diff options
Diffstat (limited to 'doc/rfc/rfc6139.txt')
-rw-r--r-- | doc/rfc/rfc6139.txt | 2187 |
1 files changed, 2187 insertions, 0 deletions
diff --git a/doc/rfc/rfc6139.txt b/doc/rfc/rfc6139.txt new file mode 100644 index 0000000..c91cc9b --- /dev/null +++ b/doc/rfc/rfc6139.txt @@ -0,0 +1,2187 @@ + + + + + + +Independent Submission S. Russert, Ed. +Request for Comments: 6139 Unaffiliated +Category: Informational E. Fleischman, Ed. +ISSN: 2070-1721 F. Templin, Ed. + Boeing Research & Technology + February 2011 + + + Routing and Addressing in Networks with + Global Enterprise Recursion (RANGER) Scenarios + +Abstract + + "Routing and Addressing in Networks with Global Enterprise Recursion + (RANGER)" (RFC 5720) provides an architectural framework for scalable + routing and addressing. It provides an incrementally deployable + approach for scalability, provider independence, mobility, + multihoming, traffic engineering, and security. This document + describes a series of use cases in order to showcase the + architectural capabilities. It further shows how the RANGER + architecture restores the network-within-network principles + originally intended for the sustained growth of the Internet. + +Status of This Memo + + This document is not an Internet Standards Track specification; it is + published for informational purposes. + + This is a contribution to the RFC Series, independently of any + other RFC stream. The RFC Editor has chosen to publish this + document at its discretion and makes no statement about its value + for implementation or deployment. Documents approved for + publication by the RFC Editor are not a candidate for any level of + Internet Standard; see Section 2 of RFC 5741. + + Information about the current status of this document, any + errata, and how to provide feedback on it may be obtained at + http://www.rfc-editor.org/info/rfc6139. + + + + + + + + + + + + + +Russert, et al. Informational [Page 1] + +RFC 6139 RANGERS February 2011 + + +Copyright Notice + + Copyright (c) 2011 IETF Trust and the persons identified as + the document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. + +Table of Contents + + 1. Introduction ....................................................3 + 2. Terminology .....................................................4 + 3. Approach ........................................................7 + 4. Scenarios ......................................................11 + 4.1. Global Concerns ...........................................11 + 4.1.1. Scaling the Global Inter-Domain Routing Core .......11 + 4.1.2. Supporting Large Corporate Enterprise Networks .....13 + 4.2. Autonomous System Concerns ................................16 + 4.3. Small Enterprise Concerns .................................16 + 4.4. IPv4/IPv6 Transition and Coexistence ......................18 + 4.5. Mobility and MANET ........................................21 + 4.5.1. Global Mobility Management .........................21 + 4.5.2. First-Responder Mobile Ad Hoc Networks (MANETs) ....23 + 4.5.3. Tactical Military MANETs ...........................24 + 4.6. Provider Concerns .........................................27 + 4.6.1. ISP Networks .......................................27 + 4.6.2. Cellular Operator Networks .........................28 + 4.6.3. Aeronautical Telecommunications Network (ATN) ......28 + 4.6.4. Unmanaged Networks .................................31 + 5. Mapping and Encapsulation Concerns .............................32 + 6. Problem Statement and Call for Solutions .......................32 + 7. Summary ........................................................33 + 8. Security Considerations ........................................33 + 9. Acknowledgements ...............................................34 + 10. References ....................................................34 + 10.1. Normative References .....................................34 + 10.2. Informative References ...................................34 + + + + + + + + + + +Russert, et al. Informational [Page 2] + +RFC 6139 RANGERS February 2011 + + +1. Introduction + + The Internet is continually required to support more users, more + internetwork connections, and increasing complexity due to diverse + policy requirements. This growth and change strains the + infrastructure and demands new solutions. Some of the complementary + approaches to transform Internet technology are being pursued + concurrently within the IETF: translation (including Network Address + Translation (NAT)), tunneling (map and encapsulate), and native IPv6 + [RFC2460] deployment. Routing and Addressing in Networks with Global + Enterprise Recursion (RANGER) [RFC5720] describes the architectural + elements of a "map and encapsulate" approach that also facilitates + the other two approaches. This document discusses RANGER operational + scenarios. + + RANGER provides an architectural framework for scalable routing and + addressing. It provides for scalability, provider independence, + mobility, multihoming, and security for the next-generation Internet. + The RANGER architectural principles are not new. They can be traced + to the deliberations of the ROAD group [RFC1380], and also to still + earlier works including NIMROD [RFC1753] and the Catenet model for + internetworking [CATENET] [IEN48] [RFC2775]. [RFC1955] captures the + high-level architectural aspects of the ROAD group deliberations in a + "New Scheme for Internet Routing and Addressing (ENCAPS) for IPNG". + + The Internet has grown tremendously since these architectural + principles were first developed, and that evolution increases the + need for these capabilities. The Internet has become a critical + resource for business, for government, and for individual users + throughout the developed world. RANGER carries forward these + historic architectural principles, creating a ubiquitous enterprise + network structure that can represent collections of network elements + ranging from the granularity of a singleton router all the way up to + an entire Internet. This enterprise network structure uses border + routers that configure tunnel endpoints to connect potentially + recursively nested networks. Each enterprise network may use + completely independent internal Routing Locator (RLOC) address + spaces, supporting a virtual overlay network connecting edge networks + and devices that are addressed with globally unique Endpoint + Interface iDentifiers (EIDs). The RANGER virtual overlay can + transcend traditional administrative and organizational boundaries. + In its purest form, this overlay network could therefore span the + entire Internet and restore the end-to-end transparency envisioned in + [RFC2775]. + + The RANGER architecture drew early observations from the Intra-Site + Automatic Tunnel Addressing Protocol (ISATAP) [RFC5214] [RFC5579] but + now uses Virtual Enterprise Traversal (VET) [RFC5558], the Subnetwork + + + +Russert, et al. Informational [Page 3] + +RFC 6139 RANGERS February 2011 + + + Encapsulation and Adaptation Layer (SEAL) [RFC5320], and other + mechanisms including IPsec [RFC4301] as its functional building + blocks. This document describes use cases and shows how the RANGER + mechanisms apply. Complementary mechanisms (e.g., DNS, DHCP, NAT, + etc.) are included to show how the various pieces can work together. + It expands on the concepts introduced in "IPv6 Enterprise Network + Scenarios" [RFC4057] and "IPv6 Enterprise Network Analysis - IP Layer + 3 Focus" [RFC4852], and shows how the enterprise network model + generalizes to a broad range of scenarios. These use cases are + included to provide examples, invite criticism and comment, and + explore the potential for creating the next-generation Internet using + the RANGER architecture. Familiarity with RANGER, VET, SEAL, and + ISATAP are assumed. + +2. Terminology + + Internet Topology Hierarchy + The Internet Protocol (IP) natively supports a topology hierarchy + comprised of increasing aggregations of networked elements. + Network interfaces of devices are grouped into subnetworks, and + subnetworks are grouped into larger aggregations. Subnetworks can + be optionally grouped into areas and the areas grouped into an + autonomous system (AS). Alternatively, subnetworks can be + directly grouped into an AS. The foundation of the IP Topology + Hierarchy is the AS, which determines the administrative + boundaries of a network deployment including its routing, + addressing, quality of service, security, and management. + Intra-domain routing occurs within an autonomous system, and + inter-domain routing links autonomous systems into a "network of + networks" (Internet). + + Routing Locator (RLOC) + an address assigned to an interface in an enterprise-interior + routing region. Note that RLOC space is local to each enterprise + network. + + The IPv4 public address space currently in use today can be + considered as the RLOC space for the global Internet as a giant + "enterprise network". + + Endpoint Interface iDentifier (EID) + an address assigned to an edge network interface of an end system. + Note that EID space is global in scope, and must be separate and + distinct from any RLOC space. + + + + + + + +Russert, et al. Informational [Page 4] + +RFC 6139 RANGERS February 2011 + + + commons + an enterprise-interior routing region that provides a subnetwork + for cooperative peering between the border routers of diverse + organizations that may have competing interests. An example of a + commons is the Default-Free Zone (DFZ) of the global Internet. + The enterprise-interior routing region within the commons uses an + addressing plan taken from RLOC space. + + enterprise network + the same as defined in [RFC4852], where the enterprise network + deploys a unified RLOC space addressing plan within the commons, + but may also contain partitions with disjoint RLOC spaces and/or + organizational groupings that can be considered as enterprises + unto themselves. An enterprise network therefore need not be "one + big happy family", but instead provides a commons for the + cooperative interconnection of diverse organizations that may have + competing interests (e.g., such as the case within the global + Internet Default-Free Zone). + + Historically, enterprise networks are associated with large + corporations or academic campuses. However, in RANGER an + enterprise network may exist at any IP Topology Hierarchy level. + The RANGER architectural principles apply to any networked entity + that has some degree of cooperative active management. This + definition therefore extends to home networks, small office + networks, a wide variety of Mobile Ad hoc Networks (MANETs), and + even to the global Internet itself. + + site + a logical and/or physical grouping of interfaces within an + enterprise network commons, where the topology of the site is a + proper subset of the topology of the enterprise network. A site + may contain many interior sites, which may themselves contain many + interior sites in a recursive fashion. + + Throughout the remainder of this document, the term "enterprise" + refers to either enterprise or site; i.e., the RANGER principles + apply equally to enterprises and sites of any size or shape. At + the lowest level of recursive decomposition, a singleton + Enterprise Border Router can be considered as an enterprise unto + itself. + + Enterprise Border Router (EBR) + a node at the edge of an enterprise network that is also + configured as a tunnel endpoint in an overlay network. EBRs + connect their directly attached networks to the overlay network, + and connect to other networks via IP-in-IP tunneling across the + commons to other EBRs. This definition is intended as an + + + +Russert, et al. Informational [Page 5] + +RFC 6139 RANGERS February 2011 + + + architectural equivalent of the functional term "EBR" defined in + [RFC5558], and is synonymous with the term "xTR" used in other + contexts (e.g., [LISP]). + + Enterprise Border Gateway (EBG) + an EBR that also connects the enterprise network to provider + networks and/or to the global Internet. EBGs are typically + configured as default routers in the overlay, and provide + forwarding services for accessing IP networks not reachable via an + EBR within the commons. This definition is intended as an + architectural equivalent of the functional term "EBG" defined in + [RFC5558], and is synonymous with the term "default mapper" used + in other contexts (e.g., [APT]). + + overlay network + a virtual network manifested by routing and addressing over + virtual links formed through automatic tunneling. An overlay + network may span many underlying enterprise networks. + + 6over4 + "Transmission of IPv6 over IPv4 Domains without Explicit Tunnels" + [RFC2529]; functional specifications and operational practices for + automatic tunneling of unicast/multicast IPv6 packets over + multicast-capable IPv4 enterprise networks. + + ISATAP + Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) [RFC5214] + [RFC5579]; functional specifications and operational practices for + automatic tunneling over unicast-only enterprise networks. + + VET + Virtual Enterprise Traversal (VET) [RFC5558]; functional + specifications and operational practices that provide a functional + superset of 6over4 and ISATAP. In addition to both unicast and + multicast tunneling, VET also supports address/prefix + autoconfiguration as well as additional encapsulations such as + IPsec, SEAL, UDP, etc. + + SEAL + Subnetwork Encapsulation and Adaptation Layer (SEAL) [RFC5320]; a + functional specification for robust packet identification and link + MTU adaptation over tunnels. SEAL supports effective ingress + filtering and adapts to subnetworks configured over links with + diverse characteristics. + + Within the RANGER architectural context, the SEAL "subnetwork" and + RANGER "enterprise" should be considered as identical + abstractions. + + + +Russert, et al. Informational [Page 6] + +RFC 6139 RANGERS February 2011 + + + Provider-Independent (PI) prefix + an EID prefix (e.g., 2001:DB8::/48, 192.0.2/24, etc.) that is + routable within a limited scope and may also appear in enterprise + network mapping tables. PI prefixes that can appear in mapping + tables are typically delegated to a BR by a registry, but are not + aggregated by a provider network. + + Provider-Aggregated (PA) prefix + an EID prefix that is either derived from a PI prefix or delegated + directly to a provider network by a registry. Although not widely + discussed, it bears specific mention that a prefix taken from a + delegating router's PI space becomes a PA prefix from the + perspective of the requesting router. + + Customer Premises Equipment (CPE) Router + a residential or small office router that provides IPv4 and/or + IPv6 support. The user or the service provider may manage the + router. + + Carrier-Grade NAT (CGN) + a special (usually high capacity) IPv4-to-IPv4 NAT deployed within + the service provider network that serves multiple subnets. + +3. Approach + + The RANGER [RFC5720] architecture seeks to fulfill the objectives set + forth in [RFC1955]: + + o No Changes to Hosts + + o No Changes to Most Routers + + o No New Routing Protocols + + o No New Internet Protocols + + o No Translation of Addresses in Packets + + o Reduce the Routing Table Size in All Routers + + o Use the Current Internet Address Structure + + The RANGER enterprise network is a cooperative networked collective + sharing a common (business, social, political, etc.) goal. An + enterprise network can be simple or complex in composition and can + operate at any IP Topology Hierarchy level. Although RANGER focuses + on encapsulation, it is also compatible with both native and + translated routing and addressing. + + + +Russert, et al. Informational [Page 7] + +RFC 6139 RANGERS February 2011 + + + RANGER enables a protocol and/or addressing system to be connected in + a virtual overlay across an untrusted transit network, or "commons". + While it does not show all possible uses, Figure 1 illustrates that + RANGER supports the creation of a distributed network across an + intervening commons, which could implement a dissimilar IP version, + routing protocol, or addressing system. + + .--------------. .--------------. .-------------. + / \_ _/ \_ _/ \ + \ Enterprise A / \ Commons / \ Enterprise B / + \_ _ _ _ _ _ _ / \_ _ _ _ _ _ _ / \_ _ _ _ _ _ _/ + Domains + + Network / IPvx IPvy IPvz + Protocol \ IPv6 IPv4 IPv6 + + IP Security secured unsecured secured + + Mgmt Domain Entity A ISP Entity B + + / + | Public Addresses Private Addresses Public Addresses + Addressing |Private Addresses Public Addresses Private Addresses + | PA Addresses PI Addresses PA Addresses + \ PI Addresses PA Addresses PI Addresses + + Figure 1. RANGER Links Distributed Enterprise Networks + + The RANGER concepts can be applied recursively. They can be + implemented at any level within the IP Topology Hierarchy to create + an enterprise-within-enterprise organizational structure extending + traditional AS, area, or subnetwork boundaries. This structure uses + border routers that configure tunnel endpoints to enable + communications between potentially recursively nested enterprise + networks in a virtual overlay network that transcends traditional + administrative and organizational boundaries. In its purest form, + this overlay network could therefore span the entire Internet and + restore end-to-end transparency [RFC2775]. + + The RANGER architecture applies the best current practice insights + from previous encapsulation systems as they are currently articulated + within the Virtual Enterprise Traversal [RFC5558], and Subnetwork + Encapsulation and Adaptation Layer [RFC5320] functional + specifications. The result is an architecture and protocol system + that can be used to create arbitrarily complex, scalable IP + deployments that support both unicast and multicast routing and + addressing systems. + + + + +Russert, et al. Informational [Page 8] + +RFC 6139 RANGERS February 2011 + + + RANGER supports scalable routing through a recursively nested + enterprise-within-enterprise network capability. The fundamental + building block is the Enterprise Border Router (EBR) (see Figure 2). + The EBR is the limiting factor for RANGER recursion, and in certain + contexts a singleton EBR can be viewed as an enterprise network unto + itself. Traditional network infrastructures can be extended to + support complex structures solely with the addition of EBRs with no + other modification to any networked entity. + + An EBR can be a commercial off-the-shelf router, a tactical military + radio, an aircraft mobile router, etc., but it can also be an end + system (e.g., a laptop computer, a soldiers' handheld device, etc.) + with an embedded gateway function [RFC1122]. + + Provider-Edge Interfaces + x x x + | | | + +--------------------+---+--------+----------+ E + | | | | | n + | I | | .... | | t + | n +---+---+--------+---+ | e + | t | +--------+ /| | r + | e I x----+ | Host | I /*+------+--< p I + | r n | |Function| n|**| | r n + | n t | +--------+ t|**| | i t + | a e x----+ V e|**+------+--< s e + | l r . | E r|**| . | e r + | f . | T f|**| . | f + | V a . | +--------+ a|**| . | I a + | i c . | | Router | c|**| . | n c + | r e x----+ |Function| e \*+------+--< t e + | t s | +--------+ \| | e s + | u +---+---+--------+---+ | r + | a | | .... | | i + | l | | | | o + +--------------------+---+--------+----------+ r + | | | + x x x + Enterprise-Edge Interfaces + + Figure 2. Enterprise Border Router (EBR) + + EBRs connect networks and end systems to one or more enterprise + networks via a repertoire of interface types. Enterprise-interior + interfaces attach to a commons. Provider-edge interfaces support + + + + + + +Russert, et al. Informational [Page 9] + +RFC 6139 RANGERS February 2011 + + + traditional routing relationships up the IP Topology Hierarchy, and + enterprise-edge interfaces support traditional relationships down the + IP Topology Hierarchy. Internal virtual interfaces are typically + loopback interfaces or VMware-like host-in-host interfaces. + + VET interfaces support RANGER recursion and IP-in-IP encapsulation. + VET interfaces are configured over provider-edge, enterprise- + interior, or enterprise-edge interfaces to allow recursion + horizontally or vertically within the IP Topology Hierarchy. A VET + interface may be configured over several underlying interfaces that + all connect to the same enterprise network. This creates a link- + layer multiplexing capability that can provide several advantages + (see [RFC1122], Section 3.3.4). One important advantage is + continuous operation across failovers between multiple links attached + to the same enterprise network, without any need for readdressing. + + Figure 3 shows two enterprise networks (each with their own internal + addressing and routing systems) that communicate over a virtual + overlay network across a commons. The virtual overlay is manifested + by tunneling, which links enterprise networks separated by + geographical remoteness, protocol incompatibility, or both. An + ingress EBR (iEBR) within the left enterprise network seeks to + forward encapsulated packets across the commons to the egress EBR + (eEBR) within the right enterprise network. + + The figure shows that the eEBR assigns a Routing Locator (RLOC) + address on its interface to the commons' interior IP routing and + address space, while the destination host assigns an Endpoint + Interface iDentifier (EID) on its enterprise-edge interface. The + iEBR uses a mapping system to discover the RLOC of an eEBR on the + path to the destination EID address. A distinct mapping system is + maintained within each recursively nested enterprise network instance + operating at a specific level of the IP Topology Hierarchy. RANGER + uses the mapping system to join peer enterprise networks via a + virtual overlay across a commons. + + Mapping System RLOC EID + . (BGP, DNS, etc.) . . + .---.------. .----------. . .------.---. + / . \ / \ . / . \ + / (O) iEBR------/--------------\------eEBR * \ + \ / \ Commons / \ / + \_ _ _ _ _ _ / \_ _ _ _ _ _ / \_ _ _ _ _ _/ + + Enterprise Network A Enterprise Network B + + Figure 3. The RANGER Model + + + + +Russert, et al. Informational [Page 10] + +RFC 6139 RANGERS February 2011 + + + EBRs must configure both RLOC and EID addresses and/or prefixes. + Autoconfiguration is coordinated with Enterprise Border Gateways + (EBGs) that connect to the next-higher layer in the recursive + hierarchy, as specified in VET. Standard mechanisms including DHCP + [RFC2131] [RFC3315] and Stateless Address Autoconfiguration (SLAAC) + [RFC4862] are used for this purpose. + + Similarly, EBRs require a means to discover other EBRs and EBGs that + can be used as enterprise network exit points. VET specifies + mechanisms for border router discovery using the global DNS and/or + enterprise-local name services such as Link-Local Multicast Name + Resolution (LLMNR) [RFC4795]. + + The mapping system is a distributed database that is synchronized + among a limited set of mapping agents. Database synchronization can + be achieved by many different protocol alternatives. The most + commonly used alternatives are either the Border Gateway Protocol + (BGP) [RFC4271] or the Domain Name System (DNS) [RFC1035]. Mapping- + system databases can be populated by many different mechanisms + including administrative configuration and automated prefix + registrations. + + EBRs forward initial packets for which they have no mapping to an + EBG. The EBG in turn forwards the packet toward the final + destination and returns a redirect to inform the EBR of a better next + hop if necessary. The EBR then receives a mapping reply that it can + use to populate its Forwarding Information Base (FIB). It then + encapsulates each forwarded packet in an outer IP header for + transmission across the commons to the remote RLOC address of an + eEBR. The eEBR in turn decapsulates the packets and forwards them to + the destination EID address. The Routing Information Base (RIB) + within the commons only needs to maintain state regarding RLOCs and + not EIDs. The synchronized EID-to-RLOC mapping state is not subject + to oscillations due to link state changes within the commons. RANGER + supports scalable addressing by selecting a suitably large EID + addressing range that is distinct from any enterprise-interior RLOC + addressing ranges. + +4. Scenarios + +4.1. Global Concerns + +4.1.1. Scaling the Global Inter-Domain Routing Core + + Growth in the Internet has created challenges in routing and + addressing that have been recognized for many years + [RADIR-PROB-STATE]. IPv4 [RFC0791] address space is limited, and + Regional Internet Registry (RIR) allocation is passing the "very + + + +Russert, et al. Informational [Page 11] + +RFC 6139 RANGERS February 2011 + + + painful" Host Density (HD) ratio threshold of 86% (that is, 192M + allocated addresses) [RFC3194]. As a result, exhaustion of the IPv4 + address pool is predicted within the next two years [IPv4POOL], + [HUSTON-END]. IPv6 promises to resolve the address shortage with a + much larger address space, but transition is costly and could + exacerbate BGP problems described below. Richer interconnection, + increased multihoming (especially with provider-independent (PI) + addresses), and a desire to support traffic engineering via finer + control of routing has led to super-linear growth of BGP routing + tables in the Default-Free Zone, or "DFZ", of the Internet. This + growth is placing increasing pressures on router capacities and + technology costs that are unsustainable for the longer term within + the current Internet routing framework. + + RANGER allows the coordinated reuse of addresses from enterprise to + enterprise by making RLOC address spaces independent of one another. + Figure 4 shows how the RANGER architecture allows the use of separate + address spaces for RLOC and EID addressing in the Internet. This + yields more endpoint address space, especially with the use of IPv6, + and also reduces the load on BGP in the Internet routing core. Note + that Figure 4 could represent variants of RFC 4057 scenarios 1 and 2. + + EID RLOC EID + PA Spaces PI + Allocation Registration + .-------------------------------. ^ + / Internet Commons \ | + | .---------------------------. | | + 2001:DB8::/40 | / Enterprise A \ | 2001:DB8:10::/56 + | |/ 10.1/16 \ | ^ + | || .-------------------------. || | + V || / Enterprise A.1 \ || | + 2001:DB8::/48 || | 10.1/16 | || 2001:DB8:11::/56 + || \_________________________/ / | + | \ / | + | --------------------------- | + | | + | .---------------------------. | + | / Enterprise B \ | + 2001:DB8:100::/40 | | 10.1/16 | | 2001:DB8:12::/56 + | \____________________________/ | + \ / + \_______________________________/ + + Figure 4. Enterprise Networks and the Internet + + + + + + +Russert, et al. Informational [Page 12] + +RFC 6139 RANGERS February 2011 + + + RLOC address spaces are entirely independent of one another, as they + are used only within an enterprise network (recall that an enterprise + network can exist at any level of the IP Topology Hierarchy). Such + an arrangement allows each RLOC space to maintain an independent + routing system and thereby avoid the inherent scaling issues if a + single monolithic routing system were used for all. + + EID address space can be provider-aggregated (PA) or PI, and taken + from either IPv4 or IPv6. EID addresses (barring the use of Network + Address Translation (NAT)) are globally unique, even when routable + only within a more limited scope (e.g., in their own edge networks). + + The IRTF routing research group is investigating a Preliminary + Recommendation for a routing architecture [RFC6115] that provides a + taxonomy for routing scaling solutions for the global Internet + inter-domain routing core. RANGER presents a core/edge separation + architecture within this taxonomy that uniquely shows applicability + from the core all the way out to edge networks via its recursive + enterprise-within-enterprise framework. RANGER is further compatible + with a number of schemes intending to address routing scaling issues, + including "APT: A Practical Transit Mapping Service" [APT], "FIB + Suppression with Virtual Aggregation" [GROW-VA], "Locator/ID + Separation Protocol (LISP)" [LISP], and others. + +4.1.2. Supporting Large Corporate Enterprise Networks + + Each enterprise network operator must be able to manage its internal + networks and use the Internet infrastructure to achieve its + performance and reliability goals. Enterprise networks that are + multihomed or have mobile components frequently require provider- + independent addressing and the ability to coordinate with multiple + providers without renumbering "flag days" [RFC4192] [RFC5887]. + RANGER provides a way to coordinate addressing plans and + inter-enterprise routing, with full support for scalability, provider + independence, mobility, multihoming, and security. + + + + + + + + + + + + + + + + +Russert, et al. Informational [Page 13] + +RFC 6139 RANGERS February 2011 + + + _.--------------------._ + _.---'' -. + ,--'' ,---. `---. + ,-' X5 X6 .---.. `-. + ,\' ,.X1-.. / \ ,' `. `. + ,\' ,' `. .' E2 '. X8 Em \ `. + / / \ | ,--. | / _,.._ \ \ + / / E1 \ | Y3 `. | | / Y7 | \ + ; | ___ | | ` W Y4 |... | `Y6 ,' | : + | | ,-' `. X2 | `--' | | `'' | | + : | | V Y2 | \ _ / | | ; + \ | `-Y1,,' | \ .' Y5 / \ ,-Y8'`- / / + \ \ / \ \_' / X9 `. ,'/ / + `. \ X3 `.__,,' `._ Y9'',' ,' + ` `._ _,' ___.......X7_ `---' ,' + ` `---' ,-' `-. -' + `---. `. E3 Z _' _.--' + `-----. \---.......---' _.---'' + `----------------'' + + <------------------- Global IPv4 Internet ------------------> + + Figure 5. Enterprise Networks within the Internet Commons + + Figure 5 depicts enterprise networks E1 through Em connected to the + global IPv4 Internet via Enterprise Border Routers (EBRs) X1 through + X9. These same border nodes also act as Enterprise Border Gateways + (EBGs) that provide default routing services for nodes within their + respective enterprise networks. The global Internet forms a commons + across which the various enterprise networks connect as cooperating + yet potentially competing entities. Within each enterprise network + there may be arbitrarily many hosts, routers, and networks (not shown + in the diagram) that use addresses taken from that enterprise + network's RLOC space and over which both encapsulated IP packets with + (global-scoped) EID addresses and unencapsulated IP packets with + (enterprise-local) RLOC addresses can be forwarded. + + Each enterprise network may encompass lower-tier networks; for + instance, the singleton EBR "W" in network E2 resides in a lower-tier + network (say E2.1), and (along with any of its attached devices) may + be considered as an enterprise unto itself. W sees Y3 and Y4 as + EBGs, which in turn see X5 and X6 as EBGs that connect to a common + provider network (in this case, the Internet). Each enterprise + network has one or more Endpoint Interface iDentifier (EID) address + prefixes used for addressing nodes on edge networks. RANGER's map- + and-encaps approach separates the mapping of EIDs to Routing Locators + (RLOCs) from the Routing Information Base (RIB) in the Internet + commons that are assigned to EBR router interfaces. Not only does + + + +Russert, et al. Informational [Page 14] + +RFC 6139 RANGERS February 2011 + + + BGP in the Internet commons only need to maintain state regarding + RLOCs in the Internet commons, it has fewer unique routes to maintain + because only routes to EBRs are needed; traffic engineering can + therefore be accommodated via the mapping database. + + In Figure 5, enterprise network E2 represents a corporation that has + multiple locations and connections to multiple ISPs. The corporation + has recently merged with another corporation so that its internal + network has two disjoint RLOC address spaces, but neither of the + formerly separate entities can bear the burden of address + renumbering. Enterprise network E2 can use a suitably large IPv4 + and/or IPv6 EID addressing range (that is distinct from any + enterprise-interior RLOC addressing range) to support end systems on + enterprise-edge networks with no disruption to preexisting address + numbering. + + As EBRs are deployed to connect enterprise networks together, + ordinary routers within the enterprise network continue to function + as normal and deliver both ordinary and encapsulated packets across + the existing Internet infrastructure and the network's own RLOC + commons. Legacy IPv4 services that bind to RLOC addresses continue + to be supported even as EID-based services are rolled out. Where a + legacy IP client and server are within the same RLOC address space, + they simply communicate by using RLOC-based routing across the + enterprise network commons. If the client and server are not within + the same RLOC address space, they communicate through some form of + network address and/or protocol translation (see [RFC5720], + Section 3.3.4 for details). EBRs from the various enterprise + networks publish their EID prefixes to an enterprise-specific mapping + system, so that other EBRs from the various enterprise networks can + consult the mapping system to receive the RLOC address of one or more + EBRs that serve the EID prefix. + + As an example, when an end system connected to W in E2.1 has a packet + to send to node Z in enterprise network E3, W sends the packet to EBR + Y4, which encapsulates the packet in an outer IP packet with its own + source address and the RLOC address of the next-hop EBR as the + destination -- in this case, X6. X6 decapsulates the packet and + looks up the destination EID prefix, obtaining the RLOC of X7 as + next-hop. X6 then encapsulates the IPv6 packet in a packet with RLOC + address X6 as the source and X7 as the destination. X7 decapsulates + the packet on receipt and forwards it via its enterprise-edge + interface to node Z. + + + + + + + + +Russert, et al. Informational [Page 15] + +RFC 6139 RANGERS February 2011 + + + This example uses one thread out of many that are possible using + RANGER; see [RFC5720] and [RFC5558] for other options and details. + Many enterprise networks that use proxies and firewalls at their + border routers today will wish to maintain that control over their + enterprise borders, and the use of RANGER does not preclude such + configurations (for example, see Section 4.3). + +4.2. Autonomous System Concerns + + An enterprise network such as E2 in Figure 5 above can represent an + AS within the IP Topology Hierarchy. A possible configuration for + enterprise network E2 is for each of its enterprise components to + also be recursive ASs linked together using the RANGER constructs. + Such a configuration is increasingly commonplace today for the + networks of very large corporations (e.g., Boeing's corporate + enterprise network). These networks support an internal instance of + the BGP linking many corporate-internal ASs and independent from the + BGP instance that maintains the RIB within the global Internet + Default-Free Zone (DFZ). Such configurations are often motivated by + scaling or administrative requirements. + + Such a corporate entity is internally an Internet unto itself, albeit + with separate default routes leading to the true global Internet. + The enterprise network E2 therefore appears to the rest of the + Internet as if it were a traditional IP Topology Hierarchy AS. Since + RANGER supports recursion, each AS within such a network may itself + use BGP internally in place of an IGP, and can therefore also + internally be composed of a locally internal Internet in a recursive + fashion. This enterprise-within-enterprise framework can recursively + be extended as broadly and as deeply as required in order to achieve + the specific requirements of the deployment (e.g., scaling, unique + administration, and/or functional compartmentalization). + +4.3. Small Enterprise Concerns + + Global enterprise networks operating at the autonomous system level + of the IP Topology Hierarchy include multiple geographical regions, + multiple ISPs, and complex internal structures that naturally benefit + from the application of RANGER techniques. However, all other + enterprise network instances (both large and small) can also be + served by RANGER. For example, Small and Home Office (SOHO) networks + may comprise only a few computers on a single network segment or may + extend to larger configurations with security islands, internal + routers and switches, etc. + + An important concern of the small enterprise network is the ability + to grow the network, change ISPs, or expand to more locations without + readdressing the existing network. Consider a small company that has + + + +Russert, et al. Informational [Page 16] + +RFC 6139 RANGERS February 2011 + + + a single location in California. The ISP connection is via a router + that acts as a Network Address Translator and firewall for the + company. Addresses of the few computers ("Wksta") are taken from the + [RFC1918] private address space. + + ISP + -------|----- Wksta Wksta + | Firewall |_____________|____________| + | NAT | + ------------- + + Figure 6. Simple SOHO Network + + This configuration has been adequate for the few employees performing + software development work, since there is no need to expose services + within the site to the outside world. But now a web presence is + required as product introduction approaches. The network manager + deploys an EBR either as a co-resident function on the existing NAT/ + firewall platform (as depicted in Figure 7) or on a separate + platform. + + The EBR has a provider-edge interface connected to the ISP; the + preexisting workstations; the preexisting enterprise-edge interfaces + connecting the workstations; and enterprise-edge interfaces + connecting several network segments connected by routers that host + web servers, workstations, and other enterprise network services. A + VET interface is configured over the new service network to allow the + servers to be addressed from the public Internet. + + ISP + | + +------|-----+ + | <|-- + | VET2 < | + | <|--- + | | + | | Server Server + | VET1 <|--------|-----------|------- + | | + | +--------+ | Wksta Wksta + | |Firewall| |_____________|____________| + | | NAT | | + | +--------+ | + +------------+ + + Figure 7. RANGER Serving the Small Company + + + + + +Russert, et al. Informational [Page 17] + +RFC 6139 RANGERS February 2011 + + + In this new configuration, the EBR maintains the services within a + "demilitarized zone (DMZ)" that is accessible from the public + Internet without exposing other corporate assets that are still + protected by the preexisting firewall/NAT functions. + + Shortly afterward, an infusion of venture capital allows acceleration + of the product development and marketing work by adding programmers + in Tokyo and sales offices in New York and London. These new + branches connect via Virtual Private Network (VPN) links across the + Internet, and a new VET interface (VET2) is configured over these + links to form a new sub-enterprise: + + ISP + | + +------|-----+ + | <|------------London + | VET2 < | + | <|--------------------New York + | | + | | Server Server + | VET1 <|--------|-----------|------- + | | + | +--------+ | Wksta Wksta + | |Firewall| |_____________|____________| + | | NAT | | + | +--------+ | + +------------+ + + Figure 8. RANGER for Multiple Locations + +4.4. IPv4/IPv6 Transition and Coexistence + + End systems and networks need to accommodate long-term support for + both IPv4 and IPv6. Requirements for transition include support for + IPv4 applications running over IPv4 protocol stacks, IPv4 + applications over IPv6 stacks, IPv4 applications over dual stacks, + and IPv6 or IPv4/IPv6-capable applications over both IPv6 and dual + stacks. Both encapsulation and translation will likely be needed to + allow applications, enterprises, and providers to incorporate IPv6, + including all intermediate states, without global coordination or a + "flag day". + + The RANGER architecture facilitates the addition of IPv6 addressing + to existing IPv4 end systems and routers (i.e., via dual stack) as + well as the addition of IPv6 networks to the existing set of IPv4 + networks. RANGER (with VET and SEAL) makes it possible to carry + packets originated in one protocol across a network infrastructure + supporting another protocol or routing system. Figure 1 shows how + + + +Russert, et al. Informational [Page 18] + +RFC 6139 RANGERS February 2011 + + + RANGER supports various combinations of edge (EID) and core (RLOC + commons) technologies, going beyond IP version differences to include + mixed security, management, and addressing as well. + + The RANGER architecture supports end-to-end communications across + arbitrarily long paths of concatenated enterprise networks connected + by EBRs. When IPv6 is used as Endpoint Interface iDentifier (EID) + space, each EBR can provision a globally unique set of IPv6 EID + prefixes without scaling limitations, due to the expanded IPv6 + address space. For example, Figure 9 shows a pair of end systems, + "H" and "J", separated by an intervening set of enterprise networks + spanned by VET interfaces labeled "vet1" through "vet4", where the + path between "H" and "J" traverses the EBR path "V->Y1->X2->X7->Z": + + +------+ + | IPv6 | + |Server| + " " " " " " " "" " " " " " " " " " " " " " " " | S1 | + " " +--+---+ + " . . . . . . . . . . . . . . . " | + " . . . . . . " | + " . +----+ v +----+ v +----+ +----+ +-----+-------+ + " . | V += e =+ Y1 += e =+ X2 += =+ R2 +==+ Internet | + " . +-+--+ t +----+ t +----+ +----+ +-----+-------+ + " . | 1 . . 2 . . . " | + " . H . . . . v . " | + " . . . . . . . . . . . e . " +--+---+ + " . t . " | IPv4 | + " . . . . . . , . 3 . " |Server| + " . +----+ v +----+ . " | S2 | + " . | Z += e =+ X7 += . " +------+ + " . +-+--+ t +----+ . " + " . | 4 . . . " + " . J . . . . . " + " . . . . . . . " + " " + " " " " " " " " " " " " " " "" " " " " " " " + + Figure 9. EBR Waypoint Navigation Using IPv6 + + When each EBR in the path is assigned a unique set of IPv6 EID + prefixes (and registers these prefixes in the appropriate routing/ + mapping tables), IPv6 can be used for navigation purposes with each + EBR in the path seen as a waypoint for navigation. This is true even + if IPv4 is used as the enterprise-local Routing Locator (RLOC) + address space and there were many IPv4 hops on the path between each + pair of neighboring EBRs. + + + + +Russert, et al. Informational [Page 19] + +RFC 6139 RANGERS February 2011 + + + RANGER further provides a compatible framework for incorporating + supporting mechanisms including protocol translation, application- + layer aspects of IPv4/IPv6 transition discussed in [RFC4038], and DNS + issues for IPv6 from [RFC4472]. For instances where IPv4 + applications remain in use, RANGER expects that IPv4<->IPv6 + translation will be supported via network-based [BEHAVE-v6v4] and/or + end system stack-based (e.g., [RFC2767]) protocol translation + systems. Figure 10 shows the NAT - Protocol Translation + (NAT-PT)-equivalent translation in the VET router, and Figure 11 + shows the "Bump-In-the-Stack" (BIS)-equivalent translation in end + systems ([RFC2767]). These examples address scenarios not mentioned + in RFC 4852. + + IPv4 App A IPv4 App B + _____________ _____________ + |_TCP or UDP__| |_TCP or UDP__| + |____IPv4_____| |____IPv4_____| + ______|______ _______|_____ + / \ / \ + | IPv4-Only | | IPv4-Only | + | Site 1 | | Site 2 | + \_____________/ \_____________/ + ______|______ ______|_______ + |____IPv4_____| _____________ |____IPv4_____| + |NAT-PT-equiv_| / \ |NAT-PT-equiv_| + |_TCP or UDP__| | Internet | |_TCP or UDP__| + |____IPv6_____| | (RANGER) | |____IPv6_____| + |__VET/SEAL___| \_____________/ |__VET/SEAL___| + \_______________/ \___________/ + + Figure 10. Translation in Routers + + In Figure 10, an IPv4 application on end system A operates normally, + and the end system sends IPv4 packets on the IPv4-only site network. + The IPv4 packets are received by an Enterprise Border Router (EBR) + that translates them into IPv6 packets by a NAT-PT-equivalent + process. The EBR then encapsulates the packets into IPv4 and sends + them across the RANGER-enabled Internet to Site 2 where they are + received and decapsulated by an EBR for Site 2. The EBR uses NAT-PT- + equivalent translation to translate the resulting IPv6 packet back to + an IPv4 packet that is delivered across the Site 2 IPv4-only network + to an IPv4 application on end system B. + + + + + + + + + +Russert, et al. Informational [Page 20] + +RFC 6139 RANGERS February 2011 + + + IPv4 App A IPv4 App B + _____________ _____________ _____________ + |_TCP or UDP__| / \ |_TCP or UDP__| + |____BIS______| | Internet | |____BIS______| + |____IPv6_____| | (RANGER) | |____IPv6_____| + |__VET/SEAL___| \_____________/ |__VET/SEAL___| + \_______________/ \___________/ + + Figure 11. BIS-Style Translation in Dual-Stack End Systems + + Figure 11 shows the simplified approach using a BIS translation + process within dual-stack end systems ([RFC2767]). In this case, the + IPv4 application on dual-stack end system A forms an IPv4 payload, + which is then transformed into an IPv6 packet within the end system + protocol stack itself. The IPv6 packet can then be encapsulated and + sent across the Internet to be decapsulated and sent to the dual- + stack end system hosting IPv4 application B. The BIS-equivalent + process on end system B reverses the translation, yielding an IPv4 + packet for consumption by the IPv4-only application. + + Other issues besides IP protocol translation may arise during + IPv4-IPv6 transition; [RFC4038] points out issues including + IPv4/IPv6-capable applications running on IPv4-only protocol stacks, + DNS responses that include addresses of both IP versions, and the + difficulty of supporting multiple application versions. It also + advises that applications be converted to dual support as a preferred + solution. These issues are outside the scope of this document. + +4.5. Mobility and MANET + +4.5.1. Global Mobility Management + + Ubiquitous wireless access enables connection to network + infrastructure nearly anywhere. Vehicles and even persons can host + networks that move around with them. For example, commercial + aircraft networks include requirements for nomadic networks, local + mobility, and global mobility where the connection point between + airplane and ground station can move from one continent to another. + Mobile networks need to be able to use provider-independent (PI) as + well as provider-aggregated (PA) address prefixes. Some applications + such as voice require rapid or seamless connection handoffs -- also + known as session survivability. Internet routing should not be + unduly disrupted by mobility, so movement of mobile nodes or edge + networks should not cause large ripples of routing protocol traffic, + especially in the DFZ. + + + + + + +Russert, et al. Informational [Page 21] + +RFC 6139 RANGERS February 2011 + + + When a RANGER enterprise network is overlaid on the Internet, mobile + nodes or mobile routers (that connect arbitrarily complex edge + networks or enterprise networks) can move between different points of + attachment while remaining reachable and without creating excessive + routing churn. In a commercial airline scenario, an aircraft with a + mobile router would move between ground station points of attachment + (that may be on different continents) without the readdressing of its + onboard networks. Figure 12 shows an aircraft transiting between + four different access points: two that are part of Air Communications + Service Provider (ACSP) 1, one in ACSP2, and the last directly to the + Air Navigation Service Provider (ANSP). ACSP1 and ACSP2 in this + example might be on different continents, so a traditional Mobile IP + Home Agent scheme [RFC3775] [RFC5944] would result in very + inefficient paths for one ACSP or the other. The aero enterprise + network is an overlay that spans both continents and allows efficient + paths by providing multiple entry and exit points (only one, R2, is + shown). + + Aircraft - - - - - - ,.- - - - - -.- - -> + . , . . +------+ + . , . . | IPv6 | + . , . . |Server| + " ." " " ", "" " " ." " " " " .? " " " " " | S1 | + " . , . . " +--+---+ + " . , . . " | + " . ... . . . . . +----+ " | + " . . . . . =+ X3 + " | + " . v +--- + . v . . v +----+ ? | + " . e =+ Y1 + . e . . e . +----+ +--------+ + " . t +----+ . t +----+ . t . =+-R2-+==+Internet| + " . 1 . . 2 =+ X2 + . 3 . +----+ +--------+ + " . . . +----+ . . " | + " . . . . . . . " +------+ + " <ACSP1> <ACSP2> <ANSP> " | IPv4 | + " " |Server| + " - - vet4 - - " | S2 | + " " " " " " " " " " " " " "" " " " " " " | S2 | + <-- Aero Enterprise Network --> +------+ + + Figure 12. Commercial Airplane Mobility + + When the plane moves between ground stations that are located within + the ACSP1 enterprise network, no routing or mapping changes need be + made outside ACSP1. Moreover, if link-layer multiplexing (as + mentioned in Section 3 above) is used, then the VET interface network + layer is unaware of the movement. When the point of access moves to + ACSP2, no changes are made outside the aero enterprise network. When + the aircraft moves between ground stations of the same parent + + + +Russert, et al. Informational [Page 22] + +RFC 6139 RANGERS February 2011 + + + enterprise network (as indicated by the two different links from the + aircraft to ACSP1 in Figure 12), the aircraft announces its PI + prefixes at its new point of attachment and withdraws them from the + old. The worldwide Internet sees no change, and mapping-system churn + is confined to ACSP1, since the prefixes need not be announced or + withdrawn within the parent aero enterprise network; i.e., the churn + is isolated to lower tiers of the recursive hierarchy. This can be + contrasted with the deprecated mobility solution previously fielded + by Connexion, which propagated disruptive BGP changes into the + Internet routing system to support mobile onboard networks. + +4.5.2. First-Responder Mobile Ad Hoc Networks (MANETs) + + Many emerging network scenarios require autoconfiguration of Mobile + Ad hoc Networks (MANETs). Where first responders need networking for + communications and coordination between teams, RANGER allows each + team or agency to quickly stand up a network and then use the + autoconfiguration described in [RFC5558] to coordinate address/prefix + autoconfiguration and discover border routers needed for teams and + agencies to interconnect. + + For example, Figure 13 shows how police units arriving on a scene + with no network infrastructure can create a wireless network using + vehicle-mounted 802.11 hotspots with one or more cellular, 802.16, or + satellite links in order to reach the Internet. In this example, the + California Highway Patrol sets up an incident management center with + a satellite link to the Internet and vet1 serving network L1. The + Los Angeles County Sheriff team sets up network L1.1 at their field + headquarters, and the Altadena police force creates the L1.2 network + with their mobile units. R2 is the router that serves as an EBG for + border routers X3 and X4, which connect networks L1.2 and L1.1, + respectively. X3 serves vet3, and X4 serves vet2. + + In like manner, the Angeles National Forest creates enterprise + network F1, with the San Gabriel Ranger District setting up + enterprise network F1.1 and the Fire Response Team Enterprise Network + F1.2. R1 and R2 discover one another and become peer EBRs across the + Internet by means of manual configuration. In network L1, individual + PI address prefixes are announced from L1.2 and L1.1 to L1, and R2 + advertises them to the satellite ISP. R1 receives a PA prefix from + its WiMAX provider and delegates parts of the prefix to X1 and X2. + R2 also runs an IGP with R1, advertising the PI prefixes to R1 and + learning the PA prefixes there. + + + + + + + + +Russert, et al. Informational [Page 23] + +RFC 6139 RANGERS February 2011 + + + +------+ + | IPv6 | + |Server| + " " " " " " " "" " " " " " " " " " " " " " " " | S1 | + " Law Enforcement Enterprise Network " +--+---+ + " 2001:DB8:10::/56 (PI) ----------------> " | + " . . . . . . . +--- + . . . . " | + " . =+ X3 +===========. . " +-----+-------+ + " . +----+ v +--- + . v +----+ | + + " . | V += e . . . . e =+ R2 +==+ | + " . +-+--+ t . . +----+ t +----+ | | + " . | 3 . . vet2 + X4 += 1 . " | | + " . H1 . . +----+ . " | | + " . . . . . . . . . . . . . . " | | + " <L1.2> <L1.1> <L1> " | | + " 10/8 10/8 10/8 " | | + " " " " " " " " " " " " " " "" " " " " " " " | Internet | + | | + " " " " " " " "" " " " " " " " " " " " " " " " | | + " USDA Forest Service Enterprise Network " | | + " <----------------- 2001:DB8::/40 (PA) " | | + " . . . . . . . +--- + . . . . " | | + " . =+ X1 +===========. . " | | + " . +----+ v +--- + . v +----+ | | + " . | J += e . . . . e =+ R1 +==+ | + " . +-+--+ t . . +----+ t +----+ | | + " . | 6 . . vet5 + X2 += 4 . " +-----+-------+ + " . H2 . . +----+ . " | + " . . . . . . . . . . . . . . " +--+---+ + " <F1.2> <F1.1> <F1> " | IPv4 | + " 10/8 10/8 10/8 " |Server| + " " " " " " " " " " " " " " "" " " " " " " " | S2 | + +--+---+ + + Figure 13. First-Responder MANET + +4.5.3. Tactical Military MANETs + + Military networks reflect well-defined policy requirements that + differ in many ways from civilian networks. The military's + information security requirements result in information being labeled + into specific classifications. The Bell-LaPadula model + [BELL-LaPADULA] provides a mechanism to extend information security + policy into networked environments. This extension creates + communications security (COMSEC), whose routing and addressing + elements are cleanly supported by RANGER concepts. + + + + + +Russert, et al. Informational [Page 24] + +RFC 6139 RANGERS February 2011 + + + Figure 3 shows that RANGER supports creation of a VET interface + between the enterprise-interior (network) interface of two Enterprise + Border Routers (EBR) located within separate enterprise networks, A + and B. When this concept is applied to enterprise networks operating + above the subnetwork level of the IP Topology Hierarchy, then this + VET interface uses IP-in-IP encapsulation. This corresponds with a + popular COMSEC approach (IPsec -- [RFC4301]). When this same RANGER + concept is applied to enterprise networks operating at the subnetwork + level of the IP Topology Hierarchy, then this corresponds to an older + form of COMSEC (Link Layer Encryption). When the same RANGER concept + is applied to enterprise networks being singleton EBR nodes (i.e., + the interface level of the IP Topology Hierarchy), then this + corresponds to a third military COMSEC alternative (Link Encryption). + + The previous paragraph shows the flexibility of the RANGER + architecture to describe COMSEC approaches in terms of IP Topology + Hierarchy structured relationships. The power of the RANGER + architecture becomes apparent when one recognizes that each of the + entities in Figure 3 may themselves be simple or complex network + structures operating at any specific level of the IP Topology + Hierarchy. (Complex structures refer to architectures that have been + extended by RANGER recursion.) For example, the commons in the + figure may itself be an interface, a subnetwork, an autonomous + system, or an Internet. Enterprise networks A and B can be a single + end system, a subnetwork, an autonomous system, or an Internet. + + Tactical military MANETs differ from traditional networks in many + ways, the most obvious being the high mobility of tactical + deployments and self-forming-network attributes of MANETs themselves. + Because each networked tactical entity supports a radio/router, the + numbers of routers within military MANETs can be orders of magnitude + more numerous (denser) than traditional civilian networks. This + means that even small deployments have comparatively large router + populations when compared to non-MANET deployments. Larger router + populations directly create greater sensitivity to protocol + scalability issues. Router scalability issues are further + exacerbated because IP protocols react unfavorably to signal + intermittence, which effectively dampens and constrains router + scaling even when mitigation techniques are employed. Signal + intermittence itself is a characteristic of mobility and the radio + signal propagation attributes of local deployment environments (e.g., + such issues as terrain, foliage, buildings, weather, distance, etc.). + War fighting also encourages war fighters to locate into more + defensible terrain features, many of which naturally reduce radio + signal propagation, further increasing the probability of signal + intermittence. + + + + + +Russert, et al. Informational [Page 25] + +RFC 6139 RANGERS February 2011 + + + RANGER recursion enables MANETs that naturally encourage route + aggregation and scaling through simple "plug and play" hierarchical + arrangements that parallel organizational structures and do not + entail complex manual configurations. For example, a MANET + autonomous system may benefit from RANGER recursion by being + physically comprised of enterprise networks that are autonomous + systems themselves. This relationship can be recursively extended + vertically as deep as required in order to create route aggregation + between entities having common mission assignments at differing + levels of abstraction. Since MANET routing is an active research + topic, it is helpful to realize that these structures may or may not + use routing protocols similar to their civilian IP Topology Hierarchy + peers. For example, because of the behavior of BGP within highly + mobile environments, the Exterior Gateway Protocol (EGP) used to link + ASs may or may not be BGP and, if it is BGP, it may have unusual + timer settings. However, whatever IGP and EGP is used, RANGER + constructs can increase route aggregation between entities sharing + common mission assignments to enable route scaling. + + Tactical military MANETs often have requirements to communicate with + stationary infrastructures. By localizing mobility into an + enterprise network, the specific mobility-friendly protocols can then + be localized and their aggregation results presented to the + stationary network using a protocol supported by the stable network. + This also reduces the impact of mobility upon routing and addressing + systems as reported to the stationary infrastructure. Mobility- + induced route fluctuations (e.g., routing flaps) can still occur, but + their impact can be dampened if RANGER constructs are used to + localize them in lower tiers of the IP Topology Hierarchy. For + example, enterprise network A in Figure 3 can be a military MANET, + and enterprise network B may be a stationary military entity. Recall + that enterprise networks A and B interface at a specific IP Topology + Hierarchy level, but they may be physically extended by RANGER + mechanisms. For example, enterprise network A can be a MANET + enterprise that is physically a network-of-networks Internet that + interfaces to enterprise network B as if it were an autonomous + system. This gives enterprise network B a more stable and aggregated + view of the enterprise network A Internet than would be the case if + it were directly aware of A's various sub-enterprise components. + + Another key distinctive feature of tactical military networks is + that, because radio networks operate at a different classification + level than the data they convey, tactical military networks have + several orders of magnitude more COMSEC devices than do equivalently + sized stationary military deployments (i.e., the number of COMSEC + devices is a function of the number of mobile war-fighting entities). + This can create significant scalability issues within the overlay + COMSEC network relationships themselves. COMSEC scaling problems are + + + +Russert, et al. Informational [Page 26] + +RFC 6139 RANGERS February 2011 + + + manifested in several dimensions. It is important to recognize, + however, that just as RANGER recursion was used vertically to create + IP Topology enterprise-within-enterprise structures in order to + improve routing aggregation and scaling, so RANGER recursion allows + for authorization of route-optimized transactions between peer + enterprises (within the same IP Topology Hierarchy level) to improve + COMSEC aggregation and scaling of the network overlay system. The + RANGER use of VET also combines with the Subnetwork Encapsulation and + Adaptation Layer (SEAL) to provide robust packet identification and + maximum transmission unit (MTU) link adaptation services over + tunnels. These capabilities protect against both source address + spoofing and black holes caused by MTU limitations. + +4.6. Provider Concerns + + Network providers must have a way to support the protocol transitions + and network types mentioned above and still remain reliable and + financially sound. The RANGER architecture provides ways to support + general Internet Service Providers (ISPs), cellular operator + networks, and specialized networks such as the Aeronautical + Telecommunications Network (ATN). + +4.6.1. ISP Networks + + Internet service provider networks provide a commons for the + connection of Customer Premises Equipment (CPE) routers [CPE-RTRS] + that connect arbitrarily complex customer networks. This is true + whether the ISP permits direct customer-to-customer communications, + or whether all communications are forwarded through ISP provider-edge + equipment. + + The ISP commons must potentially support hundreds of thousands of CPE + routers (or more); hence the ISP may be obliged to assign private + IPv4 address allocations (i.e., instead of public) as RLOCs for CPE + routers. This gives rise to a "nested NATs" scenario, which can + increase the overall brittleness brought on by NAT traversal. + + To address this brittleness, the ISP can deploy "Carrier-Grade NATs" + (CGNs) [INCR-CGN] that provide a second level of RLOC address + translation on the path from the CPE to the Internet. When the CGNs + are also configured as EBGs, CPE routers can discover them as default + routers for reaching EID-based services using the EBG discovery + mechanisms specified in VET. + + "Scenarios and Analysis for Introducing IPv6 into ISP Networks" + [RFC4029] discusses both ISP backbone network and customer connection + transition considerations; however, this document considers router- + to-router tunneling use cases. Therefore the ISATAP mechanism (which + + + +Russert, et al. Informational [Page 27] + +RFC 6139 RANGERS February 2011 + + + only supports host-to-router or host-to-host tunneling) is not + mentioned as a candidate technology. Early point solutions (e.g., + the Tunnel Setup Protocol (TSP) [RFC5572], the Simple IPv6-in-IPv4 + Tunnel Establishment Procedure (STEP) [STEP], etc.) were recommended. + This document suggests that RANGER, VET, and SEAL would also be + suitable solutions in these networks. + +4.6.2. Cellular Operator Networks + + [RFC4215] provides a (dated) "Analysis on IPv6 Transition in Third + Generation Partnership Project (3GPP) Networks". It envisions an + extended period of support for both IPv4 and IPv6 protocols in the + operator network. User Equipment (UE) uses the Packet Data Protocol + (PDP) context to establish tunnels through the operator network to a + Gateway General Packet Radio Service (GPRS) Support Node (GGSN). + RANGER could be used in 3GPP transition; when the UE uses IPv6, and + the PDP context is established across an IPv4 provider network, the + UE can configure itself as an EBR and contact the GGSN (as a RANGER + EBG) through VET tunneling. + + Other [RFC4215] scenarios examine IPv4-only UEs, IPv6-only UEs, and + various combinations of IPv4 and IPv6 within the operator network. + Also to be considered are scenarios in which the UE is configured as + a router or bridge that connects an end system such as a laptop + computer. In that case, the UE could be the first-hop router/bridge + into the cellular provider network, and the laptop computer could be + configured as an EBR in the RANGER model. Again, the GGSN or a + device reachable through the GGSN could serve as a RANGER EBG. + +4.6.3. Aeronautical Telecommunications Network (ATN) + + The Aeronautical Telecommunications Network (ATN) is currently based + on the OSI and IPv4 protocols and is deployed only in limited areas. + The future ATN under consideration within the civil aviation industry + will be IPv6-based. The IP variant of ATN is expected to take the + form of a worldwide enterprise network that internally comprises an + aeronautical-only Internet that has additional external interfaces to + the global Internet. Within the ATN, there may be many Air + Communications Service Provider (ACSP) and Air Navigation Service + Provider (ANSP) networks that are internally organized either as + autonomous systems or internets within the ATN, i.e., as depicted in + Figure 5. Each of these entities may themselves be further + internally subdivided into lower-tier enterprise networks organized + as regional, organizational, or functional compartments. It is + important to note that while ACSPs and ANSPs within the ATN will + share a common objective of safety-of-flight for civil aviation + services, enterprise networks may have competing business, social, or + political interests that require that components be distinct ASs. + + + +Russert, et al. Informational [Page 28] + +RFC 6139 RANGERS February 2011 + + + The RANGER principles therefore support collaborative objectives + while allowing very diverse local policy distinctions. In this + manner, entities that do not trust each other can create + collaborative infrastructures to achieve common goals. + + Operational associations like this will characterize many future + deployments, including the US Department of Defense's Global + Information Grid (GIG). In particular, although the routing and + addressing arrangements of all enterprise networks require a mutual + level of cooperative active management at a certain level, scaling + issues, security policy differences, free market forces, + organizational differences, political distinctions, or other factors + may create internal competition among entities that otherwise share + common goals. This will require different enterprise networks within + that association to be separated into distinct ASs that are linked + within their own functional Internet relationship. + + The ATN illustrates transition from OSI protocols to IPv6. It must + support mobility (see Section 4.5.1), and it serves many government + and private entities that cooperate to provide safe and efficient air + travel while often competing with one another. One possible way to + meet these needs with RANGER is to create an overlay using IP-in-IP + tunneling across the Internet, as illustrated in Figure 14. The aero + overlay forms an enterprise network, so that inner packets from ACSP + and ANSP edge networks that travel between VET interfaces on EBRs see + their passage across the Internet as only one hop. + + _...--------------------------------------..._ + / \ + ( IPv4 Internet ) + -...________________________________________...- + | / | \ | + | / | \ | + _...--------------------------------------..._ + / \ + ( Aero Overlay ) + -...________________________________________...- + . . . . . . + . . . . . . + _...-------.._ _...-------.._ _...-------.._ + / \ / \ / \ + ( ACSP1 ) ( ANSP ) ( ACSP2 ) + -...________...- -...________...- -...________...- + + Figure 14. Aeronautical Overlay + + + + + + +Russert, et al. Informational [Page 29] + +RFC 6139 RANGERS February 2011 + + + Each Aeronautical Communications Service Provider (ACSP), and + Aeronautical Navigation Service Provider (ANSP) constitute an + enterprise network recursively nested below the aero overlay. + Relationships between the various enterprise networks can vary from + slight to tight integration. In the example, the ACSP and ANSP might + choose to exchange full routing information for their edge networks + using a coordinated global-scope RLOC address space across which ACSP + and ANSP EBRs can route traffic without further mapping lookups or + re-encapsulation at intermediate EBRs. Other enterprise networks + that have the aero network as a common parent may not have any + knowledge of each other's interior routing but will merely forward + packets on a default route up to the aero overlay. + + The ATN is currently an OSI network but is projected to transition to + IPv6 over time. RANGER can bridge OSI networks together across the + IPv4 (or IPv6) Internet, or bridge IPv4 or IPv6 networks across an + OSI network. A pair of EBRs that have IP interfaces on a common + enterprise network (whether it is the Internet, the aero network, or + another parent or child enterprise network) can support + communications between their attached OSI edge networks by looking up + ISO network service access point (NSAP) addresses [IS8348] instead of + IP addresses for RLOC mappings. OSI ConnectionLess Network Protocol + (CLNP) [IS8473] packets can therefore be encapsulated within IPv4 (or + IPv6) headers for transmission across an Internet Protocol enterprise + network. Some OSI networks may transition to IPv6 addressing + [RFC4548] while applications are adapted by using RFC 2126 [RFC2126] + to carry OSI upper layers over TCP/IP, with the resulting IP packets + carried across and between RANGER enterprises in the normal way. + Another approach is to use subnetwork convergence to tunnel OSI + network protocol data units over Internet Protocol networks + [RFC1070]. + + Figure 15 depicts an ACSP and ANSP connected via an IPv4 aero + overlay. Host H represents a system onboard an aircraft that has a + wireless link to the ACSP, connected via an enterprise-edge network + interface on EBR F within the ACSP enterprise network. H resides on + an IPv6 edge network, and its EID is taken from the ACSP IPv6 prefix. + H needs to send a query to server S in the ANSP enterprise network. + H starts by sending a DNS query to the server at G, and in return it + receives the EID of server S. H then creates an IPv6 packet with + source EID(H) and destination EID(S) and forwards it to its default + router, F. F consults G for a mapping from EID(S) to the appropriate + RLOC. In this case, EBR F encapsulates the IPv6 packet in an IPv6 + outer packet and forwards the packet to its default EBG, A. A + decapsulates the packet and looks up the destination EID(S) by + querying the DNS server at EBR B. B returns a mapping with the RLOC + of EBR E. A encapsulates the IPv6 inner packet in an IPv4 outer + packet with source RLOC(A) and destination RLOC(E). The packet is + + + +Russert, et al. Informational [Page 30] + +RFC 6139 RANGERS February 2011 + + + forwarded via EBRs C and D in the aero overlay until it reaches E, + where it is decapsulated. E consults its cache of EID/RLOC mappings + and finds that the EBR for S is N. E encapsulates the packet in an + IPv6 packet with source RLOC(E) and destination RLOC(N). When the + packet reaches N, it is decapsulated, and the inner IPv6 packet is + forwarded on the edge network to the server, S. + + _...--------------------------------------..._ + / (B) (D) \ + ( Aero Overlay (IPv4) ) + -...________________________________________...- + . . . + (A) (C) . + . . . + _...------------------------.._ (E) + / \ . + / (F) \ . + ( [H] ACSP (IPv6) ) . + \ (G) / . + \...__________________________... . + . + _...------------------------.._ + / \ + / (M) (N) \ + ( ANSP (IPv6) ) + \ [S] / + \...__________________________... + + Figure 15. Packet Forwarding for Aeronautical Networks + +4.6.4. Unmanaged Networks + + "Evaluation of IPv6 Transition Mechanisms for Unmanaged Networks" + [RFC3904] considers four cases for support of IPv6-enabled routers + and end systems connected to an ISP network via a gateway: + + a. a gateway that does not provide IPv6 at all; + + b. a dual-stack gateway connected to a dual-stack ISP; + + c. a dual-stack gateway connected to an IPv4-only ISP; and + + d. a gateway connected to an IPv6-only ISP. + + Case a is typified by the widespread practice of customer networks + using IPv4-only NAT boxes to connect to their service providers. + RANGER does not address this scenario directly; however, the Teredo + mechanism [RFC4380] can provide a sufficient solution in many cases. + + + +Russert, et al. Informational [Page 31] + +RFC 6139 RANGERS February 2011 + + + Case d is a scenario that has not yet seen widespread adoption. In + this scenario, the customer network could be configured as IPv6 only, + and the deployment could be considered as an IPv6-only extension to a + RANGER enterprise-edge network. End systems in this scenario would + still require support for legacy IPv4-only applications, and if the + customer network contained IPv4-only routers and end systems the + RANGER encapsulation mechanisms would still apply. + + Cases b and c correspond to the scenario of the customer gateway to + the ISP becoming an IPv6 router. In that case, the gateway could + become a RANGER EBR, and the scenario becomes the same as the SOHO + network use cases discussed in Section 4.3. In particular, when + traditional home network IPv4 NAT boxes are updated to also support + IPv6 routing, the NAT box becomes a RANGER EBR. + +5. Mapping and Encapsulation Concerns + + Mapping and encapsulation concerns related to RANGER have been + discussed in Section 3.7 of [RFC5720]. These include effects of + mapping systems to application traffic, the need to secure the + mapping system, MTU effects, and the ability of legacy Internet + networks to connect to those employing RANGER. + +6. Problem Statement and Call for Solutions + + The scenarios discussed in this document have not closely examined + future growth of the native IPv6 and IPv4 Internets independently of + any growth in RANGER overlay networking. For example, it is likely + that current-day major Internet services that support millions of + customers simultaneously (e.g., Google, Yahoo, eBay, Amazon, etc.) + will continue to be served best by native Internet routing and + addressing rather than by overlay network arrangements that require + dynamic mapping state coordination. At the same time, however, more + and more small end user networks will wish to use provider- + independent addressing for multihoming via multiple ISPs as well as + support traffic engineering and mobility management. + + These requirements call for an overlay network solution that is + compatible with both RANGER and the IPv6 and IPv4 native Internet + routing system without adversely affecting Internet routing scaling. + The solution must avoid the mapping and encapsulation concerns + discussed in Section 3.7 of [RFC5720]; for example, it must provide + generally shortest path routing without imparting unacceptable delays + for initial packets. The solution must further provide mobility + management capabilities for mobile end user networks that can take + + + + + + +Russert, et al. Informational [Page 32] + +RFC 6139 RANGERS February 2011 + + + advantage of route optimization while requiring no modifications to + end systems. Finally, the solution must be based on a business model + that allows end user networks to obtain Internet access services from + multiple ISPs simultaneously with support for traffic engineering and + fault tolerance. + +7. Summary + + The Internet today can be considered as a giant enterprise network, + with nodes in the Internet addressed from the public IPv4 address + space as RLOCs. Due to the 32-bit addressing limitations of IPv4, + however, continued expansion has occurred through the widespread + deployment of IPv4 Network Address Translators (NATs) while IPv6 has + yet to see wide adoption. + + In many senses, however, this has resulted in a degenerate + manifestation of the network-of-networks model originally envisaged, + e.g., in the Catenet model. Indeed, these NATed domains have the + external appearance of being a simple host within the global Internet + RLOC space even though they may be proxying for arbitrarily large + networks of end systems. The end result is a loss of transparency in + the end-to-end model; it is no longer true that any node in the + Internet can directly address any other node. + + RANGER enables a true network-within-network (or enterprise-within- + enterprise) framework. This is true even across a wide array of + deployment scenarios as documented here, and even for networks- + within-networks that may be recursively nested to an arbitrary depth. + RANGER therefore brings a unifying architecture applied consistently + across all layers of recursion, rather than a mixed bag of point + solutions that may or may not be mutually compatible. When coupled + with an overlay network solution that supports coexistence with the + IPv6 and IPv4 native Internet routing systems, a unified future + Internet architecture is possible. + +8. Security Considerations + + Security considerations are addressed in [RFC5720], [RFC5558], and + [RFC5320]. While the RANGER architecture does not in itself address + security considerations, it proposes an architectural framework for + functional specifications that do. Security concerns with tunneling, + along with recommendations that are compatible with the RANGER + architecture, are found in [TUNNEL-SEC]. Security considerations for + specific use cases are discussed there. + + + + + + + +Russert, et al. Informational [Page 33] + +RFC 6139 RANGERS February 2011 + + +9. Acknowledgements + + This work was inspired by the original architectural principles of + the Internet supplemented with "lessons learned" by many peers from + actual Internet deployments and experience developing encapsulation + protocols. The editors acknowledge that they are furthering work + initiated by many. + +10. References + +10.1. Normative References + + [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, + September 1981. + + [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 + (IPv6) Specification", RFC 2460, December 1998. + + [RFC5720] Templin, F., "Routing and Addressing in Networks with + Global Enterprise Recursion (RANGER)", RFC 5720, February + 2010. + +10.2. Informative References + + [APT] Jen, D., Meisel, M., Massey, D., Wang, L., Zhang, B., and + L. Zhang, "APT: A Practical Transit Mapping Service", + Work in Progress, November 2007. + + [BEHAVE-v6v4] + Baker, F., Li, X., Bao, C., and K. Yin, "Framework for + IPv4/IPv6 Translation", Work in Progress, August 2010. + + [BELL-LaPADULA] + Bell, D. and L. LaPadula, "Secure Computer Systems: + Mathematical Foundations and Model", October 1974. + + [CATENET] Pouzin, L., "A Proposal for Interconnecting Packet + Switching Networks", May 1974. + + [CPE-RTRS] Singh, H., Beebee, W., Donley, C., Stark, B., and O. + Troan, Ed., "Basic Requirements for IPv6 Customer Edge + Routers", Work in Progress, December 2010. + + [GROW-VA] Francis, P., Xu, X., Ballani, H., Jen, D., Raszuk, R., + and L. Zhang, "FIB Suppression with Virtual Aggregation", + Work in Progress, August 2010. + + + + + +Russert, et al. Informational [Page 34] + +RFC 6139 RANGERS February 2011 + + + [HUSTON-END] + Huston, G., "The End of the (IPv4) World is Nigher!", + July 2007. + + [IEN48] Cerf, V., "The Catenet Model for Internetworking", July + 1978. + + [INCR-CGN] Jiang, S., Guo, D., and B. Carpenter, "An Incremental + Carrier-Grade NAT (CGN) for IPv6 Transition", Work in + Progress, March 2009. + + [IPv4POOL] Hain, T., "The IPv4 Address Pool Projection", April 2009. + + [IS8348] International Organization for Standardization, + International Electrotechnical Commission, "Open Systems + Interconnection -- Network service definition", 2002. + + [IS8473] International Organization for Standardization, + International Electrotechnical Commission, "Protocol for + providing the connectionless-mode network service: + Protocol specification", 1998. + + [LISP] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, + "Locator/ID Separation Protocol (LISP)", Work in + Progress, March 2009. + + [RADIR-PROB-STATE] + Narten, T., "On the Scalability of Internet Routing", + Work in Progress, February 2010. + + [RFC1035] Mockapetris, P., "Domain names - implementation and + specification", STD 13, RFC 1035, November 1987. + + [RFC1070] Hagens, R., Hall, N., and M. Rose, "Use of the Internet + as a subnetwork for experimentation with the OSI network + layer", RFC 1070, February 1989. + + [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - + Communication Layers", STD 3, RFC 1122, October 1989. + + [RFC1380] Gross, P. and P. Almquist, "IESG Deliberations on Routing + and Addressing", RFC 1380, November 1992. + + [RFC1753] Chiappa, N., "IPng Technical Requirements Of the Nimrod + Routing and Addressing Architecture", RFC 1753, December + 1994. + + + + + +Russert, et al. Informational [Page 35] + +RFC 6139 RANGERS February 2011 + + + [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G., + and E. Lear, "Address Allocation for Private Internets", + BCP 5, RFC 1918, February 1996. + + [RFC1955] Hinden, R., "New Scheme for Internet Routing and + Addressing (ENCAPS) for IPNG", RFC 1955, June 1996. + + [RFC2126] Pouffary, Y. and A. Young, "ISO Transport Service on top + of TCP (ITOT)", RFC 2126, March 1997. + + [RFC2131] Droms, R., "Dynamic Host Configuration Protocol", + RFC 2131, March 1997. + + [RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over + IPv4 Domains without Explicit Tunnels", RFC 2529, March + 1999. + + [RFC2767] Tsuchiya, K., Higuchi, H., and Y. Atarashi, "Dual Stack + Hosts using the "Bump-In-the-Stack" Technique (BIS)", + RFC 2767, February 2000. + + [RFC2775] Carpenter, B., "Internet Transparency", RFC 2775, + February 2000. + + [RFC3194] Durand, A. and C. Huitema, "The H-Density Ratio for + Address Assignment Efficiency An Update on the H ratio", + RFC 3194, November 2001. + + [RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins, + C., and M. Carney, "Dynamic Host Configuration Protocol + for IPv6 (DHCPv6)", RFC 3315, July 2003. + + [RFC3775] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support + in IPv6", RFC 3775, June 2004. + + [RFC3904] Huitema, C., Austein, R., Satapati, S., and R. van der + Pol, "Evaluation of IPv6 Transition Mechanisms for + Unmanaged Networks", RFC 3904, September 2004. + + [RFC4029] Lind, M., Ksinant, V., Park, S., Baudot, A., and P. + Savola, "Scenarios and Analysis for Introducing IPv6 into + ISP Networks", RFC 4029, March 2005. + + [RFC4038] Shin, M-K., Ed., Hong, Y-G., Hagino, J., Savola, P., and + E. Castro, "Application Aspects of IPv6 Transition", + RFC 4038, March 2005. + + + + + +Russert, et al. Informational [Page 36] + +RFC 6139 RANGERS February 2011 + + + [RFC4057] Bound, J., Ed., "IPv6 Enterprise Network Scenarios", + RFC 4057, June 2005. + + [RFC4192] Baker, F., Lear, E., and R. Droms, "Procedures for + Renumbering an IPv6 Network without a Flag Day", + RFC 4192, September 2005. + + [RFC4215] Wiljakka, J., Ed., "Analysis on IPv6 Transition in Third + Generation Partnership Project (3GPP) Networks", + RFC 4215, October 2005. + + [RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A + Border Gateway Protocol 4 (BGP-4)", RFC 4271, January + 2006. + + [RFC4301] Kent, S. and K. Seo, "Security Architecture for the + Internet Protocol", RFC 4301, December 2005. + + [RFC4380] Huitema, C., "Teredo: Tunneling IPv6 over UDP through + Network Address Translations (NATs)", RFC 4380, February + 2006. + + [RFC4472] Durand, A., Ihren, J., and P. Savola, "Operational + Considerations and Issues with IPv6 DNS", RFC 4472, April + 2006. + + [RFC4548] Gray, E., Rutemiller, J., and G. Swallow, "Internet Code + Point (ICP) Assignments for NSAP Addresses", RFC 4548, + May 2006. + + [RFC4795] Aboba, B., Thaler, D., and L. Esibov, "Link-local + Multicast Name Resolution (LLMNR)", RFC 4795, January + 2007. + + [RFC4852] Bound, J., Pouffary, Y., Klynsma, S., Chown, T., and D. + Green, "IPv6 Enterprise Network Analysis - IP Layer 3 + Focus", RFC 4852, April 2007. + + [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless + Address Autoconfiguration", RFC 4862, September 2007. + + [RFC5214] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site + Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214, + March 2008. + + [RFC5320] Templin, F., Ed., "The Subnetwork Encapsulation and + Adaptation Layer (SEAL)", RFC 5320, February 2010. + + + + +Russert, et al. Informational [Page 37] + +RFC 6139 RANGERS February 2011 + + + [RFC5558] Templin, F., Ed., "Virtual Enterprise Traversal (VET)", + RFC 5558, February 2010. + + [RFC5572] Blanchet, M. and F. Parent, "IPv6 Tunnel Broker with the + Tunnel Setup Protocol (TSP)", RFC 5572, February 2010. + + [RFC5579] Templin, F., Ed., "Transmission of IPv4 Packets over + Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) + Interfaces", RFC 5579, February 2010. + + [RFC5887] Carpenter, B., Atkinson, R., and H. Flinck, "Renumbering + Still Needs Work", RFC 5887, May 2010. + + [RFC5944] Perkins, C., Ed., "IP Mobility Support for IPv4, + Revised", RFC 5944, November 2010. + + [RFC6115] Li, T., Ed., "Recommendation for a Routing Architecture", + RFC 6115, February 2011. + + [STEP] Savola, P., "Simple IPv6-in-IPv4 Tunnel Establishment + Procedure (STEP)", Work in Progress, January 2004. + + [TUNNEL-SEC] + Krishnan, S., Thaler, D., and J. Hoagland, "Security + Concerns With IP Tunneling", Work in Progress, October + 2010. + + + + + + + + + + + + + + + + + + + + + + + + + +Russert, et al. Informational [Page 38] + +RFC 6139 RANGERS February 2011 + + +Authors' Addresses + + Steven W. Russert (editor) + 1078 Ridge Crest Dr. + Wenatchee, WA 98801 + USA + + EMail: russerts@hotmail.com + + + Eric W. Fleischman (editor) + Boeing Research & Technology + P.O. Box 3707 MC 7L-49 + Seattle, WA 98124 + USA + + EMail: eric.fleischman@boeing.com + + + Fred L. Templin (editor) + Boeing Research & Technology + P.O. Box 3707 MC 7L-49 + Seattle, WA 98124 + USA + + EMail: fltemplin@acm.org + + + + + + + + + + + + + + + + + + + + + + + + + +Russert, et al. Informational [Page 39] + |