1. Cisco Public 1 Eric Vyncke, Distinguished Engineer Cisco Systems evyncke@cisco.com

2. Cisco Public 2 What is home networking? Security Multi-homing Routing Addressing & renumbering Naming Service Discovery Most graphics and texts come from IETF presentations

3. Cisco Public 3 Home/residential networks are more and more complex Guest WLAN IEEE 802.15.4 (which is not bridgeable with Ethernet) Segmentation: building automation, teleworker environment IPv6 and the absence of NAT HOMENET Working Group created after IETF 80 (Prague) April 2011 Requirements IPv6 is a MUST, IPv4 a MAY Architecture NO NEW protocol except when required and after IESG approval Liaison with V6OPS, DNSEXT, DHC + Broadband Forum, UPnP, …

4. Cisco Public 4 Many are developed with razor-thin margins Massive dependence on publicly available source code Large and diverse set of vendors Managed by an ISP, or not managed at all Very low bar for protocol complexity, configuration buttons, Etc.

5. Cisco Public 5 http://thingsonip.blogspot.com/2012/04/home-networks-by-magic.html

6. Cisco Public 6

7. 7 Avoid manual configuration where possible May be “secrets” to set for shared area, WLAN, etc. Allow for differing ISP practices May get varying prefix lengths by PD Allow internal operation independent of ISP Keep using the prefixes you have, even if connectivity goes down Can take this even beyond leases... inappropriate but known to work... Some ways to discover the ISP border Manual configuration “Connect this port to the ADSL modem” Obvious ISP interface: PPPoE, xDSL, Cable Modem, … Probing, e.g., ISP interface has DHCPv6 PD but no routing ISP-managed CPE router knows this a priori

8. Cisco Public 8 What should I allow?

9. Cisco Public 9 IPv6 could lift the NAT hurdles on application by restoring end-to- end because of IPv6 global addresses RFC 6204 specifies two modes Allow outbound and block inbound (à la NAT) Allow both inbound and outbound draft-vyncke-advanced-ipv6-security (expired) Use modern techniques (SSL interception, address reputation, content inspection – signature based, regular update of software based) Allow both inbound and outbound while staying secure

10. Cisco Public 10 +-------+-------+ +-------+-------+ \ | Service | | Service | \ | Provider A | | Provider B | | Service | Router | | Router | | Provider +------+--------+ +-------+-------+ | network | | / | Customer | / | Internet connections | / | | +------+--------+ +-------+-------+ \ | IPv6 | | IPv6 | \ | Customer Edge | | Customer Edge | \ | Router 1 | | Router 2 | / +------+--------+ +-------+-------+ / | | / | | | End-User ---+---------+---+---------------+--+----------+--- | network(s) | | | | \ +----+-----+ +-----+----+ +----+-----+ +-----+----+ \ |IPv6 Host | |IPv6 Host | | IPv6 Host| |IPv6 Host | / | | | | | | | | / +----------+ +----------+ +----------+ +----------+ Customer Edge Router can also be shared by the two Service Providers (xDSL and 4G back-up) Teleworking through a VPN is actually multi-home

11. Cisco Public 11 draft-acee-ospf-ospfv3-autoconfig-00.txt (expired) Allow self-configuration of OSPFv3 routers Sensible defaults All routers in area 0 Do not run OSPF on ISP interface (if detected) Run OSPF on all interfaces Provides extendible framework for other types of auto-configuration information Type-Length-Value syntax used and easy to extend Router ID auto-configuration Router fingerprints (MAC address, DUID, …) are used to detect collisions

12. Cisco Public 12 Several proposals Use of DHCPv6 Prefix Delegation and predefined sub-delegation Use of DHCPv6 Prefix Delegation and granular sub-delegation based on topology

13. Cisco Public 13 draft-chakrabarti-homenet-prefix-alloc-01 Start PD server once a prefix is available from the uplink/client Carve up the delegated /N prefix to provide Some /64 prefixes to assign to the routers downlink interfaces Some /N+k prefixes to sub-delegate to downlink routers A /56 delegated can allow for a depth of 3 routers with each 7 downstream routers ULA can be used in the absence of delegated prefix from ISP

14. Cisco Public 14 draft-arkko-homenet-prefix-assignment (expired) Send ISP delegated prefix on OSPFv3 LSA once a prefix is available from the uplink/client Upon receiving a unique Prefix LSAs, OSPFv3 routers will perform a distributed assignment heuristic with each OSPFv3 router examining its IPv6 interfaces Collisions are resolved in favor of the highest router-ID ULA can be used in the absence of delegated prefix from ISP

15. Cisco Public 15 To restore end-to-end connectivity, naming must work Dynamic DNS (the simple dyndns.org or DNSSEC?) Authoritative server for subscriber zone allows local resolution for disconnected operation Open questions Reverse zones delegated by the ISP when doing DHCP PD? But when connectivity is broken? Security? Do we need to cope with reverse zones or are forward zones enough? Existing HW: DNS Proxy which handle local discovered hostnames, and forward out external requests (but does not always work fine)

16. Cisco Public 16 How can my guests use my printer? draft-lynn-homenet-site-mdns-00 Extension of mDNS (= Bonjour = Avahi = draft-cheshire-dnsext- multicastdns) to work as DNS Service Discovery (wide area Bonjour) Could use trickle multicast FF0x::FB is already registered with IANA for IPv6 multicast DNS mDNS use.local zone to be extended to.site, services could be in both zones Alternative is to use a mDNS caching/proxy (as exists in Avahi)