RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt

["Stark, Barbara" <bs7652@att.com>]

Comments in-line. 
Barbara

-----Original Message-----
From: Hemant Singh (shemant) [mailto:shemant@cisco.com] 
Sent: Tuesday, July 15, 2008 11:34 AM
To: Stark, Barbara; v6ops@ops.ietf.org
Cc: Antonio Querubin
Subject: RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt

Barbara,

Since Antonio also raised a point about IPv6 addresses assigned to the
WAN interface (and the number of WAN interface(s)), we are combining a
reply to both you and Antonio. 

Barbara, when you say, 

"We have considered the possibility of a separate IP address for our
TR-069 management of the CPE routers that we supply, but would want this
to be a 
configurable option."

could you please elaborate. Does this separate IPv6 address get assigned
to the WAN side of the CPE Router? 
<Barbara>
One idea is that if a CPE router acquires a global address (SLAAC or
DHCPv6 on the WAN), that it would use this for the TR-069 management
interface, and it would use a global address from the prefix its given
for all other Internet communication. Some people think it would improve
security of that management interface (because of the ability in the
access network to control what traffic goes to/from that IP address).
Others consider it unnecessarily complex. The preferred approach (by
those who think having a separate management interface is too complex)
would be for CPE routers to use one of the addresses from the assigned
prefix for all Internet communication (between the CPE router and the
Internet), independent of whether it acquired a global address through
SLAAC/DHCPv6. The address acquired through SLAAC/DHCPv6 would only be
used to communicate with the access network (DHCPv6, ND, etc.).
</Barbara>

If yes, if the WAN interface is only
assigned a link-local address, then what network interface on the WAN
side does this IPv6 address get assigned to? 
<Barbara>
I'm experiencing some confusion here -- I thought that any given
"interface" could have multiple IPv6 addresses associated with it, and
it would simply need to have rules as to which address to use for which
traffic. The CPE router uses the address acquired from the access
network for DHCPv6, ND, etc., and it uses a global address from the
prefix for communication with other global addresses (not in its
prefix). Why do you believe separate interfaces may be needed?
</Barbara>

One choice we have is to
assign the IPv6 address to the Loopback interface facing the WAN side.
<Barbara>
We don't have such a LAN-facing loopback interface in any of our mass
market CPE, that I'm aware of. And I don't think we intend to start.
</Barbara>

Also, when reviewers ask for another network interface on the WAN side,
or another IPv6 address on the WAN side, could reviewers please
appreciate the fact that another WAN interface can mean two things for a
router. Either we have second physical WAN interface with a new
mac-address or we still have one WAN interface and the second WAN
interface is just a logical interface bound to the physical WAN
interface such that both the physical WAN interface and the logical
interface share a mac-address between them. Antonio and Barbara, which
one of these two interfaces are you talking about? Further, if one is
spawning logical interfaces on any router, once doesn't have to stop at
one extra interface. Go ahead and spawn more if one wants. 
<Barbara>
I mostly agree with this description of logical and physical interfaces,
although it can be more complex with DSL, and I consider Ethernet PHY to
be physical, but Ethernet link layer to be logical. A single physical
ADSL connection can have multiple ATM PVCs. An ATM PVC can support
multiple PPPoE sessions (although each ATM PVC only has a single
Ethernet "interface"), in which case each PPPoE session would also be an
"interface". It's also possible to bond multiple physical DSL
connections into a single logical connection (at the ATM or Ethernet
layer). I think that in these IPv6 discussions, I'm referring to an
interface at the Ethernet link layer. I think that should be considered
"logical", and physical would be DSL PHY, Ethernet PHY, etc. I'm
definitely not referring to the PHY interface. PHY needs to be
completely independent of IPv6 (and IPv4) discussions, IMO.
</Barbara>

Further, Antonio, when you say,

"Additionally, for those vendors that wish to integrate the layer 2
(DSL/cable) modem as part of the CPE router (where the "WAN"
encapsulation is not ethernet), perhaps a separately named interface
definition might be appropriate to avoid confusion with "WAN"."

In such a case, the WAN interface is a logical interface that bridges
the CPE Router to the broadband modem. We clarified the WAN interface
definition as follows with new text

WAN interface - a single physical network interface on the standalone
CPE Router that is used to connect the router to the access network of
the Service Provider. When the CPE Router is embedded in a device that
connects to the WAN, this interface is a logical network interface that
bridges the device to the CPE Router. Some devices which can have an
embedded CPE router are: a cable or DSL modem, or a cellular telephone,
etc. 
<Barbara>
I really think that we should focus on WAN interface at the Ethernet
link layer. Each MAC address presented to the WAN is a separate
interface. Since I'd also like for this document to apply equally to
Ethernet-PHY-to-the-WAN CPE routers (including ones that may get
cascaded inside the LAN), I would recommend a more general and simpler
description, such as:
WAN interface - an Ethernet link layer interface on the CPE Router that
is used to connect the router to the access network of the Service
Provider or to other CPE routers that are between it and the access
network. 

When there is a single WAN interface enabled on a CPE router, it's not
necessary to use RIP or have static routing entries to determine how to
route traffic to the WAN. When there are multiple WAN interfaces
enabled, it is necessary. When there are multiple WAN interfaces with an
IPv6 stack enabled, I would expect each of them to do SLAAC/DHCPv6 and
request a prefix. If each is assigned a prefix, I would expect each of
them to place IPv6 addresses from that prefix on the various LAN
interfaces, and to advertise that prefix or assign addresses from it to
devices on the LAN. That is, each WAN interface would meet the
requirements in this document. 

It's also possible to have multiple PPPoE sessions over a single
Ethernet link layer interface. In this case, each PPPoE session would
need to behave like a "WAN interface". But I don't see the need to go
into that level of detail in this document.
</Barbara>

When we publish our next revision of the draft, we will include new text
for the WAN interface definition.

Thanks.

Hemant & Wes.

--- Barbara snipped off the rest of the original email ---