Residential CPE Devices - Conditional DHCP Server, IPv6 Prefix Inheritance from WAN and Network Label

Even though there are large number of IP addresses in Ipv6 world,  RG environments would still get the IPv6 addresses from ISPs dynamically.  There are advantages of doing this.  Home users don't have to be worry about renumbering their routers and internal machines in the home LAN when they switch to new service provider.  In general, it also reduces the amount of configuration one needs to make on the router.

As explained briefly in the article, WAN interfaces of CPE are configured to get the IP prefixes from the service providers.  These IP prefixes are programmed automatically in the DHCP Servers of the CPE. DHCP Servers in turn assigns IP addresses from these prefixes to LAN machines, Media Servers, NAS Servers, VOIP terminals etc.. 

In case of IPv4, this is done somewhat differently.  Service providers don't provide the IP addresses needed for the local LAN machines via WAN interface.  Home user is expected to configure private IP address range in the DHCP Server.  Outgoing traffic would undergo NAT with public IP address given through WAN connection.

In IPv4 world,  different IP address ranges (pools) can be assigned to DHCP Server and provide IP addresses from different pools based on conditions - DHCP User Class & Vendor Identifier Class options values. This is done to identify different types of devices in the LAN for providing differential treatment by CPE functions such as Security functions and QoS functions.  For example,  VOIP TA boxes can be served IP addresses from a separate pool of IP addresses.  This pool of IP addresses can be used in QoS rules to provide higher priority for the traffic coming from VOIP boxes while forwarding the traffic onto bandwidth constrained WAN interfaces. Administrator (home user) configures both DHCP conditional pools as well as QoS policy rules.

In IPv6 world,  there is no NAT.  And administrator does not configure the DHCP IP address pools - Whether it is general pool or conditional pools.  These IP prefixes are inherited from the dynamically assigned prefixes by Service provider. How does administrator configure security or QoS function to provide differential treatment on the traffic coming from different types of machines in the LAN, if he/she does not know  a priori  IP addresses that get assigned to different types of devices?

Fortunately, there is a way.  Many security and QoS policy rules not only take immediate IP addresses as source or destination IPs, but also they take named objects - Network objects. 

How does this work?

• CPE software should provide facility for administrators to enter network object names in DHCP common and conditional pools.
• CPE Software is expected to create this object when configured.
• When WAN Interface gets dynamic IP prefixes from ISPs,  it informs the LAN Device to inherit the prefixes and program the DHCP pools.  As part of this, CPE software divides the WAN prefix into multiple sub-prefixes and each sub-prefix is assigned to DHCP pools across multiple LAN devices.  As part of this assignment,  CPE software is expected to program the IP addresses in the corresponding Network object records.
• When related WAN interface  loses the connection, it is expected that CPE software removes the IP prefixes from the network objects too.
• CPE Software security and QoS functions would need to have facility to take network object names in its source and destination IP fields of policy rules.
• Since network objects are programmed with right IP prefixes,  Security and QoS functions would provide differential traffic treatment.

So, don't forget to add "network object record' to the DHCPv6 server pools while defining data model.