One document matched: draft-ietf-homenet-arch-16.xml
<?xml version="1.0" encoding="iso-8859-1" ?>
<!DOCTYPE rfc SYSTEM 'rfc2629.dtd' [
<!ENTITY rfc1918 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.1918.xml'>
<!ENTITY rfc2460 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2460.xml'>
<!ENTITY rfc2775 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2775.xml'>
<!ENTITY rfc2827 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2827.xml'>
<!ENTITY rfc3002 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3002.xml'>
<!ENTITY rfc3022 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3022.xml'>
<!ENTITY rfc3633 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3633.xml'>
<!ENTITY rfc2475 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2475.xml'>
<!ENTITY rfc4033 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4033.xml'>
<!ENTITY rfc4191 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4191.xml'>
<!ENTITY rfc4192 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4192.xml'>
<!ENTITY rfc4193 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4193.xml'>
<!ENTITY rfc4291 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4291.xml'>
<!ENTITY rfc4607 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4607.xml'>
<!ENTITY rfc4862 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4862.xml'>
<!ENTITY rfc4864 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4864.xml'>
<!ENTITY rfc4941 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4941.xml'>
<!ENTITY rfc5533 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5533.xml'>
<!ENTITY rfc5890 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5890.xml'>
<!ENTITY rfc5969 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.5969.xml'>
<!ENTITY rfc6092 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6092.xml'>
<!ENTITY rfc6144 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6144.xml'>
<!ENTITY rfc6145 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6145.xml'>
<!ENTITY rfc6177 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6177.xml'>
<!ENTITY rfc6204 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6204.xml'>
<!ENTITY rfc6296 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6296.xml'>
<!ENTITY rfc6333 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6333.xml'>
<!ENTITY rfc6555 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6555.xml'>
<!ENTITY rfc6724 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6724.xml'>
<!ENTITY rfc6762 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6762.xml'>
<!ENTITY rfc6824 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6824.xml'>
<!ENTITY rfc6887 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6887.xml'>
<!ENTITY rfc6950 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6950.xml'>
<!ENTITY rfc7084 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7084.xml'>
<!ENTITY rfc7157 PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7157.xml'>
<!ENTITY I-D.ietf-core-coap
PUBLIC '' 'http://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-core-coap.xml'>
]>
<rfc ipr="trust200902"
docName="draft-ietf-homenet-arch-16"
category="info">
<?rfc toc="yes"?> <?rfc symrefs="yes"?> <?rfc autobreaks="yes"?>
<?rfc tocindent="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?>
<front>
<title abbrev="IPv6 Home Networking">IPv6 Home Networking Architecture Principles</title>
<author fullname="Tim Chown" initials="T.J." surname="Chown" role="editor">
<organization> University of Southampton </organization>
<address>
<postal>
<street> Highfield </street>
<city> Southampton </city>
<code> SO17 1BJ </code>
<region> Hampshire </region>
<country> United Kingdom </country>
</postal>
<email> tjc@ecs.soton.ac.uk </email>
</address>
</author>
<author initials="J" surname="Arkko" fullname="Jari Arkko">
<organization>Ericsson</organization>
<address>
<postal>
<street/>
<city>Jorvas</city> <code>02420</code>
<country>Finland</country>
</postal>
<email>jari.arkko@piuha.net</email>
</address>
</author>
<author initials="A" surname="Brandt" fullname="Anders Brandt">
<organization>Sigma Designs</organization>
<address>
<postal>
<street>Emdrupvej 26A, 1</street>
<city>Copenhagen</city> <code>DK-2100</code>
<country>Denmark</country>
</postal>
<email>abr@sdesigns.dk</email>
</address>
</author>
<author initials="O" surname="Troan" fullname="Ole Troan">
<organization>Cisco Systems, Inc.</organization>
<address>
<postal>
<street>Drammensveien 145A</street>
<city>Oslo</city><code>N-0212</code>
<country>Norway</country>
</postal>
<email>ot@cisco.com</email>
</address>
</author>
<author initials="J" surname="Weil" fullname="Jason Weil">
<organization>Time Warner Cable</organization>
<address>
<postal>
<street>13820 Sunrise Valley Drive</street>
<city>Herndon, VA</city><code>20171</code>
<country>USA</country>
</postal>
<email>jason.weil@twcable.com</email>
</address>
</author>
<date month="June" year="2014" />
<keyword>IPv6</keyword>
<abstract>
<t>This text describes evolving networking technology within
residential home networks with increasing numbers of devices and
a trend towards increased internal routing. The goal of this
document is to define a general architecture for IPv6-based home
networking, describing the associated principles, considerations and
requirements. The text briefly highlights specific implications
of the introduction of IPv6 for home networking, discusses the
elements of the architecture, and suggests how standard IPv6 mechanisms
and addressing can be employed in home networking. The architecture
describes the need for specific protocol extensions for certain
additional functionality. It is assumed that the IPv6 home network
is not actively managed, and runs as an IPv6-only or dual-stack network.
There are no recommendations in this text for the IPv4 part of the network.
</t>
</abstract>
</front>
<middle>
<section anchor="intro" title="Introduction">
<t>This document focuses on evolving networking technology within
residential home networks with increasing numbers of devices and
a trend towards increased internal routing, and the associated
challenges with their deployment and operation. There
is a growing trend in home networking for the proliferation of networking
technology through an increasingly broad range of devices and media. This
evolution in scale and diversity sets requirements on IETF protocols.
Some of these requirements relate to the introduction of IPv6, others
to the introduction of specialised networks for home automation and
sensors.</t>
<t>
While at the time of writing
some complex home network topologies exist, most are relatively simple
single subnet networks, and ostensibly operate using just IPv4. While
there may be IPv6 traffic within the network, e.g., for service discovery,
the homenet is provisioned by the ISP as an IPv4 network. Such networks
also typically employ solutions that should be avoided, such as
private <xref target="RFC1918"></xref> addressing with (cascaded)
network address translation (NAT) <xref target="RFC3022"></xref>,
or they may require expert assistance to set up.
</t>
<t>
In contrast, emerging IPv6-capable home networks are very likely to have
multiple internal subnets, e.g., to facilitate private and guest
networks, heterogeneous link layers, and smart grid components, and have
enough address space available to allow every device to have a globally
unique address. This implies that internal routing functionality is required,
and that the homenet's ISP both provides a large enough prefix to allocate
a prefix to each subnet, and that a method is supported for such prefixes
to be delegated efficiently to those subnets.
</t>
<t>
It is not practical to expect home users to configure their networks.
Thus the assumption of this document is that the
homenet is as far as possible self-organising and self-configuring, i.e.,
it should function without pro-active management by the residential user.
</t>
<t>The
architectural constructs in this document are focused on the problems
to be solved when introducing IPv6, with an eye towards a better result
than what we have today with IPv4, as well as aiming at a more consistent
solution that addresses as many of the identified requirements as
possible.
The document aims to provide the basis and guiding principles for how
standard IPv6 mechanisms and addressing <xref target="RFC2460"/> <xref
target="RFC4291"/> can be employed in home networking, while
coexisting with existing IPv4 mechanisms. In emerging dual-stack
home networks it is vital that introducing IPv6 does not adversely
affect IPv4 operation. We assume that the IPv4 network
architecture in home networks is what it is, and can not be modified by
new recommendations. This document does not discuss how IPv4 home networks
provision or deliver support for multiple subnets.
It should not be assumed that any future new functionality created with
IPv6 in mind will be backward-compatible to include IPv4 support.
Further, future deployments, or specific subnets within
an otherwise dual-stack home network, may be IPv6-only, in which
case considerations for IPv4 impact would not apply.
</t>
<t>
This document proposes a baseline homenet architecture, using
protocols and implementations that are as far as possible proven and
robust.
The scope of the document is primarily the network layer technologies
that provide the basic functionality to enable addressing, connectivity,
routing, naming and service discovery. While it may, for example,
state that homenet components must be simple to deploy and use, it does
not discuss specific user interfaces, nor does it discuss specific
physical, wireless or data-link layer considerations. Likewise,
we also do not
specify the whole design of a homenet router from top to bottom,
rather we focus on the Layer 3 aspects. This means that Layer 2 is
largely out of scope, we're assuming a data link layer that supports
IPv6 is present, and that we react accordingly. Any IPv6-over-Foo
definitions occur elsewhere.
</t>
<t>
<xref target="RFC6204"/>
defines basic requirements for customer edge routers (CERs). This document
has recently been updated with the definition of requirements for
specific transition tools on the CER in
<xref target="RFC7084"></xref>, specifically
DS-Lite <xref target="RFC6333"/> and 6rd <xref target="RFC5969"/>.
Such detailed specification of CER devices is considered out of scope of this
architecture document, and we assume that any required update of the CER
device specification as a result of adopting this architecture will be
handled as separate and specific updates to these existing documents.
Further, the scope of this text is the internal homenet, and thus
specific features on the WAN side of the CER are out of scope for this text.
</t>
<section title="Terminology and Abbreviations">
<t>
In this section we define terminology and abbreviations used throughout the text.
</t>
<t>
<list style="symbols">
<t>Border: a point, typically resident on a router, between two networks, e.g.,
between the main internal homenet and a guest network. This defines point(s)
at which filtering and forwarding policies for different types of
traffic may be applied.</t>
<t>CER: Customer Edge Router: A border router intended for use in a homenet,
which connects the homenet to a service provider network.</t>
<t>FQDN: Fully Qualified Domain Name. A globally unique name.</t>
<t>Guest network: A part of the home network intended for use by visitors or
guests to the home(net). Devices on the guest network may typically not see
or be able to use all services in the home(net).</t>
<t>Homenet: A home network, comprising host and router equipment, with
one or more CERs providing connectivity to service provider network(s).</t>
<t>Internet Service Provider (ISP): an entity that provides access to the
Internet. In this document, a service provider specifically offers Internet
access using IPv6, and may also offer IPv4 Internet access. The service
provider can provide such access over a variety of
different transport methods such as DSL, cable, wireless, and others.</t>
<t>LLN: Low-power and lossy network.</t>
<t>LQDN: Locally Qualified Domain Name. A name local to the homenet.</t>
<t>NAT: Network Address Translation. Typically referring to IPv4
Network Address
and Port Translation (NAPT) <xref target="RFC3022"/>.</t>
<t>NPTv6: Network Prefix Translation for IPv6 <xref target="RFC6296"/>.</t>
<t>PCP: Port Control Protocol <xref target="RFC6887"></xref>. </t>
<t>Realm: a network delimited by a defined border. A guest network within a
homenet may form one realm.</t>
<t>'Simple Security'. Defined in <xref target="RFC4864"></xref> and
expanded further in <xref target="RFC6092"></xref>;
describes recommended perimeter security capabilities for IPv6 networks.</t>
<t>ULA: IPv6 Unique Local Address <xref target="RFC4193"></xref>.</t>
<t>VM: Virtual machine.</t>
</list>
</t>
</section>
</section>
<section anchor="trends" title="Effects of IPv6 on Home Networking">
<t>
While IPv6 resembles IPv4 in many ways, there are some notable differences
in the way it may typically be deployed. It changes address allocation
principles,
making multi-addressing the norm, and, through the vastly increased address
space, allows globally unique IP addresses to be used for all devices
in a home network. This section presents an overview
of some of the key implications of the introduction of IPv6 for home
networking, that are simultaneously both promising and problematic.
</t>
<section title="Multiple subnets and routers">
<t>
While simple layer 3 topologies involving as few subnets as possible
are preferred in home networks, the incorporation of dedicated (routed)
subnets remains necessary for a variety of reasons.
For instance, an increasingly common feature in modern home routers
is the ability to support both guest and private network subnets.
Likewise, there may be a need to
separate home automation or corporate extension LANs (whereby a home
worker can have their corporate network extended into the home using
a virtual private network, commonly presented as one port on an
Ethernet device) from the main Internet
access network, or different subnets may in general
be associated with parts of the
homenet that have different routing and security policies. Further,
link layer networking technology is poised to become more heterogeneous,
as networks begin to employ both traditional Ethernet technology and link
layers designed for low-power and lossy networks (LLNs), such as those
used for certain types of sensor devices. Constraining the flow of
certain traffic from Ethernet links to much lower capacity links
thus becomes an important topic.
</t>
<t>
The introduction of IPv6 for home networking makes it possible
for every home network to be delegated enough address space
from its ISP
to provision globally unique prefixes for each such subnet in the home.
While the number of addresses in a standard /64 IPv6 prefix
is practically unlimited, the number of prefixes available for assignment
to the home network is not. As a result the growth inhibitor for the
home network shifts from the number of addresses to the number of prefixes
offered by the provider; this topic is discussed in <xref target="RFC6177"/>
(BCP 157),
which recommends that "end sites always be able to obtain a reasonable
amount of address space for their actual and planned usage".
</t>
<t>The addition of routing between subnets raises a number of issues.
One is a method by which prefixes can be efficiently allocated to each
subnet, without user intervention. Another is the issue of
how to extend mechanisms such as zero configuration
service discovery which currently only
operate within a single subnet using link-local traffic. In a typical
IPv4 home network, there is only one subnet, so such mechanisms would
normally operate as expected. For multi-subnet IPv6 home networks
there are two broad choices to enable such protocols to work across
the scope of the entire homenet;
extend existing protocols to work across that scope, or
introduce proxies for existing link layer protocols. This topic is
discussed in <xref target="naming-sd"/>.
</t>
</section>
<section title="Global addressability and elimination of NAT">
<t>
The possibility for direct end-to-end communication on the Internet to
be restored by the introduction of IPv6 is
on the one hand an incredible
opportunity for innovation and simpler network operation,
but on the other hand it is
also a concern as it potentially exposes nodes in the internal
networks to receipt of unwanted and possibly malicious
traffic from the Internet.
</t>
<t>
With devices and applications able to talk directly to
each other when they have globally unique addresses, there may
be an expectation of improved host security to compensate for this.
It should be noted that many devices may (for
example) ship with default settings that make them readily vulnerable
to compromise by external attackers if globally accessible, or may simply
not have robustness designed-in because it was either assumed such devices
would only be used on private networks or the device itself doesn't
have the computing power to apply the necessary security methods.
In addition, the upgrade cycle for devices (or their firmware) may be slow,
and/or lack auto-update mechanisms.
</t>
<t>
It is thus important to distinguish between addressability and reachability.
While IPv6 offers global addressability through use of globally
unique addresses in the home, whether devices are globally reachable or
not would depend on any firewall or filtering configuration, and not,
as is commonly the case with IPv4, the presence or use of NAT.
In this respect, IPv6 networks may or may not have filters applied at
their borders to control such traffic, i.e., at the homenet CER.
<xref target="RFC4864"></xref> and <xref target="RFC6092"></xref>
discuss such filtering, and the merits of 'default allow' against
'default deny' policies for external traffic initiated into a homenet.
This topic is discussed further in <xref target="addressability"></xref>.
</t>
</section>
<section title="Multi-Addressing of devices">
<t>
In an IPv6 network, devices will often acquire multiple addresses, typically
at least a link-local address and one or more globally unique addresses.
Where a homenet is multihomed, a device would typically receive a globally
unique address (GUA) from within the delegated prefix from each upstream ISP.
Devices may also have an IPv4 address if the network is dual-stack, an
IPv6 Unique Local Address (ULA) <xref target="RFC4193"></xref> (see below),
and one or more IPv6 Privacy Addresses <xref target="RFC4941"></xref>.
</t>
<t>
It should thus be considered the norm for devices on IPv6 home networks
to be multi-addressed, and to need to make appropriate address selection
decisions for the candidate source and destination address pairs for any
given connection. In multihoming scenarios nodes
will be configured with one address from each upstream ISP prefix.
In such cases the presence of upstream BCP 38
<xref target="RFC2827"></xref>
ingress filtering requires such
multi-addressed nodes to select the correct source address to be used
for the corresponding uplink. Default Address Selection for IPv6
<xref target="RFC6724"></xref>
provides a solution for this, but a challenge here is that the node may
not have the information it needs to make that decision based on addresses
alone. We discuss this challenge in <xref target="multihoming"/>.
</t>
</section>
<section title="Unique Local Addresses (ULAs)">
<t>
<xref target="RFC4193"></xref> defines Unique Local Addresses (ULAs)
for IPv6 that may be used to address devices within the scope of a
single site. Support for ULAs for IPv6 CERs is described in <xref
target="RFC6204"></xref>. A home network running IPv6 should deploy ULAs
alongside its globally unique prefix(es) to allow stable communication
between devices (on different subnets) within the homenet
where that externally allocated globally unique prefix may change over
time, e.g., due to renumbering within the subscriber's ISP, or where
external connectivity may be temporarily unavailable. A homenet using
provider-assigned global addresses is exposed to its ISP renumbering the
network to a much larger degree than before whereas, for IPv4, NAT
isolated the user against ISP renumbering to some extent.
</t>
<t>
While setting up a network there may be a period where it has no
external connectivity, in which case ULAs would be required for
inter-subnet communication. In the case where home automation
networks are
being set up in a new home/deployment (as early as during
construction of the home), such networks
will likely need to use their own /48
ULA prefix. Depending upon circumstances beyond the control of the owner
of the homenet, it may be impossible to renumber the ULA used by the home
automation network
so routing between ULA /48s may be required. Also, some
devices, particularly constrained devices, may have only a ULA (in addition
to a link-local), while others may have both a GUA and a ULA.
</t>
<t>
Note that unlike private IPv4 RFC 1918 space, the use of ULAs does not
imply use of an IPv6 equivalent of a traditional IPv4 NAT
<xref target="RFC3022" />, or of NPTv6 prefix-based NAT
<xref target="RFC6296"/>. When an IPv6 node in a homenet has both a ULA and
a globally unique IPv6 address, it should only use its
ULA address internally, and use its additional globally unique IPv6 address
as a source address for external communications. This should be the natural
behaviour given support for Default Address Selection for
IPv6 <xref target="RFC6724"></xref>. By using
such globally unique addresses between hosts and devices in remote networks,
the architectural cost and complexity, particularly to applications,
of NAT or NPTv6 translation is avoided. As such, neither
IPv6 NAT or NPTv6 is recommended for use in the homenet architecture.
Further, the homenet border router(s) should filter packets with ULA
source/destination addresses as discussed in <xref target="stableinternal"/>.
</t>
<t>
Devices in a homenet may be given only a ULA as a means to restrict
reachability from outside the homenet. ULAs can be used by default for
devices that, without additional configuration (e.g., via a web interface),
would only offer services to the internal network. For example,
a printer might only accept incoming connections on a ULA
until configured to be globally reachable, at which point it acquires
a global IPv6 address and may be advertised via a global name space.
</t>
<t>
Where both a ULA and a global prefix are in use, the
ULA source address is used to communicate with ULA destination addresses
when appropriate, i.e., when the ULA source and destination lie within
the /48 ULA prefix(es) known to be used within the same homenet.
In cases where multiple /48 ULA prefixes are in use within a single homenet
(perhaps because multiple homenet routers each independently
auto-generate a /48 ULA prefix and then share prefix/routing information),
utilising a ULA source address and a ULA destination address from two
disjoint internal ULA prefixes is preferable to using GUAs.
</t>
<t>
While a homenet should operate correctly with two or more /48 ULAs
enabled, a mechanism for the creation and use of a single /48
ULA prefix is desirable for addressing consistency and policy enforcement.
</t>
<t>
A counter-argument to using ULAs is that it is undesirable to aggressively
deprecate global prefixes for temporary loss of connectivity, so for a
host to lose its global address there would have to be a connection
breakage longer than the lease period, and even then, deprecating prefixes
when there is no connectivity may not be advisable. However, it is
assumed in this architecture that homenets should support and use ULAs.
</t>
</section>
<section title="Avoiding manual configuration of IP addresses">
<t>
Some IPv4 home networking devices expose IPv4 addresses to users, e.g.,
the IPv4 address of a home IPv4 CER that may be configured via a web
interface. In potentially complex future IPv6 homenets, users should not
be expected to enter IPv6 literal addresses in devices or applications,
given their much greater length and the apparent randomness of such addresses
to a typical home user. Thus, even for the simplest of functions, simple
naming and the associated (minimal, and ideally zero configuration)
discovery of services is imperative for the easy deployment and use of
homenet devices and applications.
</t>
</section>
<section title="IPv6-only operation">
<t>
It is likely that IPv6-only networking will be deployed first in new
home network deployments, often referred to as 'greenfield' scenarios,
where there is no existing IPv4 capability,
or perhaps as one element of an otherwise dual-stack network.
Running IPv6-only adds additional requirements, e.g., for devices to get
configuration information via IPv6 transport (not relying on an IPv4
protocol such as IPv4 DHCP), and for devices to be able to
initiate communications to external devices that are IPv4-only.
</t>
<t>
Some specific transition technologies which may be deployed by the
homenet's ISP are discussed in <xref target="RFC7084"></xref>.
In addition, certain other functions may be desirable on the CER,
e.g., to access content in the IPv4 Internet,
<xref target="RFC6144">NAT64</xref> and
<xref target="RFC6145">DNS64</xref> may be applicable.
</t>
<t>
The widespread availability of robust solutions to these types of
requirements will help accelerate the uptake of IPv6-only homenets.
The specifics of these are however beyond the scope of this document,
especially those functions that reside on the CER.
</t>
</section>
</section>
<section anchor="arch" title="Homenet Architecture Principles">
<t>
The aim of this text is to outline how to construct advanced IPv6-
based home networks involving multiple routers and subnets using
standard IPv6 addressing and protocols <xref target="RFC2460"/> <xref
target="RFC4291"/> as the basis. As described in <xref target="generalp"></xref>,
solutions should as far as possible
re-use existing protocols, and minimise changes to hosts and
routers, but some new protocols, or extensions, are likely to
be required. In this section, we present the elements
of the proposed home networking architecture, with discussion of the
associated design principles.
</t>
<t>
In general, home network equipment needs to be able to operate in
networks with a range of different properties and topologies,
where home users may plug components together in arbitrary ways and
expect the resulting network to operate.
Significant manual configuration is rarely, if at all, possible, or
even desirable given the knowledge level of typical home users.
Thus the network should, as far as possible, be self-configuring, though
configuration by advanced users should not be precluded.
</t>
<t>
The homenet needs to be able to handle or provision at least
<list style="symbols">
<t>Routing</t>
<t>Prefix configuration for routers</t>
<t>Name resolution</t>
<t>Service discovery</t>
<t>Network security</t>
</list></t>
<t>
The remainder of this document describes the principles by which the
homenet architecture may deliver these properties.
</t>
<section anchor="generalp" title="General Principles">
<t>There is little that the Internet standards community can do about
the physical topologies or the need for some networks to be separated
at the network layer for policy or link layer compatibility reasons.
However, there is a lot of flexibility in using IP addressing and
inter-networking mechanisms. This text discusses
how such flexibility should be used to provide the best
user experience and ensure that the network can evolve with new
applications in the future. The principles described in this text
should be followed when designing homenet protocol
solutions. </t>
<section title="Reuse existing protocols">
<t>
Existing protocols will be used to meet the requirements of home
networks. Where necessary, extensions will be made to those
protocols. When no existing protocol is found to be suitable, a
new or emerging protocol may be used. Therefore, it is important
that no design or architectural decisions are made that would
preclude the use of new or emerging protocols.
</t>
<t>
A generally conservative approach, giving weight to running (and
available) code, is preferable. Where new protocols are required, evidence
of commitment to
implementation by appropriate vendors or development communities is
highly desirable. Protocols used should be backwardly compatible,
and forward compatible where changes are made.
</t>
</section>
<section title="Minimise changes to hosts and routers">
<t>
In order to maximise deployability of new homenets, where possible
any requirement for changes to hosts and routers should be minimised,
though solutions which, for example, incrementally improve capability
with host or router changes may be acceptable. There may be cases
where changes are unavoidable, e.g., to allow a given homenet routing
protocol to be self-configuring, or to support routing based on
sources addresses in addition to destination addresses (to improve
multihoming support, as discussed in <xref target="multihoming"/>).
</t>
</section>
</section>
<section title="Homenet Topology">
<t>
This section considers homenet topologies, and the principles
that may be applied in designing an architecture to support as wide a range
of such topologies as possible.
</t>
<section title="Supporting arbitrary topologies">
<t>
There should ideally be no built-in assumptions about the topology in home
networks, as users are capable of connecting their devices in
'ingenious' ways. Thus arbitrary topologies and arbitrary routing
will need to be supported,
or at least the failure mode for when the user makes a mistake should
be as robust as possible, e.g., de-activating a certain part of the
infrastructure to allow the rest to operate. In such cases,
the user should ideally have some useful
indication of the failure mode encountered.</t>
<t>There should be no topology scenarios which cause loss of
connectivity, except when the user
creates a physical island within the topology. Some potentially
pathological cases that can be created include bridging ports of a
router together, however this case can be detected and dealt with by
the router. Loops within a routed topology are in a sense good in
that they offer redundancy. Topologies that include potential
bridging loops can be dangerous but are
also detectable when a switch learns the MAC of one of its interfaces
on another or runs a spanning tree or link state protocol.
It is only topologies with such potential loops
using simple repeaters that are truly pathological.</t>
<t>
The topology of the homenet may change over time, due to the addition
or removal of equipment, but also due to temporary failures or
connectivity problems. In some cases this may lead to, for example,
a multihomed homenet being split into two isolated homenets, or,
after such a fault is remedied, two isolated parts reconfiguring back
to a single network.
</t>
</section>
<section title="Network topology models">
<t>
As hinted above, while the architecture may focus on likely common
topologies, it should not preclude any arbitrary topology from
being constructed.
</t>
<t>
Most IPv4 home network models at the time of writing tend
to be relatively simple,
typically a single NAT router to the ISP and a single internal
subnet but, as discussed earlier, evolution in network architectures
is driving more complex topologies, such as the separation of guest
and private networks. There may also be some cascaded IPv4 NAT
scenarios, which we mention in the next section. For IPv6 homenets,
the Network Architectures described in <xref target="RFC6204"/>
and its successor <xref target="RFC7084"></xref>
should, as a minimum, be supported.
</t>
<t>
There are a number of properties or attributes of a home network that
we can use to describe its topology and operation.
The following properties apply to any IPv6 home network:
</t>
<t>
<list style="symbols">
<t>Presence of internal routers. The homenet may have one or more internal
routers, or may only provide subnetting from interfaces on the CER.</t>
<t>Presence of isolated internal subnets. There may be isolated internal
subnets, with no direct connectivity between them within the homenet
(with each having its own external connectivity). Isolation may
be physical, or implemented via IEEE 802.1q VLANs. The latter is however
not something a typical user would be expected to configure.</t>
<t>Demarcation of the CER. The CER(s) may or may not be managed by
the ISP. If the demarcation point is such that the customer
can provide or manage the CER, its configuration must be simple. Both
models must be supported.</t>
</list>
</t>
<t>
Various forms of multihoming are likely to become more prevalent with
IPv6 home networks, where the homenet may have two or more external ISP
connections, as discussed further below.
Thus the following properties should also be considered for such networks:
</t>
<t>
<list style="symbols">
<t>Number of upstream providers. The majority of home networks today
consist of a single upstream ISP, but it may become more common
in the future for there to be multiple ISPs, whether for resilience
or provision of additional services.
Each would offer its own prefix. Some may or may not provide
a default route to the public Internet. </t>
<t>Number of CERs. The homenet may have a single CER, which might be
used for one or more providers, or multiple CERs. The presence
of multiple CERs adds
additional complexity for multihoming scenarios, and protocols like
PCP that may need to manage connection-oriented state mappings on
the same CER as used for subsequent traffic flows.</t>
</list>
</t>
<t>
In the following sections we give some examples of the types of
homenet topologies we may see in the future. This is not
intended to be
an exhaustive or complete list, rather an indicative one to
facilitate the discussion in this text.
</t>
<section title="A: Single ISP, Single CER, Internal routers">
<t>Figure 1 shows a home network with multiple local area networks. These
may be needed for reasons relating to different link layer technologies
in use or for policy reasons, e.g., classic Ethernet in one subnet and
a LLN link layer technology in another. In this example there is no
single router that a priori understands the entire topology. The
topology itself may also be complex, and it may not be possible to
assume a pure tree form, for instance (because home
users may plug routers together to form arbitrary topologies
including those with potential loops in them).</t>
<figure align="left" anchor="Figure.1 ">
<preamble></preamble>
<artwork align="left">
+-------+-------+ \
| Service | \
| Provider | | Service
| Router | | Provider
+-------+-------+ | network
| /
| Customer /
| Internet connection
|
+------+--------+ \
| IPv6 | \
| Customer Edge | \
| Router | |
+----+-+---+----+ |
Network A | | | Network B(E) |
----+-------------+----+ | +---+-------------+------+ |
| | | | | | |
+----+-----+ +-----+----+ | +----+-----+ +-----+----+ | |
|IPv6 Host | |IPv6 Host | | | IPv6 Host| |IPv6 Host | | |
| H1 | | H2 | | | H3 | | H4 | | |
+----------+ +----------+ | +----------+ +----------+ | |
| | | | |
Link F | ---+------+------+-----+ |
| | Network E(B) |
+------+--------+ | | End-User
| IPv6 | | | networks
| Interior +------+ |
| Router | |
+---+-------+-+-+ |
Network C | | Network D |
----+-------------+---+ +---+-------------+--- |
| | | | |
+----+-----+ +-----+----+ +----+-----+ +-----+----+ |
|IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | |
| H5 | | H6 | | H7 | | H8 | /
+----------+ +----------+ +----------+ +----------+ /
</artwork>
<postamble></postamble>
</figure>
<t>
In this diagram there is one CER. It has a single uplink interface.
It has three additional interfaces connected to
Network A, Link F, and Network B. IPv6 Internal Router (IR) has four
interfaces connected to Link F, Network C, Network D and Network E.
Network B and Network E have been bridged, likely inadvertently. This
could be as a result of connecting a wire between a switch for Network B
and a switch for Network E.
</t>
<t>
Any of logical Networks A through F might be wired or wireless.
Where multiple hosts are shown, this might be through one or more
physical ports on the CER or IPv6 (IR), wireless networks, or through
one or more layer-2 only Ethernet switches.
</t>
</section>
<section title="B: Two ISPs, Two CERs, Shared subnet">
<figure align="left" anchor="Figure.2 ">
<preamble></preamble>
<artwork align="left">
+-------+-------+ +-------+-------+ \
| Service | | Service | \
| Provider A | | Provider B | | Service
| Router | | Router | | Provider
+------+--------+ +-------+-------+ | network
| | /
| Customer | /
| Internet connections | /
| |
+------+--------+ +-------+-------+ \
| IPv6 | | IPv6 | \
| Customer Edge | | Customer Edge | \
| Router 1 | | Router 2 | /
+------+--------+ +-------+-------+ /
| | /
| | | End-User
---+---------+---+---------------+--+----------+--- | network(s)
| | | | \
+----+-----+ +-----+----+ +----+-----+ +-----+----+ \
|IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | /
| H1 | | H2 | | H3 | | H4 | /
+----------+ +----------+ +----------+ +----------+
</artwork>
<postamble></postamble>
</figure>
<t>
Figure 2 illustrates a multihomed homenet model, where the
customer has connectivity via CER1 to ISP A and via CER2 to ISP B.
This example shows one shared subnet where IPv6 nodes would
potentially be multihomed and receive multiple IPv6 global
prefixes, one per ISP. This model may also be combined with
that shown in Figure 1 to create a more complex scenario with multiple
internal routers. Or the above shared subnet may be split in two,
such that each CER serves a separate isolated subnet, which is a
scenario seen with some IPv4 networks today.
</t>
</section>
<section title="C: Two ISPs, One CER, Shared subnet">
<figure align="left" anchor="Figure.3 ">
<preamble></preamble>
<artwork align="left">
+-------+-------+ +-------+-------+ \
| Service | | Service | \
| Provider A | | Provider B | | Service
| Router | | Router | | Provider
+-------+-------+ +-------+-------+ | network
| | /
| Customer | /
| Internet | /
| connections |
+---------+---------+ \
| IPv6 | \
| Customer Edge | \
| Router | /
+---------+---------+ /
| /
| | End-User
---+------------+-------+--------+-------------+--- | network(s)
| | | | \
+----+-----+ +----+-----+ +----+-----+ +-----+----+ \
|IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | /
| H1 | | H2 | | H3 | | H4 | /
+----------+ +----------+ +----------+ +----------+
</artwork>
<postamble></postamble>
</figure>
<t>
Figure 3 illustrates a model where a home network may have multiple
connections to multiple providers or multiple logical connections to
the same provider, with shared internal subnets.
</t>
</section>
</section>
<section title="Dual-stack topologies">
<t>
It is expected that most homenet deployments will for the immediate
future be dual-stack IPv4/IPv6. In such networks
it is important not to introduce new IPv6 capabilities that would cause
a failure if used alongside IPv4+NAT, given that such
dual-stack homenets will be commonplace for some time.
That said, it is desirable that IPv6 works better than IPv4 in
as many scenarios as possible. Further, the homenet architecture must
operate in the absence of IPv4.
</t>
<t>
A general recommendation is to follow the same topology for IPv6
as is used for IPv4, but not to use NAT. Thus there should be
routed IPv6 where an IPv4 NAT is used and, where there is no NAT,
routing or bridging may be used. Routing may have advantages when
compared to bridging together high speed and lower speed shared media,
and in addition bridging
may not be suitable for some networks, such as ad-hoc mobile networks.
</t>
<t>
In some cases IPv4 home networks may feature cascaded NATs.
End users are frequently unaware that they have created such
networks as 'home routers' and 'home switches' are frequently
confused. In addition, there are cases where
NAT routers are included within Virtual Machine Hypervisors, or
where Internet connection sharing services have been enabled.
This document applies equally to such hidden NAT 'routers'.
IPv6 routed versions of such cases will be required.
We should thus also note that routers in the homenet may not be
separate physical devices; they may be embedded within other devices.
</t>
</section>
<section anchor="multihoming" title="Multihoming">
<t>
A homenet may be multihomed to multiple providers, as the network
models above illustrate. This may either
take a form where there are multiple isolated networks within the home
or a more integrated network where the connectivity selection
needs to be dynamic.
Current practice is typically of the former kind, but the latter is
expected to become more commonplace.
</t>
<t>
In the general homenet architecture, multihomed hosts should be
multi-addressed with a global IPv6 address from the global prefix delegated
from each ISP they communicate with or through.
When such multi-addressing is in use, hosts need some way to pick source
and destination address pairs for connections.
A host may choose a source address to use by various methods, most
commonly <xref target="RFC6724"/>. Applications may
of course do different things, and this should not be precluded.
</t>
<t>
For the single CER Network Model C illustrated above, multihoming may
be offered by source-based routing at the CER. With multiple exit routers,
as in CER Network Model B, the complexity rises.
Given a packet with a source address on the home network, the
packet must be routed to the proper egress to avoid BCP 38 ingress
filtering if exiting through the wrong ISP. It is highly desirable
that the packet is routed in the most efficient manner to the correct exit,
though as a minimum requirement the packet should not be dropped.
</t>
<t>
The homenet architecture should support both the above models, i.e., one or
more CERs. However,
the general multihoming problem is broad, and solutions suggested to
date within the IETF have
included complex architectures for monitoring connectivity,
traffic engineering, identifier-locator separation, connection survivability
across multihoming events, and so on. It is thus important that
the homenet architecture should as far as possible
minimise the complexity of any multihoming support.
</t>
<t>
An example of such a 'simpler' approach has been documented
in <xref target="RFC7157"></xref>.
Alternatively a flooding/routing protocol could potentially be
used to pass information through the homenet, such that internal
routers and ultimately end hosts could learn per-prefix configuration
information, allowing better address selection decisions to be made.
However, this would imply router and, most likely, host changes.
Another avenue is to introduce support throughout the homenet for
routing which is based on the source as well as the destination
address of each packet.
While greatly improving the 'intelligence' of
routing decisions within the homenet, such an approach would require
relatively significant router changes but avoid host changes.
</t>
<t>
As explained previously, while NPTv6 has been proposed for providing
multi-homing support in networks, its use is not recommended in the homenet
architecture.
</t>
<t>It should be noted that some multihoming scenarios may see one
upstream being a "walled garden", and thus only appropriate for
connectivity to the services of that provider; an example may be
a VPN service that only routes back to the enterprise business
network of a user in the homenet.
As per Section 4.2.1 of <xref target="RFC3002"></xref> we do not
specifically target walled garden multihoming as a goal
of this document.
</t>
<t>
The homenet architecture should also not preclude use of host or
application-oriented tools, e.g., Shim6 <xref target="RFC5533"/>,
MPTCP <xref target="RFC6824"/> or
<xref target="RFC6555">Happy Eyeballs</xref>. In general, any incremental
improvements obtained by host changes should give benefit for the
hosts introducing them, but not be required.
</t>
</section>
<section title="Mobility support">
<t>
Devices may be mobile within the homenet. While resident on the same
subnet, their address will remain persistent, but should devices move to
a different (wireless) subnet, they will acquire a new address in that
subnet. It is desirable that the homenet supports internal device
mobility. To do so, the homenet may either extend the reach of
specific wireless subnets to enable wireless roaming across the
home (availability of a specific subnet across the home), or it may
support mobility protocols to facilitate such roaming where multiple
subnets are used.
</t>
</section>
</section>
<section title="A Self-Organising Network">
<t>
The home network infrastructure
should be naturally self-organising and self-configuring
under different circumstances relating to the connectivity status to the
Internet, number of devices, and physical topology.
At the same time, it should be possible for advanced users to
manually adjust (override) the current configuration. </t>
<t>
While a goal of the homenet architecture is for the network to be as
self-organising as possible, there may be instances where some manual
configuration is required, e.g., the entry of a cryptographic key to
apply wireless
security, or to configure a shared routing secret. The latter may be
relevant when considering how to bootstrap a routing configuration.
It is highly desirable that the number of such configurations is minimised.
</t>
<section anchor="neighbours" title="Differentiating neighbouring homenets">
<t>
It is important that self-configuration with 'unintended' devices
is avoided.
There should be a way for a user to administratively assert in a simple
way whether or not a device belongs to a given homenet. The goal is to allow
the establishment of borders, particularly between two adjacent homenets,
and to avoid unauthorised devices from participating in
the homenet. Such an authorisation capability may need to operate through
multiple hops in the homenet.
</t>
<t>
The homenet should thus support a way for a homenet owner to
claim ownership of their devices in a reasonably secure way. This could be
achieved by a pairing mechanism, by for example pressing buttons
simultaneously on an authenticated and a new homenet device, or by an
enrolment process as part of an autonomic networking environment.
</t>
<t>
While there may be scenarios where one homenet may wish to intentionally
gain access through another, e.g. to share external connectivity costs,
such scenarios are not discussed in this document.
</t>
</section>
<section title="Largest practical subnets">
<t>
Today's IPv4 home networks generally have a single subnet, and
early dual-stack deployments have a single congruent IPv6 subnet,
possibly with some bridging functionality. More recently,
some vendors have
started to introduce 'home' and 'guest' functions, which in IPv6
would be implemented as two subnets.
</t>
<t>
Future home networks are highly likely to have one or more internal
routers and thus need multiple subnets, for
the reasons described earlier. As part
of the self-organisation of the network, the homenet should subdivide
itself into the largest practical subnets that can be constructed within
the constraints of link layer mechanisms, bridging, physical
connectivity, and policy, and where applicable performance or other
criteria. In such subdivisions the logical topology may not necessarily
match the physical
topology. This text does not, however, make recommendations on how such
subdivision should occur. It is expected that subsequent documents will
address this problem.
</t>
<t>
While it may be desirable to maximise the chance of link-local
protocols operating across a homenet by maximising the size of a subnet,
multi-subnet home networks are inevitable, so their support must be
included.
</t>
</section>
<section title="Handling varying link technologies">
<t>
Homenets tend to grow organically over many years, and a homenet
will typically be built over link-layer technologies from different
generations. Current homenets typically use links ranging from
1Mbit/s up to 1Gbit/s, which is a three orders of magnitude throughput
discrepancy. We expect this discrepancy to widen further as both
high-speed and low-power technologies are deployed.
</t>
<t>
Homenet protocols should be designed to deal well with interconnecting
links of very different throughputs. In particular, flows local to a
link should
not be flooded throughout the homenet, even when sent over multicast,
and, whenever possible, the homenet protocols should be able to choose the
faster links and avoid the slower ones.
</t>
<t>
Links (particularly wireless links) may also have limited numbers of
transmit opportunities (txops), and there is a clear trend driven by
both power and downward compatibility constraints toward aggregation of
packets into these limited txops while increasing throughput.
Transmit opportunities may be a system's scarcest resource and therefore
also strongly limit actual throughput available.
</t>
</section>
<section title="Homenet realms and borders">
<t>
The homenet will need to be aware of the extent of its own 'site',
which will, for example, define the borders for ULA and site
scope multicast traffic, and may require specific security policies to
be applied.
The homenet will have one or more such borders with external
connectivity providers.
</t>
<t>
A homenet will most likely also have internal borders between internal
realms, e.g., a guest realm or a corporate network extension realm. It
is desirable that appropriate borders can be configured to
determine, for example, the scope of where network prefixes, routing
information, network traffic, service discovery and naming may be shared.
The default mode internally should be to share everything.
</t>
<t>
It is expected that a realm would span at least an entire subnet, and thus
the borders lie at routers which receive delegated prefixes within the
homenet. It is also desirable, for a richer security model, that hosts
are able to
make communication decisions based on available realm and associated
prefix information in the same way that routers at realm borders can.
</t>
<t>
A simple homenet model may just consider three types of realm and
the borders between them, namely the internal homenet, the ISP and a
guest network. In this case
the borders will include that from the homenet to the ISP, that
from the guest network to the ISP, and that from the homenet to
the guest network. Regardless, it should be possible
for additional types of realms and borders to be defined, e.g., for some
specific LLN-based network, such as Smart Grid, and for these to be detected
automatically, and for an appropriate default policy to be applied
as to what type of traffic/data can flow across such borders.
</t>
<t>
It is desirable to classify the external border of the home network as a
unique logical interface separating the home network from service provider
network/s. This border interface may be a single physical interface to
a single service provider, multiple layer 2 sub-interfaces to a single
service provider, or multiple connections to a single or multiple providers.
This border makes it possible to describe edge operations and interface
requirements across multiple functional areas including security, routing,
service discovery, and router discovery.
</t>
<t>
It should be possible for the homenet user to override any automatically
determined borders and the default policies applied between them, the
exception being that it may not be possible to override policies defined by
the ISP at the external border.
</t>
</section>
<section title="Configuration information from the ISP">
<t>
In certain cases, it may be useful for the homenet to get certain configuration
information from its ISP. For example, the homenet DHCP server may request and
forward some options that it gets from its upstream DHCP server, though the
specifics of the options may vary across deployments. There is potential
complexity here of course should the homenet be multihomed.
</t>
</section>
</section>
<section title="Homenet Addressing">
<t>
The IPv6 addressing scheme used within a homenet must conform to
the IPv6 addressing architecture <xref target="RFC4291"/>. In this
section we discuss how the homenet needs to adapt to the prefixes made
available to it by its upstream ISP, such that internal subnets, hosts
and devices can obtain the and configure the necessary addressing information
to operate.
</t>
<section title="Use of ISP-delegated IPv6 prefixes">
<t>
Discussion of IPv6 prefix allocation policies is included in
<xref target="RFC6177"></xref>. In practice,
a homenet may receive an arbitrary length IPv6 prefix from
its provider, e.g., /60, /56 or /48. The offered prefix may be stable
or change from time to time; it is generally expected that ISPs will
offer relatively stable prefixes to their residential customers.
Regardless, the home network needs to be adaptable as far as
possible to ISP prefix
allocation policies, and thus make no assumptions about the
stability of the prefix received from an ISP, or the length of the
prefix that may be offered.
</t>
<t>
However, if, for example, only a /64 is offered by the ISP, the homenet may
be severely constrained or even unable to function. <xref target="RFC6177"/>
(BCP 157) states that "a key principle for address management is that
end sites always be able to obtain a reasonable amount of address
space for their actual and planned usage, and over time ranges
specified in years rather than just months. In practice,
that means at least one /64, and in most cases significantly more.
One particular situation that must be avoided is having an end site feel
compelled to use IPv6-to-IPv6 Network Address Translation or other
burdensome address conservation techniques because it could not
get sufficient address space."
This architecture document assumes that
the guidance in the quoted text is being followed by ISPs.
</t>
<t>
There are many problems that would arise from a homenet not being offered
a sufficient prefix size for its needs.
Rather than attempt to contrive a method for a homenet to operate in
a constrained manner when faced with insufficient prefixes, such as
the use of subnet prefixes longer than /64 (which would break stateless
address autoconfiguration <xref target="RFC4862"></xref>), use
of NPTv6, or falling back to bridging across potentially very
different media, it is recommended
that the receiving router instead enters an error state and issues appropriate
warnings. Some consideration may need to be given to how
such a warning or error state should best be presented to a typical home user.
</t>
<t>
Thus a homenet CER should request, for example via DHCP Prefix Delegation
(DHCP PD) <xref target="RFC3633"></xref>, that
it would like a /48 prefix from its ISP, i.e., it asks the ISP for the
maximum size prefix it might expect to be offered, even if in practice
it may only be offered a /56 or /60. For a typical IPv6
homenet, it is not recommended that an ISP offer less than a /60 prefix,
and it is highly preferable that the ISP offers
at least a /56. It is expected that the
allocated prefix to the homenet from any single ISP is a contiguous,
aggregated one. While it may be possible for a homenet CER to issue
multiple prefix requests to attempt to obtain multiple delegations,
such behaviour is out of scope of this document.
</t>
<t>
The norm for residential customers of large ISPs may
be similar to their single IPv4 address provision; by default it is likely
to remain persistent for some time, but changes in the ISP's own
provisioning systems may lead to the customer's IP (and in the IPv6 case
their prefix pool) changing. It is not expected that ISPs will generally
support Provider Independent (PI) addressing for residential homenets.
</t>
<t>
When an ISP does need to restructure, and in doing so renumber its customer
homenets, 'flash' renumbering is likely to be imposed. This implies a need
for the homenet to be able to handle a sudden renumbering event which, unlike
the process described in <xref target="RFC4192"></xref>, would be a 'flag day"
event, which means that a graceful renumbering process moving through a
state with two active prefixes in use would not be possible.
While renumbering can be viewed as
an extended version of an initial numbering process, the difference
between flash renumbering and an initial 'cold start' is the need to
provide service continuity.
</t>
<t>
There may be cases where local law means some ISPs are required to change
IPv6 prefixes (current IPv4 addresses) for privacy reasons for their
customers. In such cases it may be possible to avoid an instant 'flash'
renumbering and plan a non-flag day renumbering as per RFC 4192.
Similarly, if an ISP has a planned renumbering process, it may be able to
adjust lease timers, etc appropriately.
</t>
<t>
The customer may of course also choose to move
to a new ISP, and thus begin using a new prefix. In such cases the
customer should expect a discontinuity, and not only may the
prefix change, but potentially also the prefix length if the new ISP
offers a different default size prefix. The homenet may also be forced
to renumber itself if significant internal 'replumbing' is undertaken
by the user. Regardless, it's desirable that
homenet protocols support rapid renumbering and that operational processes
don't add unnecessary complexity for the renumbering process.
Further, the introduction of any new homenet protocols should not make
any form of renumbering any more complex than it already is.
</t>
<t>
Finally, the internal operation of the home network should also not depend
on the availability of the ISP network at any given time, other than
of course for connectivity to services or systems off the home network.
This reinforces the use of ULAs for stable internal communication, and the
need for a naming and service discovery mechanism that can operate
independently within the homenet.
</t>
</section>
<section anchor="stableinternal" title="Stable internal IP addresses">
<t>
The network should by default attempt to
provide IP-layer connectivity between all internal parts of
the homenet as well as to and from the external Internet, subject
to the filtering policies or other policy constraints
discussed later in the security section.
</t>
<t>
ULAs should be used within the scope of a homenet to support stable
routing and connectivity between subnets and hosts regardless of whether
a globally unique ISP-provided prefix is available. In the case of a
prolonged external connectivity outage, ULAs allow internal operations
across routed subnets to continue. ULA addresses also
allow constrained devices to create permanent relationships between
IPv6 addresses, e.g., from a wall controller to a lamp, where
symbolic host names would require additional non-volatile memory and
updating global prefixes in sleeping devices might also be problematic.
</t>
<t>
As discussed previously, it would be expected that ULAs would normally
be used alongside one or more global prefixes in a homenet, such that
hosts become multi-addressed with both globally unique and ULA prefixes.
ULAs should be used for all devices, not just those intended to only have
internal connectivity.
Default address selection would then enable ULAs to be preferred for internal
communications between devices that are using ULA prefixes
generated within the same homenet.
</t>
<t>
In cases where ULA prefixes are in use within a homenet but there is
no external IPv6 connectivity (and thus no GUAs in use), recommendations
ULA-5, L-3 and L-4 in RFC 6204 should be followed to ensure correct operation,
in particular where the homenet may be dual-stack with IPv4 external
connectivity. The use of the Route Information Option described in
<xref target="RFC4191"/> provides a mechanism to advertise such more-specific
ULA routes.
</t>
<t>
The use of ULAs should be restricted to the homenet scope through filtering
at the border(s) of the homenet, as mandated by RFC 6204 requirement S-2.
</t>
<t>
Note that it is possible that in some cases multiple /48 ULA prefixes may
be in use within the same homenet, e.g., when the network is being deployed,
perhaps also without external connectivity.
In cases where multiple ULA /48's are in use, hosts need
to know that each /48 is local to the homenet, e.g., by inclusion in their
local address selection policy table.
</t>
</section>
<section title="Internal prefix delegation">
<t>
As mentioned above, there are various sources of prefixes.
From the homenet perspective, a single global prefix from each ISP should
be received on the border CER <xref target="RFC3633"/>.
Where multiple CERs exist with multiple ISP prefix pools, it is
expected that routers within the homenet would assign themselves prefixes
from each ISP they communicate with/through.
As discussed above, a ULA prefix should be provisioned for stable internal
communications or for use on constrained/LLN networks.
</t>
<t>The delegation or availability of a prefix pool to the homenet
should allow subsequent
internal autonomous delegation of prefixes for use within the homenet.
Such internal delegation should not assume a flat or
hierarchical model, nor should it make an assumption about whether the
delegation of internal prefixes is distributed or centralised.
The assignment mechanism should provide reasonable efficiency, so
that typical home network prefix allocation sizes can accommodate all
the necessary /64 allocations in most cases, and not waste prefixes.
Further, duplicate assignment of multiple /64s to the same network
should be avoided, and the network should behave as gracefully as possible
in the event of prefix exhaustion (though the options in such cases may
be limited).
</t>
<t>
Where the home network has multiple CERs and these are delegated prefix
pools from their attached ISPs, the internal prefix delegation would
be expected to be served by each CER for each prefix associated with it.
Where ULAs are used, it is preferable that only one /48 ULA
covers the whole homenet, from which /64's can be delegated to the subnets.
In cases where two /48 ULAs are generated within a homenet, the
network should still continue to function, meaning that hosts will need
to determine that each ULA is local to the homenet.</t>
<t> Delegation within the homenet should result in each link
being assigned a stable prefix that is persistent across reboots,
power outages and similar short-term outages. The availability of
persistent prefixes should not depend on the router boot order.
The addition of a new routing device should not affect existing persistent
prefixes, but persistence may not be expected in the face of
significant 'replumbing' of the homenet. However,
delegated ULA prefixes within the homenet should remain persistent
through an ISP-driven renumbering event.
</t>
<t>
Provisioning such persistent prefixes may imply the need for stable storage
on routing devices, and also a method for a home user to 'reset' the
stored prefix should a significant reconfiguration be required (though
ideally the home user should not be involved at all).
</t>
<t>
This document makes no specific recommendation towards solutions,
but notes that it is very likely that all routing devices
participating in a homenet must use the same internal prefix delegation
method. This implies that only one delegation method should be in use.
</t>
</section>
<section title="Coordination of configuration information">
<t>
The network elements will need to be integrated in a way that takes
account of the various lifetimes on timers that are used on
different elements, e.g.,
DHCPv6 PD, router, valid prefix and preferred prefix timers.
</t>
</section>
<section title="Privacy">
<t>
If ISPs offer relatively stable IPv6 prefixes to customers, the network
prefix part of addresses associated with the homenet may not change over
a reasonably long period of time.
</t>
<t>
The exposure of which traffic is sourced from the same homenet is thus
similar to IPv4; the single IPv4 global address seen through use of IPv4
NAT gives the same hint as the global IPv6 prefix seen for IPv6 traffic.
</t>
<t>
While IPv4 NAT may obfuscate to an external observer which internal devices
traffic is sourced from, IPv6, even with use of Privacy Addresses
<xref target="RFC4941"></xref>, adds additional exposure of which
traffic is sourced from the same internal device, through use of the same
IPv6 source address for a period of time.
</t>
</section>
</section>
<section title="Routing functionality">
<t>
Routing functionality is required when there are multiple routers
deployed within the internal home network.
This functionality could be as simple as the current 'default route is up'
model of IPv4 NAT, or, more likely, it would involve running an appropriate
routing protocol. Regardless of the solution method, the functionality
discussed below should be met.
</t>
<t>
The homenet unicast routing protocol should be based on a previously deployed
protocol that has been shown to be reliable and robust, and that allows
lightweight implementations, but that does not preclude the selection of
a newer protocol for which a high quality open source implementation becomes
available. Using information
distributed through the routing protocol, each node in the homenet should be
able to build a graph of the topology of the whole homenet including
attributes such as links, nodes, connectivity, and (if supported by the
protocol in use) link metrics.
</t>
<t>
The routing protocol should support the generic use of multiple customer
Internet connections, and the concurrent use of multiple delegated
prefixes. A routing protocol that
can make routing decisions based on source and destination addresses is
thus desirable, to avoid upstream ISP BCP 38 ingress filtering problems.
Multihoming support should also include load-balancing to multiple
providers, and failover from a primary to a backup link when available.
The protocol however
should not require upstream ISP connectivity to be established to
continue routing within the homenet.
</t>
<t>
Routing within the homenet will determine the least cost path across the
homenet towards the destination address given the source address.
The path cost will be computed as a linear sum of the metric assigned
to each link. The metric may be configured or automatically derived
per link based on consideration of factors such as worst-case queue
depth and router processing capabilities.
</t>
<t>
Multiple types of physical interfaces must be accounted for in the homenet
routed topology.
Technologies such as Ethernet, WiFi, Multimedia over Coax Alliance (MoCA),
etc. must be capable of coexisting
in the same environment and should be treated as part of any routed
deployment. The inclusion of physical layer characteristics including
bandwidth, loss, and latency in path computation should be considered
for optimising communication in the homenet.
</t>
<t>
The routing environment should be self-configuring, as discussed previously.
Minimising convergence time should be a goal in any routed
environment, but as a guideline a maximum convergence time at most
30 seconds should be the target (this target is somewhat arbitrary, and
was chosen based on how long a typical home user might wait before
attempting another reset; ideally the routers might have some status
light indicating they are converging, similar to an ADSL router light
indicating it is establishing a connection to its ISP).</t>
<t>
Homenets may use a variety of underlying link layer technologies, and
may therefore benefit from being able to use link metrics if available.
It may be beneficial for traffic to use multiple paths to a given
destination within the homenet where available, rather than a single
best path.
</t>
<t>
At most one routing protocol should be in use at a given time in a
given homenet. In some simple topologies, no routing protocol may
be needed. If more than one routing protocol is supported by routers
in a given homenet, then a mechanism is required to ensure that all routers
in that homenet use the same protocol.
</t>
<t>
An appropriate mechanism is required to discover which router(s) in the
homenet are providing the CER function.
Borders may include but are not limited to the interface to the upstream ISP,
a gateway device to a separate home network such as a LLN network, or
a gateway to a guest or private corporate extension network.
In some cases there may be no border present, which may for example occur
before an upstream connection has been established. The border discovery
functionality may be integrated into the routing protocol itself, but
may also be imported via a separate discovery mechanism. </t>
<t>
Ideally, LLN or other logically separate networks should be able
exchange routes such that IP traffic may be forwarded among the
networks via gateway routers which interoperate with both the
homenet and the LLN.
Current home deployments use largely different
mechanisms in sensor and basic Internet connectivity networks. IPv6 virtual
machine (VM) solutions may also add additional routing requirements.
</t>
<section title="Multicast support">
<t>
It is desirable that, subject to the capacities of devices on certain media
types, multicast routing is supported across the homenet, including
source-specific multicast (SSM) <xref target="RFC4607"></xref>.
</t>
<t>
<xref target="RFC4291"></xref> requires that any boundary of scope 4 or
higher (i.e., admin-local or higher) be administratively configured. Thus the
boundary at the homenet-ISP border must be administratively configured,
though that may be triggered by an administrative function such as
DHCP-PD.
Other multicast forwarding policy borders may also exist within the homenet,
e.g., to/from a guest subnet, whilst the use of certain link media types
may also affect where specific multicast traffic is forwarded or routed.
</t>
<t>
There may be different drivers for multicast to be supported across the
homenet, e.g., for homenet-wide service discovery should a multicast service
discovery protocol of scope greater than link-local be defined, or
potentially for multicast-based streaming or filesharing applications.
Where multicast is routed across a homenet an appropriate multicast routing
protocol is required, one that as per the unicast routing protocol
should be self-configuring. As hinted above, it
must be possible to scope or filter multicast
traffic to avoid it being flooded to network media where devices cannot
reasonably support it.
</t>
<t>
A homenet may not only use multicast internally, it may also be a consumer
or provider of external multicast traffic, where the homenet's ISP supports
such multicast operation. This may be valuable for example where live
video applications are being sourced to/from the homenet.
</t>
<t>
The multicast environment should support the ability for applications to
pick a unique multicast group to use.
</t>
</section>
</section>
<section anchor ="security" title="Security">
<t>
The security of an IPv6 homenet is an important consideration. The most
notable difference to the IPv4 operational model is the removal of NAT,
the introduction of global addressability of devices, and thus a need to
consider whether devices should have global reachability. Regardless,
hosts need to be able to operate securely, end-to-end where required,
and also be robust against malicious traffic directed towards them.
However, there
are other challenges introduced, e.g., default filtering policies at the
borders between various homenet realms.
</t>
<section anchor="addressability" title="Addressability vs reachability">
<t>
An IPv6-based home network architecture should embrace the transparent
end-to-end communications model as described in <xref target="RFC2775"/>.
Each device should be globally addressable, and those addresses must not
be altered in transit.
However, security perimeters can be applied to restrict end-to-end
communications, and thus while a host may be globally addressable
it may not be globally reachable.
</t>
<t>
<xref target="RFC4864"></xref> describes a 'Simple Security'
model for IPv6 networks, whereby stateful perimeter filtering
can be applied to control the reachability of devices in a homenet.
RFC 4864 states in Section 4.2 that "the use of firewalls ...
is recommended for those that want boundary
protection in addition to host defences".
It should be noted that a 'default deny' filtering approach would
effectively replace the need for IPv4 NAT traversal protocols
with a need to
use a signalling protocol to request a firewall hole be opened, e.g.,
a protocol such as
<xref target="RFC6887">PCP</xref>. In networks
with multiple CERs, the signalling would need to handle the cases of
flows that may use one or more exit routers. CERs would need to
be able to advertise their existence for such protocols.
</t>
<t>
<xref target="RFC6092"></xref> expands on RFC 4864, giving a more
detailed discussion of IPv6 perimeter security recommendations,
without mandating a 'default deny' approach. Indeed,
RFC 6092 does not enforce a particular mode of operation,
instead stating that CERs must provide an easily selected configuration
option that permits a 'transparent' mode, thus ensuring
a 'default allow' model is available.
</t>
<t>
The topic of whether future home networks as described in this
document should have have a 'default deny' or 'default allow'
position has been discussed at length in various IETF
meetings without any consensus being
reached on which approach is more appropriate.
Further, the choice of which default to apply may be situational,
and thus this text makes no recommendation on the default setting
beyond what is written on this topic in RFC 6092.
We note in <xref target="partial"/> below that the implicit firewall
function of an IPv4 NAT is commonplace today, and thus
future CERs targeted at home networks should continue to
support the option of running in 'default deny mode',
whether or not that is the default setting
</t>
</section>
<section title="Filtering at borders">
<t>
It is desirable that there are mechanisms to detect different types of
borders within the homenet, as discussed previously,
and further mechanisms to then apply different types of filtering
policies at those borders, e.g., whether naming and service discovery
should pass a given border.
Any such policies should be able to be easily applied by typical
home users, e.g., to give a user in a guest network access to
media services in the home, or access to a printer.
Simple mechanisms to apply policy changes, or associations between
devices, will be required.
</t>
<t>
There are cases where full internal connectivity may not be desirable,
e.g., in
certain utility networking scenarios, or where filtering is required
for policy reasons against guest network subnet(s).
Some scenarios/models may as a result involve running isolated subnet(s)
with their own CERs. In such cases connectivity would only be expected
within each isolated network (though traffic may potentially
pass between them via external providers).
</t>
<t>
LLNs provide an another example of where there may be secure perimeters
inside the homenet. Constrained LLN nodes may implement
network key security but may depend on access policies enforced by
the LLN border router.
</t>
<t>Considerations for differentiating neighbouring homenets are
discussed in <xref target="neighbours"/>.
</t>
</section>
<section anchor="partial" title="Partial Effectiveness of NAT and Firewalls">
<t>
Security by way of obscurity (address translation) or through
firewalls (filtering) is at best only partially effective. The very poor
security track record of home computer, home networking and business
PC computers and networking is testimony to this. A security
compromise behind the firewall of any device exposes all others,
making an entire network that relies on obscurity or a firewall as
vulnerable as the most insecure device on the private side of the
network.
</t>
<t>
However, given current evidence of home network products with very poor
default device security, putting a firewall in place does provide some
level of protection.
The use of firewalls today, whether a good practice or not, is
common practice and the capability to afford protection via
a 'default deny' setting, even if marginally effective,
should not be lost. Thus,
while it is highly desirable that all hosts in a homenet be adequately
protected by built-in security functions, it should also be assumed
that all CERs will continue to support appropriate perimeter defence
functions, as per <xref target="RFC7084"></xref>.
</t>
</section>
<section title="Exfiltration concerns">
<t>
As homenets become more complex, with more devices, and with service
discovery potentially enabled across the whole home, there are potential
concerns over the leakage of information should devices use discovery
protocols to gather information and report it to equipment vendors or
application service providers.
</t>
<t>
While it is not clear how such exfiltration could be easily avoided,
the threat should be recognised, be it from a new piece of hardware
or some 'app' installed on a personal device.
</t>
</section>
<section title="Device capabilities">
<t>
In terms of the devices, homenet hosts should implement their own
security policies in accordance to their computing capabilities.
They should have the means to request transparent communications to
be able to be initiated to them through security filters in the homenet,
either for all ports or for specific services.
Users should have simple methods to associate devices to services that
they wish to operate transparently through (CER) borders.
</t>
</section>
<section title="ULAs as a hint of connection origin">
<t>
As noted in <xref target="security"/>, if appropriate filtering is in
place on the CER(s), as mandated by RFC 6204 requirement S-2, a
ULA source address may be taken as an indication of locally sourced traffic.
This indication could then be used with security settings to designate
between which nodes a particular application is allowed to communicate,
provided ULA address space is filtered appropriately at the boundary of
the realm.
</t>
</section>
</section>
<section anchor="naming-sd" title="Naming and Service Discovery">
<t>
The homenet requires devices to be able to determine and use unique names
by which they can be accessed on the network, and which are not used
by other devices on the network. Users and devices will need
to be able to discover devices and services available on the network,
e.g., media servers, printers, displays or specific home automation devices.
Thus naming and service discovery must be supported in the homenet, and,
given the nature of typical home network users,
the service(s) providing this function must as far as possible
support unmanaged operation.
</t>
<t>
The naming system will be required to work internally or externally,
be the user within the homenet or outside it, i.e., the user should
be able to refer to devices by name, and potentially connect to them,
wherever they may be.
The most natural way to think about such naming and service discovery
is to enable it to work across the entire homenet
residence (site), disregarding technical borders such as subnets
but respecting policy borders such as those between guest and other
internal network realms. Remote access may be desired by the homenet
residents while travelling, but also potentially by manufacturers or
other 'benevolent' third parties.
</t>
<section title="Discovering services">
<t>
Users will typically perform service discovery through graphical user
interfaces (GUIs)
that allow them to browse services on their network in an appropriate and
intuitive way. Devices may also need to discover other devices, without
any user intervention or choice. Either way, such interfaces
are beyond the scope of this document, but the interface should have an
appropriate application programming interface (API) for the discovery
to be performed.
</t>
<t>
Such interfaces may also typically hide the local domain name element
from users, especially where only one name space is available.
However, as we discuss below, in some cases the ability to discover
available domains may be useful.
</t>
<t>
We note that current zero-configuration
service discovery protocols are generally aimed
at single subnets. There is thus a choice to make for multi-subnet
homenets as to whether such protocols should be proxied or extended
to operate across a whole homenet. In this context, that may mean
bridging a link-local method, taking care to avoid packets entering
looping paths, or extending
the scope of multicast traffic used for the purpose. It may mean that
some proxy or hybrid service is utilised, perhaps co-resident on the CER.
Or it may be that a new approach is preferable, e.g., flooding information
around the homenet as attributes within the routing protocol (which
could allow per-prefix configuration). However, we should
prefer approaches that are backwardly compatible, and allow current
implementations to continue to be used. Note that
this document does not mandate
a particular solution, rather it expresses the principles that should be
used for a homenet naming and service discovery environment.
</t>
<t>
One of the primary challenges facing service discovery today is lack
of interoperability due to the ever increasing number of service
discovery protocols available. While it is conceivable for consumer
devices to support multiple discovery protocols, this is clearly not the
most efficient use of network and computational resources. One goal of the
homenet architecture should be a path to service discovery protocol
interoperability either through a standards based translation scheme,
hooks into current protocols to allow some for of communication among
discovery protocols, extensions to support a central service repository
in the homenet, or simply convergence towards a unified protocol suite.
</t>
</section>
<section title="Assigning names to devices">
<t>
Given the large number of devices that may be networked in the future,
devices should have a means to generate their own unique names within
a homenet, and to detect clashes should they arise, e.g., where a second
device of the same type/vendor as an existing device with
the same default name is deployed, or where a new subnet is added to
the homenet which already has a device of the same name.
It is expected that a device should have a fixed name while within the
scope of the homenet.
</t>
<t>
Users will also want simple ways to (re)name devices, again most likely
through an appropriate and intuitive interface that is beyond the scope
of this document. Note the name a user assigns to a device may be a
label that is stored on the device as an attribute of the device, and
may be distinct from the name used in a name service, e.g., 'Study Laser
Printer' as opposed to printer2.<somedomain>.
</t>
</section>
<section title="The homenet name service">
<t>
The homenet name service should support both lookups and discovery.
A lookup would operate via a direct query to a known service, while
discovery may use multicast messages or a service where applications
register in order to be found.
</t>
<t>
It is highly desirable that the homenet name service must at the very
least co-exist with the Internet name service. There should also be
a bias towards proven, existing solutions. The strong implication is
thus that the homenet service is DNS-based, or DNS-compatible.
There are naming protocols that are designed to be configured and
operate Internet-wide, like unicast-based DNS, but also protocols
that are designed for zero-configuration local environments, like
mDNS <xref target="RFC6762"></xref>.
</t>
<t>
When DNS is used as the homenet name service, it typically includes
both a resolving service and an authoritative service. The authoritative
service hosts the homenet related zone.
One approach when provisioning such a name service, which is designed to
facilitate name resolution from the global Internet,
is to run an authoritative name service on the CER and
a secondary authoritative name service provided by the ISP or perhaps an
external third party.
</t>
<t>
Where zero configuration
name services are used, it is desirable that these
can also coexist with the Internet name service. In particular,
where the homenet is using a global name space, it is desirable that
devices have the ability, where desired, to add entries to that name space.
There should also be a mechanism for such entries to be
removed or expired from the global name space.
</t>
<t>
To protect against attacks such as cache poisoning, where an attacker
is able to insert a bogus DNS entry in the local cache, it is desirable
to support appropriate name service security methods, including DNS
Security Extensions (DNSSEC) <xref target="RFC4033"></xref>, on both
the authoritative server and the resolver sides. Where DNS is used,
the homenet router or naming service must not prevent DNSSEC from
operating.
</t>
<t>
While this document does not specify hardware requirements, it is worth
noting briefly here that e.g., in support of DNSSEC, appropriate
homenet devices should have good random number generation capability,
and future homenet specifications should indicate where high quality
random number generators, i.e., with decent entropy, are needed.
</t>
<t>
Finally, the impact of a change in CER must be considered. It
would be desirable
to retain any relevant state (configuration) that was held in the old CER.
This might imply that state information should be distributed in the
homenet, to be recoverable by/to the new CER, or to the homenet's ISP
or a third party externally provided service by some means.
</t>
</section>
<section title="Name spaces">
<t>
If access to homenet devices is required remotely from
anywhere on the Internet, then at least one globally unique name space is
required, though the use of multiple name spaces should not be precluded.
One approach is that the name space(s) used for the homenet would be served
authoritatively by the homenet, most likely by a server resident on the CER.
Such name spaces may be acquired by the user or provided/generated
by their ISP or an alternative externally provided
service. It is likely that
the default case is that a homenet will use a global domain provided by
the ISP, but advanced users wishing to use a name space that is independent
of their provider in the longer term should be able to acquire and use
their own domain name.
For users wanting to use their own independent domain names, such services
are already available.
</t>
<t>
Devices may also be assigned different names in different name spaces,
e.g., by third parties who may manage systems or devices in the homenet
on behalf of the resident(s). Remote management of the homenet is out
of scope of this document.
</t>
<t>
If however a global name space is not available, the homenet will need to
pick and use a local name space which would only have meaning within
the local homenet (i.e., it would not be used for remote access to the
homenet). The .local name space currently has a special meaning
for certain existing protocols which have link-local scope, and is
thus not appropriate for multi-subnet home networks. A different
name space is thus required for the homenet.
</t>
<t>
One approach for picking a local name space is to use an Ambiguous Local
Qualified Domain Name (ALQDN) space, such as .sitelocal (or an appropriate
name reserved for the purpose). While this is a simple
approach, there is the potential in principle for devices that are
bookmarked somehow by name by an application in one homenet to be confused
with a device with the same name in another homenet. In practice however the
underlying service discovery protocols should be capable of handling
moving to a network where a new device is using the same name as a device
used previously in another homenet.
</t>
<t>
An alternative approach for a local name space would be to use a Unique
Locally Qualified Domain Name (ULQDN) space
such as .<UniqueString>.sitelocal. The <UniqueString>
could be generated in a variety of ways, one potentially
being based on the local /48 ULA prefix being used
across the homenet. Such a <UniqueString> should survive a cold
restart, i.e., be consistent after a network power-down, or,
if a value is not set on startup, the CER or device
running the name service should generate a default value.
It would be desirable for the homenet user to be able to override
the <UniqueString> with a value of their choice, but that would
increase the likelihood of a name conflict. Any generated
<UniqueString> should not be predictable; thus adding a salt/hash
function would be desirable.
</t>
<t>
In the (likely) event that the homenet is accessible from outside the
homenet (using the global name space), it is vital that the homenet name
space follow the rules and conventions of the global name space.
In this mode of operation, names in the homenet (including those
automatically generated by devices) must be usable as labels in
the global name space. <xref target="RFC5890"></xref> describes
considerations for Internationalizing Domain Names in Applications (IDNA).
</t>
<t>
Also, with the introduction of new 'dotless' top level domains, there
is also potential for ambiguity between, for example, a local host called
'computer' and (if it is registered) a .computer gTLD. Thus qualified
names should always be used, whether these are exposed to the user or not.
The IAB has issued a statement which explains why dotless domains should
be considered harmful <xref target="IABdotless"></xref>.
</t>
<t>
There may be use cases where either different name spaces may be desired
for different realms in the homenet, or for segmentation of a single name space
within the homenet.
Thus hierarchical name space management is likely to be required.
There should also be nothing to prevent individual device(s) being
independently registered in external name spaces.
</t>
<t>
It may be the case that if there are two or more CERs serving the home
network, that if each has name space delegated from a different ISP there
is the potential for devices in the home to have multiple fully qualified
names under multiple domains.
</t>
<t>
Where a user is in a remote network wishing to access devices
in their home network, there may be a requirement to consider the
domain search order presented where multiple associated name spaces exist.
This also implies that a domain discovery function is desirable.
</t>
<t>
It may be the case that not all devices in the homenet are made available
by name via an Internet name space, and that a 'split view' (as
described in <xref target="RFC6950"></xref> Section 4) is preferred
for certain devices, whereby devices inside the homenet see different
DNS responses to those outside.
</t>
<t>
Finally, this document makes no assumption about the presence or omission
of a reverse lookup service. There is an argument that it may be useful
for presenting logging information to users with meaningful device names
rather than literal addresses. There are also some services, most notably
email mail exchangers, where some operators have chosen to require a
valid reverse lookup before accepting connections.
</t>
</section>
<section title="Independent operation">
<t>
Name resolution and service discovery for reachable devices must
continue to function if the local network is disconnected from
the global Internet,
e.g., a local media server should still be available even if
the Internet link is down for an extended period.
This implies the local network should also be able to perform
a complete restart in the absence of external connectivity,
and have local naming and service discovery operate correctly.
</t>
<t>
The approach described above of a local authoritative name service
with a cache would allow local operation for sustained ISP outages.
</t>
<t>
Having an independent local trust anchor is desirable, to support
secure exchanges should external connectivity be unavailable.
</t>
<t>
A change in ISP should not affect local naming and service
discovery. However, if the homenet uses a global name space provided by
the ISP, then this will obviously have an impact if the user changes
their network provider.
</t>
</section>
<section title="Considerations for LLNs">
<t>
In some parts of the homenet, in particular LLNs or any devices where
battery power is used, devices may be sleeping,
in which case a proxy for such nodes may be required, that could
respond (for example)
to multicast service discovery requests. Those same devices or parts
of the network may have less capacity for multicast traffic that
may be flooded from other parts of the network.
In general, message utilisation should be efficient considering
the network technologies and constrained devices that
the service may need to operate over.
</t>
<t>
There are efforts underway to determine naming and discovery
solutions for use by the Constrained Application Protocol (CoAP)
<xref target="I-D.ietf-core-coap"/> in
LLN networks. These are outside the scope of this document.
</t>
</section>
<section title="DNS resolver discovery">
<t>
Automatic discovery of a name service to allow client devices in the
homenet to resolve external domains on the Internet is required,
and such discovery must support clients that may be a
number of router hops away from the name service. Similarly it
may be desirable to convey any DNS domain search list that may
be in effect for the homenet.
</t>
</section>
<section title="Devices roaming to/from the homenet">
<t>
It is likely that some devices which have
registered names within the
homenet Internet name space and that are mobile will attach to the Internet
at other locations and acquire an IP address at those locations. Devices
may move between different homenets. In
such cases it is desirable that devices may be accessed by the same
name as is used in their home network.
</t>
<t>
Solutions to this problem are not discussed in this document. They
may include use of Mobile IPv6 or Dynamic DNS, either of which would
put additional requirements on to the homenet, or establishment of a
(VPN) tunnel to a server in the home network.
</t>
</section>
</section>
<section title="Other Considerations">
<t>
This section discusses two other considerations for home networking that
the architecture should not preclude, but that this text is neutral towards.
</t>
<section title="Quality of Service">
<t>
Support for Quality of Service
in a multi-service homenet may be a requirement,
e.g., for a critical system (perhaps healthcare related), or for
differentiation between different types of traffic (file sharing,
cloud storage, live streaming, VoIP, etc). Different link media types
may have different such properties or capabilities.
</t>
<t>
However, homenet scenarios should require no new Quality of
Service protocols.
A DiffServ
<xref target="RFC2475"/> approach with a small number of predefined
traffic classes may generally be sufficient, though at present there
is little experience of Quality of Service
deployment in home networks. It is likely
that QoS, or traffic prioritisation, methods will be required at the
CER, and potentially around boundaries between different link media types
(where for example some traffic may simply not be appropriate for
some media, and need to be dropped to avoid overloading the constrained
media).
</t>
<t>
There may also be complementary mechanisms that could be beneficial
to application performance and behaviour in
the homenet domain, such as ensuring proper buffering algorithms are
used as described in <xref target="Gettys11"/>.
</t>
</section>
<section title="Operations and Management">
<t>
In this section we briefly review some initial considerations for
operations and management in the type of homenet described in
this document. It is expected that a separate document will
define an appropriate operations and management framework
for such homenets.
</t>
<t>
As described in this document, the homenet should have the general
goal of being self-organising and configuring from the network layer
perspective, e.g. prefixes should be able to be assigned to
router interfaces. Further, applications running on devices should
be able to use zero configuration service discovery protocols to
discover services of interest to the home user. In contrast, a home user
would not be expected, for example, to have to assign prefixes to links,
or manage
the DNS entries for the home network. Such expert operation
should not be precluded, but it is not the norm.
</t>
<t>
The user may still be required to, or wish to, perform some
configuration of the network and the devices on it. Examples might
include entering a security key to enable access to their wireless
network, or choosing to give a 'friendly name' to a device presented
to them through service discovery. Configuration of link layer and
application layer services is out of scope of this architectural
principles document, but are likely to
be required in an operational homenet.
</t>
<t>
While not being expected to actively configure the networking elements
of their homenet, users may be interested in being able to view the
status of their networks and the devices connected to it, in which case
appropriate network monitoring protocols will be required to allow
them to view their network, and its status, e.g. via a web interface
or equivalent. While the user may not understand how the network
operates, it is reasonable to assume they are interested in understanding
what faults or problems may exist on it. Such monitoring
may extend to other devices on the network, e.g. storage devices, or
web cameras, but such devices are beyond the scope of this document.
</t>
<t>
It may also be the case that an ISP, or a third party, might wish to
offer a remote management service for the homenet on behalf of the user, or
to be able to assist the user in event of some problem they are
experiencing, in which case appropriate management and monitoring
protocols would be required.
</t>
<t>
Specifying the required protocols to facilitate homenet management and
monitoring
is out of scope of this document. As stated above, it is expected that
a separate document will be produced to describe the operations and
management framework for the types of home network presented in
this document.
</t>
<t>
As a final point, we note that it is desirable that all network
management and monitoring functions should be available
over IPv6 transport, even where the homenet is dual-stack.
</t>
</section>
</section>
<section title="Implementing the Architecture on IPv6">
<t>This architecture text encourages re-use of existing protocols.
Thus the necessary mechanisms are largely already part of the IPv6
protocol set and common implementations, though there are some
exceptions.
</t>
<t>
For automatic routing, it is expected that solutions can be found based
on existing protocols. Some relatively smaller
updates are likely to be required, e.g.,
a new mechanism may be needed in order to turn a selected protocol on by
default, a mechanism may be required to automatically assign prefixes
to links within the homenet.
</t>
<t>
Some functionality, if required by the architecture, may need more significant
changes or require development of new protocols, e.g., support for
multihoming with multiple exit routers would likely
require extensions to support
source and destination address based routing within the homenet.
</t>
<t>
Some protocol changes are however required in the architecture, e.g.,
for name resolution and service discovery, extensions to existing
zero configuration
link-local name resolution protocols are needed to enable them
to work across subnets, within the scope of the home network site.</t>
<t>
Some of the hardest problems in developing solutions for home networking
IPv6 architectures include discovering the right borders where the
'home' domain ends and the service provider domain begins, deciding
whether some of the necessary discovery mechanism extensions should affect
only the network infrastructure or also hosts, and the ability to turn
on routing, prefix delegation and other functions in a backwards
compatible manner.
</t>
</section>
</section>
<section title="Conclusions">
<t>
This text defines principles and requirements for a homenet architecture.
The principles and requirements documented here should be observed by
any future texts describing homenet protocols for routing, prefix
management, security, naming or service discovery.
</t>
</section>
<section title="Security Considerations">
<t>Security considerations for the homenet architecture are
discussed in <xref target="security"/> above.</t>
</section>
<section title="IANA Considerations">
<t>This document has no actions for IANA.</t>
</section>
</middle>
<back>
<references title="Normative References">
&rfc2460;
&rfc3633;
&rfc4193;
&rfc4291;
</references>
<references title="Informative References">
&rfc1918;
&rfc2475;
&rfc2775;
&rfc2827;
&rfc3002;
&rfc3022;
&rfc4033;
&rfc4191;
&rfc4192;
&rfc4607;
&rfc4862;
&rfc4864;
&rfc4941;
&rfc5533;
&rfc5890;
&rfc5969;
&rfc6092;
&rfc6144;
&rfc6145;
&rfc6177;
&rfc6204;
&rfc6296;
&rfc6333;
&rfc6555;
&rfc6724;
&rfc6762;
&rfc6824;
&rfc6887;
&rfc6950;
&rfc7084;
&rfc7157;
&I-D.ietf-core-coap;
<reference anchor='IABdotless' target="http://www.iab.org/documents/correspondence-reports-documents/2013-2/iab-statement-dotless-domains-considered-harmful">
<front>
<title>IAB Statement: Dotless Domains Considered Harmful</title>
<author fullname="IAB"> <organization />
</author>
<date month="February" year="2013" />
</front>
</reference>
<reference anchor='Gettys11' target="http://www.ietf.org/proceedings/80/slides/tsvarea-1.pdf">
<front>
<title>Bufferbloat: Dark Buffers in the Internet</title>
<author initials="J." surname="Gettys" fullname=" Jim Gettys"> <organization />
</author>
<date month="March" year="2011" />
</front>
</reference>
</references>
<section title="Acknowledgments">
<t>The authors would like to thank
Aamer Akhter,
Mikael Abrahamsson,
Mark Andrews,
Dmitry Anipko,
Ran Atkinson,
Fred Baker,
Ray Bellis,
Teco Boot,
John Brzozowski,
Cameron Byrne,
Brian Carpenter,
Stuart Cheshire,
Julius Chroboczek,
Lorenzo Colitti,
Robert Cragie,
Elwyn Davies,
Ralph Droms,
Lars Eggert,
Jim Gettys,
Olafur Gudmundsson,
Wassim Haddad,
Joel M. Halpern,
David Harrington,
Lee Howard,
Ray Hunter,
Joel Jaeggli,
Heather Kirksey,
Ted Lemon,
Acee Lindem,
Kerry Lynn,
Daniel Migault,
Erik Nordmark,
Michael Richardson,
Mattia Rossi,
Barbara Stark,
Markus Stenberg,
Sander Steffann,
Don Sturek,
Andrew Sullivan,
Dave Taht,
Dave Thaler,
Michael Thomas,
Mark Townsley,
JP Vasseur,
Curtis Villamizar,
Dan Wing,
Russ White,
and James Woodyatt
for their comments and
contributions within homenet WG meetings and on the WG mailing list.
An acknowledgement generally means that person's text made it in to
the document, or was helpful in clarifying or reinforcing an aspect
of the document. It does not imply that each contributor agrees with
every point in the document.
</t>
</section>
<section title="Changes">
<t>This section will be removed in the final version of the text.
</t>
<section title="Version 14">
<t>Changes made include:</t>
<t>
<list style="symbols">
<t>Changes for Adrian Farrell discuss/comment.</t>
<t>Very minor wordsmithing requested by Benoit for OAM text.</t>
<t>Very minor wordsmithing from IETF89 session.</t>
<t>Added note to support SSM.</t>
<t>Emphasised at most one routing protocol in use, possibly none.</t>
</list>
</t>
</section>
<section title="Version 13">
<t>Changes made include:</t>
<t>
<list style="symbols">
<t>Changes to address last outstanding IESG DISCUSSes/COMMENTs.</t>
</list>
</t>
</section>
<section title="Version 12">
<t>Changes made include:</t>
<t>
<list style="symbols">
<t>Fixed minor typo nits introduced in -11.</t>
<t>Elwyn Davies' gen-art review comments addressed.</t>
<t>Some further IESG DISCUSSes/COMMENTs addressed.</t>
</list>
</t>
</section>
<section title="Version 11 (after IESG review)">
<t>Changes made include:</t>
<t>
<list style="symbols">
<t>Jouni Korhonen's OPSDIR review comments addressed.</t>
<t>Elwyn Davies' gen-art review comments addressed.</t>
<t>Considered secdir review by Samiel Weiler; many points addressed.</t>
<t>Considered APPSDIR review.</t>
<t>Addressed a large number of IESG comments and discusses.</t>
</list>
</t>
</section>
<section title="Version 10 (after AD review)">
<t>Changes made include:</t>
<t>
<list style="symbols">
<t>Minor changes/clarifications resulting from AD review</t>
</list>
</t>
</section>
<section title="Version 09 (after WGLC)">
<t>Changes made include:</t>
<t>
<list style="symbols">
<t>Added note about multicast into or out of site</t>
<t>Removed further personal draft references, replaced with covering text</t>
<t>Routing functionality text updated to avoid ambiguity</t>
<t>Added note that devices away from homenet may tunnel home (via VPN)</t>
<t>Added note that homenets more exposed to provider renumbering than with IPv4 and NAT</t>
<t>Added note about devices that may be ULA-only until configured to be globally addressable</t>
<t>Removed paragraph about broken CERs that do not work with prefixes other than /64</t>
<t>Noted no recommendation on methods to convey prefix information is made in this text</t>
<t>Stated that this text does not recommend how to form largest possible subnets</t>
<t>Added text about homenet evolution and handling disparate media types</t>
<t>Rephrased NAT/firewall text on marginal effectiveness</t>
<t>Emphasised that multihoming may be to any number of ISPs</t>
</list>
</t>
</section>
<section title="Version 08">
<t>Changes made include:</t>
<t>
<list style="symbols">
<t>Various clarifications made in response to list comments</t>
<t>Added note on ULAs with IPv4, where no GUAs in use</t>
<t>Added note on naming and internationalisation (IDNA)</t>
<t>Added note on trust relationships when adding devices</t>
<t>Added note for MPTCP</t>
<t>Added various naming and SD notes</t>
<t>Added various notes on delegated ISP prefixes</t>
</list>
</t>
</section>
<section title="Version 07">
<t>Changes made include:</t>
<t>
<list style="symbols">
<t>Removed reference to NPTv6 in section 3.2.4. Instead now say it has
an architectural cost to use in the earlier section, and thus it is
not recommended for use in the homenet architecture.</t>
<t>Removed 'proxy or extend?' section. Included shorter text in main
body, without mandating either approach for service discovery.</t>
<t>Made it clearer that ULAs are expected to be used alongside globals.</t>
<t>Removed reference to 'advanced security' as described in
draft-vyncke-advanced-ipv6-security.</t>
<t>Balanced the text between ULQDN and ALQDN.</t>
<t>Clarify text does not assume default deny or allow on CER, but that either mode may be enabled.</t>
<t>Removed ULA-C reference for 'simple' addresses. Instead only suggested service discovery to find such devices.</t>
<t>Reiterated that single/multiple CER models to be supported for multihoming.</t>
<t>Reordered section 3.3 to improve flow.</t>
<t>Added recommendation that homenet is not allocated less than /60, and a /56 is preferable.</t>
<t>Tidied up first few intro sections.</t>
<t>Other minor edits from list feedback.</t>
</list>
</t>
</section>
<section title="Version 06">
<t>Changes made include:</t>
<t>
<list style="symbols">
<t>Stated that unmanaged goal is 'as far as possible'.</t>
<t>Added note about multiple /48 ULAs potentially being in use.</t>
<t>Minor edits from list feedback.</t>
</list>
</t>
</section>
<section title="Version 05">
<t>Changes made include:</t>
<t>
<list style="symbols">
<t>Some significant changes to naming and SD section.</t>
<t>Removed some expired drafts.</t>
<t>Added notes about issues caused by ISP only delegating a /64.</t>
<t>Recommended against using prefixes longer than /64.</t>
<t>Suggested CER asks for /48 by DHCP PD, even if it only receives less.</t>
<t>Added note about DS-Lite but emphasised transition is out of scope.</t>
<t>Added text about multicast routing.</t>
</list>
</t>
</section>
<section title="Version 04">
<t>Changes made include:</t>
<t>
<list style="symbols">
<t>Moved border section from IPv6 differences to principles section.</t>
<t>Restructured principles into areas.</t>
<t>Added summary of naming and service discovery discussion from WG list.</t>
</list>
</t>
</section>
<section title="Version 03">
<t>Changes made include:</t>
<t>
<list style="symbols">
<t>Various improvements to the readability.</t>
<t>Removed bullet lists of requirements, as requested by chair.</t>
<t>Noted 6204bis has replaced advanced-cpe draft.</t>
<t>Clarified the topology examples are just that.</t>
<t>Emphasised we are not targetting walled gardens, but they should not be precluded.</t>
<t>Also changed text about requiring support for walled gardens.</t>
<t>Noted that avoiding falling foul of ingress filtering when multihomed is desirable.</t>
<t>Improved text about realms, detecting borders and policies at borders.</t>
<t>Stated this text makes no recommendation about default security model.</t>
<t>Added some text about failure modes for users plugging things arbitrarily.</t>
<t>Expanded naming and service discovery text.</t>
<t>Added more text about ULAs.</t>
<t>Removed reference to version 1 on chair feedback.</t>
<t>Stated that NPTv6 adds architectural cost but is not a homenet matter if
deployed at the CER. This text only considers the internal homenet.</t>
<t>Noted multihoming is supported.</t>
<t>Noted routers may not by separate devices, they may be embedded in devices.</t>
<t>Clarified simple and advanced security some more, and RFC 4864 and 6092.</t>
<t>Stated that there should be just one secret key, if any are used at all.</t>
<t>For multihoming, support multiple CERs but note that routing to the correct CER to avoid ISP filtering may not be optimal within the homenet.</t>
<t>Added some ISPs renumber due to privacy laws.</t>
<t>Removed extra repeated references to Simple Security.</t>
<t>Removed some solution creep on RIOs/RAs.</t>
<t>Load-balancing scenario added as to be supported.</t>
</list>
</t>
</section>
<section title="Version 02">
<t>Changes made include:</t>
<t>
<list style="symbols">
<t>Made the IPv6 implications section briefer.</t>
<t>Changed Network Models section to describe properties of the homenet
with illustrative examples, rather than implying the number of models
was fixed to the six shown in 01. </t>
<t>Text to state multihoming support focused on single CER model.
Multiple CER support is desirable, but not required.</t>
<t>Stated that NPTv6 not supported.</t>
<t>Added considerations section for operations and management.</t>
<t>Added bullet point principles/requirements to Section 3.4.</t>
<t>Changed IPv6 solutions must not adversely affect IPv4 to should not.</t>
<t>End-to-end section expanded to talk about "Simple Security" and borders.</t>
<t>Extended text on naming and service discovery.</t>
<t>Added reference to RFC 2775, RFC 6177.</t>
<t>Added reference to the new xmDNS draft.</t>
<t>Added naming/SD requirements from Ralph Droms.</t>
</list>
</t>
</section>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-23 14:42:43 |