Local Network Protection for IPv6
RFC 4864
| Document | Type |
RFC - Informational
(May 2007; No errata)
Was draft-ietf-v6ops-nap (v6ops WG)
|
|
|---|---|---|---|
| Last updated | 2015-10-14 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4864 (Informational) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | David Kessens | ||
| Send notices to | dromasca@avaya.com, kurtis@kurtis.pp.se | ||
Network Working Group G. Van de Velde
Request for Comments: 4864 T. Hain
Category: Informational R. Droms
Cisco Systems
B. Carpenter
IBM
E. Klein
Tel Aviv University
May 2007
Local Network Protection for IPv6
Status of This Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Abstract
Although there are many perceived benefits to Network Address
Translation (NAT), its primary benefit of "amplifying" available
address space is not needed in IPv6. In addition to NAT's many
serious disadvantages, there is a perception that other benefits
exist, such as a variety of management and security attributes that
could be useful for an Internet Protocol site. IPv6 was designed
with the intention of making NAT unnecessary, and this document shows
how Local Network Protection (LNP) using IPv6 can provide the same or
more benefits without the need for address translation.
Van de Velde, et al. Informational [Page 1]
RFC 4864 Local Network Protection for IPv6 May 2007
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Perceived Benefits of NAT and Its Impact on IPv4 . . . . . . . 6
2.1. Simple Gateway between Internet and Private Network . . . 6
2.2. Simple Security Due to Stateful Filter Implementation . . 6
2.3. User/Application Tracking . . . . . . . . . . . . . . . . 7
2.4. Privacy and Topology Hiding . . . . . . . . . . . . . . . 8
2.5. Independent Control of Addressing in a Private Network . . 9
2.6. Global Address Pool Conservation . . . . . . . . . . . . . 9
2.7. Multihoming and Renumbering with NAT . . . . . . . . . . . 10
3. Description of the IPv6 Tools . . . . . . . . . . . . . . . . 11
3.1. Privacy Addresses (RFC 3041) . . . . . . . . . . . . . . . 11
3.2. Unique Local Addresses . . . . . . . . . . . . . . . . . . 12
3.3. DHCPv6 Prefix Delegation . . . . . . . . . . . . . . . . . 13
3.4. Untraceable IPv6 Addresses . . . . . . . . . . . . . . . . 13
4. Using IPv6 Technology to Provide the Market Perceived
Benefits of NAT . . . . . . . . . . . . . . . . . . . . . . . 14
4.1. Simple Gateway between Internet and Internal Network . . . 14
4.2. IPv6 and Simple Security . . . . . . . . . . . . . . . . . 15
4.3. User/Application Tracking . . . . . . . . . . . . . . . . 17
4.4. Privacy and Topology Hiding Using IPv6 . . . . . . . . . . 17
4.5. Independent Control of Addressing in a Private Network . . 20
4.6. Global Address Pool Conservation . . . . . . . . . . . . . 21
4.7. Multihoming and Renumbering . . . . . . . . . . . . . . . 21
5. Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.1. Medium/Large Private Networks . . . . . . . . . . . . . . 22
5.2. Small Private Networks . . . . . . . . . . . . . . . . . . 24
5.3. Single User Connection . . . . . . . . . . . . . . . . . . 25
5.4. ISP/Carrier Customer Networks . . . . . . . . . . . . . . 26
6. IPv6 Gap Analysis . . . . . . . . . . . . . . . . . . . . . . 27
6.1. Simple Security . . . . . . . . . . . . . . . . . . . . . 27
6.2. Subnet Topology Masking . . . . . . . . . . . . . . . . . 28
6.3. Minimal Traceability of Privacy Addresses . . . . . . . . 28
6.4. Site Multihoming . . . . . . . . . . . . . . . . . . . . . 28
7. Security Considerations . . . . . . . . . . . . . . . . . . . 29
8. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 29
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 29
10. Informative References . . . . . . . . . . . . . . . . . . . . 30
Appendix A. Additional Benefits Due to Native IPv6 and
Universal Unique Addressing . . . . . . . . . . . . . 32
A.1. Universal Any-to-Any Connectivity . . . . . . . . . . . . 32
A.2. Auto-Configuration . . . . . . . . . . . . . . . . . . . . 32
A.3. Native Multicast Services . . . . . . . . . . . . . . . . 33
A.4. Increased Security Protection . . . . . . . . . . . . . . 33
A.5. Mobility . . . . . . . . . . . . . . . . . . . . . . . . . 34
A.6. Merging Networks . . . . . . . . . . . . . . . . . . . . . 34
Show full document text