So far the interfaces are used to connect to IPv4 network and hence used to accept only IPv4 addressing. IPv6 networks in Enterprises are becoming common. Now interfaces need to be configured with IPv6 addresses and provide IPv6 addresses to local network machines. Configuration is becoming complex. But understanding the concepts makes it easier. This article tries to provide requirements from both IPv4 and IPv6 perspective on LAN and WAN interfaces. I hope that this article is useful for both developers and administrators.
LAN Interfaces: Routers have following types of LAN interfaces that take IP addresses.
- Ethernet Interfaces : Some Ethernet interfaces may become part of Bridge interface. If the interface becomes part of bridge i.e bridge port, then it is no longer called LAN interface. It is simply called bridge port. Similarly, if the interface becomes part of bonding interface, then also the interface is not called LAN interface.
- Bonding Interfaces: Multiple Ethernet interfaces are bonded together into one interface.
- VLAN interfaces : This is reverse of Bonding interface. Here one Ethernet interface is divided into multiple LAN interfaces. VLAN ID is used to de-multiplex incoming traffic to different interfaces. Since VLAN is used, these interfaces are called VLAN interfaces.
- Bridge Interfaces : Multiple Ethernet interfaces become a bridge interface using 802.1D protocol. These are also LAN interfaces.
- Multiple IPv4 addresses (Address, Subnet) can be configured to enable multiple IPv4 networks on the same physical LAN.
- DHCP IPv4 Server Configuration : LAN interface can be configured to serve the IP addresses to machines in the LAN. There are multiple requirements here.
- There are multiple different types of LAN machines - VOIP phones, Media Servers, Desktops, Laptops, Smart phones etc.. Each type of machine might have different kinds of QoS requirements. By providing IP addresses from different ranges of IP addresses to each type of LAN machines, QoS policies can be configured easily by having QoS rules with appropriate IP address range. It is my understanding that different types of machines send 'Vendor Class identifier' differently. This can be used to select the IP address range to server IP address. There are other options that can be used to select the IP address range. So, the DHCP Server configuration on the LAN interface should have facility to take multiple IP address ranges with associated DHCP Option values. Ofcourse, it also should take default IP address range that can be used to serve IP addresses when the DHCP client sends options and values that don't match the conditions set on the server side.
- DHCP server is not only used to assign the IP address, but also other IP configuration such as DNS Server IP addresses, WINS Server IP address, Default Router IP addresses etc.. Some of these can be configured manually at the server. But some of them might need to be learnt from the WAN connections. But note that WAN connections may not be UP when the LAN machines connect to the DHCP Server. In these cases, it is necessary that 'lease time' is set to very less time (such as few minutes) so that the client initiates the DHCP connection again. When all the information is available with DHCP Server (ie when the WAN connection is UP), then it can give higher lease time to the DHCP clients. In IPv4 world, typically DNS Servers from WAN are not propagated to DHCP clients. DNS Servers are configured in local DNS relay and provide local LAN interface IP address as DNS Server to DHCP Clients. There by, there is no dependency on when the WAN connection is UP.
- Yet times, there may be DHCP Server elsewhere. In this case, it is possible to set up DHCP relay on the LAN Interface.
- Some network devices also have DNS Proxy/Relay. In these cases, it is expected that the DHCP Server upon giving lease to a machine configures the FQDN with the given IP address in the DNS Proxy/relay.
- In addition to configuration, it is required that the device provides statistics information and listing of 'attached devices (dhcp leases).
- Dynamic Routing configuration: In Enterprises, configuration of static routes in each device is discouraged. Typically RIP or OSPF are used to learn the routes. So, it is required to configure any thing necessary to enable routing protocol on the interface.
- Some operating systems don't give flexibility of configuring the name of interface. So, it is good if some facility is provided for administrator to configure interface label and let the operating system choose the interface name. This label can be intuitive name. Any other configuration (such as creating routes etc..) requiring LAN interface can be referred by 'interface label'.
- Multiple IPv6 addresses can be configured statically.
- IPv6 address assignment : In IPv4 world, DHCP Server is only way to serve the IP address and other networking information to the machines in LAN. In IPv6 world, IP address information is served in two ways - DHCP Server and using SLAAC (State less Auto Address configuration).
- SLAAC: IPv6 prefixes to be advertised can be configured. It is expected that the machines create its own IP address with this prefix and rest of it from the MAC address of the interface. Router advertises the prefixes in RA (Router Advertisement) messages. Rest of networking information (such as DNS Servers etc..) is normally served via DHCP Server. Since DHCP Server is not assigning IP addresses, this scheme is called DHCP Stateless configuration as described in RFC 3736. In some deployments, the prefixes that need to be advertised to the local clients need to be derived from the prefixes WAN connections gets from the ISP. Since there could be many WAN interfaces, there can be a requirement to configure the WAN interface label from which to derive the prefixes.
- DHCP Server configuration: Here it is similar to IPv4 DHCP Server. There are some minor differences. In Ipv4, all the time the IP address ranges are configured by administrator. But in this case, IPv6 prefixes are learnt from the WAN connections. As indicated above as part of SLACC, it may be required to configure the WAN interface label from which to derive the prefixes and other information. DHCP Server is specified in RFC 3315.
- As discussed above, if WAN connection is not UP, then the internal machines will not be advertised with the prefixes and hence internal machines may not be able to communicate among themselves. Note that Link local addresses are not expected to be used by applications. Link local addresses are expected to be used only for Neighbor discovery and Route discovery protocols. It is not good if local machines can't communicate among themselves if there is no WAN connectivity. Of course, there is no issue if the global prefixes are known and configured statically. In other cases where WAN connectivity provides the prefixes, a provision is made to assign ULA (Unicast Local Address) and is described in RFC 4193. This particular ULA prefix configured should be same across the reboots of the CPE device. Though the ULA prefix is generated using random number, it should be saved so that it stays across reboots. Due to randomization, this prefix may be unique, but there is no surety. Hence it is necessary that addresses starting with FC00:/7 are filtered out at the site boundary router towards Internet. But note that these can be used for inter-site VPN. For all practical purposes, this is like any globally unicast prefix. Note that, this address can co-exist along with other global unicast addresses which the router advertises to the local LAN machines.
- Multiple physical interfaces can be WAN devices.
- There are some kinds of WAN connections that require physical interface to be used such as PPPoE and normal IP connections. There are some WAN connections which send data based on routing information such as IPSec-IRAC and PPTP.
- Each WAN device might have multiple WAN connections. Each WAN connection itself becomes an interface.
- Each WAN Connection can be configured to make connections to ISP using one of following:
- IP Connection
- PPP - PPPoE, PPTP
- IPsec - IRAC
- Each WAN Device mostly would have statistics information and very less configuration. Statistics information mainly contains packets or bytes sent/received, interface label etc..
- IP Connection Mode:
- WAN Device : Identified by Interface label. This connection uses this WAN Device.
- IPv4 Addressing
- Sub Modes: Static, Dynamic.
- Static: Multiple IPv4 addresses with each IPv4 address having associated Subnet prefix.
- Dynamic (DHCP Client) Mode: It should request for IPv4 address, prefix, DNS Servers, WINS Servers, SNTP Servers. It is also should be possible for administrator to enter other options (for send and receive) such as Vendor Class Identifier. The DNS Servers which it gets are typically programmed in DNS Relay.
- IPv6 Addressing : This is some what complex compared to IPv4.
- Sub Modes: Static, Dynamic Static IPv6 addresses can be configured.
- In Dynanic mode, it starts with SLACC (RFC 4862). If the upstream router indicates the address needs using stateful way(M flag), then DHCP client is initiated with IA_NA option. DHCP Stateful addressing (RFC 3315) and DHCP Prefix Delegation (RFC 3633) is always required to get other networking information (DNS Servers, SNTP Servers, SIP Servers etc..). Prefixes which it gets would be used to divide across multiple LAN interfaces. The division to be used can be configured. As in IPv4, it should also take configuration for options that need to be sent or received. Note that DNS Server information may be used by LAN Device DHCP Server and hence it should be possible for the CPE device to program the LAN Device DHCP Server or SLAAC server with learnt prefixes and DNS Servers. Note that, if IA_NA option is not fulfilled by the server, it should assign one of the IP address from delegated prefixes to the WAN interface.
- PPP Connection:
- Sub Modes: PPPoE, PPTP
- WAN Device Interface Label: WAN Device to use. Valid only if it is PPPoE. In case of PPTP, it uses interface identified by routing entry which itself is found using PPTP Server IP address.
- Generic PPP Configuration required:
- User name, password in case of PAP/CHAP
- Other PPP information (Like MTU, MRU, Compression Control etc..)
- Sub Mode Specific configuration:
- In case of PPPoE: AC Name, Service Name etc..
- In case of PPTP: PPTP Server IP address and other information.
- IPv4 Addressing:
- Static or dynamic.
- It also can get DNS Server IP addresses. As in 'IP Connection' mode, these addresses can be programmed in DNS Relay.
- IPv6 Addressing
- Using PPP, only link local addresses are negotiated.
- Using RA (SLAAC), it can get the Prefixes. If O flag is set, it gets DNS and other information via DHCP.
- If RA indicates M=1, then it tries to get the IP address using DHCP IA_NA.
- In any case, it initiates DHCP PD to get the prefixes.
- If IA_NA is not successful, it uses one IP from the prefixes and assigns to its interface.
- Only configuration require for above operation is to configure DHCP options to send and receive.
- IPsec-IRAC Mode (RFC 5739) :
- IPv4 Addressing:
- If enabled, it gets the IP address and gets used as NAT IP address.
- IPv6 Addressing:
- All IKE and SPD policy rule configuration is required to be configured.
- As part of IRAC, it is expected to get the IPv6 prefixes and DHCP Server IP address.
- Using DHCP Stateless configuration, it gets other networking information.
- As in other modes, it assigns the prefixes to LAN Devices (SLAAC and DHCP Server configuration of LAN Devices) and also programs the DNS Servers in DHCP Servers of LAN Devices.
- Like any good data model, there should be enough information provided to administrator :
- Statistics
- Dynamic information that is learnt.
No comments:
Post a Comment