Network Working Group J. Bound, Ed. Request for Comments: 4057 Hewlett Packard Category: Informational June 2005
Network Working Group J. Bound, Ed. Request for Comments: 4057 Hewlett Packard Category: Informational June 2005
IPv6 Enterprise Network Scenarios
IPv6企业网络场景
Status of This Memo
关于下段备忘
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
Abstract
摘要
This document describes the scenarios for IPv6 deployment within enterprise networks. It defines a small set of basic enterprise scenarios and includes pertinent questions to allow enterprise administrators to further refine their deployment scenarios. Enterprise deployment requirements are discussed in terms of coexistence with IPv4 nodes, networks and applications, and in terms of basic network infrastructure requirements for IPv6 deployment. The scenarios and requirements described in this document will be the basis for further analysis to determine what coexistence techniques and mechanisms are needed for enterprise IPv6 deployment. The results of that analysis will be published in a separate document.
本文档描述了在企业网络中部署IPv6的场景。它定义了一小部分基本企业场景,并包括相关问题,以允许企业管理员进一步优化其部署场景。从与IPv4节点、网络和应用程序共存的角度,以及从IPv6部署的基本网络基础设施要求的角度,讨论了企业部署要求。本文档中描述的场景和需求将作为进一步分析的基础,以确定企业IPv6部署需要哪些共存技术和机制。分析结果将在另一份文件中公布。
Table of Contents
目录
1. Introduction................................................... 2 2. Terminology.................................................... 3 3. Base Scenarios................................................. 4 3.1. Base Scenarios Defined................................... 4 3.2. Scenarios Network Infrastructure Components.............. 5 3.3. Specific Scenario Examples............................... 8 3.4. Applicability Statement..................................10 4. Network Infrastructure Component Requirements..................10 4.1. DNS......................................................11 4.2. Routing..................................................11 4.3. Configuration of Hosts...................................11 4.4. Security.................................................11 4.5. Applications.............................................12 4.6. Network Management.......................................12 4.7. Address Planning.........................................12
1. Introduction................................................... 2 2. Terminology.................................................... 3 3. Base Scenarios................................................. 4 3.1. Base Scenarios Defined................................... 4 3.2. Scenarios Network Infrastructure Components.............. 5 3.3. Specific Scenario Examples............................... 8 3.4. Applicability Statement..................................10 4. Network Infrastructure Component Requirements..................10 4.1. DNS......................................................11 4.2. Routing..................................................11 4.3. Configuration of Hosts...................................11 4.4. Security.................................................11 4.5. Applications.............................................12 4.6. Network Management.......................................12 4.7. Address Planning.........................................12
4.8. Multicast................................................12 4.9. Multihoming..............................................12 5. Security Considerations........................................12 6. Normative References...........................................13 Acknowledgements...................................................13
4.8. Multicast................................................12 4.9. Multihoming..............................................12 5. Security Considerations........................................12 6. Normative References...........................................13 Acknowledgements...................................................13
This document describes the scenarios for IPv6 deployment within enterprise networks. It defines a small set of basic enterprise scenarios and includes pertinent questions to allow enterprise administrators to further refine their deployment scenarios. Enterprise deployment requirements are discussed in terms of coexistence with IPv4 nodes, networks and applications, and in terms of basic network infrastructure requirements for IPv6 deployment. The scenarios and requirements described in this document will be the basis for further analysis to determine what coexistence techniques and mechanisms are needed for enterprise IPv6 deployment. The results of that analysis will be published in a separate document.
本文档描述了在企业网络中部署IPv6的场景。它定义了一小部分基本企业场景,并包括相关问题,以允许企业管理员进一步优化其部署场景。从与IPv4节点、网络和应用程序共存的角度,以及从IPv6部署的基本网络基础设施要求的角度,讨论了企业部署要求。本文档中描述的场景和需求将作为进一步分析的基础,以确定企业IPv6部署需要哪些共存技术和机制。分析结果将在另一份文件中公布。
The audience for this document is the enterprise network team considering deployment of IPv6. The document will be useful for enterprise teams that will have to determine the IPv6 transition strategy for their enterprise. It is expected those teams include members from management, network operations, and engineering. The scenarios presented provide an example set of cases the enterprise can use to build an IPv6 network scenario.
本文档的读者是考虑部署IPv6的企业网络团队。该文档对于需要确定其企业IPv6过渡策略的企业团队非常有用。预计这些团队包括来自管理层、网络运营和工程部门的成员。本文介绍的场景提供了一组示例案例,企业可以使用这些案例构建IPv6网络场景。
To frame the discussion, this document will describe a set of scenarios each with a network infrastructure. It is impossible to define every possible enterprise scenario that will apply to IPv6 adoption and transition.
为了构建讨论框架,本文档将描述一组场景,每个场景都有一个网络基础设施。不可能定义适用于IPv6采用和过渡的所有可能的企业场景。
Each enterprise will select the transition that best supports their business requirements. Any attempt to define a default or one-size-fits-all transition scenario, simply will not work. This document does not try to depict the drivers for adoption of IPv6 by an enterprise.
每个企业将选择最能支持其业务需求的转换。任何试图定义默认或一刀切过渡场景的尝试都是行不通的。本文档并不试图描述企业采用IPv6的驱动因素。
While it is difficult to quantify all the scenarios for an enterprise network team to plan for IPv6, it is possible to depict a set of abstract scenarios that will assist with planning. This document presents three base scenarios to be used as models by enterprises defining specific scenarios.
虽然很难量化企业网络团队规划IPv6的所有场景,但可以描述一组抽象场景来帮助规划。本文档提供了三个基本场景,供定义特定场景的企业用作模型。
The first scenario assumes the enterprise decides to deploy IPv6 in conjunction with IPv4. The second scenario assumes the enterprise decides to deploy IPv6 because of a specific set of applications that
第一个场景假设企业决定将IPv6与IPv4一起部署。第二个场景假设企业决定部署IPv6是因为一组特定的应用程序
it wants to use over an IPv6 network. The third scenario assumes an enterprise is building a new network or restructuring an existing network and decides to deploy IPv6 as the predominant protocol within the enterprise coexisting with IPv4. This document then briefly reviews a set of network infrastructure components that must be analyzed, which are common to most enterprises.
它希望通过IPv6网络使用。第三个场景假设企业正在构建新网络或重组现有网络,并决定将IPv6部署为企业内与IPv4共存的主要协议。然后,本文档简要回顾了一组必须分析的网络基础设施组件,这些组件对于大多数企业来说都很常见。
This document then provides three specific scenario examples using the network infrastructure components to depict the requirements. These are common enterprise deployment cases to depict the challenges for the enterprise to transition a network to IPv6.
然后,本文档提供了三个使用网络基础设施组件描述需求的特定场景示例。这些是常见的企业部署案例,描述了企业将网络过渡到IPv6的挑战。
Next, supporting legacy functions on the network (while the transition is in process), and the network infrastructure components requiring analysis by the enterprise are discussed. The interoperation with legacy functions within the enterprise will be required for all transition except possibly by a new network that will be IPv6 from inception. The network infrastructure components will depict functions in their networks that require consideration for IPv6 deployment and transition.
接下来,讨论在网络上支持遗留功能(在过渡过程中),以及需要企业分析的网络基础设施组件。所有过渡都需要与企业内的遗留功能进行互操作,但从一开始就采用IPv6的新网络可能除外。网络基础设施组件将描述其网络中需要考虑IPv6部署和转换的功能。
Using the scenarios, network infrastructure components, and examples in this document, an enterprise can define its specific scenario requirements. Understanding the legacy functions and network infrastructure components required, the enterprise can determine the network operations required to deploy IPv6. The tools and mechanisms to support IPv6 deployment operations will require enterprise analysis. The analysis to determine the tools and mechanisms to support the scenarios will be presented in subsequent document(s).
使用本文档中的场景、网络基础设施组件和示例,企业可以定义其特定的场景需求。通过了解所需的遗留功能和网络基础结构组件,企业可以确定部署IPv6所需的网络操作。支持IPv6部署操作的工具和机制需要企业分析。确定支持场景的工具和机制的分析将在后续文档中介绍。
Enterprise Network - A network that has multiple internal links, one or more router connections to one or more Providers, and is actively managed by a network operations entity.
企业网络-具有多个内部链路、一个或多个到一个或多个提供商的路由器连接,并由网络运营实体主动管理的网络。
Provider - An entity that provides services and connectivity to the Internet or other private external networks for the enterprise network.
提供商-为企业网络提供Internet或其他专用外部网络服务和连接的实体。
IPv6 Capable - A node or network capable of supporting both IPv6 and IPv4.
支持IPv6—能够同时支持IPv6和IPv4的节点或网络。
IPv4 only - A node or network capable of supporting only IPv4.
仅IPv4-仅支持IPv4的节点或网络。
IPv6 only - A node or network capable of supporting only IPv6. This does not imply an IPv6 only stack in this document.
仅限IPv6—仅支持IPv6的节点或网络。这并不意味着本文档中只包含IPv6堆栈。
Three base scenarios are defined to capture the essential abstraction set for the enterprise. Each scenario has assumptions and requirements. This is not an exhaustive set of scenarios, but a base set of general cases.
定义了三个基本场景来捕获企业的基本抽象集。每个场景都有假设和需求。这不是一组详尽的场景,而是一组基本的一般情况。
Below we use the term network infrastructure to mean the software, network operations and configuration, and methods used to operate a network in an enterprise.
下面我们使用术语“网络基础设施”来表示软件、网络操作和配置,以及用于在企业中操作网络的方法。
For the base scenarios it is assumed that any IPv6 node is IPv6 capable.
对于基本场景,假设任何IPv6节点都支持IPv6。
Scenario 1: Wide-scale/total dual-stack deployment of IPv4 and IPv6 capable hosts and network infrastructure. Enterprise with an existing IPv4 network wants to deploy IPv6 in conjunction with their IPv4 network.
场景1:支持IPv4和IPv6的主机和网络基础设施的大规模/总体双栈部署。具有现有IPv4网络的企业希望将IPv6与其IPv4网络一起部署。
Assumptions: The IPv4 network infrastructure used has an equivalent capability in IPv6.
假设:所使用的IPv4网络基础设施在IPv6中具有同等的功能。
Requirements: Do not disrupt existing IPv4 network infrastructure assumptions with IPv6. IPv6 should be equivalent or "better" than the network infrastructure in IPv4. However, it is understood that IPv6 is not required to solve current network infrastructure problems, not solved by IPv4. It may also not be feasible to deploy IPv6 on all parts of the network immediately.
要求:不要使用IPv6中断现有IPv4网络基础架构。IPv6应该与IPv4中的网络基础设施相当或“更好”。然而,可以理解的是,解决当前的网络基础设施问题并不需要IPv6,而不是IPv4。在网络的所有部分立即部署IPv6也可能是不可行的。
Scenario 2: Sparse IPv6 dual-stack deployment in IPv4 network infrastructure. Enterprise with an existing IPv4 network wants to deploy a set of particular IPv6 "applications" (application is voluntarily loosely defined here, e.g., peer to peer). The IPv6 deployment is limited to the minimum required to operate this set of applications.
场景2:IPv4网络基础架构中的稀疏IPv6双堆栈部署。具有现有IPv4网络的企业希望部署一组特定的IPv6“应用程序”(此处自愿对应用程序进行松散定义,例如对等)。IPv6部署仅限于操作这组应用程序所需的最低限度。
Assumptions: IPv6 software/hardware components for the application are available, and platforms for the application are IPv6 capable.
假设:应用程序的IPv6软件/硬件组件可用,且应用程序的平台支持IPv6。
Requirements: Do not disrupt IPv4 infrastructure.
要求:不要中断IPv4基础结构。
Scenario 3: IPv6-only network infrastructure with some IPv4-capable nodes/applications needing to communicate over the IPv6 infrastructure. Enterprise deploying a new network or restructuring an existing network, decides IPv6 is the basis for most network communication. Some IPv4 capable nodes/applications will need to communicate over that infrastructure.
场景3:仅限IPv6的网络基础架构,其中一些支持IPv4的节点/应用程序需要通过IPv6基础架构进行通信。部署新网络或重组现有网络的企业决定IPv6是大多数网络通信的基础。一些支持IPv4的节点/应用程序将需要通过该基础架构进行通信。
Assumptions: Required IPv6 network infrastructure is available, or available over some defined timeline, supporting the enterprise plan.
假设:所需的IPv6网络基础设施可用,或在某个定义的时间线上可用,支持企业计划。
Requirements: Interoperation and Coexistence with IPv4 network infrastructure and applications are required for communications.
要求:通信需要与IPv4网络基础设施和应用程序的互操作和共存。
This section defines the network infrastructure that exists for the above enterprise scenarios. This is not an exhaustive list, but a base list that can be expanded by the enterprise for specific deployment scenarios. The network infrastructure components are presented as functions that the enterprise must analyze as part of defining their specific scenario. The analysis of these functions will identify actions that are required to deploy IPv6.
本节定义了适用于上述企业场景的网络基础架构。这不是一个详尽的列表,而是一个基本列表,可以由企业针对特定部署场景进行扩展。网络基础设施组件作为企业在定义其特定场景时必须分析的功能呈现。对这些功能的分析将确定部署IPv6所需的操作。
Network Infrastructure Component 1 Enterprise Provider Requirements - Is external connectivity required? - One site vs. multiple sites and are they within different geographies? - Leased lines or VPNs? - If multiple sites, how is the traffic exchanged securely? - How many global IPv4 addresses are available to the enterprise? - What is the IPv6 address assignment plan available from the provider? - What prefix delegation is required by the Enterprise? - Will the enterprise be multihomed? - What multihoming techniques are available from the provider? - Will clients within the enterprise be multihomed? - Does the provider offer any IPv6 services? - Which site-external IPv6 routing protocols are required? - Is there an external data center to the enterprise, such as servers located at the Provider? - Is IPv6 available using the same access links as IPv4, or different ones?
网络基础设施组件1企业提供商要求-是否需要外部连接?-一个站点与多个站点,它们是否位于不同的地理位置租用线路或VPN?-如果有多个站点,如何安全地交换流量有多少全局IPv4地址可供企业使用?-提供商提供的IPv6地址分配计划是什么?-企业需要什么前缀授权?-企业是否将是多址的供应商提供了哪些多主机技术?-企业内的客户机是否为多主机提供商是否提供任何IPv6服务?-需要哪些站点外部IPv6路由协议?-企业是否有外部数据中心,例如位于提供商处的服务器?-IPv6是使用与IPv4相同的访问链路,还是使用不同的访问链路?
Network Infrastructure Component 2 Enterprise Application Requirements - List of applications in use? - Which applications must be moved to support IPv6 first? - Can the application be upgraded to IPv6? - Will the application have to support both IPv4 and IPv6? - Do the enterprise platforms support both IPv4 and IPv6? - Do the applications have issues with NAT v4-v4 and NAT v4-v6? - Do the applications need globally routable IP addresses? - Do the applications care about dependency between IPv4 and IPv6 addresses? - Are applications run only on the internal enterprise network?
网络基础设施组件2企业应用程序要求-正在使用的应用程序列表?-必须先移动哪些应用程序才能支持IPv6?-能否将应用程序升级到IPv6?-应用程序是否必须同时支持IPv4和IPv6企业平台是否同时支持IPv4和IPv6应用程序是否存在NAT v4-v4和NAT v4-v6的问题应用程序是否需要全局可路由的IP地址应用程序是否关心IPv4和IPv6地址之间的依赖关系应用程序是否仅在内部企业网络上运行?
Network Infrastructure Component 3 Enterprise IT Department Requirements - Who "owns"/"operates" the network: in house or outsourced? - Is working remotely (i.e., through VPNs) supported? - Are inter-site communications required? - Is network mobility used or required for IPv6? - What are the requirements of the IPv6 address plan? - Is there a detailed asset management database, including hosts, IP/MAC addresses, etc.? - What is the enterprise's approach to numbering geographically separate sites that have their own Service Providers? - What will be the internal IPv6 address assignment procedure? - What site internal IPv6 routing protocols are required? - What will be the IPv6 Network Management policy/procedure? - What will be the IPv6 QOS policy/procedure? - What will be the IPv6 Security policy/procedure? - What is the IPv6 training plan to educate the enterprise? - What network operations software will be impacted by IPv6? - DNS - Management (SNMP & ad-hoc tools) - Enterprise Network Servers Applications - Mail Servers - High Availability Software for Nodes - Directory Services - Are all these software functions upgradeable to IPv6? - If not upgradeable, then what are the workarounds? - Do any of the software functions store, display, or allow input of IP addresses? - Other services (e.g., NTP, etc.)
网络基础设施组件3企业IT部门要求-谁“拥有/运营”网络:内部还是外包是否支持远程工作(即通过VPN)是否需要站点间通信IPv6是否使用或需要网络移动性?-IPv6地址计划的要求是什么是否有详细的资产管理数据库,包括主机、IP/MAC地址等企业对拥有自己服务提供商的地理位置不同的站点进行编号的方法是什么内部IPv6地址分配过程是什么需要哪些站点内部IPv6路由协议?-IPv6网络管理政策/程序是什么IPv6 QOS策略/过程是什么IPv6安全策略/过程是什么教育企业的IPv6培训计划是什么哪些网络操作软件将受到IPv6的影响?-DNS-管理(SNMP和即席工具)-企业网络服务器应用程序-邮件服务器-节点的高可用性软件-目录服务-所有这些软件功能都可以升级到IPv6吗?-如果无法升级,那么解决方法是什么是否有任何软件功能存储、显示或允许输入IP地址?-其他服务(如NTP等)
- What network hardware will be impacted by IPv6? - Routers/switches - Printers/Faxes - Firewalls - Intrusion Detection - Load balancers - VPN Points of Entry/Exit - Security Servers and Services - Network Interconnect for Platforms - Intelligent Network Interface Cards - Network Storage Devices - Are all these hardware functions upgradeable to IPv6? - If not, what are the workarounds? - Do any of the hardware functions store, display, or allow input of IP addresses? - Are the nodes moving within the enterprise network? - Are the nodes moving outside and inside the enterprise network?
- 哪些网络硬件将受到IPv6的影响?-路由器/交换机-打印机/传真机-防火墙-入侵检测-负载平衡器-VPN入口/出口点-安全服务器和服务-平台网络互连-智能网络接口卡-网络存储设备-所有这些硬件功能都可以升级到IPv6吗?-如果没有,解决办法是什么是否有任何硬件功能存储、显示或允许输入IP地址?-节点是否在企业网络中移动?-节点是否在企业网络内外移动?
Network Infrastructure Component 4 Enterprise Network Management System - Performance Management required? - Network Management applications required? - Configuration Management required? - Policy Management and Enforcement required? - Security Management required? - Management of Transition Tools and Mechanisms? - What new considerations does IPv6 create for Network Management?
网络基础设施组件4企业网络管理系统-需要性能管理需要网络管理应用程序吗?-需要配置管理吗?-是否需要策略管理和执行?-是否需要安全管理?-过渡工具和机制的管理IPv6为网络管理带来了哪些新的考虑因素?
Network Infrastructure Component 5 Enterprise Network Interoperation and Coexistence - What platforms are required to be IPv6 capable? - What network ingress and egress points to the site are required to be IPv6 capable? - What transition mechanisms are needed to support IPv6 network operations? - What policy/procedures are required to support the transition to IPv6? - What policy/procedures are required to support interoperation with legacy nodes and applications?
网络基础设施组件5企业网络互操作和共存-支持IPv6需要哪些平台站点的哪些网络入口和出口点需要具备IPv6功能需要什么转换机制来支持IPv6网络操作需要哪些政策/程序来支持向IPv6的过渡需要哪些策略/过程来支持与遗留节点和应用程序的互操作?
This section presents a set of base scenario examples and is not an exhaustive list of examples. These examples were selected to provide further clarity for base scenarios within an enterprise of a less abstract nature. The example networks may use the scenarios depicted in 3.1 and the infrastructure components in 3.2, but there are no direct implications specifically within these example networks. Section 3.1, 3.2, and 3.3 should be used in unison for enterprise IPv6 deployment planning and analysis.
本节介绍了一组基本场景示例,并非示例的详尽列表。选择这些示例是为了进一步明确抽象程度较低的企业内的基本场景。示例网络可能使用3.1中描述的场景和3.2中描述的基础设施组件,但这些示例网络中没有具体的直接含义。第3.1、3.2和3.3节应统一用于企业IPv6部署规划和分析。
Example Network A:
示例网络A:
A distributed network across a number of geographically separated campuses.
跨多个地理位置不同的校园的分布式网络。
- External network operation. - External connectivity required. - Multiple sites connected by leased lines. - Provider independent IPv4 addresses. - ISP does not offer IPv6 service. - Private Leased Lines no Service Provider used.
- 外部网络操作需要外部连接。-通过租用线路连接的多个站点。-独立于提供程序的IPv4地址。-ISP不提供IPv6服务。-未使用服务提供商的专用租用线路。
Applications run by the enterprise:
企业运行的应用程序:
- Internal Web/Mail. - File servers. - Java applications. - Collaborative development tools. - Enterprise Resource applications. - Multimedia applications. - Financial Enterprise applications. - Data Warehousing applications.
- 内部网络/邮件。-文件服务器Java应用程序。-协作开发工具企业资源应用程序。-多媒体应用金融企业应用数据仓库应用程序。
Internal network operation:
内部网络操作:
- In house operation of the network. - DHCP (v4) is used for all desktops; servers use static address configuration. - The DHCP server that updates naming records for dynamic desktops uses dynamic DNS. - A web based tool is used to enter name to address mappings for statically addressed servers. - Network management is done using SNMP. - All routers and switches are upgradeable to IPv6. - Existing firewalls can be upgraded to support IPv6 rules.
- 网络的内部操作。-DHCP(v4)用于所有台式机;服务器使用静态地址配置更新动态桌面命名记录的DHCP服务器使用动态DNS。-基于web的工具用于为静态寻址的服务器输入名称到地址的映射。-网络管理是使用SNMP完成的。-所有路由器和交换机都可以升级到IPv6。-可以升级现有防火墙以支持IPv6规则。
- Load balancers do not support IPv6, upgrade path unclear. - Peer-2-Peer Application and Security supported. - IPv4 Private address space is used within the enterprise.
- 负载平衡器不支持IPv6,升级路径不明确。-支持对等2-对等应用程序和安全。-IPv4专用地址空间在企业内使用。
Example Network B:
示例网络B:
A bank running a large network supporting online transaction processing (OLTP) across a distributed multi-sited network, with access to a central database on a remote network from the OLTP network.
通过分布式多站点网络运行支持在线交易处理(OLTP)的大型网络的银行,可以从OLTP网络访问远程网络上的中央数据库。
- External connectivity not required. - Multiple sites connected by VPN. - Multiple sites connected by Native IP protocol. - Private address space used with NAT. - Connections to private exchanges.
- 不需要外部连接。-通过VPN连接的多个站点。-通过本机IP协议连接的多个站点。-与NAT一起使用的专用地址空间。-与私人交易所的联系。
Applications in the enterprise:
企业中的应用程序:
- ATM transaction application. - ATM management application. - Financial Software and Database. - Part of the workforce is mobile and requires access to the enterprise from outside networks.
- ATM交易应用程序。-ATM管理应用程序金融软件和数据库部分员工是移动的,需要从外部网络访问企业。
Internal Network Operation:
内部网络操作:
- Existing firewalls can be upgraded to support IPv6 rules. - Load balancers do not support IPv6, upgrade path unclear. - Identifying and managing each node's IP address.
- 可以升级现有防火墙以支持IPv6规则。-负载平衡器不支持IPv6,升级路径不明确。-识别和管理每个节点的IP地址。
Example Network C:
示例网络C:
A Security Defense, Emergency, or other Mission Critical network operation:
安全防御、紧急情况或其他关键任务网络操作:
- External network required at secure specific points. - Network is its own Internet. - Network must be able to absorb ad-hoc creation of sub-networks. - Entire parts of the network are completely mobile. - All nodes on the network can be mobile (including routers). - Network high-availability is mandatory. - Network must be able to be managed from ad-hoc location. - All nodes must be able to be configured from stateless mode.
- 在安全特定点需要外部网络。-网络就是它自己的互联网网络必须能够吸收子网络的临时创建。-网络的整个部分都是完全可移动的网络上的所有节点都可以移动(包括路由器)。-网络高可用性是必需的。-网络必须能够从临时位置进行管理。-必须能够从无状态模式配置所有节点。
Applications run by the Enterprise:
企业运行的应用程序:
- Multimedia streaming of audio, video, and data for all nodes. - Data computation and analysis on stored and created data. - Transfer of data coordinate points to sensor devices. - Data and Intelligence gathering applications from all nodes.
- 所有节点的音频、视频和数据的多媒体流。-对存储和创建的数据进行数据计算和分析。-将数据坐标点传输到传感器设备。-从所有节点收集数据和情报应用程序。
Internal Network Operations:
内部网络运营:
- All packets must be secured end-2-end with encryption. - Intrusion Detection exists on all network entry points. - Network must be able to bolt on to the Internet to share bandwidth as required from Providers. - VPNs can be used, but NAT can never be used. - Nodes must be able to access IPv4 legacy applications over IPv6 network.
- 所有数据包必须通过加密进行端到端的保护。-入侵检测存在于所有网络入口点上。-网络必须能够连接到Internet,以根据提供商的要求共享带宽。-可以使用VPN,但永远不能使用NAT。-节点必须能够通过IPv6网络访问IPv4遗留应用程序。
The specific network scenarios selected are chosen to depict a base set of examples, and to support further analysis of enterprise networks. This is not a complete set of network scenarios. Though Example Network C is a verifiable use case, currently the scenario defines an early adopter of enterprise networks transitioning to IPv6 as a predominant protocol strategy (i.e., IPv6 Routing, Applications, Security, and Operations), viewing IPv4 as legacy operations immediately in the transition strategy, and at this time may not be representative of many initial enterprise IPv6 deployments. Each enterprise planning team will need to make that determination as IPv6 deployment evolves.
选择特定的网络场景来描述一组基本示例,并支持对企业网络的进一步分析。这不是一套完整的网络场景。尽管示例网络C是一个可验证的用例,但目前该场景将企业网络过渡到IPv6的早期采用者定义为主要的协议策略(即IPv6路由、应用程序、安全性和操作),并将IPv4立即视为过渡策略中的遗留操作,而且目前可能无法代表许多初始企业IPv6部署。随着IPv6部署的发展,每个企业规划团队都需要做出这样的决定。
The enterprise will need to determine which network infrastructure components require enhancements or need to be added for deployment of IPv6. This infrastructure will need to be analyzed and understood as a critical resource to manage. The list in this section is not exhaustive, but contains the essential network infrastructure components for the enterprise to consider before beginning to define more fine-tuned requirements such as QOS, PKI, or Bandwidth requirements for IPv6. The components are only identified here and their details will be discussed in the analysis document for enterprise scenarios. References currently available for components are provided.
企业需要确定哪些网络基础架构组件需要增强或需要添加以部署IPv6。需要对该基础设施进行分析,并将其理解为需要管理的关键资源。本节中的列表并非详尽无遗,但包含企业必须考虑的基本网络基础结构组件,然后才开始定义更精细的要求,如IPv6的QoS、PKI或带宽要求。这些组件仅在此处标识,其详细信息将在企业场景的分析文档中讨论。提供了当前可用于组件的参考。
DNS will now have to support both IPv4 and IPv6 DNS records and the enterprise will need to determine how the DNS is to be managed and accessed, and secured. The range of DNS operational issues is beyond the scope of this document. However, DNS resolution and transport solutions for both IP protocols are influenced by the chosen IPv6 deployment scenario. Users need to consider all current DNS IPv4 operations and determine if those operations are supported for IPv6 [DNSV6].
DNS现在必须同时支持IPv4和IPv6 DNS记录,企业需要确定如何管理、访问和保护DNS。DNS操作问题的范围超出了本文档的范围。但是,这两种IP协议的DNS解析和传输解决方案都会受到所选IPv6部署方案的影响。用户需要考虑所有当前DNS IPv4操作,并确定这些操作是否支持IPv6 [DNV6]。
Interior and Exterior routing will be required to support both IPv4 and IPv6 routing protocols, and the coexistence of IPv4 and IPv6 over the enterprise network. The enterprise will need to define the IPv6 routing topology, any ingress and egress points to provider networks, and transition mechanisms that they wish to use for IPv6 adoption. The enterprise will also need to determine what IPv6 transition mechanisms are supported by their upstream providers.
需要内部和外部路由来支持IPv4和IPv6路由协议,以及IPv4和IPv6在企业网络上共存。企业需要定义IPv6路由拓扑、到提供商网络的任何入口和出口点,以及希望用于IPv6采用的转换机制。企业还需要确定其上游提供商支持哪些IPv6转换机制。
IPv6 introduces the concept of stateless autoconfiguration in addition to stateful autoconfiguration, for the configuration of hosts within the enterprise. The enterprise will have to determine the best method of host configuration for its network, if it will use stateless or stateful autoconfiguration, and how autoconfiguration will operate for DNS updates. It will also need to determine how prefix delegation will be done from their upstream provider and how those prefixes will be cascaded down to the enterprise IPv6 network. The policy for DNS or choice of autoconfiguration is out of scope for this document [CONF, DHCPF, DHCPL].
IPv6除了有状态自动配置之外,还引入了无状态自动配置的概念,用于在企业内配置主机。企业将必须确定其网络的最佳主机配置方法,是否使用无状态或有状态自动配置,以及自动配置如何操作DNS更新。它还需要确定如何从其上游提供商处进行前缀委派,以及如何将这些前缀级联到企业IPv6网络。DNS策略或自动配置选择超出了本文档[CONF,DHCPF,DHCPL]的范围。
Current existing mechanisms used for IPv4 to provide security need to be supported for IPv6 within the enterprise. IPv6 should create no new security concerns for IPv4. The entire security infrastructure currently used in the enterprise needs to be analyzed against IPv6 deployment effect to determine what is supported in IPv6. Users should review other current security IPv6 network infrastructure work in the IETF and within the industry. Users will have to work with their platform and software providers to determine which IPv6 security network infrastructure components are supported. The security filters and firewall requirements for IPv6 need to be determined by the enterprise. The policy choice of users for security is beyond the scope of this document.
当前用于IPv4提供安全性的现有机制需要在企业内支持IPv6。IPv6不应为IPv4带来新的安全问题。需要根据IPv6部署效果分析企业中当前使用的整个安全基础架构,以确定IPv6中支持的内容。用户应审查IETF和行业内其他当前安全IPv6网络基础设施的工作。用户必须与其平台和软件提供商合作,以确定支持哪些IPv6安全网络基础设施组件。IPv6的安全过滤器和防火墙要求需要由企业确定。用户的安全策略选择超出了本文档的范围。
Existing applications will need to be ported or provide proxies to support both IPv4 and IPv6 [APPS].
现有应用程序需要进行移植或提供代理以支持IPv4和IPv6[应用程序]。
The addition of IPv6 network infrastructure components will need to be managed by the enterprise network operations center. Users will need to work with their network management platform providers to determine what is supported for IPv6 while planning IPv6 adoption, and which tools are available to monitor the network. Network management will not need to support both IPv4 and IPv6 and view nodes as dual stacks.
添加IPv6网络基础设施组件需要由企业网络运营中心管理。用户将需要与其网络管理平台提供商合作,以确定在规划采用IPv6时支持哪些IPv6,以及可以使用哪些工具来监控网络。网络管理不需要同时支持IPv4和IPv6,并将节点视为双堆栈。
The address space within the enterprise will need to be defined and coordinated with the routing topology of the enterprise network. It is also important to identify the pool of IPv4 address space available to the enterprise to assist with IPv6 transition methods.
企业内的地址空间需要与企业网络的路由拓扑进行定义和协调。还必须确定企业可用的IPv4地址空间池,以协助使用IPv6转换方法。
Enterprises utilizing IPv4 Multicast services will need to consider how these services may be implemented operationally in an IPv6- enabled environment.
利用IPv4多播服务的企业需要考虑这些服务如何在IPv6支持的环境中可操作地实现。
At this time, current IPv6 allocation policies are mandating the allocation of IPv6 address space from the upstream provider. If an enterprise is multihomed, the enterprise will have to determine how it wishes to support multihoming. This also is an area of study within the IETF and work in progress.
目前,当前的IPv6分配策略要求从上游提供商分配IPv6地址空间。如果一个企业是多宿主的,那么该企业必须确定它希望如何支持多宿主。这也是IETF的一个研究领域,正在进行中。
This document lists scenarios for the deployment of IPv6 in enterprise networks, and there are no security considerations associated with making such a list.
本文档列出了在企业网络中部署IPv6的方案,并且没有与列出此类方案相关的安全注意事项。
There will be security considerations for the deployment of IPv6 in each of these scenarios, but they will be addressed in the document that includes the analysis of each scenario.
在每种场景中部署IPv6都会有安全方面的考虑,但在包含对每种场景的分析的文档中会讨论这些考虑。
[DNSV6] Durand, A., Ihren, J., and P. Savola, "Operational Considerations and Issues with IPv6 DNS", Work in Progress.
[DNSV6]Durand,A.,Ihren,J.,和P.Savola,“IPv6 DNS的操作注意事项和问题”,正在进行中。
[CONF] Thomson, S. and T. Narten, "IPv6 Stateless Address Autoconfiguration", RFC 2462, December 1998.
[CONF]Thomson,S.和T.Narten,“IPv6无状态地址自动配置”,RFC 24621998年12月。
[DHCPF] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M. Carney, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003
[DHCPF]Droms,R.,Bound,J.,Volz,B.,Lemon,T.,Perkins,C.,和M.Carney,“IPv6的动态主机配置协议(DHCPv6)”,RFC3315,2003年7月
[DHCPL] Nikander, P., Kempf, J., and E. Nordmark, "IPv6 Neighbor Discovery (ND) Trust Models and Threats", RFC 3756, May 2004.
[DHCPL]Nikander,P.,Kempf,J.,和E.Nordmark,“IPv6邻居发现(ND)信任模型和威胁”,RFC 3756,2004年5月。
[APPS] Shin, M-K., Hong, Y-G., Hagino, J., Savola, P., and E. Castro, "Application Aspects of IPv6 Transition", RFC 4038, March 2005.
[应用]Shin,M-K.,Hong,Y-G.,Hagino,J.,Savola,P.,和E.Castro,“IPv6过渡的应用方面”,RFC 4038,2005年3月。
Acknowledgements
致谢
The Authors would like to acknowledge contributions from the following: IETF v6ops Working Group, Alan Beard, Brian Carpenter, Alain Durand, Bob Hinden, and Pekka Savola.
作者要感谢以下方面的贡献:IETF v6ops工作组、Alan Beard、Brian Carpenter、Alain Durand、Bob Hinden和Pekka Savola。
Authors' Addresses
作者地址
Yanick Pouffary (Chair of Design Team) HP Competency Center 950, Route des Colles, BP027, 06901 Sophia Antipolis CEDEX FRANCE
Yanick Pouffary(设计团队主席)惠普能力中心950,Route des Colles,BP027,06901 Sophia Antipolis CEDEX FRANCE
Phone: + 33492956285 EMail: Yanick.pouffary@hp.com
Phone: + 33492956285 EMail: Yanick.pouffary@hp.com
Jim Bound (Editor) Hewlett Packard 110 Spitbrook Road Nashua, NH 03062 USA
Jim Bound(编辑)美国新罕布什尔州纳舒亚市斯皮布鲁克路110号惠普公司03062
Phone: (603) 884-0062 EMail: jim.bound@hp.com
电话:(603)884-0062电子邮件:吉姆。bound@hp.com
Marc Blanchet Viagenie inc. 2875 boul. Laurier, bur. 300 Ste-Foy, Quebec, G1V 2M2 Canada
Marc Blanchet Viagenie inc.2875 boul。劳里尔,比尔。加拿大魁北克省圣福伊300号,G1V 2M2
EMail: Marc.Blanchet@viagenie.qc.ca
EMail: Marc.Blanchet@viagenie.qc.ca
Tony Hain Cisco Systems 500 108th Ave. N.E. Suite 400 Bellevue, WA 98004 USA
Tony Hain Cisco Systems 500美国华盛顿州贝尔维尤东北大街108号400室,邮编:98004
EMail: alh-ietf@tndh.net
EMail: alh-ietf@tndh.net
Paul Gilbert Cisco Systems 1 Penn Plaza, 5th floor, NY, NY 10119 USA
美国纽约州纽约市宾夕法尼亚广场1号5楼保罗·吉尔伯特思科系统公司,邮编:10119
Phone: (212) 714-4334 EMail: pgilbert@cisco.com
电话:(212)714-4334电子邮件:pgilbert@cisco.com
Margaret Wasserman ThingMagic One Broadway Cambridge, MA 02142 USA
Margaret Wasserman Thing Magic One百老汇美国马萨诸塞州剑桥市02142
Phone: (617) 758-4177 EMail: margaret@thingmagic.com
电话:(617)758-4177电子邮件:margaret@thingmagic.com
Jason Goldschmidt Sun Microsystems M/S UMPK17-103 17 Network Circle Menlo Park, CA 94025 USA
Jason Goldschmidt Sun Microsystems M/S UMPK17-103 17美国加利福尼亚州门罗公园网络圈94025
Phone: (650) 786-3502 Fax: (650) 786-8250 EMail: jason.goldschmidt@sun.com
电话:(650)786-3502传真:(650)786-8250电子邮件:杰森。goldschmidt@sun.com
Aldrin Isaac Bloomberg L.P. 499 Park Avenue New York, NY 10022 USA
美国纽约州纽约市帕克大道499号奥尔德林·艾萨克·布隆伯格有限公司,邮编10022
Phone: (212) 940-1812 EMail: aisaac@bloomberg.com
电话:(212)940-1812电子邮件:aisaac@bloomberg.com
Tim Chown School of Electronics and Computer Science University of Southampton Southampton SO17 1BJ United Kingdom
提姆南安普敦大学电子与计算机科学学院南安普顿SO17 1BJ英国
EMail: tjc@ecs.soton.ac.uk
EMail: tjc@ecs.soton.ac.uk
Jordi Palet Martinez Consulintel San Jose Artesano, 1 Madrid, SPAIN
乔迪·帕莱特·马丁内斯,圣何塞·阿尔特萨诺,西班牙马德里1号
Phone: +34 91 151 81 99 Fax: +34 91 151 81 98 EMail: jordi.palet@consulintel.es
Phone: +34 91 151 81 99 Fax: +34 91 151 81 98 EMail: jordi.palet@consulintel.es
Fred Templin Nokia 313 Fairchild Drive Mountain View, CA 94043 USA
Fred Templin诺基亚313飞兆半导体山景大道,加利福尼亚州94043
Phone: (650) 625-2331 EMail: ftemplin@iprg.nokia.com
电话:(650)625-2331电子邮件:ftemplin@iprg.nokia.com
Roy Brabson IBM PO BOX 12195 3039 Cornwallis Road Research Triangle Park, NC 27709 USA
Roy Brabson IBM邮箱12195 3039美国北卡罗来纳州康沃利斯路研究三角公园,邮编27709
Phone: (919) 254-7332 EMail: rbrabson@us.ibm.com
电话:(919)254-7332电子邮件:rbrabson@us.ibm.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。