North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: v6 subnet size for DSL & leased line customers

  • From: Iljitsch van Beijnum
  • Date: Thu Dec 27 16:52:47 2007

On 27 dec 2007, at 12:44, [email protected] wrote:

I agree that DHCPv6 prefix delegation (for instance a /56) to a CPE
which provides configuration to hosts on its LAN side sounds like a
reasonable model. It requires the customer to have a CPE with actual
*router* functionality, as opposed to just a bridge. This is different
from today's requirements, but may not be unreasonable.

Ok, that would be CPE == modem. Another line of thought would be a bridging modem + a routing CPE that the customer provides. This would be similar to the home "routers" that you can buy today. (A lot of ISPs, especially in the are I just moved to, insist on providing you with a "free" "router" rather than just a modem, yuck!)

Ideally, a bridging modem would be able to talk to both individual hosts, just like it can on IPv4, or to a router provided by the customer. But unlike with IPv4, these modes of operation would have to be different in the absense of NAT. Providing a prefix to a user is actually the simple part, because there is really only one way to do it (short of manual configuration): DHCPv6 prefix delegation. The trouble is how ISP equipment talks to the first IPv6 device on the customer side. The easy way would be to have a separate VLAN and IPv6 subnet for that for each customer but I gather that means more expensive equipment. Using the IPv4 model with DHCPv6 wouldn't work well because of the low DHCPv6 adoption. (This problem may or may not go away in time; I gather that Vista has it but that Apple isn't interested in adopting DHCPv6.)

However, rather than snooping DHCP messages and inserting DHCP options, with IPv6 DSL/cable equipment on the ISP side (or even the modem) could intercept and modify router advertisements so each customer gets their own prefix advertised. If we then do some ingress filtering based on that prefix and force all traffic through the first IPv6 router on the ISP side this could work very well. Interestingly, in IPv6 there is no need for a default gateway to have an address in the subnet prefix that hosts use. So the problem that you'd have with this in IPv4, that two neighbors can't communicate because the hosts think they're on the same IP subnet but direct traffic between them is blocked, doesn't occur. (Unless the router sends redirects.)

On 27 dec 2007, at 13:11, Mark Smith wrote:

I think it's interesting CGAs are being discussed in the same email as
the one where you say you want to be able to express prefix length in DHCPv6 -
because I'm guessing you want that feature to be able to shorten node

Actually I spoke up against that in the last IETF meeting. Maybe in 20 years when we made such a mess of the other bits that we need to recover some of those interface identifier bits.

The issue with lacking a prefix length in DHCPv6 doesn't really lead to any trouble in normal operation, but it does make DHCPv6 mostly useless in one of the cases that it's advertised for: the situation where there is no router on the subnet. In that case, if host A gets 2001::a and host B gets 2001::b but they don't know the subnet size, the conservative assumption is /128 which means that they can't communicate. Hardcoding /64 would be bad, even in router advertisements the prefix length is carried explicitly even though stateless autoconfig won't work if it's not 64.

On 27 dec 2007, at 13:19, Mark Smith wrote:

there are currently no ISPs and no CPEs that do
that, as far as I know.

I haven't had a chance to test it, but according to "Deploying IPv6
Networks", IOS can support DHCPv6 based prefix delegation. It even
supports multiple downstream interfaces on the CPE - you configure the
subnet number you want on each of the interfaces, and the CPE will
configure the DHCP-PD learned /48 on the front of them automatically
and then start announcing those prefixes in RAs out those interfaces.

You're absolutely right. For some reason it never connected in my brain that my Cisco 826/827 (I always forget which) ADSL router supports this, even with a 3 year old IOS. I think when I tested this I did so on a bunch of 2500s. But if you look at Apple's Airport Extreme base station, for instance, that box will only terminate a tunnel and not handle any kind of native IPv6 routing.

See for a small config example.

(I think someone said the Airport Extreme bridges IPv6 and routes IPv4 (or maybe the other way around), which isn't true. You can configure it to bridge or do IPv4 NAT and separately from that to route between an IPv6 manual or 6to4 tunnel and the LAN ports (+ WAN port when bridging).)