[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CPEs



Let me tackle three issues related to CPEs in one monster message. These issues are:

- firewalling
- address provisioning
- IPv4/IPv6 transition/coexistance

When I say "CPE" that can both mean a cable/DSL modem, a home router with integrated cable/DSL modem or a home router with no modem functionality. I'll call them CPE(m), CPE(r) or CPE(rm) where appropriate. If they're managed by the ISP I may add -ISP, if they're managed by the end-user/consumer I may add -USER. Note that all of this applies to consumer installations.

First, let me start with a few sentences on my philosophy in this area and then a list of issues that we need to figure out so the industry can move forward.

CPE philosophy
--------------

Because broadband consumers span the gamut from completely ignorant about even the most superficial technical issues to people who actually build those CPEs, the most important thing is that a CPE can address all reasonable use cases along that gamut. In other words: an expert user shouldn't be forced to live with what's best for that granny who doesn't even have a PC but does have some IP enabled devices such as picture frames or sewing machines, but on the other hand, the granny shouldn't be forced to become an expert.

What this means is that the defaults are such that non-expert users get the tradeoff between security, usability and other aspects that is most appropriate (which would be the default settings), but experts get to override these defaults. At the very least, it MUST be possible to make the CPE act transparently.

Security

As for security: these days, any IP device MUST be ready to be connected to a hostile network, which includes the open internet. However, because this wasn't true in the past and because removing a layer of "security" is scary, it's not possible to market CPEs that don't do any filtering. This means that there must be filtering, but since it doesn't do anything useful in practice and it does get in the way, this filtering must be the minimum that will be accepted by the market. That would almost certainly be the level of filtering that is de facto provided in today's IPv4 CPEs, which is: outgoing sessions and related return traffic is allowed (stateful filtering) and applications get to open up TCP/UDP ports for incoming traffic.

Now obviously it's possible to argue that this isn't a good way of filtering (in both directions, it can be too much or too little), but since that is what you get with pretty much any current CPE those discussions are largely moot. The only changes that are possible are those that BOTH improve security AND usability at the same time. Any change that improves one over the other will be seen as unacceptable by one camp.

Transition

Ideally, a CPE will provide both IPv4 and IPv6 service to hosts connected to it, regardless of whether the ISP provides IPv4, IPv6 or both. So that probably means: regular IPv4 operation, native IPv6, 6to4, Teredo, NAT-PT... It would be even better if IPv4 hosts behind the CPE could make use of IPv6 services and the other way around. (Maybe using an HTTP(S) proxy?)

Multiple CPEs

Obviously if there is a CPE(m) then it should also be possible to add a CPE(r), but users may have reasons to have multiple CPE(r)s, possibly connected in parallel to a CPE(m) but having one CPE(r) connect to the LAN side of another CPE(r) would also be a possibility, and even the only possible option if there is a CPE(mr). Although security policies may prohibit certain applications to work across a CPE(r), service discovery and addressing should be transparent within the entire site.

Questions
---------

Security

1. Do we all agree that a model where there is stateful filtering by default, but applications can request incoming sessions is what we should aim for?

2. Or should the opening up of incoming ports go through the OS, rather than be signalled directly from applications to the CPE?

3. Should a host have the option of signalling to a CPE that it doesn't require any filtering?

Address provisioning

4. Is implementing DHCPv6 snooping and option insertion, similar to what currently happens with DHCP for IPv4, a good option for vendors of broadband equipment, or is a provisioning solution where this isn't necessary preferable?

5. Can we assume the presence of DHCPv6 prefix delegation in CPEs?

6. Can we assume the presence of DHCPv6 address assignment in clients? It's not available in most of them now, so how would we get to such a state and how soon?

7. Is the model where there is a CPE with modem functionality but not router functionality a reasonable one?

8. Do we want to ISPs to provide RAs to customers in the case where 6 = no and 7 = yes? If not, then what?

9. If 8, then what is the value of the M and O bits?

10. If 5 and a user adds more than one routing CPE, how does the prefix delegation work? The "first" routing CPE requests a prefix from the ISP and then provides sub-prefixes to the other CPE(r)s, or does each CPE get a prefix from the ISP? In the latter case, how do CPE(r)s know what routes to install for prefixes held by other CPE(r)s within the site?

11. Do we expect ISPs to provide reachability for a new and old prefix concurrently when changing prefixes or do ISPs provide long-time stable prefixes to IPv6 customers? If "no" on both, then how do we avoid disconnected sessions on prefix changes?

12. How do we avoid problems caused by customer equipment MAC addresses clashing with that of other customers?

13. How many devices are allowed to connect to a CPE(m)?

14. What kind of addressing is used between the ISP and the first CPE(r)? Global customer specific, global shared between customers, link local only?

15. How does DAD work on the subnet between an ISP and customers? Should hosts and CPEs ignore their own DAD packets when they loop back to them?

DNS

16. How do we expect customer devices to enter into the DNS?

17. If the answer to 16 is dynamic DNS updates, how does the authentication work?

18. Should IPv6 hosts be prepared to operate without a working reverse DNS entry?

Third party devices

19. How do users authorize third-party devices (ranging from gas meters to set top boxes) use of their broadband connection?

20. How can third party devices be prevented from observing both data traffic and service discovery?

21. How can third party device traffic be limited and/or given QoS?