I would like the v6ops community to discuss this and come to some conclusion that can guide the CPE Requirements development. It may be worthwhile documenting that conclusion and the assumptions it is based on in an RFC. We are dealing at least in part with a world view question, and we need a rational and agreed world view.
Begin forwarded message:
From: Fred Baker <fred@cisco.com> Date: January 3, 2008 12:15:44 PM PSTTo: V6CPE Design Team <v6ops-residential-cpe-design- team@external.cisco.com> Cc: v6ops-ads@tools.ietf.org, Kurt Erik Lindqvist <kurtis@kurtis.pp.se>Subject: Wondering if we're on the same wavelengthAs we're going through this discussion, I'm wondering if we have it structured right. It seems like we are not working on a single set of requirements on which we basically agree, which is characteristic of a design team. Rather, we have a very polarized discussion between two very different sets of people. One set, the folks who make CPEs, are being told in no uncertain terms by their customers that they need to provide firewall functionality, and some customers require NAT functionality for reasons unrelated to firewalling. The other group, which AFAIK have no skin in the CPE game, are (in some cases adamantly) opposed to the deployment of firewalls.Would we have a more productive discussion if this were separated into two separate teams and resultant documents, each describing and arguing for its version of the universe? If so, who would like to take the lead on the "we don't need no stinkin firewalls" model?
From: Alain Durand <alain_durand@cable.comcast.com> Date: January 3, 2008 1:22:01 PM PSTTo: Fred Baker <fred@cisco.com>, V6CPE Design Team <v6ops- residential-cpe-design-team@external.cisco.com> Cc: <v6ops-ads@tools.ietf.org>, Kurt Erik Lindqvist <kurtis@kurtis.pp.se>Subject: Re: Wondering if we're on the same wavelength Fred,IMHO, what is missing is a broader understanding of what I call the new "social contract" in IPv6 broadband land...In IPv4 broadband land, there is a pretty well accepted "social contract":- Customer get one IPv4 address that can change over time - Customer use/rent/own a NAT box to create more address space, isolate himself/herself from external IP address change, getthe so-called security benefits of NAT or whatever over local reason - the "security model" is mainly defined as: all devices within the homenetwork belong to the customer, are mostly unmanaged anda security perimeter is defined by the home router to "protect" thegood inside from the "evil" outside.- The ISP has very little if any view of the devices in the home southof the home gateway - There is little DNS in place Note: all this is a direct consequence of the NAT modelIn the brave new world of IPv6, the plethora of address space impose on us to revisit this model, mainly because NAT is not required to connect more than one device. Note that I said not required, which does not mean it will not be part of the picture in one form or another, if only in the NAT v4/v6/v4 that I described last IETF.So, IMHO, what is needed is for the industry at large (and not just a few experts) to open up a discussion of what this social contract now will look like in IPv6, in other words, what kind of networks and network usage are we looking at, and not just now, but looking ahead...Essentially, we must *collectively* answer a number of questions: - How much space is assigned per customer This is the trivial one that is being discussed right now - Is there any routing within the home? - Is this address space "stable" over time or is it expected to be changeable by the ISP? There are huge ramification in thelocal routing & provisioning complex depending how you answer thisquestion - What is(are) the management model(s) of the home?Is the customer expected to manage alone his network? How can the ISP usefully help? What about in-home devices operated/owned/under contractwith either the ISP or a 3rd party? - What should be the new security model? - How to manage the name space?I'm concerned we will not make much progress on the firewall issue until we have a better understanding of the broader issue I described above. And honestly, I think we are just at the very beginning.- Alain.
From: Fred Baker <fred@cisco.com> Date: January 3, 2008 2:32:46 PM PST To: Alain Durand <alain_durand@cable.comcast.com>Cc: V6CPE Design Team <v6ops-residential-cpe-design- team@external.cisco.com>, <v6ops-ads@tools.ietf.org>, Kurt Erik Lindqvist <kurtis@kurtis.pp.se>Subject: Re: Wondering if we're on the same wavelengthYou raise some important questions. I think there are some more you need to ask.I have attached a network map of my home. It is somewhat out of date; last summer, my folks-in-law moved in with us as as such as now have TV service in the home, and as a result two set-top boxes. They are right now on the TV coax apart from control, which is done via a combination of a direct radio interface and the wifi network, but in the future one might expect them to come onto the IP network in full.On Jan 3, 2008, at 1:22 PM, Alain Durand wrote:Fred,IMHO, what is missing is a broader understanding of what I call the new "social contract" in IPv6 broadband land...In IPv4 broadband land, there is a pretty well accepted "social contract":- Customer get one IPv4 address that can change over time - Customer use/rent/own a NAT box to create more address space, isolate himself/herself from external IP address change, getthe so-called security benefits of NAT or whatever over local reason - the "security model" is mainly defined as: all devices within the homenetwork belong to the customer, are mostly unmanaged anda security perimeter is defined by the home router to "protect" thegood inside from the "evil" outside.- The ISP has very little if any view of the devices in the home southof the home gateway - There is little DNS in place Note: all this is a direct consequence of the NAT modelI'll add that they are also consequences of ownership. The ISP, Cox Business Services in my case, supplies the Cable Modem and the set- top box, but apart from that the equipment in my home belongs to me. As a customer, I would be very surprised if my ISP tried to assert any control over anything it didn't own apart from a specific contractual agreement permitting it to do so. It would be enough for me to terminate my contract with the ISP. If my ISP announced to me that it thought there was a new social contract that I as a consumer was supposed to accept but was not a party to, that would likewise be the end of my legal contract. The services my ISP offers in my home are there because I choose them and choose to pay for them, not because the ISP wants them to be there.In the brave new world of IPv6, the plethora of address space impose on us to revisit this model, mainly because NAT is not required to connect more than one device. Note that I said not required, which does not mean it will not be part of the picture in one form or another, if only in the NAT v4/v6/v4 that I described last IETF.Certainly, as a customer I expect to have my router obtain an address (ND or DHCP) and other configuration information, including a delegated prefix.So, IMHO, what is needed is for the industry at large (and not just a few experts) to open up a discussion of what this social contract now will look like in IPv6, in other words, what kind of networks and network usage are we looking at, and not just now, but looking ahead...Essentially, we must *collectively* answer a number of questions: - How much space is assigned per customer This is the trivial one that is being discussed right nowyes.- Is there any routing within the home?I suspect that there are multiple classes of home here. In my case, my company's information security policy requires me to have routing in the home - by whatever means, my office equipment is not accessible from the rest of my home.- Is this address space "stable" over time or is it expected to be changeable by the ISP? There are huge ramification in thelocal routing & provisioning complex depending how you answer thisquestionThat relates to some of the questions in RRG. If my ISP is designing the network in my home, I guarantee that the home will not be multihomed. Since that is not reality (my home isn't multihomed, but Kurtis' and Jari's are), ergo, the ISP is not designing or managing the network in my home. This in part is the issue being addressed in draft-baker-6man-multiprefix-default- route; if I in fact have multiple prefixes in the home, I want to send my datagrams using an address to the ISP that gave me the address. This is a lot easier with Metro Addressing (the ISPs manage a prefix for the routing domain, which may be similar to a geographical region) or with a GSE-like model such as Christian Vogt suggests.In any event, if the ISP is provisioning me with a prefix, and I am routing in the home, I expect to have a rational system for using that prefix.- What is(are) the management model(s) of the home?Is the customer expected to manage alone his network? How can the ISP usefully help? What about in-home devices operated/owned/ under contractwith either the ISP or a 3rd party?I expect the set-top box and other devices supporting services that I contract for to come with instructions for what I am supposed to do with them in my home. The ISP is a guest in my home, or perhaps a servant like the maid or the butler, and will be replaced the instant it forgets that.- What should be the new security model?yes.- How to manage the name space?Why would management of the name space for my home be different for IPv6 than it would be for IPv4? At the end of the day, if I am offering services from my home and using DNS to do them, I would like the fact of getting an A or a AAAA record to be something I only discover after the fact, not something inherent in the name.
From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org> Date: January 3, 2008 1:50:43 PM PST To: Fred Baker <fred@cisco.com>Cc: V6CPE Design Team <v6ops-residential-cpe-design- team@external.cisco.com>, v6ops-ads@tools.ietf.org, Kurt Erik Lindqvist <kurtis@kurtis.pp.se>Subject: Re: Wondering if we're on the same wavelength I think there are three universes :1) all end devices don't do firewalling, so the CPE has to do that for them2) some end devices don't do firewalling, so the CPE has to do that for them. For the devices do do firewalling, how can we stop the CPE firewall getting in their way3) all end devices do firewalling, so the CPE shouldn't, because it'll only get in the wayActually, thats more of a continuum than 3 separate universes. My argument is that it's trending towards 3. Because IPv6 is new(ish), it's possible that with IPv6 we might reach 3 much more quicly than we'll ever reach it in IPv4. That being said, it has occured to me that we might have overlookedthat there's already lots of IPv6 CPE in Asia, and lots of IPv6 enableddevices available (STBs, CCTV cameras etc.) Maybe we should find out how they've approached the problem before we spend time resolving it. Regards, Mark.
From: Iljitsch van Beijnum <iljitsch@muada.com> Date: January 3, 2008 2:15:55 PM PST To: Alain Durand <alain_durand@cable.comcast.com>Cc: Fred Baker <fred@cisco.com>, V6CPE Design Team <v6ops- residential-cpe-design-team@external.cisco.com>, <v6ops- ads@tools.ietf.org>, Kurt Erik Lindqvist <kurtis@kurtis.pp.se>Subject: Re: Wondering if we're on the same wavelength On 3 jan 2008, at 22:22, Alain Durand wrote:Essentially, we must *collectively* answer a number of questions:[...]I'm concerned we will not make much progress on the firewall issue until we have a better understanding of the broader issue I described above. Andhonestly, I think we are just at the very beginning.I largely agree.Would it be useful to see if we can define a number of deployment scenarios and then present those to the community at large it/we can reach consensus about which ones we should go forward with?There are currently many discussions going on about bridging/ routing CPEs, address provisioning, internal subnet allocation etc (and some of those discussions weren't even started by me!). Until we have some industry-wide agreement on this stuff rolling out IPv6 for consumers will be very complex.As to Fred's question: I think it's useful to hash things out here, ignoring the occassional rant it seems we can find a decent amount of common ground. If we go off in separate groups that only means we'll have to have these fights in public... On the other hand, if the CPE builders feel they can do better work without the firewall skeptics I can live with that.
Attachment:
Fred_home_network.pdf
Description: Adobe PDF document
Attachment:
PGP.sig
Description: This is a digitally signed message part