[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New (-02) version of IPv6 CPE Router draft is available for review

To: "Hemant Singh (shemant)" <shemant@cisco.com>
Subject: Re: New (-02) version of IPv6 CPE Router draft is available for review
From: David Miles <davidm@thetiger.com>
Date: Fri, 18 Jul 2008 14:16:21 +1000
Cc: v6ops WG <v6ops@ops.ietf.org>
In-reply-to: <B00EDD615E3C5344B0FFCBA910CF7E1D04E41F97@xmb-rtp-20e.amer.cisco.com>
References: <B00EDD615E3C5344B0FFCBA910CF7E1D04E41EC4@xmb-rtp-20e.amer.cisco.com> <B00EDD615E3C5344B0FFCBA910CF7E1D04E41F59@xmb-rtp-20e.amer.cisco.com> <7582BC68E4994F4ABF0BD4723975C3FA09DDE882@crexc41p> <B00EDD615E3C5344B0FFCBA910CF7E1D04E41F5F@xmb-rtp-20e.amer.cisco.com> <7582BC68E4994F4ABF0BD4723975C3FA09DDEC70@crexc41p> <B00EDD615E3C5344B0FFCBA910CF7E1D04E41F8D@xmb-rtp-20e.amer.cisco.com> <7582BC68E4994F4ABF0BD4723975C3FA09DDED37@crexc41p> <B00EDD615E3C5344B0FFCBA910CF7E1D04E41F93@xmb-rtp-20e.amer.cisco.com> <2bbba3c10807171529h1de5c4f2o5026df74628ed36a@mail.gmail.com> <B00EDD615E3C5344B0FFCBA910CF7E1D04E41F96@xmb-rtp-20e.amer.cisco.com> <2bbba3c10807171605t7a291fdbwc222f54715606f13@mail.gmail.com> <B00EDD615E3C5344B0FFCBA910CF7E1D04E41F97@xmb-rtp-20e.amer.cisco.com>

Hemant and Wes,

Some comments on draft-02:
- The un-numbered  model doesn't require a loopback interface

- ULA addresses generation per RFC4193 may not be appropriate for CPEas it requires time of day and is a one-time algorithm. I think we mayneed to suggest a new random algorithm that is consistent with the onein RFC 4193 and does not require time of day. We should also point outthat a ULA prefix should be consistent across reloads and there mustbe some method by which the user can regenerate or otherwise specifytheir desired ULA prefix. Finally ULA is a 48-bit prefix.- I think we should add a line that says traffic with a ULA sourceaddress should not be forwarded out the WAN interface, rather thannoting you could use user-configured ACL.- Seeing you mention DAD on the WAN interface, you may also want toadd joining the solicited-node MC group via MLD per RFC 4861/2.

- Suggest you use RIPng terminology rather than RIPv6

- The IPv6 over PPP and softwire sections makes no mention of WANinterface address assignment other than IPv6CP (interface-ID). Shouldwe support both numbered and unnumbered models on PPP links?- Section 7: IPv6 Data forwarding should reference the Default RoutersList and the creation of the default route based on this. As you'vecovered off cascading routers we also need to consider how to routetraffic to them (assuming they will in turn populate their defaultrouter list with the root CPE). This suggests the DHCPv6 server in theCPE must be able to trigger route updates based on active leases.

I think we need a new section that describes CPE behaviour on reload/WAN up, thoughts below:

-----
5.4 Prefix Delegation Rebinding

Whenever the CPE WAN link changes state, addresses passed throughDHCPv6 must be revalidated. Conditions that should trigger a Rebindinclude:

- When the CPE reboots
- When the CPE WAN interface transitions to an up state

Prior to completing a Rebind, the CPE should continue to use addressesand lifetimes previously assigned to its LAN interface(s) that arederived from IA_PD Prefix options. These may be subsequentlyinvalidated through the Rebind process.

On reload, a routing CPE may not be able to validate any IA_PD Prefixoption lifetimes. Certain parameters must be stored in persistentmemory to avoid a situation where hosts in the LAN segments considerpreviously advertised prefixes valid that the CPE does not know of orthat may not be permitted by the upstream ISP.

These persistent parameters are:
- DHCPv6 PD
	- IAID
	- Prefix Options

- A register of subnets assigned to each interface with associatedIAID, IA_PD Prefix option and AdvPrefixList.

- Interface address assignments and lifetimes

The CPE MUST NOT advertise any RA PIO for prefixes derived from IA_PDPrefix Options until the prefixes have been validated through a DHCPRebind message exchange.

Once the WAN interface initialises, the reloading CPE SHOULD issue aDHCPv6-PD Rebind message, including the stored IAID and Prefix Optionsin the message. The DHCP Reply message will indicate whether theprefixes are valid (the valid lifetime is > 0) or invalid (the validlifetime is 0). If there is no reply within CNF_MAX_RD [RFC 3315] theCPE MUST initiate DHCPv6 Address Acquisition. It should continue touse addresses and lifetimes previously assigned to its LAN interface(s).

For each invalid prefix, the CPE MUST transmit unsolicited RA to LANsegments that contain PIO with the invalid prefix and the lifetime setto zero to immediately invalidate these addresses from hosts on theLAN. The CPE MUST then initialise DHCPv6 Address Acquisition.For each valid prefix, the CPE MUST transmit unsolicited RA to LANsegments that contain PIO with the valid prefix and lifetimes set tothe values is the DHCP Reply IA_PD Prefix option.


-----

- I'd suggest text in the DHCPv6 Address Acquisition section thatclarifies IA_PD prefix options received by the CPE are an explicitlist of valid prefixes. All prefixes in the CPE AdvPrefixList thatoriginated from previous IA_PD and that are not contained in the DHCP-PD Reply MUST be immediately expired. This ensures a host will not tryan communicate through the ISP with a invalid source address. I'm notsure what we should do in the scenario where DHCPv6 AddressAcquisitions fails (ie, we get a response but no IA_PD Options) but Iwould lean to doing nothing (ie, dont expire prefixes but do not sendany PIO, let the lifetime age away) as we are not going to forwardanyway.



- Some comments on the Unnumbered model with suggested text:

From:
5.3.2. Unnumbered Model

When the CPE router is configured for Unnumbered model, after the WANand Loopback interfaces have acquired a link-local address, theLoopback interface initiates SLAAC or stateful DHCPv6 to obtain IA_PDoption and other configuration information. On receiving the DHCPv6REPLY with IA_PD option, the CPE Router sub-delegates one global IPv6address from the IA_PD option to the Loopback interface.At any instance in time of the CPE Router operation, the router doesnot forward any traffic between its WAN and LAN interface(s) if therouter has not completed IPv6 provisioning process that involves theacquisition of a global IPv6 address by the WAN or loopback interfaceand the acquisition of a global or Unique Local Address (ULA) by theLAN interface(s).

---
To:
5.3.2. Unnumbered Model

In the unnumbered model the WAN interface will not acquire aninterface address through SLAAC or DHCPv6. When the CPE router isconfigured for Unnumbered model and after interface initialisation,the WAN interface initiates DHCPv6 to obtain IA_PD option and otherconfiguration information.


5.3.3. Both Models

On receiving the DHCPv6 REPLY with a IA_PD option, the CPE Routerassigns a /64 prefix from within the bounds of the IA_PD Prefix Optionto all interfaces except the WAN interface. The interface addressesare constructed using the /64 prefix and using EUI-64 on eachinterface for the Interface-ID portion of the address.At any instance in time of the CPE Router operation, the router doesnot forward any traffic between its WAN and LAN interface(s) if therouter has not completed IPv6 provisioning process that involves theacquisition or rebinding of addresses via DHCPv6-PD.



Cheers,

-David

Follow-Ups:
- RE: New (-02) version of IPv6 CPE Router draft is available for review
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>
- RE: New (-02) version of IPv6 CPE Router draft is available for review
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>

References:
- RE: new draft on IPv6 CPE router available for review
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>
- RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>
- RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
  - From: "Stark, Barbara" <bs7652@att.com>
- RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>
- RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
  - From: "Stark, Barbara" <bs7652@att.com>
- RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>
- RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
  - From: "Stark, Barbara" <bs7652@att.com>
- RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>
- Re: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
  - From: "Ole Troan" <otroan@employees.org>
- RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>
- Re: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
  - From: "Ole Troan" <otroan@employees.org>
- RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>

Prev by Date: RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
Next by Date: Re: changes to draft-ietf-v6ops-nat64-pb-statement-req-00.txt
Previous by thread: RE: Comments on draft-wbeebee-ipv6-cpe-router-01.txt
Next by thread: RE: New (-02) version of IPv6 CPE Router draft is available for review
Index(es):
- Date
- Thread