Local Network Protection for IPv6
RFC 4864
Document | Type |
RFC - Informational
(May 2007; No errata)
Was draft-ietf-v6ops-nap (v6ops WG)
|
|
---|---|---|---|
Authors | Eric Klein , Gunter Van de Velde , Ralph Droms , Tony Hain , Brian Carpenter | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4864 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | David Kessens | ||
Send notices to | dromasca@avaya.com, kurtis@kurtis.pp.se |
Network Working Group G. Van de Velde Request for Comments: 4864 T. Hain Category: Informational R. Droms Cisco Systems B. Carpenter IBM E. Klein Tel Aviv University May 2007 Local Network Protection for IPv6 Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract Although there are many perceived benefits to Network Address Translation (NAT), its primary benefit of "amplifying" available address space is not needed in IPv6. In addition to NAT's many serious disadvantages, there is a perception that other benefits exist, such as a variety of management and security attributes that could be useful for an Internet Protocol site. IPv6 was designed with the intention of making NAT unnecessary, and this document shows how Local Network Protection (LNP) using IPv6 can provide the same or more benefits without the need for address translation. Van de Velde, et al. Informational [Page 1] RFC 4864 Local Network Protection for IPv6 May 2007 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Perceived Benefits of NAT and Its Impact on IPv4 . . . . . . . 6 2.1. Simple Gateway between Internet and Private Network . . . 6 2.2. Simple Security Due to Stateful Filter Implementation . . 6 2.3. User/Application Tracking . . . . . . . . . . . . . . . . 7 2.4. Privacy and Topology Hiding . . . . . . . . . . . . . . . 8 2.5. Independent Control of Addressing in a Private Network . . 9 2.6. Global Address Pool Conservation . . . . . . . . . . . . . 9 2.7. Multihoming and Renumbering with NAT . . . . . . . . . . . 10 3. Description of the IPv6 Tools . . . . . . . . . . . . . . . . 11 3.1. Privacy Addresses (RFC 3041) . . . . . . . . . . . . . . . 11 3.2. Unique Local Addresses . . . . . . . . . . . . . . . . . . 12 3.3. DHCPv6 Prefix Delegation . . . . . . . . . . . . . . . . . 13 3.4. Untraceable IPv6 Addresses . . . . . . . . . . . . . . . . 13 4. Using IPv6 Technology to Provide the Market Perceived Benefits of NAT . . . . . . . . . . . . . . . . . . . . . . . 14 4.1. Simple Gateway between Internet and Internal Network . . . 14 4.2. IPv6 and Simple Security . . . . . . . . . . . . . . . . . 15 4.3. User/Application Tracking . . . . . . . . . . . . . . . . 17 4.4. Privacy and Topology Hiding Using IPv6 . . . . . . . . . . 17 4.5. Independent Control of Addressing in a Private Network . . 20 4.6. Global Address Pool Conservation . . . . . . . . . . . . . 21 4.7. Multihoming and Renumbering . . . . . . . . . . . . . . . 21 5. Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.1. Medium/Large Private Networks . . . . . . . . . . . . . . 22 5.2. Small Private Networks . . . . . . . . . . . . . . . . . . 24 5.3. Single User Connection . . . . . . . . . . . . . . . . . . 25 5.4. ISP/Carrier Customer Networks . . . . . . . . . . . . . . 26 6. IPv6 Gap Analysis . . . . . . . . . . . . . . . . . . . . . . 27 6.1. Simple Security . . . . . . . . . . . . . . . . . . . . . 27 6.2. Subnet Topology Masking . . . . . . . . . . . . . . . . . 28 6.3. Minimal Traceability of Privacy Addresses . . . . . . . . 28 6.4. Site Multihoming . . . . . . . . . . . . . . . . . . . . . 28 7. Security Considerations . . . . . . . . . . . . . . . . . . . 29 8. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 29 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 29 10. Informative References . . . . . . . . . . . . . . . . . . . . 30 Appendix A. Additional Benefits Due to Native IPv6 and Universal Unique Addressing . . . . . . . . . . . . . 32 A.1. Universal Any-to-Any Connectivity . . . . . . . . . . . . 32 A.2. Auto-Configuration . . . . . . . . . . . . . . . . . . . . 32 A.3. Native Multicast Services . . . . . . . . . . . . . . . . 33 A.4. Increased Security Protection . . . . . . . . . . . . . . 33 A.5. Mobility . . . . . . . . . . . . . . . . . . . . . . . . . 34 A.6. Merging Networks . . . . . . . . . . . . . . . . . . . . . 34Show full document text