[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: new draft on IPv6 CPE router available for review

To: teemu.savolainen@nokia.com
Subject: RE: new draft on IPv6 CPE router available for review
From: Mikael Abrahamsson <swmike@swm.pp.se>
Date: Fri, 4 Jul 2008 09:07:10 +0200 (CEST)
Cc: miyakawa@nttv6.jp, shemant@cisco.com, wbeebee@cisco.com, v6ops@ops.ietf.org
In-reply-to: <DC237AE116C10E4C9AD162D6C2EE62FEE847A5@vaebe102.NOE.Nokia.com>
Organization: People's Front Against WWW
References: <alpine.DEB.1.10.0807020616220.21378@uplift.swm.pp.se> <20080703.050938.104080059.miyakawa@nttv6.jp> <alpine.DEB.1.10.0807030728290.14629@uplift.swm.pp.se> <20080704.011411.193726649.miyakawa@nttv6.jp> <alpine.DEB.1.10.0807032125150.14629@uplift.swm.pp.se> <DC237AE116C10E4C9AD162D6C2EE62FEE847A5@vaebe102.NOE.Nokia.com>
User-agent: Alpine 1.10 (DEB 962 2008-03-14)

On Fri, 4 Jul 2008, teemu.savolainen@nokia.com wrote:

If the forwarding is the key differentiator, then isn't e.g. "host"
computers running Microsoft Windows, Apple OS/X, and even certain mobile
phones, also "routers" as they support "sharing of the network
connection", which means forwarding packets from the uplink connection
to local area network - possibly implementing DHCPv4 server, to allocate
private IPv4 addresses for LAN, and NAT for address translation between
LAN and uplink connection?


Correct.

If the "CPE router" would be defined as something that implements and
executes routing protocols, has MIBs, is fully controllable by ISP then
these hosts would not fit into that category.

For me, for instance a D-link 604 (NAT gateway) is a CPE router, if thathelps. It doesn't do SNMP, no routing protocols, but some of those areprovisionable via DHCP (will tftp download conf files).

Anyhow, in my mind a "host" is not so much of a name for a category of
devices, but rather a behavioral pattern of a node. At any given moment
a node can start to behave as a "router" (if that is defined only as
doing packet forwarding). For a network the node may still look like a
"host", if the node does this transparently for the network (i.e. with
help of NAT).

Yes, I realise this, but I want my native IPv6 service offering to requirea "router" class device, even if it means that this "router" only forwardstraffic logically between the WAN link-local interface and it's internalloopback address (DHCPv6-PD assigned space).

I did not think that was the idea either? If the end hosts would use
DHCPv6 PD, would that be an act of sourcing packets to IP core? If so,
could the delegating DHCPv6 server locate somewhere where "hosts" could
safely (from ISP point of view) talk?

The talking to ISP core is one differentiator, then we might(?) have:

Hm, the problem is that i don't want customers in core IP space, and Idon't want core in customer IP space.

(1) CPE router:
- allowed to directly source packets to ISP core
[host]---[CPE router]---[ISP]---[Internet]

What adresses would be used between CPE router and ISP? I would like it tobe link-local only.

(2) "Host router":
- not able to directly source packets to ISP core, but still able to
forward packets and use DHCPv6 PD
[host]---[host router]---[CPE router/access
concentrator]---[ISP]---[Internet]

The (1) case is what you are aiming I believe, and the (2) is what I'm
trying to describe.


Sounds about right, if (1) CPE-router <-> ISP is link-local.

An example of case (1) would be a DSL box at home/small office, and an
example of case (2) would be a cellular device that:
- connects with point-to-point link to operator's access concentrator
(e.g. GGSN), and gets a /64 prefix for itself (SLAAC)
- uses DHCPv6 PD to get more prefixes, and announces these prefixes to
LAN
- possibly implements DHCPv6 relay in order to enable other devices in
LAN to utilize DHCPv6 PD as well

Yes, that sounds about right, but what adress space is used on the p-t-plink? Is that the /64? That would mean that the GGSN IP adress in thisspace is globally reachable, with the security implications that brings.

Then again, I think tunneled approach is suboptimal as well, it usuallyinvolves CPU/network processors which have fairly low performance(compared to simple L3 switch devices using ASICs), so they can probablyget into trouble even if the customer space is DDOSed anyway, and have toincorporate means to protect against that.


A cheap and efficient service delivery or IPv6 for me is:

[host]-PD-[CPE router]-ll-[L3 switch]-core

The L2 and L3 device might be the same device, ie a L2/L3 switch with IPv6capability, with either VDSL2 or Ethernet PHY. It will most likely havelimited TCAM space (might be 1024 entries or something like that), doesforwarding using ASICs and very limited CPU resources, thus the reason whyI want to protect it from IP packets from the global Internet.


--
Mikael Abrahamsson    email: swmike@swm.pp.se

Follow-Ups:
- RE: new draft on IPv6 CPE router available for review
  - From: <teemu.savolainen@nokia.com>
- Re: new draft on IPv6 CPE router available for review
  - From: EricLKlein@softhome.net

References:
- Re: new draft on IPv6 CPE router available for review
  - From: Mikael Abrahamsson <swmike@swm.pp.se>
- Re: new draft on IPv6 CPE router available for review
  - From: Shin Miyakawa <miyakawa@nttv6.jp>
- Re: new draft on IPv6 CPE router available for review
  - From: Mikael Abrahamsson <swmike@swm.pp.se>
- Re: new draft on IPv6 CPE router available for review
  - From: Shin Miyakawa <miyakawa@nttv6.jp>
- Re: new draft on IPv6 CPE router available for review
  - From: Mikael Abrahamsson <swmike@swm.pp.se>
- RE: new draft on IPv6 CPE router available for review
  - From: <teemu.savolainen@nokia.com>

Prev by Date: RE: new draft on IPv6 CPE router available for review
Next by Date: RE: new draft on IPv6 CPE router available for review
Previous by thread: RE: new draft on IPv6 CPE router available for review
Next by thread: Re: new draft on IPv6 CPE router available for review
Index(es):
- Date
- Thread