and Firewalls . . . . . 29
3.6.4. Device capabilities . . . . . . . . . . . . . . . . . 29 3.6.4. Device capabilities . . . . . . . . . . . . . . . . . 29
3.6.5. ULAs as a hint of connection origin . . . . . . . . . 29 3.6.5. ULAs as a hint of connection origin . . . . . . . . . 30
3.7. Naming and Service Discovery . . . . . . . . . . . . . . . 29 3.7. Naming and Service Discovery . . . . . . . . . . . . . . . 30
3.7.1. Discovering services . . . . . . . . . . . . . . . . . 29 3.7.1. Discovering services . . . . . . . . . . . . . . . . . 30
3.7.2. Assigning names to devices . . . . . . . . . . . . . . 30 3.7.2. Assigning names to devices . . . . . . . . . . . . . . 31
3.7.3. Name spaces . . . . . . . . . . . . . . . . . . . . . 30 3.7.3. Name spaces . . . . . . . . . . . . . . . . . . . . . 31
3.7.4. The homenet name service . . . . . . . . . . . . . . . 32 3.7.4. The homenet name service . . . . . . . . . . . . . . . 33
3.7.5. Independent operation . . . . . . . . . . . . . . . . 33 3.7.5. Independent operation . . . . . . . . . . . . . . . . 34
3.7.6. Considerations for LLNs . . . . . . . . . . . . . . . 33 3.7.6. Considerations for LLNs . . . . . . . . . . . . . . . 35
3.7.7. DNS resolver discovery . . . . . . . . . . . . . . . . 34 3.7.7. DNS resolver discovery . . . . . . . . . . . . . . . . 35
3.8. Other Considerations . . . . . . . . . . . . . . . . . . . 34 3.8. Other Considerations . . . . . . . . . . . . . . . . . . . 35
3.8.1. Proxy or Extend? . . . . . . . . . . . . . . . . . . . 34 3.8.1. Quality of Service . . . . . . . . . . . . . . . . . . 35
3.8.2. Quality of Service . . . . . . . . . . . . . . . . . . 35 3.8.2. Operations and Management . . . . . . . . . . . . . . 36
3.8.3. Operations and Management . . . . . . . . . . . . . . 35 3.9. Implementing the Architecture on IPv6 . . . . . . . . . . 36
3.9. Implementing the Architecture on IPv6 . . . . . . . . . . 35 4. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 37
4. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 36 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 37
5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 36 5.1. Normative References . . . . . . . . . . . . . . . . . . . 37
5.1. Normative References . . . . . . . . . . . . . . . . . . . 36 5.2. Informative References . . . . . . . . . . . . . . . . . . 38
5.2. Informative References . . . . . . . . . . . . . . . . . . 37 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 41
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 40 Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . . 41
Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . . 40 B.1. Version 07 . . . . . . . . . . . . . . . . . . . . . . . . 41
B.1. Version 06 . . . . . . . . . . . . . . . . . . . . . . . . 41 B.2. Version 06 . . . . . . . . . . . . . . . . . . . . . . . . 42
B.2. Version 05 . . . . . . . . . . . . . . . . . . . . . . . . 41 B.3. Version 05 . . . . . . . . . . . . . . . . . . . . . . . . 42
B.3. Version 04 . . . . . . . . . . . . . . . . . . . . . . . . 41 B.4. Version 04 . . . . . . . . . . . . . . . . . . . . . . . . 42
B.4. Version 03 . . . . . . . . . . . . . . . . . . . . . . . . 41 B.5. Version 03 . . . . . . . . . . . . . . . . . . . . . . . . 43
B.5. Version 02 . . . . . . . . . . . . . . . . . . . . . . . . 43 B.6. Version 02 . . . . . . . . . . . . . . . . . . . . . . . . 44
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 43 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 45
1. Introduction 1. Introduction
This document focuses on evolving networking technology within This document focuses on evolving networking technology within
increasingly large residential home networks and the associated increasingly large residential home networks and the associated
challenges with their deployment and operation. There is a growing challenges with their deployment and operation. There is a growing
trend in home networking for the proliferation of networking trend in home networking for the proliferation of networking
technology in an increasingly broad range of devices and media. This technology through an increasingly broad range of devices and media.
evolution in scale and diversity sets requirements on IETF protocols. This evolution in scale and diversity sets requirements on IETF
Some of these requirements relate to the introduction of IPv6, others protocols. Some of these requirements relate to the introduction of
to the introduction of specialised networks for home automation and IPv6, others to the introduction of specialised networks for home
sensors. automation and sensors.
While at the time of writing some complex home network topologies While at the time of writing some complex home network topologies
exist, most operate based on IPv4, employ solutions that we would exist, but most are relatively simple single subnet networks, and
like to avoid such as (cascaded) network address translation (NAT), ostensibly operate using just IPv4 (there may be IPv6 traffic within
or require expert assistance to set up. In IPv6 home networks, there the network, e.g. for service discovery, but the homenet is
are likely to be scenarios where internal routing is required, for provisioned by the ISP as an IPv4 network). However, they also
example to support private and guest networks, in which case such typically employ solutions that we would like to avoid such as
networks may use increasing numbers of subnets, and require methods private [RFC1918] addressing with (cascaded) network address
for IPv6 prefixes to be delegated to those subnets. The assumption translation (NAT)[RFC3022], or they may require expert assistance to
of this document is that the homenet is as far as possible self- set up.
organising and self-configuring, and thus need not be pro-actively
managed by the residential user. In contrast, emerging IPv6-capable home networks are very likely to
have multiple internal subnets, e.g. to support private and guest
networks, and have enough address space to allow every device to have
a globally unique address. Thus there are likely to be scenarios
where internal routing is required, in which case such networks
require methods for IPv6 prefixes to be delegated to those subnets.
It is not practical to expect home users to configure such prefixes,
thus the assumption of this document is that the homenet is as far as
possible self-organising and self-configuring, i.e. it need not be
pro-actively managed by the residential user.
The architectural constructs in this document are focused on the The architectural constructs in this document are focused on the
problems to be solved when introducing IPv6 with an eye towards a problems to be solved when introducing IPv6 with an eye towards a
better result than what we have today with IPv4, as well as a better better result than what we have today with IPv4, as well as a better
result than if the IETF had not given this specific guidance. The result than if the IETF had not given this specific guidance. The
document aims to provide the basis and guiding principles for how document aims to provide the basis and guiding principles for how
standard IPv6 mechanisms and addressing [RFC2460] [RFC4291] can be standard IPv6 mechanisms and addressing [RFC2460] [RFC4291] can be
employed in home networking, while coexisting with existing IPv4 employed in home networking, while coexisting with existing IPv4
mechanisms. In emerging dual-stack home networks it is vital that mechanisms. In emerging dual-stack home networks it is vital that
introducing IPv6 does not adversely affect IPv4 operation. We assume introducing IPv6 does not adversely affect IPv4 operation. We assume
skipping to change at page 5, line 13 skipping to change at page 5, line 22
must be simple to deploy and use, it does not discuss specific user must be simple to deploy and use, it does not discuss specific user
interfaces, nor does it discuss specific physical, wireless or data- interfaces, nor does it discuss specific physical, wireless or data-
link layer considerations. link layer considerations.
[RFC6204] defines basic requirements for customer edge routers [RFC6204] defines basic requirements for customer edge routers
(CERs). The scope of this text is the internal homenet, and thus (CERs). The scope of this text is the internal homenet, and thus
specific features on the CER are out of scope for this text. While specific features on the CER are out of scope for this text. While
the network may be dual-stack or IPv6-only, the definition of the network may be dual-stack or IPv6-only, the definition of
specific transition tools on the CER, as introduced in RFC 6204-bis specific transition tools on the CER, as introduced in RFC 6204-bis
[I-D.ietf-v6ops-6204bis] with DS-Lite [RFC6333] and 6rd [RFC5969], [I-D.ietf-v6ops-6204bis] with DS-Lite [RFC6333] and 6rd [RFC5969],
are considered issues for that RFC, and are thus also out of scope of are also considered out of scope of this text.
this text.
1.1. Terminology and Abbreviations 1.1. Terminology and Abbreviations
In this section we define terminology and abbreviations used In this section we define terminology and abbreviations used
throughout the text. throughout the text.
o "Advanced Security". Describes advanced security functions for a
CER, as defined in [I-D.vyncke-advanced-ipv6-security], where the
default inbound connection policy is generally "default allow".
o ALQDN: Ambiguous Locally Qualified Domain Name. An example would o ALQDN: Ambiguous Locally Qualified Domain Name. An example would
be .sitelocal. be .sitelocal.
o CER: Customer Edge Router. A border router at the edge of the o CER: Customer Edge Router. A border router at the edge of the
homenet. homenet.
o FQDN: Fully Qualified Domain Name. A globally unique name space. o FQDN: Fully Qualified Domain Name. A globally unique name space.
o LLN: Low-power and lossy network. o LLN: Low-power and lossy network.
o LQDN: Locally Qualified Domain Name. A name space local to the o LQDN: Locally Qualified Domain Name. A name space local to the
homenet. homenet.
o NAT: Network Address Translation. Typically referring to IPv4 o NAT: Network Address Translation. Typically referring to IPv4
Network Address and Port Translation (NAPT) [RFC3022]. Network Address and Port Translation (NAPT) [RFC3022].
o NPTv6: Network Prefix Translation for IPv6 [RFC6296]. o NPTv6: Network Prefix Translation for IPv6 [RFC6296].
o PCP: Port Control Protocol [I-D.ietf-pcp-base]. o PCP: Port Control Protocol [I-D.ietf-pcp-base].
o "Simple Security". Defined in [RFC4864] and expanded further in o 'Simple Security'. Defined in [RFC4864] and expanded further in
[RFC6092]; describes recommended perimeter security capabilities [RFC6092]; describes recommended perimeter security capabilities
for IPv6 networks. for IPv6 networks.
o ULA: IPv6 Unique Local Addresses [RFC4193]. o ULA: IPv6 Unique Local Addresses [RFC4193].
o ULQDN: Unique Locally Qualified Domain Name. An example might be o ULQDN: Unique Locally Qualified Domain Name. An example might be
.<UniqueString>.sitelocal. .<UniqueString>.sitelocal.
o UPnP: Universal Plug and Play. Includes the Internet Gateway o UPnP: Universal Plug and Play. Includes the Internet Gateway
Device (IGD) function, which for IPv6 is UPnP IGD Version 2 Device (IGD) function, which for IPv6 is UPnP IGD Version 2
[IGD-2]. [IGD-2].
o VM: Virtual machine. o VM: Virtual machine.
o WPA2: Wi-Fi Protected Access, as defined by the Wi-Fi Alliance. o WPA2: Wi-Fi Protected Access, as defined by the Wi-Fi Alliance.
2. Effects of IPv6 on Home Networking 2. Effects of IPv6 on Home Networking
While IPv6 resembles IPv4 in many ways, it changes address allocation While IPv6 resembles IPv4 in many ways, there are some notable
principles, making multi-addressing the norm, and allowing direct IP differences in the way it may typically be deployed. It changes
addressability of home networking devices from the Internet. This address allocation principles, making multi-addressing the norm, and,
section presents an overview of some of the key implications of the through the vastly increased address space, allows globally unique IP
addresses to be used for all devices in a home network. This section
presents an overview of some of the key implications of the
introduction of IPv6 for home networking, that are simultaneously introduction of IPv6 for home networking, that are simultaneously
both promising and problematic. both promising and problematic.
2.1. Multiple subnets and routers 2.1. Multiple subnets and routers
The introduction of IPv6 for home networking enables the potential
for every home network to be delegated enough address space to
provision globally unique prefixes for each subnet in the home. Such
subnetting is not common practice in existing IPv4 homenets, but is
very likely to become increasingly standard in future IPv6 homenets.
While simple layer 3 topologies involving as few subnets as possible While simple layer 3 topologies involving as few subnets as possible
are preferred in home networks, the incorporation of dedicated are preferred in home networks, the incorporation of dedicated
(routed) subnets remains necessary for a variety of reasons. For (routed) subnets remains necessary for a variety of reasons. For
instance, an increasingly common feature in modern home routers is instance, an increasingly common feature in modern home routers is
the ability to support both guest and private network subnets. the ability to support both guest and private network subnets.
Likewise, there may be a need to separate building control or Likewise, there may be a need to separate building control or
corporate extensions from the main Internet access network, or corporate extensions from the main Internet access network, or
different subnets may in general be associated with parts of the different subnets may in general be associated with parts of the
homenet that have different routing and security policies. Further, homenet that have different routing and security policies. Further,
link layer networking technology is poised to become more link layer networking technology is poised to become more
heterogeneous, as networks begin to employ both traditional Ethernet heterogeneous, as networks begin to employ both traditional Ethernet
technology and link layers designed for low-power and lossy networks technology and link layers designed for low-power and lossy networks
(LLNs), such as those used for certain types of sensor devices. (LLNs), such as those used for certain types of sensor devices.
Constraining the flow of certain traffic from Ethernet links to much Constraining the flow of certain traffic from Ethernet links to much
lower capacity links thus becomes an important topic. lower capacity links thus becomes an important topic.
The introduction of IPv6 for home networking enables the potential
for every home network to be delegated enough address space to
provision globally unique prefixes for each such subnet in the home.
As discussed later, this assumes the customer's ISP delegates enough
address space to the home. While the number of addresses in a
standard /64 IPv6 prefix is practically infinite, the number of
prefixes available for assignment to the home network is not. As a
result the growth inhibitor for the home network shifts from the
number of addresses to the number of prefixes offered by the
provider.
The addition of routing between subnets raises the issue of how to The addition of routing between subnets raises the issue of how to
extend mechanisms such as service discovery which currently rely on extend mechanisms such as service discovery which currently only
link-local addressing to limit scope. There are two broad choices; operate within a single subnet using link-local traffic. In a
extend existing protocols to work across the scope of the homenet, or typical IPv4 home network, there is only one subnet, so such
introduce proxies for existing link layer protocols. This topic is mechanisms would normally operate as expected. For multi-subnet IPv6
discussed later in the document. It may also be more appropriate to home networks there are two broad choices to enable such protocols to
use a different protocol instead, in which case it should preferably work across the scope of the entire homenet; extend existing
be a proven, existing protocol. protocols to work across that scope, or introduce proxies for
existing link layer protocols. This topic is discussed later in the
document.
There will also be the need to discover which routers in the homenet There will also be the need to discover which routers in the homenet
are the border router(s) by an appropriate mechanism. Here, there are the border router(s) by an appropriate mechanism. Here, there
are a number of choices, including the use of an appropriate service are a number of choices, including the use of an appropriate service
discovery protocol. Whatever method is chosen would likely have to discovery protocol. Whatever method is chosen would likely have to
deal with handling more than one router responding in multihomed deal with handling more than one router responding in multihomed
environments. environments.
2.2. Global addressability and elimination of NAT 2.2. Global addressability and elimination of NAT
Current IPv4 home networks typically receive a single global IPv4
address from their ISP and use NAT with private [RFC1918] addresses
for devices within the network. An IPv6 home network removes the
need to use NAT given the ISP offers a sufficiently large globally
unique IPv6 prefix to the homenet, allowing every device on every
subnet to be assigned a globally unique IPv6 address.
The end-to-end communication that is potentially enabled with IPv6 is The end-to-end communication that is potentially enabled with IPv6 is
on the one hand an incredible opportunity for innovation and simpler on the one hand an incredible opportunity for innovation and simpler
network operation, but it is also a concern as it exposes nodes in network operation, but it is also a concern as it exposes nodes in
the internal networks to receipt of otherwise unwanted traffic from the internal networks to receipt of potentially unwanted traffic from
the Internet. While devices and applications can potentially talk the Internet.
directly to each other when all devices have globally unique
addresses, there may be an expectation of improved host security to
compensate for this. It should be noted that many devices may (for
example) ship with default settings that make them readily vulnerable
to compromise by external attackers if globally accessible, or may
simply not have robustness designed-in because it was either assumed
such devices would only be used on private networks or the device
itself doesn't have the computing power to apply the necessary
security methods.
IPv6 networks may or may not have filters applied at their borders, With devices and applications able to talk directly to each other
i.e. at the homenet CER. [RFC4864], [RFC6092] and when they have globally unique addresses, there may be an expectation
[I-D.vyncke-advanced-ipv6-security] discuss such filtering, and the of improved host security to compensate for this. It should be noted
merits of "default allow" against "default deny" policies for that many devices may (for example) ship with default settings that
external traffic initiated into a homenet. It is important to make them readily vulnerable to compromise by external attackers if
distinguish between addressability and reachability. While IPv6 globally accessible, or may simply not have robustness designed-in
offers global addressability through use of globally unique addresses because it was either assumed such devices would only be used on
in the home, whether they are globally reachable or not would depend private networks or the device itself doesn't have the computing
on the firewall or filtering configuration, and not, as is commonly power to apply the necessary security methods.
the case with IPv4, the presence or use of NAT.
It is important to distinguish between addressability and
reachability. While IPv6 offers global addressability through use of
globally unique addresses in the home, whether devices are globally
reachable or not would depend on the firewall or filtering
configuration, and not, as is commonly the case with IPv4, the
presence or use of NAT. In this respect, IPv6 networks may or may
not have filters applied at their borders to control such traffic,
i.e. at the homenet CER. [RFC4864] and [RFC6092] discuss such
filtering, and the merits of 'default allow' against 'default deny'
policies for external traffic initiated into a homenet. This
document takes no position on which mode is the default, but assumes
the choice to use either would be made available.
2.3. Multi-Addressing of devices 2.3. Multi-Addressing of devices
In an IPv6 network, devices may acquire multiple addresses, typically In an IPv6 network, devices will often acquire multiple addresses,
at least a link-local address and one or more globally unique typically at least a link-local address and one or more globally
addresses. They may also have an IPv4 address if the network is unique addresses. Where a homenet is multihomed, a device would
dual-stack, a Unique Local Address (ULA) [RFC4193] (see below), and typically receive a globally unique address from within the delegated
one or more IPv6 Privacy Addresses [RFC4941]. prefix from each upstream ISP. Devices may also have an IPv4 address
if the network is dual-stack, an IPv6 Unique Local Address (ULA)
[RFC4193] (see below), and one or more IPv6 Privacy Addresses
[RFC4941].
Thus it should be considered the norm for devices on IPv6 home It should thus be considered the norm for devices on IPv6 home
networks to be multi-addressed, and to need to make appropriate networks to be multi-addressed, and to need to make appropriate
address selection decisions for the candidate source and destination address selection decisions for the candidate source and destination
address pairs. Default Address Selection for IPv6 [RFC6724] provides address pairs for any given connection. Default Address Selection
a solution for this, though it may face problems in the event of for IPv6 [RFC6724] provides a solution for this, though it may face
multihoming, where nodes will be configured with one address from problems in the event of multihoming where, as described above, nodes
each upstream ISP prefix. In such cases the presence of upstream will be configured with one address from each upstream ISP prefix.
ingress filtering requires multi-addressed nodes to select the In such cases the presence of upstream BCP 38 [RFC2827] ingress
correct source address to be used for the corresponding uplink, to filtering requires multi-addressed nodes to select the correct source
avoid ISP BCP 38 ingress filtering, but the node may not have the address to be used for the corresponding uplink, but the node may not
information it needs to make that decision based on addresses alone. have the information it needs to make that decision based on
We discuss such challenges in the multihoming section later in this addresses alone. We discuss such challenges in the multihoming
document. section later in this document.
2.4. Unique Local Addresses (ULAs) 2.4. Unique Local Addresses (ULAs)
[RFC4193] defines Unique Local Addresses (ULAs) for IPv6 that may be [RFC4193] defines Unique Local Addresses (ULAs) for IPv6 that may be
used to address devices within the scope of a single site. Support used to address devices within the scope of a single site. Support
for ULAs for IPv6 CERs is described in [RFC6204]. A home network for ULAs for IPv6 CERs is described in [RFC6204]. A home network
running IPv6 may deploy ULAs for stable communication between devices running IPv6 should deploy ULAs alongside its globally unique
(on different subnets) within the network where the externally prefix(es) to allow stable communication between devices (on
allocated global prefix changes over time (e.g. due to renumbering different subnets) within the hoemnet where that externally allocated
within the subscriber's ISP) or where external connectivity is globally unique prefix may change over time (e.g. due to renumbering
temporarily unavailable. In the case where multiple routers exist in within the subscriber's ISP) or where external connectivity may be
the homenet, a mechanism for the creation of a single overlapping /48 temporarily unavailable. While setting up a network there may also
ULA prefix is desirable for addressing consistency and policy be a period with no connectivity, in which case ULAs would be
enforcement. required for inter-subnet communication. In the case where LLNs are
being set up in a new home/deployment, individual LLNs may, at least
initially, each use their own /48 ULA prefix.
While a homenet should operate correctly with two or more /48 ULAs
enabled, a mechanism for the creation and use of a single /48 ULA
prefix is desirable for addressing consistency and policy
enforcement. It may thus be expected that one router in the homenet
be elected a 'master' to delegate ULA prefixes to subnets from a
single /48 ULA prefix.
Where both a ULA and a global prefix are in use, the default address
selection mechanisms described above should ensure that a ULA source
address is used to communicate with ULA destination addresses when
appropriate, i.e. when the ULA destination lies within the /48 ULA
prefix(es) known to be used within the same homenet. Note that
unlike private IPv4 RFC 1918 space, the use of ULAs does not imply
use of host-based IPv6 NAT, or NPTv6 prefix-based NAT [RFC6296],
rather that in an IPv6 homenet a node should use its ULA address
internally, and its additional globally unique IPv6 address as the
source address for external communications. By using such globally
unique addresses between networks, the architectural cost and
complexity, particulrly to applications, of NAT or NPTv6 translation
is avoided. As such, neither IPv6 NAT or NPTv6 is recommended for
use in the homenet architecture.
A counter-argument to using ULAs is that it is undesirable to A counter-argument to using ULAs is that it is undesirable to
aggressively deprecate global prefixes for temporary loss of aggressively deprecate global prefixes for temporary loss of
connectivity, so for a host to lose its global address there would connectivity, so for a host to lose its global address there would
have to be a connection breakage longer than the lease period, and have to be a connection breakage longer than the lease period, and
even then, deprecating prefixes when there is no connectivity may not even then, deprecating prefixes when there is no connectivity may not
be advisable. It should also be noted that there may be timers on be advisable. However, it is assumed in this architecture that
the prefix lease to the homenet, on the internal prefix delegations, homenets will need to support and use ULAs.
and on the Router Advertisements to the hosts. Despite this counter-
argument, while setting a network up there may be a period with no
connectivity, in which case ULAs would be required for inter-subnet
communication. In the case where LLNs are being set up in a new
home/deployment, individual LLNs may, at least initially, each use
their own /48 ULA prefix.
Default address selection mechanisms should ensure a ULA source As noted later in this text, if appropriate filtering is in place on
address is used to communicate with ULA destination addresses when the CER(s), a ULA source address may be taken as an indication of
appropriate, in particular when the ULA destination lies within a /48 locally sourced traffic.
ULA prefix known to be used within the same homenet. Note that
unlike the IPv4 private RFC 1918 space, the use of ULAs does not
imply use of host-based IPv6 NAT, or NPTv6 prefix-based NAT
[RFC6296], rather that external communications should use a node's
additional globally unique IPv6 source address.
2.5. Naming, and manual configuration of IP addresses 2.5. Avoiding manual configuration of IP addresses
Some IPv4 home networking devices expose IPv4 addresses to users, Some IPv4 home networking devices expose IPv4 addresses to users,
e.g. the IPv4 address of a home IPv4 CER that may be configured via a e.g. the IPv4 address of a home IPv4 CER that may be configured via a
web interface. Users should not be expected to enter IPv6 literal web interface. In potentially complex future IPv6 homenets, users
addresses in homenet devices or applications, given their much should not be expected to enter IPv6 literal addresses in devices or
greater length and apparent randomness to a typical home user. While applications, given their much greater length and apparent randomness
shorter addresses, perhaps ones registered with IANA from ULA-C space of such addresses to a typical home user. Thus, even for the
[I-D.hain-ipv6-ulac], could be used for specific devices/services, in simplest of functions, simple naming and the associated (minimal, and
general it is better not to expose users to real IPv6 addresses. ideally zero configuration) discovery of services is imperative for
Thus, even for the simplest of functions, simple naming and the the easy deployment and use of homenet devices and applications.
associated (minimal, and ideally zero configuration) discovery of
services is imperative for the easy deployment and use of homenet
devices and applications.
In a multi-subnet homenet, naming and service discovery should be As mentioned previously, this means that zeroconf naming and service
expected to be capable of operating across the scope of the entire discovery protocols must be capable of operating across subnet
home network, and thus be able to cross subnet boundaries. It should boundaries.
be noted that in IPv4, such services do not generally function across
home router NAT boundaries, so this is one area where there is room
for improvement in IPv6.
2.6. IPv6-only operation 2.6. IPv6-only operation
It is likely that IPv6-only networking will be deployed first in It is likely that IPv6-only networking will be deployed first in
"greenfield" homenet scenarios, or perhaps as one element of an 'greenfield' homenet scenarios, or perhaps as one element of an
otherwise dual-stack network. Running IPv6-only adds additional otherwise dual-stack network. Running IPv6-only adds additional
requirements, e.g. for devices to get configuration information via requirements, e.g. for devices to get configuration information via
IPv6 transport (not relying on an IPv4 protocol such as IPv4 DHCP), IPv6 transport (not relying on an IPv4 protocol such as IPv4 DHCP),
and for devices to be able to initiate communications to external and for devices to be able to initiate communications to external
devices that are IPv4-only. Thus, for example, the following devices that are IPv4-only. Thus, for example, the following
requirements are amongst those that should be considered in IPv6-only requirements are amongst those that should be considered in IPv6-only
environments: environments:
o Ensuring there is a way to access content in the IPv4 Internet. o Ensuring there is a way to access content in the IPv4 Internet.
This can be arranged through appropriate use of NAT64 [RFC6144] This can be arranged through appropriate use of NAT64 [RFC6144]
skipping to change at page 10, line 34 skipping to change at page 10, line 50
3. Homenet Architecture 3. Homenet Architecture
The aim of this architecture text is to outline how to construct The aim of this architecture text is to outline how to construct
advanced IPv6-based home networks involving multiple routers and advanced IPv6-based home networks involving multiple routers and
subnets using standard IPv6 protocols and addressing [RFC2460] subnets using standard IPv6 protocols and addressing [RFC2460]
[RFC4291]. In this section, we present the elements of such a home [RFC4291]. In this section, we present the elements of such a home
networking architecture, with discussion of the associated design networking architecture, with discussion of the associated design
principles. principles.
Existing IETF work [RFC6204] defines the "basic" requirements for Existing IETF work [RFC6204] defines the 'basic' requirements for
Customer Edge Routers, while [I-D.ietf-v6ops-6204bis] extends RFC CERs, while [I-D.ietf-v6ops-6204bis] updates the current requirements
6204 to describe additional features. The homenet architecture is based on operator feedback and adds new requirements for IP
focused on the internal homenet, rather than the CER(s). In general, transition technologies and transition technology coexistence. This
home network equipment needs to be able to operate in networks with a document describes a homenet architecture which is focused on the
range of different properties and topologies, where home users may internal homenet, rather than the CER(s).
plug components together in arbitrary ways and expect the resulting
network to operate. Significant manual configuration is rarely, if
at all, possible, given the knowledge level of typical home users.
Thus the network should, as far as possible, be self-configuring.
The equipment also needs to be prepared to handle at least In general, home network equipment needs to be able to operate in
networks with a range of different properties and topologies, where
home users may plug components together in arbitrary ways and expect
the resulting network to operate. Significant manual configuration
is rarely, if at all, possible, or even desirable given the knowledge
level of typical home users. Thus the network should, as far as
possible, be self-configuring, though configuration by advanced users
should not be precluded.
The homenet needs to be able to handle or provision at least
o Routing o Routing
o Prefix configuration for routers o Prefix configuration for routers
o Name resolution o Name resolution
o Service discovery o Service discovery
o Network security o Network security
The remainder of this document describes the principles by which a The remainder of this document describes the principles by which a
homenet architecture may deliver these properties. homenet architecture may deliver these properties.
3.1. General Principles 3.1. General Principles
skipping to change at page 11, line 46 skipping to change at page 12, line 19
3.1.2. Minimise changes to hosts and routers 3.1.2. Minimise changes to hosts and routers
Where possible, any requirement for changes to hosts and routers Where possible, any requirement for changes to hosts and routers
should be minimised, though solutions which, for example, should be minimised, though solutions which, for example,
incrementally improve with host or router changes may be acceptable. incrementally improve with host or router changes may be acceptable.
3.2. Homenet Topology 3.2. Homenet Topology
This section considers homenet topologies, and the principles that This section considers homenet topologies, and the principles that
may be applied in designing an architecture to support as wide a may be applied in designing an architecture to support as wide a
range as possible of such topologies. range of such topologies as possible.
3.2.1. Supporting arbitrary topologies 3.2.1. Supporting arbitrary topologies
There should ideally be no built-in assumptions about the topology in There should ideally be no built-in assumptions about the topology in
home networks, as users are capable of connecting their devices in home networks, as users are capable of connecting their devices in
"ingenious" ways. Thus arbitrary topologies and arbitrary routing 'ingenious' ways. Thus arbitrary topologies and arbitrary routing
will need to be supported, or at least the failure mode for when the will need to be supported, or at least the failure mode for when the
user makes a mistake should be as robust as possible, e.g. de- user makes a mistake should be as robust as possible, e.g. de-
activating a certain part of the infrastructure to allow the rest to activating a certain part of the infrastructure to allow the rest to
operate. In such cases, the user should ideally have some useful operate. In such cases, the user should ideally have some useful
indication of the failure mode encountered. indication of the failure mode encountered.
There are no topology scenarios which could cause loss of There should be no topology scenarios which cause loss of
connectivity, except when the user creates a physical island within connectivity, except when the user creates a physical island within
the topology. Some potentially pathological cases that can be the topology. Some potentially pathological cases that can be
created include bridging ports of a router together, however this created include bridging ports of a router together, however this
case can be detected and dealt with by the router. Loops within a case can be detected and dealt with by the router. Loops within a
routed topology are in a sense good in that they offer redundancy. routed topology are in a sense good in that they offer redundancy.
Bridging loops can be dangerous but are also detectable when a switch Bridging loops can be dangerous but are also detectable when a switch
learns the MAC of one of its interfaces on another or runs a spanning learns the MAC of one of its interfaces on another or runs a spanning
tree or link state protocol. It is only loops using simple repeaters tree or link state protocol. It is only loops using simple repeaters
that are truly pathological. that are truly pathological.
skipping to change at page 12, line 46 skipping to change at page 13, line 20
There are a number of properties or attributes of a home network that There are a number of properties or attributes of a home network that
we can use to describe its topology and operation. The following we can use to describe its topology and operation. The following
properties apply to any IPv6 home network: properties apply to any IPv6 home network:
o Presence of internal routers. The homenet may have one or more o Presence of internal routers. The homenet may have one or more
internal routers, or may only provide subnetting from interfaces internal routers, or may only provide subnetting from interfaces
on the CER. on the CER.
o Presence of isolated internal subnets. There may be isolated o Presence of isolated internal subnets. There may be isolated
internal subnets, with no direct connectivity between them within internal subnets, with no direct connectivity between them within
the homenet. Isolation may be physical, or implemented via IEEE the homenet (with each having its own external connectivity).
802.1q VLANs. The latter is however not something a typical user Isolation may be physical, or implemented via IEEE 802.1q VLANs.
would be expected to configure. The latter is however not something a typical user would be
expected to configure.
o Demarcation of the CER. The CER(s) may or may not be managed by o Demarcation of the CER. The CER(s) may or may not be managed by
the ISP. If the demarcation point is such that the customer can the ISP. If the demarcation point is such that the customer can
provide or manage the CER, its configuration must be simple. Both provide or manage the CER, its configuration must be simple. Both
models must be supported. models must be supported.
Various forms of multihoming are likely to be more prevalent with Various forms of multihoming are likely to become more prevalent with
IPv6 home networks, as discussed further below. Thus the following IPv6 home networks, as discussed further below. Thus the following
properties should also be considered for such networks: properties should also be considered for such networks:
o Number of upstream providers. The majority of home networks today o Number of upstream providers. The majority of home networks today
consist of a single upstream ISP, but it may become more common in consist of a single upstream ISP, but it may become more common in
the future for there to be multiple ISPs, whether for resilience the future for there to be multiple ISPs, whether for resilience
or provision of additional services. Each would offer its own or provision of additional services. Each would offer its own
prefix. Some may or may not provide a default route to the public prefix. Some may or may not provide a default route to the public
Internet. Internet.
skipping to change at page 13, line 31 skipping to change at page 14, line 7
scenarios, and protocols like PCP that need to manage connection- scenarios, and protocols like PCP that need to manage connection-
oriented state mappings. oriented state mappings.
In the following sections we give some examples of the types of In the following sections we give some examples of the types of
homenet topologies we may see in the future. This is not intended to homenet topologies we may see in the future. This is not intended to
be an exhaustive or complete list, rather an indicative one to be an exhaustive or complete list, rather an indicative one to
facilitate the discussion in this text. facilitate the discussion in this text.
3.2.2.1. A: Single ISP, Single CER, Internal routers 3.2.2.1. A: Single ISP, Single CER, Internal routers
Figure 1 shows a network with multiple local area networks. These Figure 1 shows a home network with multiple local area networks.
may be needed for reasons relating to different link layer These may be needed for reasons relating to different link layer
technologies in use or for policy reasons, e.g. classic Ethernet in technologies in use or for policy reasons, e.g. classic Ethernet in
one subnet and a LLN link layer technology in another. In this one subnet and a LLN link layer technology in another. In this
example there is no single router that a priori understands the example there is no single router that a priori understands the
entire topology. The topology itself may also be complex, and it may entire topology. The topology itself may also be complex, and it may
not be possible to assume a pure tree form, for instance (home users not be possible to assume a pure tree form, for instance (because
may plug routers together to form arbitrary topologies including home users may plug routers together to form arbitrary topologies
loops). including loops).
+-------+-------+ \ +-------+-------+ \
| Service | \ | Service | \
| Provider | | Service | Provider | | Service
| Router | | Provider | Router | | Provider
+-------+-------+ | network +-------+-------+ | network
| / | /
| Customer / | Customer /
| Internet connection | Internet connection
| |
skipping to change at page 17, line 4 skipping to change at page 18, line 4
It is expected that most homenet deployments will for the immediate It is expected that most homenet deployments will for the immediate
future be dual-stack IPv4/IPv6. In such networks it is important not future be dual-stack IPv4/IPv6. In such networks it is important not
to introduce new IPv6 capabilities that would cause a failure if used to introduce new IPv6 capabilities that would cause a failure if used
alongside IPv4+NAT, given that such dual-stack homenets will be alongside IPv4+NAT, given that such dual-stack homenets will be
commonplace for some time. That said, it is desirable that IPv6 commonplace for some time. That said, it is desirable that IPv6
works better than IPv4 in as many scenarios as possible. Further, works better than IPv4 in as many scenarios as possible. Further,
the homenet architecture must operate in the absence of IPv4. the homenet architecture must operate in the absence of IPv4.
A general recommendation is to follow the same topology for IPv6 as A general recommendation is to follow the same topology for IPv6 as
is used for IPv4, but not to use NAT. Thus there should be routed is used for IPv4, but not to use NAT. Thus there should be routed
IPv6 where an IPv4 NAT is used, and where there is no NAT routing or IPv6 where an IPv4 NAT is used and, where there is no NAT, routing or
bridging may be used. Routing may have advantages when compared to bridging may be used. Routing may have advantages when compared to
bridging together high speed and lower speed shared media, and in bridging together high speed and lower speed shared media, and in
addition bridging may not be suitable for some media, such as ad-hoc addition bridging may not be suitable for some media, such as ad-hoc
mobile networks. mobile networks.
In some cases IPv4 NAT home networks may feature cascaded NATs, which In some cases IPv4 home networks may feature cascaded NATs, which
may include cases where NAT routers are included within VMs, or where could include cases where NAT routers are included within VMs, or
Internet connection sharing services are used. IPv6 routed versions where Internet connection sharing services are used. IPv6 routed
of such cases will be required. We should thus note that routers in versions of such cases will be required. We should thus note that
the homenet may not be separate physical devices; they may be routers in the homenet may not be separate physical devices; they may
embedded within other devices. be embedded within other devices.
3.2.4. Multihoming 3.2.4. Multihoming
A homenet may be multihomed to multiple providers, as the network A homenet may be multihomed to multiple providers, as the network
models above illustrate. This may either take a form where there are models above illustrate. This may either take a form where there are
multiple isolated networks within the home or a more integrated multiple isolated networks within the home or a more integrated
network where the connectivity selection needs to be dynamic. network where the connectivity selection needs to be dynamic.
Current practice is typically of the former kind, but the latter is Current practice is typically of the former kind, but the latter is
expected to become more commonplace. expected to become more commonplace.
The general multihoming problem is broad, and solutions suggested to
date within the IETF may include complex architectures for monitoring
connectivity, traffic engineering, identifier-locator separation,
connection survivability across multihoming events, and so on. It is
thus important that the homenet architecture should as far as
possible minimise the complexity of any multihoming support. So we
should limit the support to the smallest subset of the overall
problem to meet the requirements of the topologies described above.
This means that the homenet architecture should not try to make
another attempt at solving complex multihoming, and we should prefer
to support scenarios for which solutions exist today.
In the general homenet architecture, hosts should be multi-addressed In the general homenet architecture, hosts should be multi-addressed
with globally unique prefixes from each ISP they may communicate with with a global IPv6 address from the global prefix delegated from each
or through. An alternative for a homenet would be to deploy NPTv6 ISP they communicate with or through. When such multi-addressing is
[RFC6296] at the CER, with ULAs then typically used internally, but in use, hosts need some way to pick source and destination address
this mode is not considered by this text. If NPTv6 is used, the pairs for connections. A host may choose a source address to use by
internal part of the homenet (which is the scope of this text) simply various methods, most commonly [RFC6724]. Applications may of course
sees only the one (ULA) prefix in use. It should be noted that do different things, and this should not be precluded.
running NPTv6 has an architectural cost, due to the prefix
translation used.
When multi-addressing is in use, hosts need some way to pick source For the single CER Network Model C illistrated above, multihoming may
and destination address pairs for connections. A host may choose a be offered by source routing at the CER. With multiple exit routers,
source address to use by various methods, which would typically as in CER Network Model B, the complexity rises. Given a packet with
include [RFC6724]. Applications may of course do different things, a source address on the home network, the packet must be routed to
and this should not be precluded. the proper egress to avoid BCP 38 filtering at an ISP. It is highly
desirable that the packet is routed in the most efficient manner to
the correct exit, though as a minimum requirement the packet should
not be dropped.
For the single CER Network Model C, multihoming may be offered by The homenet archiecture should support both the above models, i.e.
source routing at the CER. With multiple exit routers, the one or more CERs. However, the general multihoming problem is broad,
complexity rises. Given a packet with a source address on the and solutions suggested to date within the IETF have included complex
network, the packet must be routed to the proper egress to avoid BCP architectures for monitoring connectivity, traffic engineering,
38 [RFC2827] filtering at an ISP that did not delegate the prefix the identifier-locator separation, connection survivability across
address is chosen from. While the packet might not take an optimal multihoming events, and so on. It is thus important that the homenet
path to the correct exit CER, the minimum requirement is that the architecture should as far as possible minimise the complexity of any
packet is not dropped. It is of course highly desirable that the multihoming support.
packet is routed in the most efficient manner to the correct exit.
There are various potential approaches to this problem, one example An example of such a 'simpler' approach has been documented in
being described in [I-D.ietf-v6ops-ipv6-multihoming-without-ipv6nat]. [I-D.ietf-v6ops-ipv6-multihoming-without-ipv6nat]. Alternatively a
Another is discussed in [I-D.baker-fun-multi-router], which explores flooding/routing protocol could potentially be used to pass
support for source routing throughout the homenet. This approach information through the homenet, such that internal routers and
would however likely require relatively significant routing changes ultimately end hosts could learn per-prefix configuration
to route the packet to the correct exit given the source address. information, allowing better address selection decisions to be made.
Such changes should preferably be minimised. However, this would imply probably host and certainly router changes.
Or another avenue is to introduce support for source routing
throughout the homenet; while greatly improving the 'intelligence' of
routing decisions within the homenet, such an approach would require
relatively significant router changes.
As explained previously, NPTv6 is not recommended in the homenet
architecture.
There are some other multihoming considerations for homenet There are some other multihoming considerations for homenet
scenarios. First, it may be the case that multihoming applies due to scenarios. First, it may be the case that multihoming applies due to
an ISP migration from a transition method to a native deployment, an ISP migration from a transition method to a native deployment,
e.g. a 6rd [RFC5969] sunset scenario. Second, one upstream may be a e.g. a 6rd [RFC5969] sunsetting scenario. Second, one upstream may
"walled garden", and thus only appropriate to be used for be a "walled garden", and thus only appropriate to be used for
connectivity to the services of that provider; an example may be a connectivity to the services of that provider; an example may be a
VPN service that only routes back to the enterprise business network VPN service that only routes back to the enterprise business network
of a user in the homenet. While we should not specifically target of a user in the homenet. While we should not specifically target
walled garden multihoming as a principal goal, it should not be walled garden multihoming as a principal goal, it should not be
precluded. precluded.
Host-based methods such as Shim6 [RFC5533] have been defined, but of The homenet architecture should also not preclude use of host or
course require support in the hosts. There are also application- application-oriented tools, e.g. Shim6 [RFC5533] or Happy Eyeballs
oriented approaches such as Happy Eyeballs [RFC6555]; simplified [RFC6555]. In general, any incremental improvements obtained by host
versions of this are for example already implemented in some changes should give benefit for the hosts introducing them, but not
commonly-used web browsers. The homenet architecture should not be required.
preclude use of such tools should hosts include their support.
3.3. A Self-Organising Network 3.3. A Self-Organising Network
A home network architecture should be naturally self-organising and A home network architecture should be naturally self-organising and
self-configuring under different circumstances relating to the self-configuring under different circumstances relating to the
connectivity status to the Internet, number of devices, and physical connectivity status to the Internet, number of devices, and physical
topology. While the homenet should be self-organising, it should be topology. At the same time, it should be possible for advanced users
possible to manually adjust (override) the current configuration. to manually adjust (override) the current configuration.
While a goal of the homenet architecture is for the network to be as While a goal of the homenet architecture is for the network to be as
self-organising as possible, there may be instances where some manual self-organising as possible, there may be instances where some manual
configuration is required, e.g. the entry of a WPA2 key to apply configuration is required, e.g. the entry of a cryptographic key to
wireless security, or to configure a shared routing secret. The apply wireless security, or to configure a shared routing secret.
latter may be relevant when considering how to bootstrap a routing The latter may be relevant when considering how to bootstrap a
configuration. It is highly desirable that only one such key is routing configuration. It is highly desirable that the number of
needed for any set of functions, to increase usability for the such configurations is minimised.
homenet user.
3.3.1. Homenet realms and borders
The homenet will need to be aware of the extent of its own "site",
which will define the borders for ULAs, site scope multicast, service
discovery and security policies. The homenet will have one or more
borders with external connectivity providers and potentially also
have borders within the internal network (e.g. for policy-based
reasons). It should be possible to automatically perform border
discovery for the different borders. Such borders determine for
example the scope of where prefixes, routing information, network
traffic, service discovery and naming may be shared. The default
mode internally should be to share everything.
It is expected that a realm would span at least an entire subnet, and
thus be associated to one delegated prefix within the homenet. It is
also desirable for a richer security model that hosts, which may be
running in a transparent communication mode, are able to make
decisions based on available realm and associated prefix information
in the same way that routers at realm borders can.
A simple homenet model may just consider three types of realm and the
borders between them. For example if the realms are the homenet, the
ISP and the guest network, then the borders will include that from
the homenet to the ISP, that from the guest network to the ISP, and
that from the homenet to the guest network. Regardless, it should be
possible for additional types of realms and borders to be defined,
e.g. for some specific Grid or LLN-based network, and for these to be
detected automatically, and for an appropriate default policy to be
applied as to what type of traffic/data can flow across such borders.
It is desirable to classify the external border of the home network
as a unique logical interface separating the home network from
service provider network/s. This border interface may be a single
physical interface to a single service provider, multiple layer 2
sub-interfaces to a single service provider, or multiple connections
to a single or multiple providers. This border makes it possible to
describe edge operations and interface requirements across multiple
functional areas including security, routing, service discovery, and
router discovery.
It should be possible for the homenet user to override any 3.3.1. Differentiating neighbouring homenets
automatically determined borders and the default policies applied
between them.
Some initial proposals towards border discovery are presented in It is important that self-configuration with 'unintended' devices is
[I-D.kline-default-perimeter]. avoided. Methods are needed for devices to know whether they are
intended to be part of the same homenet site or not. Thus methods to
ensure separation between neighbouring homenets are required. This
may require use of some unique 'secret' for devices/protocols in each
homenet. Some existing mechanisms exist to assist home users to
associate devices as simply as possible, e.g. 'connect' button
support.
3.3.2. Largest practical subnets 3.3.2. Largest practical subnets
Today's IPv4 home networks generally have a single subnet, and early Today's IPv4 home networks generally have a single subnet, and early
dual-stack deployments have a single congruent IPv6 subnet, possibly dual-stack deployments have a single congruent IPv6 subnet, possibly
with some bridging functionality. More recently, some vendors have with some bridging functionality. More recently, some vendors have
started to introduce "home" and "guest" functions, which in IPv6 started to introduce 'home' and 'guest' functions, which in IPv6
would be implemented as two subnets. would be implemented as two subnets.
Future home networks are highly likely to have one or more internal Future home networks are highly likely to have one or more internal
routers and thus need multiple subnets, for the reasons described routers and thus need multiple subnets, for the reasons described
earlier. As part of the self-organisation of the network, the earlier. As part of the self-organisation of the network, the
homenet should subdivide itself to the largest practical subnets that homenet should subdivide itself to the largest practical subnets that
can be constructed within the constraints of link layer mechanisms, can be constructed within the constraints of link layer mechanisms,
bridging, physical connectivity, and policy, and where applicable bridging, physical connectivity, and policy, and where applicable
performance or other criteria. For example, bridging a busy Gigabit performance or other criteria. For example, bridging a busy Gigabit
Ethernet subnet and a wireless subnet together may impact wireless Ethernet subnet and a wireless subnet together may impact wireless
performance. performance.
While it may be desirable to maximise the chance of link-local While it may be desirable to maximise the chance of link-local
protocols operating across a homenet by maximising the size of a protocols operating across a homenet by maximising the size of a
subnet, multi-subnet home networks are inevitable, so their support subnet, multi-subnet home networks are inevitable, so their support
must be included. must be included.
3.3.3. Handling multiple homenets 3.3.3. Homenet realms and borders
It is important that self-configuration with "unintended" devices is The homenet will need to be aware of the extent of its own 'site',
avoided. Methods are needed for devices to know whether they are which will, for example, define the borders for ULA and site scope
intended to be part of the same homenet site or not. Thus methods to multicast traffic, and may require specific security policies to be
ensure separation between neighbouring homenets are required. This applied. The homenet will have one or more such borders with
may require use of some unique "secret" for devices/protocols in each external connectivity providers.
homenet. Some existing mechanisms exist to assist home users to
associate devices as simply as possible, e.g. "connect" button
support.
3.3.4. Coordination of configuration information A homenet will most likely also have internal borders between
internal realms, e.g. a guest realm or a corporate network extension
realm. It should be possible to automatically discover these
borders, which will determine, for example, the scope of where
network prefixes, routing information, network traffic, service
discovery and naming may be shared. The default mode internally
should be to share everything.
The network elements will need to be integrated in a way that takes It is expected that a realm would span at least an entire subnet, and
account of the various lifetimes on timers that are used on different thus the borders lie at routers which receive delegated prefixes
elements, e.g. DHCPv6 PD, router, valid prefix and preferred prefix within the homenet. It is also desirable for a richer security model
timers. that hosts, which may be running in a transparent communication mode,
are able to make communication decisions based on available realm and
associated prefix information in the same way that routers at realm
borders can.
A simple homenet model may just consider three types of realm and the
borders between them, namely the internal homenet, the ISP and a
guest network. In this case the borders will include that from the
homenet to the ISP, that from the guest network to the ISP, and that
from the homenet to the guest network. Regardless, it should be
possible for additional types of realms and borders to be defined,
e.g. for some specific Grid or LLN-based network, and for these to be
detected automatically, and for an appropriate default policy to be
applied as to what type of traffic/data can flow across such borders.
It is desirable to classify the external border of the home network
as a unique logical interface separating the home network from
service provider network/s. This border interface may be a single
physical interface to a single service provider, multiple layer 2
sub-interfaces to a single service provider, or multiple connections
to a single or multiple providers. This border makes it possible to
describe edge operations and interface requirements across multiple
functional areas including security, routing, service discovery, and
router discovery.
It should be possible for the homenet user to override any
automatically determined borders and the default policies applied
between them.
Some initial proposals towards border discovery are presented in
[I-D.kline-default-perimeter].
3.4. Homenet Addressing 3.4. Homenet Addressing
The IPv6 addressing scheme used within a homenet must conform to the The IPv6 addressing scheme used within a homenet must conform to the
IPv6 addressing architecture [RFC4291]. The homenet will need to IPv6 addressing architecture [RFC4291]. In this section we discuss
adapt to the prefixes made available to it through the prefix how the homenet needs to adapt to the prefixes made available to it
delegation method used by its upstream ISP. by its upstream ISP, such that internal subnets, hosts and devices
can obtain the and configure the necessary addressing information to
operate.
3.4.1. Use of ISP-delegated IPv6 prefixes 3.4.1. Use of ISP-delegated IPv6 prefixes
A homenet may receive an arbitrary length IPv6 prefix from its A homenet may receive an arbitrary length IPv6 prefix from its
provider, e.g. /60, /56 or /48. The offered prefix may be stable or provider, e.g. /60, /56 or /48. The offered prefix may be stable or
change from time to time. Some ISPs may offer relatively stable change from time to time. Some ISPs may offer relatively stable
prefixes, while others may change the prefix whenever the CER is prefixes, while others may change the prefix whenever the CER is
reset. Some discussion of IPv6 prefix allocation policies is reset. Some discussion of IPv6 prefix allocation policies is
included in [RFC6177] which discusses why, for example, a one-size- included in [RFC6177] which discusses why, for example, a one-size-
fits-all /48 allocation is not desirable. fits-all /48 allocation is not desirable.
The home network needs to be adaptable to such ISP policies, and thus The homenet architecture expects internal host subnets to be /64 in
make no assumptions about the stability of the prefix received from size. While it may be possible to operate a DHCPv6-only network with
an ISP, or the length of the prefix that may be offered. However, if
only a /64 is offered by the ISP, the homenet may be severely
constrained (with IPv6 not reaching all devices in the home, or use
of some form of IPv6 NAT being forced), or even unable to function.
While it may be possible to operate a DHCPv6-only network with
prefixes longer than /64, doing so would break SLAAC, and is thus not prefixes longer than /64, doing so would break SLAAC, and is thus not
recommended. recommended.
A DHCPv6-PD capable router should "hint" that it would like a /48 The home network needs to be adaptable to ISP prefix allocation
prefix from its ISP, i.e. the CER asks the ISP for the maximum size policies, and thus make no assumptions about the stability of the
prefix it might expect to be offered, but in practice it may prefix received from an ISP, or the length of the prefix that may be
typically only be offered a /56 or /60. offered. However, if only a /64 is offered by the ISP, the homenet
may be severely constrained or even unable to function. As stated
above, attempting to use internal subnet prefixes longer than /64
would break SLAAC, and is thus not recommended. Using ULA prefixes
internally with NPTv6 at the boundary is not recommended for reasons
given elsewhere. Reverting to bridging would destroy subnetting,
breaks multicast if bridged onto 802.11 wireless networks and has
serious limitations with regard to heterogeneous link layer
technologies and LLNs. For those reasons it is recommended that
DHCP-PD or OSPFv3 capable routers have the ability to issue a warning
upon receipt of a /64 if required to assign further prefixes within
the home network. Though some consideration needs to be given to how
that should be presented to a typical home user.
The internal operation of the home network should also not depend on Thus the border CER router should 'hint', most likely via DHCP-PD,
the availability of the ISP network at any given time, other than for that it would like a /48 prefix from its ISP, i.e. it asks the ISP
connectivity to services or systems off the home network. This for the maximum size prefix it might expect to be offered, but in
implies the use of ULAs for stable internal communication, as practice it may only be offered a /56 or /60. For a typical IPv6
described in the next section. homenet, it is not recommended that an ISP offer less than a /60
prefix, and should preferably offer at least a /56.
In practice, it is expected that ISPs will deliver a relatively In practice, it is expected that ISPs will deliver a relatively
stable home prefix to customers. The norm for residential customers stable home prefix to customers. The norm for residential customers
of large ISPs may be similar to their single IPv4 address provision; of large ISPs may be similar to their single IPv4 address provision;
by default it is likely to remain persistent for some time, but by default it is likely to remain persistent for some time, but
changes in the ISP's own provisioning systems may lead to the changes in the ISP's own provisioning systems may lead to the
customer's IP (and in the IPv6 case their prefix pool) changing. It customer's IP (and in the IPv6 case their prefix pool) changing. It
is not expected that ISPs will support Provider Independent (PI) is not expected that ISPs will support Provider Independent (PI)
addressing for general residential homenets. addressing for general residential homenets.
When an ISP needs to restructure and in doing so renumber its When an ISP does need to restructure, and in doing so renumber its
customer homenets, "flash" renumbering is likely to be imposed. This customer homenets, 'flash' renumbering is likely to be imposed. This
implies a need for the homenet to be able to handle a sudden implies a need for the homenet to be able to handle a sudden
renumbering event which, unlike the process described in [RFC4192], renumbering event which, unlike the process described in [RFC4192],
would be a "flag day" event, which means that a graceful renumbering would be a 'flag day" event, which means that a graceful renumbering
process moving through a state with two active prefixes in use would process moving through a state with two active prefixes in use would
not be possible. While renumbering is an extended version of an not be possible. While renumbering can be viewed as an extended
initial numbering process, the difference between flash renumbering version of an initial numbering process, the difference between flash
and an initial "cold start" is the need to provide service renumbering and an initial 'cold start' is the need to provide
continuity. The deprecated addresses may remain usable for a short service continuity.
period of time within the homenet.
There may be cases where local law means some ISPs are required to There may be cases where local law means some ISPs are required to
change IPv6 prefixes (current IPv4 addresses) for privacy reasons for change IPv6 prefixes (current IPv4 addresses) for privacy reasons for
their customers. In such cases it may be possible to avoid an their customers. In such cases it may be possible to avoid an
instant "flash" renumbering and plan a non-flag day renumbering as instant 'flash' renumbering and plan a non-flag day renumbering as
per RFC 4192. per RFC 4192.
The customer may of course also choose to move to a new ISP, and thus The customer may of course also choose to move to a new ISP, and thus
begin using a new prefix. In such cases the customer should expect a begin using a new prefix. In such cases the customer should expect a
discontinuity, and not only may the prefix change, but potentially discontinuity, and not only may the prefix change but potentially
also the prefix length, if the new ISP offers a different default also the prefix length, if the new ISP offers a different default
size prefix, e.g. a /60 rather than a /56. Regardless, it's size prefix. Regardless, it's desirable that homenet protocols
desirable that homenet protocols support rapid renumbering and that support rapid renumbering and that operational processes don't add
operational processes don't add unnecessary complexity for the unnecessary complexity for the renumbering process. Further, the
renumbering process. introduction of any new homenet protocols should not make any form of
renumbering any more complex than it already is.
The 6renum WG has studied IPv6 renumbering for enterprise networks. Finally, the internal operation of the home network should also not
It has not as yet targeted homenets, but may produce outputs that are depend on the availability of the ISP network at any given time,
relevant. The introduction of any new homenet protocols should not other than of course for connectivity to services or systems off the
make any form of renumbering any more complex than it already is. home network. This reinforces the use of ULAs for stable internal
communication, and the need for a naming and service discovery
mechanism that can operate independently within the homenet.
3.4.2. Stable internal IP addresses 3.4.2. Stable internal IP addresses
The network should by default attempt to provide IP-layer The network should by default attempt to provide IP-layer
connectivity between all internal parts of the homenet as well as to connectivity between all internal parts of the homenet as well as to
and from the external Internet, subject to the filtering policies or and from the external Internet, subject to the filtering policies or
other policy constraints discussed later in the security section. other policy constraints discussed later in the security section.
ULAs should be used within the scope of a homenet to support routing ULAs should be used within the scope of a homenet to support routing
between subnets regardless of whether a globally unique ISP-provided between subnets regardless of whether a globally unique ISP-provided
prefix is available. It would be expected that ULAs would be used prefix is available. As discussed previously, it would be expected
alongside one or more such global prefixes in a homenet, such that that ULAs would be used alongside one or more such global prefixes in
hosts become multi-addressed with both globally unique and ULA a homenet, such that hosts become multi-addressed with both globally
prefixes. Default address selection would then enable ULAs to be unique and ULA prefixes. ULAs should be used for all devices, not
preferred for internal communications between devices that are using just those intended to only have internal connectivity. Default
ULA prefixes generated within the same homenet. address selection would then enable ULAs to be preferred for internal
communications between devices that are using ULA prefixes generated
within the same homenet.
ULA addresses will allow constrained LLN devices to create permanent ULA addresses will allow constrained LLN devices to create permanent
relationships between IPv6 addresses, e.g. from a wall controller to relationships between IPv6 addresses, e.g. from a wall controller to
a lamp. Symbolic host names would require additional non-volatile a lamp. Symbolic host names would require additional non-volatile
memory. Updating global prefixes in sleeping LLN devices might also memory. Updating global prefixes in sleeping LLN devices might also
be problematic. be problematic.
ULAs may be used for all devices, not just those intended to only The use of ULAs should be restricted to the homenet scope through
have internal connectivity. ULAs used in this way provide stable filtering at the border(s) of the homenet, as described in RFC 6092.
internal communications should the ISP-provided prefix (suddenly)
change, or external connectivity be temporarily lost. The use of
ULAs should be restricted to the homenet scope through filtering at
the border(s) of the homenet, as described in RFC 6092.
Note that it is possible that in some cases multiple /48 ULA prefixes Note that it is possible that in some cases multiple /48 ULA prefixes
may be in use within the same homenet, e.g. when the network is being may be in use within the same homenet, e.g. when the network is being
deployed, perhaps also without external connectivity. It is expect deployed, perhaps also without external connectivity. It is expect
that routers in the homenet would somehow elect a 'master' that would that routers in the homenet would somehow elect a 'master' that would
be responsible for delegating /64 prefixes to internal requesting be responsible for delegating /64 prefixes to internal requesting
routers, much as routers obtain /64 global prefixes from the prefix routers, much as routers obtain /64 global prefixes from the prefix
pool delegated by the ISP to the CER. In cases where multiple ULA pool delegated by the ISP to the CER. In cases where multiple ULA
/48's are in use, hosts need to know that each /48 is local to the /48's are in use, hosts need to know that each /48 is local to the
homenet, e.g. by inclusion in their local address selection policy homenet, e.g. by inclusion in their local address selection policy
table. table.
3.4.3. Internal prefix delegation 3.4.3. Internal prefix delegation
As mentioned above, there are various sources of prefixes, e.g. they As mentioned above, there are various sources of prefixes. From the
may be globally unique prefixes originating from ISP(s), they may be homenet perspective, a single global prefix from each ISP should be
globally unique or ULA prefixes allocated by "master" router(s) in received on the border CER [RFC3633]. Where multiple CERs exist with
the homenet, or they may be ULAs allocated by LLN gateways. There multiple ISP prefix pools, it is expected that routers within the
may also be a prefix associated with NAT64, if in use in the homenet. homenet would assign themselves prefixes from each ISP they
communicate with/through. As discussed above, a ULA prefix can be
From the homenet perspective, a single prefix from each ISP should be made available for stable internal communications, or for use on
received on the border CER [RFC3633]. Then each subnet in the constrained/LLN networks. There may also be a prefix associated with
homenet should receive a prefix from within the ISP-provided NAT64, if in use in the homenet.
prefix(es).
The delegation of a prefix pool to the homenet should allow
subsequent internal autonomous delegation of prefixes within the
homenet, which should not assume a flat or hierarchical model. This
text also makes no assumption about whether the delegation of
prefixes is distributed or centralised. The assignment mechanism
should provide reasonable efficiency, so that typical home network
prefix allocation sizes can accommodate all the necessary /64
allocations in most cases, and not waste prefixes. A currently
typical /60 allocation gives 16 /64 subnets. Duplicate assignment of
multiple /64s to the same network should be avoided. The network
should behave as gracefully as possible in the event of prefix
exhaustion, though the options in such cases may be limited.
Where multiple CERs exist with multiple ISP prefix pools, it is The delegation or availability of a prefix pool to the homenet should
expected that routers within the homenet would assign themselves allow subsequent internal autonomous delegation of prefixes for use
prefixes from each ISP they communicate with/through. within the homenet. Such internal delegation should not assume a
flat or hierarchical model, nor should it make an assumption about
whether the delegation of internal prefixes is distributed or
centralised. The assignment mechanism should provide reasonable
efficiency, so that typical home network prefix allocation sizes can
accommodate all the necessary /64 allocations in most cases, and not
waste prefixes. Further, duplicate assignment of multiple /64s to
the same network should be avoided, and the network should behave as
gracefully as possible in the event of prefix exhaustion (though the
options in such cases may be limited).
Where ULAs are used, most likely but not necessarily in parallel with Where the home network has multiple CERs and these are delegated
global prefixes, one router should be elected to offer ULA prefixes prefix pools from their attached ISPs, the internal prefix delegation
for the homenet. The router should generate a /48 ULA for the site, would be expected to be served by each CER for each prefix associated
and then delegate /64's from that ULA prefix to subnets. In the with it. However, where ULAs are used, most likely but not
normal state, a single /48 ULA should be used within the homenet. In necessarily in parallel with global prefixes, one router should be
cases where two /48 ULAs are generated within a homenet, the network elected as 'master' for delegation of ULA prefixes for the homenet,
should still continue to function, meaning that hosts will need to such that only one /48 ULA covers the whole homenet where possible.
determine that each ULA is local to the homenet. That router should generate a /48 ULA for the site, and then delegate
/64's from that ULA prefix to subnets. In cases where two /48 ULAs
are generated within a homenet, the network should still continue to
function, meaning that hosts will need to determine that each ULA is
local to the homenet.
Delegation within the homenet should give each subnet a prefix that Delegation within the homenet should give each subnet a prefix that
is persistent across reboots, power outages and similar short-term is persistent across reboots, power outages and similar short-term
outages. Addition of a new routing device should not affect existing outages. Addition of a new routing device should not affect existing
persistent prefixes, but persistence may not be expected in the face persistent prefixes, but persistence may not be expected in the face
of significant "replumbing" of the homenet. Persistent prefixes of significant 'replumbing' of the homenet. Persistent prefixes
should not depend on router boot order. Such persistent prefixes may should not depend on router boot order. However, such persistent
imply the need for stable storage on routing devices, and also a prefixes may imply the need for stable storage on routing devices,
method for a home user to "reset" the stored prefix should a and also a method for a home user to 'reset' the stored prefix should
significant reconfiguration be required (though ideally the home user a significant reconfiguration be required (though ideally the home
should not be involved at all). user should not be involved at all).
The delegation method should support renumbering, which would The delegation method should support renumbering, which would
typically be "flash" renumbering in that the homenet would not have typically be 'flash' renumbering in that the homenet would not have
advance notice of the event or thus be able to apply the types of advance notice of the event or thus be able to apply the types of
approach described in [RFC4192]. As a minimum, delegated ULA approach described in [RFC4192]. As a minimum, delegated ULA
prefixes within the homenet should remain persistent through an ISP- prefixes within the homenet should remain persistent through an ISP-
driven renumbering event. driven renumbering event.
Several proposals have been made for prefix delegation within a Several proposals have been made for prefix delegation within a
homenet. One group of proposals is based on DHCPv6 PD, as described homenet. One group of proposals is based on DHCPv6 PD, as described
in [I-D.baker-homenet-prefix-assignment], in [I-D.baker-homenet-prefix-assignment], [RFC3315] and [RFC3633].
[I-D.chakrabarti-homenet-prefix-alloc], [RFC3315] and [RFC3633]. The The other uses OSPFv3, as described in
other uses OSPFv3, as described in
[I-D.arkko-homenet-prefix-assignment]. More detailed analysis of [I-D.arkko-homenet-prefix-assignment]. More detailed analysis of
these approaches needs to be made against the requirements/principles these approaches needs to be made against the requirements/principles
described above. For example, DHCPv6 solutions may have problems in described above.
multihomed scenarios with loops in the topology.
3.4.4. Privacy 3.4.4. Coordination of configuration information
The network elements will need to be integrated in a way that takes
account of the various lifetimes on timers that are used on different
elements, e.g. DHCPv6 PD, router, valid prefix and preferred prefix
timers.
3.4.5. Privacy
There are no specific privacy concerns discussed in this text. It There are no specific privacy concerns discussed in this text. It
should be noted as above that many ISPs are expected to offer should be noted that, in general, ISPs are expected to offer
relatively stable IPv6 prefixes to customers, and thus the network relatively stable IPv6 prefixes to customers, and thus the network
prefix associated with the host addresses they use may not change prefix associated with the host addresses they use may not change
over a reasonably long period of time. This exposure is similar to over a reasonably long period of time. This exposure is similar to
IPv4 networks that expose the same IPv4 global address via use of IPv4 networks that expose the same IPv4 global address via use of
NAT, where the IPv4 address received from the ISP may change over NAT, where the IPv4 address received from the ISP may change over
time, but not necessarily that frequently. time, but not necessarily that frequently.
Hosts inside an IPv6 homenet may get new IPv6 addresses over time Hosts inside an IPv6 homenet may get new IPv6 addresses over time
regardless, e.g. through Privacy Addresses [RFC4941]. regardless, e.g. through Privacy Addresses [RFC4941]. This may
benefit mutual privacy of users within a home network, but not mask
which home network traffic is sourced from.
3.5. Routing functionality 3.5. Routing functionality
Routing functionality is required when there are multiple routers Routing functionality is required when there are multiple routers
deployed within the internal home network. This functionality could deployed within the internal home network. This functionality could
be as simple as the current "default route is up" model of IPv4 NAT, be as simple as the current 'default route is up' model of IPv4 NAT,
or, more likely, it would involve running an appropriate routing or, more likely, it would involve running an appropriate routing
protocol. protocol.
The homenet unicast routing protocol should preferably be an existing The homenet unicast routing protocol should preferably be an existing
deployed protocol that has been shown to be reliable and robust, and deployed protocol that has been shown to be reliable and robust, and
it is preferable that the protocol is "lightweight". It is desirable it is preferable that the protocol is 'lightweight'. It is desirable
that the routing protocol has knowledge of the homenet topology, that the routing protocol has knowledge of the homenet topology,
which implies a link-state protocol is preferable. If so, it is also which implies a link-state protocol is preferable. If so, it is also
desirable that the announcements and use of LSAs and RAs are desirable that the announcements and use of LSAs and RAs are
appropriately coordinated. This would mean the routing protocol appropriately coordinated. This would mean the routing protocol
gives a consistent view of the network, and that it can pass around gives a consistent view of the network, and that it can pass around
more than just routing information. more than just routing information.
Multiple interface PHYs must be accounted for in the homenet routed Multiple interface PHYs must be accounted for in the homenet routed
topology. Technologies such as Ethernet, WiFi, MoCA, etc must be topology. Technologies such as Ethernet, WiFi, MoCA, etc must be
capable of coexisting in the same environment and should be treated capable of coexisting in the same environment and should be treated
skipping to change at page 26, line 51 skipping to change at page 28, line 12
The multicast environment should support the ability for applications The multicast environment should support the ability for applications
to pick a unique multicast group to use. to pick a unique multicast group to use.
3.6. Security 3.6. Security
The security of an IPv6 homenet is an important consideration. The The security of an IPv6 homenet is an important consideration. The
most notable difference to the IPv4 operational model is the removal most notable difference to the IPv4 operational model is the removal
of NAT, the introduction of global addressability of devices, and of NAT, the introduction of global addressability of devices, and
thus a need to consider whether devices should have global thus a need to consider whether devices should have global
reachability. However, there are other challenges introduced, e.g. reachability. Regardless, hosts need to be able to operate securely,
end-to-end where required, and also be robust against malicious
default filtering policies at the borders between other homenet traffic direct towards them. However, there are other challenges
realms. introduced, e.g. default filtering policies at the borders between
other homenet realms.
There is no defined "threat model" as such for the type of IPv6
homenet described in this text. Such a document may be very useful.
It may include a variety of perspectives, from probing for specific
types of home appliance being present, to potential denial of service
attacks. Hosts need to be able to operate securely, end-to-end where
required, but also be robust against malicious traffic direct towards
them. We simply note at this point that software on home devices are
likely to have an increase in security if it allows its software to
be updated regularly.
3.6.1. Addressability vs reachability 3.6.1. Addressability vs reachability
An IPv6-based home network architecture should embrace and naturally An IPv6-based home network architecture should embrace the
offer a transparent end-to-end communications model as described in transparent end-to-end communications model as described in
[RFC2775]. Each device should be addressable by a globally unique [RFC2775]. Each device should be globally addressable, and those
address, and those addresses must not be altered in transit. addresses must not be altered in transit. However, security
Security perimeters can (via policy) restrict end-to-end perimeters can be applied to restrict end-to-end communications, and
communications, and thus while a host may be globally addressable it thus while a host may be globally addressable it may not be globally
may not be globally reachable. reachable.
In IPv4 NAT networks, the NAT provides an implicit firewall function. In IPv4 NAT networks, the NAT provides an implicit firewall function.
[RFC4864] describes a "Simple Security" model for IPv6 networks, [RFC4864] describes a 'Simple Security' model for IPv6 networks,
whereby stateful perimeter filtering can be applied instead where whereby stateful perimeter filtering can be applied instead where
global addresses are used. RFC 4864 implies an IPv6 "default deny" global addresses are used. RFC 4864 implies an IPv6 'default deny'
policy for inbound connections be used for similar functionality to policy for inbound connections be used for similar functionality to
IPv4 NAT. It should be noted that such a "default deny" approach IPv4 NAT. It should be noted that such a 'default deny' approach
would effectively replace the need for IPv4 NAT traversal protocols would effectively replace the need for IPv4 NAT traversal protocols
with a need to use a signalling protocol to request a firewall hole with a need to use a signalling protocol to request a firewall hole
be opened. Thus to support applications wanting to accept be opened. Thus to support applications wanting to accept
connections initiated into home networks where a "default deny" connections initiated into home networks where a 'default deny'
policy is in place support for a signalling protocol such as UPnP or policy is in place support for a signalling protocol such as UPnP or
PCP [I-D.ietf-pcp-base] is required. In networks with multiple CERs, PCP [I-D.ietf-pcp-base] is required. In networks with multiple CERs,
the signalling would need to handle the cases of flows that may use the signalling would need to handle the cases of flows that may use
one or more exit routers. CERs would need to be able to advertise one or more exit routers. CERs would need to be able to advertise
their existence for such protocols. their existence for such protocols.
[RFC6092] expands on RFC 4864, giving a more detailed discussion of [RFC6092] expands on RFC 4864, giving a more detailed discussion of
IPv6 perimeter security recommendations, without mandating a "default IPv6 perimeter security recommendations, without mandating a 'default
deny" approach. Indeed, RFC 6092 does not prescribe a particular deny' approach. Indeed, RFC 6092 does not enforce a particular mode
mode of operation, instead stating that CERs must provide an easily of operation, instead stating that CERs must provide an easily
selected configuration option that permits a "transparent" mode of selected configuration option that permits a 'transparent' mode, thus
operation, thus ensuring a "default allow" model is available. The ensuring a 'default allow' model is available. The homenet
homenet architecture text makes no recommendation on the default architecture text makes no recommendation on the default setting, and
setting, and refers the reader to RFC 6092. refers the reader to RFC 6092.
Advanced Security for IPv6 CPEs [I-D.vyncke-advanced-ipv6-security]
takes the approach that in order to provide the greatest end-to-end
transparency as well as security, security policies must be updated
by a trusted party which can provide intrusion signatures and other
"active" information on security threats. This might for example
allow different malware detection profiles to be configured on a CER.
Such methods should be able to be automatically updating.
3.6.2. Filtering at borders 3.6.2. Filtering at borders
It is desirable that there are mechanisms to detect different types It is desirable that there are mechanisms to detect different types
of borders within the homenet, as discussed previously, and then the of borders within the homenet, as discussed previously, and further
means to apply different types of filtering policies at those mechanisms to then apply different types of filtering policies at
borders, e.g. whether naming and service discovery should pass a those borders, e.g. whether naming and service discovery should pass
given border. Any such policies should be able to be easily applied a given border. Any such policies should be able to be easily
by typical home users, e.g. to give a user in a guest network access applied by typical home users, e.g. to give a user in a guest network
to media services in the home, or access to a printer. Simple access to media services in the home, or access to a printer. Simple
mechanisms to apply policy changes, or associations between devices, mechanisms to apply policy changes, or associations between devices,
will be required. will be required.
There are cases where full internal connectivity may not be There are cases where full internal connectivity may not be
desirable, e.g. in certain utility networking scenarios, or where desirable, e.g. in certain utility networking scenarios, or where
filtering is required for policy reasons against guest network filtering is required for policy reasons against guest network
subnet(s). Some scenarios/models may as a result involve running subnet(s). Some scenarios/models may as a result involve running
isolated subnet(s) with their own CERs. In such cases connectivity isolated subnet(s) with their own CERs. In such cases connectivity
would only be expected within each isolated network (though traffic would only be expected within each isolated network (though traffic
may potentially pass between them via external providers). may potentially pass between them via external providers).
LLNs provide an another example of where there may be secure LLNs provide an another example of where there may be secure
perimeters inside the homenet. Constrained LLN nodes may implement perimeters inside the homenet. Constrained LLN nodes may implement
WPA2-style network key security but may depend on access policies network key security but may depend on access policies enforced by
enforced by the LLN border router. the LLN border router.
3.6.3. Marginal Effectiveness of NAT and Firewalls 3.6.3. Marginal Effectiveness of NAT and Firewalls
Security by way of obscurity (address translation) or through Security by way of obscurity (address translation) or through
firewalls (filtering) is at best marginally effective. The very poor firewalls (filtering) is at best marginally effective. The very poor
security track record of home computer, home networking and business security track record of home computer, home networking and business
PC computers and networking is testimony to its ineffectiveness. A PC computers and networking is testimony to its ineffectiveness. A
compromise behind the firewall of any device exposes all others, compromise behind the firewall of any device exposes all others,
making an entire network that relies on obscurity or a firewall as making an entire network that relies on obscurity or a firewall as
vulnerable as the most insecure device on the private side of the vulnerable as the most insecure device on the private side of the
network. network.
However, given home network products with very poor security, putting However, given home network products with very poor security, putting
a firewall in place does provide some protection, even if only a firewall in place does provide some protection, even if only
marginally effective. IPv6 global reachability may increase the need marginally effective. The use of firewalls today, whether a good
to solve the underlying problem of certain insecure home and business practice or not, is common practice and whatever protection afforded,
computer and network products. The use of firewalls today, whether a even if marginally effective, must not be lost.
good practice or not, is common practice and whatever protection
afforded, even if marginally effective, must not be lost.
3.6.4. Device capabilities 3.6.4. Device capabilities
In terms of the devices, homenet hosts should implement their own In terms of the devices, homenet hosts should implement their own
security policies in accordance to their computing capabilities. security policies in accordance to their computing capabilities.
They should have the means to request transparent communications to They should have the means to request transparent communications to
be initiated to them, either for all ports or for specific services. be initiated to them, either for all ports or for specific services.
Users should have simple methods to associate devices to services Users should have simple methods to associate devices to services
that they wish to operate transparently through (CER) borders. that they wish to operate transparently through (CER) borders.
3.6.5. ULAs as a hint of connection origin 3.6.5. ULAs as a hint of connection origin
It has been suggested that using ULAs would provide an indication to It has been suggested that using ULAs would provide an indication to
applications that received traffic is locally sourced. This could applications that received traffic is locally sourced. This could
then be used with security settings to designate between which nodes then be used with security settings to designate between which nodes
a particular application is allowed to communicate, provided ULA a particular application is allowed to communicate, provided ULA
address space is filtered appropriately at the boundary of the realm. address space is filtered appropriately at the boundary of the realm.
skipping to change at page 29, line 32 skipping to change at page 30, line 23
a particular application is allowed to communicate, provided ULA a particular application is allowed to communicate, provided ULA
address space is filtered appropriately at the boundary of the realm. address space is filtered appropriately at the boundary of the realm.
3.7. Naming and Service Discovery 3.7. Naming and Service Discovery
Naming and service discovery must be supported in the homenet, and Naming and service discovery must be supported in the homenet, and
the service(s) providing this function must as far as possible the service(s) providing this function must as far as possible
support unmanaged operation. support unmanaged operation.
The naming system will be required to work internally or externally, The naming system will be required to work internally or externally,
be the user within the homenet or outside it. The most natural way be the user within the homenet or outside it, i.e. the user should be
to think about such naming and service discovery is to enable it to able to refer to devices by name, and potentially connect to them,
work across the entire homenet residence (site), disregarding wherever they may be. The most natural way to think about such
technical borders such as subnets but respecting policy borders such naming and service discovery is to enable it to work across the
as those between guest and other internal network realms. entire homenet residence (site), disregarding technical borders such
as subnets but respecting policy borders such as those between guest
and other internal network realms.
3.7.1. Discovering services 3.7.1. Discovering services
Users will typically perform service discovery through GUI interfaces Users will typically perform service discovery through GUI interfaces
that allow them to browse services on their network in an appropriate that allow them to browse services on their network in an appropriate
and intuitive way. Such interfaces are beyond the scope of this and intuitive way. Such interfaces are beyond the scope of this
document, but the interface should have an appropriate API for the document, but the interface should have an appropriate API for the
discovery to be performed. discovery to be performed.
Such interfaces may also typically hide the local domain name element Such interfaces may also typically hide the local domain name element
from users, especially where only one name space is available. As we from users, especially where only one name space is available.
discuss below, in some cases the ability to discover available However, as we discuss below, in some cases the ability to discover
domains may be useful. available domains may be useful.
We note that current service discovery protocols are generally aimed We note that current service discovery protocols are generally aimed
at single subnets. There is thus a choice to make for multi-subnet at single subnets. There is thus a choice to make for multi-subnet
homenets as to whether such protocols should be proxied or extended homenets as to whether such protocols should be proxied or extended
to operate across a whole homenet. This issue is discussed in more to operate across a whole homenet. In this context, that may mean
detail in a later section of this text. In general we should prefer bridging a link-local method, taking care to avoid loops, or
approaches that are backwardly compatible, and allow current extending the scope of multicast traffic used for the purpose. This
implementations to continue to be used. document does not mandate either solution, rather it expresses the
principles that should be used for a homenet naming and service
discovery environment. Or it may be that a new approach is
preferable, e.g. flooding information around the homenet as
attributes within the routing protocol (which could allow per-prefix
configuration). In general we should prefer approaches that are
backwardly compatible, and allow current implementations to continue
to be used.
One of the primary challenges facing service discovery today is lack One of the primary challenges facing service discovery today is lack
of interoperability due to the ever increasing number of service of interoperability due to the ever increasing number of service
discovery protocols available. While it is conceivable for consumer discovery protocols available. While it is conceivable for consumer
devices to support multiple discovery protocols, this is clearly not devices to support multiple discovery protocols, this is clearly not
the most efficient use of network and computational resources. One the most efficient use of network and computational resources. One
goal of the homenet architecture should be a path to service goal of the homenet architecture should be a path to service
discovery protocol interoperability either through a standards based discovery protocol interoperability either through a standards based
translation scheme, hooks into current protocols to allow some for of translation scheme, hooks into current protocols to allow some for of
communication among discovery protocols, extensions to support a communication among discovery protocols, extensions to support a
central service repository in the homenet, or convergence towards a central service repository in the homenet, or simply convergence
unified protocol suite. towards a unified protocol suite.
3.7.2. Assigning names to devices 3.7.2. Assigning names to devices
Given the large number of devices that may be networked in the Given the large number of devices that may be networked in the
future, devices should have a means to generate their own unique future, devices should have a means to generate their own unique
names within a homenet, and to detect clashes should they arise, e.g. names within a homenet, and to detect clashes should they arise, e.g.
where two devices of the same type are deployed with the same default where a second device of the same type/vendor as an existing device
name, or where two running network elements are suddenly joined. with the same default name is deployed, or where two running network
elements with such devices are suddenly joined. For example, mDNS
[I-D.cheshire-dnsext-multicastdns] section 8 describes such a
mechanism for a single subnetwork and the '.local' zone. Before
assigning a name to the device and the .local naming space, the
device checks whether the name already belongs to another device by
sending a multicast DNS query.
Users will also want simple ways to (re)name devices, again most Users will also want simple ways to (re)name devices, again most
likely through an appropriate and intuitive interface that is beyond likely through an appropriate and intuitive interface that is beyond
the scope of this document. Note the name a user assigns to a device the scope of this document. Note the name a user assigns to a device
may be a label that is stored on the device as an attribute of the may be a label that is stored on the device as an attribute of the
device, and may be distinct from the name used in a name service, device, and may be distinct from the name used in a name service,
e.g. 'Laser Printer in the Study Room' as opposed to e.g. 'Study Laser Printer' as opposed to printer2.<somedomain>.
printer2.sitelocal.
3.7.3. Name spaces 3.7.3. Name spaces
It is desirable that only one name space is in use in the homenet, It is desirable that only one name space is in use in the homenet,
and that this name space is served authoritatively by a server in the and that this name space is served authoritatively by a server in the
homenet, most likely resident on the CER. homenet, most likely resident on the CER.
If a user wishes to access their home devices remotely from elsewhere If a user wishes to access their home devices remotely from elsewhere
on the Internet a globally unique name space is required. This may on the Internet a globally unique name space is required. This may
be acquired by the user or provided/generated by their ISP. It is be acquired by the user or provided/generated by their ISP. It is
expected that the default case is that a homenet will use a global expected that the default case is that a homenet will use a global
domain provided by the ISP, but users wishing to use a name space domain provided by the ISP, but advanced users wishing to use a name
that is independent of their provider in the longer term may seek space that is independent of their provider in the longer term should
their own domain name. Examples of provider name space delegation be able to acquire and use their own domain name. Examples of
approaches are described in [I-D.mglt-homenet-naming-delegation] and provider name space delegation approaches are described in
[I-D.mglt-homenet-naming-delegation] and
[I-D.mglt-homenet-front-end-naming-delegation]. For users wanting to [I-D.mglt-homenet-front-end-naming-delegation]. For users wanting to
use their own independent domain names, such services are already use their own independent domain names, such services are already
available. available.
If however a global name space is not available, the homenet will If however a global name space is not available, the homenet will
need to pick and use a local name space, which would only have need to pick and use a local name space which would only have meaning
meaning within the local homenet (i.e. it would not be used for within the local homenet (i.e. it would not be used for remote access
remote access to the homenet). The .local name space has a special to the homenet). The .local name space currently has a special
meaning for certain existing protocols which have link-local scope, meaning for certain existing protocols which have link-local scope,
and is thus not appropriate for multi-subnet home networks. A and is thus not appropriate for multi-subnet home networks. A
differently named name space is thus required for the homenet. different name space is thus required for the homenet.
One approach for picking a local name space is to use an Ambiguous One approach for picking a local name space is to use an Ambiguous
Local Qualified Domain Name (ALQDN) space, such as .sitelocal (or an Local Qualified Domain Name (ALQDN) space, such as .sitelocal (or an
appropriate name reserved for the purpose). While this is a simple appropriate name reserved for the purpose). While this is a simple
approach, there is the potential for devices that are bookmarked approach, there is the potential in principle for devices that are
somehow by an application in one homenet to be confused with a device bookmarked somehow by an application in one homenet to be confused
with the same name in another homenet. with a device with the same name in another homenet.
An alternative approach for local name space would be to use a Unique An alternative approach for a local name space would be to use a
Locally Qualified Domain Name (ULQDN) space such as Unique Locally Qualified Domain Name (ULQDN) space such as
.<UniqueString>.sitelocal. The <UniqueString> could be generated in .<UniqueString>.sitelocal. The <UniqueString> could be generated in
a variety of ways, one potentially being based on the local ULA a variety of ways, one potentially being based on the local /48 ULA
prefix across the homenet. Such a <UniqueString> should survive a prefix being used across the homenet. Such a <UniqueString> should
cold start, or if an existing value is not set on startup, the CER or survive a cold restart, i.e. be consistent after a network power-
device running the name service should generate a default value. It down, or, if a value is not set on startup, the CER or device running
could be desirable for the homenet user to be able to override the the name service should generate a default value. It could be
desirable for the homenet user to be able to override the
<UniqueString> with a value of their choice, but that would increase <UniqueString> with a value of their choice, but that would increase
the likelihood of a name conflict. the likelihood of a name conflict.
Whichever approach is used, the intent is to disambiguate the name Whichever approach is used, the intent of using a ULQDN is to
space across different homenets, not to create a new IANA name space disambiguate the name space across different homenets, not to create
for such networks. If remote access to the homenet is required, a a new IANA name space for such networks. However, in practice an
global domain is required. ALQDN may typically suffice, because the underlying service discovery
protocols should be capable of handling moving to a network where a
new device is using the same name as a device used previously in
another homenet. And regardless, if remote access to a homenet is
required, a global domain is required, which implictly disambiguates
devices.
With the introduction of new "dotless" top level domains, there is With the introduction of new "dotless" top level domains, there is
potential for ambiguity between for example a local host called also potential for ambiguity between, for example, a local host
"computer" and (if it is registered) a .computer gTLD. Thus called 'computer' and (if it is registered) a .computer gTLD. Thus
qualified names should always be used, whether these are exposed to qualified names should always be used, whether these are exposed to
the user or not. the user or not.
There may be use cases where segmentation of the name space is There may be use cases where segmentation of the name space is
desirable, e.g. for use in different realms within the homenet. Thus desirable, e.g. for use in different realms within the homenet. Thus
hierarchical name space management is likely to be required. hierarchical name space management is likely to be required.
Where a user may be in a remote network wishing to access devices in Where a user may be in a remote network wishing to access devices in
their home network, there may be a requirement to consider the domain their home network, there may be a requirement to consider the domain
search order presented where two name spaces exist. In such cases, a search order presented where two accompanying name spaces exist. In
GUI may present the user a choice of domains to use, where the name such cases, a GUI may present the user a choice of domains to use,
of their devices is thus relative to that domain. This implies that where the name of their devices is thus relative to that domain.
a domain discovery function is desirable. This implies that a domain discovery function is desirable.
It may be the case that not all devices in the homenet are made It may be the case that not all devices in the homenet are made
available by name via an Internet name space, and that a 'split view' available by name via an Internet name space, and that a 'split view'
is preferred for certain devices. is preferred for certain devices.
This document makes no assumption about the presence or omission of a This document makes no assumption about the presence or omission of a
reverse lookup service. There is an argument that it may be useful reverse lookup service. There is an argument that it may be useful
for presenting logging information to users with meaningful device for presenting logging information to users with meaningful device
names rather than literal addresses. names rather than literal addresses.
skipping to change at page 32, line 31 skipping to change at page 33, line 42
A lookup would operate via a direct query to a known service, while A lookup would operate via a direct query to a known service, while
discovery may use multicast messages or a service where applications discovery may use multicast messages or a service where applications
register in order to be found. register in order to be found.
It is highly desirable that the homenet name service must at the very It is highly desirable that the homenet name service must at the very
least co-exist with the Internet name service. There should also be least co-exist with the Internet name service. There should also be
a bias towards proven, existing solutions. The strong implication is a bias towards proven, existing solutions. The strong implication is
thus that the homenet service is DNS-based, or DNS-compatible. There thus that the homenet service is DNS-based, or DNS-compatible. There
are naming protocols that are designed to be configured and operate are naming protocols that are designed to be configured and operate
Internet-wide, like unicast-based DNS, but also protocols that are Internet-wide, like unicast-based DNS, but also protocols that are
designed for zero-configuration local environments, like mDNS. designed for zero-configuration local environments, like mDNS
[I-D.cheshire-dnsext-multicastdns]. Note that when DNS is used as
the homenet name service, it includes both a resolving service and an
authoritative service. The authoritative service hosts the homenet
related zone, that may be requested by the resolving service.
As described in [I-D.mglt-homenet-naming-delegation], one approach is As described in [I-D.mglt-homenet-naming-delegation], one approach is
to run an authoritative name service in the homenet, most likely on to run an authoritative name service in the homenet as well as a
the CER, which caches results, and to have the homenet's ISP provide resolving name service, most likely on the CER. The homenet
a secondary name service. resolving name service relies both on the homenet authoritative
service as well as on a secondary resolving name service provided by
the ISP, for global Internet naming resolution.
For a service such as mDNS to coexist with an Internet name service, For a service such as mDNS to coexist with an Internet name service,
where the homenet is preferably using a global domain name, it is where the homenet is preferably using a global domain name, it is
desirable that the zeroconf devices have a way to add their names to desirable that the zeroconf devices have a way to add their names to
the global name space in use. Zeroconf protocols could be used to the global name space in use. One solution could be for zeroconf
indicate global FQDNs, e.g. an mDNS service could return a FQDN in a protocols to be used to indicate global FQDNs, e.g. an mDNS service
SRV record. could return a FQDN in a SRV record.
Regardless, a method for local name service entries to be populated Regardless, a method for local name service entries to be populated
automatically by devices is desirable. Interfaces to devices might automatically by devices is desirable. Interfaces to devices might
choose to give users the option as to whether the device should choose to give users the option as to whether the device should
register itself in the global name space. There should also be a register itself in the global name space. There should also be a
defined mechanism for device entries to be removed or expired from defined mechanism for device entries to be removed or expired from
the global name space. the global name space.
It has been suggested for example that Dynamic DNS could be made to It has been suggested that Dynamic DNS could be made to operate in a
operate in a zero-configuration mode using a locally significant root zero-configuration mode using a locally significant root domain and
domain and with minimal configuration or using a DHCPv6 based with minimal configuration or, using a DHCPv6 based means of
(details to-be-defined) means of automated delegation populate a automated delegation, populate a global DNS zone.
global DNS zone.
To protect against attacks such as cache poisoning, it is desirable To protect against attacks such as cache poisoning, it is desirable
to support appropriate name service security methods, including to support appropriate name service security methods, including
DNSSEC. DNSSEC.
The impact of a change in CER must be considered. It would be The CER is an appropriate location to host the naming service.
desirable to retain any relevant state (configuration) that was held However, it introduces an additional load due to the name service
in the old CER. This might imply that state information should be management, e.g. signing the zone, or resolving naming queries. This
distributed in the homenet, to be recoverable by/to the new CER, or additional load must be balanced with the CER capabilities, else the
to the homenet's ISP or a third party service by some means. function(s) may need to be offloaded elsewhere, e.g. with the ISP,
though this may impact on the independent operation principle.
Finally, the impact of a change in CER must be considered. It would
be desirable to retain any relevant state (configuration) that was
held in the old CER. This might imply that state information should
be distributed in the homenet, to be recoverable by/to the new CER,
or to the homenet's ISP or a third party service by some means.
3.7.5. Independent operation 3.7.5. Independent operation
Name resolution and service discovery for reachable devices must Name resolution and service discovery for reachable devices must
continue to function if the local network is disconnected from the continue to function if the local network is disconnected from the
global Internet, e.g. a local media server should still be available global Internet, e.g. a local media server should still be available
even if the Internet link is down for an extended period. This even if the Internet link is down for an extended period. This
implies the local network should also be able to perform a complete implies the local network should also be able to perform a complete
restart in the absence of external connectivity, and have local restart in the absence of external connectivity, and have local
naming and service discovery operate correctly. naming and service discovery operate correctly.
skipping to change at page 33, line 46 skipping to change at page 35, line 20
A change in ISP should not affect local naming and service discovery. A change in ISP should not affect local naming and service discovery.
However, if the homenet uses a global name space provided by the ISP, However, if the homenet uses a global name space provided by the ISP,
then this will obviously have an impact if the user changes their then this will obviously have an impact if the user changes their
network provider. network provider.
3.7.6. Considerations for LLNs 3.7.6. Considerations for LLNs
In some parts of the homenet, in particular LLNs, devices may be In some parts of the homenet, in particular LLNs, devices may be
sleeping, in which case a proxy for such nodes may be required, that sleeping, in which case a proxy for such nodes may be required, that
can respond (for example) to multicast service discovery requests. could respond (for example) to multicast service discovery requests.
Those same parts of the network may have less capacity for multicast Those same parts of the network may have less capacity for multicast
traffic that may be flooded from other parts of the network. In traffic that may be flooded from other parts of the network. In
general, message utilisation should be efficient considering the general, message utilisation should be efficient considering the
network technologies the service may need to operate over. network technologies the service may need to operate over.
There are efforts underway to determine naming and discovery There are efforts underway to determine naming and discovery
solutions for use by the Constrained Application Protocol (CoAP) in solutions for use by the Constrained Application Protocol (CoAP) in
LLN networks. These are outside the scope of this document. LLN networks. These are outside the scope of this document.
3.7.7. DNS resolver discovery 3.7.7. DNS resolver discovery
Automatic discovery of a name service to allow client devices in the Automatic discovery of a name service to allow client devices in the
homenet to resolve external domains on the Internet is required, and homenet to resolve external domains on the Internet is required, and
such discovery must support clients that may be a number of router such discovery must support clients that may be a number of router
hops away from the name service. Similarly the search domains for hops away from the name service. Similarly the search domains for
local FQDN-derived zones should be included. local FQDN-derived zones should be included.
3.8. Other Considerations 3.8. Other Considerations
This section discusses some other considerations for home networking This section discusses two other considerations for home networking
that may affect the architecture. that the architecture should not preclude, but that this text is
neutral towards.
3.8.1. Proxy or Extend?
There are two broad choices for allowing services that would
otherwise be link-local to work across a homenet site, i.e. to extend
the protocol to work across the scope of a subnet directly, or to
proxy the link-local protocol between subnets. It may also in some
cases be appropriate to use a different protocol instead, in which
case that protocol should preferably be a proven, existing protocol.
In the example of service discovery, one option is to take protocols
like mDNS and have them run over site multicast within the homenet,
as described in the Extended mDNS proposal (xmDNS)
[I-D.lynn-homenet-site-mdns]. This is fine if all hosts support the
extension, and the scope within any internal borders is well-
understood. But it's not backwards-compatible with existing link-
local protocols. An alternative is to proxy service discovery across
subnets to propagate it. This is more complex, but is backwards-
compatible. It would need to work with IPv6, and dual-stack.
The homenet architecture proposes that any existing protocols that
are designed to only work within a subnet should be extended to work
across subnets, rather than defining proxy capabilities for each of
those functions. However, while it is desirable to extend protocols
to site scope operation rather than providing proxy functions on
subnet boundaries, the reality is that until all hosts can use site-
scope discovery protocols, existing link-local protocols would need
to be proxied anyway.
Some protocols already have proxy functions defined and in use, e.g.
DHCPv6 relays, in which case those protocols would be expected to
continue to operate that way.
3.8.2. Quality of Service 3.8.1. Quality of Service
Support for QoS in a multi-service homenet may be a requirement, e.g. Support for QoS in a multi-service homenet may be a requirement, e.g.
for a critical system (perhaps healthcare related), or for for a critical system (perhaps healthcare related), or for
differentiation between different types of traffic (file sharing, differentiation between different types of traffic (file sharing,
cloud storage, live streaming, VoIP, etc). Different media types may cloud storage, live streaming, VoIP, etc). Different media types may
have different such properties or capabilities. have different such properties or capabilities.
However, homenet scenarios should require no new QoS protocols. A However, homenet scenarios should require no new QoS protocols. A
DiffServ [RFC2475] approach with a small number of predefined traffic DiffServ [RFC2475] approach with a small number of predefined traffic
classes should generally be sufficient, though at present there is classes may generally be sufficient, though at present there is
little experience of QoS deployment in home networks. It is likely little experience of QoS deployment in home networks. It is likely
that QoS, or traffic prioritisation, methods will be required at the that QoS, or traffic prioritisation, methods will be required at the
CER, and potentially around boundaries between different media types CER, and potentially around boundaries between different media types
(where for example some traffic may simply not be appropriate for (where for example some traffic may simply not be appropriate for
some media, and need to be dropped to avoid drowning the constrained some media, and need to be dropped to avoid drowning the constrained
media). media).
There may also be complementary mechanisms that could be beneficial There may also be complementary mechanisms that could be beneficial
to application performance and behaviour in the homenet domain, such to application performance and behaviour in the homenet domain, such
as ensuring proper buffering algorithms are used as described in as ensuring proper buffering algorithms are used as described in
[Gettys11]. [Gettys11].
3.8.3. Operations and Management 3.8.2. Operations and Management
The homenet should be self-organising and configuring as far as The homenet should be self-organising and configuring as far as
possible, and thus not be pro-actively managed by the home user. possible, and thus not be pro-actively managed by the home user.
Thus protocols to manage the network are not discussed in this Thus protocols to manage the network are not discussed in this
architecture text. architecture text.
However, users may be interested in the status of their networks and However, users may be interested in the status of their networks and
devices on the network, in which case simplified monitoring devices on the network, in which case simplified monitoring
mechanisms may be desirable. It may also be the case that an ISP, or mechanisms may be desirable. It may also be the case that an ISP, or
a third party, might offer management of the homenet on behalf of a a third party, might offer management of the homenet on behalf of a
user, in which case management protocols would be required. How such user, in which case management protocols would be required. How such
management is done is out of scope of this document; many solutions management is done is out of scope of this document; many solutions
exist. exist.
3.9. Implementing the Architecture on IPv6 3.9. Implementing the Architecture on IPv6
This architecture text encourages re-use of existing protocols. Thus This architecture text encourages re-use of existing protocols. Thus
the necessary mechanisms are largely already part of the IPv6 the necessary mechanisms are largely already part of the IPv6
protocol set and common implementations. There are though some protocol set and common implementations, though there are some
exceptions. For automatic routing, it is expected that existing exceptions.
routing protocols can be used as is. However, a new mechanism may be
needed in order to turn a selected protocol on by default. For automatic routing, it is expected that existing routing protocols
can be used as is. However, a new mechanism may be needed in order
to turn a selected protocol on by default.
Some functionality, if required by the architecture, would add Some functionality, if required by the architecture, would add
significant changes or require development of new protocols, e.g. significant changes or require development of new protocols, e.g.
support for multihoming with multiple exit routers would likely support for multihoming with multiple exit routers would likely
require extensions to support source and destination address based require extensions to support source and destination address based
routing within the homenet. routing within the homenet.
Some protocol changes are however required in the architecture, e.g. Some protocol changes are however required in the architecture, e.g.
for name resolution and service discovery, extensions to existing for name resolution and service discovery, extensions to existing
multicast-based name resolution protocols are needed to enable them multicast-based name resolution protocols are needed to enable them
to work across subnets, within the scope of the home network site. to work across subnets, within the scope of the home network site.
Some of the hardest problems in developing solutions for home Some of the hardest problems in developing solutions for home
networking IPv6 architectures include discovering the right borders networking IPv6 architectures include discovering the right borders
where the "home" domain ends and the service provider domain begins, where the 'home' domain ends and the service provider domain begins,
deciding whether some of the necessary discovery mechanism extensions deciding whether some of the necessary discovery mechanism extensions
should affect only the network infrastructure or also hosts, and the should affect only the network infrastructure or also hosts, and the
ability to turn on routing, prefix delegation and other functions in ability to turn on routing, prefix delegation and other functions in
a backwards compatible manner. a backwards compatible manner.
4. Conclusions 4. Conclusions
This text defines principles and requirements for a homenet This text defines principles and requirements for a homenet
architecture. The principles and requirements documented here should architecture. The principles and requirements documented here should
be observed by any future texts describing homenet protocols for be observed by any future texts describing homenet protocols for
skipping to change at page 37, line 12 skipping to change at page 38, line 5
[RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast [RFC4193] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast
Addresses", RFC 4193, October 2005. Addresses", RFC 4193, October 2005.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006. Architecture", RFC 4291, February 2006.
[RFC4864] Van de Velde, G., Hain, T., Droms, R., Carpenter, B., and [RFC4864] Van de Velde, G., Hain, T., Droms, R., Carpenter, B., and
E. Klein, "Local Network Protection for IPv6", RFC 4864, E. Klein, "Local Network Protection for IPv6", RFC 4864,
May 2007. May 2007.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, September 2007.
[RFC6092] Woodyatt, J., "Recommended Simple Security Capabilities in
Customer Premises Equipment (CPE) for Providing
Residential IPv6 Internet Service", RFC 6092,
January 2011.
5.2. Informative References 5.2. Informative References
[RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and [RFC1918] Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G., and
E. Lear, "Address Allocation for Private Internets", E. Lear, "Address Allocation for Private Internets",
BCP 5, RFC 1918, February 1996. BCP 5, RFC 1918, February 1996.
[RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z., [RFC2475] Blake, S., Black, D., Carlson, M., Davies, E., Wang, Z.,
and W. Weiss, "An Architecture for Differentiated and W. Weiss, "An Architecture for Differentiated
Services", RFC 2475, December 1998. Services", RFC 2475, December 1998.
skipping to change at page 37, line 50 skipping to change at page 38, line 34
January 2001. January 2001.
[RFC3646] Droms, R., "DNS Configuration options for Dynamic Host [RFC3646] Droms, R., "DNS Configuration options for Dynamic Host
Configuration Protocol for IPv6 (DHCPv6)", RFC 3646, Configuration Protocol for IPv6 (DHCPv6)", RFC 3646,
December 2003. December 2003.
[RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for [RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for
Renumbering an IPv6 Network without a Flag Day", RFC 4192, Renumbering an IPv6 Network without a Flag Day", RFC 4192,
September 2005. September 2005.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, September 2007.
[RFC5533] Nordmark, E. and M. Bagnulo, "Shim6: Level 3 Multihoming [RFC5533] Nordmark, E. and M. Bagnulo, "Shim6: Level 3 Multihoming
Shim Protocol for IPv6", RFC 5533, June 2009. Shim Protocol for IPv6", RFC 5533, June 2009.
[RFC5969] Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4 [RFC5969] Townsley, W. and O. Troan, "IPv6 Rapid Deployment on IPv4
Infrastructures (6rd) -- Protocol Specification", Infrastructures (6rd) -- Protocol Specification",
RFC 5969, August 2010. RFC 5969, August 2010.
[RFC6092] Woodyatt, J., "Recommended Simple Security Capabilities in
Customer Premises Equipment (CPE) for Providing
Residential IPv6 Internet Service", RFC 6092,
January 2011.
[RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, [RFC6106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli,
"IPv6 Router Advertisement Options for DNS Configuration", "IPv6 Router Advertisement Options for DNS Configuration",
RFC 6106, November 2010. RFC 6106, November 2010.
[RFC6144] Baker, F., Li, X., Bao, C., and K. Yin, "Framework for [RFC6144] Baker, F., Li, X., Bao, C., and K. Yin, "Framework for
IPv4/IPv6 Translation", RFC 6144, April 2011. IPv4/IPv6 Translation", RFC 6144, April 2011.
[RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation [RFC6145] Li, X., Bao, C., and F. Baker, "IP/ICMP Translation
Algorithm", RFC 6145, April 2011. Algorithm", RFC 6145, April 2011.
skipping to change at page 38, line 41 skipping to change at page 39, line 33
Exhaustion", RFC 6333, August 2011. Exhaustion", RFC 6333, August 2011.
[RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with [RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with
Dual-Stack Hosts", RFC 6555, April 2012. Dual-Stack Hosts", RFC 6555, April 2012.
[RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown, [RFC6724] Thaler, D., Draves, R., Matsumoto, A., and T. Chown,
"Default Address Selection for Internet Protocol Version 6 "Default Address Selection for Internet Protocol Version 6
(IPv6)", RFC 6724, September 2012. (IPv6)", RFC 6724, September 2012.
[I-D.mglt-homenet-front-end-naming-delegation] [I-D.mglt-homenet-front-end-naming-delegation]
Cloetens, W., Lemordant, P., and D. Migault, "IPv6 Home Migault, D., Cloetens, W., Lemordant, P., and C.
Network Front End Naming Delegation", Griffiths, "IPv6 Home Network Front End Naming
draft-mglt-homenet-front-end-naming-delegation-00 (work in Delegation",
progress), July 2012. draft-mglt-homenet-front-end-naming-delegation-01 (work in
progress), November 2012.
[I-D.mglt-homenet-naming-delegation] [I-D.mglt-homenet-naming-delegation]
Cloetens, W., Lemordant, P., and D. Migault, "IPv6 Home Cloetens, W., Lemordant, P., and D. Migault, "IPv6 Home
Network Naming Delegation Architecture", Network Naming Delegation Architecture",
draft-mglt-homenet-naming-delegation-00 (work in draft-mglt-homenet-naming-delegation-00 (work in
progress), July 2012. progress), July 2012.
[I-D.baker-fun-multi-router]
Baker, F., "Exploring the multi-router SOHO network",
draft-baker-fun-multi-router-00 (work in progress),
July 2011.
[I-D.lynn-homenet-site-mdns] [I-D.lynn-homenet-site-mdns]
Lynn, K. and D. Sturek, "Extended Multicast DNS", Lynn, K. and D. Sturek, "Extended Multicast DNS",
draft-lynn-homenet-site-mdns-01 (work in progress), draft-lynn-homenet-site-mdns-01 (work in progress),
September 2012. September 2012.
[I-D.vyncke-advanced-ipv6-security]
Vyncke, E., Yourtchenko, A., and M. Townsley, "Advanced
Security for IPv6 CPE",
draft-vyncke-advanced-ipv6-security-03 (work in progress),
October 2011.
[I-D.ietf-v6ops-ipv6-multihoming-without-ipv6nat] [I-D.ietf-v6ops-ipv6-multihoming-without-ipv6nat]
Matsushima, S., Okimoto, T., Troan, O., Miles, D., and D. Matsushima, S., Okimoto, T., Troan, O., Miles, D., and D.
Wing, "IPv6 Multihoming without Network Address Wing, "IPv6 Multihoming without Network Address
Translation", Translation",
draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat-04 (work draft-ietf-v6ops-ipv6-multihoming-without-ipv6nat-04 (work
in progress), February 2012. in progress), February 2012.
[I-D.baker-homenet-prefix-assignment] [I-D.baker-homenet-prefix-assignment]
Baker, F. and R. Droms, "IPv6 Prefix Assignment in Small Baker, F. and R. Droms, "IPv6 Prefix Assignment in Small
Networks", draft-baker-homenet-prefix-assignment-01 (work Networks", draft-baker-homenet-prefix-assignment-01 (work
in progress), March 2012. in progress), March 2012.
[I-D.arkko-homenet-prefix-assignment] [I-D.arkko-homenet-prefix-assignment]
Arkko, J., Lindem, A., and B. Paterson, "Prefix Assignment Arkko, J., Lindem, A., and B. Paterson, "Prefix Assignment
in a Home Network", in a Home Network",
draft-arkko-homenet-prefix-assignment-02 (work in draft-arkko-homenet-prefix-assignment-03 (work in
progress), July 2012. progress), October 2012.
[I-D.acee-ospf-ospfv3-autoconfig] [I-D.acee-ospf-ospfv3-autoconfig]
Lindem, A. and J. Arkko, "OSPFv3 Auto-Configuration", Lindem, A. and J. Arkko, "OSPFv3 Auto-Configuration",
draft-acee-ospf-ospfv3-autoconfig-03 (work in progress), draft-acee-ospf-ospfv3-autoconfig-03 (work in progress),
July 2012. July 2012.
[I-D.cheshire-dnsext-multicastdns]
Cheshire, S. and M. Krochmal, "Multicast DNS",
draft-cheshire-dnsext-multicastdns-15 (work in progress),
December 2011.
[I-D.ietf-pcp-base] [I-D.ietf-pcp-base]
Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P. Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P.
Selkirk, "Port Control Protocol (PCP)", Selkirk, "Port Control Protocol (PCP)",
draft-ietf-pcp-base-28 (work in progress), October 2012. draft-ietf-pcp-base-29 (work in progress), November 2012.
[I-D.kline-default-perimeter] [I-D.kline-default-perimeter]
Kline, E., "Default Perimeter Identification", Kline, E., "Default Border Definition",
draft-kline-default-perimeter-00 (work in progress), draft-kline-default-perimeter-01 (work in progress),
July 2012. November 2012.
[I-D.hain-ipv6-ulac]
Hain, T., Hinden, R., and G. Huston, "Centrally Assigned
IPv6 Unicast Unique Local Address Prefixes",
draft-hain-ipv6-ulac-02 (work in progress), July 2010.
[I-D.chakrabarti-homenet-prefix-alloc]
Nordmark, E., Chakrabarti, S., Krishnan, S., and W.
Haddad, "Simple Approach to Prefix Distribution in Basic
Home Networks", draft-chakrabarti-homenet-prefix-alloc-01
(work in progress), October 2011.
[I-D.ietf-v6ops-6204bis] [I-D.ietf-v6ops-6204bis]
Singh, H., Beebee, W., Donley, C., and B. Stark, "Basic Singh, H., Beebee, W., Donley, C., and B. Stark, "Basic
Requirements for IPv6 Customer Edge Routers", Requirements for IPv6 Customer Edge Routers",
draft-ietf-v6ops-6204bis-11 (work in progress), draft-ietf-v6ops-6204bis-12 (work in progress),
September 2012. October 2012.
[Gettys11] [Gettys11]
Gettys, J., "Bufferbloat: Dark Buffers in the Internet", Gettys, J., "Bufferbloat: Dark Buffers in the Internet",
March 2011, March 2011,
<http://www.ietf.org/proceedings/80/slides/tsvarea-1.pdf>. <http://www.ietf.org/proceedings/80/slides/tsvarea-1.pdf>.
[IGD-2] UPnP Gateway Committee, "Internet Gateway Device (IGD) V [IGD-2] UPnP Gateway Committee, "Internet Gateway Device (IGD) V
2.0", September 2010, <http://upnp.org/specs/gw/ 2.0", September 2010, <http://upnp.org/specs/gw/
UPnP-gw-WANIPConnection-v2-Service.pdf>. UPnP-gw-WANIPConnection-v2-Service.pdf>.
Appendix A. Acknowledgments Appendix A. Acknowledgments
The authors would like to thank Aamer Akhter, Mark Andrews, Dmitry The authors would like to thank Aamer Akhter, Mark Andrews, Dmitry
Anipko, Fred Baker, Ray Bellis, Cameron Byrne, Brian Carpenter, Anipko, Ran Atkinson, Fred Baker, Ray Bellis, Cameron Byrne, Brian
Stuart Cheshire, Lorenzo Colitti, Robert Cragie, Ralph Droms, Lars Carpenter, Stuart Cheshire, Lorenzo Colitti, Robert Cragie, Ralph
Eggert, Jim Gettys, olafur Gudmundsson, Wassim Haddad, Joel M. Droms, Lars Eggert, Jim Gettys, Olafur Gudmundsson, Wassim Haddad,
Halpern, David Harrington, Lee Howard, Ray Hunter, Joel Jaeggli, Joel M. Halpern, David Harrington, Lee Howard, Ray Hunter, Joel
Heather Kirksey, Ted Lemon, Acee Lindem, Kerry Lynn, Erik Nordmark, Jaeggli, Heather Kirksey, Ted Lemon, Acee Lindem, Kerry Lynn, Daniel
Michael Richardson, Barbara Stark, Sander Steffann, Don Sturek, Dave Migault, Erik Nordmark, Michael Richardson, Mattia Rossi, Barbara
Taht, Dave Thaler, Michael Thomas, Mark Townsley, JP Vasseur, Curtis Stark, Sander Steffann, Don Sturek, Dave Taht, Dave Thaler, Michael
Villamizar, Dan Wing, Russ White, and James Woodyatt for their Thomas, Mark Townsley, JP Vasseur, Curtis Villamizar, Dan Wing, Russ
comments and contributions within homenet WG meetings and on the WG White, and James Woodyatt for their comments and contributions within
mailing list. homenet WG meetings and on the WG mailing list. An acknowledgement
generally means that person's text made it in to the document, or was
helpful in clarifying or reinforcing an aspect of the document.
Appendix B. Changes Appendix B. Changes
This section will be removed in the final version of the text. This section will be removed in the final version of the text.
B.1. Version 06 B.1. Version 07
Changes made include:
o Removed reference to NPTv6 in section 3.2.4. Instead now say it
has an architectural cost to use in the earlier section, and thus
it is not recommended for use in the homenet architecture.
o Removed 'proxy or extend?' section. Included shorter text in main
body, without mandating either approach for service discovery.
o Made it clearer that ULAs are expected to be used alongside
globals.
o Removed reference to 'advanced security' as described in
draft-vyncke-advanced-ipv6-security.
o Balanced the text between ULQDN and ALQDN.
o Clarify text does not assume default deny or allow on CER, but
that either mode may be enabled.
o Removed ULA-C reference for 'simple' addresses. Instead only
suggested service discovery to find such devices.
o Reiterated that single/multiple CER models to be supported for
multihoming.
o Reordered section 3.3 to improve flow.
o Added recommendation that homenet is not allocated less than /60,
and a /56 is preferable.
o Tidied up first few intro sections.
o Other minor edits from list feedback.
B.2. Version 06
Changes made include: Changes made include:
o Stated that unmanaged goal is 'as far as possible'. o Stated that unmanaged goal is 'as far as possible'.
o Added note about multiple /48 ULAs potentially being in use. o Added note about multiple /48 ULAs potentially being in use.
o Minor edits from list feedback. o Minor edits from list feedback.
B.2. Version 05 B.3. Version 05
Changes made include: Changes made include:
o Some significant changes to naming and SD section. o Some significant changes to naming and SD section.
o Removed some expired drafts. o Removed some expired drafts.
o Added notes about issues caused by ISP only delegating a /64. o Added notes about issues caused by ISP only delegating a /64.
o Recommended against using prefixes longer than /64. o Recommended against using prefixes longer than /64.
o Suggested CER asks for /48 by DHCP-PD, even if it only receives o Suggested CER asks for /48 by DHCP-PD, even if it only receives
less. less.
o Added note about DS-Lite but emphasised transition is out of o Added note about DS-Lite but emphasised transition is out of
scope. scope.
o Added text about multicast routing. o Added text about multicast routing.
B.3. Version 04 B.4. Version 04
Changes made include: Changes made include:
o Moved border section from IPv6 differences to principles section. o Moved border section from IPv6 differences to principles section.
o Restructured principles into areas. o Restructured principles into areas.
o Added summary of naming and service discovery discussion from WG o Added summary of naming and service discovery discussion from WG
list. list.
B.4. Version 03 B.5. Version 03
Changes made include: Changes made include:
o Various improvements to the readability. o Various improvements to the readability.
o Removed bullet lists of requirements, as requested by chair. o Removed bullet lists of requirements, as requested by chair.
o Noted 6204bis has replaced advanced-cpe draft. o Noted 6204bis has replaced advanced-cpe draft.
o Clarified the topology examples are just that. o Clarified the topology examples are just that.
skipping to change at page 43, line 13 skipping to change at page 44, line 26
the homenet. the homenet.
o Added some ISPs renumber due to privacy laws. o Added some ISPs renumber due to privacy laws.
o Removed extra repeated references to Simple Security. o Removed extra repeated references to Simple Security.
o Removed some solution creep on RIOs/RAs. o Removed some solution creep on RIOs/RAs.
o Load-balancing scenario added as to be supported. o Load-balancing scenario added as to be supported.
B.5. Version 02 B.6. Version 02
Changes made include: Changes made include:
o Made the IPv6 implications section briefer. o Made the IPv6 implications section briefer.
o Changed Network Models section to describe properties of the o Changed Network Models section to describe properties of the
homenet with illustrative examples, rather than implying the homenet with illustrative examples, rather than implying the
number of models was fixed to the six shown in 01. number of models was fixed to the six shown in 01.
o Text to state multihoming support focused on single CER model. o Text to state multihoming support focused on single CER model.
 End of changes. 143 change blocks. 
652 lines changed or deleted 693 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/