Re: CPEs

[Shane Kerr <shane@time-travellers.org>]

Iljitsch,

On Fri, Jan 04, 2008 at 01:34:38PM +0100, Iljitsch van Beijnum wrote:
> Questions
> ---------
> 
> Security
> 
> 1. Do we all agree that a model where there is stateful filtering by
> default, but applications can request incoming sessions is what we
> should aim for?

I agree.

> 2. Or should the opening up of incoming ports go through the OS,  
> rather than be signalled directly from applications to the CPE?

I think it should be done by the applications. As an application
developer, having the OS doing some stuff that I may or may not know
about is no better than the current NAT situation. Do we really want
to have to have an application-level STUN-equivalent?

> 3. Should a host have the option of signalling to a CPE that it
> doesn't require any filtering?

This makes sense to me. I can see a lot of situations where I would
want to tell someone "click on the 'no IPv6 filtering' button and
we'll try it again".

> Address provisioning
> 
> 4. Is implementing DHCPv6 snooping and option insertion, similar to  
> what currently happens with DHCP for IPv4, a good option for vendors  
> of broadband equipment, or is a provisioning solution where this isn't  
> necessary preferable?

(I'm not an operator, so I can't answer.)

> 5. Can we assume the presence of DHCPv6 prefix delegation in CPEs?

I don't think this is 100% necessary. There are other ways to get a
prefix to a customer premise. For instance, equipment can be shipped
with the prefixed pre-configured. If a customer purchases their own
gear, they can configure prefixes statically.

So, "no". :)

> 6. Can we assume the presence of DHCPv6 address assignment in clients?  
> It's not available in most of them now, so how would we get to such a  
> state and how soon?

In the near term (say 5 years), I don't think we can assume DHCPv6
address assignment in general. Specific operators who supply their own
equipment can mandate this, of course.

> 7. Is the model where there is a CPE with modem functionality but not  
> router functionality a reasonable one?

I don't think so. Minimal routing is very lightweight considering
current technology in CPE.

> 8. Do we want to ISPs to provide RAs to customers in the case where 6  
> = no and 7 = yes? If not, then what?

Well, if the CPE doesn't do it, then it has to be the ISP, right?

> 9. If 8, then what is the value of the M and O bits?
> 
> 10. If 5 and a user adds more than one routing CPE, how does the  
> prefix delegation work? The "first" routing CPE requests a prefix from  
> the ISP and then provides sub-prefixes to the other CPE(r)s, or does  
> each CPE get a prefix from the ISP? In the latter case, how do CPE(r)s  
> know what routes to install for prefixes held by other CPE(r)s within  
> the site?

Well... given the current allocation model, I would think the ISP
would give /48 to the "first" CPE via prefix delegation, and then this
CPE could give /64 out to any other requesting CPE.

"/48 is the new /32", "/64 is the new RFC 1918"... ?

> 11. Do we expect ISPs to provide reachability for a new and old prefix  
> concurrently when changing prefixes or do ISPs provide long-time  
> stable prefixes to IPv6 customers? If "no" on both, then how do we  
> avoid disconnected sessions on prefix changes?

Personally I like the model of providing reachability for both old and
new during renumbering. But... since an ISP only gets a few thousand
/48 at a time, they may be faced with resource scarcity, and not have
the space (GROAN!!!!).

> 12. How do we avoid problems caused by customer equipment MAC  
> addresses clashing with that of other customers?

In which context? I thought both autoconf and DHCPv6 made provision
for this?

> 13. How many devices are allowed to connect to a CPE(m)?

I don't understand the question... ?

> 14. What kind of addressing is used between the ISP and the first  
> CPE(r)? Global customer specific, global shared between customers,  
> link local only?

Site local? :)

Seriously, I'd just use global from the management network, although
that does leave possiblity of leakage...
 
> DNS
> 
> 16. How do we expect customer devices to enter into the DNS?

I think the DNS strategy needs to be mapped to the addressing
strategy (we're talking about ip6.arpa, right?).

For PD I am in favor of delegating to the CPE (although knowing which
address the server is sitting at is tricky). I know this violates the
DNS idea of redundant servers, but as a customer at the end of a pipe
I don't really care if people have reverse for my IP addresses if my
pipe breaks.

> 17. If the answer to 16 is dynamic DNS updates, how does the  
> authentication work?

Well... if the ISP has good control over their network, then using
source IP address may make sense. And maybe someday hosts will use
RFC 3971 (SEND), and that will make even more sense...

> 18. Should IPv6 hosts be prepared to operate without a working reverse  
> DNS entry?

Yes.

(My own take is that we should have deprecated reverse for IPv6,
because of these issues. The costs outweigh the benefits. Nobody
seemed to agree with me when I pushed for this though. Sometimes I
hate DNS weenies.)

> Third party devices
> 
> 19. How do users authorize third-party devices (ranging from gas  
> meters to set top boxes) use of their broadband connection?
>
> 20. How can third party devices be prevented from observing both data  
> traffic and service discovery?
> 
> 21. How can third party device traffic be limited and/or given QoS?

Right now, this is all all layer 2, right? Is there a special reason
not to continue this model?

--
Shane