4.2 WAN – Wide Area
Networking 
4.2.1 WAN.ATM – WAN.ATM
| ID | Requirement |
|---|---|
| WAN.ATM.1 |
The RG MUST support standard ATM (AAL5) payload format. Note: this satisfies Broadband Forum TR-101 R-371. |
| WAN.ATM.2 |
The RG MUST perform AAL Segmentation and Reassembly (SAR), Convergence Sublayer (CS) functions and CRC check. |
| WAN.ATM.3 |
The RG MUST support encapsulation of bridged Ethernet over AAL5 (without FCS) as described in RFC 2684 [74]. |
| WAN.ATM.4 |
The RG MUST be able to use both LLC-SNAP and VC-MUX (null) encapsulation over AAL5 with all supported protocols. The default MUST be LLC-SNAP. |
| WAN.ATM.5 |
The RG MAY support encapsulation of IP over AAL5, per RFC 2684 [74]. |
| WAN.ATM.6 |
If the RG supports IP over AAL5, it MAY support classical IP according to RFC 2225 [63]. |
| WAN.ATM.7 |
The RG MUST support ATM CoS. UBR, CBR and VBR-rt MUST be supported, as defined in AF-TM-0121.000 [16]. |
| WAN.ATM.8 |
VBR-nrt and UBR with per VC queuing SHOULD be supported. |
| WAN.ATM.9 |
The default ATM CoS for the primary VC MUST be UBR. |
| WAN.ATM.10 |
The RG SHOULD support auto configuration as defined in Broadband Forum TR-062 [157] and ILMI 4.0 and its extensions. |
| WAN.ATM.11 |
The RG MUST always respond to ATM testing, pings and loopbacks according to ITU-T I.610 [38] (F4, F5). |
| WAN.ATM.12 |
The RG SHOULD support initiating an ATM loopback and receiving the reply. This satisfies Broadband Forum TR-101 R-370. |
| WAN.ATM.13 |
The RG MUST provide a default CPID of all 1s (FFFF). This satisfies Broadband Forum TR-101 [161] R-372. |
| WAN.ATM.14 |
The RG MUST support 0/35 as the default VPI/VCI for the first PVC or use an operator-specific configuration. |
WAN.ATM.15 |
The RG MUST be able to perform an auto search for the VPI/VCI settings for the first PVC based on a definable search list VPI/VCI sequence order. If the RG reaches a state of session establishment (e.g. IP when the RG is responsible for session termination) after performing the auto search, the default VPI/VCI settings MUST be set to the newly discovered values. The new default pair MUST be stored on the RG across power off situations. If an ATM connection cannot be established after power is restored, the search process starts over again. |
WAN.ATM.16 |
The RG MUST support the following default VPI/VCI auto-search list programmed as a factory default setting in the following sequence, or use an operator-specific sequence configuration: 0/35, 0/38, 8/35, 0/43, 0/51, 0/59, 8/43, 8/51. This default list MUST be overwriteable via the methods discussed in WAN.ATM.18. |
| WAN.ATM.17 |
The RG MUST be configurable so that the auto-search mechanism can be disabled. |
| WAN.ATM.18 |
The RG MUST allow the auto-search list to be redefined using TR-064i2 and interfaces. |
| WAN.ATM.19 |
The default VPI/VCI values for all PVCs MUST be configurable. The default value MUST be utilized prior to performing an auto-search but should exclude the default value in the auto-search. |
| WAN.ATM.20 |
The RG MUST support VPI values from 0 to 255 |
| WAN.ATM.21 |
The RG MUST support VCI values from 32 to 65535 |
4.2.1.1 WAN.ATM.MULTI – ATM Multi-PVC
| ID | Requirement |
|---|---|
| WAN.ATM.MULTI.1 |
The RG MUST support eight PVCs. This is in addition to support for any implemented ATM UNI control path PVCs (e.g. ILMI auto-configuration PVC, etc.). |
| WAN.ATM.MULTI.2 |
The RG MUST allow the protocol stack (e.g. IP over Ethernet, PPPoE, PPPoA, etc.) for each provisioned PVC to be defined separately. If necessary, each PVC can use a different stack and set of protocols. |
| WAN.ATM.MULTI.3 |
There is no default defined VPI/VCI for additional PVCs past the primary PVC defined in WAN.ATM above. The RG MUST support auto-search function (see WAN.ATM.16 through 19) on all PVCs and will use the same auto-search sequence identified (skipping over any already in use). |
| WAN.ATM.MULTI.4 |
The RG MUST NOT require the same VPI value for all supported PVCs. |
| WAN.ATM.MULTI.5 |
All supported PVCs MUST be able to be active and sending/receiving traffic simultaneously. See requirements LAN.FWD.9, 10, 11 and 15 for more details on interface selection for routing. |
WAN.ATM.MULTI.6 |
The RG MUST support the minimum ATM granularity applicable to the associated DSL protocol in use on a per VC and VP basis. For example, ATM granularity of 32 kbps MUST be supported for ADSL on a per VC and VP basis. |
| WAN.ATM.MULTI.7 |
The RG MUST use the same Ethernet MAC address for all interfaces over the same AAL5/ATM/DSL connection. |
| WAN.ATM.MULTI.8 |
The RG MUST support multiple levels of CoS simultaneously across separate VCCs (e.g. UBR for PVC 0/35 and CBR for PVC 0/43 where both PVCs are active simultaneously). |
4.2.2 WAN.CONNECT – Connection
Establishment
Note that this module applies to IPv6 connections as well as IPv4, but only if the RG has an IPv6 stack.
| ID | Requirement |
|---|---|
| WAN.CONNECT.1
|
The RG MUST support an “always on” mode for connections. In this mode the RG MUST NOT time out connection sessions (ATM, IP and PPP) and MUST automatically re-establish any sessions after disconnection, lease expiration or loss and restoration of power. |
| WAN.CONNECT.2
|
Moved to WAN.CONNECT.ON-DEMAND.1 and 4 |
WAN.CONNECT.3 |
The RG MUST support a “manual connect” option for connections. In this mode the connection to the broadband network is initiated manually through the Web GUI or via TR-064i2 request and, by default, terminates only when done so explicitly by the user, due to a power loss or when the connection is lost. |
| WAN.CONNECT.4
|
Moved to WAN.CONNECT.ON-DEMAND.6 |
| WAN.CONNECT.5
|
A manual way of disconnecting without waiting for a connection timeout MUST be provided. |
| WAN.CONNECT.6
|
Moved to WAN.CONNECT.ON-DEMAND.7 |
| WAN.CONNECT.7
|
The RG MUST follow all standards required to perform an orderly tear down of the associated connections involved at the associated network levels (e.g. issue a DHCP Release message when using DHCPv4, issue LCP Terminate-Request/Terminate-Ack and PADT packet when using PPPoE, etc.) and then restart the connections. |
| WAN.CONNECT.8
|
The RG MUST detect the loss of communications with a network identified DNS server as indicated by a failed query, and log the event. |
4.2.2.1 WAN.CONNECT.ON-DEMAND –
On-Demand Connection Establishment
The On-demand Connection function applies only to IPv4 connections. However, when IPv6 is present, its behavior must take the presence of IPv6 into consideration as described in this module
| ID | Requirement |
|---|---|
| WAN.CONNECT.ON-DEMAND.1 |
The RG MUST support a “connect on demand” option for IPv4 connections that run over PPP. In this mode, the connection to the broadband network is initiated when outbound traffic is encountered from the local LAN and terminated after a timeout period in which no traffic occurs. |
| WAN.CONNECT.ON-DEMAND.2 |
If the PPP session only contains IPv4, then the RG MUST terminate the PPP session in accordance with WAN.CONNECT.ON-DEMAND.1, and any associated PPPoE session (if applicable). |
| WAN.CONNECT.ON-DEMAND.3 |
If the PPP session contains IPv4 and IPv6, then the RG MUST terminate only the IPv4 session. This is done using IPCP commands. |
| WAN.CONNECT.ON-DEMAND.4 |
The RG MUST support a “connect on demand” option for IPv4 connections that run over Ethernet. |
| WAN.CONNECT.ON-DEMAND.5 |
To determine whether a connection has IPv4 activity during a timeout interval, the RG MUST consider only traffic with an IPv4 ethertype. |
| WAN.CONNECT.ON-DEMAND.6 |
The interval after which a connection timeout occurs MUST be able to be configured. |
| WAN.CONNECT.ON-DEMAND.7 |
A default timeout of 20 minutes SHOULD be used for connection timeouts or use an operator-specific configuration. |
| WAN.CONNECT.ON-DEMAND.8 |
If the RG has an active IPv6 connection, and does not have addresses for DNS recursive name servers to be accessed over IPv6, then the “connect on demand” option MUST be disabled. |
4.2.3 WAN.ETHOAM – Ethernet OAM
| ID | Requirement |
|---|---|
| WAN.ETHOAM.1
|
The RG MUST support a maintenance end point (MEP) at the customer and access link levels on a per VLAN basis. Note: The multi-PVC case is for further study. This satisfies Broadband Forum TR-101 [161] R-285, R-294. |
| WAN.ETHOAM.2
|
The RG MUST support a default ME level value of 5 for the customer level. This satisfies TR-101 [161] R-286. |
| WAN.ETHOAM.3
|
The RG SHOULD support a loopback message (LBM) function at the customer level that can generate a multicast LBM toward its peer MEP(s). This satisfies TR-101 [161] R-287. |
| WAN.ETHOAM.4
|
The RG MUST support a loopback reply (LBR) function at the customer level toward its peer MEP(s) in response to both unicast and multicast LBMs. This satisfies TR-101 [161] R-288. |
| WAN.ETHOAM.5
|
The RG MUST support a linktrace reply (LTR) function at the customer level toward its peer MEP(s). This satisfies TR-101 [161] R-289. |
| WAN.ETHOAM.6
|
For business customers and/or premium customers requiring proactive monitoring, the RG SHOULD support generating continuity check messages (CCMs) at the customer level. This satisfies TR-101 [161] R-290. |
| WAN.ETHOAM.7
|
The RG MUST support turning off sending of CCMs at the customer level, while keeping the associated MEP active. This satisfies TR-101 [161] R-291. |
| WAN.ETHOAM.8
|
The RG MUST support receiving AIS messages at the customer level. This satisfies TR-101 [161] R-292. |
| WAN.ETHOAM.9
|
The RG SHOULD trigger the appropriate alarms for loss of continuity at the customer level. This satisfies TR-101 [161] R-293. |
| WAN.ETHOAM.10
|
The RG MUST support a default ME level value of 1 for the access link level. This satisfies TR-101 [161] R-295. |
| WAN.ETHOAM.11
|
The RG SHOULD support a loopback message (LBM) function at the access link level that can generate a multicast LBM toward its peer MEP(s). This requirement allows the RG to dynamically learn the MAC address of the AN MEP, and test the connectivity to that MEP. This satisfies TR-101 [161] R-296. |
| WAN.ETHOAM.12
|
The RG MUST support a loopback reply (LBR) function at the access link level toward its peer MEP(s), in response to both unicast and multicast LBMs. This satisfies TR-101 [161] R-297. |
| WAN.ETHOAM.13
|
The RG MUST issue a DHCP renewal message following a random delay between 1 and 30 seconds after it detects a restoration of Ethernet continuity at the customer ME level. |
4.2.4 WAN.BRIDGE – Bridging
Note that the IPv6 parts of this module apply only if the RG supports IPv6.
| ID | Requirement |
|---|---|
| WAN.BRIDGE.1
|
The RG MUST be able to bridge IPv4 over Ethernet. |
| WAN.BRIDGE.2
|
The RG MUST be a learning bridge as defined in IEEE 802.1D for all logical and physical Ethernet interfaces, supporting a minimum of 272 MAC addresses. |
WAN.BRIDGE.3 |
If bridge mode is enabled for IPv4 on the RG by default for LAN connected devices, the RG MUST be able to support additional connections to a Controller for remote management addressability (using direct DHCPv4 or static IPv4, PPP, etc.), and connections for any locally terminated service that require IP (v4 or v6) addressability (e.g. gateway integrated voice ATA ports, etc.). Note that this special bridge mode that includes a device remote management session connection requires an additional WAN connection from the network. This requirement is considered conditional as a result of the network side dependency, but the RG must support this type of configuration. |
| WAN.BRIDGE.4
|
The RG MUST be able to bridge IPv6 over Ethernet (Ethertype 0x86DD). This includes bridging of multicast frames. |
| WAN.BRIDGE.5
|
The RG MUST be able to configure IPv6 bridging for a WAN interface, separate from IPv4 treatment. |
| WAN.BRIDGE.6
|
The RG MUST be able to configure IPv6 bridging separately for each WAN interface (if there are multiple WAN interfaces). |
| WAN.BRIDGE.7
|
When IPv6 bridging is enabled on a WAN interface, the RG MUST be configurable to act as a host on that WAN interface (doing SLAAC, etc.). It will not request IA_PD, since that is not a host function. |
4.2.5 WAN.DHCPC – DHCP Client (DHCPv4)
| ID | Requirement | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
WAN.DHCPC.1
|
The RG MUST be able to obtain IPv4 network information dynamically on its WAN interface. This information includes IPv4 address, primary and secondary DNS addresses and default gateway address. Dynamically obtaining IPv4 network information is accomplished using DHCP (v4) and / or IPCP (IPv4). |
|||||||||||||||
| WAN.DHCPC.2 |
If the RG is not configured to use a static IPv4 address and the RG fails to detect a PPPoE or DHCPv4 server, then the RG MUST set its WAN IPv4 address to an undefined value, in order to prevent it from retaining its prior IPv4 address. | |||||||||||||||
| WAN.DHCPC.3 |
If a RG is functioning as a DHCPv4 client, it MUST identify itself in option 61 (client-identifier) in every DHCPv4 message in accordance with RFC 4361 [107]. | |||||||||||||||
WAN.DHCPC.4
|
For the DUID portion of option 61 in DHCPv4 as described in RFC 4361 [107] , the RG MUST follow the DUID-EN format specified in ID 9.3 of RFC 3315 [84]. The RG MUST use Broadband Forum enterprise-number value 3561 in the DUID-EN enterprise-number field. For the identifier field of the DUID-EN, the RG MUST use an ASCII string containing the same content and formatted according to the same rules as defined for the HTTP username in ID 3.4.4 of TR-069 [160], if CWMP is used for remote management. |
|||||||||||||||
WAN.DHCPC.5
|
The RG IAID value in DHCPv4 and DHCPv6 MUST be a 32 bit number encoded in network byte order. In cases where the RG is functioning with a single DHCP client identity, it MUST use value 1 for IAID for all DHCP interactions. IAID is defined in RFC 3315 [84]. In cases where the RG is functioning with multiple DHCP client identities, the values of IAID have to start at 1 for the first identity and be incremented for each subsequent identity. The RG’s mapping of IAID to its physical aspects or logical configuration SHOULD be as non-volatile as possible. For example, the RG MAY use IAID value 1 for the first physical interface and value 2 for the second. Alternatively, the RG MAY use IAID value 1 for the virtual circuit corresponding to the first connection object in the data model and value 2 for the second connection object in the data model. |
|||||||||||||||
| WAN.DHCPC.6 |
The DUID-EN field value MAY be printed on the RG label. | |||||||||||||||
WAN.DHCPC.7
|
A RG functioning as a DHCPv4 client MUST identify its manufacturer OUI, product class, model name and serial number using vendor-specific options as defined in RFC 3925 [94]. Specifically, it MUST use option 125. Note that with exception of ModelName, the data contained in this option will be redundant with what is included in the Device ID in option 61. However, this is desirable because these two options serve different purposes. The data in option 125 allows the DHCPv4 server to be pre-configured with policy for handling classes of devices in a certain way without requiring the DHCPv4 server to be able to parse the unique format used in client-identifier option (which can also vary in TR-181 depending on presence of a ProductClass value). On the other hand, the client-identifier serves as an opaque but predictable identifier. It is predictable because it is the same identifier as used by the RG for interactions with other services. The same identifier is used for HTTP authentication and in SSL client certificates. Each sub-option value to be provided in option 125 MUST be treated as a string encoded into binary using UTF-8. The data MUST be encapsulated in option 125 under enterprise code 3561 decimal (0x0DE9), corresponding to the IANA “ADSL Forum” entry in the Private Enterprise Numbers registry. A specific sub-option is defined for each value. The value must match the corresponding TR-181 [167] parameter as defined in the following table:
If the value of a parameter is empty, the sub-option MUST be omitted. |
4.2.5.1 WAN.DHCPC.Force – Force renew
| ID | Requirement |
|---|---|
| WAN.DHCPC.Force.1 |
The RG MUST support the use of DHCP force renew ([80]) for changing the configuration parameters or the IP address associated with an IP session. |
| WAN.DHCPC.Force.2 |
The RG MUST support sending the FORCERENEW_NONCE_CAPABLE option in the DHCP discover and in the DHCP request messages, as per RFC 6704 [133]. |
| WAN.DHCPC.Force.3 |
The RG MUST support using the Forcerenew nonce for validating DHCP ForceRenew messages received from the DHCP server, as per RFC 6704 [133]. |
4.2.5.2 WAN.DHCPC.BFDecho – BFD echo
| ID | Requirement |
|---|---|
| WAN.DHCPC.BFDecho.1 |
The RG SHOULD support configuration of the BFD echo functionality, as per RFC 5881 [122], for both IPv4 and IPv6. |
| WAN.DHCPC.BFDecho.2 |
The RG SHOULD support sending BFD echo packet(s) on its WAN interface at regular intervals using a recommended default of 30s. The destination IP address of such packets MUST be taken from the list of IP addresses assigned to or via the WAN interface, including the Subnet-Router address of an IPv6 DHCPv6 delegated prefix. |
| WAN.DHCPC.BFDecho.3 |
The RG SHOULD support receiving self-originated BFD echo packets addressed to its assigned address or the Subnet-Router IPv6 delegated prefix. |
| WAN.DHCPC.BFDecho.4 |
Unless overridden by configuration, by default after a failure of 3 successive BFD echo intervals, the RG MUST issue a DHCP renew message following a random jitter interval between 1 and 30 seconds. |
4.2.5.3 WAN.DHCPC.BFDKA – BFD
Keep-alive
| ID | Requirement |
|---|---|
| WAN.DHCPC.BFDKA.1 |
RG MUST support the BFD protocol for IP Session Keep-alive. The BFD implementation MUST be compliant with the BFD standard as described in the RFC 5880 [121] . |
| WAN.DHCPC.BFDKA.2 |
BFD MUST be initiated after both the RG and the IP Edge’s IP addresses are available on the RG. |
| WAN.DHCPC.BFDKA.3 |
The RG MUST take on the Passive role during BFD session initiation. |
| WAN.DHCPC.BFDKA.4 |
The RG MUST support BFD Demand mode |
| WAN.DHCPC.BFDKA.5 |
The RG MUST support BFD Asynchronous mode. |
| WAN.DHCPC.BFDKA.6 |
The RG MUST be able to process BFD echo packets in the data plane as specified in RFC 5881 [122]. |
| WAN.DHCPC.BFDKA.7 |
The RG MUST be able to configure the DSCP bits of BFD packets. |
| WAN.DHCPC.BFDKA.8 |
The RG MUST be able to configure the Ethernet Priority bits of BFD packets. |
| WAN.DHCPC.BFDKA.9 |
The RG SHOULD respond to IP Edge initiated BFD polls using the same DSCP and Ethernet Priority values received in the packet |
| WAN.DHCPC.BFDKA.10 |
The RG MUST ignore IP packets arriving on the BFD UDP port other than those originating on the IP Edge. |
| WAN.DHCPC.BFDKA.11 |
The BFD configuration on the RG MUST be configurable using Broadband Forum TR-069 [160]. |
| WAN.DHCPC.BFDKA.12 |
When using BFD Demand mode, the RG MUST run an inactivity timer based on the Detect Interval negotiated with the IP Edge. |
WAN.DHCPC.BFDKA.13 |
When a BFD session on the RG receives a poll with a Diag code set to “Path Down” it MUST perform the following actions:
|
| WAN.DHCPC.BFDKA.14 |
The RG DHCP client MUST be able to enter DHCPv4 Init-Reboot state or DHCPv6 Confirm state upon detecting that BFD has transitioned into “Down” state. |
| WAN.DHCPC.BFDKA.15 |
The RG MUST use the IP Edge address as the destination for BFD Control packets. |
WAN.DHCPC.BFDKA.16 |
The RG MUST be able to be pre-provisioned with the following Broadband Forum specified default configuration:
|
4.2.6 WAN.DHCPv4 – DHCP Client (DHCPv4)
4.2.6.1 WAN.DHCPv4.ERP – EAP
Re-authentication (ERP) for DHCPv4
| ID | Requirement |
|---|---|
| WAN.DHCPv4.ERP.1 |
The RG MUST support the DHCP Relay Agent Information Option RFC 3046 [78]. |
| WAN.DHCPv4.ERP.2 |
The RG MUST support receiving a DHCPv4 request message from a UE client, which includes a Parameter Request List Option requesting the DHCPv4 ERP Local Domain Name, i.e. the domain name of the ERP server of the local domain to which that client is attached. The DHCPv4 request message may be Discovery or Request. |
| WAN.DHCPv4.ERP.3 |
If the RG has the ERP Local Domain Name from authentication server for a client during a previous AAA exchange, it SHOULD include it in the DHCPv4 LDN sub-option in a Relay Agent Information Option RFC 3046 [78] and forward to the DHCPv4 server. |
| WAN.DHCPv4.ERP.4 |
The RG MUST support relaying a DHCPv4 Reply Message with the DHCPv4 ERP Local Domain Name option from the DHCPv4 server to the client. |
| WAN.DHCPv4.ERP.5 |
The RG MUST support configuration of the parameters for it to connect to the RADIUS or Diameter server via Web GUI or Controller extension. |
4.2.7 WAN.DHCPv6 – DHCP Client (DHCPv6)
4.2.7.1 WAN.DHCPv6.ERP – EAP
Re-authentication (ERP) for DHCPv6
| ID | Requirement |
|---|---|
| WAN.DHCPv6.ERP.1 |
The RG MUST support the ERP Local Domain Name (LDN) DHCPv6 Option ([131]). |
| WAN.DHCPv6.ERP.2 |
The RG MUST support receiving a DHCPv6 request message from a UE client, which includes an Option Request option requesting the DHCPv6 ERP Local Domain Name option ([131]). The DHCPv6 request message may be Solicit, Request, or Information Request. |
| WAN.DHCPv6.ERP.3 |
If the RG has pre-existing knowledge of the ERP local domain name for a client (for example, from a previous AAA exchange), it SHOULD include it in an instance of the DHCPv6 ERP Local Domain Name option of the DHCPv6 message and forward it to the DHCPv6 server as a sub-option of the Relay-Supplied Options option ([129]). |
| WAN.DHCPv6.ERP.4 |
The RG MUST support relaying a DHCPv6 Reply Message with the DHCPv6 ERP Local Domain Name option from the DHCPv6 server to the client. |
| WAN.DHCPv6.ERP.5 |
The RG MUST support configuration of the parameters for it to connect to the RADIUS or Diameter server via Web GUI or Controller extension. |
4.2.8 WAN.IPv6 – IPv6 WAN Connection
| ID | Requirement |
|---|---|
| WAN.IPv6.1 |
The RG MUST support automated establishment of an IPv6 connection according to the flow in Annex A.2. |
| WAN.IPv6.2 |
The RG MUST support a dual stack of IPv4 and IPv6 running simultaneously, as described in section 2 of RFC 4213 [102]. |
| WAN.IPv6.3 |
The RG MUST allow the IPv6 stack to be enabled / disabled. |
| WAN.IPv6.4 |
The RG MUST support DHCPv6 client messages
and behavior per IETF RFC 3315. See WAN.DHCPC.5 for further
specifics on IAID value. |
| WAN.IPv6.5 |
The RG MUST support the role of the CPE requesting router in RFC 3633 [90]. |
| WAN.IPv6.6 |
The RG MUST support specifying in its DHCPv6 prefix delegation request an indication of the length of prefix it requires. If the RG supports multiple LANs, or has PD requests from its LAN, it MUST indicate a preferred prefix length that would at least enable the RG to assign a /64 prefix to each LAN it supports. Note that the delegated prefix may vary from the requested length. |
| WAN.IPv6.7 |
When sending DHCPv6 messages, the RG MUST identify itself in OPTION_CLIENTID (1) (client-identifier) using the same client identifier as for IPv4 (see WAN.DHCPC.3 and .4). |
| WAN.IPv6.8 |
The RG MUST support IPv6 node requirements as a host node, per RFC 6434 [130]. |
| WAN.IPv6.9 |
The RG MUST support stateless address auto-configuration (SLAAC) as a host, per RFC 4862 [115]. |
| WAN.IPv6.10 |
The RG MUST support receipt of route information per RFC 4191 [100]. If the RG only has one WAN connection, it does not need to place this information in its routing table, but it does need to save it (for possible forwarding on the LAN interface). |
| WAN.IPv6.11 |
If route information is provided (RFC 4191 [100]) and the RG has multiple WAN connections, it MUST place the route information in its routing table. |
WAN.IPv6.12
|
If the RG does not have a globally-scoped address on its WAN interface after having been delegated a prefix, it MUST create addresses for itself from the delegated prefix. It MUST have at least one address and MAY have more. There is currently no algorithm defined for address creation. It should be assumed that different service providers will want different rules for how to create the address, how many addresses to create, and in the case of multiple addresses, how the different addresses are used. |
| WAN.IPv6.13 |
Requirement deleted; redundant with WAN.IPv6.3 |
| WAN.IPv6.14 |
The RG MUST be able to request the following DHCPv6 options: IA_NA (RFC 3315), reconfigure accept (RFC 3315 [84]), IA_PD (RFC 3633 [90]), and DNS_SERVERS ([91]). |
| WAN.IPv6.15 |
The RG SHOULD be able to request the following DHCPv6 options: SNTP_SERVERS ([99]), domain search list ([91]), and Client FQDN ([113]). |
| WAN.IPv6.16 |
The RG MUST be configurable as to which DHCPv6 options it requests via DHCPv6. |
| WAN.IPv6.17 |
The connectivity parameters (obtained via RA and DHCPv6) MUST persist across loss of WAN connection (or lack of response from WAN connection). |
| WAN.IPv6.18 |
The RG MUST continue to use the connectivity parameters (obtained via RA or DHCP) and consider them valid until either they expire or the RG is explicitly told to use different values. |
| WAN.IPv6.19 |
The RG MUST NOT advertise any address prefixes on the WAN using the IPv6 neighbor discovery protocol, or advertise itself as a default router. |
| WAN.IPv6.20 |
The RG MUST provide up to 4 instances of option-data within a single OPTION_VENDOR_OPTS (17) (RFC 3315 [84]) with IANA “ADSL Forum” Enterprise Number as the enterprise-number. Each instance will have one of the 4 sub-options from WAN.DHCPC.7 as the vendor-specific opt-code, with the corresponding value in the vendor-specific option-data. If the value of a parameter is empty for the RG, then the sub-option MUST be omitted. If there are no values to provide, the entire option MUST be omitted. |
| WAN.IPv6.21 |
The RG SHOULD be able to request the following DHCPv6 options: address selection policy ([137]) and DNS selection policy ([134]). |
| WAN.IPv6.22 |
If route information is provided (draft-ietf-mif-dhcpv6-route-option) and the RG has multiple WAN connections, it MUST place the route information in its routing table. |
| WAN.IPv6.23 |
The RG SHOULD generate address selection policy based on policies obtained from each WAN link by DHCPv6 option (draft-ietf-6man-addr-select-opt) or manually configured policy. |
4.2.9 WAN.TRANS – Transitional IPv6 WAN
Connection
4.2.9.1 WAN.TRANS.6rd – 6rd Transition
Mechanism
| ID | Requirement |
|---|---|
| WAN.TRANS.6rd.1 |
The RG MUST support the 6rd transition mechanism as described in RFC 5969 [123]. This includes being able to configure the necessary parameters from the Controller and via DHCPv4, creation of the prefix, using the created prefix as a “delegated prefix” for purpose of including one of its /64s in RA messages, and modifying the IP header for traffic that goes between the WAN and LAN devices. |
| WAN.TRANS.6rd.2 |
The RG MUST support enabling and disabling of the 6rd feature on the “default” routed IPv4 connection. 6rd is not applicable to bridged WAN interfaces. |
| WAN.TRANS.6rd.3 |
If the RG supports configuration mechanisms other than the 6rd DHCPv4 option 212 (user-entered, Controller configured, etc.), the RG MUST support 6rd in “hub and spoke” mode. 6rd in “hub and spoke” mode requires all IPv6 traffic to go to the 6rd border relay. In effect, this requirement removes the “direct connect to 6rd” route defined in section 7.1.1 of RFC 5969 [123]. |
4.2.9.2 WAN.TRANS.DS-Lite – Dual
Stack Lite Transition Mechanism
| ID | Requirement |
|---|---|
| WAN.TRANS.DS-Lite.1 |
The RG MUST support DS-Lite (RFC 6333 [127]) with IPv4 in IPv6 encapsulation (RFC 2473 [67]). |
| WAN.TRANS.DS-Lite.2 |
This requirement replaced by requirement WAN.TRANS.DS-Lite.6. |
| WAN.TRANS.DS-Lite.3 |
The RG MUST configure a static IPv4 default route toward the DS-Lite tunnel. |
| WAN.TRANS.DS-Lite.4 |
The RG MUST deactivate the NAPT function on the DS-Lite interface. |
| WAN.TRANS.DS-Lite.5 |
The RG MUST support enabling and disabling of DS-Lite. |
| WAN.TRANS.DS-Lite.6 |
The RG MUST be able to use the DHCPv6 option to retrieve the FQDN of the AFTR element, as defined in RFC 6334 [128]. |
| WAN.TRANS.DS-Lite.7 |
Manual configuration on the RG of the FQDN or the IPv6 address of the AFTR element SHOULD be supported. |
| WAN.TRANS.DS-Lite.8 |
Remote configuration from a Controller of the FQDN or the IPv6 address of the AFTR element SHOULD be supported. |
| WAN.TRANS.DS-Lite.9 |
The RG MUST support configurable precedence between the FQDN and the IPv6 address. |
| WAN.TRANS.DS-Lite.10 |
The RG MUST support configurable precedence between dynamic or static configuration of the IPv6 address of the AFTR element when both are available. The RG MUST use DHCPv6 by default or use an operator-specific configuration. |
4.2.9.3
WAN.TRANS.v4-release-control – IPv6 connectivity with content-based IPv4
release control transition
mechanism {#req:wan.trans.v4-release-control}
| ID | Requirement |
|---|---|
| WAN.TRANS.v4-release-control.1
|
The RG MUST provide a mechanism that monitors IPv4 session/traffic. |
| WAN.TRANS.v4-release-control.2
|
The RG MUST provide a timer-based trigger for releasing an IPv4 address. |
| WAN.TRANS.v4-release-control.3
|
The RG MUST provide signaling to the BNG according to RFC 1332 [53]. |
| WAN.TRANS.v4-release-control.4
|
The RG MUST provide the (re)assignment of an IPv4 address inside a PPP session according to RFC 1332 [53], independent of the IPv6CP status according to section 2.1 of RFC 4241 [103]. |
| WAN.TRANS.v4-release-control.5
|
The timer that triggers the release of the IPv4 address MUST be configurable. |
| WAN.TRANS.v4-release-control.6
|
The timer that triggers the release of the IPv4 address MUST be configurable from a Controller. |
4.2.9.4
WAN.TRANS.MAP-E – IPv6 connectivity with content-based IPv4 release
control transition
mechanism {#req:wan.trans.map-e}
| ID | Requirement |
|---|---|
| WAN.TRANS.MAP-E.1 |
The RG MUST support mapping of address and port with encapsulation method (MAP-E) as specified in RFC 7597 [139]. |
| WAN.TRANS.MAP-E.2 |
The RG MUST support the configuration for MAP-E operation by one or more methods, including Controller provided, DHCPv6 with options as specified in RFC 7598 [140]. |
| WAN.TRANS.MAP-E.3 |
The RG MUST support the MAP-E configuration for parameters with consistence as specified in RFC 7598 [140]. |
| WAN.TRANS.MAP-E.4 |
The RG MUST support enabling and disabling of MAP-E operation. |
| WAN.TRANS.MAP-E.5 |
When performing NAT44 function, the RG MUST restrict the port assignment within the range per MAP-E configuration. |
| WAN.TRANS.MAP-E.6 |
The RG MUST support MAP-E operation in “hub and spoke” mode by forwarding IPv4-in-IPv6 packets to the MAP-E BR for distribution. |
| WAN.TRANS.MAP-E.7 |
The RG SHOULD be able to connect to more than one MAP-E domain. |
4.2.10 WAN.PPP – PPP Client
| ID | Requirement |
|---|---|
| WAN.PPP.1 |
The RG MUST support PPP and the associated protocols as defined in IETF RFCs 1332, 1334, 1661, 1877, 1994. |
| WAN.PPP.2 |
Upon receipt of non-standard or unrecognized PPP extensions according to IETF RFCs 1570 and 2153 from the broadband network (e.g. vendor or proprietary), the RG MUST operate without fault. |
| WAN.PPP.3 |
The RG MUST support PPPoE as defined in RFC 2516 [70]. |
| WAN.PPP.4 |
The RG MUST support RFC 4638 [111] in order to accommodate MTU/MRU values greater than 1492 bytes in PPPoE. |
| WAN.PPP.5 |
If the RG supports ATM, the RG SHOULD support PPP over AAL5 (PPPoA) as defined in RFC 2364 [64]. |
| WAN.PPP.6 |
The RG MUST be able to save all logins and passwords for PPP sessions originated by the RG. Passwords MUST NOT be available outside the RG (that is, they cannot be queried or displayed). |
| WAN.PPP.7 |
The RG MUST NOT immediately terminate PPPoE sessions and upper layer protocol connections when the physical connection is lost. It should defer the teardown process for two minutes. If the physical connection is restored during that time, the RG MUST first attempt to use its previous PPPoE session settings. If these are rejected, then the original PPPoE session is to be terminated and a new PPPoE session attempted. |
| WAN.PPP.8 |
The RG SHOULD incorporate a random timing delay prior to starting each IP (v4 or v6) and PPP session. This random timing delay helps to reduce connection failures when a group of users attempts to establish connections to a service provider at the same time (e.g. after power is restored to a neighborhood that had a blackout). |
| WAN.PPP.9 |
If the RG receives an authentication failure when attempting an automated PPP connection attempt, it SHOULD re-try immediately to establish the connection. After three unsuccessful attempts, the RG SHOULD wait for five minutes, then repeat the connection attempt three times. If authentication still fails, the RG SHOULD back off to thirty minute intervals between groups of three attempts. |
| WAN.PPP.10 |
If the RG is using the PPPoE client function actively, the RG MUST be able to forward PPPoE sessions initiated from LAN devices as additional PPPoE sessions to the WAN interface (this is sometimes known as PPPoE pass-through). Specifically, these LAN initiated PPPoE sessions MUST NOT be tunneled inside the RG’s primary PPPoE client session. |
| WAN.PPP.11 |
When fragmentation is required, the RG MUST fragment all PPP sessions that it originates on an access VC using MLPPP interleaving as defined in RFC 1990 [57]. |
WAN.PPP.12 |
If PPP is used, the RG MAY obtain an IPv4 subnet mask on its WAN interface using IPCP (IPv4) extensions. If this is done, the IPv4 subnet masks will be communicated with IPCP (IPv4) using the PPP IPCP (IPv4) option with option code 144, the length of the option being 6 and the mask being expressed as a 32-bit mask (e.g. 0xFFFFFF80), not as a number indicating the consecutive number of 1s in the mask (from 0 to 32). The learned network information MAY, but need not, be used to populate the LAN side embedded DHCP server for the RG. The learned network information is treated as a subnet and not as a collection of individual addresses. That is, the first and last addresses in the subnet should not be used. The IPv4 address negotiated SHOULD, but need not, be the one assigned to the RG. |
| WAN.PPP.13 |
The RG MUST make the access concentrator name used with PPPoE connections available via the Web GUI, TR-064i2, and for a Controller for diagnostic purposes. |
| WAN.PPP.14 |
The RG MUST support RFC 3544 [86], “IP Header Compression over PPP”. |
4.2.10.1 WAN.PPP.IPv6 – PPP Client for
establishment of IPv6 connection
| ID | Requirement |
|---|---|
| WAN.PPP.IPv6.1 |
The RG MUST support IPv6 over PPP per RFC 5072 [116] and RFC 5172 [117]. |
| WAN.PPP.IPv6.2 |
The RG MUST support establishment of an IPv6 over PPPoE connection according to the flow in Annex A.1. |
| WAN.PPP.IPv6.3 |
The RG MUST allow any particular PPP connection to be configurable for IPv4 only, IPv6 only, or both. |
| WAN.PPP.IPv6.4 |
If the RG is configured for multiple PPPoE connections, it MUST be possible to configure it to use the same login and password for all, so that only the domain is unique per connection. |
| WAN.PPP.IPv6.5 |
The RG MUST NOT tear down a shared (IPv4 and IPv6) PPP session if error conditions prevent only one IP stack (either IPv4 or IPv6) from working. The session MUST be torn down if error conditions apply to both stacks. |
4.2.11 WAN.dot1x – 802.1X Client
| ID | Requirement |
|---|---|
| WAN.dot1x.1 |
The RG MUST support IEEE 802.1X acting as a supplicant. |
| WAN.dot1x.2 |
The RG MUST be able to respond to an appropriate IEEE 802.1X request and provide certificate information using Extensible Authentication Protocol-Transport Layer Security (EAP/TLS). |
| WAN.dot1x.3 |
The RG SHOULD support EAP-MD5 username and password type authentication. |
| WAN.dot1x.4 |
The RG MUST support receiving IEEE 802.1X EAPOL frames with an individual MAC address (i.e. unicast) as well as frames with a group MAC address (i.e. multicast). |
| WAN.dot1x.5 |
The RG MUST perform mutual authentication by authenticating certificate information of the requesting authenticator. |
| WAN.dot1x.6 |
The RG MUST be able to store certificate information used to authenticate the authenticator. |
| WAN.dot1x.7 |
The RG MUST be able to update the information used to validate the authenticator by either a firmware upgrade or via updated certificates. |
| WAN.dot1x.8 |
The RG SHOULD be able to update the information used to validate the authenticator by updated certificates without a firmware upgrade. |
| WAN.dot1x.9 |
The RG MUST be able to authenticate a minimum of eight authenticators. |
| WAN.dot1x.10
|
When used with IPv4 over Ethernet and DHCPv4, if the RG already has a connection when receiving an IEEE 802.1X request, the RG SHOULD subsequently perform a DHCPv4 lease renewal upon successful 802.1X authentication. |
| WAN.dot1x.11
|
Each RG MUST have a unique factory-installed private/public key pair and an embedded ITU-T X.509 version 3 / RFC 5280 [119] certificate that has been signed by the RG vendor’s certificate authority. |
| WAN.dot1x.12
|
The RG certificate MUST have a validity period greater than the operational lifetime of the RG. |
| WAN.dot1x.13
|
When used with IPv6 over Ethernet and DHCPv6, if the RG already has a connection when receiving an IEEE 802.1X request, the RG SHOULD subsequently perform a DHCPv6 CONFIRM upon successful 802.1X authentication. |
4.2.12 WAN.DoS – Denial of Service Prevention
Note: The IPv6 parts of this module apply only if the RG has an IPv6 stack.
| ID | Requirement |
|---|---|
| WAN.DoS.1 |
The RG MUST provide denial of service (DOS) protection for itself and all LAN CPE including protection from ping of death, SYN flood, LAND and variant attacks. The extent of this protection will be limited when the RG is configured as a bridge in which only PPPoE traffic is bridged. This protection MUST be available when the RG terminates IP (v4 or v6) or bridges IPv4. |
| WAN.DoS.2 |
The RG MUST reject packets from the WAN with source MAC addresses of devices on the local LAN or invalid IP (v4 or v6) addresses (e.g. broadcast addresses or IP (v4 or v6) addresses matching those assigned to the LAN segment). |
| WAN.DoS.3 |
The RG MUST reject any unidentified Ethernet packets (i.e. any packet that is not associated with IP (v4 or v6) or PPPoE protocols). |
| WAN.DoS.4 |
The RG MUST perform anti-spoofing filtering for IPv6. All IPv6 traffic sent to the WAN from the LAN MUST have an IPv6 source address with a prefix assigned to the LAN by the RG, that was delegated from the WAN (through DHCPv6 or configuration). |
| WAN.DoS.5 |
Because the RG must perform anti-spoofing filtering for IPv6, until it has an IPv6 LAN prefix delegation it MUST filter all upstream IPv6 traffic from the home. |
4.2.13 WAN.QoS – Quality of Service
Note: The IPv6 parts of this module apply only if the RG has an IPv6 stack.
| ID | Requirement | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
WAN.QoS.1 |
The RG MUST support classification of WAN directed LAN traffic and placement into appropriate queues (or discard) based on any one or more of the following pieces of information:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
WAN.QoS.2 |
The RG SHOULD support classification of WAN directed LAN traffic and placement into appropriate queues (or discard) based on any one or more of the following pieces of information:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.3 |
The RG MUST support the differentiated services field (DS field) in IP (v4 or v6) headers as defined in RFC 2474 [68]. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
WAN.QoS.4 |
The RG MUST by default recognize and provide appropriate treatment to packets marked with recommended Diffserv codepoints, whose values and behavior are defined in RFC 2474 [68], RFC 2475 [69], RFC 2597 [71], RFC 3246 [81], and RFC 3260 [82]. Specifically, the values shown in the DSCP column of the table below MUST be supported, except Cs0-7, which are optional.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.5 |
The RG MUST be able to mark or remark the Diffserv codepoint or IEEE 802.1Q Ethernet priority of traffic identified based on any of the classifiers supported by the RG. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.6 |
Requirement relocated to WAN.QoS.VLAN.1 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.7 |
Requirement relocated to WAN.QoS.VLAN.2 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.8 |
Requirement relocated to WAN.QoS.VLAN.3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.9 |
The RG MUST support one best effort (BE) queue, one expedited forwarding (EF) queue and a minimum of four assured forwarding (AF) queues. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.10 |
The RG MUST duplicate the set of queues for each access session (e.g. L2 PVC, VLAN). This can be done logically or physically. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
WAN.QoS.11 |
The RG SHOULD support the appropriate mechanism to effectively implement Diffserv per-hop scheduling behaviors. The RG SHOULD be able to configure each queue defined in WAN.QoS.9 for strict priority or weighted round robin scheduling. SP queues are served with priority over all other queues. A strict priority scheduler is preferred for EF. WRR queues are served on the basis of configurable weights, provided with a mechanism to prevent starvation (WRR queue minimum bandwidth) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.12 |
The RG MUST support aggregate shaping of upstream traffic across all access sessions (e.g. L2 PVC, VLAN). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
WAN.QoS.13 |
The RG MUST support per-class shaping of upstream traffic. Classes are defined in WAN.QoS.4. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.14 |
The RG MUST support the capability to fragment IP traffic on sessions that it originates, in order to limit the effect of large packets on traffic delay. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.15 |
The packet size threshold before fragmenting AF and BE packets MUST be configurable. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.16 |
The RG MUST handle all telephone service-related network traffic by a high priority queue to avoid congestion, delay, jitter, or packet loss. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.17 |
The RG MAY handle all telephone service-related network traffic by a dedicated WAN interface to avoid congestion, delay, jitter, or packet loss. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.18 |
The RG MUST provide counters in terms of dropped and emitted packets/bytes for each queue. Statistics SHOULD be collected from the time of last counter reset or on a configurable sample interval. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.19 |
The RG MUST provide information about queue occupancy in terms of packets and peak percentage. Statistics SHOULD be collected from the time of last counter reset or on a configurable sample interval. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
WAN.QoS.20 |
The RG MUST support classification of WAN-directed internally-generated traffic and placement into appropriate queues based on any one or more of the following pieces of information:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
WAN.QoS.21 |
The RG SHOULD support classification of WAN directed internally generated traffic and placement into appropriate queues based on any one or more of the following pieces of information:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
WAN.QoS.22 |
The RG MUST be able to learn classification keys (MAC address and IP address) through the following option of the DHCP client requests on the LAN that it serves:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WAN.QoS.23 |
The RG SHOULD be able to learn classification keys (MAC address and IP address) for trusted DLNA devices as they are recognized on the LAN. |
4.2.13.1 WAN.QoS.VLAN – VLAN based QoS
| ID | Requirement |
|---|---|
| WAN.QoS.VLAN.1 |
The RG MUST support sending the following frame types: untagged frames, priority-tagged frames, and VLAN-tagged frames in the upstream direction. This satisfies Broadband Forum TR-101 [161] R-01. |
| WAN.QoS.VLAN.2 |
The RG MUST support setting the priority tag and VLAN ID values. This satisfies Broadband Forum TR-101 [161] R-03. |
| WAN.QoS.VLAN.3 |
The RG MUST support receiving untagged and VLAN-tagged Ethernet frames in the downstream direction, and MUST be able to strip the VLAN tagging from the ones received tagged. This satisfies Broadband Forum TR-101 [161] R-04. |
4.2.13.2 WAN.QoS.TUNNEL – Quality of
Service for Tunneled Traffic
This module only applies when the RG is an endpoint for a tunnel to the WAN. This module applies to IPv6 if it is used as either the tunneled or the tunneling protocol.
| ID | Requirement |
|---|---|
| WAN.QoS.TUNNEL.1 |
The RG MUST be able to mark or remark the Diffserv codepoint of traffic that will be placed over a tunnel, based on classification of that traffic (prior to placing it on the tunnel) using any of the classifiers supported by the RG. This only applies when the traffic is going from LAN to WAN. |
| WAN.QoS.TUNNEL.2 |
The RG MUST be able to mark the Diffserv codepoint of the underlying tunnel or the IEEE 802.1Q Ethernet priority of Ethernet that is transporting the tunnel, based on classification of the tunneled traffic using any of the classifiers supported by the RG. This only applies when the traffic is going from LAN to WAN. |
| WAN.QoS.TUNNEL.3 |
When the RG receives tunneled traffic from the WAN, it MUST be able to mark or remark the Diffserv codepoint of that traffic, based on classification of the tunneled traffic using any of the IP-layer or higher layer classifiers supported by the RG. |
| WAN.QoS.TUNNEL.4 |
When the RG receives tunneled traffic from the WAN, it MUST be able to mark the IEEE 802.1Q Ethernet priority of the LAN Ethernet frame, based on classification of the tunneled traffic using any of the IP-layer or higher layer classifiers supported by the RG. |
| WAN.QoS.TUNNEL.5 |
When the RG receives tunneled traffic from the WAN, it MUST be able to mark or remark the Diffserv codepoint or mark the IEEE 802.1Q Ethernet priority of the LAN Ethernet frame, based on classification of the WAN Ethernet, using any of the Ethernet-layer classifiers supported by the RG. |
| WAN.QoS.TUNNEL.6 |
When the RG receives tunneled traffic from the WAN, it SHOULD be able to mark or remark the Diffserv codepoint or mark the IEEE 802.1Q Ethernet priority of the LAN Ethernet frame, based on classification of the underlying tunnel, using any of the IP-layer classifiers supported by the RG. |
4.2.14 WAN.IPsecClient – IPsec VPN peer
to peer
| ID | Requirement |
|---|---|
| WAN.IPsecClient.1 |
The RG MAY support peer to peer IPSec VPN, as defined in IETF RFCs 4301, 4303, 5996. |
| WAN.IPsecClient.2 |
If the RG supports IPSec VPN, it MUST support encapsulating security payload (ESP), as defined in RFC 4303 [105]. |
| WAN.IPsecClient.3 |
If the RG supports IPSec VPN, it MUST support the IKEv2 key exchange protocol as defined in RFC 5996 [124]. |
| WAN.IPsecClient.4 |
If the RG supports IPSec VPN, it MUST support IPSec VPN in tunnel mode, which is defined in section 3.2 of [104]. |
| WAN.IPsecClient.5 |
If the RG supports IPSec VPN, it MUST support dead peer detection (DPD), which is defined in RFC 5996 [124]. |
| WAN.IPsecClient.6 |
If the RG supports IPSec VPN, it must support configuring the IPSec VPN via web GUI or Controller extension. |
| WAN.IPsecClient.7 |
If the RG supports IPSec VPN, it MUST support that the source address in the IPSec is configured to be either an IP address or a TR-181 instance of WAN interface. |
| WAN.IPsecClient.8 |
If the RG supports IPSec VPN, it MUST support that the destination address in the IPSec is configured to be either an IP address or a dynamic domain name. |
| WAN.IPsecClient.9 |
If the RG supports IPSec VPN, it MUST support querying the status of child security associations (SA) from the Controller extension. |
4.2.15 WAN.L2tpClient – L2tp VPN Remote
Access
| ID | Requirement |
|---|---|
| WAN.L2tpClient.1 |
The device MAY support L2TPv2 VPN, as defined in RFC 2661 [72]. |
| WAN.L2tpClient.2 |
The device SHOULD support L2TPv3 VPN, as defined in IETF RFC 3931 [95]. |
| WAN.L2tpClient.3 |
If the device supports L2TP VPN, it SHOULD support L2TP Disconnect Cause Information, as defined in RFC 3145 [79]. |
| WAN.L2tpClient.4 |
If the device supports L2TP VPN, it MUST support L2TP/IPSec VPN connection. |
| WAN.L2tpClient.5 |
If the device supports L2TP VPN, it MUST support LNS functions, as defined in RFC 2661 [72] or RFC 3931 [95]. |
| WAN.L2tpClient.6 |
If the device supports L2TP VPN, it MUST support configuring the L2TP VPN via Web GUI or from a Controller. |
4.2.16 WAN.PCP – Port Control Protocol
| ID | Requirement |
|---|---|
| WAN.PCP.1 |
The RG MUST support Port Control Protocol (PCP) Client as specified in RFC 6887 [135]. |
| WAN.PCP.2 |
The RG MUST support Port Control Protocol (PCP) Extension for Port Set Allocation as specified in RFC 7753 [143]. |
| WAN.PCP.3 |
The RG MUST support configuring the PCP Client via web GUI or from a Controller. |
| WAN.PCP.4 |
The RG MUST be able to use the DHCP option to retrieve Server name(s) as defined in RFC 7291 [138]. |
| WAN.PCP.5 |
For the DS-Lite case, if PCP is enabled and no PCP server is configured, the RG MUST consider that the AFTR is the PCP server. |
| WAN.PCP.6 |
The PCP client of the RG MUST support invocations from applications on the RG, from the Web GUI or from a Controller. |
| WAN.PCP.7 |
The RG MUST embed an interworking function to ensure interworking between the UPnP IGD (Internet Gateway Device) used by CPE LAN devices in the LAN and PCP as defined in RFC 6970 [136]. |
| WAN.PCP.8 |
The RG MUST embed a PCP proxy function as defined in the IETF document “Port Control Protocol (PCP) Proxy Function” RFC 7648 ([141]). |
| WAN.PCP.9 |
Static (i.e. configured) PCP mappings MUST be stored on the RG across reboot or power off situations. |
4.2.17 WAN.TUN – WAN Tunnel
| ID | Requirement |
|---|---|
| WAN.TUN.1 |
The RG Should support one or more tunnel protocol, such as Vxlan、GRE,L2TP |
4.2.17.1 WAN.TUN.VXLAN – VxLAN Tunnel
| ID | Requirement |
|---|---|
| WAN.TUN.VXLAN.1 |
The RG May support VXLAN tunnels |
| WAN.TUN.VXLAN.2 |
The RG May support VXLAN tunnels using IPv4 encapsulation. |
| WAN.TUN.VXLAN.3 |
The RG May support VXLAN tunnels using IPv6 encapsulation. |
| WAN.TUN.VXLAN.4 |
The RG May support bridging Ethernet frames into a VXLAN tunnel. |
| WAN.TUN.VXLAN.5 |
The RG May support using the LSL settings in Broadband Forum TR-328 [168], table 4. |
| WAN.TUN.VXLAN.6 |
The RG May support static provisioning of VXLAN LSL settings |
| WAN.TUN.VXLAN.7 |
The RG May support obtaining VXLAN LSL settings via DHCP |
WAN.TUN.VXLAN.8 |
Upon receiving downstream encapsulated traffic from the Network side, the RG May:
|
4.2.17.2 WAN.TUN.L2 – L2Tunnel
| ID | Requirement |
|---|---|
| WAN.TUN.L2.1
|
The RG May be able to retrieve the IP configuration of its network interface, through DHCP, outside of any tunnel |
| WAN.TUN.L2.2
|
The RG May be able to be provided the configuration information of a L2 tunnel over IP, through DHCP option 125 |
| WAN.TUN.L2.3
|
The RG May be able to setup a L2 tunnel over IP |
| WAN.TUN.L2.4
|
The RG May be able to initiate LSL tunnel set up using information received from DHCP. |
| WAN.TUN.L2.5
|
The RG May support GRE tunneling The RG MUST be able to be provided the configuration information of a L2 tunnel over IP, through DHCP option 125 |
| WAN.TUN.L2.6
|
The RG May be able to setup a L2 tunnel over IP |
| WAN.TUN.L2.7
|
The RG May be able to initiate LSL tunnel set up using information received from DHCP. |