Network Working Group C. Liu
Internet-Draft Q. Sun
Intended status: Informational J. Wu
Expires: April 15, 2015 Tsinghua University
October 12, 2014
Dynamic IPv4 Provisioning for Lightweight 4over6
draft-liu-softwire-lw4over6-dhcp-deployment-05
Abstract
Lightweight 4over6 [I-D.ietf-softwire-lw4over6] is an IPv4 over IPv6
hub and spoke mechanism that provides overlay IPv4 services in an
IPv6-only access network. Provisioning IPv4 addresses and port set
to customers is the core function of Lightweight 4over6 control
plane. [I-D.ietf-softwire-lw4over6] illustrates how to use DHCPv6
for deterministic IPv4 provisioning. This document discusses how to
provision IPv4 parameters by using dynamic IPv4 provisioning
protocols such as DHCPv4 over DHCPv6 [RFC7341]. This document
describes a dynamic IPv4 provisioning mode for Lightweight 4over6
that uses DHCPv4 over DHCPv6 [RFC7341] for IPv4 address provisioning.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 15, 2015.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
Liu, et al. Expires April 15, 2015 [Page 1]
Internet-Draft lw4over6 dynamic provisioning October 2014
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Advantage of Dynamic IPv4 Provisioning . . . . . . . . . . . 3
4. Using DHCPv4 over DHCPv6 for Lw4over6 Provisioning . . . . . 4
4.1. IP Addressing . . . . . . . . . . . . . . . . . . . . . . 4
4.2. DHCPv6 Configuration . . . . . . . . . . . . . . . . . . 4
4.3. DHCPv4 over DHCPv6 Function . . . . . . . . . . . . . . . 4
4.4. Port Set Consideration . . . . . . . . . . . . . . . . . 5
4.5. lwAFTR Binding Table Maintenance . . . . . . . . . . . . 5
5. Security Considerations . . . . . . . . . . . . . . . . . . . 6
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
7.1. Normative References . . . . . . . . . . . . . . . . . . 6
7.2. Informative References . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction
Lightweight 4over6 [I-D.ietf-softwire-lw4over6] provides IPv4 access
over IPv6 network in hub-and-spoke softwire architecture. In
Lightweight 4over6, each Lightweight B4 (lwB4) is assigned with a
port-restricted public IPv4 address or a full public IPv4 address to
be used for IPv4 communication. Provisioning IPv4 address, port set
and other IPv4 parameters to lwB4 is the core function of the
Lightweight 4over6 control plane. It can be achieved by several
protocols, such as DHCPv6 [RFC3315] [I-D.ietf-softwire-map-dhcp],
DHCPv4 over DHCPv6 [RFC7341] , and PCP [RFC6887].
[I-D.ietf-softwire-lw4over6] illustrates how to use DHCPv6 for
deterministic IPv4 provisioning. The IPv4 address and port set ID
(PSID) are carried in DHCPv6 options defined in
[I-D.ietf-softwire-map-dhcp]. However, the deterministic IPv4
provisioning adds some restrictions for addressing and deployment:
the IPv4 address's life time needs to be bound to the IPv6 lease
time; the IPv4 address and PSID need to be embedded into clients'
/128 IPv6 address so the client can not use arbitrary /128 IPv6
address as tunnel source address; a customer network that is
provisioned with a unique IPv6 prefix can only set up one tunnel
instance.
Liu, et al. Expires April 15, 2015 [Page 2]
Internet-Draft lw4over6 dynamic provisioning October 2014
This document describes how to deploy Lightweight 4over6 using DHCPv4
over DHCPv6 for dynamic IPv4 address provisioning. Since pure DHCPv4
is unable to directly work in native IPv6 network, DHCPv4 over DHCPv6
[RFC7341] is proposed to support DHCPv4 functionality in IPv6 network
by transporting DHCPv4 messages over DHCPv6 message.
[I-D.ietf-dhc-dynamic-shared-v4allocation] describes how to allocate
port set to clients using DHCPv4 over DHCPv6.
[I-D.fsc-softwire-dhcp4o6-saddr-opt] defines options for lwB4 to
report its IPv6 tunnel source address to the server. This document
does not define a new provisioning method, but describes how these
existing specifications are organized to support IPv4 provisioning
for Lightweight 4over6.
2. Terminology
Terminology defined in [RFC7341] and [I-D.ietf-softwire-lw4over6] is
used extensively in this document.
3. Advantage of Dynamic IPv4 Provisioning
[I-D.ietf-softwire-lw4over6] describes the behavior of lwB4 and
lwAFTR using DHCPv6 as provisioning protocol. It is based on a pre-
determined binding relationship between IPv6 prefix and IPv4 address
+ PSID. With dynamic IPv4 provisioning, there is no restriction on
how the lwB4's IPv6 address is generated. Since in the DHCPv4 over
DHCPv6 process the lwB4 is able to tell the server which IPv6 address
it intends to use, the lwB4 can run SLAAC, DHCPv6 or other mechanism
to achieve and generate its IPv6 address that is used for IPv6 tunnel
source address. It is different from the deterministic provisioning
mode that IPv4 address are pre-binded to IPv6 prefix and multiple
lwB4s sourced behind the same IPv4 prefix can not be supported, and
generally lwB4 can not run SLAAC to generate its IPv6 address for
tunnel.
From the IPv4 address life time view, dynamic IPv4 provisioning
allows IPv4 address to have a independent IPv4 life time. This is
helpful that the in some case the IPv4 provisioning server may not be
able to know the lwB4's IPv6 address life time. It may be because
that the IPv4 provisioning server may not also be the IPv6
provisioning server for the lwB4, or even the lwB4's IPv6 address
does not have a life time at all, thus to bound the IPv4 address life
time to IPv6 address life time may cause a waste of IPv4 addresses
that the provisioning server is unable to recycle IPv4 address. The
dynamic provisioning schema is suitable for operators that has
restricted IPv4 address recourses.
Liu, et al. Expires April 15, 2015 [Page 3]
Internet-Draft lw4over6 dynamic provisioning October 2014
4. Using DHCPv4 over DHCPv6 for Lw4over6 Provisioning
This section describes how DHCPv4 over DHCPv6 is used for Lightweight
4over6 configuration. In the remaining of this section, "lwB4"
without explicitly written as "stateless lwB4" will refer to stateful
lwB4 that runs DHCPv4 over DHCPv6 for dynamic IPv4 provisioning.
4.1. IP Addressing
Before starting DHCPv4 over DHCPv6 to achieve IPv4 configuration,
lwB4 MUST be configured with an IPv6 address. There's no
restrictions on how IPv6 address is provisioned. The configured IPv6
address is used for IPv6 tunneling and DHCPv4 over DHCPv6 process.
The address that lwB4 chooses MUST be routable to the lwAFTR and DHCP
4o6 server, e.g. a link-local address must not be used.
The softwire provider is free to provide any IPv4 address for a lwB4.
There's no restrictions on IPv6/IPv4 addressing, e.g. scattered IPv4
addresses can be used, and there's no need for embedding IPv4
address/PSID into IPv6 address.
4.2. DHCPv6 Configuration
Before stateful lwB4 runs DHCPv4 over DHCPv6 to acquire IPv4 address
and port set, lwB4 MUST run DHCPv6 to achieve the DHCP 4o6 server's
IPv6 address. The DHCPv6 server provides the DHCP 4o6 server's IPv6
address by OPTION_DHCP4_O_DHCP6_SERVER as defined in [RFC7341].
A stateful lwB4 may also be compatible with [I-D.ietf-softwire-map-
dhcp] and thus will require both OPTION_DHCP4_O_DHCP6_SERVER and
OPTION_S46_CONT_LW. The DHCPv6 server decides whether supply
OPTION_S46_CONT_LW and OPTION_S46_V4V6BIND directly or indicate the
client to run DHCPv4 over DHCPv6 by supplying
OPTION_DHCP4_O_DHCP6_SERVER according to its policy. The lwB4 should
implement a local logic to decide which one it prefers. The strategy
of how to decide preferences between the provisioning modes is out of
the scope of the document.
4.3. DHCPv4 over DHCPv6 Function
The DHCPv4 over DHCPv6 function in lwB4 is disabled by default, and
enabled by OPTION_DHCP4_O_DHCP6_SERVER in DHCPv6 server's response.
Once enabled, lwB4 runs stateful DHCPv4 over DHCPv6 to acquire IPv4
address and port set. lwB4 provides one of its IPv6 address as IPv6
tunnel source address to the DHCP 4o6 server, and get the lwAFTR's
tunnel address through DHCPv4 over DHCPv6. The DHCPv4 over DHCPv6
message flow is described in section 4 of
[I-D.fsc-softwire-dhcp4o6-saddr-opt] and MUST be followed.
Liu, et al. Expires April 15, 2015 [Page 4]
Internet-Draft lw4over6 dynamic provisioning October 2014
4.4. Port Set Consideration
lwB4 gets its PSID through DHCPv4 over DHCPv6 along with its IPv4
address. [I-D.ietf-dhc-dynamic-shared-v4allocation] describes how to
provision PSID to lwB4 through DHCPv4 over DHCPv6.
When sending a DHCPDISCOVER over DHCPv6 message, lwB4 MUST include
OPTION_V4_PORTPARAMS in the Parameter Request List. If the server
decides to reply a port-restricted address, it MUST reply
OPTION_V4_PORTPARAMS to lwB4. if the server decides to reply a full
IPv4 address, it SHOULD NOT reply OPTION_V4_PORTPARAMS in the
response. When lwB4 receives DHCPv4 over DHCPv6 response without
OPTION_V4_PORTPARAMS, it configures itself with the full IPv4 address
as regular DHCPv4 client does. When lwB4 receives a shared IPv4
address, the address is used for NAPT and MUST NOT be used to
identify the lwB4.
4.5. lwAFTR Binding Table Maintenance
lwAFTR maintains its binding table as per section 6.1 of
[I-D.ietf-softwire-lw4over6]. Unless the binding table is fixed and
pre-determined, it is synchronized with DHCPv4 over DHCPv6 process.
The following DHCPv4 over DHCPv6 messages triggers binding table
modification:
o DHCPACK: Generated by DHCP server, triggers lwAFTR to add a new
entry or modify an existing entry.
o DHCPRELEASE: Generated by lwB4, triggers lwAFTR to delete an
existing entry.
When lwAFTR receives a DHCPACK event, it looks up the binding table
using the lwB4's IPv4 address and PSID as index. If there is an
existing entry found, the lwAFTR updates the IPv6 address and
lifetime fields of the entry; otherwise the lwAFTR creates a new
entry accordingly. When lwAFTR receives a DHCPRELEASE event, it
looks up the binding table using the lwB4's IPv6 address, IPv4
address and PSID as index. The lwAFTR deletes the entry either by
removing it from the binding table or mark the lifetime field to an
invalid value (e.g. 0).
When lwAFTR is co-located with the DHCP server, it listens all DHCPv4
over DHCPv6 messages generated or received by the DHCP server and
updates the bindings through valid messages. When lwAFTR is not co-
located with the DHCP server, the DHCP server informs the lwAFTR
about the binding updates through other protocols. DHCP active lease
query [I-D.ietf-dhc-dhcpv4-active-leasequery]
[I-D.ietf-dhc-dhcpv4-active-leasequery] could be used to do this.
Liu, et al. Expires April 15, 2015 [Page 5]
Internet-Draft lw4over6 dynamic provisioning October 2014
The lwAFTR works as a requestor to get every lwB4's IPv4 address +
PSID (from DHCPv4 lease), and IPv6 address (from DHCPv6 option).
Since current DHCPv4 active lease query doesn't support carrying
DHCPv6 options, and DHCPv6 active lease query doesn't support
carrying DHCPv4 lease information, it may require extensions to
current DHCPv4/DHCPv6 active lease protocols but out of the scope of
this document.
5. Security Considerations
Security considerations in [I-D.ietf-softwire-lw4over6] and [RFC7341]
should be considered.
The DHCP message triggered binding table maintenance may be used by
an attacker to send faked DHCP messages to lwAFTR. The operator
network should deploy [RFC2827] to prevent this kind of attack.
6. IANA Considerations
This document does not include an IANA request.
7. References
7.1. Normative References
[I-D.fsc-softwire-dhcp4o6-saddr-opt]
Farrer, I., Sun, Q., and Y. Cui, "DHCPv4 over DHCPv6
Source Address Option", draft-fsc-softwire-dhcp4o6-saddr-
opt-01 (work in progress), September 2014.
[I-D.ietf-dhc-dynamic-shared-v4allocation]
Cui, Y., Qiong, Q., Farrer, I., Lee, Y., Sun, Q., and M.
Boucadair, "Dynamic Allocation of Shared IPv4 Addresses",
draft-ietf-dhc-dynamic-shared-v4allocation-02 (work in
progress), September 2014.
[I-D.ietf-softwire-lw4over6]
Cui, Y., Qiong, Q., Boucadair, M., Tsou, T., Lee, Y., and
I. Farrer, "Lightweight 4over6: An Extension to the DS-
Lite Architecture", draft-ietf-softwire-lw4over6-10 (work
in progress), June 2014.
[RFC2827] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", BCP 38, RFC 2827, May 2000.
Liu, et al. Expires April 15, 2015 [Page 6]
Internet-Draft lw4over6 dynamic provisioning October 2014
[RFC7341] Sun, Q., Cui, Y., Siodelski, M., Krishnan, S., and I.
Farrer, "DHCPv4-over-DHCPv6 (DHCP 4o6) Transport", RFC
7341, August 2014.
7.2. Informative References
[I-D.ietf-dhc-dhcpv4-active-leasequery]
Kinnear, K., Stapp, M., Volz, B., and N. Russell, "Active
DHCPv4 Lease Query", draft-ietf-dhc-dhcpv4-active-
leasequery-01 (work in progress), June 2014.
[I-D.ietf-dhc-dhcpv6-active-leasequery]
Dushyant, D., Kinnear, K., and D. Kukrety, "DHCPv6 Active
Leasequery", draft-ietf-dhc-dhcpv6-active-leasequery-01
(work in progress), March 2014.
[I-D.ietf-softwire-map-dhcp]
Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec,
W., Bao, C., leaf.yeh.sdo@gmail.com, l., and X. Deng,
"DHCPv6 Options for configuration of Softwire Address and
Port Mapped Clients", draft-ietf-softwire-map-dhcp-09
(work in progress), October 2014.
[RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C.,
and M. Carney, "Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)", RFC 3315, July 2003.
[RFC6887] Wing, D., Cheshire, S., Boucadair, M., Penno, R., and P.
Selkirk, "Port Control Protocol (PCP)", RFC 6887, April
2013.
Authors' Addresses
Cong Liu
Tsinghua University
Department of Computer Science, Tsinghua University
Beijing 100084
P.R.China
Phone: +86-10-6278-5822
Email: gnocuil@gmail.com
Liu, et al. Expires April 15, 2015 [Page 7]
Internet-Draft lw4over6 dynamic provisioning October 2014
Qi Sun
Tsinghua University
Department of Computer Science, Tsinghua University
Beijing 100084
P.R.China
Phone: +86-10-6278-5822
Email: sunqi@csnet1.cs.tsinghua.edu.cn
Jianping Wu
Tsinghua University
Department of Computer Science, Tsinghua University
Beijing 100084
P.R.China
Phone: +86-10-6278-5983
Email: jianping@cernet.edu.cn
Liu, et al. Expires April 15, 2015 [Page 8]