idnits 2.17.1 

draft-ietf-ngtrans-isatap-10.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  == There are 1 instance of lines with non-RFC3849-compliant IPv6 addresses
     in the document.  If these are example addresses, they should be changed.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords. 

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (January 03, 2002) is 8148 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Looks like a reference, but probably isn't: 'NTL' on line 245

  -- Looks like a reference, but probably isn't: 'STL' on line 245

  -- Looks like a reference, but probably isn't: 'Length' on line 254

  == Unused Reference: '18' is defined on line 701, but no explicit reference
     was found in the text

  ** Obsolete normative reference: RFC 2460 (ref. '1') (Obsoleted by RFC 8200)

  ** Obsolete normative reference: RFC 1631 (ref. '4') (Obsoleted by RFC 3022)

  ** Obsolete normative reference: RFC 2461 (ref. '6') (Obsoleted by RFC 4861)

  -- Unexpected draft version: The latest known version of 
     draft-ietf-ipngwg-addr-arch-v3 is -10, but you're referring to -11.

  -- Possible downref: Normative reference to a draft: ref. '9' 

  ** Obsolete normative reference: RFC 2463 (ref. '10') (Obsoleted by RFC
     4443)

  ** Obsolete normative reference: RFC 1981 (ref. '11') (Obsoleted by RFC
     8201)

  ** Obsolete normative reference: RFC 2462 (ref. '14') (Obsoleted by RFC
     4862)

  -- Obsolete informational reference (is this intentional?): RFC 3041 (ref.
     '22') (Obsoleted by RFC 4941)


     Summary: 7 errors (**), 0 flaws (~~), 5 warnings (==), 8 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	NGTRANS Working Group                                         F. Templin
3	Internet-Draft                                                     Nokia
4	Expires: July 4, 2002                                         T. Gleeson
5	                                                      Cisco Systems K.K.
6	                                                               M. Talwar
7	                                                               D. Thaler
8	                                                   Microsoft Corporation
9	                                                        January 03, 2002

11	        Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
12	                    draft-ietf-ngtrans-isatap-10.txt

14	Status of this Memo

16	   This document is an Internet-Draft and is in full conformance with
17	   all provisions of Section 10 of RFC2026.

19	   Internet-Drafts are working documents of the Internet Engineering
20	   Task Force (IETF), its areas, and its working groups.  Note that
21	   other groups may also distribute working documents as
22	   Internet-Drafts.

24	   Internet-Drafts are draft documents valid for a maximum of six months
25	   and may be updated, replaced, or obsoleted by other documents at any
26	   time.  It is inappropriate to use Internet-Drafts as reference
27	   material or to cite them other than as "work in progress."

29	   The list of current Internet-Drafts can be accessed at http://
30	   www.ietf.org/ietf/1id-abstracts.txt.

32	   The list of Internet-Draft Shadow Directories can be accessed at
33	   http://www.ietf.org/shadow.html.

35	   This Internet-Draft will expire on July 4, 2002.

37	Copyright Notice

39	   Copyright (C) The Internet Society (2002).  All Rights Reserved.

41	Abstract

43	   This document specifies an Intra-Site Automatic Tunnel Addressing
44	   Protocol (ISATAP) that connects IPv6 hosts and routers within IPv4
45	   sites.  ISATAP treats the site's IPv4 infrastructure as a link layer
46	   for IPv6 with no requirement for IPv4 multicast.  ISATAP enables
47	   intra-site automatic IPv6-in-IPv4 tunneling whether globally assigned
48	   or private IPv4 addresses are used.

50	Table of Contents

52	   1.    Introduction . . . . . . . . . . . . . . . . . . . . . . . .  3
53	   2.    Applicability Statement  . . . . . . . . . . . . . . . . . .  3
54	   3.    Requirements . . . . . . . . . . . . . . . . . . . . . . . .  3
55	   4.    Terminology  . . . . . . . . . . . . . . . . . . . . . . . .  4
56	   5.    Non-Broadcast, Multiple Access (NBMA) Operation  . . . . . .  4
57	   5.1   Multicast  . . . . . . . . . . . . . . . . . . . . . . . . .  5
58	   5.2   Interface Identifiers and Address Construction . . . . . . .  5
59	   5.3   ISATAP Link/Interface Configuration  . . . . . . . . . . . .  5
60	   5.4   Link Layer Address Options . . . . . . . . . . . . . . . . .  6
61	   6.    Automatic Tunneling  . . . . . . . . . . . . . . . . . . . .  6
62	   6.1   Dual IP Layer Operation  . . . . . . . . . . . . . . . . . .  6
63	   6.2   Encapsulation  . . . . . . . . . . . . . . . . . . . . . . .  6
64	   6.3   Tunnel MTU and Fragmentation . . . . . . . . . . . . . . . .  7
65	   6.4   Handling IPv4 ICMP Errors  . . . . . . . . . . . . . . . . .  8
66	   6.5   Local-Use IPv6 Unicast Addresses . . . . . . . . . . . . . .  8
67	   6.6   Ingress Filtering  . . . . . . . . . . . . . . . . . . . . .  8
68	   7.    Neighbor Discovery for ISATAP Links  . . . . . . . . . . . .  8
69	   7.1   Address Resolution . . . . . . . . . . . . . . . . . . . . .  9
70	   7.2   Router and Prefix Discovery  . . . . . . . . . . . . . . . .  9
71	   7.2.1 Conceptual Data Structures . . . . . . . . . . . . . . . . .  9
72	   7.2.2 Validity Checks for Router Advertisements  . . . . . . . . . 10
73	   7.2.3 Router Specification . . . . . . . . . . . . . . . . . . . . 11
74	   7.2.4 Host Specification . . . . . . . . . . . . . . . . . . . . . 11
75	   8.    ISATAP Deployment Considerations . . . . . . . . . . . . . . 12
76	   8.1   Host And Router Deployment Considerations  . . . . . . . . . 12
77	   8.2   Site Administration Considerations . . . . . . . . . . . . . 12
78	   9.    IANA Considerations  . . . . . . . . . . . . . . . . . . . . 13
79	   10.   Security considerations  . . . . . . . . . . . . . . . . . . 13
80	   11.   Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14
81	         Normative References . . . . . . . . . . . . . . . . . . . . 14
82	         Informative References . . . . . . . . . . . . . . . . . . . 15
83	         Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 16
84	   A.    Major Changes  . . . . . . . . . . . . . . . . . . . . . . . 17
85	   B.    Rationale for Interface Identifier Construction  . . . . . . 18
86	   C.    Dynamic Per-neighbor MTU Discovery . . . . . . . . . . . . . 19
87	         Intellectual Property and Copyright Statements . . . . . . . 21

89	1. Introduction

91	   This document presents a simple approach that enables incremental
92	   deployment of IPv6 [1] within IPv4-based [2] sites.  We refer to this
93	   approach as the Intra-Site Automatic Tunnel Addressing Protocol
94	   (ISATAP).  ISATAP allows dual-stack nodes that do not share a
95	   physical link with an IPv6 router to automatically tunnel packets to
96	   the IPv6 next-hop address through IPv4, i.e., the site's IPv4
97	   infrastructure is treated as a link layer for IPv6.

99	   This document specifies details for the operation of IPv6 over ISATAP
100	   links (i.e., automatic IPv6-in-IPv4 tunneling), including an
101	   interface identifier format that embeds an IPv4 address.  This format
102	   supports IPv6 protocol mechanisms for address configuration as well
103	   as simple link-layer address mapping.  Also specified in this
104	   document is the operation of IPv6 Neighbor Discovery for ISATAP.  The
105	   document finally presents deployment and security considerations.

107	2. Applicability Statement

109	   ISATAP provides the following features:

111	   o  treats site's IPv4 infrastructure as a link layer for IPv6 using
112	      automatic IPv6-in-IPv4 tunneling (i.e., no configured tunnel
113	      state)

115	   o  enables incremental deployment of IPv6 hosts within IPv4 sites
116	      with no aggregation scaling issues at border gateways

118	   o  requires no special IPv4 services within the site (e.g.,
119	      multicast)

121	   o  supports both stateless address autoconfiguration and manual
122	      configuration

124	   o  supports networks that use non-globally unique IPv4 addresses
125	      (e.g., when private address allocations [3] are used), but does
126	      not allow the virtual ISATAP link to span a Network Address
127	      Translator [4]

129	   o  compatible with other NGTRANS mechanisms (e.g., 6to4 [19])

131	3. Requirements

133	   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
134	   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
135	   document, are to be interpreted as described in [5].

137	   This document also makes use of internal conceptual variables to
138	   describe protocol behavior and external variables that an
139	   implementation must allow system administrators to change.  The
140	   specific variable names, how their values change, and how their
141	   settings influence protocol behavior are provided to demonstrate
142	   protocol behavior.  An implementation is not required to have them in
143	   the exact form described here, so long as its external behavior is
144	   consistent with that described in this document.

146	4. Terminology

148	   The terminology of RFC 2460 [1] applies to this document.  The
149	   following additional terms are defined:

151	   link, on-link, off-link:
152	      same definitions as ([6], section 2.1).

154	   underlying link:
155	      a link layer that supports IPv4 (for ISATAP), and MAY also support
156	      IPv6 natively.

158	   ISATAP link:
159	      one or more underlying links used for tunneling.  The IPv4 network
160	      layer addresses of the underlying links are used as link-layer
161	      addresses on the ISATAP link.

163	   ISATAP interface:
164	      a node's attachment to an ISATAP link.

166	   ISATAP address:
167	      an on-link address on an ISATAP interface and with an interface
168	      identifier constructed as specified in Section 5.2

170	   ISATAP router:
171	      an IPv6 node that has an ISATAP interface over which it forwards
172	      packets not explicitly addressed to itself.

174	   ISATAP host:
175	      any node that has an ISATAP interface and is not an ISATAP router.

177	5. Non-Broadcast, Multiple Access (NBMA) Operation

179	   ISATAP links transmit IPv6 packets via automatic tunnels using the
180	   site's IPv4 infrastructure as a link layer for IPv6, i.e., IPv6
181	   treats the site's IPv4 infrastructure as a Non-Broadcast, Multiple
182	   Access (NBMA) link layer.  RFC 2491 [7] provides a general
183	   architecture for IPv6 over NBMA networks that forms the basis for
184	   companion documents such as the present.  The following subsections
185	   present NBMA considerations for IPv6 on ISATAP links:

187	5.1 Multicast

189	   ISATAP links most closely meet the description for connectionless
190	   service found in the last paragraph of ([7], section 1), i.e., ISATAP
191	   addresses provide the sender with an NBMA destination address to
192	   which it can transmit packets whenever it desires.  Thus, multicast
193	   emulation mechanisms are not required to support host-side operation
194	   of the IPv6 neighbor discovery protocol.

196	5.2 Interface Identifiers and Address Construction

198	   ([7], section 5.1) requires companion documents to specify the exact
199	   mechanism for generating interface tokens (i.e., identifiers).
200	   Interface identifiers for ISATAP are compatible with the EUI-64
201	   identifier format ([8], section 2.5.1), and are constructed by
202	   appending an IPv4 address on the ISATAP link to the 32-bit string
203	   '00-00-5E-FE'.  (Appendix B includes non-normative text explaining
204	   the rationale for this construction rule.)

206	   Global and Local-use ISATAP addresses are constructed as follows:

208	    |           64 bits            |     32 bits   |    32 bits     |
209	    +------------------------------+---------------+----------------+
210	    | global or local-use unicast  |   0000:5EFE   |  IPv4 Address  |
211	    |            prefix            |               | of ISATAP link |
212	    +------------------------------+---------------+----------------+

214	                                Figure 1

216	   For example, the global unicast address:

218	      3FFE:1A05:510:1111:0:5EFE:8CAD:8108

220	   has a prefix of '3FFE:1A05:510:1111::/64' and an ISATAP interface
221	   identifier with embedded IPv4 address: '140.173.129.8'.  The address
222	   is alternately written as:

224	      3FFE:1A05:510:1111:0:5EFE:140.173.129.8

226	   Examples for local-use addresses are obvious from the above and with
227	   reference to ([8], section 2.5.6).

229	5.3 ISATAP Link/Interface Configuration

231	   ISATAP Link/Interface configuration is consistent with ([7], sections
232	   5.1.1 and 5.1.2).

234	   An ISATAP link consists of one or more underlying links that support
235	   IPv4 for tunneling within a site.  ISATAP interfaces are configured
236	   over ISATAP links; each IPv4 address assigned to an underlying link
237	   is seen as a link-layer address for ISATAP.

239	5.4 Link Layer Address Options

241	   ([7], section 5.2) requires companion documents to specify the
242	   contents of the [NTL], [STL], [NBMA Number] and [NBMA Subaddress]
243	   fields for link layer address options.  For ISATAP links:

245	   o  the [NTL] and [STL] fields MUST be zero

247	   o  the [NBMA Number] encodes a 4-octet IPv4 address

249	   o  the [NBMA Subaddress] field is omitted

251	   ([7], section 5.2) does NOT require companion documents to specify
252	   the value for [Length], i.e., the total length of the option in 8
253	   octets.  Senders may therefore set [Length] to any value between 1
254	   and 255; when [Length] is greater than 1, receivers treat any bytes
255	   that follow the [NBMA Number] as null-padding.

257	6. Automatic Tunneling

259	   The common tunneling mechanisms specified in ([9], sections 2 and 3)
260	   are used, with the following noted specific considerations for
261	   ISATAP:

263	6.1 Dual IP Layer Operation

265	   ISATAP uses the same specification found in ([9], section 2).  That
266	   is, ISATAP nodes provide complete IPv4 and IPv6 implementations and
267	   are able to send and receive both IPv4 and IPv6 packets.  ISATAP
268	   nodes operate with both their IPv4 and IPv6 stacks enabled.

270	   Address configuration considerations are the same as for ([9],
271	   section 2.1).  Additionally, ISATAP nodes require that IPv4 address
272	   configuration take place on at least one underlying link prior to
273	   IPv6 address configuration on an ISATAP link.

275	   DNS considerations are the same as ([9], sections 2.2 and 2.3).

277	6.2 Encapsulation

279	   The specification in ([9], section 3.1) is used.  Additionally, the
280	   IPv6 next-hop address for packets sent on an ISATAP link MUST be an
281	   ISATAP address; other packets are discarded and an ICMPv6 destination
282	   unreachable indication with code 3 (Address Unreachable) [10] is
283	   returned to the source.

285	6.3 Tunnel MTU and Fragmentation

287	   The specification in ([9], section 3.2) is NOT used; the
288	   specification in this section is used instead.

290	   ISATAP uses automatic tunnel interfaces that may be configured over
291	   multiple underlying links with diverse maximum transmission units
292	   (MTUs).  The minimum MTU for IPv6 interfaces is 1280 bytes ([1],
293	   Section 5), but the following considerations for the MTU of ISATAP
294	   interfaces apply:

296	   o  Nearly all IPv4 nodes connect to physical links with MTUs of 1500
297	      bytes or larger (e.g., Ethernet)

299	   o  Sub-IPv4 layer encapsulations (e.g., VPN) may occur on some paths

301	   o  Commonly-deployed VPNs use an MTU of 1400 bytes

303	   Unless a dynamic per-neighbor MTU discovery mechanism is implemented,
304	   ISATAP interfaces MUST use an MTU (ISATAP_MTU) of no more than 1380
305	   bytes (1400 minus 20 bytes for IPv4 encapsulation) to maximize
306	   efficiency and minimize IPv4 fragmentation for the predominant
307	   deployment case.  ISATAP_MTU MAY be set to a larger value when the
308	   encapsulator implements a dynamic per-neighbor MTU discovery
309	   mechanism, but this value SHOULD NOT exceed the largest MTU of all
310	   underlying links (minus 20 bytes for IPv4 encapsulation).  Appendix C
311	   provides non-normative considerations for dynamic per-neighbor MTU
312	   discovery.

314	   The network layer (IPv6) forwards packets of size ISATAP_MTU or
315	   smaller to the ISATAP interface.  All other packets are dropped, and
316	   an ICMPv6 "packet too big" message with MTU = ISATAP_MTU is returned
317	   to the source [11].  The ISATAP link layer encapsulates packets of
318	   size 1380 bytes or smaller with the Don't Fragment (DF) bit NOT set
319	   in the encapsualting IPv4 header.

321	   Nodes that configure ISATAP interfaces MUST have IPv4 reassembly
322	   buffers large enough to receive packets with the DF bit not set in
323	   the encapsulating IPv4 header.  RFC 1122 [12], section 3.3.2
324	   specifies that the Effective MTU to Receive (EMTU_R) for IPv4 nodes:

326	      "...MUST be greater than or equal to 576, SHOULD be either
327	      configurable or indefinite, and SHOULD be greater than or equal to
328	      the MTU of the connected network(s)".

330	   With reference to this specification, the EMTU_R for nodes that
331	   configure ISATAP interfaces MUST be greater than or equal to 1500
332	   bytes (i.e., the predominant deployment case for connected IPv4
333	   networks) and SHOULD be either configurable or indefinite.

335	6.4 Handling IPv4 ICMP Errors

337	   The specification in ([9], section 3.4) MAY be used.  IPv4 ICMP
338	   errors and ARP failures are otherwise processed as link error
339	   notifications.

341	6.5 Local-Use IPv6 Unicast Addresses

343	   The specification in ([9], section 3.7) is NOT used.  Instead, local
344	   use IPv6 unicast addresses are formed exactly as specified in ([8],
345	   section 2.5.6).

347	6.6 Ingress Filtering

349	   The specification in ([9], section 3.9) is used on ISATAP router
350	   interfaces.  (ISATAP host interfaces silently discard any packets
351	   received with a foreign IPv6 destination address, i.e., an address
352	   not configured on the local IPv6 stack.)

354	   Additionally, packets received on ISATAP host and router interfaces
355	   MUST satisfy at least one (i.e., one or both) of the following
356	   validity checks:

358	   o  the network-layer (IPv6) source address is an on-link ISATAP
359	      address with an interface identifier that embeds the link-layer
360	      (IPv4) source address

362	   o  the link-layer (IPv4) source address is in the Potential Routers
363	      List (see Section 7.2.1)

365	   Packets that do not satisfy the above conditions are silently
366	   discarded.

368	7. Neighbor Discovery for ISATAP Links

370	   RFC 2461 [6] provides the following guidelines for non-broadcast
371	   multiple access (NBMA) link support:

373	      "Redirect, Neighbor Unreachability Detection and next-hop
374	      determination should be implemented as described in this document.
375	      Address resolution and the mechanism for delivering Router
376	      Solicitations and Advertisements on NBMA links is not specified in
377	      this document."

379	   ISATAP links SHOULD implement Redirect, Neighbor Unreachability
380	   Detection, and next-hop determination exactly as specified in [6].
381	   Address resolution and the mechanisms for delivering Router
382	   Solicitations and Advertisements for ISATAP links are not specified
383	   by [6]; instead, they are specified in this document.  (Note that
384	   these mechanisms MAY potentially apply to other types of NBMA links
385	   in the future.)

387	7.1 Address Resolution

389	   ISATAP addresses are resolved to link-layer addresses (IPv4) by a
390	   static computation, i.e., the last four octets are treated as an IPv4
391	   address.

393	   Following static address resolution, ISATAP hosts SHOULD perform an
394	   initial reachability confirmation by sending unicast Neighbor
395	   Solicitations (NSs) and receiving a Neighbor Advertisement using the
396	   mechanisms specified in ([6], sections 7.2.2-7.2.8).  (Note that
397	   implementations MAY omit the source/target link layer options in NS/
398	   NA messages when unicast is used.)

400	   ISATAP hosts SHOULD additionally perform Neighbor Unreachability
401	   Detection (NUD) as specified in ([6], section 7.3).  ISATAP routers
402	   MAY perform the above-specified reachability detection and NUD
403	   procedures, but this might not scale in all environments.

405	   All ISATAP nodes MUST send solicited neighbor advertisements ([6],
406	   section 7.2.4).

408	7.2 Router and Prefix Discovery

410	   Since NBMA multicast emulation mechanisms are not used, ISATAP nodes
411	   will not receive unsolicited multicast Router Advertisements.  Thus,
412	   alternate mechanisms are required and specified below:

414	7.2.1 Conceptual Data Structures

416	   ISATAP nodes use the conceptual data structures Prefix List and
417	   Default Router List exactly as in ([6], section 5.1).  ISATAP links
418	   add a new conceptual data structures "Potential Router List" and the
419	   following new configuration variable:

421	   ResolveInterval
422	      Time between name service resolutions.  Default and suggested
423	      minimum: 1hr

425	   A Potential Router List (PRL) is associated with every ISATAP link.
426	   The PRL provides a trust basis for router validation (see security
427	   considerations).  Each entry in the PRL has an IPv4 address and an
428	   associated timer.  The IPv4 address represents a router's ISATAP
429	   interface (likely to be an "advertising interface"), and is used to
430	   construct the ISATAP link-local address for that interface.  The
431	   following sections specify the process for initializing the PRL:

433	   When a node enables an ISATAP link, it first discovers IPv4 addresses
434	   for the PRL.  The addresses SHOULD be established by a DHCPv4 [13]
435	   option for ISATAP (option code TBD), by manual configuration, or by
436	   an unspecified alternate method (e.g., DHCPv4 vendor-specific
437	   option).

439	   When no other mechanisms are available, a DNS fully-qualified domain
440	   name (FQDN) [20] MAY be used.  In this case, the FQDN is resolved
441	   into IPv4 addresses for the PRL through a static host file, a
442	   site-specific name service, or by querying an IPv4-based DNS server.
443	   Unspecified alternate methods for domain name resolution may also be
444	   used.  The following notes apply:

446	   1.  Site administrators maintain a list of IPv4 addresses
447	       representing ISATAP router interfaces and make them available via
448	       one or more of the mechanisms described above.

450	   2.  There are no mandatory rules for the selection of a FQDN, but
451	       administrators are encouraged to use the convention
452	       "isatap.domainname" (e.g., isatap.example.com).

454	   3.  After initialization, nodes periodically re-initialize the PRL
455	       (after ResolveInterval).  When DNS is used, client DNS resolvers
456	       use the IPv4 transport to resolve the names and follow the cache
457	       invalidation procedures in [20] when the DNS time-to-live
458	       expires.

460	7.2.2 Validity Checks for Router Advertisements

462	   A node MUST silently discard any Router Advertisement messages it
463	   receives that do not satisfy both the validity checks in ([6],
464	   section 6.1.2) and the following additional validity check for
465	   ISATAP:

467	   o  the network-layer (IPv6) source address is an ISATAP address and
468	      embeds an IPv4 address from the PRL

470	7.2.3 Router Specification

472	   Advertising ISATAP interfaces of routers behave the same as
473	   advertising interfaces described in ([6], section 6.2).  However,
474	   periodic unsolicited multicast Router Advertisements are not used,
475	   thus the "interval timer" associated with advertising interfaces is
476	   not used for that purpose.

478	   When an ISATAP router receives a valid Router Solicitation on an
479	   advertising ISATAP interface, it replies with a unicast Router
480	   Advertisement to the address of the node which sent the Router
481	   Solicitation.  The source address of the Router Advertisement is a
482	   link-local unicast address associated with the interface.  This MAY
483	   be the same as the destination address of the Router Solicitation.
484	   ISATAP routers MAY engage in the solicitation process described under
485	   Host Specification below, e.g., if Router Advertisement consistency
486	   verification ([6], section 6.2.7) is desired.

488	7.2.4 Host Specification

490	   All entries in the PRL are assumed to represent active ISATAP routers
491	   within the site, i.e., the PRL provides trust basis only; not
492	   reachability detection.  ISATAP nodes SHOULD use stateful
493	   configuration to assign IPv6 prefixes and default router information.
494	   When stateful configuration is not available, hosts MAY periodically
495	   solicit information from one or more entries in the PRL ("PRL(i)") by
496	   sending unicast Router Solicitation messages using the IPv4 address
497	   ("V4ADDR_PRL(i)") and associated timer in the entry.  Hosts add the
498	   following variable to support the solicitation process:

500	   MinRouterSolicitInterval
501	      Minimum time between sending Router Solicitations to any router.
502	      Default and suggested minimum: 15min.

504	   When a PRL(i) is selected, the host sets its associated timer to
505	   MinRouterSolicitInterval and initiates solicitation following a short
506	   delay as in ([6], section 6.3.7).  The manner of choosing particular
507	   routers in the PRL for solicitation is outside the scope of this
508	   specification.  The solicitation process repeats when the associated
509	   timer expires.

511	   Solicitation consists of sending Router Solicitations to the ISATAP
512	   link-local address constructed from the entry's IPv4 address, i.e.,
513	   they are sent to 'FE80::0:5EFE:V4ADDR_PRL(i)' instead of 'All-Routers
514	   multicast'.  They are otherwise sent exactly as in ([6], section
515	   6.3.7).

517	   Hosts process received Router Advertisements exactly as in ([6],
518	   section 6.3.4).  Hosts additionally reset the timer associated with
519	   the V4ADDR_PRL(i) embedded in the network-layer source address in
520	   each solicited Router Advertisement received.  The timer is reset to
521	   either 0.5 * (the minimum value in the router lifetime or valid
522	   lifetime of any on-link prefixes received in the advertisement) or
523	   MinRouterSolicitInterval; whichever is longer.

525	8. ISATAP Deployment Considerations

527	8.1 Host And Router Deployment Considerations

529	   For hosts, if an underlying link supports both IPv4 (over which
530	   ISATAP is implemented) and also supports IPv6 natively, then ISATAP
531	   MAY be enabled if the native IPv6 layer does not receive Router
532	   Advertisements (i.e., does not have connection with an IPv6 router).
533	   After a non-link-local address has been configured and a default
534	   router acquired on the native link, the host SHOULD discontinue the
535	   router solicitation process described in the host specification and
536	   allow existing ISATAP address configurations to expire as specified
537	   in ([6], section 5.3) and ([14], section 5.5.4).  Any ISATAP
538	   addresses added to the DNS for this host should also be removed.  In
539	   this way, ISATAP use will gradually diminish as IPv6 routers are
540	   widely deployed throughout the site.

542	   Routers MAY configure an interface to simultaneously support both
543	   native IPv6, and also ISATAP (over IPv4).  Routing will operate as
544	   usual between these two domains.  Note that the prefixes used on the
545	   ISATAP and native IPv6 interfaces will be distinct.  The IPv4
546	   address(es) configured on a router's ISATAP interface(s) SHOULD be
547	   added (either automatically or manually) to the site's address
548	   records for ISATAP router interfaces.

550	8.2 Site Administration Considerations

552	   The following considerations are noted for sites that deploy ISATAP:

554	   o  ISATAP links are administratively defined by a set of router
555	      interfaces and set of nodes which discover those interface and
556	      server addresses Thus, ISATAP links are defined by administrative
557	      (not physical) boundaries.

559	   o  ISATAP hosts and routers can be deployed in an ad-hoc and
560	      independent fashion.  In particular, ISATAP hosts can be deployed
561	      with little/no advanced knowledge of existing ISATAP routers, and
562	      ISATAP routers can deployed with no reconfiguration requirements
563	      for hosts.

565	   o  When stateful autoconfiguration is not available, ISATAP nodes MAY
566	      periodically send unicast Router Solicitations to and receive
567	      unicast Router Advertisements from to one or more members of the
568	      potential router list.  A well-deployed stateful autoconfiguration
569	      service within the site can minimize and/or eliminate the need for
570	      periodic solicitation.

572	   o  ISATAP nodes periodically refresh the entries on the PRL.
573	      Responsible site administration can reduce the control traffic.
574	      At a minimum, administrators SHOULD ensure that dynamically
575	      advertised information for the site's PRL is well maintained.

577	9. IANA Considerations

579	   A DHCPv4 option code for ISATAP (TBD) [21] is requested in the event
580	   that the IESG recommends this document for standards track.

582	10. Security considerations

584	   Site administrators are advised that, in addition to possible attacks
585	   against IPv6, security attacks against IPv4 MUST also be considered.

587	   Responsible IPv4 site security management is strongly encouraged.  In
588	   particular, border gateways SHOULD implement filtering to detect
589	   spoofed IPv4 source addresses at a minimum; ip-protocol-41 filtering
590	   SHOULD also be implemented.

592	   If IPv4 source address filtering is not correctly implemented, the
593	   ISATAP validity checks will not be effective in preventing IPv6
594	   source address spoofing.

596	   If filtering for ip-protocol-41 is not correctly implemented, IPv6
597	   source address spoofing is clearly possible, but this can be
598	   eliminated if both IPv4 source address filtering, and the ISATAP
599	   validity checks are implemented.

601	   (RFC 2461 [6]), section 6.1.2 implies that nodes trust Router
602	   Advertisements they receive from on-link routers, as indicated by a
603	   value of 255 in the IPv6 'hop-limit' field.  Since this field is not
604	   decremented when ip-protocol-41 packets traverse multiple IPv4 hops
605	   ([9], section 3), ISATAP links require a different trust model.  In
606	   particular, ONLY those Router Advertisements received from a member
607	   of the Potential Routers List are trusted; all others are silently
608	   discarded.  This trust model is predicated on IPv4 source address
609	   filtering, as described above.

611	   The ISATAP address format does not support privacy extensions for
612	   stateless address autoconfiguration [22].  However, since the ISATAP
613	   interface identifier is derived from the node's IPv4 address, ISATAP
614	   addresses do not have the same level of privacy concerns as IPv6
615	   addresses that use an interface identifier derived from the MAC
616	   address.  (This issue is the same for NAT'd addresses.)

618	11. Acknowledgements

620	   Some of the ideas presented in this draft were derived from work at
621	   SRI with internal funds and contractual support.  Government sponsors
622	   who supported the work include Monica Farah-Stapleton and Russell
623	   Langan from U.S.  Army CECOM ASEO, and Dr.  Allen Moshfegh from U.S.
624	   Office of Naval Research.  Within SRI, Dr.  Mike Frankel, J.  Peter
625	   Marcotullio, Lou Rodriguez, and Dr.  Ambatipudi Sastry supported the
626	   work and helped foster early interest.

628	   The following peer reviewers are acknowledged for taking the time to
629	   review a pre-release of this document and provide input: Jim Bound,
630	   Rich Draves, Cyndi Jung, Ambatipudi Sastry, Aaron Schrader, Ole
631	   Troan, Vlad Yasevich.

633	   The authors acknowledge members of the NGTRANS community who have
634	   made significant contributions to this effort, including Rich Draves,
635	   Alain Durand, Nathan Lutchansky, Karen Nielsen, Art Shelest, Margaret
636	   Wasserman, and Brian Zill.

638	   The authors also wish to acknowledge the work of Quang Nguyen [23]
639	   under the guidance of Dr.  Lixia Zhang that proposed very similar
640	   ideas to those that appear in this document.  This work was first
641	   brought to the authors' attention on September 20, 2002.

643	Normative References

645	   [1]   Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6)
646	         Specification", RFC 2460, December 1998.

648	   [2]   Postel, J., "Internet Protocol", STD 5, RFC 791, September
649	         1981.

651	   [3]   Rekhter, Y., Moskowitz, R., Karrenberg, D., Groot, G. and E.
652	         Lear, "Address Allocation for Private Internets", BCP 5, RFC
653	         1918, February 1996.

655	   [4]   Egevang, K. and P. Francis, "The IP Network Address Translator
656	         (NAT)", RFC 1631, May 1994.

658	   [5]   Bradner, S., "Key words for use in RFCs to Indicate Requirement
659	         Levels", BCP 14, RFC 2119, March 1997.

661	   [6]   Narten, T., Nordmark, E. and W. Simpson, "Neighbor Discovery
662	         for IP Version 6 (IPv6)", RFC 2461, December 1998.

664	   [7]   Armitage, G., Schulter, P., Jork, M. and G. Harter, "IPv6 over
665	         Non-Broadcast Multiple Access (NBMA) networks", RFC 2491,
666	         January 1999.

668	   [8]   Hinden, R. and S. Deering, "IP Version 6 Addressing
669	         Architecture", draft-ietf-ipngwg-addr-arch-v3-11 (work in
670	         progress), October 2002.

672	   [9]   Gilligan, R. and E. Nordmark, "Basic Transition Mechanisms for
673	         IPv6 Hosts and Routers", draft-ietf-ngtrans-mech-v2-01 (work in
674	         progress), November 2002.

676	   [10]  Conta, A. and S. Deering, "Internet Control Message Protocol
677	         (ICMPv6) for the Internet Protocol Version 6 (IPv6)
678	         Specification", RFC 2463, December 1998.

680	   [11]  McCann, J., Deering, S. and J. Mogul, "Path MTU Discovery for
681	         IP version 6", RFC 1981, August 1996.

683	   [12]  Braden, R., "Requirements for Internet Hosts - Communication
684	         Layers", STD 3, RFC 1122, October 1989.

686	   [13]  Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
687	         March 1997.

689	   [14]  Thomson, S. and T. Narten, "IPv6 Stateless Address
690	         Autoconfiguration", RFC 2462, December 1998.

692	   [15]  Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191,
693	         November 1990.

695	   [16]  Postel, J., "Internet Control Message Protocol", STD 5, RFC
696	         792, September 1981.

698	   [17]  Baker, F., "Requirements for IP Version 4 Routers", RFC 1812,
699	         June 1995.

701	   [18]  Droms, R., "Dynamic Host Configuration Protocol for IPv6
702	         (DHCPv6)", draft-ietf-dhc-dhcpv6-28 (work in progress),
703	         November 2002.

705	Informative References

707	   [19]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains via
708	         IPv4 Clouds", RFC 3056, February 2001.

710	   [20]  Mockapetris, P., "Domain names - implementation and
711	         specification", STD 13, RFC 1035, November 1987.

713	   [21]  Droms, R., "Procedures and IANA Guidelines for Definition of
714	         New DHCP Options and Message Types", BCP 43, RFC 2939,
715	         September 2000.

717	   [22]  Narten, T. and R. Draves, "Privacy Extensions for Stateless
718	         Address Autoconfiguration in IPv6", RFC 3041, January 2001.

720	   [23]  Nguyen, Q., "http://irl.cs.ucla.edu/vet/report.ps", spring
721	         1998.

723	   [24]  Lahey, K., "TCP Problems with Path MTU Discovery", RFC 2923,
724	         September 2000.

726	Authors' Addresses

728	   Fred L. Templin
729	   Nokia
730	   313 Fairchild Drive
731	   Mountain View, CA  94110
732	   US

734	   Phone: +1 650 625 2331
735	   EMail: ftemplin@iprg.nokia.com

737	   Tim Gleeson
738	   Cisco Systems K.K.
739	   Shinjuku Mitsu Building
740	   2-1-1 Nishishinjuku, Shinjuku-ku
741	   Tokyo  163-0409
742	   Japan

744	   EMail: tgleeson@cisco.com

746	   Mohit Talwar
747	   Microsoft Corporation
748	   One Microsoft Way
749	   Redmond, WA>  98052-6399
750	   US

752	   Phone: +1 425 705 3131
753	   EMail: mohitt@microsoft.com
754	   Dave Thaler
755	   Microsoft Corporation
756	   One Microsoft Way
757	   Redmond, WA  98052-6399
758	   US

760	   Phone: +1 425 703 8835
761	   EMail: dthaler@microsoft.com

763	Appendix A. Major Changes

765	   changes from version 09 to version 10:

767	   o  Rearranged/revised sections 5, 6, 7

769	   o  updated MTU section

771	   changes from version 08 to version 09:

773	   o  Added stateful autoconfiguration mechanism

775	   o  Normative references to RFC 2491, RFC 2462

777	   o  Moved non-normative MTU text to appendix C

779	   changes from version 07 to version 08:

781	   o  updated MTU section

783	   changes from version 06 to version 07:

785	   o  clarified address resolution, Neighbor Unreachability Detection

787	   o  specified MTU/MRU requirements

789	   changes from earlier versions to version 06:

791	   o  Addressed operational issues identified in 05 based on discussion
792	      between co-authors

794	   o  Clarified ambiguous text per comments from Hannu Flinck; Jason
795	      Goldschmidt

797	   o  Moved historical text in section 4.1 to Appendix B in response to
798	      comments from Pekka Savola

800	   o  Identified operational issues for anticipated deployment scenarios
801	   o  Included reference to Quang Nguyen work

803	Appendix B. Rationale for Interface Identifier Construction

805	   ISATAP specifies an EUI64-format address construction for the
806	   Organizationally-Unique Identifier (OUI) owned by the Internet
807	   Assigned Numbers Authority (IANA).  This format (given below) is used
808	   to construct both native EUI64 addresses for general use and modified
809	   EUI-64 format interface identifiers for IPv6 unicast addresses:

811	   |0                      2|2      3|3      3|4                      6|
812	   |0                      3|4      1|2      9|0                      3|
813	   +------------------------+--------+--------+------------------------+
814	   |  OUI ("00-00-5E"+u+g)  |  TYPE  |  TSE   |          TSD           |
815	   +------------------------+--------+--------+------------------------+

817	   Where the fields are:

819	      OUI     IANA's OUI: 00-00-5E with 'u' and 'g' bits (3 octets)

821	      TYPE    Type field; specifies use of (TSE, TSD) (1 octet)

823	      TSE     Type-Specific Extension (1 octet)

825	      TSD     Type-Specific Data (3 octets)

827	   And the following interpretations are specified based on TYPE:

829	      TYPE         (TSE, TSD) Interpretation
830	      ----         -------------------------
831	      0x00-0xFD    RESERVED for future IANA use
832	      0xFE         (TSE, TSD) together contain an embedded IPv4 address
833	      0xFF         TSD is interpreted based on TSE as follows:

835	                   TSE          TSD Interpretation
836	                   ---          ------------------
837	                   0x00-0xFD    RESERVED for future IANA use
838	                   0xFE         TSD contains 24-bit EUI-48 intf id
839	                   0xFF         RESERVED by IEEE/RAC

841	                                Figure 2

843	   Thus, if TYPE=0xFE, TSE is an extension of TSD.  If TYPE=0xFF, TSE is
844	   an extension of TYPE.  Other values for TYPE (thus, other
845	   interpretations of TSE, TSD) are reserved for future IANA use.

847	   The above specification is compatible with all aspects of EUI64,
848	   including support for encapsulating legacy EUI-48 interface
849	   identifiers (e.g., an IANA EUI-48 format multicast address such as:
850	   '01-00-5E-01-02-03' is encapsulated as: '01-00-5E-FF-FE-01-02-03').
851	   But, the specification also provides a special TYPE (0xFE) to
852	   indicate an IPv4 address is embedded.  Thus, when the first four
853	   octets of an IPv6 interface identifier are: '00-00-5E-FE' (note: the
854	   'u/l' bit MUST be 0) the interface identifier is said to be in
855	   "ISATAP format" and the next four octets embed an IPv4 address
856	   encoded in network byte order.

858	Appendix C. Dynamic Per-neighbor MTU Discovery

860	   ISATAP encapsulators and decapsulators are IPv6 neighbors that may be
861	   separated by multiple link layer (IPv4) forwarding hops.  When
862	   ISATAP_MTU is larger than 1380 bytes, the encapsulator must implement
863	   a dynamic link layer mechanism to discover per-neighbor MTUs.

865	   IPv4 path MTU discovery [15] relies on ICMPv4 "fragmentation needed"
866	   messages, but these do not provide enough information for stateless
867	   translation into ICMPv6 "packet too big" messages (see: RFC 792 [16]
868	   and RFC 1812 [17], section 4.3.2.3).  Additionally, ICMPv4
869	   "fragmentation needed" messages can be spoofed, filtered, or not sent
870	   at all by some forwarding nodes.  Thus, IPv4 Path MTU discovery used
871	   alone is inadequate and can result in black holes that are difficult
872	   to diagnose [24].

874	   The ISATAP encapsulator may implement an alternate per-neighbor MTU
875	   discovery mechanism, e.g., periodic and/or on-demand probing of the
876	   IPv4 path to the decapsulator.  Probing consists of sending packets
877	   larger than 1380 bytes to the neighbor and receiving positive
878	   confirmation of receipt.  Two methods are possible:

880	   In the first method, the encapsulator does NOT set the DF bit in the
881	   IPv4 header of probe packets.  In this case, the encapsulator must
882	   have a priori knowledge of the decapsulator's reassembly buffer size
883	   and should have a priori knowledge of the decapsulator's link MTU.
884	   This method has the advantage that probe packets will be delivered
885	   even if the network performs fragmentation, thus ordinary data
886	   packets may be used for probing resulting in greater efficiency.
887	   Disadvantages for this method include:

889	   o  special mechanisms required on both encapsulator and decapsulator

891	   o  extra state required on both encapsulator and decapsulator

893	   o  complex protocol signalling between encapsulator and decapsulator

895	   o  possible extended periods of network fragmentation
896	   In the second (and preferred) method, the encapsulator sets the DF
897	   bit in the IPv4 header of probe packets.  Neighbor Solicitation (NS)
898	   packets with padding bytes added should be used for this purpose,
899	   since successful delivery results in a positive acknowledgement that
900	   the probe succeeded, i.e., in the form of a Neighbor Advertisement
901	   (NA) from the decapsulator.  Setting the DF bit prevents the network
902	   from fragmenting the packets and protects decapsulators from
903	   receiving packets that might overrun the IPv4 reassembly buffer.
904	   Additionally, special mechanisms and state are needed only on the
905	   encapsulator, and no complex protocol signalling between the
906	   encapsulator and decapsulator is required.

908	   In either method, implementations may choose to couple the probing
909	   process with neighbor cache management procedures ([6], section 7),
910	   e.g.  to maintain timers, state variables and/or a queue of packets
911	   waiting for probes to complete.  Packets retained on the queue are
912	   forwarded when probes succeed, and provide state for sending ICMPv6
913	   "packet too big" messages to the source when probes fail.
914	   Implementations may choose to store per-neighbor MTU information in
915	   the IPv4 path MTU discovery cache, in the ISATAP link layer's private
916	   data structures, etc.

918	   Additional notes:

920	   1.  Per-neighbor MTUs may vary dynamically due to fluctuations in the
921	       IPv4 forwarding path and/or multipath routing (e.g., when QoS
922	       routing is used in the IPv4 network).  For such neighbors,
923	       encapsulators should detect a "losing battle" and reduce the
924	       per-neighbor MTU size to no more than 1380 bytes.

926	   2.  When not probing, encapsulators may send packets to a neighbor
927	       with MTU greater than 1380 bytes either with the DF bit set or
928	       not set.  When the DF bit is set, undetected packet loss may
929	       occur in the network if the neighbor's MTU decreases.  When the
930	       DF bit is NOT set, undetected packet loss is less likely but may
931	       occur either in the network or at the neighbor's reassembly
932	       buffer.

934	   3.  ICMPv4 "fragmentation needed" messages may result when a link
935	       restriction is encountered but may also come from denial of
936	       service attacks.  Implementations should treat ICMPv4
937	       "fragmentation needed" messages as "tentative" negative
938	       acknowledgments and apply heuristics to determine when to suspect
939	       an actual link restriction and when to ignore the messages.  IPv6
940	       packets lost due actual link restrictions are perceived as lost
941	       due to congestion by the original source, but robust
942	       implementations minimize instances of such packet loss without
943	       ICMPv6 "packet too big" messages returned to the sender.

945	Intellectual Property Statement

947	   The IETF takes no position regarding the validity or scope of any
948	   intellectual property or other rights that might be claimed to
949	   pertain to the implementation or use of the technology described in
950	   this document or the extent to which any license under such rights
951	   might or might not be available; neither does it represent that it
952	   has made any effort to identify any such rights.  Information on the
953	   IETF's procedures with respect to rights in standards-track and
954	   standards-related documentation can be found in BCP-11.  Copies of
955	   claims of rights made available for publication and any assurances of
956	   licenses to be made available, or the result of an attempt made to
957	   obtain a general license or permission for the use of such
958	   proprietary rights by implementors or users of this specification can
959	   be obtained from the IETF Secretariat.

961	   The IETF invites any interested party to bring to its attention any
962	   copyrights, patents or patent applications, or other proprietary
963	   rights which may cover technology that may be required to practice
964	   this standard.  Please address the information to the IETF Executive
965	   Director.

967	   The IETF has been notified of intellectual property rights claimed in
968	   regard to some or all of the specification contained in this
969	   document.  For more information consult the online list of claimed
970	   rights.

972	Full Copyright Statement

974	   Copyright (C) The Internet Society (2002).  All Rights Reserved.

976	   This document and translations of it may be copied and furnished to
977	   others, and derivative works that comment on or otherwise explain it
978	   or assist in its implementation may be prepared, copied, published
979	   and distributed, in whole or in part, without restriction of any
980	   kind, provided that the above copyright notice and this paragraph are
981	   included on all such copies and derivative works.  However, this
982	   document itself may not be modified in any way, such as by removing
983	   the copyright notice or references to the Internet Society or other
984	   Internet organizations, except as needed for the purpose of
985	   developing Internet standards in which case the procedures for
986	   copyrights defined in the Internet Standards process must be
987	   followed, or as required to translate it into languages other than
988	   English.

990	   The limited permissions granted above are perpetual and will not be
991	   revoked by the Internet Society or its successors or assignees.

993	   This document and the information contained herein is provided on an
994	   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
995	   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
996	   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
997	   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
998	   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

1000	Acknowledgement

1002	   Funding for the RFC Editor function is currently provided by the
1003	   Internet Society.