Homenet K. Fujiwara Internet-Draft JPRS Intended status: Informational Oct 22, 2012 Expires: April 25, 2013 Smallest home network draft-fujiwara-smallest-homenet-01.txt Abstract Although access control for home servers is very important, managements and setups of access controls are difficult for most of users. "Connecting a new node to the same link" is easiest way of access control. One of solutions is to use link-local addresses for communications of clients and servers. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 25, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Fujiwara Expires April 25, 2013 [Page 1] Internet-Draft smallest homenet Oct 2012 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Problem statement . . . . . . . . . . . . . . . . . . . . . 3 1.2. Possible solution . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Homenet using Link-Local address . . . . . . . . . . . . . . . 3 4. Homenet using ULA . . . . . . . . . . . . . . . . . . . . . . . 4 5. Homenet using global addresses . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 7. IANA considerations . . . . . . . . . . . . . . . . . . . . . . 5 8. Normative References . . . . . . . . . . . . . . . . . . . . . 5 Appendix A. Link-local Examples . . . . . . . . . . . . . . . . . 5 A.1. Example 1: 1 local net + 1 guest net . . . . . . . . . . . 5 A.2. Example 2: 2 local net + 1 guest net . . . . . . . . . . . 6 Fujiwara Expires April 25, 2013 [Page 2] Internet-Draft smallest homenet Oct 2012 1. Introduction The homenet architecture [I-D.ietf-homenet-arch] treats large, complex home networks. There may not be network experts to manage home networks. Considering simple and small home network is useful. 1.1. Problem statement Homenet may have local networks and guest networks. The access control to home network servers is very important because some servers should not be accessed from guest networks. Initial setups and operations of access controls are difficult for most of users. WiFi and Bluetooth support easy configuration mechanism. "Connecting a new node to the same link", or "connecting a new node and push a button/pin" are easiest way to configure the new node that can relate with a home server. 1.2. Possible solution There are some solutions. Using link-local address between clients and servers restricts access to servers. "Connecting a new node to the same link" is usable as an access control. It is described in Section 3. Using Unique Local Address (ULA) address between clients and servers limits access to servers. It is described in Section 4. Otherwise, we need another solutions. 2. Terminology A guest network is a network which can access the Internet and cannot access home servers. A local network is a network which can access the Internet and home servers. 3. Homenet using Link-Local address Suppose there is only a local network in a home and there may be a guest network. Two types of networks are common because recent CPEs have multiple SSID function which separates internal network and guest network. Link-Local addresses are able to point entities in the local network. Link-local servers within the local network serve services to clients using link-local address only. Link-local servers will accept requests from link-local addresses. Link-local servers should reject requests from another addresses. Link-local servers may act as a normal IPv6 client (for its internal use: They can get IPv6 prefixes from CPEs and can connect to the internet via Fujiwara Expires April 25, 2013 [Page 3] Internet-Draft smallest homenet Oct 2012 CPEs). Name resolutions inside the local network may be performed by "ICMPv6 Node Information Queries" [RFC4620] or another methods (mDNS [RFC4795]). The problem is that [RFC4620] is an EXPERIMENTAL RFC. Pros: * It does not need internet connectivity and can work without CPEs * Other communications are not affected by this proposal. * Easy to manage by users. * mDNS or IPv6 Node Information Queries are usable for name resolutions. * Easy to separate local networks and guest networks * DNS is used for global name resolution only Cons: * Existing client applications may not support link-local addresses * Link-local client should cache link-local server information with symbolic name and link-local addresses. * Existing server software may not support link-local addresses correctly. * It does not support multiple links easily. Link-local servers can have multiple network interfaces and they can support multiple links. 4. Homenet using ULA ULAs are able to point entities in the network. Connecting new nodes into a homenet gives access to home servers. Pros: * It supports multiple links easily * It does not need internet connectivity Fujiwara Expires April 25, 2013 [Page 4] Internet-Draft smallest homenet Oct 2012 * Easy to manage by users. Cons: * Some filtering or access control method is required for protecting servers. * CPEs and internal routers need to know ULAs. (need to develop ULA configuration methods) * Requires new name resolution mechanism. (site mDNS?) 5. Homenet using global addresses Global addresses are able to point entities in the network. This case is the same as enterprise networks. 6. Security Considerations 7. IANA considerations 8. Normative References [RFC4620] Crawford, M. and B. Haberman, "IPv6 Node Information Queries", RFC 4620, August 2006. [RFC4795] Aboba, B., Thaler, D., and L. Esibov, "Link- local Multicast Name Resolution (LLMNR)", RFC 4795, January 2007. [I-D.ietf-homenet-arch] Chown, T., Arkko, J., Brandt, A., Troan, O., and J. Weil, "Home Networking Architecture for IPv6", draft-ietf-homenet-arch-06 (work in progress), October 2012. Appendix A. Link-local Examples A.1. Example 1: 1 local net + 1 guest net Figure 1 shows 1 local network and 1 guest network example. Guest1 and Guest2 cannot access to Server1 and Server2. Guest1 and Guest2 can access the Internet. Client1 can access Server1, Server2 and the Internet. Fujiwara Expires April 25, 2013 [Page 5] Internet-Draft smallest homenet Oct 2012 +---------+ Server1 Server2 Client1 | | | | | | CPE +-----+--------+---------+---------------- | | local network (may have wireless bridge) Internet===+ | | | | +----------------+---------+--- | | guest network | | +---------+ Guest1 Guest2 Figure 1: Example 1: 1 local net + 1 guest net A.2. Example 2: 2 local net + 1 guest net Figure 2 shows 2 local network and 1 guest network example. Client1 can access Server1, Server2 and SharedServer. Client2 can access SharedServer. Guest1 and Guest2 cannot access Server1, Server2 and SharedServer. +---------+ Server1 Server2 Client1 | | | | | | CPE +-----+--------+---------+---------------- | | | local net 1 | | SharedServer Internet===+ | | | +----+---------+-------------------------- | | | local net2 | | Client2 | | | +----------------+---------+--- | | guest network | | +---------+ Guest1 Guest2 Figure 2: Example 2: 2 local net + 1 guest net Fujiwara Expires April 25, 2013 [Page 6] Internet-Draft smallest homenet Oct 2012 Author's Address Kazunori Fujiwara Japan Registry Services Co., Ltd. Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda Chiyoda-ku, Tokyo 101-0065 Japan Phone: +81 3 5215 8451 EMail: fujiwara@wide.ad.jp, fujiwara@jprs.co.jp Fujiwara Expires April 25, 2013 [Page 7]