idnits 2.17.1 draft-ietf-6man-rfc2460bis-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 159 has weird spacing: '...r layer a pro...' == Line 173 has weird spacing: '...ighbors nod...' == Line 175 has weird spacing: '...terface a n...' == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 19, 2017) is 2496 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'Section 4' is mentioned on line 231, but not defined -- Obsolete informational reference (is this intentional?): RFC 1981 (Obsoleted by RFC 8201) -- Obsolete informational reference (is this intentional?): RFC 2460 (Obsoleted by RFC 8200) Summary: 0 errors (**), 0 flaws (~~), 6 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Deering 3 Internet-Draft Retired 4 Obsoletes: 2460 (if approved) R. Hinden 5 Intended status: Standards Track Check Point Software 6 Expires: November 20, 2017 May 19, 2017 8 Internet Protocol, Version 6 (IPv6) Specification 9 draft-ietf-6man-rfc2460bis-13 11 Abstract 13 This document specifies version 6 of the Internet Protocol (IPv6). 14 It obsoletes RFC2460 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on November 20, 2017. 33 Copyright Notice 35 Copyright (c) 2017 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 This document may contain material from IETF Documents or IETF 49 Contributions published or made publicly available before November 50 10, 2008. The person(s) controlling the copyright in some of this 51 material may not have granted the IETF Trust the right to allow 52 modifications of such material outside the IETF Standards Process. 53 Without obtaining an adequate license from the person(s) controlling 54 the copyright in such materials, this document may not be modified 55 outside the IETF Standards Process, and derivative works of it may 56 not be created outside the IETF Standards Process, except to format 57 it for publication as an RFC or to translate it into languages other 58 than English. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 3. IPv6 Header Format . . . . . . . . . . . . . . . . . . . . . 5 65 4. IPv6 Extension Headers . . . . . . . . . . . . . . . . . . . 6 66 4.1. Extension Header Order . . . . . . . . . . . . . . . . . 8 67 4.2. Options . . . . . . . . . . . . . . . . . . . . . . . . . 9 68 4.3. Hop-by-Hop Options Header . . . . . . . . . . . . . . . . 12 69 4.4. Routing Header . . . . . . . . . . . . . . . . . . . . . 12 70 4.5. Fragment Header . . . . . . . . . . . . . . . . . . . . . 14 71 4.6. Destination Options Header . . . . . . . . . . . . . . . 21 72 4.7. No Next Header . . . . . . . . . . . . . . . . . . . . . 22 73 4.8. Defining New Extension Headers and Options . . . . . . . 22 74 5. Packet Size Issues . . . . . . . . . . . . . . . . . . . . . 23 75 6. Flow Labels . . . . . . . . . . . . . . . . . . . . . . . . . 24 76 7. Traffic Classes . . . . . . . . . . . . . . . . . . . . . . . 24 77 8. Upper-Layer Protocol Issues . . . . . . . . . . . . . . . . . 24 78 8.1. Upper-Layer Checksums . . . . . . . . . . . . . . . . . . 25 79 8.2. Maximum Packet Lifetime . . . . . . . . . . . . . . . . . 26 80 8.3. Maximum Upper-Layer Payload Size . . . . . . . . . . . . 27 81 8.4. Responding to Packets Carrying Routing Headers . . . . . 27 82 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 83 10. Security Considerations . . . . . . . . . . . . . . . . . . . 28 84 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 30 85 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 86 12.1. Normative References . . . . . . . . . . . . . . . . . . 30 87 12.2. Informative References . . . . . . . . . . . . . . . . . 31 88 Appendix A. Formatting Guidelines for Options . . . . . . . . . 33 89 Appendix B. Changes Since RFC2460 . . . . . . . . . . . . . . . 36 90 B.1. Change History Since RFC2460 . . . . . . . . . . . . . . 39 91 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 45 93 1. Introduction 95 IP version 6 (IPv6) is a new version of the Internet Protocol (IP), 96 designed as the successor to IP version 4 (IPv4) [RFC0791]. The 97 changes from IPv4 to IPv6 fall primarily into the following 98 categories: 100 o Expanded Addressing Capabilities 102 IPv6 increases the IP address size from 32 bits to 128 bits, to 103 support more levels of addressing hierarchy, a much greater 104 number of addressable nodes, and simpler auto-configuration of 105 addresses. The scalability of multicast routing is improved by 106 adding a "scope" field to multicast addresses. And a new type 107 of address called an "anycast address" is defined, used to send 108 a packet to any one of a group of nodes. 110 o Header Format Simplification 112 Some IPv4 header fields have been dropped or made optional, to 113 reduce the common-case processing cost of packet handling and 114 to limit the bandwidth cost of the IPv6 header. 116 o Improved Support for Extensions and Options 118 Changes in the way IP header options are encoded allows for 119 more efficient forwarding, less stringent limits on the length 120 of options, and greater flexibility for introducing new options 121 in the future. 123 o Flow Labeling Capability 125 A new capability is added to enable the labeling of sequences 126 of packets that the sender requests to be treated in the 127 network as a single flow. 129 o Authentication and Privacy Capabilities 131 Extensions to support authentication, data integrity, and 132 (optional) data confidentiality are specified for IPv6. 134 This document specifies the basic IPv6 header and the initially- 135 defined IPv6 extension headers and options. It also discusses packet 136 size issues, the semantics of flow labels and traffic classes, and 137 the effects of IPv6 on upper-layer protocols. The format and 138 semantics of IPv6 addresses are specified separately in [RFC4291]. 140 The IPv6 version of ICMP, which all IPv6 implementations are required 141 to include, is specified in [RFC4443] 143 The data transmission order for IPv6 is the same as for IPv4 as 144 defined in Appendix B of [RFC0791]. 146 Note: As this document obsoletes [RFC2460], any document referenced 147 in this document that includes pointers to RFC2460, should be 148 interpreted as referencing this document. 150 2. Terminology 152 node a device that implements IPv6. 154 router a node that forwards IPv6 packets not explicitly 155 addressed to itself. [See Note below]. 157 host any node that is not a router. [See Note below]. 159 upper layer a protocol layer immediately above IPv6. Examples are 160 transport protocols such as TCP and UDP, control 161 protocols such as ICMP, routing protocols such as OSPF, 162 and internet or lower-layer protocols being "tunneled" 163 over (i.e., encapsulated in) IPv6 such as IPX, 164 AppleTalk, or IPv6 itself. 166 link a communication facility or medium over which nodes can 167 communicate at the link layer, i.e., the layer 168 immediately below IPv6. Examples are Ethernets (simple 169 or bridged); PPP links; X.25, Frame Relay, or ATM 170 networks; and internet (or higher) layer "tunnels", such 171 as tunnels over IPv4 or IPv6 itself. 173 neighbors nodes attached to the same link. 175 interface a node's attachment to a link. 177 address an IPv6-layer identifier for an interface or a set of 178 interfaces. 180 packet an IPv6 header plus payload. 182 link MTU the maximum transmission unit, i.e., maximum packet size 183 in octets, that can be conveyed over a link. 185 path MTU the minimum link MTU of all the links in a path between 186 a source node and a destination node. 188 Note: it is possible for a device with multiple interfaces to be 189 configured to forward non-self-destined packets arriving from some 190 set (fewer than all) of its interfaces, and to discard non-self- 191 destined packets arriving from its other interfaces. Such a device 192 must obey the protocol requirements for routers when receiving 193 packets from, and interacting with neighbors over, the former 194 (forwarding) interfaces. It must obey the protocol requirements for 195 hosts when receiving packets from, and interacting with neighbors 196 over, the latter (non-forwarding) interfaces. 198 3. IPv6 Header Format 200 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 201 |Version| Traffic Class | Flow Label | 202 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 203 | Payload Length | Next Header | Hop Limit | 204 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 205 | | 206 + + 207 | | 208 + Source Address + 209 | | 210 + + 211 | | 212 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 213 | | 214 + + 215 | | 216 + Destination Address + 217 | | 218 + + 219 | | 220 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 222 Version 4-bit Internet Protocol version number = 6. 224 Traffic Class 8-bit traffic class field. See section 7. 226 Flow Label 20-bit flow label. See section 6. 228 Payload Length 16-bit unsigned integer. Length of the IPv6 229 payload, i.e., the rest of the packet 230 following this IPv6 header, in octets. (Note 231 that any extension headers [Section 4] present 232 are considered part of the payload, i.e., 233 included in the length count.) 235 Next Header 8-bit selector. Identifies the type of header 236 immediately following the IPv6 header. Uses 237 the same values as the IPv4 Protocol field 238 [IANA-PN]. 240 Hop Limit 8-bit unsigned integer. Decremented by 1 by 241 each node that forwards the packet. When 242 forwarding, the packet is discarded if Hop 243 Limit was zero when received or is decremented 244 to zero. A node that is the destination of a 245 packet should not discard a packet with hop 246 limit equal to zero, it should process the 247 packet normally. 249 Source Address 128-bit address of the originator of the 250 packet. See [RFC4291]. 252 Destination Address 128-bit address of the intended recipient of 253 the packet (possibly not the ultimate 254 recipient, if a Routing header is present). 255 See [RFC4291] and section 4.4. 257 4. IPv6 Extension Headers 259 In IPv6, optional internet-layer information is encoded in separate 260 headers that may be placed between the IPv6 header and the upper- 261 layer header in a packet. There is a small number of such extension 262 headers, each one identified by a distinct Next Header value. 264 Extension Headers are numbered from IANA IP Protocol Numbers 265 [IANA-PN], the same values used for IPv4 and IPv6. When processing a 266 sequence of Next Header values in a packet, the first one that is not 267 an Extension Header [IANA-EH] indicates that the next item in the 268 packet is the corresponding upper-layer header. A special "No Next 269 Header" value is used if there is no upper-layer header. 271 As illustrated in these examples, an IPv6 packet may carry zero, one, 272 or more extension headers, each identified by the Next Header field 273 of the preceding header: 275 +---------------+------------------------ 276 | IPv6 header | TCP header + data 277 | | 278 | Next Header = | 279 | TCP | 280 +---------------+------------------------ 282 +---------------+----------------+------------------------ 283 | IPv6 header | Routing header | TCP header + data 284 | | | 285 | Next Header = | Next Header = | 286 | Routing | TCP | 287 +---------------+----------------+------------------------ 289 +---------------+----------------+-----------------+----------------- 290 | IPv6 header | Routing header | Fragment header | fragment of TCP 291 | | | | header + data 292 | Next Header = | Next Header = | Next Header = | 293 | Routing | Fragment | TCP | 294 +---------------+----------------+-----------------+----------------- 296 Extension headers (except for the Hop-by-Hop Options header) are not 297 processed, inserted, or deleted by any node along a packet's delivery 298 path, until the packet reaches the node (or each of the set of nodes, 299 in the case of multicast) identified in the Destination Address field 300 of the IPv6 header. 302 The Hop-by-Hop Options header is not inserted or deleted, but may be 303 examined or processed by any node along a packet's delivery path, 304 until the packet reaches the node (or each of the set of nodes, in 305 the case of multicast) identified in the Destination Address field of 306 the IPv6 header. The Hop-by-Hop Options header, when present, must 307 immediately follow the IPv6 header. Its presence is indicated by the 308 value zero in the Next Header field of the IPv6 header. 310 NOTE: While [RFC2460] required that all nodes must examine and 311 process the Hop-by-Hop Options header, it is now expected that nodes 312 along a packet's delivery path only examine and process the Hop-by- 313 Hop Options header if explicitly configured to do so. 315 At the Destination node, normal demultiplexing on the Next Header 316 field of the IPv6 header invokes the module to process the first 317 extension header, or the upper-layer header if no extension header is 318 present. The contents and semantics of each extension header 319 determine whether or not to proceed to the next header. Therefore, 320 extension headers must be processed strictly in the order they appear 321 in the packet; a receiver must not, for example, scan through a 322 packet looking for a particular kind of extension header and process 323 that header prior to processing all preceding ones. 325 If, as a result of processing a header, the destination node is 326 required to proceed to the next header but the Next Header value in 327 the current header is unrecognized by the node, it should discard the 328 packet and send an ICMP Parameter Problem message to the source of 329 the packet, with an ICMP Code value of 1 ("unrecognized Next Header 330 type encountered") and the ICMP Pointer field containing the offset 331 of the unrecognized value within the original packet. The same 332 action should be taken if a node encounters a Next Header value of 333 zero in any header other than an IPv6 header. 335 Each extension header is an integer multiple of 8 octets long, in 336 order to retain 8-octet alignment for subsequent headers. Multi- 337 octet fields within each extension header are aligned on their 338 natural boundaries, i.e., fields of width n octets are placed at an 339 integer multiple of n octets from the start of the header, for n = 1, 340 2, 4, or 8. 342 A full implementation of IPv6 includes implementation of the 343 following extension headers: 345 Hop-by-Hop Options 346 Fragment 347 Destination Options 348 Routing 349 Authentication 350 Encapsulating Security Payload 352 The first four are specified in this document; the last two are 353 specified in [RFC4302] and [RFC4303], respectively. The current list 354 of IPv6 extension headers can be found at [IANA-EH]. 356 4.1. Extension Header Order 358 When more than one extension header is used in the same packet, it is 359 recommended that those headers appear in the following order: 361 IPv6 header 362 Hop-by-Hop Options header 363 Destination Options header (note 1) 364 Routing header 365 Fragment header 366 Authentication header (note 2) 367 Encapsulating Security Payload header (note 2) 368 Destination Options header (note 3) 369 upper-layer header 370 note 1: for options to be processed by the first destination that 371 appears in the IPv6 Destination Address field plus 372 subsequent destinations listed in the Routing header. 374 note 2: additional recommendations regarding the relative order of 375 the Authentication and Encapsulating Security Payload 376 headers are given in [RFC4303]. 378 note 3: for options to be processed only by the final destination 379 of the packet. 381 Each extension header should occur at most once, except for the 382 Destination Options header which should occur at most twice (once 383 before a Routing header and once before the upper-layer header). 385 If the upper-layer header is another IPv6 header (in the case of IPv6 386 being tunneled over or encapsulated in IPv6), it may be followed by 387 its own extension headers, which are separately subject to the same 388 ordering recommendations. 390 If and when other extension headers are defined, their ordering 391 constraints relative to the above listed headers must be specified. 393 IPv6 nodes must accept and attempt to process extension headers in 394 any order and occurring any number of times in the same packet, 395 except for the Hop-by-Hop Options header which is restricted to 396 appear immediately after an IPv6 header only. Nonetheless, it is 397 strongly advised that sources of IPv6 packets adhere to the above 398 recommended order until and unless subsequent specifications revise 399 that recommendation. 401 4.2. Options 403 Two of the currently-defined extension headers defined in this 404 document -- the Hop-by-Hop Options header and the Destination Options 405 header -- carry a variable number of type-length-value (TLV) encoded 406 "options", of the following format: 408 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - 409 | Option Type | Opt Data Len | Option Data 410 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - 412 Option Type 8-bit identifier of the type of option. 414 Opt Data Len 8-bit unsigned integer. Length of the Option 415 Data field of this option, in octets. 417 Option Data Variable-length field. Option-Type-specific 418 data. 420 The sequence of options within a header must be processed strictly in 421 the order they appear in the header; a receiver must not, for 422 example, scan through the header looking for a particular kind of 423 option and process that option prior to processing all preceding 424 ones. 426 The Option Type identifiers are internally encoded such that their 427 highest-order two bits specify the action that must be taken if the 428 processing IPv6 node does not recognize the Option Type: 430 00 - skip over this option and continue processing the header. 432 01 - discard the packet. 434 10 - discard the packet and, regardless of whether or not the 435 packet's Destination Address was a multicast address, send an 436 ICMP Parameter Problem, Code 2, message to the packet's 437 Source Address, pointing to the unrecognized Option Type. 439 11 - discard the packet and, only if the packet's Destination 440 Address was not a multicast address, send an ICMP Parameter 441 Problem, Code 2, message to the packet's Source Address, 442 pointing to the unrecognized Option Type. 444 The third-highest-order bit of the Option Type specifies whether or 445 not the Option Data of that option can change en-route to the 446 packet's final destination. When an Authentication header is present 447 in the packet, for any option whose data may change en-route, its 448 entire Option Data field must be treated as zero-valued octets when 449 computing or verifying the packet's authenticating value. 451 0 - Option Data does not change en-route 453 1 - Option Data may change en-route 455 The three high-order bits described above are to be treated as part 456 of the Option Type, not independent of the Option Type. That is, a 457 particular option is identified by a full 8-bit Option Type, not just 458 the low-order 5 bits of an Option Type. 460 The same Option Type numbering space is used for both the Hop-by-Hop 461 Options header and the Destination Options header. However, the 462 specification of a particular option may restrict its use to only one 463 of those two headers. 465 Individual options may have specific alignment requirements, to 466 ensure that multi-octet values within Option Data fields fall on 467 natural boundaries. The alignment requirement of an option is 468 specified using the notation xn+y, meaning the Option Type must 469 appear at an integer multiple of x octets from the start of the 470 header, plus y octets. For example: 472 2n means any 2-octet offset from the start of the header. 473 8n+2 means any 8-octet offset from the start of the header, plus 2 474 octets. 476 There are two padding options which are used when necessary to align 477 subsequent options and to pad out the containing header to a multiple 478 of 8 octets in length. These padding options must be recognized by 479 all IPv6 implementations: 481 Pad1 option (alignment requirement: none) 483 +-+-+-+-+-+-+-+-+ 484 | 0 | 485 +-+-+-+-+-+-+-+-+ 487 NOTE! the format of the Pad1 option is a special case -- it does 488 not have length and value fields. 490 The Pad1 option is used to insert one octet of padding into the 491 Options area of a header. If more than one octet of padding is 492 required, the PadN option, described next, should be used, rather 493 than multiple Pad1 options. 495 PadN option (alignment requirement: none) 497 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - 498 | 1 | Opt Data Len | Option Data 499 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - 501 The PadN option is used to insert two or more octets of padding 502 into the Options area of a header. For N octets of padding, the 503 Opt Data Len field contains the value N-2, and the Option Data 504 consists of N-2 zero-valued octets. 506 Appendix A contains formatting guidelines for designing new options. 508 4.3. Hop-by-Hop Options Header 510 The Hop-by-Hop Options header is used to carry optional information 511 that may be examined and processed by every node along a packet's 512 delivery path. The Hop-by-Hop Options header is identified by a Next 513 Header value of 0 in the IPv6 header, and has the following format: 515 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 516 | Next Header | Hdr Ext Len | | 517 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 518 | | 519 . . 520 . Options . 521 . . 522 | | 523 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 525 Next Header 8-bit selector. Identifies the type of header 526 immediately following the Hop-by-Hop Options 527 header. Uses the same values as the IPv4 528 Protocol field [IANA-PN]. 530 Hdr Ext Len 8-bit unsigned integer. Length of the Hop-by- 531 Hop Options header in 8-octet units, not 532 including the first 8 octets. 534 Options Variable-length field, of length such that the 535 complete Hop-by-Hop Options header is an 536 integer multiple of 8 octets long. Contains 537 one or more TLV-encoded options, as described 538 in section 4.2. 540 The only hop-by-hop options defined in this document are the Pad1 and 541 PadN options specified in section 4.2. 543 4.4. Routing Header 545 The Routing header is used by an IPv6 source to list one or more 546 intermediate nodes to be "visited" on the way to a packet's 547 destination. This function is very similar to IPv4's Loose Source 548 and Record Route option. The Routing header is identified by a Next 549 Header value of 43 in the immediately preceding header, and has the 550 following format: 552 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 553 | Next Header | Hdr Ext Len | Routing Type | Segments Left | 554 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 555 | | 556 . . 557 . type-specific data . 558 . . 559 | | 560 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 562 Next Header 8-bit selector. Identifies the type of header 563 immediately following the Routing header. 564 Uses the same values as the IPv4 Protocol 565 field [IANA-PN]. 567 Hdr Ext Len 8-bit unsigned integer. Length of the Routing 568 header in 8-octet units, not including the 569 first 8 octets. 571 Routing Type 8-bit identifier of a particular Routing 572 header variant. 574 Segments Left 8-bit unsigned integer. Number of route 575 segments remaining, i.e., number of explicitly 576 listed intermediate nodes still to be visited 577 before reaching the final destination. 579 type-specific data Variable-length field, of format determined by 580 the Routing Type, and of length such that the 581 complete Routing header is an integer multiple 582 of 8 octets long. 584 If, while processing a received packet, a node encounters a Routing 585 header with an unrecognized Routing Type value, the required behavior 586 of the node depends on the value of the Segments Left field, as 587 follows: 589 If Segments Left is zero, the node must ignore the Routing header 590 and proceed to process the next header in the packet, whose type 591 is identified by the Next Header field in the Routing header. 593 If Segments Left is non-zero, the node must discard the packet and 594 send an ICMP Parameter Problem, Code 0, message to the packet's 595 Source Address, pointing to the unrecognized Routing Type. 597 If, after processing a Routing header of a received packet, an 598 intermediate node determines that the packet is to be forwarded onto 599 a link whose link MTU is less than the size of the packet, the node 600 must discard the packet and send an ICMP Packet Too Big message to 601 the packet's Source Address. 603 The currently defined IPv6 Routing Headers and their status can be 604 found at [IANA-RH]. Allocation guidelines for IPv6 Routing Headers 605 can be found in [RFC5871]. 607 4.5. Fragment Header 609 The Fragment header is used by an IPv6 source to send a packet larger 610 than would fit in the path MTU to its destination. (Note: unlike 611 IPv4, fragmentation in IPv6 is performed only by source nodes, not by 612 routers along a packet's delivery path -- see section 5.) The 613 Fragment header is identified by a Next Header value of 44 in the 614 immediately preceding header, and has the following format: 616 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 617 | Next Header | Reserved | Fragment Offset |Res|M| 618 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 619 | Identification | 620 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 622 Next Header 8-bit selector. Identifies the initial header 623 type of the Fragmentable Part of the original 624 packet (defined below). Uses the same values 625 as the IPv4 Protocol field [IANA-PN]. 627 Reserved 8-bit reserved field. Initialized to zero for 628 transmission; ignored on reception. 630 Fragment Offset 13-bit unsigned integer. The offset, in 631 8-octet units, of the data following this 632 header, relative to the start of the 633 Fragmentable Part of the original packet. 635 Res 2-bit reserved field. Initialized to zero for 636 transmission; ignored on reception. 638 M flag 1 = more fragments; 0 = last fragment. 640 Identification 32 bits. See description below. 642 In order to send a packet that is too large to fit in the MTU of the 643 path to its destination, a source node may divide the packet into 644 fragments and send each fragment as a separate packet, to be 645 reassembled at the receiver. 647 For every packet that is to be fragmented, the source node generates 648 an Identification value. The Identification must be different than 649 that of any other fragmented packet sent recently* with the same 650 Source Address and Destination Address. If a Routing header is 651 present, the Destination Address of concern is that of the final 652 destination. 654 * "recently" means within the maximum likely lifetime of a 655 packet, including transit time from source to destination and 656 time spent awaiting reassembly with other fragments of the same 657 packet. However, it is not required that a source node knows 658 the maximum packet lifetime. Rather, it is assumed that the 659 requirement can be met by implementing an algorithm that 660 results in a low identification reuse frequency. Examples of 661 algorithms that can meet this requirement are described in 662 [RFC7739]. 664 The initial, large, unfragmented packet is referred to as the 665 "original packet", and it is considered to consist of three parts, as 666 illustrated: 668 original packet: 670 +------------------+-------------------------+---//----------------+ 671 | Per-Fragment | Extension & Upper-Layer | Fragmentable | 672 | Headers | Headers | Part | 673 +------------------+-------------------------+---//----------------+ 675 The Per-Fragment Headers must consist of the IPv6 header plus any 676 extension headers that must be processed by nodes en route to the 677 destination, that is, all headers up to and including the Routing 678 header if present, else the Hop-by-Hop Options header if present, 679 else no extension headers. 681 The Extension Headers are all other extension headers that are not 682 included in the Per-Fragment headers part of the packet. For this 683 purpose, the Encapsulating Security Payload (ESP) is not 684 considered an extension header. The Upper-Layer Header is the 685 first upper-layer header that is not an IPv6 extension header. 687 Examples of upper-layer headers include TCP, UDP, IPv4, IPv6, 688 ICMPv6, and as noted ESP. 690 The Fragmentable Part consists of the rest of the packet after the 691 upper-layer header or after any header (i.e., initial IPv6 header 692 or extension header) that contains a Next Header value of No Next 693 Header. 695 The Fragmentable Part of the original packet is divided into 696 fragments. The lengths of the fragments must be chosen such that the 697 resulting fragment packets fit within the MTU of the path to the 698 packets' destination(s). Each complete fragment, except possibly the 699 last ("rightmost") one, being an integer multiple of 8 octets long. 701 The fragments are transmitted in separate "fragment packets" as 702 illustrated: 704 original packet: 706 +-----------------+-----------------+--------+--------+-//-+--------+ 707 | Per-Fragment |Ext & Upper-Layer| first | second | | last | 708 | Headers | Headers |fragment|fragment|....|fragment| 709 +-----------------+-----------------+--------+--------+-//-+--------+ 711 fragment packets: 713 +------------------+---------+-------------------+----------+ 714 | Per-Fragment |Fragment | Ext & Upper-Layer | first | 715 | Headers | Header | Headers | fragment | 716 +------------------+---------+-------------------+----------+ 718 +------------------+--------+-------------------------------+ 719 | Per-Fragment |Fragment| second | 720 | Headers | Header | fragment | 721 +------------------+--------+-------------------------------+ 722 o 723 o 724 o 725 +------------------+--------+----------+ 726 | Per-Fragment |Fragment| last | 727 | Headers | Header | fragment | 728 +------------------+--------+----------+ 730 The first fragment packet is composed of: 732 (1) The Per-Fragment Headers of the original packet, with the 733 Payload Length of the original IPv6 header changed to contain the 734 length of this fragment packet only (excluding the length of the 735 IPv6 header itself), and the Next Header field of the last header 736 of the Per-Fragment Headers changed to 44. 738 (2) A Fragment header containing: 740 The Next Header value that identifies the first header after 741 the Per-Fragment Headers of the original packet. 743 A Fragment Offset containing the offset of the fragment, in 744 8-octet units, relative to the start of the Fragmentable Part 745 of the original packet. The Fragment Offset of the first 746 ("leftmost") fragment is 0. 748 An M flag value of 1 as this is the first fragment. 750 The Identification value generated for the original packet. 752 (3) Extension Headers, if any, and the Upper-Layer header. These 753 headers must be in the first fragment. Note: This restricts the 754 size of the headers through the Upper-Layer header to the MTU of 755 the path to the packets' destinations(s). 757 (4) The first fragment. 759 The subsequent fragment packets are composed of: 761 (1) The Per-Fragment Headers of the original packet, with the 762 Payload Length of the original IPv6 header changed to contain the 763 length of this fragment packet only (excluding the length of the 764 IPv6 header itself), and the Next Header field of the last header 765 of the Per-Fragment Headers changed to 44. 767 (2) A Fragment header containing: 769 The Next Header value that identifies the first header after 770 the Per-Fragment Headers of the original packet. 772 A Fragment Offset containing the offset of the fragment, in 773 8-octet units, relative to the start of the Fragmentable part 774 of the original packet. 776 An M flag value of 0 if the fragment is the last ("rightmost") 777 one, else an M flag value of 1. 779 The Identification value generated for the original packet. 781 (3) The fragment itself. 783 Fragments must not be created that overlap with any other fragments 784 created from the original packet. 786 At the destination, fragment packets are reassembled into their 787 original, unfragmented form, as illustrated: 789 reassembled original packet: 791 +---------------+-----------------+---------+--------+-//--+--------+ 792 | Per-Fragment |Ext & Upper-Layer| first | second | | last | 793 | Headers | Headers |frag data|fragment|.....|fragment| 794 +---------------+-----------------+---------+--------+-//--+--------+ 796 The following rules govern reassembly: 798 An original packet is reassembled only from fragment packets that 799 have the same Source Address, Destination Address, and Fragment 800 Identification. 802 The Per-Fragment Headers of the reassembled packet consists of all 803 headers up to, but not including, the Fragment header of the first 804 fragment packet (that is, the packet whose Fragment Offset is 805 zero), with the following two changes: 807 The Next Header field of the last header of the Per-Fragment 808 Headers is obtained from the Next Header field of the first 809 fragment's Fragment header. 811 The Payload Length of the reassembled packet is computed from 812 the length of the Per-Fragment Headers and the length and 813 offset of the last fragment. For example, a formula for 814 computing the Payload Length of the reassembled original packet 815 is: 817 PL.orig = PL.first - FL.first - 8 + (8 * FO.last) + FL.last 819 where 820 PL.orig = Payload Length field of reassembled packet. 821 PL.first = Payload Length field of first fragment packet. 823 FL.first = length of fragment following Fragment header of 824 first fragment packet. 825 FO.last = Fragment Offset field of Fragment header of last 826 fragment packet. 827 FL.last = length of fragment following Fragment header of 828 last fragment packet. 830 The Fragmentable Part of the reassembled packet is constructed 831 from the fragments following the Fragment headers in each of 832 the fragment packets. The length of each fragment is computed 833 by subtracting from the packet's Payload Length the length of 834 the headers between the IPv6 header and fragment itself; its 835 relative position in Fragmentable Part is computed from its 836 Fragment Offset value. 838 The Fragment header is not present in the final, reassembled 839 packet. 841 If the fragment is a whole datagram (that is, both the Fragment 842 Offset field and the M flag are zero), then it does not need 843 any further reassembly and should be processed as a fully 844 reassembled packet (i.e., updating Next Header, adjust Payload 845 Length, removing the Fragmentation Header, etc.). Any other 846 fragments that match this packet (i.e., the same IPv6 Source 847 Address, IPv6 Destination Address, and Fragment Identification) 848 should be processed independently. 850 The following error conditions may arise when reassembling fragmented 851 packets: 853 o If insufficient fragments are received to complete reassembly 854 of a packet within 60 seconds of the reception of the first- 855 arriving fragment of that packet, reassembly of that packet 856 must be abandoned and all the fragments that have been received 857 for that packet must be discarded. If the first fragment 858 (i.e., the one with a Fragment Offset of zero) has been 859 received, an ICMP Time Exceeded -- Fragment Reassembly Time 860 Exceeded message should be sent to the source of that fragment. 862 o If the length of a fragment, as derived from the fragment 863 packet's Payload Length field, is not a multiple of 8 octets 864 and the M flag of that fragment is 1, then that fragment must 865 be discarded and an ICMP Parameter Problem, Code 0, message 866 should be sent to the source of the fragment, pointing to the 867 Payload Length field of the fragment packet. 869 o If the length and offset of a fragment are such that the 870 Payload Length of the packet reassembled from that fragment 871 would exceed 65,535 octets, then that fragment must be 872 discarded and an ICMP Parameter Problem, Code 0, message should 873 be sent to the source of the fragment, pointing to the Fragment 874 Offset field of the fragment packet. 876 o If the first fragment does not include all headers through an 877 Upper-Layer header, then that fragment should be discarded and 878 an ICMP Parameter Problem, Code 3, message should be sent to 879 the source of the fragment, with the Pointer field set to zero. 881 o If any of the fragments being reassembled overlaps with any 882 other fragments being reassembled for the same packet, 883 reassembly of that packet must be abandoned and all the 884 fragments that have been received for that packet must be 885 discarded and no ICMP error messages should be sent. 887 It should be noted that fragments may be duplicated in the 888 network. Instead of treating these exact duplicate fragments 889 as overlapping fragments, an implementation may choose to 890 detect this case and drop exact duplicate fragments while 891 keeping the other fragments belonging to the same packet. 893 The following conditions are not expected to occur frequently, but 894 are not considered errors if they do: 896 The number and content of the headers preceding the Fragment 897 header of different fragments of the same original packet may 898 differ. Whatever headers are present, preceding the Fragment 899 header in each fragment packet, are processed when the packets 900 arrive, prior to queueing the fragments for reassembly. Only 901 those headers in the Offset zero fragment packet are retained in 902 the reassembled packet. 904 The Next Header values in the Fragment headers of different 905 fragments of the same original packet may differ. Only the value 906 from the Offset zero fragment packet is used for reassembly. 908 Other fields in the IPv6 header may also vary across the fragments 909 being reassembled. Specifications that use these fields may 910 provide additional instructions if the basic mechanism of using 911 the values from the Offset zero fragment is not sufficient. For 912 example, Section 5.3 of [RFC3168] describes how to combine the 913 Explicit Congestion Notification (ECN) bits from different 914 fragments to derive the ECN bits of the reassembled packet. 916 4.6. Destination Options Header 918 The Destination Options header is used to carry optional information 919 that need be examined only by a packet's destination node(s). The 920 Destination Options header is identified by a Next Header value of 60 921 in the immediately preceding header, and has the following format: 923 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 924 | Next Header | Hdr Ext Len | | 925 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 926 | | 927 . . 928 . Options . 929 . . 930 | | 931 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 933 Next Header 8-bit selector. Identifies the type of header 934 immediately following the Destination Options 935 header. Uses the same values as the IPv4 936 Protocol field [IANA-PN]. 938 Hdr Ext Len 8-bit unsigned integer. Length of the 939 Destination Options header in 8-octet units, 940 not including the first 8 octets. 942 Options Variable-length field, of length such that the 943 complete Destination Options header is an 944 integer multiple of 8 octets long. Contains 945 one or more TLV-encoded options, as described 946 in section 4.2. 948 The only destination options defined in this document are the Pad1 949 and PadN options specified in section 4.2. 951 Note that there are two possible ways to encode optional destination 952 information in an IPv6 packet: either as an option in the Destination 953 Options header, or as a separate extension header. The Fragment 954 header and the Authentication header are examples of the latter 955 approach. Which approach can be used depends on what action is 956 desired of a destination node that does not understand the optional 957 information: 959 o If the desired action is for the destination node to discard 960 the packet and, only if the packet's Destination Address is not 961 a multicast address, send an ICMP Unrecognized Type message to 962 the packet's Source Address, then the information may be 963 encoded either as a separate header or as an option in the 964 Destination Options header whose Option Type has the value 11 965 in its highest-order two bits. The choice may depend on such 966 factors as which takes fewer octets, or which yields better 967 alignment or more efficient parsing. 969 o If any other action is desired, the information must be encoded 970 as an option in the Destination Options header whose Option 971 Type has the value 00, 01, or 10 in its highest-order two bits, 972 specifying the desired action (see section 4.2). 974 4.7. No Next Header 976 The value 59 in the Next Header field of an IPv6 header or any 977 extension header indicates that there is nothing following that 978 header. If the Payload Length field of the IPv6 header indicates the 979 presence of octets past the end of a header whose Next Header field 980 contains 59, those octets must be ignored, and passed on unchanged if 981 the packet is forwarded. 983 4.8. Defining New Extension Headers and Options 985 Defining new IPv6 extension headers is not recommended, unless there 986 are no existing IPv6 extension headers that can be used by specifying 987 a new option for that IPv6 extension header. A proposal to specify a 988 new IPv6 extension header must include a detailed technical 989 explanation of why an existing IPv6 extension header can not be used 990 for the desired new function. See [RFC6564] for additional 991 background information. 993 Note: New extension headers that require hop-by-hop behavior must not 994 be defined because, as specified in Section 4 of this document, the 995 only Extension Header that has hop-by-hop behavior is the Hop-by-Hop 996 Options header. 998 New hop-by-hop options are not recommended because nodes may be 999 configured to ignore the Hop-by-Hop Option header, drop packets 1000 containing a hop-by-hop header, or assign packets containing a hop- 1001 by-hop header to a slow processing path. Designers considering 1002 defining new hop-by-hop options need to be aware of this likely 1003 behaviour. There has to be a very clear justification why any new 1004 hop-by-hop option is needed before it is standardized. 1006 Instead of defining new Extension Headers, it is recommended that the 1007 Destination Options header is used to carry optional information that 1008 must be examined only by a packet's destination node(s), because they 1009 provide better handling and backward compatibility. 1011 If new Extension Headers are defined, they need to use the following 1012 format: 1014 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1015 | Next Header | Hdr Ext Len | | 1016 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 1017 | | 1018 . . 1019 . Header Specific Data . 1020 . . 1021 | | 1022 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1024 Next Header 8-bit selector. Identifies the type of 1025 header immediately following the extension 1026 header. Uses the same values as the IPv4 1027 Protocol field [IANA-PN]. 1029 Hdr Ext Len 8-bit unsigned integer. Length of the 1030 Destination Options header in 8-octet units, 1031 not including the first 8 octets. 1033 Header Specific Data Variable-length field. Fields specific to 1034 the extension header. 1036 5. Packet Size Issues 1038 IPv6 requires that every link in the internet have an MTU of 1280 1039 octets or greater. This is known as the IPv6 minimum link MTU. On 1040 any link that cannot convey a 1280-octet packet in one piece, link- 1041 specific fragmentation and reassembly must be provided at a layer 1042 below IPv6. 1044 Links that have a configurable MTU (for example, PPP links [RFC1661]) 1045 must be configured to have an MTU of at least 1280 octets; it is 1046 recommended that they be configured with an MTU of 1500 octets or 1047 greater, to accommodate possible encapsulations (i.e., tunneling) 1048 without incurring IPv6-layer fragmentation. 1050 From each link to which a node is directly attached, the node must be 1051 able to accept packets as large as that link's MTU. 1053 It is strongly recommended that IPv6 nodes implement Path MTU 1054 Discovery [RFC1981], in order to discover and take advantage of path 1055 MTUs greater than 1280 octets. However, a minimal IPv6 1056 implementation (e.g., in a boot ROM) may simply restrict itself to 1057 sending packets no larger than 1280 octets, and omit implementation 1058 of Path MTU Discovery. 1060 In order to send a packet larger than a path's MTU, a node may use 1061 the IPv6 Fragment header to fragment the packet at the source and 1062 have it reassembled at the destination(s). However, the use of such 1063 fragmentation is discouraged in any application that is able to 1064 adjust its packets to fit the measured path MTU (i.e., down to 1280 1065 octets). 1067 A node must be able to accept a fragmented packet that, after 1068 reassembly, is as large as 1500 octets. A node is permitted to 1069 accept fragmented packets that reassemble to more than 1500 octets. 1070 An upper-layer protocol or application that depends on IPv6 1071 fragmentation to send packets larger than the MTU of a path should 1072 not send packets larger than 1500 octets unless it has assurance that 1073 the destination is capable of reassembling packets of that larger 1074 size. 1076 6. Flow Labels 1078 The 20-bit Flow Label field in the IPv6 header is used by a source to 1079 label sequences of packets to be treated in the network as a single 1080 flow. 1082 The current definition of the IPv6 Flow Label can be found in 1083 [RFC6437]. 1085 7. Traffic Classes 1087 The 8-bit Traffic Class field in the IPv6 header is used by the 1088 network for traffic management. The value of the Traffic Class bits 1089 in a received packet or fragment might be different from the value 1090 sent by the packet's source. 1092 The current use of the Traffic Class field for Differentiated 1093 Services and Explicit Congestion Notification is specified in 1094 [RFC2474] and [RFC3168]. 1096 8. Upper-Layer Protocol Issues 1097 8.1. Upper-Layer Checksums 1099 Any transport or other upper-layer protocol that includes the 1100 addresses from the IP header in its checksum computation must be 1101 modified for use over IPv6, to include the 128-bit IPv6 addresses 1102 instead of 32-bit IPv4 addresses. In particular, the following 1103 illustration shows the TCP and UDP "pseudo-header" for IPv6: 1105 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1106 | | 1107 + + 1108 | | 1109 + Source Address + 1110 | | 1111 + + 1112 | | 1113 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1114 | | 1115 + + 1116 | | 1117 + Destination Address + 1118 | | 1119 + + 1120 | | 1121 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1122 | Upper-Layer Packet Length | 1123 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1124 | zero | Next Header | 1125 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1127 o If the IPv6 packet contains a Routing header, the Destination 1128 Address used in the pseudo-header is that of the final 1129 destination. At the originating node, that address will be in 1130 the last element of the Routing header; at the recipient(s), 1131 that address will be in the Destination Address field of the 1132 IPv6 header. 1134 o The Next Header value in the pseudo-header identifies the 1135 upper-layer protocol (e.g., 6 for TCP, or 17 for UDP). It will 1136 differ from the Next Header value in the IPv6 header if there 1137 are extension headers between the IPv6 header and the upper- 1138 layer header. 1140 o The Upper-Layer Packet Length in the pseudo-header is the 1141 length of the upper-layer header and data (e.g., TCP header 1142 plus TCP data). Some upper-layer protocols carry their own 1143 length information (e.g., the Length field in the UDP header); 1144 for such protocols, that is the length used in the pseudo- 1145 header. Other protocols (such as TCP) do not carry their own 1146 length information, in which case the length used in the 1147 pseudo-header is the Payload Length from the IPv6 header, minus 1148 the length of any extension headers present between the IPv6 1149 header and the upper-layer header. 1151 o Unlike IPv4, the default behavior when UDP packets are 1152 originated by an IPv6 node is that the UDP checksum is not 1153 optional. That is, whenever originating a UDP packet, an IPv6 1154 node must compute a UDP checksum over the packet and the 1155 pseudo-header, and, if that computation yields a result of 1156 zero, it must be changed to hex FFFF for placement in the UDP 1157 header. IPv6 receivers must discard UDP packets containing a 1158 zero checksum, and should log the error. 1160 o As an exception to the default behaviour, protocols that use 1161 UDP as a tunnel encapsulation may enable zero-checksum mode for 1162 a specific port (or set of ports) for sending and/or receiving. 1163 Any node implementing zero-checksum mode must follow the 1164 requirements specified in "Applicability Statement for the Use 1165 of IPv6 UDP Datagrams with Zero Checksums" [RFC6936]. 1167 The IPv6 version of ICMP [RFC4443] includes the above pseudo-header 1168 in its checksum computation; this is a change from the IPv4 version 1169 of ICMP, which does not include a pseudo-header in its checksum. The 1170 reason for the change is to protect ICMP from misdelivery or 1171 corruption of those fields of the IPv6 header on which it depends, 1172 which, unlike IPv4, are not covered by an internet-layer checksum. 1173 The Next Header field in the pseudo-header for ICMP contains the 1174 value 58, which identifies the IPv6 version of ICMP. 1176 8.2. Maximum Packet Lifetime 1178 Unlike IPv4, IPv6 nodes are not required to enforce maximum packet 1179 lifetime. That is the reason the IPv4 "Time to Live" field was 1180 renamed "Hop Limit" in IPv6. In practice, very few, if any, IPv4 1181 implementations conform to the requirement that they limit packet 1182 lifetime, so this is not a change in practice. Any upper-layer 1183 protocol that relies on the internet layer (whether IPv4 or IPv6) to 1184 limit packet lifetime ought to be upgraded to provide its own 1185 mechanisms for detecting and discarding obsolete packets. 1187 8.3. Maximum Upper-Layer Payload Size 1189 When computing the maximum payload size available for upper-layer 1190 data, an upper-layer protocol must take into account the larger size 1191 of the IPv6 header relative to the IPv4 header. For example, in 1192 IPv4, TCP's MSS option is computed as the maximum packet size (a 1193 default value or a value learned through Path MTU Discovery) minus 40 1194 octets (20 octets for the minimum-length IPv4 header and 20 octets 1195 for the minimum-length TCP header). When using TCP over IPv6, the 1196 MSS must be computed as the maximum packet size minus 60 octets, 1197 because the minimum-length IPv6 header (i.e., an IPv6 header with no 1198 extension headers) is 20 octets longer than a minimum-length IPv4 1199 header. 1201 8.4. Responding to Packets Carrying Routing Headers 1203 When an upper-layer protocol sends one or more packets in response to 1204 a received packet that included a Routing header, the response 1205 packet(s) must not include a Routing header that was automatically 1206 derived by "reversing" the received Routing header UNLESS the 1207 integrity and authenticity of the received Source Address and Routing 1208 header have been verified (e.g., via the use of an Authentication 1209 header in the received packet). In other words, only the following 1210 kinds of packets are permitted in response to a received packet 1211 bearing a Routing header: 1213 o Response packets that do not carry Routing headers. 1215 o Response packets that carry Routing headers that were NOT 1216 derived by reversing the Routing header of the received packet 1217 (for example, a Routing header supplied by local 1218 configuration). 1220 o Response packets that carry Routing headers that were derived 1221 by reversing the Routing header of the received packet IF AND 1222 ONLY IF the integrity and authenticity of the Source Address 1223 and Routing header from the received packet have been verified 1224 by the responder. 1226 9. IANA Considerations 1228 RFC2460 is referenced in a number of IANA registries. These include: 1230 o Internet Protocol Version 6 (IPv6) Parameters [IANA-6P] 1231 o Assigned Internet Protocol Numbers [IANA-PN] 1233 o ONC RPC Network Identifiers (netids) [IANA-NI] 1235 o Technical requirements for authoritative name servers [IANA-NS] 1237 o Network Layer Protocol Identifiers (NLPIDs) of Interest 1238 [IANA-NL] 1240 o Protocol Registries [IANA-PR] 1242 o Structure of Management Information (SMI) Numbers (MIB Module 1243 Registrations) [IANA-MI] 1245 The IANA should update these references to point to this document. 1247 10. Security Considerations 1249 IPv6, from the viewpoint of the basic format and transmission of 1250 packets, has security properties that are similar to IPv4. These 1251 security issues include: 1253 o Eavesdropping, On-path elements can observe the whole packet 1254 (including both contents and metadata) of each IPv6 datagram. 1255 o Replay, where attacker records a sequence of packets off of the 1256 wire and plays them back to the party which originally received 1257 them. 1258 o Packet insertion, where the attacker forges a packet with some 1259 chosen set of properties and injects it into the network. 1260 o Packet deletion, where the attacker remove a packet from the 1261 wire. 1262 o Packet modification, where the attacker removes a packet from 1263 the wire, modifies it, and re-injects it into the network. 1264 o Man in the Middle attacks, where the attacker subverts the 1265 communication stream in order to pose as the sender to receiver 1266 and the receiver to the sender. 1267 o Denial of Service Attacks, where the attacker sends large 1268 amounts of legitimate traffic to a destination to overwhelm it. 1270 IPv6 packets can be protected from eavesdropping, replay, packet 1271 insertion, packet modification, and man in the middle attacks by use 1272 of the "Security Architecture for the Internet Protocol" [RFC4301]. 1273 In addition, upper-layer protocols such as TLS or SSH can be used to 1274 protect the application layer traffic running on top of IPv6. 1276 There is not any mechanism to protect against "denial of service 1277 attacks". Defending against these type of attacks is outside the 1278 scope of this specification. 1280 IPv6 addresses are significantly larger than IPv4 address making it 1281 much harder to scan the address space across the Internet and even on 1282 a single network link (e.g., Local Area Network). See [RFC7707] for 1283 more information. 1285 IPv6 addresses of nodes are expected to be more visible on the 1286 Internet as compared with IPv4 since the use of address translation 1287 technology is reduced. This creates some additional privacy issues 1288 such as making it easier to distinguish endpoints. See [RFC7721] for 1289 more information. 1291 The design of IPv6 extension headers architecture, while adding a lot 1292 of flexibility, also creates new security challenges. As noted 1293 below, issues relating the fragment extension header have been 1294 resolved, but it's clear that for any new extension header designed 1295 in the future, the security implications need to be examined 1296 throughly, and this needs to include how the new extension header 1297 works with existing extension headers. See [RFC7045] for more 1298 information. 1300 This version of the IPv6 specification resolves a number of security 1301 issues that were found with the previous version [RFC2460] of the 1302 IPv6 specification. These include: 1304 o Revised the text to handle the case of fragments that are whole 1305 datagrams (i.e., both the Fragment Offset field and the M flag 1306 are zero). If received they should be processed as a 1307 reassembled packet. Any other fragments that match should be 1308 processed independently. The Fragment creation process was 1309 modified to not create whole datagram fragments (Fragment 1310 Offset field and the M flag are zero). See [RFC6946] and 1311 [RFC8021] for more information. 1313 o Changed the text to require that IPv6 nodes must not create 1314 overlapping fragments. Also, when reassembling an IPv6 1315 datagram, if one or more its constituent fragments is 1316 determined to be an overlapping fragment, the entire datagram 1317 (and any constituent fragments) must be silently discarded. 1318 Includes clarification that no ICMP error message should be 1319 sent if overlapping fragments are received. See [RFC5722] for 1320 more information. 1322 0 Revised the text to require that all headers through the first 1323 Upper-Layer Header are in the first fragment. See [RFC6946] 1324 for more information. 1326 o Removed the paragraph in Section 5 that required including a 1327 fragment header to outgoing packets if a ICMP Packet Too Big 1328 message reporting a Next-Hop MTU less than 1280. See [RFC7112] 1329 for more information. 1331 o Incorporated the updates from [RFC5095] and [RFC5871] to remove 1332 the description of the RH0 Routing Header, that the allocations 1333 guidelines for routing headers are specified in RFC5871, and 1334 removed RH0 Routing Header from the list of required extension 1335 headers. 1337 Security issues relating to other parts of IPv6 including addressing, 1338 ICMPv6, Path MTU Discovery, etc., are discussed in the appropriate 1339 specifications. 1341 11. Acknowledgments 1343 The authors gratefully acknowledge the many helpful suggestions of 1344 the members of the IPng working group, the End-to-End Protocols 1345 research group, and the Internet Community At Large. 1347 The authors would also like to acknowledge the authors of the 1348 updating RFCs that were incorporated in this version of the document 1349 to move the IPv6 specification to Internet Standard. They are Joe 1350 Abley, Shane Amante, Jari Arkko, Manav Bhatia, Ronald P. Bonica, 1351 Scott Bradner, Brian Carpenter, P.F. Chimento, Marshall Eubanks, 1352 Fernando Gont, James Hoagland, Sheng Jiang, Erik Kline, Suresh 1353 Krishnan, Vishwas Manral, George Neville-Neil, Jarno Rajahalme, Pekka 1354 Savola, Magnus Westerlund, and James Woodyatt. 1356 12. References 1358 12.1. Normative References 1360 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 1361 10.17487/RFC0791, September 1981, 1362 . 1364 [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, 1365 "Definition of the Differentiated Services Field (DS 1366 Field) in the IPv4 and IPv6 Headers", RFC 2474, DOI 1367 10.17487/RFC2474, December 1998, 1368 . 1370 [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition 1371 of Explicit Congestion Notification (ECN) to IP", RFC 1372 3168, DOI 10.17487/RFC3168, September 2001, 1373 . 1375 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 1376 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 1377 2006, . 1379 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 1380 Control Message Protocol (ICMPv6) for the Internet 1381 Protocol Version 6 (IPv6) Specification", RFC 4443, DOI 1382 10.17487/RFC4443, March 2006, 1383 . 1385 [RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme, 1386 "IPv6 Flow Label Specification", RFC 6437, DOI 10.17487/ 1387 RFC6437, November 2011, 1388 . 1390 12.2. Informative References 1392 [IANA-6P] "Internet Protocol Version 6 (IPv6) Parameters", 1393 . 1396 [IANA-EH] "IPv6 Extension Header Types", 1397 . 1400 [IANA-MI] "Structure of Management Information (SMI) Numbers (MIB 1401 Module Registrations)", < http://www.iana.org/assignments/ 1402 smi-numbers/smi-numbers.xhtml>. 1404 [IANA-NI] "ONC RPC Network Identifiers (netids)", 1405 . 1408 [IANA-NL] "Network Layer Protocol Identifiers (NLPIDs) of Interest", 1409 . 1411 [IANA-NS] "Technical requirements for authoritative name servers", 1412 . 1414 [IANA-PN] "Assigned Internet Protocol Numbers", 1415 . 1418 [IANA-PR] "Protocol Registries", . 1420 [IANA-RH] "IANA Routing Types Parameter Registry", 1421 . 1424 [RFC1661] Simpson, W., Ed., "The Point-to-Point Protocol (PPP)", STD 1425 51, RFC 1661, DOI 10.17487/RFC1661, July 1994, 1426 . 1428 [RFC1981] McCann, J., Deering, S., and J. Mogul, "Path MTU Discovery 1429 for IP version 6", RFC 1981, DOI 10.17487/RFC1981, August 1430 1996, . 1432 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1433 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, 1434 December 1998, . 1436 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1437 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 1438 December 2005, . 1440 [RFC4302] Kent, S., "IP Authentication Header", RFC 4302, DOI 1441 10.17487/RFC4302, December 2005, 1442 . 1444 [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 1445 4303, DOI 10.17487/RFC4303, December 2005, 1446 . 1448 [RFC5095] Abley, J., Savola, P., and G. Neville-Neil, "Deprecation 1449 of Type 0 Routing Headers in IPv6", RFC 5095, DOI 1450 10.17487/RFC5095, December 2007, 1451 . 1453 [RFC5722] Krishnan, S., "Handling of Overlapping IPv6 Fragments", 1454 RFC 5722, DOI 10.17487/RFC5722, December 2009, 1455 . 1457 [RFC5871] Arkko, J. and S. Bradner, "IANA Allocation Guidelines for 1458 the IPv6 Routing Header", RFC 5871, DOI 10.17487/RFC5871, 1459 May 2010, . 1461 [RFC6564] Krishnan, S., Woodyatt, J., Kline, E., Hoagland, J., and 1462 M. Bhatia, "A Uniform Format for IPv6 Extension Headers", 1463 RFC 6564, DOI 10.17487/RFC6564, April 2012, 1464 . 1466 [RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement 1467 for the Use of IPv6 UDP Datagrams with Zero Checksums", 1468 RFC 6936, DOI 10.17487/RFC6936, April 2013, 1469 . 1471 [RFC6946] Gont, F., "Processing of IPv6 "Atomic" Fragments", RFC 1472 6946, DOI 10.17487/RFC6946, May 2013, 1473 . 1475 [RFC7045] Carpenter, B. and S. Jiang, "Transmission and Processing 1476 of IPv6 Extension Headers", RFC 7045, DOI 10.17487/ 1477 RFC7045, December 2013, 1478 . 1480 [RFC7112] Gont, F., Manral, V., and R. Bonica, "Implications of 1481 Oversized IPv6 Header Chains", RFC 7112, DOI 10.17487/ 1482 RFC7112, January 2014, 1483 . 1485 [RFC7707] Gont, F. and T. Chown, "Network Reconnaissance in IPv6 1486 Networks", RFC 7707, DOI 10.17487/RFC7707, March 2016, 1487 . 1489 [RFC7721] Cooper, A., Gont, F., and D. Thaler, "Security and Privacy 1490 Considerations for IPv6 Address Generation Mechanisms", 1491 RFC 7721, DOI 10.17487/RFC7721, March 2016, 1492 . 1494 [RFC7739] Gont, F., "Security Implications of Predictable Fragment 1495 Identification Values", RFC 7739, DOI 10.17487/RFC7739, 1496 February 2016, . 1498 [RFC8021] Gont, F., Liu, W., and T. Anderson, "Generation of IPv6 1499 Atomic Fragments Considered Harmful", RFC 8021, DOI 1500 10.17487/RFC8021, January 2017, 1501 . 1503 Appendix A. Formatting Guidelines for Options 1505 This appendix gives some advice on how to lay out the fields when 1506 designing new options to be used in the Hop-by-Hop Options header or 1507 the Destination Options header, as described in section 4.2. These 1508 guidelines are based on the following assumptions: 1510 o One desirable feature is that any multi-octet fields within the 1511 Option Data area of an option be aligned on their natural 1512 boundaries, i.e., fields of width n octets should be placed at 1513 an integer multiple of n octets from the start of the Hop-by- 1514 Hop or Destination Options header, for n = 1, 2, 4, or 8. 1516 o Another desirable feature is that the Hop-by-Hop or Destination 1517 Options header take up as little space as possible, subject to 1518 the requirement that the header be an integer multiple of 8 1519 octets long. 1521 o It may be assumed that, when either of the option-bearing 1522 headers are present, they carry a very small number of options, 1523 usually only one. 1525 These assumptions suggest the following approach to laying out the 1526 fields of an option: order the fields from smallest to largest, with 1527 no interior padding, then derive the alignment requirement for the 1528 entire option based on the alignment requirement of the largest field 1529 (up to a maximum alignment of 8 octets). This approach is 1530 illustrated in the following examples: 1532 Example 1 1534 If an option X required two data fields, one of length 8 octets and 1535 one of length 4 octets, it would be laid out as follows: 1537 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1538 | Option Type=X |Opt Data Len=12| 1539 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1540 | 4-octet field | 1541 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1542 | | 1543 + 8-octet field + 1544 | | 1545 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1547 Its alignment requirement is 8n+2, to ensure that the 8-octet field 1548 starts at a multiple-of-8 offset from the start of the enclosing 1549 header. A complete Hop-by-Hop or Destination Options header 1550 containing this one option would look as follows: 1552 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1553 | Next Header | Hdr Ext Len=1 | Option Type=X |Opt Data Len=12| 1554 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1555 | 4-octet field | 1556 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1557 | | 1558 + 8-octet field + 1559 | | 1560 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1562 Example 2 1564 If an option Y required three data fields, one of length 4 octets, 1565 one of length 2 octets, and one of length 1 octet, it would be laid 1566 out as follows: 1568 +-+-+-+-+-+-+-+-+ 1569 | Option Type=Y | 1570 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1571 |Opt Data Len=7 | 1-octet field | 2-octet field | 1572 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1573 | 4-octet field | 1574 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1576 Its alignment requirement is 4n+3, to ensure that the 4-octet field 1577 starts at a multiple-of-4 offset from the start of the enclosing 1578 header. A complete Hop-by-Hop or Destination Options header 1579 containing this one option would look as follows: 1581 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1582 | Next Header | Hdr Ext Len=1 | Pad1 Option=0 | Option Type=Y | 1583 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1584 |Opt Data Len=7 | 1-octet field | 2-octet field | 1585 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1586 | 4-octet field | 1587 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1588 | PadN Option=1 |Opt Data Len=2 | 0 | 0 | 1589 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1591 Example 3 1593 A Hop-by-Hop or Destination Options header containing both options X 1594 and Y from Examples 1 and 2 would have one of the two following 1595 formats, depending on which option appeared first: 1597 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1598 | Next Header | Hdr Ext Len=3 | Option Type=X |Opt Data Len=12| 1599 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1600 | 4-octet field | 1601 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1602 | | 1603 + 8-octet field + 1604 | | 1605 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1606 | PadN Option=1 |Opt Data Len=1 | 0 | Option Type=Y | 1607 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1608 |Opt Data Len=7 | 1-octet field | 2-octet field | 1609 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1610 | 4-octet field | 1611 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1612 | PadN Option=1 |Opt Data Len=2 | 0 | 0 | 1613 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1615 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1616 | Next Header | Hdr Ext Len=3 | Pad1 Option=0 | Option Type=Y | 1617 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1618 |Opt Data Len=7 | 1-octet field | 2-octet field | 1619 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1620 | 4-octet field | 1621 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1622 | PadN Option=1 |Opt Data Len=4 | 0 | 0 | 1623 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1624 | 0 | 0 | Option Type=X |Opt Data Len=12| 1625 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1626 | 4-octet field | 1627 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1628 | | 1629 + 8-octet field + 1630 | | 1631 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1633 Appendix B. Changes Since RFC2460 1635 This memo has the following changes from RFC2460. 1637 o Removed IP Next Generation from the Abstract. 1639 o Added text in Section 1 that the Data Transmission Order is the 1640 same as IPv4 as defined in RFC791. 1642 o Clarified the text in Section 3 about decrementing the hop limit. 1644 o Clarification that extension headers (except for the hop-by-hop 1645 options header) are not processed, inserted, or deleted by any 1646 node along a packet's delivery path. 1648 o Changed requirement for the Hop-by-Hop Options header to a may, 1649 and added a note to indicate what is expected regarding the Hop- 1650 by-Hop Options header. 1652 o Added paragraph to Section 4 to clarify how Extension Headers are 1653 numbered and which are upper-layer headers. 1655 o Add reference to the end of Section 4 to IPv6 Extension Header 1656 IANA registry. 1658 o Incorporate the updates from RFC5095 and RFC5871 to remove the 1659 description of the RH0 Routing Header, that the allocations 1660 guidelines for routing headers are specified in RFC5871, and 1661 removed RH0 Routing Header from the list of required extension 1662 headers. 1664 o Revised Section 4.5 on IPv6 Fragmentation based on updates from 1665 RFC5722, RFC6946 RFC7112, and RFC8021. This include: 1667 - Revised the text to handle the case of fragments that are whole 1668 datagrams (i.e., both the Fragment Offset field and the M flag 1669 are zero). If received they should be processed as a 1670 reassembled packet. Any other fragments that match should be 1671 processed independently. The revised Fragment creation process 1672 was modified to not create whole datagram fragments (Fragment 1673 Offset field and the M flag are zero). 1675 - Changed the text to require that IPv6 nodes must not create 1676 overlapping fragments. Also, when reassembling an IPv6 1677 datagram, if one or more its constituent fragments is 1678 determined to be an overlapping fragment, the entire datagram 1679 (and any constituent fragments) must be silently discarded. 1680 Includes a clarification that no ICMP error message should be 1681 sent if overlapping fragments are received. 1683 - Revised the text to require that all headers through the first 1684 Upper-Layer Header are in the first fragment. This changed the 1685 text describing how packets are fragmented and reassembled, and 1686 added a new error case. 1688 - Added text to Fragment Header process on handling exact 1689 duplicate fragments. 1691 - Updated the Fragmentation header text to correct the inclusion 1692 of AH and note no next header case. 1694 - Change terminology in Fragment header section from 1695 "Unfragmentable Headers" to "Per-Fragment Headers". 1697 - Removed the paragraph in Section 5 that required including a 1698 fragment header to outgoing packets if a ICMP Packet Too Big 1699 message reporting a Next-Hop MTU less than 1280. 1701 - Changed the text to clarify MTU restriction and 8-byte 1702 restrictions, and noting the restriction on headers in first 1703 fragment. 1705 o In Section 4.5 added clarification noting that some fields in the 1706 IPv6 header may also vary across the fragments being reassembled 1707 and that other specifications may provide additional instructions 1708 for how they should be reassembled. For example, Section 5.3 of 1709 [RFC3168]. 1711 o Incorporated the update from RFC6564 to add a new Section 4.8 that 1712 describes recommendations for defining new Extension headers and 1713 options. 1715 o Added text to Section 5 to define "IPv6 minimum link MTU". 1717 o Simplify the text in Section 6 about Flow Labels and remove 1718 Appendix A, and instead point to the current specifications of the 1719 IPv6 Flow Label field as defined in [RFC6437] and the Traffic 1720 Class as defined in [RFC2474] and [RFC3168]. 1722 o Incorporate the update in made by RFC6935 "UDP Checksums for 1723 Tunneled Packets" in Section 8. Added an exception to the default 1724 behaviour for the handling of handling UDP packets with zero 1725 checksums for tunnels. 1727 o Add instruction to Section 9 "IANA Considerations" to change 1728 references to RFC2460 to this document 1730 o Revised and expanded Section 10 "Security Considerations". 1732 o Add a paragraph to the acknowledgement section acknowledging the 1733 authors of the updating documents 1735 o Update references to current versions and assign references to 1736 normative and informative. 1738 o Changes to resolve the open Errata on RFC2460. These are: 1740 Errata ID: 2541: This errata notes that RFC2460 didn't update 1741 RFC2205 when the length of the Flow Label was changed from 24 1742 to 20 bits from RFC1883. This issue was resolved in RFC6437 1743 where the Flow Label is defined. This draft now references 1744 RFC6437. No change is required. 1746 Errata ID: 4279: This errata noted that the specification 1747 doesn't handle the case of a forwarding node receiving a packet 1748 with a zero Hop Limit. This is fixed in Section 3 of this 1749 draft. 1751 Errata ID: 2843: This errata is marked rejected. No change was 1752 made. 1754 B.1. Change History Since RFC2460 1756 NOTE TO RFC EDITOR: Please remove this subsection prior to RFC 1757 Publication 1759 This section describes change history made in each Internet Draft 1760 that went into producing this version. The numbers identify the 1761 Internet-Draft version in which the change was made. 1763 Working Group Internet Drafts 1765 13) Added link to reference to RFC6564 in Section 4.8. 1767 13) Added text to Section 5 to define "IPv6 minimum link MTU". 1769 13) Editorial changes. 1771 12) Editorial changes (remove old duplicate paragraph). 1773 11) In Section 4.5 added clarification noting that some fields in 1774 the IPv6 header may also vary across the fragments being 1775 reassembled and that other specifications may provide 1776 additional instructions for how they should be reassembled. 1777 For example, Section 5.3 of [RFC3168]. 1779 11) In Section 4 restructured text including separated behaviors 1780 of extension headers and the hop-by-hop option header, 1781 removed "examine" from first paragraph about extension 1782 headers, and removed reference to RFC7045 because "examine" 1783 was removed (RFC7045 is referenced in Security 1784 Considerations). Also removed "including the source and 1785 destination nodes" from paragraph about the hop-by-hop 1786 options header. 1788 11) Revised Section 4.8 to make it closer to the update done by 1789 RFC6554 that updated it and reordered the paragraphs. 1791 11) Reordered items in Appendix B "Changes Since RFC2460" to 1792 match the order of the document. 1794 11) Editorial changes. 1796 10) Revised and expanded Security Consideration Section based on 1797 IESG Discuss comments. 1799 10) Editorial changes. 1801 09) Based on results of IETF last call, changed text in Section 4 1802 to add clarification that extension headers are not examined, 1803 processed, inserted, or deleted by any node along a packet's 1804 delivery path. 1806 09) Changed reference from draft-ietf-6man-rfc4291bis to RFC4291 1807 because the bis draft won't be advanced as the same time. 1809 09) Revised "Changes since RFC2460" Section to have a summary of 1810 changes since RFC2460 and a separate subsection with a change 1811 history of each Internet Draft. This subsection will be 1812 removed when the RFC is published. 1814 09) Editorial changes. 1816 08) Revised header insertion text in Section 4 based on the 1817 results of w.g. survey that concluded to describe the 1818 problems with header insertion. 1820 08) Editorial changes. 1822 07) Expanded Security Considerations section to include both 1823 IPsec and encryption at higher levels in the protocol stack 1824 as ways to mitigate IP level security issues. 1826 07) Added paragraph to Section 4 to clarify how Extension Headers 1827 are numbered and which are upper-layer headers. 1829 07) Moved the text regarding network duplicated fragments to the 1830 received fragment error section. 1832 07) Added clarification that no ICMP error message should be sent 1833 if overlapping fragments are received. 1835 07) Revised the text in Section 4.8 regarding new hop-by-hop 1836 options and new Extension headers to be closer to the -05 1837 version. 1839 07) Added additional registries to the IANA Considerations 1840 section that IANA needs to update. 1842 07) Editorial changes. 1844 06) Added the Routing Header to the list required extension 1845 headers that a full implementation includes. 1847 06) Moved the text in Section 4.5 regarding the handling of 1848 received overlapping fragments to the list of error 1849 conditions 1851 06) Rewrote the text in Section 4.8 "Defining New Extension 1852 Headers and Options" to be clearer and remove redundant text. 1854 06) Editorial changes. 1856 05) Changed requirement for the Hop-by-Hop Options header from a 1857 should to a may, and added a note to indicate what is 1858 expected. 1860 05) Corrected reference to point to draft-ietf-6man-rfc4291bis 1861 instead of draft-hinden-6man-rfc4291bis. 1863 05) Change to text regarding not inserting extension headers to 1864 cite using encapsulation as an example. 1866 04) Changed text discussing Fragment ID selection to refer to 1867 RFC7739 for example algorithms. 1869 04) Editorial changes. 1871 03) Clarified the text about decrementing the hop limit. 1873 03) Removed IP Next Generation from the Abstract. 1875 03) Add reference to the end of Section 4 to IPv6 Extension 1876 Header IANA registry. 1878 03) Editorial changes. 1880 02) Added text to Section 4.8 "Defining New Extension Headers and 1881 Options" clarifying why no new hop by hop extension headers 1882 should be defined. 1884 02) Added text to Fragment Header process on handling exact 1885 duplicate fragments. 1887 02) Editorial changes. 1889 01) Added text that Extension headers must never be inserted by 1890 any node other than the source of the packet. 1892 01) Change "must" to "should" in Section 4.3 on the Hop-by-Hop 1893 header. 1895 01) Added text that the Data Transmission Order is the same as 1896 IPv4 as defined in RFC791. 1898 01) Updated the Fragmentation header text to correct the 1899 inclusion of AH and note no next header case. 1901 01) Change terminology in Fragment header section from 1902 "Unfragmentable Headers" to "Per-Fragment Headers". 1904 01) Removed paragraph in Section 5 that required including a 1905 fragment header to outgoing packets if a ICMP Packet Too Big 1906 message reporting a Next-Hop MTU less than 1280. This is 1907 based on the update in RFC8021. 1909 01) Changed to Fragmentation Header section to clarify MTU 1910 restriction and 8-byte restrictions, and noting the 1911 restriction on headers in first fragment. 1913 01) Editorial changes. 1915 00) Add instruction to the IANA to change references to RFC2460 1916 to this document 1918 00) Add a paragraph to the acknowledgement section acknowledging 1919 the authors of the updating documents 1921 00) Remove old paragraph in Section 4 that should have been 1922 removed when incorporating the update from RFC7045. 1924 00) Editorial changes. 1926 Individual Internet Drafts 1927 07) Update references to current versions and assign references 1928 to normative and informative. 1930 07) Editorial changes. 1932 06) The purpose of this draft is to incorporate the updates 1933 dealing with Extension headers as defined in RFC6564, 1934 RFC7045, and RFC7112. The changes include: 1936 RFC6564: Added new Section 4.8 that describe 1937 recommendations for defining new Extension headers and 1938 options 1940 RFC7045: The changes were to add a reference to RFC7045, 1941 change the requirement for processing the hop-by-hop 1942 option to a should, and added a note that due to 1943 performance restrictions some nodes won't process the Hop- 1944 by-Hop Option header. 1946 RFC7112: The changes were to revise the Fragmentation 1947 Section (Section 4.5) to require that all headers through 1948 the first Upper-Layer Header are in the first fragment. 1949 This changed the text describing how packets are 1950 fragmented and reassembled and added a new error case. 1952 06) Editorial changes. 1954 05) The purpose of this draft is to incorporate the updates 1955 dealing with fragmentation as defined in RFC5722 and RFC6946. 1956 Note: The issue relating to the handling of exact duplicate 1957 fragments identified on the mailing list is left open. 1959 05) Fix text in the end of Section 4 to correct the number of 1960 extension headers defined in this document. 1962 05) Editorial changes. 1964 04) The purpose of this draft is to update the document to 1965 incorporate the update made by RFC6935 "UDP Checksums for 1966 Tunneled Packets". 1968 04) Remove Routing (Type 0) header from the list of required 1969 extension headers. 1971 04) Editorial changes. 1973 03) The purpose of this draft is to update the document for the 1974 deprecation of the RH0 Routing Header as specified in RFC5095 1975 and the allocations guidelines for routing headers as 1976 specified in RFC5871. Both of these RFCs updated RFC2460. 1978 02) The purpose of this version of the draft is to update the 1979 document to resolve the open Errata on RFC2460. 1981 Errata ID: 2541: This errata notes that RFC2460 didn't 1982 update RFC2205 when the length of the Flow Label was 1983 changed from 24 to 20 bits from RFC1883. This issue was 1984 resolved in RFC6437 where the Flow Label is defined. This 1985 draft now references RFC6437. No change is required. 1987 Errata ID: 4279: This errata noted that the specification 1988 doesn't handle the case of a forwarding node receiving a 1989 packet with a zero Hop Limit. This is fixed in Section 3 1990 of this draft. Note: No change was made regarding host 1991 behaviour. 1993 Errata ID: 2843: This errata is marked rejected. No 1994 change is required. 1996 02) Editorial changes to the Flow Label and Traffic Class text. 1998 01) The purpose of this version of the draft is to update the 1999 document to point to the current specifications of the IPv6 2000 Flow Label field as defined in [RFC6437] and the Traffic 2001 Class as defined in [RFC2474] and [RFC3168]. 2003 00) The purpose of this version is to establish a baseline from 2004 RFC2460. The only intended changes are formatting (XML is 2005 slightly different from .nroff), differences between an RFC 2006 and Internet Draft, fixing a few ID Nits, and updates to the 2007 authors information. There should not be any content changes 2008 to the specification. 2010 Authors' Addresses 2012 Stephen E. Deering 2013 Retired 2014 Vancouver, British Columbia 2015 Canada 2017 Robert M. Hinden 2018 Check Point Software 2019 959 Skyway Road 2020 San Carlos, CA 94070 2021 USA 2023 Email: bob.hinden@gmail.com