1、 ANSI/CTA Standard Host and Router Profiles for IPv6 ANSI/CTA-2048 (Formerly ANSI/CEA-2048) December 2014 NOTICE Consumer Technology Association (CTA) Standards, Bulletins and other technical publications are designed to serve the public interest through eliminating misunderstandings between manufac
2、turers and purchasers, facilitating interchangeability and improvement of products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product for his particular need. Existence of such Standards, Bulletins and other technical publications shall not in any respect p
3、reclude any member or nonmember of the Consumer Technology Association from manufacturing or selling products not conforming to such Standards, Bulletins or other technical publications, nor shall the existence of such Standards, Bulletins and other technical publications preclude their voluntary us
4、e by those other than Consumer Technology Association members, whether the standard is to be used either domestically or internationally. Standards, Bulletins and other technical publications are adopted by the Consumer Technology Association in accordance with the American National Standards Instit
5、ute (ANSI) patent policy. By such action, the Consumer Technology Association does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard, Bulletin or other technical publication. This document does not purport to address all safety
6、problems associated with its use or all applicable regulatory requirements. It is the responsibility of the user of this document to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. This document is copyrighted by the Cons
7、umer Technology Association and may not be reproduced, in whole or part, without written permission. Federal copyright law prohibits unauthorized reproduction of this document by any means. Organizations may obtain permission to reproduce a limited number of copies by entering into a license agreeme
8、nt. Requests to reproduce text, data, charts, figures or other material should be made to the Consumer Technology Association. (Formulated under the cognizance of the CTA R7 Home Networks Committee.) Published by CONSUMER TECHNOLOGY ASSOCIATION 2015 Technology example link technologies include Ether
9、net (simple or bridged), PPP links, as well as Internet-layer (or higher-layer) “tunnels“, such as tunnels over IPv4 or IPv6 itself Router/Gateway the customer premise equipment interface between the service provider network and the end-user network segment(s). See IPv6 Customer Edge Router above AN
10、SI/CEA-2048 7 3. PROTECTION OF CUSTOMER PRIVACY This standard includes methods for assigning addresses to consumer devices as required for these devices to communicate via the Internet using the Internet Protocol version 6 (IPv6) for an expanded address space (compared to IPv4). However, these IPv6
11、addresses are not intended to become permanent identifiers for these devices. In order to protect consumer privacy, various techniques, some of which are based on established IETF RFCs (specifications of the Internet Engineering Task Force), are required in this standard so an IPv6 address cannot be
12、 permanently associated with specific devices, and in effect then be associated with the individual(s) using the device. Such privacy protections may need to be strengthened via amendments or future versions of this standard as cyber security technology evolves. Therefore, deployed devices may need
13、to be upgraded to maintain privacy protections. NOTE: The United States HIPAA law (Health Insurance Portability and Accountability Act) lists “Internet Protocol (IP) address numbers“ as a specific type of Protected Health Information (PHI) identifier if it is used within records that support health
14、care treatments, payments, or operations. The association of a permanent IPv6 address with a device that is subject to HIPAA health regulations could then be expressly prohibited unless the IP address is safeguarded in full accordance with all associated HIPAA requirements. HIPAA requirements for pr
15、otecting PHI identifiers are detailed and complex. 4. DEVICE CLASSES Not all requirements apply to all devices, and there are some differences in requirements which are device-specific. Therefore, the following device classes are defined: Basic: This is a device that provides a limited implementatio
16、n of IPv6 support Basic Plus: This device builds on the Basic device and adds an incremental capability for increased functionality Advanced: This device has significant IPv6 support that includes all of the functionality of Basic/Basic Plus devices with additional IPv6 services 5. BASIC 5.1 About B
17、asic Devices Basic devices have limited IPv6 support, and are typically appliances or limited functionality routers. Hosts acquire IPv6 addresses using Stateless Address Autoconfiguration (SLAAC) and DNS information using RFC6106 Recursive DNS Server option. Routers support Stateless Address Autocon
18、figuration to provision host devices. Example Host Devices: Network printer Alarm system components Home automation devices ANSI/CEA-2048 8 5.2 Basic Host Requirements 5.2.1 The Basic Host SHALL support Internet Protocol, Version 6 (IPv6) Specification RFC2460. 5.2.2 The Basic Host SHALL support Int
19、ernet Control Message Protocol (ICMPv6) for IPv6 RFC4443. 5.2.3 The Basic Host SHALL support Neighbor Discovery for IPv6 RFC4861. 5.2.4 The Basic Host SHALL support Stateless Address Autoconfiguration RFC4862. 5.2.5 The Basic Host SHALL support Privacy Extensions for Stateless Address Autoconfigurat
20、ion in IPv6 RFC4941. 5.2.6 The Basic Host SHALL support Recursive DNS Server Support RFC6106. NOTE: This requirement allows manufacturers multiple choices, SLAAC and RFC6106 for configuring DNS servers on the host. 5.2.7 The Basic Host SHALL support Default Address Selection for IPv6 RFC6724. 5.2.8
21、The Basic Host SHALL support native dual stack operational support RFC791, RFC2460. 5.2.9 Both IPv4 and IPv6 SHALL be enabled by default. 5.3 Basic Router General Requirements 5.3.1 The Basic Router SHALL support all Basic Host requirements. 5.3.2 The Basic Router SHALL support RFC7084 requirements
22、G-1-5 inclusive. 5.4 Basic Router Requirements LAN-side 5.4.1 The Basic Router SHALL support IPv6 Neighbor Discovery (RFC7084 L-1). 5.4.2 The Basic Router SHALL support all LAN-side IPv6 Autoconfiguration (RFC7084 L-2-6 inclusive, L-11, WAA-1). 5.4.3 Inbound IPv6 traffic that resulted from LAN-side
23、devices SHALL be permitted. Note that this implies connection tracking within the firewall. 5.5 Basic Router Requirements WAN-side 5.5.1 The Basic Router SHALL support all WAN-side, native dual-stack provisioning for IPv6 address, prefix, and configuration information RFC4862, (RFC7084 W-2-5 inclusi
24、ve; WAA-1,3,4,6-8; WPD-1-8 inclusive). 5.5.2 The Basic Router SHALL provide an IPv6-capable firewall (IPv6 firewall) that is at least minimally configurable by the subscriber. At minimum, there should be two states. First if a customer/user wants to disable the firewall altogether, they could do so.
25、 Second, depending on deployment type, there SHOULD be a minimum set of rules on by default. User SHALL have the ability to reset to factory default rules. ANSI/CEA-2048 9 5.5.3 The IPv6 firewall SHALL be enabled by default. 5.5.4 The BASIC router firewall SHALL prevent access requests from WAN-side
26、 devices to LAN-side devices by blocking all unsolicited inbound IPv6 traffic except in direct response to outgoing connection requests or explicitly configured rules defined in the router. 5.5.5 The Basic Router SHALL allow for the configuration of IPv6 and IPv4 firewall rules separately. 5.5.6 The
27、 Basic Router SHALL allow ability for the user to set or reset the firewall settings to factory default settings/configuration. 5.5.7 The WAN interface SHALL support stateless auto-discovery for the purposes of provisioning an IPv6 address on the interface. 5.5.8 The WAN interface SHALL support the
28、use of DHCPv6 client for IPv6 address provisioning RFC3736. 5.5.9 The WAN interface SHALL request an IA_PD when using DHCPv6 for IPv6 address provisioning RFC3633. 5.5.10 The WAN interface SHALL obey the router advertisement M & O bits RFC5175 for determining when to use SLAAC or DHCPv6 for IPv6 add
29、ress provisioning. 6. BASIC PLUS 6.1 About Basic Plus In addition to Basic functionality, Basic Plus adds support for LAN device service discovery, stateless DHCPv6 for LAN clients, and in-home media distribution. Example devices Optical Disc Player Game Console Smart/Internet-enabled TV NAS 6.2 Bas
30、ic Plus Host Requirements 6.2.1 The Basic Plus Host SHALL support all Basic Host Requirements. 6.2.2 The Basic Plus Host SHALL support DHCPv6 RFC3315. 6.2.3 The Basic Plus Host SHALL support at least one of the Zero-Configuration Networking (zeroconf) service discovery protocols listed below: mDNS/D
31、NS-SD RFC6762, RFC6763 SLP RFC2608, RFC3224 LLMNR RFC4795 6.2.4 The Basic Plus Host SHALL support UPnP/SSDP for service discovery UPnP. 6.2.5 Basic Plus Host SHALL support all requirements in UPnP Device Architecture 1.1 IPv6 Annex UPnP. 6.2.6 Basic Plus Host SHALL support DLNA UPnP. ANSI/CEA-2048 1
32、0 6.3 Basic Plus Router Requirements LAN-side 6.3.1 All Basic router LAN-side requirements from section 5.4. 6.3.2 Basic Plus router SHALL support Stateless DHCPv6 server RFC3736. 6.3.3 Basic Plus router SHALL support name resolution on the local link via protocols such as LLMNR, mDNS/DNS-SD, or DNS
33、/DNS6 RFC4795, RFC6762, RFC3596. 6.3.4 Basic Plus Router SHALL support all requirements in UPnP Device Architecture 1.1 IPv6 Annex UPnP. 6.3.5 The Basic Plus Router SHALL install a learned IPv6 Delegated prefix and use that prefix in the PIO of the Router Advertisement messages sent on all configure
34、d LAN interfaces. This is in addition to RFC7084 requirements L-2,4,6. 6.3.6 The Basic Plus Router SHALL support the ability for the consumer to specify alternate DNS server addresses. 6.3.7 The Basic Plus Router MAY support Unique Local Addresses (ULA) for Customer Facing Interfaces. If the Basic P
35、lus Router supports ULA, it MUST comply with RFC4193, (RFC7084 requirements ULA-1, ULA-2, ULA-3, ULA-4, ULA-5). 6.4 Basic Plus Router Requirements WAN-side 6.4.1 The Basic Plus Router SHALL support all Basic router WAN-side requirements . 6.4.2 The Basic Plus Router SHALL support all Basic Router Fi
36、rewall requirements. 6.4.3 The Basic Plus router SHALL support firewall rules that have the following filters: Destination IP (v4 or v6) address(es) with subnet mask Originating IP (v4 or v6) address(es) with subnet mask Protocol (0-255, or by alias: TCP, UDP, ICMP, IP, IGMP, ) Source port and desti
37、nation port 7. ADVANCED 7.1 About Advanced Advanced hosts have significant IPv6 support for communicating with devices on the Internet and to allow provisioning by a broadband service provider. In particular, advanced devices support stateful DHCPv6. Example devices Computer or laptop Tablet Smart P
38、hone Media server 7.2 Advanced Host Requirements 7.2.1 The Advanced Host SHALL all Basic Plus host requirements 7.2.2 The Advanced Host SHALL support more than one of the service discovery protocols from section 6.2.3 ANSI/CEA-2048 11 7.3 Advanced Router Requirements LAN-side 7.3.1 The Advanced Rout
39、er SHALL support all Basic/Basic Plus router LAN-side and Advanced Host requirements. 7.3.2 The Advanced Router SHALL support LAN-side stateless and stateful DHCPv6 host provisioning RFC3736, RFC3315, (RFC7084 L9-10 inclusive, L-12). 7.3.3 The Advanced Router SHALL support IPv6 Prefix Sub-delegation
40、 RFC3633. 7.3.4 The Advanced Router SHALL support one or more of the following Zero-Configuration Networking (zeroconf) service discovery protocols: mDNS/DNS-SD RFC6762, RFC6763 SLP RFC2608, RFC3224 LLMNR RFC4795 7.3.5 The Advanced Router SHALL support UPnP/SSDP support for service discovery UPnP. 7
41、.3.6 The Advanced Router SHALL support the ability to announce the device as an IGD UPnP. 7.3.7 The Advanced Router SHALL support DNSSEC RFC4033. 7.4 Advanced Router Requirements WAN-side 7.4.1 The Advanced Router SHALL support all Basic-Plus WAN-side router requirements. 7.4.2 The Advanced Router S
42、HALL support MLDv1 RFC2710 and MLDv2 RFC3810. 7.4.3 The Advanced Router SHALL support the ability to pass global-scope, user-joined IPv6 multi-cast traffic and respond to MLD solicitations for the LAN-side. 7.4.4 The Advanced Router SHALL support all Basic Plus Router firewall requirements. Consumer
43、 Technology Association Document Improvement Proposal If in the review or use of this document a potential change is made evident for safety, health or technical reasons, please email your reason/rationale for the recommended change to standardsce.org. Consumer Technology Association Technology & Standards Department 1919 S Eads Street, Arlington, VA 22202 FAX: (703) 907-7693 standardsce.org
