[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CPEs
Let me tackle three issues related to CPEs in one monster message.
These issues are:
- firewalling
- address provisioning
- IPv4/IPv6 transition/coexistance
When I say "CPE" that can both mean a cable/DSL modem, a home router
with integrated cable/DSL modem or a home router with no modem
functionality. I'll call them CPE(m), CPE(r) or CPE(rm) where
appropriate. If they're managed by the ISP I may add -ISP, if they're
managed by the end-user/consumer I may add -USER. Note that all of
this applies to consumer installations.
First, let me start with a few sentences on my philosophy in this area
and then a list of issues that we need to figure out so the industry
can move forward.
CPE philosophy
--------------
Because broadband consumers span the gamut from completely ignorant
about even the most superficial technical issues to people who
actually build those CPEs, the most important thing is that a CPE can
address all reasonable use cases along that gamut. In other words: an
expert user shouldn't be forced to live with what's best for that
granny who doesn't even have a PC but does have some IP enabled
devices such as picture frames or sewing machines, but on the other
hand, the granny shouldn't be forced to become an expert.
What this means is that the defaults are such that non-expert users
get the tradeoff between security, usability and other aspects that is
most appropriate (which would be the default settings), but experts
get to override these defaults. At the very least, it MUST be possible
to make the CPE act transparently.
Security
As for security: these days, any IP device MUST be ready to be
connected to a hostile network, which includes the open internet.
However, because this wasn't true in the past and because removing a
layer of "security" is scary, it's not possible to market CPEs that
don't do any filtering. This means that there must be filtering, but
since it doesn't do anything useful in practice and it does get in the
way, this filtering must be the minimum that will be accepted by the
market. That would almost certainly be the level of filtering that is
de facto provided in today's IPv4 CPEs, which is: outgoing sessions
and related return traffic is allowed (stateful filtering) and
applications get to open up TCP/UDP ports for incoming traffic.
Now obviously it's possible to argue that this isn't a good way of
filtering (in both directions, it can be too much or too little), but
since that is what you get with pretty much any current CPE those
discussions are largely moot. The only changes that are possible are
those that BOTH improve security AND usability at the same time. Any
change that improves one over the other will be seen as unacceptable
by one camp.
Transition
Ideally, a CPE will provide both IPv4 and IPv6 service to hosts
connected to it, regardless of whether the ISP provides IPv4, IPv6 or
both. So that probably means: regular IPv4 operation, native IPv6,
6to4, Teredo, NAT-PT... It would be even better if IPv4 hosts behind
the CPE could make use of IPv6 services and the other way around.
(Maybe using an HTTP(S) proxy?)
Multiple CPEs
Obviously if there is a CPE(m) then it should also be possible to add
a CPE(r), but users may have reasons to have multiple CPE(r)s,
possibly connected in parallel to a CPE(m) but having one CPE(r)
connect to the LAN side of another CPE(r) would also be a possibility,
and even the only possible option if there is a CPE(mr). Although
security policies may prohibit certain applications to work across a
CPE(r), service discovery and addressing should be transparent within
the entire site.
Questions
---------
Security
1. Do we all agree that a model where there is stateful filtering by
default, but applications can request incoming sessions is what we
should aim for?
2. Or should the opening up of incoming ports go through the OS,
rather than be signalled directly from applications to the CPE?
3. Should a host have the option of signalling to a CPE that it
doesn't require any filtering?
Address provisioning
4. Is implementing DHCPv6 snooping and option insertion, similar to
what currently happens with DHCP for IPv4, a good option for vendors
of broadband equipment, or is a provisioning solution where this isn't
necessary preferable?
5. Can we assume the presence of DHCPv6 prefix delegation in CPEs?
6. Can we assume the presence of DHCPv6 address assignment in clients?
It's not available in most of them now, so how would we get to such a
state and how soon?
7. Is the model where there is a CPE with modem functionality but not
router functionality a reasonable one?
8. Do we want to ISPs to provide RAs to customers in the case where 6
= no and 7 = yes? If not, then what?
9. If 8, then what is the value of the M and O bits?
10. If 5 and a user adds more than one routing CPE, how does the
prefix delegation work? The "first" routing CPE requests a prefix from
the ISP and then provides sub-prefixes to the other CPE(r)s, or does
each CPE get a prefix from the ISP? In the latter case, how do CPE(r)s
know what routes to install for prefixes held by other CPE(r)s within
the site?
11. Do we expect ISPs to provide reachability for a new and old prefix
concurrently when changing prefixes or do ISPs provide long-time
stable prefixes to IPv6 customers? If "no" on both, then how do we
avoid disconnected sessions on prefix changes?
12. How do we avoid problems caused by customer equipment MAC
addresses clashing with that of other customers?
13. How many devices are allowed to connect to a CPE(m)?
14. What kind of addressing is used between the ISP and the first
CPE(r)? Global customer specific, global shared between customers,
link local only?
15. How does DAD work on the subnet between an ISP and customers?
Should hosts and CPEs ignore their own DAD packets when they loop back
to them?
DNS
16. How do we expect customer devices to enter into the DNS?
17. If the answer to 16 is dynamic DNS updates, how does the
authentication work?
18. Should IPv6 hosts be prepared to operate without a working reverse
DNS entry?
Third party devices
19. How do users authorize third-party devices (ranging from gas
meters to set top boxes) use of their broadband connection?
20. How can third party devices be prevented from observing both data
traffic and service discovery?
21. How can third party device traffic be limited and/or given QoS?
- Follow-Ups:
- RE: CPEs
- From: "Bound, Jim" <Jim.Bound@hp.com>
- Re: CPEs
- From: Rémi Denis-Courmont <rdenis@simphalempin.com>
- RE: CPEs -- security
- From: Christian Huitema <huitema@windows.microsoft.com>
- Re: CPEs
- From: Shane Kerr <shane@time-travellers.org>