[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPv6 broadband provisioning

To: "Iljitsch van Beijnum" <iljitsch@muada.com>, "IPv6 Operations" <v6ops@ops.ietf.org>
Subject: RE: IPv6 broadband provisioning
From: "Brzozowski, John" <John_Brzozowski@Cable.Comcast.com>
Date: Fri, 28 Dec 2007 09:50:32 -0500
References: <9D1DAA67-98BE-4C65-9269-8B25EFB897CA@muada.com>

Hello Iljitsch, please see my comments inline below.

Regards,

John
--------------------------------------------------- 
John Jason Brzozowski (CISSP, RHCT)
Comcast Corporation
e) mailto:john_brzozowski@cable.comcast.com
m) 609-377-6594
p) 856-324-2671
---------------------------------------------------



-----Original Message-----
From: owner-v6ops@ops.ietf.org on behalf of Iljitsch van Beijnum
Sent: Fri 12/28/2007 7:58 AM
To: IPv6 Operations
Subject: IPv6 broadband provisioning
 
Hi,

(I posted largely the same message to the internet area list yesterday  
because we had extensive discussions there about DSL Forum stuff.)

One of the things that we haven't quite figured out about IPv6 is how  
broadband deployment would work. I think it would be good if we can  
agree that customer routers can request an IPv6 prefix using DHCPv6  
prefix delegation. Since there is really no other way to do this, I  
don't expect that to be too controversial.

[jjmb] This seems reasonable.

The problem is how ISPs get to enforce restrictions on how packets  
flow from devices connected to the DSL or cable modem (or link, a user  
could buy their own modem which isn't controlled by the ISP). If there  
is a dedicated physical or virtual interface per customer, this is all  
simple enough. But I understand this isn't necessarily the case, and  
moving in that direction could be costly. So here's another approach.  
Please let me know what you think.

The first device under the control of the ISP, or at least a device  
very low in the aggregation hierarchy, to intercepts router  
advertisements from the ISP's IPv6 router and slightly modifies them:  
it basically injects some bits that are particular to the customer/ 
line, so that every customer sees RAs with a prefix unique to them.

[jjmb] If I understand this correctly there will be a unique RA sent for each subscriber?  Assuming yes, I am not sure this is universally applicable to all access networks.  Additionally, I think we would require some dynamic mechanism, perhaps via DHCPv6, to dynamically provide the data to the route to facilitate configuration otherwise this would be very complex from a management and operational point of view.

For instance, if an IPv6 router sits on top of two layers of layer 2  
aggregation devices, the IPv6 router sends out router advertisements  
with prefix 2001:db8:31::/64. The lowest layer of aggregation devices  
then insert a 16-bit customer or line ID in bits 48 - 63 so that  
customer 9 sees 2001:db8:31:9::/64 and customer 10 2001:db8:31:a::/64  
and so on. (The router advertisements can also be generated by the  
layer 2 device itself, but there probably needs to be some centrally  
configured info in there, too.)

[jjmb] Apologies if there is an obvious answer to this question, but how do the aggregation devices know what to do with the RAs?  Is it assumed that they are simply receiving the same and have been pre-configured to manipulate the bits required for the respective subscribers?  Also this does not address the scenario where the aggregation devices is also a router right?

Customers without an IPv6 router do normal IPv6 stateless autoconfig  
so the lower 64 bits of the addresses are random, but the ISP only  
sees packets with the customer ID number somewhere in the higher bits  
so they know which packets come from which customer. The layer 2  
infrastructure can safely impose the restriction that all customer  
traffic goes to the IPv6 router and not to other customers, because  
customers don't know their neighbor's prefix is on-link so they'll  
send those packets to the router anyway. And the router doesn't need  
an address in all those prefixes, the users only need to know its link  
local address. (Of course add ingress filtering as required.) The  
router is simply told that all of 2001:db8:31::/48 is on-link so it  
will do ND for all customer machines, but it doesn't send redirects.

[jjmb] Stateless auto-configuration is one alternative?  DHCPv6 could be used as well right?

(I would probably implement a per-customer ND cache LRU algorithm to  
prevent one user from DoSing a whole town by generating large amounts  
of addresses that the router must do neighbor discovery for. There is  
no reason why a user wouldn't be able to connect a large number of  
machines using a switch but this may not be altogether desirable from  
the ISP's perspective.)

Follow-Ups:
- Re: IPv6 broadband provisioning
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- IPv6 broadband provisioning
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: Merge NAT-PT approaches?
Next by Date: draft-ietf-v6ops-addr-select-ps-02
Previous by thread: IPv6 broadband provisioning
Next by thread: Re: IPv6 broadband provisioning
Index(es):
- Date
- Thread