IETF and home networking

Resources

• IETF Homenet documents
• IETF Homenet Working Group Drives Simplicity in the Home
• IPv6 Home Networking Architecture Principles RFC 7368
• Autonomic Networking Use Case for Home Networks draft-carpenter-nmrg-homenet-an-use-case-01
• Use Cases for Multiple Provisioning Domain in Homenet draft-geng-homenet-mpvd-use-cases-01
• Homenet IS-IS and Babel Comparison draft-mrw-homenet-rtg-comparison-02
• YOUR HOME'S NEXT MUST-HAVE ACCESSORY IS A RIDICULOUSLY FANCY ROUTER
• How do you fix the Internet of Things? A better router
• Routing IPv6 in the Homenet
• Building an IPv6 router with GNU/Linux
• IPv6 Prefix Delegation – what is it and how does it going to help OpenStack?
• Linux IPv6 HOWTO
• IPV6 Q&A FOR THE HOME NETWORK NERD
• Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Resident...,
• Home Networking with IPv6

Introduction

The IETF is only concerned with a subset of the networking stack. With regard to home networking, they concentrate on what is required of Layer 3 services. The current principal document regarding homenet is RFC 7368 IPv6 Home Networking Architecture Principles . This assumes that whereas most home systems are based on IPv4, future systems will be primarily IPv6. The architecture is targetted to IPv6, with little mention of IPv4.

Why not NAT?

NAT has long been used in the IPv4 world for two purposes: to overcome the shortage of IPv4 addresses and to hide interfaces from the wider network. While the first is recognised as possibly necessary until the widespread adoption of IPv6, problems arising from the second often cause NAT to be labelled as 'evil.'

RFC 2993: Architectural Implications of NAT lists these issues:

• NATs break the flexible end-to-end model of the Internet.
• NATs create a single point where fates are shared, in the device maintaining connection state and dynamic mapping information.
• NATs complicate the use of multi-homing by a site in order to increase the reliability of their Internet connectivity. (While single routers are a point of fate sharing, the lack of state in a router makes creating redundancy trivial. Indeed, this is on of the reasons why the Internet protocol suite developed using a connectionless datagram service as its network layer.)
• NATs inhibit implementation of security at the IP level.
• NATs enable casual use of private addresses. These uncoordinated addresses are subject to collisions when companies using these addresses merge or want to directly interconnect using VPNs.
• NATs facilitate concatenating existing private name spaces with the public DNS.

Hiding IP addresses behind a NAT router causes many problems. For example, if a packet contains the IP address of the sender as part of the data, then this addres will be wrong. Rewriting packet headers won't solve this.

Another important case arises with services such as Skype or Wechat where an endpoint is required to be visible so that it can be connected to. Without configuring the NAT router, a trick commonly used is for the endpoint to set up a long lived TCP connection to a well-known server. This is permissible as it is an outgoing connection. An external entity wishing to connect to this endpoint first queries the well-known server to get information about this TCP connection. It then 'borrows' the connection using 'hole punching', and uses it to talk to the endpoint. Not a very nice technique!

The last point refers to general software. There is a variation on this for specifically IoT devices: many IoT devices (such as lights, air conditioners, etc) can be controlled from outside their own network. This is done by the device registering with a vendor's server and maintaining a long-lived connection to that server. Your remote app (or whatever) sends commands via that server. Not as bad technically as 'hole punching' but on the other hand it is a privacy issue: the vendor's server knows what you are doing all the time to its devices. Ownership of the data is not restricted to you but is shared with the vandor.

IPv6 has a NAT equivalent in RFC 6296 IPv6-to-IPv6 Network Prefix Translation but does not recommend its use.

IPv6 address types

We are all familiar with the enormous address space of IPv6 and how every device can have its own IP address. With 128 bits to each address, you will often see figures of 2¹²⁸ for the address space. While true, it isn't quite that simple: IPv6 addresses fall into several categories.

The first point to note is that a unicast address is typically divided into two parts: a 64 bit interface identifier and a 64 bit routing address. The interface identifier is normally derived from the interface's 48 bit MAC address. The routing address is used to give routing information, and also to classify the type of packet.

The major packet types are

Link local addresses

Link local addresses are not routable. They can only be transmitted between endpoints on the same link. They are of the form fe80::<identifier> and are automatically assigned to each NIC based on the MAC address - every NIC has a link local address.

Unique local addresses

These addresses are routable within a 'local' domain. The exact meaning of 'local' is not spelt out, and is used interchangeably with 'site.' A homenet would be a suitable local domain, with fairly clear boundaries. These addresses are routable within the site, but not on the global internet. They are routable across subnets within the site, but not externally.

Globally unique addresses

This is what people tend to think of with IPv6: globally unique addresses that are routable across the internet and can be 'seen' by anyone. There is a distinction to be made between addressable and reachable: these addresses are unique, but that doesn't mean they can be reached by everyone. Firewalls, for instance, can block reachability.

Multicast addresses

Packets with these addresses may be sent to everyone within a group. The group size depends on the exact format of the address: it can be link local, site local or globally routable, for example.

Subnets

The homenet's ISP will normally give a routing prefix, upto 64 bits, with the remaining bits used for subnetting within the home. For example, if the ISP's routing prefix is a /64, then there is only one subnet, if it is a /60 then there could be upto 2⁴ (16) subnets and so on.

The homenet architecture document points to the increasing use of multiple subnets in the home even under IPv4, such as the home network, a guest subnetwork and possibly a VPN network for work-related purposes. In the future there may be even more: a subnet for low power 6LoWPAN devices; a subnet for the lights in a room; a subnet for all the devices in a room (noting that a NIC may have multiple IPv6 addresses and hence belong to multiple subnets); a subnet of devices for each of the different occupants in the house, are all possibilities.

The architecture does not impose limits to the internal structuring within the home, save to rule out any NAT-ing techniques. At a minimum, it implies that being given a /64 prefix by an ISP will not be acceptable. While a /48 is desirable (giving upto 2¹⁶ subnets), a /56 may be okay (giving upto 2⁸, or 256 subnets). Less than that is probably not enough and should be signalled to the home occupier(s) in some way.

Choice of address

A node will likely have many addresses: it will always have a link local address, and will maybe have a number of unique local and unique global addresses. Devices that it wishes to communicate with will have a similar range of addresses.

For communication between devices in the same site, the architecture recommends using the unique local addresses. These are immune to outages in a conection to the ISP, and are stable with respect to any changes made by the ISP. Use of these addresses also keeps the information exchange completely local, which otherwise might have security implications.

Router configuration

The homenet is expected to have a variety of layer 2 systems: fast ethernet, ethernet over powerlines, WiFi, low power wireless and so on. Some of these will have resource constraints, both computationally and power-wise. Some nodes may be in sleep mode while others will be always-on, for example.

Routers will need to be aware of internal and external network boundaries, and after reboot will need to bring the network up in its previous state.

It is also expected that often no systematic network administration will be performed (i.e. users will expect plug 'n play). Those with a little knowledge may manually configure systems which are inconsistent, while those with a high degree of knowledge will want the ability to custom-tune their network.

It is expected that current router configuration and even routing protocols may not prove adequate for future scenarios, pointing to a great deal of future work in this area.

Naming devices

It isn't feasible for anyone to remember IPv6 addresses, let alone use them to interact with devices. Each device will need a name. For many devices this name may not be important to a user (such as the garden sprinkler underneath the third rose bush on the left) but in many cases it will, such as the main light in the kitchen.

Devices should have a means of giving themselves default names, and checking that these are unique within the network. There should also be a means for users to overide these where possible. Again, the mechanisms for doing this are outside the scope of the architecture document.

Discovering devices

There are a multiplicity of service architectures and corresponding service discovery systems. Well known ones include Corba and Java Naming Services, the UPnP discovery system SSDP and many others. Optimistically perhaps the architecture calls for compatibility in some way with the DNS system, so that they can be integrated into the standard DNS.

Copyright © Jan Newmarch, jan@newmarch.name

"The Internet of Things - a techie's viewpoint" by Jan Newmarch is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Based on a work at https://jan.newmarch.name/IoT/.

If you like this book, please donate using PayPal