Unified IPv4-in-IPv6 Softwire CPE: A DHCPv6-based Prioritization Mechanism

IPv4 service continuity is one of the major technical challenges which must be considered during IPv6 migration. Over the past few years, a number of different approaches have been developed to assist with this problem (e.g., , , or ). These approaches, referred to as 'S46 mechanisms' in this document, exist in order to meet the particular deployment, scaling, addressing and other requirements of different service provider's networks. A common feature shared between all of the differing modes is the integration of softwire tunnel end-point functionality into the Customer Premise Equipment (CPE) router. Due to this inherent data plane similarity, a single CPE may be capable of supporting several different approaches. Users may also wish to configure a specific mode of operation. A service provider's network may also have more than one S46 mechanism enabled in order to support a diverse CPE population with differing client functionality, such as during a migration between mechanisms, or where services require specific supporting softwire architectures. For softwire based services to be successfully established, it is essential that the customer end-node, the service provider end-node and provisioning systems are able to indicate their capabilities and preferred mode of operation. A number of DHCPv6 options for the provisioning of softwires have been standardized: Defines DHCPv6 option 64 for configuring Basic Bridging BroadBand (B4, ) elements with the IPv6 address of the Address Family Transition Router (AFTR, ). Defines DHCPv6 option 88 for configuring the address of a DHCPv4 over DHCPv6 server, which can then be used by a softwire client for obtaining further configuration. Defines DHCPv6 options 94, 95 and 96 for provisioning Mapping of Address and Port with Encapsulation (MAP-E, ), Mapping of Address and Port using Translation (MAP-T, ), and Lightweight 4over6 respectively. This document describes a DHCPv6 based prioritization method whereby a CPE which supports several S46 mechanisms and receives configuration for more than one can prioritise which mechanism to use. The method requires no server side logic to be implemented and only uses a simple S46 mechanism prioritization to be implemented in the CPE. The prioritization method as described here does not provide redundancy between S46 mechanisms for the client. I.e. If the highest priority S46 mechanism which has been provisioned to the client is not available for any reason, the means for identifying this and falling back to the S46 mechanism with the next highest priority is not in the scope of this document.

This document makes use of the following terms: Address Family Transition Router (AFTR): is the IPv4-in-IPv6 tunnel termination point and the NAT44 function deployed in the operator's network . Border Relay (BR): a MAP-enabled router managed by the service provider at the edge of a MAP domain. A BR has at least an IPv6-enabled interface and an IPv4 interface connected to the native IPv4 network . Customer Premise Equipment (CPE): denotes the equipment at the customer edge that terminates the customer end of an IPv6 transitional tunnel. In some documents (e.g., ), this functional entity is called CE (Customer Edge).

The following rationale has been adopted for this document: Simplify solution migration paths: Define unified CPE behavior, allowing for smooth migration between the different s46 mechanisms. Deterministic CPE co-existence behavior: Specify the behavior when several S46 mechanisms co-exist in the CPE. Deterministic service provider co-existence behavior: Specify the behavior when several modes co-exist in the service providers network. Re-usability: Maximize the re-use of existing functional blocks including tunnel end-points, port restricted NAPT44, forwarding behavior, etc. Solution agnostic: Adopt neutral terminology and avoid (as far as possible) overloading the document with solution-specific terms. Flexibility: Allow operators to compile CPE software only for the mode(s) necessary for their chosen deployment context(s). Simplicity: Provide a model that allows operators to only implement the specific mode(s) that they require without the additional complexity of unneeded modes.

The S46 Priority Option is used to convey a priority order of IPv4 service continuity mechanisms. shows the format of the S46 Priority Option.

option-code: OPTION_S46_PRIORITY (TBD) option-length: >=2 and a multiple of 2, in octets. s46-option-code: 16-bits long IANA registered option code of the DHCPv6 option which is used to identify the softwire mechanism. S46 mechanism are prioritized in the appearance order in the S46 Priority Option. Codes in OPTION_S46_PRIORITY are processed in order; in the event that a client receives more than one s46-option-code with a particular value, this should be considered as invalid. DHCP servers MAY validate the list of s46-option-code values to detect invalid values and duplicates. The option MUST contain at least one s46-option-code.

Clients MAY request option OPTION_S46_PRIORITY, as defined in , Sections 17.1.1, 18.1.1, 18.1.3, 18.1.4, 18.1.5, and 22.7. As a convenience to the reader, we mention here that the client includes requested option codes in the Option Request Option. Upon receipt of a DHCPv6 Advertise message from the server containing OPTION_S46_PRIORITY the client performs the following steps: Check the contents of the DHCPv6 message for options containing valid S46 mechanism configuration. A candidate list of possible S46 mechanisms is created from these option codes. Check the contents of OPTION_S46_PRIORITY for the DHCPv6 option codes contained in the included s46-option-code fields. From this, an S46 mechanism priority list is created, ordered from highest to lowest following the appearance order. Sequentially check the priority list against the candidate list until a match is found. When a match is found, the client MUST configure the resulting S46 mechanism. In the event that no match is found between the priority list and the candidate list, the client MAY proceed with configuring one or more of the provisioned S46 softwire mechanism(s). In this case, which mechanism(s) are chosen by the client is implementation-specific and not defined here. If an invalid OPTION_S46_PRIORITY option is received, the client MAY proceed with configuring the provisioned S46 mechanisms as if OPTION_S46_PRIORITY had not been received. If an unknown option code is received in OPTION_S46_PRIORITY option, the client MUST skip it and continue processing other listed option codes if they exist. The initial option codes that are allowed to be included in a OPTION_S46_PRIORITY option are listed in .

Sections 17.2.2 and 18.2 of govern server operation in regards to option assignment. As a convenience to the reader, we mention here that the server will send a particular option code only if configured with specific values for that option code and if the client requested it. Option OPTION_S46_PRIORITY is a singleton. Servers MUST NOT send more than one instance of the OPTION_S46_PRIORITY option.

The following sub-sections describe some considerations for operators who are planning on implementing multiple softwire mechanisms in their network (e.g., during a migration between mechanisms).

As an operator's available IPv4 resources are likely to be limited, it may be desirable to use a common range of IPv4 addresses across all of the active Softwire mechanisms. However, this is likely to result in difficulties in routing ingress IPv4 traffic to the correct Border Relay (BR)/AFTR instance which is actively serving a given CE. For example, a client which is configured to use MAP-E may send its traffic to the MAP-E BR, but on the return path, the ingress IP traffic gets routed to a MAP-T BR. The resulting translated packet that gets forwarded to the MAP-E client will be dropped. Therefore, operators are advised to use separate IPv4 pools for each of the different mechanisms to simplify planning and IPv4 routing. For IPv6 planning there is less of a constraint as the BR/AFTR elements for the different mechanisms can contain configuration for overlapping client's IPv6 addresses, providing only one mechanism is actively serving a given client at a time. However, the IPv6 address that is used as the tunnel concentrator's endpoint (BR/AFTR address) needs to be different for each mechanisms to ensure correct operation.

Deployed clients which can support multiple softwire mechanisms, but do not implement the prioritization mechanism described here may require additional planning. In this scenario, the CPE would request configuration for all of the supported softwire mechanisms in its DHCPv6 Option Request Option (ORO), but would not request OPTION_S46_PRIORITY. By default, the DHCPv6 server will respond with configuration for all of the requested mechanisms which could result in unpredictable and unwanted client configuration. In this scenario, it may be necessary for the operator to implement logic within the DHCPv6 server to identify such clients and only provision them with configuration for a single softwire mechanism. It should be noted that this can lead to complexity and reduced scalability in the DHCPv6 server implementation due to the addition DHCPv6 message processing overhead.

Security considerations discussed in and apply for this document. Misbehaving intermediate nodes may alter the content of the S46 Priority Option. This may lead to setting a different IPv4 service continuity mechanism than the one initially preferred by the network side. Also, a misbehaving node may alter the content of the S46 Priority Option and other DHCPv6 options (e.g., DHCPv6 Option #64 or #90) so that the traffic is intercepted by an illegitimate node. Those attacks are not unique to the S46 Priority Option but are applicable to any DHCPv6 option that can be altered by a misbehaving intermediate node.

IANA is kindly requested to allocate the following DHCPv6 option code: TBD for OPTION_S46_PRIORITY All values should be added to the DHCPv6 option code space defined in Section 24.3 of .

This document requests that IANA create a new registry entitled "Option Codes permitted in the S46 Priority Option". This registry will enumerate the set of DHCPv6 Option Codes that can be included in OPTION_S46_PRIORITY option. Options may be added to this list using the IETF Review process described in Section 4.1 of . The following table shows the option codes which are currently defined and the S46 mechanisms which they represent. The contents of this table shows the format and the initial values for the new registry. Option codes that have not been requested to be added according to the stated procedure should not be mentioned at all in the table, and should not be listed as "reserved" or "unassigned". The valid range of values for the registry is the range of DHCPv6 Option Codes (1-65535). Option Code S46 Mechanism Reference 64 DS-Lite 88 DHCPv4 over DHCPv6 94 MAP-E 95 MAP-T 96 Lightweight 4over6

Many thanks to O. Troan, S. Barth. A. Yourtchenko, B. Volz, T. Mrugalski, J. Scudder, P. Kyzivat, F. Baker, and B. Campbell for their input and suggestions.