| < draft-herbert-ipv4-udpencap-eh-00.txt | draft-herbert-ipv4-udpencap-eh-01.txt > | |||
|---|---|---|---|---|
| INTERNET-DRAFT T. Herbert | INTERNET-DRAFT T. Herbert | |||
| Intended Status: Proposed Standard Quantonium | Intended Status: Proposed Standard Quantonium | |||
| Expires: August 2019 | Expires: September 2019 | |||
| February 27, 2019 | March 8, 2019 | |||
| IPv4 Extension Headers and UDP Encapsulated Extension Headers | IPv4 Extension Headers and UDP Encapsulated Extension Headers | |||
| draft-herbert-ipv4-udpencap-eh-00 | draft-herbert-ipv4-udpencap-eh-01 | |||
| Abstract | Abstract | |||
| This specification defines extension headers for IPv4 and a method to | This specification defines extension headers for IPv4 and a method to | |||
| encapsulate extension headers in UDP to facilitate transmission over | encapsulate extension headers in UDP to facilitate transmission over | |||
| the Internet. The goal is to provide a uniform and feasible method of | the Internet, as well as a definition of an IPv4 flow label. The goal | |||
| extensibility that is shared between IPv4 and IPv6. | is to provide a uniform and feasible method of extensibility that is | |||
| shared between IPv4 and IPv6. | ||||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as | other groups may also distribute working documents as | |||
| Internet-Drafts. | Internet-Drafts. | |||
| skipping to change at page 2, line 16 ¶ | skipping to change at page 2, line 17 ¶ | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1 IPv4 extension headers . . . . . . . . . . . . . . . . . . . 3 | 1.1 IPv4 extension headers . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.2 Encapsulating extension headers in UDP . . . . . . . . . . . 3 | 1.2 Encapsulating extension headers in UDP . . . . . . . . . . . 3 | |||
| 1.3 The IPv4 flow label . . . . . . . . . . . . . . . . . . . . 4 | ||||
| 2 IPv4 extension headers . . . . . . . . . . . . . . . . . . . . 4 | 2 IPv4 extension headers . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2.1 Extension Header Order . . . . . . . . . . . . . . . . . . . 6 | 2.1 Requirements . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 2.2 Options . . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 2.2 Interaction with standard IPv4 mechanisms . . . . . . . . . 6 | |||
| 2.3 Hop-by-Hop Options Header . . . . . . . . . . . . . . . . . 9 | 2.2.1 IPv4 options and IPv4 extension headers . . . . . . . . 7 | |||
| 2.4 Routing Header . . . . . . . . . . . . . . . . . . . . . . . 10 | 2.2.2 IPv4 fragmentation and IPv4 extension headers . . . . . 7 | |||
| 2.5 Fragment Header . . . . . . . . . . . . . . . . . . . . . . 11 | 3 Encapsulating extension headers in UDP . . . . . . . . . . . . 7 | |||
| 2.6 Destination Options Header . . . . . . . . . . . . . . . . . 18 | 3.1 Encapsulation format . . . . . . . . . . . . . . . . . . . . 8 | |||
| 2.7 No Next Header . . . . . . . . . . . . . . . . . . . . . . . 18 | 3.2 GUE magic numbers . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 2.8 Interaction with standard IPv4 mechanisms . . . . . . . . . 19 | 3.3 Operation . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 2.8.1 IPv4 options and IPv4 extension headers . . . . . . . . 19 | 3.3.1 Sender processing . . . . . . . . . . . . . . . . . . . 10 | |||
| 2.8.2 IPv4 fragmentation and IPv4 extension headers . . . . . 19 | 3.3.2 Destination Processing . . . . . . . . . . . . . . . . . 11 | |||
| 3 Encapsulating extension headers in UDP . . . . . . . . . . . . 20 | 3.3.3 Intermediate device processing . . . . . . . . . . . . . 11 | |||
| 3.1 Encapsulation format . . . . . . . . . . . . . . . . . . . . 20 | 4 The IPv4 flow label . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 3.2 GUE magic numbers . . . . . . . . . . . . . . . . . . . . . 21 | 4.1 Sender requirements . . . . . . . . . . . . . . . . . . . . 12 | |||
| 3.3 Operation . . . . . . . . . . . . . . . . . . . . . . . . . 22 | 4.2 Receiver requirements . . . . . . . . . . . . . . . . . . . 13 | |||
| 3.3.1 Sender processing . . . . . . . . . . . . . . . . . . . 22 | 5 Security Considerations . . . . . . . . . . . . . . . . . . . . 14 | |||
| 3.3.2 Destination Processing . . . . . . . . . . . . . . . . . 23 | 6 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 3.3.3 Intermediate device processing . . . . . . . . . . . . . 23 | 7 References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 4 Security Considerations . . . . . . . . . . . . . . . . . . . . 25 | 7.1 Normative References . . . . . . . . . . . . . . . . . . . 14 | |||
| 5 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 25 | 7.2 Informative References . . . . . . . . . . . . . . . . . . 15 | |||
| 6 References . . . . . . . . . . . . . . . . . . . . . . . . . . 25 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 6.1 Normative References . . . . . . . . . . . . . . . . . . . 25 | ||||
| 6.2 Informative References . . . . . . . . . . . . . . . . . . 25 | ||||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 27 | ||||
| 1 Introduction | 1 Introduction | |||
| This specification defines extension headers for IPv4 and a method to | This specification defines extension headers for IPv4 and a method to | |||
| encapsulate extension headers in UDP to facilitate transmission over | encapsulate extension headers in UDP to facilitate transmission over | |||
| the Internet. | the Internet. An IPv4 flow label is also defined to help intermediate | |||
| nodes classify flows for packets with unknown protocols. | ||||
| 1.1 IPv4 extension headers | 1.1 IPv4 extension headers | |||
| IPv4 options were defined in [RFC791] as the means of extending the | IPv4 options were defined in [RFC0791] as the means of extending the | |||
| IP protocol. IPv4 options have not been successful. Early router | IP protocol. IPv4 options have not been successful. Early router | |||
| implementations, and even those today, either don't process IPv4 | implementations, and even those today, either don't process IPv4 | |||
| options or relegate them to a slow path effectively making them | options or relegate them to a slow path effectively making them | |||
| unusable for serious applications. IPv4 options are limited to forty | unusable for serious applications. IPv4 options are limited to forty | |||
| bytes length and, unlike TCP options, no IP options have been defined | bytes length and, unlike TCP options, no IP options have been defined | |||
| that are critical to communications. The upshot is that IPv4 options | that are critical to communications. The upshot is that IPv4 options | |||
| have long not been considered an option for deployment [IPNOPT]. | have long not been considered an option for deployment [IPNOPT]. | |||
| IPv6 took a different approach. Extensibility of IPv6 is provided by | IPv6 took a different approach. Extensibility of IPv6 is provided by | |||
| extension headers. Optional internet-layer information is encoded in | extension headers. Optional internet-layer information is encoded in | |||
| skipping to change at page 4, line 27 ¶ | skipping to change at page 4, line 28 ¶ | |||
| node were to modify a UDP payload whose type it has misinterpreted, | node were to modify a UDP payload whose type it has misinterpreted, | |||
| then systematic silent data corruption ensues. To mitigate this | then systematic silent data corruption ensues. To mitigate this | |||
| issue, a magic number can be set in the UDP data that indicates the | issue, a magic number can be set in the UDP data that indicates the | |||
| payload type. A magic number identifies the payload as being GUE with | payload type. A magic number identifies the payload as being GUE with | |||
| high probability to minimize the risk of misintepretation. | high probability to minimize the risk of misintepretation. | |||
| Note that the solution to encapsulate extension headers can be used | Note that the solution to encapsulate extension headers can be used | |||
| for both IPv4 and IPv6. Encapsulation serves as workaround for paths | for both IPv4 and IPv6. Encapsulation serves as workaround for paths | |||
| that have problems processing IPv6 extension headers. | that have problems processing IPv6 extension headers. | |||
| 1.3 The IPv4 flow label | ||||
| IPv6 introduced the concept of a flow label that has proven quite | ||||
| convenient to perform flow classification, such as that needed by | ||||
| Equal-Cost Multipath (ECMP). The base IPv4 header does not have | ||||
| reserved bits that could be allocated as a flow label, however the | ||||
| sixteen bit Identification field can be used as a flow label in | ||||
| atomic datagrams [RFC6864]. | ||||
| The IPv4 flow label will be most useful in scenarios for which the | ||||
| existing mechanisms used to classify IPv4 packets, such as parsing | ||||
| transport layer headers to extract port information, aren't | ||||
| available. Defining an IPv4 flow label would also be another instance | ||||
| of backporting a beneficial feature from IPv6 and further unifying | ||||
| the two protocols. | ||||
| 2 IPv4 extension headers | 2 IPv4 extension headers | |||
| IPv4 extension headers are optional internet-layer information | IPv4 extension headers are optional internet-layer information | |||
| encoded in separate headers that may be placed between the IPv4 | encoded in separate headers that may be placed between the IPv4 | |||
| header and the upper-layer header in a packet. IPv4 extension headers | header and the upper-layer header in a packet. IPv4 extension headers | |||
| are based on IPv6 extension headers and share the same basic | are based on IPv6 extension headers and share the same basic | |||
| properties and semantics [RFC8200]. | properties and semantics [RFC8200]. | |||
| Extension headers are numbered from IANA IP Protocol Numbers [IANA- | Extension headers are numbered from IANA IP Protocol Numbers [IANA- | |||
| PN], the same values are used for IPv4 and IPv6. When processing a | PN], the same values are used for IPv4 and IPv6. When processing a | |||
| skipping to change at page 5, line 4 ¶ | skipping to change at page 5, line 22 ¶ | |||
| As illustrated in these examples, an IPv4 packet MAY carry zero, one, | As illustrated in these examples, an IPv4 packet MAY carry zero, one, | |||
| or more extension headers, each identified by the Next Header field | or more extension headers, each identified by the Next Header field | |||
| of the preceding header or the Protocol field of the IPv4 header: | of the preceding header or the Protocol field of the IPv4 header: | |||
| +---------------+------------------------ | +---------------+------------------------ | |||
| | IPv4 header | TCP header + data | | IPv4 header | TCP header + data | |||
| | | | | | | |||
| | Protocol = | | | Protocol = | | |||
| | TCP | | | TCP | | |||
| +---------------+------------------------ | +---------------+------------------------ | |||
| +---------------+----------------+------------------------ | +---------------+----------------+------------------------ | |||
| | IPv4 header | Hop-by-Hop | TCP header + data | | IPv4 header | Hop-by-Hop | TCP header + data | |||
| | | | | | | | | |||
| | Protocol = | Next Header = | | | Protocol = | Next Header = | | |||
| | Hop-by-Hop | TCP | | | Hop-by-Hop | TCP | | |||
| +---------------+----------------+------------------------ | +---------------+----------------+------------------------ | |||
| +---------------+----------------+-----------------+----------------- | +---------------+----------------+-----------------+----------------- | |||
| | IPv4 header | Hop-by-Hop | Fragment header | fragment of TCP | | IPv4 header | Hop-by-Hop | Fragment header | fragment of TCP | |||
| | | | | header + data | | | | | header + data | |||
| | Protocol = | Next Header = | Next Header = | | | Protocol = | Next Header = | Next Header = | | |||
| | Hop-by-Hop | Fragment | TCP | | | Hop-by-Hop | Fragment | TCP | | |||
| +---------------+----------------+-----------------+----------------- | +---------------+----------------+-----------------+----------------- | |||
| Extension headers (except for the Hop-by-Hop Options header) MUST NOT | 2.1 Requirements | |||
| be processed, inserted, or deleted by any node along a packet's | ||||
| delivery path, until the packet reaches the node (or each of the set | ||||
| of nodes, in the case of multicast) identified in the Destination | ||||
| Address field of the IPv4 header. | ||||
| The Hop-by-Hop Options header MUST NOT be inserted or deleted, but | ||||
| MAY be examined or processed by any node along a packet's delivery | ||||
| path, until the packet reaches the node (or each of the set of nodes, | ||||
| in the case of multicast) identified in the Destination Address field | ||||
| of the IPv4 header. The Hop-by-Hop Options header, when present, MUST | ||||
| immediately follow the IPv4 header. Its presence is indicated by the | ||||
| value zero in the Protocol field of the IPv4 header. | ||||
| At the destination node, normal demultiplexing on the Protocol field | ||||
| of the IPv4 header invokes the module to process the first extension | ||||
| header, or the upper-layer header if no extension header is present. | ||||
| The contents and semantics of each extension header determine whether | ||||
| or not to proceed to the next header. Therefore, extension headers | ||||
| MUST be processed strictly in the order they appear in the packet; a | ||||
| receiver MUST NOT, for example, scan through a packet looking for a | ||||
| particular kind of extension header and process that header prior to | ||||
| processing all preceding ones. | ||||
| If, as a result of processing a header, the destination node is | ||||
| required to proceed to the next header but the Next Header value in | ||||
| the current header is unrecognized by the node, it SHOULD discard the | ||||
| packet and send an ICMP Parameter Problem message to the source of | ||||
| the packet, with an ICMP Code value of 1 ("unrecognized Next Header | ||||
| type encountered") and the ICMP Pointer field containing the offset | ||||
| of the unrecognized value within the original packet. The same action | ||||
| should be taken if a node encounters a Next Header value of zero in | ||||
| any header other than an IPv6 or IPv4 header. | ||||
| Each extension header is an integer multiple of 8 octets long, in | ||||
| order to retain 8-octet alignment for subsequent headers. Multi- | ||||
| octet fields within each extension header are aligned on their | ||||
| natural boundaries, i.e., fields of width n octets are placed at an | ||||
| integer multiple of n octets from the start of the header, for n = 1, | ||||
| 2, 4, or 8. | ||||
| A full implementation of IPv4 with extension headers includes | ||||
| implementation of the following extension headers: | ||||
| Hop-by-Hop Options | ||||
| Fragment | ||||
| Destination Options | ||||
| Routing | ||||
| Authentication | ||||
| Encapsulating Security Payload | ||||
| The first four are specified in this document; IPv4 support for the | ||||
| last two are specified in [RFC4302] and [RFC4303], respectively. The | ||||
| current list of IPv4 extension headers is assumed to be the same as | ||||
| the list of IPv6 extension headers which can be found at [IANA-EH]. | ||||
| 2.1 Extension Header Order | ||||
| When more than one extension header is used in the same packet, it is | ||||
| RECOMMENDED that those headers appear in the following order: | ||||
| IPv4 header | ||||
| Hop-by-Hop Options header | ||||
| Destination Options header (note 1) | ||||
| Routing header | ||||
| Fragment header | ||||
| Authentication header (note 2) | ||||
| Encapsulating Security Payload header (note 2) | ||||
| Destination Options header (note 3) | ||||
| Upper-Layer header | ||||
| note 1: for options to be processed by the first destination that | ||||
| appears in the IPv4 Destination Address field plus | ||||
| subsequent destinations listed in the Routing header. | ||||
| note 2: additional recommendations regarding the relative order of | ||||
| the Authentication and Encapsulating Security Payload | ||||
| headers are given in [RFC4303]. | ||||
| note 3: for options to be processed only by the final destination | ||||
| of the packet. | ||||
| Each extension header should occur at most once, except for the | ||||
| Destination Options header, which should occur at most twice (once | ||||
| before a Routing header and once before the upper-layer header). | ||||
| If a legacy IPv4 destination node, one that does not support IPv4 | ||||
| extension headers, receives a packet with extension headers then the | ||||
| packet will be processed as having an unknown protocol. The packet | ||||
| will be discarded and an ICMP error should be generated. | ||||
| IPv4 nodes that support extension headers MUST accept and attempt to | ||||
| process extension headers in any order and occurring any number of | ||||
| times in the same packet, except for the Hop-by-Hop Options header, | ||||
| which is restricted to appear immediately after an IPv4 header only. | ||||
| Nonetheless, it is strongly RECOMMENDED that sources of IPv4 packets | ||||
| adhere to the above recommended order until and unless subsequent | ||||
| specifications revise that recommendation. | ||||
| 2.2 Options | ||||
| Two of the currently defined extension headers specified in this | ||||
| document -- the Hop-by-Hop Options header and the Destination Options | ||||
| header -- carry a variable number of "options" that are type-length- | ||||
| value (TLV). The format is: | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - | ||||
| | Option Type | Opt Data Len | Option Data | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - | ||||
| Option Type 8-bit identifier of the type of option. | ||||
| Opt Data Len 8-bit unsigned integer. Length of the Option | ||||
| Data field of this option, in octets. | ||||
| Option Data Variable-length field. Option-Type-specific | ||||
| data. | ||||
| The sequence of options within a header MUST be processed strictly in | ||||
| the order they appear in the header; a receiver MUST NOT scan through | ||||
| the header looking for a particular kind of option and process that | ||||
| option prior to processing all preceding ones. | ||||
| The Option Type identifiers are internally encoded such that their | ||||
| highest-order 2 bits specify the action that MUST be taken if the | ||||
| processing IPv4 node does not recognize the Option Type: | ||||
| 00 - skip over this option and continue processing the header. | ||||
| 01 - discard the packet. | ||||
| 10 - discard the packet and, regardless of whether or not the | ||||
| packet's Destination Address was a multicast address, send an | ||||
| ICMP Parameter Problem, Code 2, message to the packet's | ||||
| Source Address, pointing to the unrecognized Option Type. | ||||
| 11 - discard the packet and, only if the packet's Destination | ||||
| Address was not a multicast address, send an ICMP Parameter | ||||
| Problem, Code 2, message to the packet's Source Address, | ||||
| pointing to the unrecognized Option Type. | ||||
| The third-highest-order bit of the Option Type specifies whether or | ||||
| not the Option Data of that option can change en route to the | ||||
| packet's final destination. When an Authentication header is present | ||||
| in the packet, for any option whose data may change en route, its | ||||
| entire Option Data field MUST be treated as zero-valued octets when | ||||
| computing or verifying the packet's authenticating value. | ||||
| 0 - Option Data does not change en route | ||||
| 1 - Option Data may change en route | ||||
| The three high-order bits described above are to be treated as part | ||||
| of the Option Type, not independent of the Option Type. That is, a | ||||
| particular option is identified by a full 8-bit Option Type, not just | ||||
| the low-order 5 bits of an Option Type. | ||||
| The same Option Type numbering space is used for both the Hop-by-Hop | ||||
| Options header and the Destination Options header. However, the | ||||
| specification of a particular option may restrict its use to only one | ||||
| of those two headers. | ||||
| Individual options may have specific alignment requirements, to | ||||
| ensure that multi-octet values within Option Data fields fall on | ||||
| natural boundaries. The alignment requirement of an option is | ||||
| specified using the notation xn+y, meaning the Option Type must | ||||
| appear at an integer multiple of x octets from the start of the | ||||
| header, plus y octets. For example: | ||||
| 2n means any 2-octet offset from the start of the header. | ||||
| 8n+2 means any 8-octet offset from the start of the header, plus | ||||
| 2 octets. | ||||
| There are two padding options that are used when necessary to align | ||||
| subsequent options and to pad out the containing header to a multiple | ||||
| of 8 octets in length. These padding options MUST be recognized by | ||||
| all IPv4 implementations that support extension headers: | ||||
| Pad1 option (alignment requirement: none) | ||||
| +-+-+-+-+-+-+-+-+ | ||||
| | 0 | | ||||
| +-+-+-+-+-+-+-+-+ | ||||
| NOTE! the format of the Pad1 option is a special case -- it does | ||||
| not have length and value fields. | ||||
| The Pad1 option is used to insert 1 octet of padding into the | ||||
| Options area of a header. If more than one octet of padding is | ||||
| required, the PadN option, described next, SHOULD be used, rather | ||||
| than multiple Pad1 options. | ||||
| PadN option (alignment requirement: none) | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - | ||||
| | 1 | Opt Data Len | Option Data | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - | ||||
| The PadN option is used to insert two or more octets of padding | ||||
| into the Options area of a header. For N octets of padding, the | ||||
| Opt Data Len field contains the value N-2, and the Option Data | ||||
| consists of N-2 zero-valued octets. | ||||
| 2.3 Hop-by-Hop Options Header | ||||
| The Hop-by-Hop Options header is used to carry optional information | ||||
| that MAY be examined and processed by any node along a packet's | ||||
| delivery path. The Hop-by-Hop Options header is identified by a Next | ||||
| Header value of 0 in the IPv4 header and has the following format: | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| | Next Header | Hdr Ext Len | | | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | ||||
| | | | ||||
| . . | ||||
| . Options . | ||||
| . . | ||||
| | | | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| Next Header 8-bit selector. Identifies the type of header | ||||
| immediately following the Hop-by-Hop Options | ||||
| header. Values are defined in [IANA-PN]. | ||||
| Hdr Ext Len 8-bit unsigned integer. Length of the Hop-by- | ||||
| Hop Options header in 8-octet units, not | ||||
| including the first 8 octets. | ||||
| Options Variable-length field, of length such that the | ||||
| complete Hop-by-Hop Options header is an | ||||
| integer multiple of 8 octets long. Contains | ||||
| one or more TLV-encoded options, as described | ||||
| in Section 2.2. | ||||
| The only hop-by-hop options defined in this document are the Pad1 and | ||||
| PadN options specified in Section 2.2. | ||||
| 2.4 Routing Header | ||||
| The Routing header is used by an IPv4 source to list one or more | ||||
| intermediate nodes to be "visited" on the way to a packet's | ||||
| destination. This function is very similar to IPv4's Loose Source and | ||||
| Record Route option. The Routing header is identified by a Next | ||||
| Header value of 43 in the immediately preceding header and has the | ||||
| following format: | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| | Next Header | Hdr Ext Len | Routing Type | Segments Left | | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| | | | ||||
| . . | ||||
| . type-specific data . | ||||
| . . | ||||
| | | | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| Next Header 8-bit selector. Identifies the type of header | ||||
| immediately following the Routing | ||||
| header. Values are defined in [IANA-PN]. | ||||
| Hdr Ext Len 8-bit unsigned integer. Length of the Routing | ||||
| header in 8-octet units, not including the | ||||
| first 8 octets. | ||||
| Routing Type 8-bit identifier of a particular Routing | ||||
| header variant. | ||||
| Segments Left 8-bit unsigned integer. Number of route | ||||
| segments remaining, i.e., number of explicitly | ||||
| listed intermediate nodes still to be visited | ||||
| before reaching the final destination. | ||||
| type-specific data Variable-length field, of format determined by | ||||
| the Routing Type, and of length such that the | ||||
| complete Routing header is an integer multiple | ||||
| of 8 octets long. | ||||
| If, while processing a received packet, a node encounters a Routing | ||||
| header with an unrecognized Routing Type value, the required behavior | ||||
| of the node depends on the value of the Segments Left field, as | ||||
| follows: | ||||
| If Segments Left is zero, the node MUST ignore the Routing header | ||||
| and proceed to process the next header in the packet, whose type | ||||
| is identified by the Next Header field in the Routing header. | ||||
| If Segments Left is non-zero, the node MUST discard the packet and | ||||
| send an ICMP Parameter Problem, Code 0, message to the packet's | ||||
| Source Address, pointing to the unrecognized Routing Type. | ||||
| If, after processing a Routing header of a received packet, an | ||||
| intermediate node determines that the packet is to be forwarded onto | ||||
| a link whose link MTU is less than the size of the packet, the node | ||||
| MUST discard the packet and send an ICMP Packet Too Big message to | ||||
| the packet's Source Address. | ||||
| 2.5 Fragment Header | ||||
| The Fragment header is used by an IPv4 source to send a packet larger | ||||
| than would fit in the path MTU to its destination. This can be used | ||||
| as an alternative to canonical IPv4 fragmentation. As in IPv6, | ||||
| fragmentation using the Fragment Header is performed only by source | ||||
| nodes. Section 2.8.1 discusses the interaction between IPv4 extension | ||||
| headers and standard IPv4 fragmentation. | ||||
| A Fragment header is identified by a Next Header value of 44 in the | ||||
| immediately preceding header and has the following format: | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| | Next Header | Reserved | Fragment Offset |Res|M| | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| | Identification | | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| Next Header 8-bit selector. Identifies the initial header | ||||
| type of the Fragmentable Part of the original | ||||
| packet (defined below). Uses the same values | ||||
| as the IPv4 Protocol field [IANA-PN]. | ||||
| Reserved 8-bit reserved field. Initialized to zero for | ||||
| transmission; ignored on reception. | ||||
| Fragment Offset 13-bit unsigned integer. The offset, in | ||||
| 8-octet units, of the data following this | ||||
| header, relative to the start of the | ||||
| Fragmentable Part of the original packet. | ||||
| Res 2-bit reserved field. Initialized to zero for | ||||
| transmission; ignored on reception. | ||||
| M flag 1 = more fragments; 0 = last fragment. | ||||
| Identification 32 bits. See description below. | ||||
| In order to send a packet that is too large to fit in the MTU of the | ||||
| path to its destination, a source node may divide the packet into | ||||
| fragments and send each fragment as a separate packet, to be | ||||
| reassembled at the receiver. | ||||
| For every packet that is to be fragmented, the source node generates | ||||
| an Identification value. The Identification must be different than | ||||
| that of any other fragmented packet sent recently* with the same | ||||
| Source Address and Destination Address. If a Routing header is | ||||
| present, the Destination Address of concern is that of the final | ||||
| destination. | ||||
| * "recently" means within the maximum likely lifetime of a | ||||
| packet, including transit time from source to destination and | ||||
| time spent awaiting reassembly with other fragments of the same | ||||
| packet. However, it is not required that a source node knows | ||||
| the maximum packet lifetime. Rather, it is assumed that the | ||||
| requirement can be met by implementing an algorithm that | ||||
| results in a low identification reuse frequency. Examples of | ||||
| algorithms meeting this requirement are described in [RFC7739]. | ||||
| The initial unfragmented packet is referred to as the "original | ||||
| packet" and is considered to consist of three parts, as shown: | ||||
| original packet: | ||||
| +------------------+-------------------------+---//----------------+ | ||||
| | Per-Fragment | Extension & Upper-Layer | Fragmentable | | ||||
| | Headers | Headers | Part | | ||||
| +------------------+-------------------------+---//----------------+ | ||||
| The Per-Fragment headers must consist of the IPv4 header plus any | ||||
| extension headers that must be processed by nodes en route to the | ||||
| destination, that is, all headers up to and including the Routing | ||||
| header if present, else the Hop-by-Hop Options header if present, | ||||
| else no extension headers. | ||||
| The Extension headers are all other extension headers that are not | ||||
| included in the Per-Fragment headers part of the packet. For this | ||||
| purpose, the Encapsulating Security Payload (ESP) is not | ||||
| considered an extension header. The Upper-Layer header is the | ||||
| first upper-layer header that is not an IPv4 extension header. | ||||
| Examples of upper-layer headers include TCP, UDP, IPv4, IPv6, | ||||
| ICMPv4, and as noted ESP. | ||||
| The Fragmentable Part consists of the rest of the packet after the | ||||
| upper-layer header or after any header (i.e., initial IPv4 header | ||||
| or extension header) that contains a Next Header value of No Next | ||||
| Header. | ||||
| The Fragmentable Part of the original packet is divided into | ||||
| fragments. The lengths of the fragments MUST be chosen such that the | ||||
| resulting fragment packets fit within the MTU of the path to the | ||||
| packet's destination(s). Each complete fragment, except possibly the | ||||
| last ("rightmost") one, is an integer multiple of 8 octets long. | ||||
| The fragments are transmitted in separate "fragment packets" as | ||||
| illustrated: | ||||
| original packet: | ||||
| +-----------------+-----------------+--------+--------+-//-+--------+ | ||||
| | Per-Fragment |Ext & Upper-Layer| first | second | | last | | ||||
| | Headers | Headers |fragment|fragment|....|fragment| | ||||
| +-----------------+-----------------+--------+--------+-//-+--------+ | ||||
| fragment packets: | ||||
| +------------------+---------+-------------------+----------+ | ||||
| | Per-Fragment |Fragment | Ext & Upper-Layer | first | | ||||
| | Headers | Header | Headers | fragment | | ||||
| +------------------+---------+-------------------+----------+ | ||||
| +------------------+--------+-------------------------------+ | ||||
| | Per-Fragment |Fragment| second | | ||||
| | Headers | Header | fragment | | ||||
| +------------------+--------+-------------------------------+ | ||||
| o | ||||
| o | ||||
| o | ||||
| +------------------+--------+----------+ | ||||
| | Per-Fragment |Fragment| last | | ||||
| | Headers | Header | fragment | | ||||
| +------------------+--------+----------+ | ||||
| The first fragment packet is composed of: | ||||
| (1) The Per-Fragment headers of the original packet, with the | ||||
| Total Length of the original IPv4 header changed to contain | ||||
| the length of this fragment packet only, and the Next Header | ||||
| field of the last header of the Per-Fragment headers changed | ||||
| to 44. | ||||
| (2) A Fragment header containing: | ||||
| The Next Header value that identifies the first header | ||||
| after the Per-Fragment headers of the original packet. | ||||
| A Fragment Offset containing the offset of the fragment, | ||||
| in 8-octet units, relative to the start of the | ||||
| Fragmentable Part of the original packet. The Fragment | ||||
| Offset of the first ("leftmost") fragment is 0. | ||||
| An M flag value of 1 as this is the first fragment. | ||||
| The Identification value generated for the original | ||||
| packet. | ||||
| (3) Extension headers, if any, and the Upper-Layer header. These | ||||
| headers must be in the first fragment. Note: This restricts | ||||
| the size of the headers through the Upper-Layer header to the | ||||
| MTU of the path to the packet's destinations(s). | ||||
| (4) The first fragment. | ||||
| The subsequent fragment packets are composed of: | ||||
| (1) The Per-Fragment headers of the original packet, with the | ||||
| Total Length of the original IPv4 header changed to contain | ||||
| the length of this fragment packet only, and the Next Header | ||||
| field of the last header of the Per-Fragment headers changed | ||||
| to 44. | ||||
| (2) A Fragment header containing: | ||||
| The Next Header value that identifies the first header | ||||
| after the Per-Fragment headers of the original packet. | ||||
| A Fragment Offset containing the offset of the fragment, | ||||
| in 8-octet units, relative to the start of the | ||||
| Fragmentable Part of the original packet. | ||||
| An M flag value of 0 if the fragment is the last | ||||
| ("rightmost") one, else an M flag value of 1. | ||||
| The Identification value generated for the original | ||||
| packet. | ||||
| (3) The fragment itself. | ||||
| Fragments MUST not be created that overlap with any other fragments | ||||
| created from the original packet. | ||||
| At the destination, fragment packets are reassembled into their | ||||
| original, unfragmented form, as illustrated: | ||||
| reassembled original packet: | ||||
| +---------------+-----------------+---------+--------+-//--+--------+ | ||||
| | Per-Fragment |Ext & Upper-Layer| first | second | | last | | ||||
| | Headers | Headers |frag data|fragment|.....|fragment| | ||||
| +---------------+-----------------+---------+--------+-//--+--------+ | ||||
| The following rules govern reassembly: | ||||
| An original packet is reassembled only from fragment packets that | ||||
| have the same Source Address, Destination Address, and Fragment | ||||
| Identification. | ||||
| The Per-Fragment headers of the reassembled packet consists of all | ||||
| headers up to, but not including, the Fragment header of the first | ||||
| fragment packet (that is, the packet whose Fragment Offset is | ||||
| zero). This includes the IPv4 header and any associated IPv4 | ||||
| options of the first fragment. The Per-Fragment headers of the | ||||
| reassembled packet include the following two changes: | ||||
| The Next Header field of the last header of the Per-Fragment | ||||
| headers is obtained from the Next Header field of the first | ||||
| fragment's Fragment header. | ||||
| The Total Length of the reassembled packet is computed from the | ||||
| length of the Per-Fragment headers (including the IPv4 header) | ||||
| and the length and offset of the last fragment. For example, a | ||||
| formula for computing the Total Length of the reassembled | ||||
| original packet is: | ||||
| TL.orig = TL.first - FL.first - 8 + (8 * FO.last) + FL.last | ||||
| where | ||||
| TL.orig = Total Length of reassembled packet. | ||||
| FL.first = length of fragment following Fragment header of | ||||
| first fragment packet. | ||||
| FO.last = Fragment Offset field of Fragment header of last | ||||
| fragment packet. | ||||
| FL.last = length of fragment following Fragment header of | ||||
| last fragment packet. | ||||
| The Fragmentable Part of the reassembled packet is constructed | ||||
| from the fragments following the Fragment headers in each of | ||||
| the fragment packets. The length of each fragment is computed | ||||
| by subtracting from the packet's Total Length the length of the | ||||
| headers before the fragment itself; its relative position in | ||||
| Fragmentable Part is computed from its Fragment Offset value. | ||||
| The Fragment header is not present in the final, reassembled | ||||
| packet. | ||||
| If the fragment is a whole datagram (that is, both the Fragment | ||||
| Offset field and the M flag are zero), then it does not need | ||||
| any further reassembly and should be processed as a fully | ||||
| reassembled packet (i.e., updating Next Header or Protocol, | ||||
| adjust Total Length, removing the Fragment header, etc.). Any | ||||
| other fragments that match this packet (i.e., the same IPv4 | ||||
| Source Address, IPv4 Destination Address, and Fragment | ||||
| Identification) should be processed independently. | ||||
| The following error conditions may arise when reassembling fragmented | ||||
| packets: | ||||
| o If insufficient fragments are received to complete reassembly | ||||
| of a packet within 60 seconds or a configured time limit of the | ||||
| reception of the first-arriving fragment of that packet, | ||||
| reassembly of that packet MUST be abandoned and all the | ||||
| fragments that have been received for that packet MUST be | ||||
| discarded. If the first fragment (i.e., the one with a | ||||
| Fragment Offset of zero) has been received, an ICMP Time | ||||
| Exceeded -- Fragment Reassembly Time Exceeded message SHOULD be | ||||
| sent to the source of that fragment. | ||||
| o If the length of a fragment, as derived from the fragment | ||||
| packet's Total Length field, is not a multiple of 8 octets and | ||||
| the M flag of that fragment is 1, then that fragment MUST be | ||||
| discarded and an ICMP Parameter Problem, Code 0, message SHOULD | ||||
| be sent to the source of the fragment, pointing to the Total | ||||
| Length field of the fragment packet. | ||||
| o If the length and offset of a fragment are such that the Total | ||||
| Length of the packet reassembled from that fragment would | ||||
| exceed 65,535 octets, then that fragment MUST be discarded and | ||||
| an ICMP Parameter Problem, Code 0, message SHOULD be sent to | ||||
| the source of the fragment, pointing to the Fragment Offset | ||||
| field of the fragment packet. | ||||
| o If the first fragment does not include all headers through an | ||||
| Upper-Layer header, then that fragment SHOULD be discarded and | ||||
| an ICMP Parameter Problem, Code 3, message should be sent to | ||||
| the source of the fragment, with the Pointer field set to zero. | ||||
| o If any of the fragments being reassembled overlap with any | ||||
| other fragments being reassembled for the same packet, | ||||
| reassembly of that packet MUST be abandoned and all the | ||||
| fragments that have been received for that packet MUST be | ||||
| discarded, and no ICMP error messages SHOULD be sent. | ||||
| It should be noted that fragments may be duplicated in the | ||||
| network. Instead of treating these exact duplicate fragments as | ||||
| overlapping fragments, an implementation MAY choose to detect | ||||
| this case and drop exact duplicate fragments while keeping the | ||||
| other fragments belonging to the same packet. | ||||
| The following conditions are not expected to occur frequently but are | ||||
| not considered errors if they do: | ||||
| The number and content of the headers preceding the Fragment | IPv4 extension headers normatively assumes the requirements of IPv6 | |||
| header of different fragments of the same original packet may | extension headers as defined in [RFC8200] section 4, with the | |||
| differ. Whatever headers are present, preceding the Fragment | following modifications: | |||
| header in each fragment packet, MUST be processed when the packets | ||||
| arrive and prior to queuing the fragments for reassembly. Only | ||||
| those headers in the Offset zero fragment packet are retained in | ||||
| the reassembled packet. | ||||
| Different IP options may appear in different fragments of the same | * References to the IPv6 header are replaced by references to the | |||
| original packet. Whatever IP options are present are processed | IPv4 header. | |||
| when the packets arrive prior to processing any extension headers | ||||
| or queuing the fragments for reassembly. Only the IP options in | ||||
| the Offset zero fragment packet are retained in the reassembled | ||||
| packet. | ||||
| The Next Header values in the Fragment headers of different | * ICMP errors sent in the course of processing extension headers | |||
| fragments of the same original packet may differ. Only the value | use ICMPv4. | |||
| from the Offset zero fragment packet is used for reassembly. | ||||
| Other fields in the IPv4 header may also vary across the fragments | * The IPv4 header Protocol field assumes the same role and | |||
| being reassembled. Specifications that use these fields may | semantics with respect to extension headers as the IPv6 Next | |||
| provide additional instructions if the basic mechanism of using | Header field. | |||
| the values from the Offset zero fragment is not sufficient. For | ||||
| example, Section 5.3 of [RFC3168] describes how to combine the | ||||
| Explicit Congestion Notification (ECN) bits from different | ||||
| fragments to derive the ECN bits of the reassembled packet. | ||||
| 2.6 Destination Options Header | * The Hop-by-Hop Options header is used to carry optional | |||
| information that MAY be examined and processed by any node along | ||||
| a packet's delivery path. | ||||
| The Destination Options header is used to carry optional information | * If a legacy IPv4 destination node, one that does not support | |||
| that need be examined only by a packet's destination node(s). The | IPv4 extension headers, receives a packet with extension headers | |||
| Destination Options header is identified by a Next Header value of 60 | then the packet will be processed as having an unknown protocol. | |||
| in the immediately preceding header and has the following format: | It is expected that the packet will be discarded and an ICMP | |||
| error is generated. | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | * Extension headers or options that carry IPv6 specific data or | |||
| | Next Header | Hdr Ext Len | | | are otherwise specific to IPv6 MUST not be used with IPv4 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | (Segment Routing [SRV6EH] for example). IPv4 variants of these | |||
| | | | might be defined if achieving the same functionality in IPv4 is | |||
| . . | desirable. | |||
| . Options . | ||||
| . . | ||||
| | | | ||||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
| Next Header 8-bit selector. Identifies the type of header | * References to the IPv6 Payload Length, for instance in | |||
| immediately following the Destination Options | reassembly procedures, are interpreted as being the computed | |||
| header. Uses the same values as the IPv4 | IPv4 payload length (i.e. IPv4 Total Length minus the length of | |||
| Protocol field [IANA-PN]. | the IPv4 header). | |||
| Hdr Ext Len 8-bit unsigned integer. Length of the | The following are modifications to fragmentation and reassembly | |||
| Destination Options header in 8-octet units, | requirements: | |||
| not including the first 8 octets. | ||||
| Options Variable-length field, of length such that the | * References to setting the Payload Length field in the IPv6 | |||
| complete Destination Options header is an | header are interpreted to be setting the Total Length in the | |||
| integer multiple of 8 octets long. Contains | IPv4 header taking into account the IPv4 header length. | |||
| one or more TLV-encoded options, as described | ||||
| in Section 2.2. | ||||
| The only destination options defined in this document are the Pad1 | * When creating or modifying IPv4 headers in packets, the IPv4 | |||
| and PadN options specified in Section 2.2. | header checksum MUST be set correctly. | |||
| 2.7 No Next Header | * Different fragment packets MAY contain different IP options. The | |||
| IP header and any options in the reassembled packet are taken | ||||
| from the first fragment packet (the one with offset of zero). | ||||
| The value 59 in the Protocol field of an IPv4 header or Next Header | * If the length and offset of a fragment are such that the Total | |||
| field extension header indicates that there is nothing following that | Length of the packet reassembled from that fragment would exceed | |||
| header. If the Total Length field of the IPv4 header indicates the | 65,535 octets, then that fragment must be discarded and an ICMP | |||
| presence of octets past the end of a header whose Next Header field | Parameter Problem, Code 0, message should be sent to the source | |||
| contains 59, those octets must be ignored and passed on unchanged if | of the fragment, pointing to the Fragment Offset field of the | |||
| the packet is forwarded. | fragment packet. | |||
| 2.8 Interaction with standard IPv4 mechanisms | 2.2 Interaction with standard IPv4 mechanisms | |||
| IPv4 extension headers may be used concurrently with IPv4 mechanisms | IPv4 extension headers may be used concurrently with IPv4 mechanisms | |||
| such as IPv4 options and IPv4 fragmentation. This section discusses | such as IPv4 options and IPv4 fragmentation. This section discusses | |||
| the interactions. | the interactions. | |||
| 2.8.1 IPv4 options and IPv4 extension headers | 2.2.1 IPv4 options and IPv4 extension headers | |||
| An IPv4 packet MAY contain both IPv4 options and extension headers. | An IPv4 packet MAY contain both IPv4 options and extension headers. | |||
| IPv4 options are completely independent of IPv4 extension headers. | IPv4 options are completely independent of IPv4 extension headers. | |||
| IPv4 options MUST be processed before processing any extension | IPv4 options MUST be processed before processing any extension | |||
| headers per normal requirements of processing the IP header before | headers per normal requirements of processing the IP header before | |||
| the IP payload. | the IP payload. | |||
| 2.8.2 IPv4 fragmentation and IPv4 extension headers | 2.2.2 IPv4 fragmentation and IPv4 extension headers | |||
| An IPv4 packet may be fragmented both by using a Fragment extension | An IPv4 packet may be fragmented both by using a Fragment extension | |||
| header as well as by standard IPv4 fragmentation. The Fragment header | header as well as by standard IPv4 fragmentation. The Fragment header | |||
| can only be set at the source, however intermediate devices can | can only be set at the source, however intermediate devices can | |||
| fragment packets using standard IPv4 fragmentation. Standard IPv4 | fragment packets using standard IPv4 fragmentation. Standard IPv4 | |||
| fragmentation at a source node MUST be done only after any extension | fragmentation at a source node MUST be done only after any extension | |||
| headers are set in a packet or the packet was fragmented using the | headers are set in a packet or the packet was fragmented using the | |||
| Fragment header. Specifically, fragmentation using the extension | Fragment header. Specifically, fragmentation using the extension | |||
| header MUST NOT be done on packet fragments created by standard IPv4 | header MUST NOT be done on packet fragments created by standard IPv4 | |||
| fragmentation. However, a packet fragment that contains a Fragment | fragmentation. However, a packet fragment that contains a Fragment | |||
| skipping to change at page 21, line 4 ¶ | skipping to change at page 8, line 47 ¶ | |||
| | | | | | | | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/ | |||
| | | | | | | |||
| ~ Extension headers ~ | ~ Extension headers ~ | |||
| | | | | | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | | | | | | |||
| ~ Transport packet ~ | ~ Transport packet ~ | |||
| | | | | | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| The pertinent fields in the base GUE header are: | The pertinent fields in the base GUE header are: | |||
| o Variant - set 0 for variant 0. | o Variant - set 0 for variant 0. | |||
| o C bit - Control bit. Set to zero indicating a data message. | o C bit - Control bit. Set to zero indicating a data message. | |||
| o Hlen - Header length of GUE header in four byte words not | o Hlen - Header length of GUE header in four byte words not | |||
| including the first four bytes. | including the first four bytes. | |||
| o Proto/ctype - The type of the encapsulated protocol. This is an | o Proto/ctype - The type of the encapsulated protocol. This is an | |||
| IP protocol and may be an extension header. If the payload is | IP protocol and may be an extension header. If the payload is | |||
| something other than an IP protocol or the payload is encrypted | something other than an IP protocol or the payload is encrypted | |||
| or transformed, then this field is set to 59 (No Next Header)-- | or transformed, then this field is set to 59 (No Next Header)-- | |||
| in this case the type of the payload is determined through other | in this case the type of the payload is determined through other | |||
| means. | means. | |||
| o M: Magic number bit. If this bit is set then the GUE magic | o M: Magic number bit. If this bit is set then the GUE magic | |||
| number option is present. The GUE magic number option is | number option is present. The GUE magic number option is | |||
| described below. | described below. | |||
| Any of the GUE options defined in [GUEEXT] may be set in the packet. | Any of the GUE options defined in [GUEEXT] MAY be set in the packet. | |||
| To facilitate maintaining the correct transport layer checksum across | To facilitate maintaining the correct transport layer checksum across | |||
| NAT translation, the NAT checksum address option SHOULD be used | NAT translation, the NAT address checksum option SHOULD be used | |||
| ([GUEEXT]). The GUE magic number option, defined below, is used to | ([GUEEXT]). The GUE magic number option, defined below, is used to | |||
| help intermediate nodes correctly identify GUE packets. | help intermediate nodes correctly identify GUE packets. | |||
| If a transport layer protocol is encapsulated in GUE then the IP | If a transport layer protocol is encapsulated in GUE then the IP | |||
| header for the transport header is taken to be the IP header of the | header for the transport header is taken to be the IP header of the | |||
| GUE/UDP packet. In particular, an encapsulated transport header may | GUE/UDP packet. In particular, an encapsulated transport header may | |||
| have a checksum that includes the IP addresses in a pseudo header for | have a checksum that includes the IP addresses in a pseudo header for | |||
| checksum calculation (TCP or UDP). | checksum calculation (TCP or UDP). | |||
| 3.2 GUE magic numbers | 3.2 GUE magic numbers | |||
| skipping to change at page 22, line 28 ¶ | skipping to change at page 10, line 22 ¶ | |||
| To encapsulate extension headers, a sender inserts a UDP and GUE | To encapsulate extension headers, a sender inserts a UDP and GUE | |||
| header between an IP header and the first extension header. | header between an IP header and the first extension header. | |||
| If a sender encapsulates extension headers in GUE then it MUST NOT | If a sender encapsulates extension headers in GUE then it MUST NOT | |||
| also set extension headers in the IPv4 or IPv6 header. When extension | also set extension headers in the IPv4 or IPv6 header. When extension | |||
| headers are encapsulated in GUE, the Next Header field of the IPv6 | headers are encapsulated in GUE, the Next Header field of the IPv6 | |||
| header or the Protocol field of the IPv4 header MUST be set to 17 to | header or the Protocol field of the IPv4 header MUST be set to 17 to | |||
| indicate UDP. | indicate UDP. | |||
| If the encapsulated transport protocol contains a checksum with a | If the encapsulated transport protocol contains a checksum with a | |||
| pseudo header and the packet may traverse a NAT, then the NAT | pseudo header and the packet may traverse a NAT, then the NAT Address | |||
| Checksum option SHOULD be set to allow the receiver to properly | Checksum option SHOULD be set to allow the receiver to properly | |||
| adjust the received transport layer checksum. Other GUE options MAY | adjust the received transport layer checksum. Other GUE options MAY | |||
| be set per the discretion of the sender. | be set per the discretion of the sender. | |||
| If the packet being encapsulated contains a Hop-by-Hop extension | If the packet being encapsulated contains a Hop-by-Hop extension | |||
| header then the Magic Number option MUST be used to allow | header then the Magic Number option MUST be used to allow | |||
| intermediate nodes to process and potentially modify data in the | intermediate nodes to process and potentially modify data in the | |||
| extension header. Note that in this case the proto/ctype field in the | extension header. Note that in this case the proto/ctype field in the | |||
| GUE header MUST be zero indicating Hop-by-Hop options extension | GUE header MUST be zero indicating Hop-by-Hop options extension | |||
| header. | header. | |||
| skipping to change at page 23, line 15 ¶ | skipping to change at page 11, line 9 ¶ | |||
| o The remote checksum option MAY be used concurrently with the | o The remote checksum option MAY be used concurrently with the | |||
| magic number option under the assumption that intermediate nodes | magic number option under the assumption that intermediate nodes | |||
| will not modify encapsulated transport checksum fields or | will not modify encapsulated transport checksum fields or | |||
| attempt to verify an encapsulated transport layer checksum (in | attempt to verify an encapsulated transport layer checksum (in | |||
| the latter case they could do that it they were to take the | the latter case they could do that it they were to take the | |||
| remote checksum offload option into account). | remote checksum offload option into account). | |||
| 3.3.2 Destination Processing | 3.3.2 Destination Processing | |||
| Encapsulated extension headers in GUE is processed by normal methods | Encapsulated extension headers in GUE are processed by normal methods | |||
| of processing GUE. As described in [GUE]: | of processing GUE. As described in [GUE]: | |||
| If a valid data message is received, the UDP header and GUE header | If a valid data message is received, the UDP header and GUE header | |||
| are removed from the packet. The outer IP header remains intact | are removed from the packet. The outer IP header remains intact | |||
| and the next protocol in the IP header is set to the protocol from | and the next protocol in the IP header is set to the protocol from | |||
| the proto field in the GUE header. The resulting packet is then | the proto field in the GUE header. The resulting packet is then | |||
| resubmitted into the protocol stack to process that packet as | resubmitted into the protocol stack to process that packet as | |||
| though it was received with the protocol in the GUE header. | though it was received with the protocol in the GUE header. | |||
| In the case that the GUE packet contains extension headers, the | In the case that the GUE packet contains extension headers, the | |||
| skipping to change at page 24, line 5 ¶ | skipping to change at page 11, line 46 ¶ | |||
| might contain Hop-by-Hop options to process. | might contain Hop-by-Hop options to process. | |||
| Processing of packets with encapsulated Hop-by-Hop options has the | Processing of packets with encapsulated Hop-by-Hop options has the | |||
| following flow: | following flow: | |||
| 1) Match destination UDP port number to be GUE. | 1) Match destination UDP port number to be GUE. | |||
| 2) If the GUE variant is not zero or the C bit is set (control | 2) If the GUE variant is not zero or the C bit is set (control | |||
| message) then discontinue payload processing. | message) then discontinue payload processing. | |||
| 3) If magic number option is not present in the GUE header then | 3) If proto/ctype value is not zero (not Hop-by-Hop options) then | |||
| discontinue payload processing. | discontinue payload processing. | |||
| 4) If proto/ctype value is not zero (not Hop-by-Hop options) then | 5) If magic number option is not present in the GUE header then | |||
| discontinue payload processing. | discontinue payload processing. | |||
| 5) If the GUE header indicates that a fragment option or payload | 5) Compare the magic number value in the GUE header to the | |||
| transform option is present then discontinue payload | ||||
| processing. | ||||
| 6) If the checksum option is present and the payload coverage is | ||||
| non-zero then discontinue payload processing. | ||||
| 7) If the alternate checksum option is present and the payload | ||||
| coverage is non-zero then discontinue payload processing. | ||||
| 8) If the HMAC security option is present and the Payload length | ||||
| is not zero then discontinue payload processing. | ||||
| 9) Compare the magic number value in the GUE header to the | ||||
| defined value. If they are not equal then discontinue payload | defined value. If they are not equal then discontinue payload | |||
| processing | processing | |||
| 10) If the GUE checksum option is present (and payload coverage is | 6) If the GUE checksum option is present (and payload coverage is | |||
| zero) then the GUE checksum MAY be validated. If checksum | zero) then the GUE checksum MAY be validated. If checksum | |||
| validation fails, then discontinue payload processing | validation fails, then discontinue payload processing | |||
| 11) If the alternate checksum is present (and payload coverage is | 7) If the alternate checksum is present (and payload coverage is | |||
| zero) then the alternate checksum MAY be validated. If | zero) then the alternate checksum MAY be validated. If | |||
| alternate checksum validation fails, then discontinue payload | alternate checksum validation fails, then discontinue payload | |||
| processing | processing | |||
| 12) Process the encapsulated Hop-by-Hop options. If a Hop-by-Hop | 8) Process the encapsulated Hop-by-Hop options. If a Hop-by-Hop | |||
| option is modified then the outer UDP checksum MUST be updated | option is modified then the outer UDP checksum MUST be updated | |||
| to reflect the change. | to reflect the change. | |||
| Note that intermediate MUST not modify any fields other then data in | Note that an intermediate node MUST not modify any fields other then | |||
| modifiable Hop-by-Hop options or the UDP checksum which needs to be | data in modifiable Hop-by-Hop options or the UDP checksum which needs | |||
| updated when UDP payload is modified. In particular, intermediate | to be updated when UDP payload is modified. In particular, | |||
| nodes MUST NOT modify the GUE header nor an data aside from that in | intermediate nodes MUST NOT modify the GUE header nor an data aside | |||
| modifiable Hop-by-Hop options. | from that in modifiable Hop-by-Hop options. | |||
| 4 Security Considerations | 4 The IPv4 flow label | |||
| As stated in [RFC6864]: | ||||
| ">> Originating sources MAY set the IPv4 ID field of atomic | ||||
| datagrams to any value." | ||||
| This specification allows the IPv4 ID to be used as a flow label in | ||||
| atomic datagrams. Atomic datagrams are IPv4 packets for which | ||||
| (DF==1)&&(MF==0)&&(frag_offset==0). | ||||
| 4.1 Sender requirements | ||||
| An origin host MAY set the IPv4 Identification field as a flow label | ||||
| in atomic packets. The IPv4 flow label is set following the same | ||||
| procedures for setting the IPv6 flow label as described in [RFC6437], | ||||
| with the following modifications: | ||||
| * The Identification field MUST NOT be used as a flow label in | ||||
| non-atomic fragments. | ||||
| * Only stateless flow labels can be set. | ||||
| * The value to set, e.g. from a hash computation over packet | ||||
| headers, is truncated to sixteen bits (the size of the | ||||
| Identification field). | ||||
| * If the IPv4 Identification field is not used as a flow label in | ||||
| atomic fragments, it SHOULD be set to zero. | ||||
| * Intermediate nodes MUST NOT set the Identification field in | ||||
| atomic datagrams. | ||||
| 4.2 Receiver requirements | ||||
| Receivers, including intermediate hosts, MAY process non-zero | ||||
| Identification fields in IPv4 header of atomic datagrams as being a | ||||
| flow label. The IPv4 flow label for instance can be used as input to | ||||
| ECMP as described in [RFC6438]. | ||||
| It is RECOMMENDED that a receiver only consumes the flow label if | ||||
| other typical means flow classification, such as parsing the | ||||
| transport layer headers to extract port numbers for the flow, are not | ||||
| available. For instance, the IPv4 flow label could be used for flow | ||||
| based packet steering if a router encounters a packet with a protocol | ||||
| that is unknown to it. | ||||
| 5 Security Considerations | ||||
| This specification enables use of IPv6 extension headers in IPv4. | This specification enables use of IPv6 extension headers in IPv4. | |||
| Related security mechanisms of IPv6 extension headers can be applied | Related security mechanisms of IPv6 extension headers can be applied | |||
| for use with IPv4 extension headers. | for use with IPv4 extension headers. | |||
| When extension headers are encapsulated in GUE, normal GUE security | When extension headers are encapsulated in GUE, normal GUE security | |||
| mechanisms can be used. If an intermediate node might modify GUE | mechanisms can be used. If an intermediate node might modify GUE | |||
| payload to process modifiable extension headers, then a GUE security | payload to process modifiable extension headers, then a GUE security | |||
| algorithm cannot take input to authenticate the GUE payload. If | algorithm cannot take input to authenticate the GUE payload. If | |||
| authentication is necessary, then an Authentication header may be | authentication is necessary, then an Authentication header may be | |||
| used that treats modifiable data fields as zero-valued octets when | used that treats modifiable data fields as zero-valued octets when | |||
| computing or verifying the packet's authenticating value. | computing or verifying the packet's authenticating value. | |||
| 5 IANA Considerations | The IPv4 flow label has similar security properties as the IPv6 flow | |||
| label. If the security intent of the sender is to prevent | ||||
| intermediate nodes in the network from classifying its traffic into | ||||
| flows then the IPv4 flow label SHOULD NOT be used. | ||||
| IANA is requested to assign a value in the "GUE flag-fields" resigtry | 6 IANA Considerations | |||
| IANA is requested to assign a value in the "GUE flag-fields" registry | ||||
| for the Magic Number option. | for the Magic Number option. | |||
| +-------------+---------------+-------------+--------------------+ | +-------------+---------------+-------------+--------------------+ | |||
| | Flags bits | Field size | Description | Reference | | | Flags bits | Field size | Description | Reference | | |||
| +-------------+---------------+-------------+--------------------+ | +-------------+---------------+-------------+--------------------+ | |||
| | Bit 10 | 8 bytes | Magic number| This document | | | Bit 10 | 8 bytes | Magic number| This document | | |||
| +-------------+---------------+-------------+--------------------+ | +-------------+---------------+-------------+--------------------+ | |||
| 6 References | 7 References | |||
| 6.1 Normative References | 7.1 Normative References | |||
| [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September | [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September | |||
| 1981. | 1981. | |||
| [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 | [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 | |||
| (IPv6) Specification", STD 86, RFC 8200, DOI | (IPv6) Specification", STD 86, RFC 8200, DOI | |||
| 10.17487/RFC8200, July 2017, <https://www.rfc- | 10.17487/RFC8200, July 2017, <https://www.rfc- | |||
| editor.org/info/rfc8200>. | editor.org/info/rfc8200>. | |||
| [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition of | [RFC6864] Touch, J., "Updated Specification of the IPv4 ID Field", | |||
| Explicit Congestion Notification (ECN) to IP", RFC 3168, | RFC 6864, DOI 10.17487/RFC6864, February 2013, | |||
| DOI 10.17487/RFC3168, September 2001, <https://www.rfc- | <https://www.rfc-editor.org/info/rfc6864>. | |||
| editor.org/info/rfc3168>. | ||||
| [GUE] Herbert, T., Yong, L., Zia, )., "Generic UDP | [GUE] Herbert, T., Yong, L., Zia, )., "Generic UDP | |||
| Encapsulation", draft-ietf-intarea-gue-06 | Encapsulation", draft-ietf-intarea-gue-07 | |||
| 6.2 Informative References | 7.2 Informative References | |||
| [RFC7872] Gont, F., Linkova, J., Chown, T., and W. Liu, "Observations | [RFC7872] Gont, F., Linkova, J., Chown, T., and W. Liu, "Observations | |||
| on the Dropping of Packets with IPv6 Extension Headers in | on the Dropping of Packets with IPv6 Extension Headers in | |||
| the Real World", RFC 7872, DOI 10.17487/RFC7872, June 2016, | the Real World", RFC 7872, DOI 10.17487/RFC7872, June 2016, | |||
| <https://www.rfc-editor.org/info/rfc7872>. | <https://www.rfc-editor.org/info/rfc7872>. | |||
| [RFC7605] Touch, J., "Recommendations on Using Assigned Transport | [RFC7605] Touch, J., "Recommendations on Using Assigned Transport | |||
| Port Numbers", BCP 165, RFC 7605, DOI 10.17487/RFC7605, | Port Numbers", BCP 165, RFC 7605, DOI 10.17487/RFC7605, | |||
| August 2015, <https://www.rfc-editor.org/info/rfc7605>. | August 2015, <https://www.rfc-editor.org/info/rfc7605>. | |||
| [RFC4302] Kent, S., "IP Authentication Header", RFC 4302, DOI | [RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme, | |||
| 10.17487/RFC4302, December 2005, <https://www.rfc- | "IPv6 Flow Label Specification", RFC 6437, DOI | |||
| editor.org/info/rfc4302>. | 10.17487/RFC6437, November 2011, <https://www.rfc- | |||
| editor.org/info/rfc6437>. | ||||
| [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC | ||||
| 4303, DOI 10.17487/RFC4303, December 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4303>. | ||||
| [RFC7739] Gont, F., "Security Implications of Predictable Fragment | ||||
| Identification Values", RFC 7739, DOI 10.17487/RFC7739, | ||||
| February 2016, <https://www.rfc-editor.org/info/rfc7739>. | ||||
| [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition of | [RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label for | |||
| Explicit Congestion Notification (ECN) to IP", RFC 3168, | Equal Cost Multipath Routing and Link Aggregation in | |||
| DOI 10.17487/RFC3168, September 2001, <https://www.rfc- | Tunnels", RFC 6438, DOI 10.17487/RFC6438, November 2011, | |||
| editor.org/info/rfc3168>. | <https://www.rfc-editor.org/info/rfc6438>. | |||
| [IPNOPT] Rodrigo Fonseca, George Manning Porter, Randy H. Katz, | [IPNOPT] Rodrigo Fonseca, George Manning Porter, Randy H. Katz, | |||
| Scott Shenker and Ion Stoica, "IP Options are not an | Scott Shenker and Ion Stoica, "IP Options are not an | |||
| option", | option", | |||
| <https://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/EECS- | <https://www2.eecs.berkeley.edu/Pubs/TechRpts/2005/EECS- | |||
| 2005-24.html> | 2005-24.html> | |||
| [FAST] Herbert, T., "Firewall and Service Tickets", draft-herbert- | [FAST] Herbert, T., "Firewall and Service Tickets", draft-herbert- | |||
| fast-03 | fast-03 | |||
| skipping to change at page 27, line 10 ¶ | skipping to change at page 16, line 7 ¶ | |||
| ietf-6man-segment-routing-header-16 | ietf-6man-segment-routing-header-16 | |||
| [IANA-PN] IANA, "Protocol Numbers", | [IANA-PN] IANA, "Protocol Numbers", | |||
| <https://www.iana.org/assignments/protocol-numbers>. | <https://www.iana.org/assignments/protocol-numbers>. | |||
| [IANA-EH] IANA, "IPv6 Extension Header Types", | [IANA-EH] IANA, "IPv6 Extension Header Types", | |||
| <https://www.iana.org/assignments/ipv6-parameters>. | <https://www.iana.org/assignments/ipv6-parameters>. | |||
| [GUEEXT] Herbert, T., Yong, L., and Templin, F., "Extensions for | [GUEEXT] Herbert, T., Yong, L., and Templin, F., "Extensions for | |||
| Generic UDP Encapsulation", draft-ietf-intarea-gue- | Generic UDP Encapsulation", draft-ietf-intarea-gue- | |||
| extensions-05 | extensions-07 | |||
| Author's Address | Author's Address | |||
| Tom Herbert | Tom Herbert | |||
| Quantonium | Quantonium | |||
| Santa Clara, CA | Santa Clara, CA | |||
| USA | USA | |||
| Email: tom@quantonium.net | Email: tom@quantonium.net | |||
| End of changes. 50 change blocks. | ||||
| 733 lines changed or deleted | 181 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||