| draft-ietf-v6ops-design-choices-00.txt | draft-ietf-v6ops-design-choices-01.txt | |||
|---|---|---|---|---|
| V6OPS Working Group P. Matthews | V6OPS Working Group P. Matthews | |||
| Internet-Draft Alcatel-Lucent | Internet-Draft Alcatel-Lucent | |||
| Intended status: Informational February 14, 2013 | Intended status: Informational V. Kuarsingh | |||
| Expires: August 18, 2013 | Expires: September 7, 2014 Dyn | |||
| March 6, 2014 | ||||
| Design Choices for IPv6 Networks | Design Choices for IPv6 Networks | |||
| draft-ietf-v6ops-design-choices-00 | draft-ietf-v6ops-design-choices-01 | |||
| Abstract | Abstract | |||
| This document presents advice on the design choices that arise when | This document presents advice on the design choices that arise when | |||
| designing IPv6 networks (both dual-stack and IPv6-only). The | designing IPv6 networks (both dual-stack and IPv6-only). The | |||
| intended audience is someone designing an IPv6 network who is | intended audience is someone designing an IPv6 network who is | |||
| knowledgeable about best current practices around IPv4 network | knowledgeable about best current practices around IPv4 network | |||
| design, and wishes to learn the corresponding practices for IPv6. | design, and wishes to learn the corresponding practices for IPv6. | |||
| Status of this Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 18, 2013. | This Internet-Draft will expire on September 7, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2013 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Design Choices . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Design Choices . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1. Mix IPv4 and IPv6 on the Same Link? . . . . . . . . . . . 3 | 2.1. Mix IPv4 and IPv6 on the Same Link? . . . . . . . . . . . 3 | |||
| 2.2. Links with Only Link-Local Addresses? . . . . . . . . . . 4 | 2.2. Links with Only Link-Local Addresses? . . . . . . . . . . 4 | |||
| 2.3. Link-Local Next-Hop in a Static Route? . . . . . . . . . . 5 | 2.3. Link-Local Next-Hop in a Static Route? . . . . . . . . . 5 | |||
| 2.4. Separate or Combined eBGP Sessions? . . . . . . . . . . . 6 | 2.4. Separate or Combined eBGP Sessions? . . . . . . . . . . . 6 | |||
| 2.5. eBGP Endpoints: Global or Link-Local Addresses? . . . . . 7 | 2.5. eBGP Endpoints: Global or Link-Local Addresses? . . . . . 7 | |||
| 3. General Observations . . . . . . . . . . . . . . . . . . . . . 8 | 2.6. IGP Choice . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 3.1. Use of Link-Local Addresses . . . . . . . . . . . . . . . 9 | 3. General Observations . . . . . . . . . . . . . . . . . . . . 9 | |||
| 3.2. Separation of IPv4 and IPv6 . . . . . . . . . . . . . . . 9 | 3.1. Use of Link-Local Addresses . . . . . . . . . . . . . . . 9 | |||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 | 3.2. Separation of IPv4 and IPv6 . . . . . . . . . . . . . . . 10 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 10 | |||
| 7. Informative References . . . . . . . . . . . . . . . . . . . . 10 | 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 12 | 7. Informative References . . . . . . . . . . . . . . . . . . . 11 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 | ||||
| 1. Introduction | 1. Introduction | |||
| This document presents advice on the design choices that arise when | This document presents advice on the design choices that arise when | |||
| designing IPv6 networks (both dual-stack and IPv6-only). The | designing IPv6 networks (both dual-stack and IPv6-only). The | |||
| intended audience is someone designing an IPv6 network who is | intended audience is someone designing an IPv6 network who is | |||
| knowledgeable about best current practices around IPv4 network | knowledgeable about best current practices around IPv4 network | |||
| design, and wishes to learn the corresponding practices for IPv6. | design, and wishes to learn the corresponding practices for IPv6. | |||
| The focus of the document is on design choices where there are | The focus of the document is on design choices where there are | |||
| skipping to change at page 3, line 29 | skipping to change at page 2, line 50 | |||
| documented; otherwise the document simply summarizes the current | documented; otherwise the document simply summarizes the current | |||
| state of the discussion. Thus this document serves to both to | state of the discussion. Thus this document serves to both to | |||
| document the reasoning behind best current practices for IPv6, and to | document the reasoning behind best current practices for IPv6, and to | |||
| allow a designer to make an intelligent choice where no such | allow a designer to make an intelligent choice where no such | |||
| consensus exists. | consensus exists. | |||
| This document does not present advice on strategies for adding IPv6 | This document does not present advice on strategies for adding IPv6 | |||
| to a network, nor does it discuss transition mechanisms. For advice | to a network, nor does it discuss transition mechanisms. For advice | |||
| in these areas, see [RFC6180] for general advice, [RFC6782] for | in these areas, see [RFC6180] for general advice, [RFC6782] for | |||
| wireline service providers, [RFC6342] for mobile network providers, | wireline service providers, [RFC6342] for mobile network providers, | |||
| [RFC5963] for exchange point operators, [I-D.ietf-v6ops-icp-guidance] | [RFC5963] for exchange point operators, [RFC6883] for content | |||
| for content providers, and both [RFC4852] and | providers, and both [RFC4852] and | |||
| [I-D.ietf-v6ops-enterprise-incremental-ipv6] for enterprises. Nor | [I-D.ietf-v6ops-enterprise-incremental-ipv6] for enterprises. Nor | |||
| does the document cover the ins and outs of creating an IPv6 | does the document cover the ins and outs of creating an IPv6 | |||
| addressing plan; for advice in this area, see [RFC5375]. | addressing plan; for advice in this area, see [RFC5375]. | |||
| This document focuses on unicast network design only. It does not | This document focuses on unicast network design only. It does not | |||
| cover multicast, nor supporting infrastructure such as DNS. | cover multicast, nor supporting infrastructure such as DNS. | |||
| The current version is still work in progress, and it is expected | The current version is still work in progress, and it is expected | |||
| that the presentation and discussion of additional design choices | that the presentation and discussion of additional design choices | |||
| will be added as the document matures. | will be added as the document matures. | |||
| skipping to change at page 7, line 49 | skipping to change at page 7, line 25 | |||
| Note that the choice here is the addresses to use for the eBGP | Note that the choice here is the addresses to use for the eBGP | |||
| sessions, and not whether the link itself has global (or unique- | sessions, and not whether the link itself has global (or unique- | |||
| local) addresses. In particular, it is quite possible for the eBGP | local) addresses. In particular, it is quite possible for the eBGP | |||
| session to use link-local addresses even when the link has global | session to use link-local addresses even when the link has global | |||
| addresses. | addresses. | |||
| The big attraction for option (a) is security: an eBGP session using | The big attraction for option (a) is security: an eBGP session using | |||
| link-local addresses is impossible to attack from a device that is | link-local addresses is impossible to attack from a device that is | |||
| off-link. This provides very strong protection against TCP RST and | off-link. This provides very strong protection against TCP RST and | |||
| similar attacks. Though there are other ways to get an equivalent | similar attacks. Though there are other ways to get an equivalent | |||
| level of security (e.g. GTSM [RFC5082], MD5 [RFC5925], or ACLs), | level of security (e.g. GTSM [RFC5082], MD5 [RFC5925], or ACLs), | |||
| these other ways require additional configuration which can be | these other ways require additional configuration which can be | |||
| forgotten or potentially mis-configured. | forgotten or potentially mis-configured. | |||
| However, there are a number of small disadvantages to using link- | However, there are a number of small disadvantages to using link- | |||
| local addresses: | local addresses: | |||
| o Using link-local addresses only works for single-hop eBGP | o Using link-local addresses only works for single-hop eBGP | |||
| sessions; it does not work for multi-hop sessions. | sessions; it does not work for multi-hop sessions. | |||
| o One must use "next-hop self" at both endpoints, otherwise | o One must use "next-hop self" at both endpoints, otherwise | |||
| skipping to change at page 8, line 46 | skipping to change at page 8, line 22 | |||
| local end, and no reconfiguration is required at the remote end). | local end, and no reconfiguration is required at the remote end). | |||
| o Finally, a strict interpretation of RFC 2545 can be seen as | o Finally, a strict interpretation of RFC 2545 can be seen as | |||
| forbidding running eBGP between link-local addresses, as RFC 2545 | forbidding running eBGP between link-local addresses, as RFC 2545 | |||
| requires the BGP next-hop field to contain at least a global | requires the BGP next-hop field to contain at least a global | |||
| address. | address. | |||
| For these reasons, most operators today choose to have their eBGP | For these reasons, most operators today choose to have their eBGP | |||
| sessions use global addresses. | sessions use global addresses. | |||
| 2.6. IGP Choice | ||||
| One of the main decisions for an IPv6 implementor is the choice of | ||||
| IGP (Interior Gateway Protocol) within the network. The primary | ||||
| choices are the IETF protocols of RIP [RFC2080], OSPF [RFC2328] | ||||
| [RFC5340] and IS-IS [RFC5120] [RFC5308], though some operators may | ||||
| consider non-IETF protocols. Here we limit our discussion to the | ||||
| pros and cons of OSPF vs. IS-IS. | ||||
| Considering just OSPF vs. IS-IS, the options are: | ||||
| a. Use OSPFv2 for IPv4 and OSPFv3 for IPv6, OR | ||||
| b. Use OSPFv3 for both IPv4 and IPv6, OR | ||||
| c. Use OSPFv2 for IPv4, and IS-IS for IPv6, OR | ||||
| d. Use IS-IS for IPv4 and IPv6, OR | ||||
| e. Use IS-IS for IPv4 and OSPFv3 for IPv6. | ||||
| Note that options (a), (c), and (e) involve running two different | ||||
| routing protocols, while options (b) and (d) involve running just one | ||||
| routing protocol. | ||||
| o A big factor in the choice is the protocol the operator is | ||||
| currently using for routing IPv4. Option (e) is unlikely to be a | ||||
| good choice for an operator currently using OSPF for IPv4 routing, | ||||
| and similarly option (a) is unlikely to be a good choice for an | ||||
| operator currently using IS-IS. | ||||
| o A pro for options (a), (c), and (e), which use two routing | ||||
| protocols, is that they give a hard separation between IPv4 and | ||||
| IPv6 routing. Thus a problem with one protocol or one set of | ||||
| routes is unlikely to affect the other. | ||||
| o There are two cons for options (a), (c), and (e). One con is that | ||||
| two sets of all the protocol mechanisms need to be maintained. On | ||||
| a larger modern router, this is unlikely to be a problem, but on | ||||
| some edge devices this might be an issue. The second con is that | ||||
| some operational staff must be familiar with both protocols. For | ||||
| many routing problems, the protocols are sufficiently similar that | ||||
| they can be considered identical, but some problems require a | ||||
| detailed knowledge of the differences. | ||||
| o Option (b) requires the use of new protocol extensions that allow | ||||
| OSPFv3 to also route IPv4. At the time of writing, these | ||||
| extensions are still quite new. | ||||
| 3. General Observations | 3. General Observations | |||
| There are two themes that run though many of the design choices in | There are two themes that run though many of the design choices in | |||
| this document. This section presents some general discussion on | this document. This section presents some general discussion on | |||
| these two themes. | these two themes. | |||
| 3.1. Use of Link-Local Addresses | 3.1. Use of Link-Local Addresses | |||
| The proper use of link-local addresses is a common theme in the IPv6 | The proper use of link-local addresses is a common theme in the IPv6 | |||
| network design choices. Link-layer addresses are, of course, always | network design choices. Link-layer addresses are, of course, always | |||
| skipping to change at page 10, line 29 | skipping to change at page 11, line 5 | |||
| Many, many people in the V6OPS working group provided comments and | Many, many people in the V6OPS working group provided comments and | |||
| suggestions that made their way into this document. A partial list | suggestions that made their way into this document. A partial list | |||
| includes: Rajiv Asati, Fred Baker, Michael Behringer, Marc Blanchet, | includes: Rajiv Asati, Fred Baker, Michael Behringer, Marc Blanchet, | |||
| Ron Bonica, Randy Bush, Cameron Byrne, Brian Carpenter, KK | Ron Bonica, Randy Bush, Cameron Byrne, Brian Carpenter, KK | |||
| Chittimaneni, Tim Chown, Lorenzo Colitti, Gert Doering, Bill Fenner, | Chittimaneni, Tim Chown, Lorenzo Colitti, Gert Doering, Bill Fenner, | |||
| Kedar K Gaonkar, Chris Grundemann, Steinar Haug, Ray Hunter, Joel | Kedar K Gaonkar, Chris Grundemann, Steinar Haug, Ray Hunter, Joel | |||
| Jaeggli, Victor Kuarsingh, Ivan Pepelnjak, Alexandru Petrescu, Rob | Jaeggli, Victor Kuarsingh, Ivan Pepelnjak, Alexandru Petrescu, Rob | |||
| Shakir, Mark Smith, Jean-Francois Tremblay, Tina Tsou, Dan York, and | Shakir, Mark Smith, Jean-Francois Tremblay, Tina Tsou, Dan York, and | |||
| Xuxiaohu. | Xuxiaohu. | |||
| I would also like to thank Pradeep Jain and Alastair Johnson for | The authors would also like to thank Pradeep Jain and Alastair | |||
| helpful comments on a very preliminary version of this document. | Johnson for helpful comments on a very preliminary version of this | |||
| document. | ||||
| 7. Informative References | 7. Informative References | |||
| [I-D.ietf-idr-bgp-multisession] | [I-D.ietf-idr-bgp-multisession] | |||
| Scudder, J., Appanna, C., and I. Varlashkin, "Multisession | Scudder, J., Appanna, C., and I. Varlashkin, "Multisession | |||
| BGP", draft-ietf-idr-bgp-multisession-07 (work in | BGP", draft-ietf-idr-bgp-multisession-07 (work in | |||
| progress), September 2012. | progress), September 2012. | |||
| [I-D.ietf-idr-dynamic-cap] | [I-D.ietf-idr-dynamic-cap] | |||
| Ramachandra, S. and E. Chen, "Dynamic Capability for | Ramachandra, S. and E. Chen, "Dynamic Capability for | |||
| BGP-4", draft-ietf-idr-dynamic-cap-14 (work in progress), | BGP-4", draft-ietf-idr-dynamic-cap-14 (work in progress), | |||
| December 2011. | December 2011. | |||
| [I-D.ietf-opsec-lla-only] | [I-D.ietf-opsec-lla-only] | |||
| Behringer, M. and E. Vyncke, "Using Only Link-Local | Behringer, M. and E. Vyncke, "Using Only Link-Local | |||
| Addressing Inside an IPv6 Network", | Addressing Inside an IPv6 Network", draft-ietf-opsec-lla- | |||
| draft-ietf-opsec-lla-only-02 (work in progress), | only-07 (work in progress), February 2014. | |||
| October 2012. | ||||
| [I-D.ietf-v6ops-enterprise-incremental-ipv6] | [I-D.ietf-v6ops-enterprise-incremental-ipv6] | |||
| Chittimaneni, K., Chown, T., Howard, L., Kuarsingh, V., | Chittimaneni, K., Chown, T., Howard, L., Kuarsingh, V., | |||
| Pouffary, Y., and E. Vyncke, "Enterprise IPv6 Deployment | Pouffary, Y., and E. Vyncke, "Enterprise IPv6 Deployment | |||
| Guidelines", | Guidelines", draft-ietf-v6ops-enterprise-incremental- | |||
| draft-ietf-v6ops-enterprise-incremental-ipv6-01 (work in | ipv6-05 (work in progress), January 2014. | |||
| progress), September 2012. | ||||
| [I-D.ietf-v6ops-icp-guidance] | [RFC2080] Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080, | |||
| Carpenter, B. and S. Jiang, "IPv6 Guidance for Internet | January 1997. | |||
| Content and Application Service Providers", | ||||
| draft-ietf-v6ops-icp-guidance-05 (work in progress), | [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998. | |||
| January 2013. | ||||
| [RFC4852] Bound, J., Pouffary, Y., Klynsma, S., Chown, T., and D. | [RFC4852] Bound, J., Pouffary, Y., Klynsma, S., Chown, T., and D. | |||
| Green, "IPv6 Enterprise Network Analysis - IP Layer 3 | Green, "IPv6 Enterprise Network Analysis - IP Layer 3 | |||
| Focus", RFC 4852, April 2007. | Focus", RFC 4852, April 2007. | |||
| [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, | [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, | |||
| "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, | "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, | |||
| September 2007. | September 2007. | |||
| [RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., and C. | [RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., and C. | |||
| Pignataro, "The Generalized TTL Security Mechanism | Pignataro, "The Generalized TTL Security Mechanism | |||
| (GTSM)", RFC 5082, October 2007. | (GTSM)", RFC 5082, October 2007. | |||
| [RFC5308] Hopps, C., "Routing IPv6 with IS-IS", RFC 5308, | [RFC5120] Przygienda, T., Shen, N., and N. Sheth, "M-ISIS: Multi | |||
| October 2008. | Topology (MT) Routing in Intermediate System to | |||
| Intermediate Systems (IS-ISs)", RFC 5120, February 2008. | ||||
| [RFC5308] Hopps, C., "Routing IPv6 with IS-IS", RFC 5308, October | ||||
| 2008. | ||||
| [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF | [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF | |||
| for IPv6", RFC 5340, July 2008. | for IPv6", RFC 5340, July 2008. | |||
| [RFC5375] Van de Velde, G., Popoviciu, C., Chown, T., Bonness, O., | [RFC5375] Van de Velde, G., Popoviciu, C., Chown, T., Bonness, O., | |||
| and C. Hahn, "IPv6 Unicast Address Assignment | and C. Hahn, "IPv6 Unicast Address Assignment | |||
| Considerations", RFC 5375, December 2008. | Considerations", RFC 5375, December 2008. | |||
| [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP | [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP | |||
| Authentication Option", RFC 5925, June 2010. | Authentication Option", RFC 5925, June 2010. | |||
| skipping to change at page 12, line 9 | skipping to change at page 12, line 31 | |||
| [RFC6180] Arkko, J. and F. Baker, "Guidelines for Using IPv6 | [RFC6180] Arkko, J. and F. Baker, "Guidelines for Using IPv6 | |||
| Transition Mechanisms during IPv6 Deployment", RFC 6180, | Transition Mechanisms during IPv6 Deployment", RFC 6180, | |||
| May 2011. | May 2011. | |||
| [RFC6342] Koodli, R., "Mobile Networks Considerations for IPv6 | [RFC6342] Koodli, R., "Mobile Networks Considerations for IPv6 | |||
| Deployment", RFC 6342, August 2011. | Deployment", RFC 6342, August 2011. | |||
| [RFC6782] Kuarsingh, V. and L. Howard, "Wireline Incremental IPv6", | [RFC6782] Kuarsingh, V. and L. Howard, "Wireline Incremental IPv6", | |||
| RFC 6782, November 2012. | RFC 6782, November 2012. | |||
| Author's Address | [RFC6883] Carpenter, B. and S. Jiang, "IPv6 Guidance for Internet | |||
| Content Providers and Application Service Providers", RFC | ||||
| 6883, March 2013. | ||||
| Authors' Addresses | ||||
| Philip Matthews | Philip Matthews | |||
| Alcatel-Lucent | Alcatel-Lucent | |||
| 600 March Road | 600 March Road | |||
| Ottawa, Ontario K2K 2E6 | Ottawa, Ontario K2K 2E6 | |||
| Canada | Canada | |||
| Phone: +1 613-784-3139 | Phone: +1 613-784-3139 | |||
| Email: philip_matthews@magma.ca | Email: philip_matthews@magma.ca | |||
| Victor Kuarsingh | ||||
| Dyn | ||||
| 150 Dow Street | ||||
| Manchester, NH 03101 | ||||
| USA | ||||
| Email: victor@jvknet.com | ||||
| End of changes. 16 change blocks. | ||||
| 40 lines changed or deleted | 98 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||