-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathdraft-mdt-softwire-map-deployment-00.txt
1792 lines (1014 loc) · 60.6 KB
/
draft-mdt-softwire-map-deployment-00.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Network Working Group Q. Sun
Internet-Draft China Telecom
Intended status: Informational M. Chen
Expires: November 25, 2012 FreeBit
G. Chen
China Mobile
C. Sun
Softbank BB
T. Tsou
Huawei Technologies
S. Perreault
Viag"|nie
May 24, 2012
Mapping of Address and Port (MAP) - Deployment Considerations
draft-mdt-softwire-map-deployment-00
Abstract
This document describes when and how an operator uses the technique
of Mapping of Address and Port (MAP) for the IPv4 residual deployment
in the IPv6-dominant domain.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 25, 2012.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
Sun, et al. Expires November 25, 2012 [Page 1]
Internet-Draft MAP Deployment May 2012
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.1. Fixed networks . . . . . . . . . . . . . . . . . . . . . . 5
3.2. Mobile networks . . . . . . . . . . . . . . . . . . . . . 6
4. Deployment Consideration . . . . . . . . . . . . . . . . . . . 8
4.1. Network Models . . . . . . . . . . . . . . . . . . . . . . 8
4.2. Building the MAP domain . . . . . . . . . . . . . . . . . 9
4.2.1. MAP deployment model planning . . . . . . . . . . . . 10
4.2.2. MAP domain planning . . . . . . . . . . . . . . . . . 10
4.2.3. MAP rule provisioning . . . . . . . . . . . . . . . . 11
4.2.4. MAP DHCPv6 server deployment consideration . . . . . . 12
4.2.5. PSID consideration . . . . . . . . . . . . . . . . . . 13
4.2.6. Addressing and routing . . . . . . . . . . . . . . . . 13
4.2.7. Translation vs. Encapsulation . . . . . . . . . . . . 14
4.3. BR settings . . . . . . . . . . . . . . . . . . . . . . . 14
4.4. CE settings . . . . . . . . . . . . . . . . . . . . . . . 17
4.5. Supporting system . . . . . . . . . . . . . . . . . . . . 18
5. MAP Address Planning, a Step-by-step Guide . . . . . . . . . . 20
6. Migration Methodology . . . . . . . . . . . . . . . . . . . . 23
6.1. Roadmap for MAP-based Solution . . . . . . . . . . . . . . 23
6.1.1. Start from Scratch . . . . . . . . . . . . . . . . . . 23
6.1.2. Coexiting Phases . . . . . . . . . . . . . . . . . . . 23
6.1.3. Exit Strategy . . . . . . . . . . . . . . . . . . . . 24
6.2. Migration Mode . . . . . . . . . . . . . . . . . . . . . . 24
6.2.1. Passive Transition . . . . . . . . . . . . . . . . . . 24
6.2.2. Active Transition . . . . . . . . . . . . . . . . . . 25
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26
8. Security Considerations . . . . . . . . . . . . . . . . . . . 27
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 28
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29
10.1. Normative References . . . . . . . . . . . . . . . . . . . 29
10.2. Informative References . . . . . . . . . . . . . . . . . . 29
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 31
Sun, et al. Expires November 25, 2012 [Page 2]
Internet-Draft MAP Deployment May 2012
1. Introduction
IPv4 address exhaustion has become world-wide reality and the primary
solution in the industry is to deploy IPv6-only networking.
Meanwhile, having access to legacy IPv4 contents and services is a
long-term requirement, will be so until the completion of the IPv6
transition. It demands sharing residual IPv4 address pools for IPv4
communications across the IPv6-only domain(s).
Mapping of Address and Port (MAP)
[I-D.mdt-softwire-mapping-address-and-port] is designed in response
to the requirement of stateless residual deployment. The term
"residual deployment" refers to utilizing not-yet-assigned or
recalled IPv4 addresses for IPv4 communications going across the IPv6
domain backbone. MAP assumes the IPv6-only backbone as the
prerequisite of deployment so that native IPv6 services and
applications are fully supported and encouraged. The statelessness
of MAP ensures only moderate overhead is added to part of the network
devices.
Residual deployment with MAP is new to most operators. This document
is motivated to provide basic understanding on the usage of MAP,
i.e., when and how an operator can do with MAP to meet its own
operational requirements of IPv6 transition and its facility
conditions, in the phase of IPv4 residual deployment. Potential
readers of this document are those who want to know:
1. What are the requirements of MAP deployment ?
2. What technical options needs to be considered when deploying MAP,
and how?
3. How does MAP impact on the address planning for both IPv6 and
IPv4 pools?
4. How does MAP impact on daily network operations and
administrations?
5. How do we migrate to IPv6-only network with the help of MAP?
Terminology of this document, unless it is intentionally specified,
follows the definitions and abbreviations of
[I-D.mdt-softwire-mapping-address-and-port]. (> co-authors: we may
change this if later we find any new terms need to be added.)
Sun, et al. Expires November 25, 2012 [Page 3]
Internet-Draft MAP Deployment May 2012
2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Sun, et al. Expires November 25, 2012 [Page 4]
Internet-Draft MAP Deployment May 2012
3. Case Studies
MAP is suitable for deployment either in large-scale carrier (fixed)
networks or in mobile networks. They have similar but different
requirements.
3.1. Fixed networks
There are typically two network models for fixed broadband access
service: one is to use PPPoE/PPPoA authentication method while the
other is to use IPoE. The first one is usually applied to
Residential network and SOHO networks. Subscribers in CPNs can
access broadband network by PPP dial-up authentication. BRAS is the
key network element which takes full responsibility of IP address
assignment, user authentication, traffic aggregation, PPP session
termination, etc. Then IP traffic is forwarded to Core Routers
through Metro Area Network, and finally transited to Internet via
Backbone network. The second network scenario is usually applied to
large enterprise networks. Subscribers in CPNs can access broadband
network by IPoE authentication. IP address is normally assigned by
DHCP server, or static configuration.
In either case, a CPE could obtain a prefix via prefix delegation
procedure, and the hosts behind CPE would get its own IPv6 addresses
within the prefix through SLAAC or DHCPv6 statefully. A MAP CE would
also obtain a set of MAP rules from DHCPv6 server. In MAP solution,
both encapsulation and double translation can be applied.
Figure 1 depicts a generic model of stateless IPv4-over-IPv6
communication for fixed broadband access services.
Sun, et al. Expires November 25, 2012 [Page 5]
Internet-Draft MAP Deployment May 2012
+------------------------------+
| MAP Domain |
+---+---------------+--------------|
+--------+ + | |
| | +---------+ +--+--+ |
| Host |--| CPE | | | |
| | |(MAP CE) |======| BNG | ======+---------+ +-----------+
+--------+ +---------+ +--|--+ | | | IPv4 |
+--------+ +---------------+ |Core |---| Internet |
| | +---|-----+ +--+--+ |Router | | |
| Host |--| CPE |======| | ======+---------+ +-----------+
| | |(MAP CE) | | BNG | |
+--------+ +---------+ +--+--+ |
+ | |
+-------------------+--------------+
Figure 1: Stateless IPv4-over-IPv6 access in fixed networks
3.2. Mobile networks
Regarding the MAP based solution, double translation is more suitable
in mobile environment according to the analysis in stateless
4V6[I-D.dec-stateless-4v6]. Figure 2 depicts a typical model of MAP
deployment in mobile network, where UE plays the rule of MAP CE.
There may be three possible cases: IPv4 only, IPv6 only or IPv6 and
IPv4 connection to IP devices, depicted as H1, H2 and H3,
respectively. The MAP CE may implement a internal NAT44 to provide
IPv4 connectin for multiple IP devices. The IP devices get /64
prefix from MAP CE through RS/RA. Such a /64 prefix is generated
from the prefix assigned by the network through prefix delegation.
In the process, IPv6 prefix delegation is asked to derive the shared
IPv4 address implicitly.
Prefix delegation is introduced in 3GPP network in Release 10. A MAP
CE obtains IPv6 prefix from the mobile network. It then initiates
DHCPv6 for prefix delegation. There are two phases for a MAP CE to
perform prefix delegation function. In the first phase, the MAP CE
attaches to the LTE network. The network provides the UE with IPv6
only connection and the UE obtains a /64 IPv6 prefix. In the second
phase, the MAP CE initiates prefix delegation procedure. The network
assigns a prefix shorter than 64 to the MAP CE. Figure 2 shows a
case where a /56 is assigned to MAP CE during prefix delegation.
Sun, et al. Expires November 25, 2012 [Page 6]
Internet-Draft MAP Deployment May 2012
+-------------+
|Private IPv4 |
| Network | H1
+-------------+
|
|
O-------------------O
| UE (MAP CE) |
| +-------+-------+ | |------------| |------------|
| | NAT44 | 4via6 | | | | | |
| | | /64 | |==| E-UTRAN |----| EPC |
| +-------+-------+ | |------------| |------------|
| | | |
| | /56 | |
O---------+-------+-O
| |
| H3 | H2
+-------------+ +----------+
| /64 IPv6 | | /64 IPv6 |
|&Private IPv4| +----------+
| Network |
+-------------+
Figure 2: MAP deployment in mobile network
Sun, et al. Expires November 25, 2012 [Page 7]
Internet-Draft MAP Deployment May 2012
4. Deployment Consideration
4.1. Network Models
MAP domain connects IPv4 subnets, including home networks, enterprise
networks, and collective residence faclities, with the IPv4 Internet
through the IPv6 routing infrastructure.
A typical case of home network is shown in Figure 3.
+-------+-------+ +-------+-------+ \
| Service | | Service | \
| Provider A | | Provider B | | Service
| Router | | Router | | Provider
+-------+-------+ +-------+-------+ | network
| | /
| Customer | /
| Internet | /
| connections | |
+---------+---------+ \
| IPv6 | \
| Customer Edge | \
| Router | /
+---------+---------+ /
| /
| | End-User
---+------------+-------+--------+-------------+--- | network(s)
| | | | \
+----+-----+ +----+-----+ +----+-----+ +-----+----+ \
|IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | /
| | | | | | | | /
+----------+ +----------+ +----------+ +----------+
Figure 3: Relations between home networking and MAP domain
Three network models are defined in [I-D.ietf-homenet-arch]: A.
single ISP, single CER, internal routers; B. two ISPs, two CERs,
shared subnet; C. two ISPs, one CER, shared subnet. Model A/B is
different with model C in MAP technologies. For model A/B, one CE
only need to correspond to a BR, while in model C one CE have to
correspond with multiple BRs. Figure 4 illustrate a typical case,
where the home network have multiple connections to multiple
providers or multiple logical connections to the same provider. In
any cases, a CE may have different paths towards multiple MAP border
relays.
Sun, et al. Expires November 25, 2012 [Page 8]
Internet-Draft MAP Deployment May 2012
+---------------------+------------------------------+
| Home networking1 | MAP Domain |
+---------------------+---------------+--------------|
| +--------+ + | | |
| | Host | +---------+ +--+--+ |
| +--------+--| CPE | | | |
| +--------+--|(MAP CE) |======| BNG | ======+---------+ +-----------+
| | Host | +---------+ +-----+ | | | |
| +--------+ | | | | |
+---------------------+ | Core | | IPv4 |
+---------------------+ | |---| |
| | | Router | | Internet |
| +--------+ | | | | |
| | Host | +---------+ +-----+ | | | |
| +--------+--| CPE |======| | ======+---------+ +-----------+
| +--------+--|(MAP CE) | | BNG | |
| | Host | +---------+ +--+--+ |
| +--------+ | | |
+---------------------+---------------+--------------+
| Home networking2 |
+---------------------+
Figure 4: Network Architecture of Model C
4.2. Building the MAP domain
When deploying stateless MAP in operational network, a provider
should firstly do MAP domain planning based on its own network
condition. According to the definition of
[I-D.mdt-softwire-mapping-address-and-port], a MAP domain is a set of
MAP CEs and BRs connected to the same virtual link. One MAP domain
shares a common BR and has the same set of BMRs, FMRs and DMR, and it
can be further divided into multiple sub-domains when multiple IPv4
subnets are deployed in one MAP domain. All CEs in the MAP domain
are provisioned with the same set of MAP rules by MAP DHCPv6 server
[I-D.mdt-softwire-map-dhcp-option]. There might be multiple BMRs in
one MAP domain, and CE would pick up its own BMR by longest prefix
matching lookup. However, all CEs within the sub-domain will have
the same BMR. in which the BMR of all CEs is the same. In hub and
spoke mode, CE would use DMR as its only FMR for outbound traffic;
while in mesh mode, a longest-matching prefix lookup is done in the
IPv4 routing table and the correct FMR is chosen.
Basically, operator should firstly determine its own deployment mode
for MAP domain: mesh or Hub and spoke, as different considerations
for different deployment models should be applied accordingly.
Afterwards, MAP domain planning, MAP rule provision, addressing and
routing, etc., for a MAP domain should be taken into consideration.
Sun, et al. Expires November 25, 2012 [Page 9]
Internet-Draft MAP Deployment May 2012
For the scenario where one CE is corresponding to multiple MAP border
relays, it is possible that those MAP BRs belong to different MAP
domains. The CE must pick up its own MAP rules among these domains.
It is a typical case of multihoming. The MAP rules must have the
information about BR(s) and the information about the services types
and the ISP.
4.2.1. MAP deployment model planning
In order to do MAP domain planning, an operator should firstly make
the decision to choose Mesh or Hub and Spoke model according to
operator's network policy. In Hub and Spoke mode, all traffic within
the same MAP domain has to go through BR which will result in less
optimized traffic; however, it would simplify the CE process since
there is no need to do FMR lookup for each incoming packet. Besides,
it would have enhanced management ability as BR can take full control
of all the traffic. As a result, it is reasonable to deploy Hub and
Spoke mode for network with relatively flat architecture.
In mesh mode, traffic optimization can be achieved by CE to CE direct
path. It is recommended to apply mesh mode in case CE to CE traffic
is high and there are not too many MAP rules, say less than 10 MAP
rules, in the specific domain.
4.2.2. MAP domain planning
Stateless MAP has its own advantage in terms of scalability, high-
reliability, etc. As a result, it is reasonable to apply a larger
MAP domain to accommodate more subscribers with less BRs. Moreover,
a larger MAP domain would also be easier for management and
maintenance. However, a larger MAP domain may also result in less
optimized traffic in Hub and spoke case, where all traffic has to go
through a remote BR. Besides, it will also result in increased
number of MAP rules and highly centralized address management, etc.
It is a tradeoff to choose appropriate domain coverage.
Generally speaking, it is not recommended to use a large MAP domain
in Hub and spoke model. While in mesh model, it is suggested to
adopt a relatively larger MAP domain since traffic optimization has
already been guaranteed, and the only concern is to make sure that
the number of MAP rules is not too big.
Furthermore, MAP sub-domains can be divided for differentiated
service provision. Different sub-domains could be distinguished by
different Rule IPv4 prefixes. But all CEs within the same MAP sub-
domain would have the same Rule IPv4 prefix, Rule IPv6 prefix and
PSID parameters.
Sun, et al. Expires November 25, 2012 [Page 10]
Internet-Draft MAP Deployment May 2012
4.2.3. MAP rule provisioning
In stateless MAP, Mesh or Hub and Spoke communications can be
achieved among CEs in one MAP domain in terms of assigning
appropriate FMR(s) to CEs. We recommend ISP deploy the full Hub and
Spoke mode or full mesh mode describe below, because the DHCPv6
server can simply achieve them.
4.2.3.1. Full Hub and Spoke Communication among CEs
In order to achieve the full communication in the Hub and Spoke mode,
no FMR is assigned to CEs. In this mode, when a CE sends packets to
another CE in the same MAP domain using the DMR as FMR, the packets
must go though BR before arriving at the destination.
4.2.3.2. Full Mesh Communication among CEs
Assigning all BMRs in MAP domain to each CE as FMRs, Mesh
communications can be achieved among all CEs. In this case, when CE
receives an IPv4 packet, it looks up for an appropriate FMR with a
specific Rule IPv4 prefix which has the longest match with the IPv4
destination address. If the FMR is found (destination is one of the
CEs in the MAP domain), the packet will be forwarded to associated CE
directly without going though BR. If the FMR is not found
(destination is out of the MAP domain), the DMR will be selected as
FMR, the CE then forwards the packet to the associated BR.
4.2.3.3. Mesh or Hub/Spoke communication among some CEs
Mesh communications among some CEs along with Hub/Spoke
communications among some other CEs can be achieved by which
differentiated FMRs are assigned to CEs. For instance, as Figure 5
shown, Mapping rule 1, Mapping rule 2, Mapping rule 3 is provisioned
to CE1, CE2, CE3 respectively as BMR, and rule 1 and rule2, and rule
1 and rule 2 and rule 3, and rule 2 and rule 3 are assigned to CE1,
CE2, CE3 respectively, then CE1 and CE2, CE2 and CE3 communicate
directly without going though associated BR (Mesh mode), the
communication between CE1 and CE3 must go though BR before reaching
peer each other (Hub/Spoke mode).
Sun, et al. Expires November 25, 2012 [Page 11]
Internet-Draft MAP Deployment May 2012
+---------------+---------+---------+---------+
| | CE1 | CE2 | CE3 |
+---------------+---------+---------+---------+
| BMR | rule 1 | rule 2 | rule 3 |
+---------------+---------+---------+---------+
| | rule 1 | rule 1 | rule 2 |
| FMRs | rule 2 | rule 2 | rule 3 |
| | | rule 3 | |
+---------------+---------+---------+---------+
Figure 5: Mapping rules assigned to CEs in example
4.2.4. MAP DHCPv6 server deployment consideration
All the CEs within a MAP domain will get the same set of MAP rules by
DHCPv6 server, including BMR, FMRs and DMR. In one MAP domain, BMR
for different CEs might be different, but FMRs and DMR are all the
same. Each Mapping Rule keeps a record of Rule IPv6 prefix, Rule
IPv4 prefix, Rule EA-bits length and Rule Port Parameters. Section 5
would give a step by step example of how to calculate these
parameters.
In stateless MAP, the deployment of DHCPv6 server is independent with
MAP domain planning. So there are three possible ways:
MAP domain : DHCPv6 server = 1:1 This is the ideal solution that
each MAP domain would have its own MAP DHCPv6 server. In this
case, MAP DHCPv6 server only needs to configure parameters for
the specific MAP domain. It is highly recommended to adopt
this deployment model in stateless MAP.
MAP domain : DHCPv6 server = 1:N This might happen when DHCPv6
servers are deployed in a large MAP domain in a distributed
manner. In this case, all these DHCPv6 servers should be
configured with the same set of MAP rules for the MAP domain,
including mutiple BMRs, FMRs and DMRs.
MAP domain : DHCPv6 server = N:1 This might happen when MAP domain
is relatively small and a single MAP DHCPv6 server is deployed
in the network. In this case, multiple MAP domains should be
distinguished based on CE's IPv6 prefix in different MAP
domains.
Besides, the situation of remaining IPv4 address prefixes may have
big impact on MAP rule planning, especially for service operators who
only have rather scattered address space. Since the number of
scattered IPv4 address prefixes would be equal to the number of FMR
rules within a MAP domain, one should choose as large IPv4 address
Sun, et al. Expires November 25, 2012 [Page 12]
Internet-Draft MAP Deployment May 2012
pool as possible to reduce the number of FMR rules.
4.2.5. PSID consideration
For PSID provisioning, all the CEs, BR and DHCPv6 server within the
same MAP domain should be configured with the same parameter value.
All CEs with the same BMR should have the same PSID length. If a
provider would like to introduce differentiated address sharing
ratios for different CEs, it is better to define multiple MAP sub-
domains with different Rule IPv4 prefixes. In this way, MAP domain
division is only a logical method, rather than a geographical one.
The default PSID offset is chosen as 4 in
[I-D.mdt-softwire-mapping-address-and-port], which will exclude port
range of 0-4096. Operator may adjust the value based on actual
usage, policy, and service mode.
With regard to PSID format, both continuous and non-continuous port
set can be supported in GMA algorithm. Non-continuous port set has
the advantage of better security, UPnP friendly, etc., while
continuous port set is the simplest way to implement. Since PSID
format should be supported not only in CPEs, BRs and DHCPv6 server,
but also in other sustaining systems as well, e.g. traffic logging
system, user management system, a provider should make the decision
based on a comprehensive investigation on its demand and the reality
of existing equipments.
Note that some ISPs may need to offer services in a MAP domain with a
shared address, e.g. there are hosts FTP server under CEs. The
service provisioning may require well-know port range (i.e. port
range belong to 0-1023). MAP would provide operators with an option
to generate a port range including those in 0-1023. Afterwards,
operators could decide to assign it to any requesting user.
4.2.6. Addressing and routing
In MAP addressing, it should follow the MAP rule planning in the MAP
domain.
For IPv4 addressing, since the number of scattered IPv4 address
prefixes would be equal to the number of FMR rules within a MAP
domain, one should choose as large IPv4 address pool as possible to
reduce the number of FMR rules.For IPv6 address, the Rule IPv6
prefixes should be equal to the end user IPv6 prefix in MAP domain.
If ISP has a /24 rule IPv4 prefix with sharing ratio of 64 gives
16000 customers, and a /16 rule IPv4 prefix supports 4 million
customer. If up the sharing ratio to 256, 64000 and 16 million
Sun, et al. Expires November 25, 2012 [Page 13]
Internet-Draft MAP Deployment May 2012
customers can be supports respectively. For the ISP who have number
of scattered IPv4 address prefixes, in order to reduce the FMRs,
according to needs of ports they can divide different class. For
instance, for the enterprise customers class which need many ports to
use, provision them the BMR with low sharing ratio while for the
private customers class which don't need so many ports provision them
the BMR with high sharing ratio.
For MAP routing, there are no IPv4 routes exported to IPv6 networks.
4.2.7. Translation vs. Encapsulation
1. Option header
There may be some options in the IPv4 header, and some of them may
not be able to mapped to IPv6 option headers accurately
[RFC791][RFC2460]. If Translation is used, those options can not be
supported, and packets with those options SHOULD be dropped.
Encapsulation does not have this problem.
2. ICMP
Some IPv4 ICMP codes do not have a corresponding codes in ICMPv6, a
detailed analysis on the double translation behavior suggest that
some ICMPv4 messages, when they are translated to ICMPv6 and back to
ICMPv4 across the IPv6 domain, the accuracy might be sacrificed to
some extent. Encapsulation keeps the full transparency of ICMPv4
messages, while translation can make in-transition access through
either single or double translations with a unified solution.
In either the encapsulation or translation mode, if an intermediate
node generates an ICMPv6 error message, it should be converted into
ICMPv4 version and returned to the source with a special source
address set to 192.70.192.254 [I-D.xli-behave-icmp-address], in the
stateless MAP architecture.
3. PMTU and fragmentation
Both translation mode and encapsulation mode have PMTU and
fragmentation problem. [RFC6145] discusses the problem in details
for the translation, while [RFC2473] could be a good reference on the
issue in encapsulation.
4.3. BR settings
1. BR placement
BR placement has important impacts on the operation of a MAP domain.
Sun, et al. Expires November 25, 2012 [Page 14]
Internet-Draft MAP Deployment May 2012
A first concern should be the avoidance of "triangle routing". That
is, the path from the CE to an IPv4 peer via the BR should be close
to the one that would be taken if the CE had native IPv4
connectivity. This can be accomplished easily by placing the BR
close to the CE, such that the length of the path from the CE to the
BR is minimized.
However, minimizing the CE-BR path would ignore a second concern,
that of minimizing IPv4 operations. An ISP deploying MAP will
probably want to focus on IPv6 operations, while keeping IPv4
operational expenditures to a minimum. This would imply that the
size of the IPv4 network that the ISP has to administer would be kept
to a minimum. Placing the BR near the CE means that the length of
the IPv4 network between the BR and the IPv4 Internet would be
longer.
Moreover, in case where the set of CEs is geographically dispersed,
multiple BRs would be needed, which would further enlarge the IPv4
network that the ISP has to maintain.
Therefore, we offer the following guideline: BRs should be placed as
close to the border with the IPv4 Internet as possible while keeping
triangle routing to a minimum. Regional POPs should probably be
considered as potential candidates.
Note also that MAP being stateless, asymmetric routing is possible,
meaning that separate BRs can be used for traffic entering and
exiting a MAP domain. This option can be considered for its effects
on traffic engineering.
Anycast can be used to let the network pick BR closest to a CE for
traffic exiting the MAP domain. This is accomplished by provisioning
a Default Mapping Rule containing an anycast IPv6 address or prefix.
Operationally, this allows incremental deployment of BRs in strategic
locations without modifying the provisioning system's configuration.
CE's close to a newly-deployed BR will automatically start using it.
2. Reliability Considerations
Reliability of MAP is derived in major part from its statelessness.
This means that MAP can benefit from the usual methods of Internet
reliability.
Anycast, already mentioned in section 4.2.1, can be used to ensure
reliability of traffic from CE to BR. Since there can be only one
Default Mapping Rule per MAP domain, traffic from CE to BR will
always use the same destination address (in encapsulation mode) or
prefix (in translation mode). When this address or prefix is
Sun, et al. Expires November 25, 2012 [Page 15]
Internet-Draft MAP Deployment May 2012
anycast, reliability is greatly increased. If a BR goes down, it
stops advertising the IPv6 anycast address or prefix, and traffic is
automatically re-routed to other BRs. For this mechanism to work
correctly, it is crucial that the anycast route announcement be very
closely tied to BR availability. See [RFC4786] for best current
practices on the operation of anycast services.
Anycast covers global reliability. Reliability within a single link
can be achieved with the help of a redundancy protocol such as VRRP
[RFC5798]. This allows operation of a pair of BRs in active/standby
configuration. No state needs to be shared for the operation of MAP,
so there is no need to keep the standby node in a "warm" state: as
long as it is up and ready to take over the virtual IPv6 address,
quick failover can be achieved. This makes the pair behave as a
single, much more reliable node, with less reliance on quick routing
protocol convergence for reliability.
It is expected that production-quality MAP deployments will make use
of both anycast and a redundancy protocol such as VRRP.
3. MTU/Fragmentation
If the MTU is well-managed such that the IPv6 MTU on the CE WAN side
interface is set so that no fragmentation occurs within the boundary
of the MAP domain, then the 4rd Tunnel MTU can be set to the known
IPv6 MTU minus the size of the encapsulating IPv4 header (40 bytes).
For example, if the IPv6 MTU is known to be 1500 bytes, the 4rd
Tunnel MTU might be set to 1460 bytes. Without more specific
information, the 4rd Tunnel MTU SHOULD default to 1280 bytes.
When using encapsulation mode, it is important that fragments of a
MAP packet sent according to the Default Mapping Rule be handled by
the same BR. (This is not required for translation mode.) This can
be a problem when using an anycast BR address and routing
fluctuations cause fragments of a packet to be routed to multiple
BRs.
BRs using an anycast address as source can cause problems. If
traffic sent by a BR with a source anycast address causes an ICMP
error to be returned, that error packet's destination address will be
an anycast address, meaning that a different BR might receive it. In
the case of a Too Big ICMP error, this could cause a path MTU
discovery black hole. Another possible problem could occur if
fragmented packets from different BRs using the same anycast address
as source happen to contain the same fragment ID. This would break
fragment reassembly.
Therefore, when using anycast addresses, it is RECOMMENDED that they
Sun, et al. Expires November 25, 2012 [Page 16]
Internet-Draft MAP Deployment May 2012
be only used as destination address, and never as source addresses.
BRs SHOULD be configured to accept traffic sent to the anycast
address, but use an unicast address as source.
In MAP domains where IPv4 addresses are not shared, IPv6 destinations
are derived from IPv4 addresses alone. Thus, each IPv4 packet can be
encapsulated and decapsulated independently of each other. 4rd
processing is completely stateless.
On the other hand, in MAP domains where IPv4 addresses are shared,
BRs and CEs may have to encapsulate or translate IPv4 packets whose
IPv6 destinations depend on destination ports. Precautions are
needed, due to the fact that the destination port of a fragmented
datagram is available only in its first fragment. A sufficient
precaution consists in reassembling each datagram received in
multiple packets, and to treat it as though it would have been
received in single packet. This function is such that MAP is in this
case stateful at the IP layer. (This is common with DS-lite and
NAT64/DNS64 which, in addition, are stateful at the transport layer.)
At domain entrance, this ensures that all pieces of all received IPv4
datagrams go to the right IPv6 destinations.
Another peculiarity of shared IPv4 addresses is that, without
precaution, a destination could simultaneously receive from different
sources fragmented datagrams that have the same Datagram ID (the
Identification field of [RFC0791]). This would disturb the
reassembly process. To eliminate this risk, CE MUST rewrite the
datagram ID to a unique value among CEs sharing an IPv4 address upon
sending the packet over a MAP domain. This value SHOULD be generated
locally within the port-range assigned to a given CE. Note that
replacing a Datagram ID in an IPv4 header implies an update of its
Header-checksum field, by adding to it the one's complement
difference between the old and the new values.
4.4. CE settings
1. bridging vs. routing mode
In routing mode, the CE runs a standard NAT44 [RFC3022] using the
allocated public address as external IP and ports via DHCPv6 option.
When receiving an IPv4 packet with private source address from its
end hosts, it performs NAT44 function by translating the source
address into public and selecting a port from the allocated port-set.
Then it encapsulates/translates the packet with the concentrator's
IPv6 address as destination IPv6 address, and forwards it to the
concentrator. When receiving an IPv6 packet from the concentrator,
the initiator decapsulates/translates the IPv6 packet to get the IPv4
packet with public destination IPv4 address. Then it performs NAT44
Sun, et al. Expires November 25, 2012 [Page 17]
Internet-Draft MAP Deployment May 2012
function and translates the destination address into private one.
The CE is responsible for performing ALG functions (e.g., SIP, FTP),
as well as supporting NAT Traversal mechanisms (e.g., UPnP, NAT-PMP,
manual mapping configuration). This is no different from the
standard IPv4 NAT today.
For the bridging mode, end host would run a software performing CE
functionalities. In this case, end host gets public address
directly. It is also suggested that the host run a local NAT to map
randomly generated ports into the restricted, valid port-set.
Another solution is to have the IP stack to only assign ports within
the restricted, valid range to applications. Either way the host
guarantees that every source port number in the outgoing packets
falls into the allocated port-set.
2. CE-initiated application
CE-initiated case is applied for situations where applications run on
CE directly. If the application in CE use the public address
directly, it might conflict with other CEs. So it is highly
suggested that CE should also run a local NAT to map a private
address to public address in CE. In this way, the CE IPv4 address
passed to local applications would be conflict with other CEs.
Moreover, CE should guarantee that every source port number in the
outgoing packets falls into the allocated port-set.
4.5. Supporting system
1. Lawful Intercept
Sharing IPv4 addresses among multiple CEs is susceptible to issues
related to lawful intercept. For details, see [RFC6269] section 12.
2. Traffic Logging
It is always possible for a service provider that operates a MAP
domain to determine the IPv6 prefix associated with a MAP IPv4
address (and port number in case of a shared address). This mapping
is static, and it is therefore unnecessary to log every IPv4 address
assignment. However, changes in that static mapping, such as rule
changes in the provisioning system, need to be logged in order to be
able to know the mapping at any point in time.
Sharing IPv4 addresses among multiple CEs is susceptible to issues