idnits 2.17.1 draft-ietf-shim6-proto-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 16. -- Found old boilerplate from RFC 3978, Section 5.5 on line 5244. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 5221. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 5228. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 5234. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 3126 has weird spacing: '...payload exten...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 24, 2006) is 6360 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'CGA' on line 3805 -- Looks like a reference, but probably isn't: 'FII' on line 2202 == Unused Reference: '4' is defined on line 5105, but no explicit reference was found in the text == Unused Reference: '12' is defined on line 5136, but no explicit reference was found in the text == Unused Reference: '24' is defined on line 5175, but no explicit reference was found in the text == Unused Reference: '25' is defined on line 5180, but no explicit reference was found in the text == Unused Reference: '27' is defined on line 5187, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2460 (ref. '2') (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 2461 (ref. '3') (Obsoleted by RFC 4861) ** Obsolete normative reference: RFC 2462 (ref. '4') (Obsoleted by RFC 4862) ** Obsolete normative reference: RFC 2463 (ref. '5') (Obsoleted by RFC 4443) == Outdated reference: A later version (-05) exists of draft-ietf-shim6-hba-02 == Outdated reference: A later version (-13) exists of draft-ietf-shim6-failure-detection-06 -- Obsolete informational reference (is this intentional?): RFC 3041 (ref. '12') (Obsoleted by RFC 4941) -- Obsolete informational reference (is this intentional?): RFC 3484 (ref. '13') (Obsoleted by RFC 6724) -- Obsolete informational reference (is this intentional?): RFC 3697 (ref. '17') (Obsoleted by RFC 6437) == Outdated reference: A later version (-08) exists of draft-ietf-shim6-applicability-02 == Outdated reference: A later version (-10) exists of draft-ietf-hip-base-06 Summary: 7 errors (**), 0 flaws (~~), 13 warnings (==), 12 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SHIM6 WG E. Nordmark 3 Internet-Draft Sun Microsystems 4 Expires: May 28, 2007 M. Bagnulo 5 UC3M 6 November 24, 2006 8 Level 3 multihoming shim protocol 9 draft-ietf-shim6-proto-07.txt 11 Status of this Memo 13 By submitting this Internet-Draft, each author represents that any 14 applicable patent or other IPR claims of which he or she is aware 15 have been or will be disclosed, and any of which he or she becomes 16 aware will be disclosed, in accordance with Section 6 of BCP 79. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as Internet- 21 Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt. 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This Internet-Draft will expire on May 28, 2007. 36 Copyright Notice 38 Copyright (C) The Internet Society (2006). 40 Abstract 42 The SHIM6 protocol is a layer 3 shim for providing locator agility 43 below the transport protocols, so that multihoming can be provided 44 for IPv6 with failover and load sharing properties, without assuming 45 that a multihomed site will have a provider independent IPv6 address 46 prefix which is announced in the global IPv6 routing table. The 47 hosts in a site which has multiple provider allocated IPv6 address 48 prefixes, will use the shim6 protocol specified in this document to 49 setup state with peer hosts, so that the state can later be used to 50 failover to a different locator pair, should the original one stop 51 working. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 56 1.1. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 5 57 1.2. Non-Goals . . . . . . . . . . . . . . . . . . . . . . . . 6 58 1.3. Locators as Upper-layer Identifiers . . . . . . . . . . . 6 59 1.4. IP Multicast . . . . . . . . . . . . . . . . . . . . . . 7 60 1.5. Renumbering Implications . . . . . . . . . . . . . . . . 8 61 1.6. Placement of the shim . . . . . . . . . . . . . . . . . . 9 62 1.7. Traffic Engineering . . . . . . . . . . . . . . . . . . . 10 63 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 12 64 2.1. Definitions . . . . . . . . . . . . . . . . . . . . . . . 12 65 2.2. Notational Conventions . . . . . . . . . . . . . . . . . 15 66 3. Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . 16 67 4. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 17 68 4.1. Context Tags . . . . . . . . . . . . . . . . . . . . . . 19 69 4.2. Context Forking . . . . . . . . . . . . . . . . . . . . . 19 70 4.3. API Extensions . . . . . . . . . . . . . . . . . . . . . 20 71 4.4. Securing shim6 . . . . . . . . . . . . . . . . . . . . . 20 72 4.5. Overview of Shim Control Messages . . . . . . . . . . . . 21 73 4.6. Extension Header Order . . . . . . . . . . . . . . . . . 22 74 5. Message Formats . . . . . . . . . . . . . . . . . . . . . . . 24 75 5.1. Common shim6 Message Format . . . . . . . . . . . . . . . 24 76 5.2. Payload Extension Header Format . . . . . . . . . . . . . 24 77 5.3. Common Shim6 Control header . . . . . . . . . . . . . . . 25 78 5.4. I1 Message Format . . . . . . . . . . . . . . . . . . . . 27 79 5.5. R1 Message Format . . . . . . . . . . . . . . . . . . . . 28 80 5.6. I2 Message Format . . . . . . . . . . . . . . . . . . . . 29 81 5.7. R2 Message Format . . . . . . . . . . . . . . . . . . . . 31 82 5.8. R1bis Message Format . . . . . . . . . . . . . . . . . . 33 83 5.9. I2bis Message Format . . . . . . . . . . . . . . . . . . 34 84 5.10. Update Request Message Format . . . . . . . . . . . . . . 36 85 5.11. Update Acknowledgement Message Format . . . . . . . . . . 38 86 5.12. Keepalive Message Format . . . . . . . . . . . . . . . . 39 87 5.13. Probe Message Format . . . . . . . . . . . . . . . . . . 39 88 5.14. Option Formats . . . . . . . . . . . . . . . . . . . . . 40 89 5.14.1. Responder Validator Option Format . . . . . . . . . 42 90 5.14.2. Locator List Option Format . . . . . . . . . . . . . 42 91 5.14.3. Locator Preferences Option Format . . . . . . . . . 44 92 5.14.4. CGA Parameter Data Structure Option Format . . . . . 46 93 5.14.5. CGA Signature Option Format . . . . . . . . . . . . 46 94 5.14.6. ULID Pair Option Format . . . . . . . . . . . . . . 47 95 5.14.7. Forked Instance Identifier Option Format . . . . . . 48 96 5.14.8. Keepalive Timeout Option Format . . . . . . . . . . 48 97 6. Conceptual Model of a Host . . . . . . . . . . . . . . . . . 49 98 6.1. Conceptual Data Structures . . . . . . . . . . . . . . . 49 99 6.2. Context States . . . . . . . . . . . . . . . . . . . . . 50 100 7. Establishing ULID-Pair Contexts . . . . . . . . . . . . . . . 52 101 7.1. Uniqueness of Context Tags . . . . . . . . . . . . . . . 52 102 7.2. Locator Verification . . . . . . . . . . . . . . . . . . 52 103 7.3. Normal context establishment . . . . . . . . . . . . . . 53 104 7.4. Concurrent context establishment . . . . . . . . . . . . 53 105 7.5. Context recovery . . . . . . . . . . . . . . . . . . . . 55 106 7.6. Context confusion . . . . . . . . . . . . . . . . . . . . 57 107 7.7. Sending I1 messages . . . . . . . . . . . . . . . . . . . 58 108 7.8. Retransmitting I1 messages . . . . . . . . . . . . . . . 58 109 7.9. Receiving I1 messages . . . . . . . . . . . . . . . . . . 59 110 7.10. Sending R1 messages . . . . . . . . . . . . . . . . . . . 60 111 7.10.1. Generating the R1 Validator . . . . . . . . . . . . 60 112 7.11. Receiving R1 messages and sending I2 messages . . . . . . 61 113 7.12. Retransmitting I2 messages . . . . . . . . . . . . . . . 62 114 7.13. Receiving I2 messages . . . . . . . . . . . . . . . . . . 62 115 7.14. Sending R2 messages . . . . . . . . . . . . . . . . . . . 64 116 7.15. Match for Context Confusion . . . . . . . . . . . . . . . 64 117 7.16. Receiving R2 messages . . . . . . . . . . . . . . . . . . 65 118 7.17. Sending R1bis messages . . . . . . . . . . . . . . . . . 66 119 7.17.1. Generating the R1bis Validator . . . . . . . . . . . 66 120 7.18. Receiving R1bis messages and sending I2bis messages . . . 67 121 7.19. Retransmitting I2bis messages . . . . . . . . . . . . . . 68 122 7.20. Receiving I2bis messages and sending R2 messages . . . . 68 123 8. Handling ICMP Error Messages . . . . . . . . . . . . . . . . 70 124 9. Teardown of the ULID-Pair Context . . . . . . . . . . . . . . 72 125 10. Updating the Peer . . . . . . . . . . . . . . . . . . . . . . 73 126 10.1. Sending Update Request messages . . . . . . . . . . . . . 73 127 10.2. Retransmitting Update Request messages . . . . . . . . . 73 128 10.3. Newer Information While Retransmitting . . . . . . . . . 74 129 10.4. Receiving Update Request messages . . . . . . . . . . . . 74 130 10.5. Receiving Update Acknowledgement messages . . . . . . . . 76 131 11. Sending ULP Payloads . . . . . . . . . . . . . . . . . . . . 77 132 11.1. Sending ULP Payload after a Switch . . . . . . . . . . . 77 133 12. Receiving Packets . . . . . . . . . . . . . . . . . . . . . . 79 134 12.1. Receiving Payload Extension Headers . . . . . . . . . . . 79 135 12.2. Receiving Shim Control messages . . . . . . . . . . . . . 79 136 12.3. Context Lookup . . . . . . . . . . . . . . . . . . . . . 80 137 13. Initial Contact . . . . . . . . . . . . . . . . . . . . . . . 82 138 14. Protocol constants . . . . . . . . . . . . . . . . . . . . . 83 139 15. Implications Elsewhere . . . . . . . . . . . . . . . . . . . 84 140 16. Security Considerations . . . . . . . . . . . . . . . . . . . 86 141 17. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 89 142 18. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 91 143 Appendix A. Possible Protocol Extensions . . . . . . . . . . 92 144 Appendix B. Simplified State Machine . . . . . . . . . . . . 94 145 Appendix B.1. Simplified State Machine diagram . . . . . . . . 100 146 Appendix C. Context Tag Reuse . . . . . . . . . . . . . . . . 101 147 Appendix C.1. Context Recovery . . . . . . . . . . . . . . . . 101 148 Appendix C.2. Context Confusion . . . . . . . . . . . . . . . . 101 149 Appendix C.3. Three Party Context Confusion . . . . . . . . . . 102 150 Appendix D. Design Alternatives . . . . . . . . . . . . . . . 103 151 Appendix D.1. Context granularity . . . . . . . . . . . . . . . 103 152 Appendix D.2. Demultiplexing of data packets in shim6 153 communications . . . . . . . . . . . . . . . . . 103 154 Appendix D.2.1. Flow-label . . . . . . . . . . . . . . . . . . . 104 155 Appendix D.2.2. Extension Header . . . . . . . . . . . . . . . . 106 156 Appendix D.3. Context Loss Detection . . . . . . . . . . . . . 107 157 Appendix D.4. Securing locator sets . . . . . . . . . . . . . . 109 158 Appendix D.5. ULID-pair context establishment exchange . . . . 112 159 Appendix D.6. Updating locator sets . . . . . . . . . . . . . . 113 160 Appendix D.7. State Cleanup . . . . . . . . . . . . . . . . . . 113 161 Appendix E. Change Log . . . . . . . . . . . . . . . . . . . 116 162 19. References . . . . . . . . . . . . . . . . . . . . . . . . . 120 163 19.1. Normative References . . . . . . . . . . . . . . . . . . 120 164 19.2. Informative References . . . . . . . . . . . . . . . . . 120 165 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 123 166 Intellectual Property and Copyright Statements . . . . . . . . . 124 168 1. Introduction 170 This document describes a layer 3 shim approach and protocol for 171 providing locator agility below the transport protocols, so that 172 multihoming can be provided for IPv6 with failover and load sharing 173 properties [16], without assuming that a multihomed site will have a 174 provider independent IPv6 address which is announced in the global 175 IPv6 routing table. The hosts in a site which has multiple provider 176 allocated IPv6 address prefixes, will use the shim6 protocol 177 specified in this document to setup state with peer hosts, so that 178 the state can later be used to failover to a different locator pair, 179 should the original one stop working. 181 We assume that redirection attacks are prevented using the mechanism 182 specified in HBA [8]. 184 The reachability and failure detection mechanisms, including how a 185 new working locator pair is discovered after a failure, are specified 186 in a separate document [9]. This document allocates message types 187 and option types for that sub-protocol, and leaves the specification 188 of the message and option formats as well as the protocol behavior to 189 that document. 191 1.1. Goals 193 The goals for this approach are to: 195 o Preserve established communications in the presence of certain 196 classes of failures, for example, TCP connections and UDP streams. 198 o Have minimal impact on upper layer protocols in general and on 199 transport protocols in particular. 201 o Address the security threats in [20] through the combination of 202 the HBA/CGA approach specified in a separate document [8] and 203 techniques described in this document. 205 o Not require extra roundtrip up front to setup shim specific state. 206 Instead allow the upper layer traffic (e.g., TCP) to flow as 207 normal and defer the setup of the shim state until some number of 208 packets have been exchanged. 210 o Take advantage of multiple locators/addresses for load spreading 211 so that different sets of communication to a host (e.g., different 212 connections) might use different locators of the host. Note that 213 this might cause load to be spread unevenly, thus we use the term 214 "load spreading" instead of "load balancing". This capability 215 might enable some forms of traffic engineering, but the details 216 for traffic engineering, including what requirements can be 217 satisfied, are not specified in this document, and form part of a 218 potential extensions to this protocol. 220 1.2. Non-Goals 222 The assumption is that the problem we are trying to solve is site 223 multihoming, with the ability to have the set of site prefixes change 224 over time due to site renumbering. Further, we assume that such 225 changes to the set of locator prefixes can be relatively slow and 226 managed; slow enough to allow updates to the DNS to propagate (since 227 the protocol defined in this document depends on the DNS to find the 228 appropriate locator sets). Note, however that it is an explicit non- 229 goal to make communication survive a renumbering event (which causes 230 all the locators of a host to change to a new set of locators). This 231 proposal does not attempt to solve the related problem of host 232 mobility. However, it might turn out that the shim6 protocol can be 233 a useful component for future host mobility solutions, e.g., for 234 route optimization. 236 Finally, this proposal also does not try to provide a new network 237 level or transport level identifier name space distinct from the 238 current IP address name space. Even though such a concept would be 239 useful to Upper Layer Protocols (ULPs) and applications, especially 240 if the management burden for such a name space was negligible and 241 there was an efficient yet secure mechanism to map from identifiers 242 to locators, such a name space isn't necessary (and furthermore 243 doesn't seem to help) to solve the multihoming problem. 245 1.3. Locators as Upper-layer Identifiers 247 The approach described in this document does not introduce a new 248 identifier name space but instead uses the locator that is selected 249 in the initial contact with the remote peer as the preserved Upper- 250 Layer Identifier (ULID). While there may be subsequent changes in 251 the selected network level locators over time in response to failures 252 in using the original locator, the upper level protocol stack 253 elements will continue to use this upper level identifier without 254 change. 256 This implies that the ULID selection is performed as today's default 257 address selection as specified in RFC 3484 [13]. Some extensions are 258 needed to RFC 3484 to try different source addresses, whether or not 259 the shim6 protocol is used, as outlined in [14]. Underneath, and 260 transparently, the multihoming shim selects working locator pairs 261 with the initial locator pair being the ULID pair. If communication 262 subsequently fails the shim can test and select alternate locators. 263 A subsequent section discusses the issues when the selected ULID is 264 not initially working hence there is a need to switch locators up 265 front. 267 Using one of the locators as the ULID has certain benefits for 268 applications which have long-lived session state or performs 269 callbacks or referrals, because both the FQDN and the 128-bit ULID 270 work as handles for the applications. However, using a single 128- 271 bit ULID doesn't provide seamless communication when that locator is 272 unreachable. See [23] for further discussion of the application 273 implications. 275 There has been some discussion of using non-routable addresses, such 276 as Unique-Local Addresses (ULAs) [19], as ULIDs in a multihoming 277 solution. While this document doesn't specify all aspects of this, 278 it is believed that the approach can be extended to handle the non- 279 routable address case.. For example, the protocol already needs to 280 handle ULIDs that are not initially reachable. Thus the same 281 mechanism can handle ULIDs that are permanently unreachable from 282 outside their site. The issue becomes how to make the protocol 283 perform well when the ULID is known a priori to be not reachable 284 (e.g., the ULID is a ULA), for instance, avoiding any timeout and 285 retries in this case. In addition one would need to understand how 286 the ULAs would be entered in the DNS to avoid a performance impact on 287 existing, non-shim6 aware, IPv6 hosts potentially trying to 288 communicate to the (unreachable) ULA. 290 1.4. IP Multicast 292 IP Multicast requires that the IP source address field contain a 293 topologically correct locator for interface that is used to send the 294 packet, since IP multicast routing uses both the source address and 295 the destination group to determine where to forward the packet. In 296 particular, it need to be able to do the RPF check. (This isn't much 297 different than the situation with widely implemented ingress 298 filtering [11] for unicast.) 300 While in theory it would be possible to apply the shim re-mapping of 301 the IP address fields between ULIDs and locators, the fact that all 302 the multicast receivers would need to know the mapping to perform, 303 makes such an approach difficult in practice. Thus it makes sense to 304 have multicast ULPs operate directly on locators and not use the 305 shim. This is quite a natural fit for protocols which use RTP [15], 306 since RTP already has an explicit identifier in the form of the SSRC 307 field in the RTP headers. Thus the actual IP address fields are not 308 important to the application. 310 In summary, IP multicast will not need the shim to remap the IP 311 addresses. 313 This doesn't prevent the receiver of multicast to change its 314 locators, since the receiver is not explicitly identified; the 315 destination address is a multicast address and not the unicast 316 locator of the receiver. 318 1.5. Renumbering Implications 320 As stated above, this approach does not try to make communication 321 survive renumbering in the general case. 323 When a host is renumbered, the effect is that one or more locators 324 become invalid, and zero or more locators are added to the host's 325 network interface. This means that the set of locators that is used 326 in the shim will change, which the shim can handle as long as not all 327 the original locators become invalid at the same time and depending 328 on the time that is required to update the DNS and for those updates 329 to propagate. 331 But IP addresses are also used as ULID, and making the communication 332 survive locators becoming invalid can potentially cause some 333 confusion at the upper layers. The fact that a ULID might be used 334 with a different locator over time open up the possibility that 335 communication between two ULIDs might continue to work after one or 336 both of those ULIDs are no longer reachable as locators, for example 337 due to a renumbering event. This opens up the possibility that the 338 ULID (or at least the prefix on which it is based) is reassigned to 339 another site while it is still being used (with another locator) for 340 existing communication. 342 In the worst case we could end up with two separate hosts using the 343 same ULID while both of them are communicating with the same host. 345 This potential source for confusion is avoided requiring that any 346 communication using a ULID MUST be terminated when the ULID becomes 347 invalid (due to the underlying prefix becoming invalid). This 348 behaviour can be accomplished by explicitly discarding the shim state 349 when the ULID becomes invalid. The context recovery mechanism will 350 then make the peer aware that the context is gone, and that the ULID 351 is no longer present at the same locator(s). 353 1.6. Placement of the shim 355 ----------------------- 356 | Transport Protocols | 357 ----------------------- 359 ------ ------- -------------- ------------- IP endpoint 360 | AH | | ESP | | Frag/reass | | Dest opts | sub-layer 361 ------ ------- -------------- ------------- 363 --------------------- 364 | shim6 shim layer | 365 --------------------- 367 ------ IP routing 368 | IP | sub-layer 369 ------ 371 Figure 1: Protocol stack 373 The proposal uses a multihoming shim layer within the IP layer, i.e., 374 below the ULPs, as shown in Figure 1, in order to provide ULP 375 independence. The multihoming shim layer behaves as if it is 376 associated with an extension header, which would be placed after any 377 routing-related headers in the packet (such as any hop-by-hop 378 options, or routing header). However, when the locator pair is the 379 ULID pair there is no data that needs to be carried in an extension 380 header, thus none is needed in that case. 382 Layering AH and ESP above the multihoming shim means that IPsec can 383 be made to be unaware of locator changes the same way that transport 384 protocols can be unaware. Thus the IPsec security associations 385 remain stable even though the locators are changing. This means that 386 the IP addresses specified in the selectors should be the ULIDs. 388 Layering the fragmentation header above the multihoming shim makes 389 reassembly robust in the case that there is broken multi-path routing 390 which results in using different paths, hence potentially different 391 source locators, for different fragments. Thus, effectively the 392 multihoming shim layer is placed between the IP endpoint sublayer, 393 which handles fragmentation, reassembly, and IPsec, and the IP 394 routing sublayer, which selects which next hop and interface to use 395 for sending out packets. 397 Applications and upper layer protocols use ULIDs which the shim6 398 layer map to/from different locators. The shim6 layer maintains 399 state, called ULID-pair context, per ULID pairs (that is, applies to 400 all ULP connections between the ULID pair) in order to perform this 401 mapping. The mapping is performed consistently at the sender and the 402 receiver so that ULPs see packets that appear to be sent using ULIDs 403 from end to end. This property is maintained even though the packets 404 travel through the network containing locators in the IP address 405 fields, and even though those locators may be changed by the 406 transmitting shim6 layer. . 408 The context state is maintained per remote ULID i.e. approximately 409 per peer host, and not at any finer granularity. In particular, it 410 is independent of the ULPs and any ULP connections. However, the 411 forking capability enables shim-aware ULPs to use more than one 412 locator pair at a time for an single ULID pair. 414 ---------------------------- ---------------------------- 415 | Sender A | | Receiver B | 416 | | | | 417 | ULP | | ULP | 418 | | src ULID(A)=L1(A) | | ^ | 419 | | dst ULID(B)=L1(B) | | | src ULID(A)=L1(A) | 420 | v | | | dst ULID(B)=L1(B) | 421 | multihoming shim | | multihoming shim | 422 | | src L2(A) | | ^ | 423 | | dst L3(B) | | | src L2(A) | 424 | v | | | dst L3(B) | 425 | IP | | IP | 426 ---------------------------- ---------------------------- 427 | ^ 428 ------- cloud with some routers ------- 430 Figure 2: Mapping with changed locators 432 The result of this consistent mapping is that there is no impact on 433 the ULPs. In particular, there is no impact on pseudo-header 434 checksums and connection identification. 436 Conceptually, one could view this approach as if both ULIDs and 437 locators are being present in every packet, and with a header 438 compression mechanism applied that removes the need for the ULIDs to 439 be carried in the packets once the compression state has been 440 established. In order for the receiver to recreate a packet with the 441 correct ULIDs there is a need to include some "compression tag" in 442 the data packets. This serves to indicate the correct context to use 443 for decompression when the locator pair in the packet is insufficient 444 to uniquely identify the context. 446 1.7. Traffic Engineering 448 At the time of this writing it is not clear what requirements for 449 traffic engineering make sense for the shim6 protocol, since the 450 requirements must both result in some useful behavior as well as be 451 implementable using a host-to-host locator agility mechanism like 452 shim6. 454 Inherent in a scalable multihoming mechanism that separates locators 455 from identifiers is that each host ends up with multiple locators. 456 This means that at least for initial contact, it is the remote peer 457 that needs to select which peer locator to try first. In the case of 458 shim6 this is performed by applying RFC 3484 address selection. 460 This is quite different than the common case of IPv4 multihoming 461 where the site has a single IP address prefix, since in that case the 462 peer performs no destination address selection. 464 Thus in "single prefix multihoming" the site, and in many cases its 465 upstream ISPs, can use BGP to exert some control of the ingress path 466 used to reach the site. This capability can't easily be recreated in 467 "multiple prefix multihoming" such as shim6. 469 The protocol provides a placeholder, in the form of the Locator 470 Preferences option, which can be used by hosts to express priority 471 and weight values for each locator. This is intentionally made 472 identical to the DNS SRV [10] specification of priority and weight, 473 so that DNS SRV records can be used for initial contact and the shim 474 for failover, and they can use the same way to describe the 475 preferences. But the Locator Preference option is merely a place 476 holder when it comes to providing traffic engineering; in order to 477 use this in a large site there would have to be a mechanism by which 478 the host can find out what preference values to use, either 479 statically (e.g., some new DHCPv6 option) or dynamically. 481 Thus traffic engineering is listed as a possible extension in 482 Appendix A. 484 2. Terminology 486 This document uses the terms MUST, SHOULD, RECOMMENDED, MAY, SHOULD 487 NOT and MUST NOT defined in RFC 2119 [1]. The terms defined in RFC 488 2460 [2] are also used. 490 2.1. Definitions 492 This document introduces the following terms: 494 upper layer protocol (ULP) 495 A protocol layer immediately above IP. Examples 496 are transport protocols such as TCP and UDP, 497 control protocols such as ICMP, routing protocols 498 such as OSPF, and internet or lower-layer 499 protocols being "tunneled" over (i.e., 500 encapsulated in) IP such as IPX, AppleTalk, or IP 501 itself. 503 interface A node's attachment to a link. 505 address An IP layer name that contains both topological 506 significance and acts as a unique identifier for 507 an interface. 128 bits. This document only uses 508 the "address" term in the case where it isn't 509 specific whether it is a locator or an 510 identifier. 512 locator An IP layer topological name for an interface or 513 a set of interfaces. 128 bits. The locators are 514 carried in the IP address fields as the packets 515 traverse the network. 517 identifier An IP layer name for an IP layer endpoint. The 518 transport endpoint name is a function of the 519 transport protocol and would typically include 520 the IP identifier plus a port number. 521 NOTE: This proposal does not specify any new form 522 of IP layer identifier, but still separates the 523 identifying and locating properties of the IP 524 addresses. 526 upper-layer identifier (ULID) 527 An IP address which has been selected for 528 communication with a peer to be used by the upper 529 layer protocol. 128 bits. This is used for 530 pseudo-header checksum computation and connection 531 identification in the ULP. Different sets of 532 communication to a host (e.g., different 533 connections) might use different ULIDs in order 534 to enable load spreading. 536 Since the ULID is just one of the IP locators/ 537 addresses of the node, there is no need for a 538 separate name space and allocation mechanisms. 540 address field The source and destination address fields in the 541 IPv6 header. As IPv6 is currently specified this 542 fields carry "addresses". If identifiers and 543 locators are separated these fields will contain 544 locators for packets on the wire. 546 FQDN Fully Qualified Domain Name 548 ULID-pair context The state that the multihoming shim maintains 549 between a pair of Upper-layer identifiers. The 550 context is identified by a context tag for each 551 direction of the communication, and also 552 identified by the pair of ULID and a Forked 553 Instance Identifier (see below). 555 Context tag Each end of the context allocates a context tag 556 for the context. This is used to uniquely 557 associate both received control packets and 558 payload extension headers as belonging to the 559 context. 561 Current locator pair 562 Each end of the context has a current locator 563 pair which is used to send packets to the peer. 564 The two ends might use different current locator 565 pairs though. 567 Default context At the sending end, the shim uses the ULID pair 568 (passed down from the ULP) to find the context 569 for that pair. Thus, normally, a host can have 570 at most one context for a ULID pair. We call 571 this the "default context". 573 Context forking A mechanism which allows ULPs that are aware of 574 multiple locators to use separate contexts for 575 the same ULID pair, in order to be able use 576 different locator pairs for different 577 communication to the same ULID. Context forking 578 causes more than just the default context to be 579 created for a ULID pair. 581 Forked Instance Identifier (FII) 582 In order to handle context forking, a context is 583 identified by a ULID-pair and a forked context 584 identifier. The default context has a FII of 585 zero. 587 Initial contact We use this term to refer to the pre-shim 588 communication when some ULP decides to start 589 communicating with a peer by sending and 590 receiving ULP packets. Typically this would not 591 invoke any operations in the shim, since the shim 592 can defer the context establishment until some 593 arbitrary later point in time. 595 Hash Based Addresses (HBA) 596 A form of IPv6 address where the interface ID is 597 derived from a cryptographic hash of all the 598 prefixes assigned to the host. See [8]. 600 Cryptographically Generated Addresses (CGA) 601 A form of IPv6 address where the interface ID is 602 derived from a cryptographic hash of the public 603 key. See [6]. 605 CGA Parameter Data Structure (PDS) 606 The information that CGA and HBA exchanges in 607 order to inform the peer of how the interface ID 608 was computed. See [6]., [8]. 610 2.2. Notational Conventions 612 A, B, and C are hosts. X is a potentially malicious host. 614 FQDN(A) is the Fully qualified Domain Name for A. 616 Ls(A) is the locator set for A, which consists of the locators L1(A), 617 L2(A), ... Ln(A). The locator set in not ordered in any particular 618 way other than maybe what is returned by the DNS. 620 ULID(A) is an upper-layer ID for A. In this proposal, ULID(A) is 621 always one member of A's locator set. 623 CT(X) is a context tag assigned by X. 625 This document also makes use of internal conceptual variables to 626 describe protocol behavior and external variables that an 627 implementation must allow system administrators to change. The 628 specific variable names, how their values change, and how their 629 settings influence protocol behavior are provided to demonstrate 630 protocol behavior. An implementation is not required to have them in 631 the exact form described here, so long as its external behavior is 632 consistent with that described in this document. See Section 6 for a 633 description of the conceptual data structures. 635 3. Assumptions 637 The design intent is to ensure that the shim6 protocol is capable of 638 handling path failures independently of the number of IP addresses 639 (locators) available to the two communicating hosts, and 640 independently of which host detects the failure condition. 642 Consider, for example, the case in which both A and B have active 643 shim6 state and where A has only one locator while B has multiple 644 locators. In this case, it might be that B is trying to send a 645 packet to A, and has detected a failure condition with the current 646 locator pair. Since B has multiple locators it presumably has 647 multiple ISPs, and consequently likely has alternate egress paths 648 toward A. However, B cannot vary the destination address (i.e., A's 649 locator), since A has only one locator. 651 The above scenario leads to the assumption that a host should be able 652 to cause different egress paths from its site to be used. The most 653 reasonable approach to accomplish this is to have the host use 654 different source addresses and have the source address affect the 655 selection of the site egress. The details of how this can be 656 accomplished is beyond the scope of this document, but without this 657 capability the ability of the shim to try different "paths" by trying 658 different locator pairs will have limited utility. 660 The above assumption applies whether or not the ISPs perform ingress 661 filtering. 663 In addition, when the site's ISPs perform ingress filtering based on 664 packet source addresses, shim6 assumes that packets sent with 665 different source and destination combinations have a reasonable 666 chance of making it through the relevant ISP's ingress filters. This 667 can be accomplished in several ways (all outside the scope of this 668 document), such as having the ISPs relax there ingress filters, or 669 selecting the egress such that it matches the IP source address 670 prefix. 672 Further discussion of this issue is captured in [21]. 674 The shim6 approach assumes that there are no IPv6-to-IPv6 NATs on the 675 paths, i.e., that the two ends can exchange their own notion of their 676 IPv6 addresses and that those addresses will also make sense to their 677 peer. 679 4. Protocol Overview 681 The shim6 protocol operates in several phases over time. The 682 following sequence illustrates the concepts: 684 o An application on host A decides to contact an application on host 685 B using some upper-layer protocol. This results in the ULP on 686 host A sending packets to host B. We call this the initial 687 contact. Assuming the IP addresses selected by Default Address 688 Selection [13] and its extensions [14] work, then there is no 689 action by the shim at this point in time. Any shim context 690 establishment can be deferred until later. 692 o Some heuristic on A or B (or both) determine that it is 693 appropriate to pay the shim6 overhead to make this host-to-host 694 communication robust against locator failures. For instance, this 695 heuristic might be that more than 50 packets have been sent or 696 received, or a timer expiration while active packet exchange is in 697 place. This makes the shim initiate the 4-way context 698 establishment exchange. 700 As a result of this exchange, both A and B will know a list of 701 locators for each other. 703 If the context establishment exchange fails, the initiator will 704 then know that the other end does not support shim6, and will 705 continue with standard unicast behavior for the session. 707 o Communication continues without any change for the ULP packets. 708 In particular, there are no shim extension headers added to the 709 ULP packets, since the ULID pair is the same as the locator pair. 710 In addition, there might be some messages exchanged between the 711 shim sub-layers for (un)reachability detection. 713 o At some point in time something fails. Depending on the approach 714 to reachability detection, there might be some advice from the 715 ULP, or the shim (un)reachability detection might discover that 716 there is a problem. 718 At this point in time one or both ends of the communication need 719 to probe the different alternate locator pairs until a working 720 pair is found, and switch to using that locator pair. 722 o Once a working alternative locator pair has been found, the shim 723 will rewrite the packets on transmit, and tag the packets with 724 shim6 Payload extension header, which contains the receiver's 725 context tag. The receiver will use the context tag to find the 726 context state which will indicate which addresses to place in the 727 IPv6 header before passing the packet up to the ULP. The result 728 is that from the perspective of the ULP the packet passes 729 unmodified end-to-end, even though the IP routing infrastructure 730 sends the packet to a different locator. 732 o The shim (un)reachability detection will monitor the new locator 733 pair as it monitored the original locator pair, so that subsequent 734 failures can be detected. 736 o In addition to failures detected based on end-to-end observations, 737 one endpoint might know for certain that one or more of its 738 locators is not working. For instance, the network interface 739 might have failed or gone down (at layer 2), or an IPv6 address 740 might have become deprecated or invalid. In such cases the host 741 can signal its peer that this address is no longer recommended to 742 try. This triggers something similar to a failure handling and a 743 new working locator pair must be found. 745 The protocol also has the ability to express other forms of 746 locator preferences. A change in any preferences can be signaled 747 to the peer, which will have made the peer record the new 748 preferences. A change in the preferences might optionally make 749 the peer want to use a different locator pair. In this case, the 750 peer follows the same locator switching procedure as after a 751 failure (by verifying that its peer is indeed present at the 752 alternate locator, etc). 754 o When the shim thinks that the context state is no longer used, it 755 can garbage collect the state; there is no coordination necessary 756 with the peer host before the state is removed. There is a 757 recovery message defined to be able to signal when there is no 758 context state, which can be used to detect and recover from both 759 premature garbage collection, as well as complete state loss 760 (crash and reboot) of a peer. 762 The exact mechanism to determine when the context state is no 763 longer used is implementation dependent. For example, an 764 implementation might use the existence of ULP state (where known 765 to the implementation) as an indication that the state is still 766 used, combined with a timer (to handle ULP state that might not be 767 known to the shim sub-layer) to determine when the state is likely 768 to no longer be used. 770 NOTE: The ULP packets in shim6 can be carried completely unmodified 771 as long as the ULID pair is used as the locator pair. After a switch 772 to a different locator pair the packets are "tagged" with a shim6 773 extension header, so that the receiver can always determine the 774 context to which they belong. This is accomplished by including an 775 8-octet shim6 Payload Extension header before the (extension) headers 776 that are processed by the IP endpoint sublayer and ULPs. If 777 subsequently the original ULIDs are selected as the active locator 778 pair then the tagging of packets with the shim6 extension header is 779 no longer necesary. 781 4.1. Context Tags 783 A context between two hosts is actually a context between two ULIDs. 784 The context is identified by a pair of context tags. Each end gets 785 to allocate a context tag, and once the context is established, most 786 shim6 control messages contain the context tag that the receiver of 787 the message allocated. Thus at a minimum the combination of have to uniquely identify one 789 context. But since the Payload extension headers are demultiplexed 790 without looking at the locators in the packet, the receiver will need 791 to allocate context tags that are unique for all its contexts. The 792 context tag is a 47-bit number (the largest which can fit in an 793 8-octet extension header). 795 The mechanism for detecting a loss of context state at the peer 796 assumes that the receiver can tell the packets that need locator 797 rewriting, even after it has lost all state (e.g., due to a crash 798 followed by a reboot). This is achieved because after a rehoming 799 event the packets that need receive-side rewriting, carry the Payload 800 extension header. 802 4.2. Context Forking 804 It has been asserted that it will be important for future ULPs, in 805 particular, future transport protocols, to be able to control which 806 locator pairs are used for different communication. For instance, 807 host A and host B might communicate using both VoIP traffic and ftp 808 traffic, and those communications might benefit from using different 809 locator pairs. However, the basic shim6 mechanism uses a single 810 current locator pair for each context, thus a single context cannot 811 accomplish this. 813 For this reason, the shim6 protocol supports the notion of context 814 forking. This is a mechanism by which a ULP can specify (using some 815 API not yet defined) that a context for e.g., the ULID pair 816 should be forked into two contexts. In this case the forked-off 817 context will be assigned a non-zero Forked Instance Identifier, while 818 the default context has FII zero. 820 The Forked Instance Identifier (FII) is a 32-bit identifier which has 821 no semantics in the protocol other then being part of the tuple which 822 identifies the context. For example, a host migth allocate FIIs as 823 sequential numbers for any given ULID pair. 825 No other special considerations are needed in the shim6 protocol to 826 handle forked contexts. 828 Note that forking as specified does NOT allow A to be able to tell B 829 that certain traffic (a 5-tuple?) should be forked for the reverse 830 direction. The shim6 forking mechanism as specified applies only to 831 the sending of ULP packets. If some ULP wants to fork for both 832 directions, it is up to the ULP to set this up, and then instruct the 833 shim at each end to transmit using the forked context. 835 4.3. API Extensions 837 Several API extensions have been discussed for shim6, but their 838 actual specification is out of scope for this document. The simplest 839 one would be to add a socket option to be able to have traffic bypass 840 the shim (not create any state, and not use any state created by 841 other traffic). This could be an IPV6_DONTSHIM socket option. Such 842 an option would be useful for protocols, such as DNS, where the 843 application has its own failover mechanism (multiple NS records in 844 the case of DNS) and using the shim could potentially add extra 845 latency with no added benefits. 847 Some other API extensions are discussed in Appendix A 849 4.4. Securing shim6 851 The mechanisms are secured using a combination of techniques: 853 o The HBA technique [8] for verifying the locators to prevent an 854 attacker from redirecting the packet stream to somewhere else. 856 o Requiring a Reachability Probe+Reply /defined in [9]) before a new 857 locator is used as the destination, in order to prevent 3rd party 858 flooding attacks. 860 o The first message does not create any state on the responder. 861 Essentially a 3-way exchange is required before the responder 862 creates any state. This means that a state-based DoS attack 863 (trying to use up all of memory on the responder) at least 864 provides an IPv6 address that the attacker was using. 866 o The context establishment messages use nonces to prevent replay 867 attacks, and to prevent off-path attackers from interfering with 868 the establishment. 870 o Every control message of the shim6 protocol, past the context 871 establishment, carry the context tag assigned to the particular 872 context. This implies that an attacker needs to discover that 873 context tag before being able to spoof any shim6 control message. 874 Such discovery probably requires to be along the path in order to 875 be sniff the context tag value. The result is that through this 876 technique, the shim6 protocol is protected against off-path 877 attackers. 879 4.5. Overview of Shim Control Messages 881 The shim6 context establishment is accomplished using four messages; 882 I1, R1, I2, R2. Normally they are sent in that order from initiator 883 and responder, respectively. Should both ends attempt to set up 884 context state at the same time (for the same ULID pair), then their 885 I1 messages might cross in flight, and result in an immediate R2 886 message. [The names of these messages are borrowed from HIP [26].] 888 R1bis and I2bis messages are defined, which are used to recover a 889 context after it has been lost. A R1bis message is sent when a shim6 890 control or Payload extension header arrives and there is no matching 891 context state at the receiver. When such a message is received, it 892 will result in the re-creation of the shim6 context using the I2bis 893 and R2 messages. 895 The peers' lists of locators are normally exchanged as part of the 896 context establishment exchange. But the set of locators might be 897 dynamic. For this reason there is a Update Request and Update 898 Acknowledgement messages, and a Locator List option. 900 Even when the list of locators is fixed, a host might determine that 901 some preferences might have changed. For instance, it might 902 determine that there is a locally visible failure that implies that 903 some locator(s) are no longer usable. This uses a Locator 904 Preferences option in the Update Request message. 906 The mechanism for (un)reachability detection is called Forced 907 Bidirectional Communication (FBD). FBD uses a Keepalive message 908 which is sent when a host has received packets from its peer but has 909 not yet sent any packets from its ULP to the peer. The message type 910 is reserved in this document, but the message format and processing 911 rules are specified in [9]. 913 In addition, when the context is established and there is a 914 subsequent failure there needs to be a way to probe the set of 915 locator pairs to efficiently find a working pair. This document 916 reserves a Probe message type, with the packet format and processing 917 rules specified in [9]. 919 The above probe and keepalive messages assume we have an established 920 ULID-pair context. However, communication might fail during the 921 initial contact (that is, when the application or transport protocol 922 is trying to setup some communication). This is handled using the 923 mechanisms in the ULP to try different address pairs as specified in 924 [13] [14]. In the future versions of the protocol, and with a richer 925 API between the ULP and the shim, the shim might be help optimize 926 discovering a working locator pair during initial contact. This is 927 for further study. 929 4.6. Extension Header Order 931 Since the shim is placed between the IP endpoint sub-layer and the IP 932 routing sub-layer, the shim header will be placed before any endpoint 933 extension headers (fragmentation headers, destination options header, 934 AH, ESP), but after any routing related headers (hop-by-hop 935 extensions header, routing header, a destinations options header 936 which precedes a routing header). When tunneling is used, whether 937 IP-in-IP tunneling or the special form of tunneling that Mobile IPv6 938 uses (with Home Address Options and Routing header type 2), there is 939 a choice whether the shim applies inside the tunnel or outside the 940 tunnel, which affects the location of the shim6 header. 942 In most cases IP-in-IP tunnels are used as a routing technique, thus 943 it makes sense to apply them on the locators which means that the 944 sender would insert the shim6 header after any IP-in-IP 945 encapsulation; this is what occurs naturally when routers apply IP- 946 in-IP encapsulation. Thus the packets would have: 948 o Outer IP header 950 o Inner IP header 952 o Shim6 extension header (if needed) 954 o ULP 956 But the shim can also be used to create "shimmed tunnels" i.e., where 957 an IP-in-IP tunnel uses the shim to be able to switch the tunnel 958 endpoint addresses between different locators. In such a case the 959 packets would have: 961 o Outer IP header 963 o Shim6 extension header (if needed) 965 o Inner IP header 967 o ULP 969 In any case, the receiver behavior is well-defined; a receiver 970 processes the extension headers in order. However, the precise 971 interaction between Mobile IPv6 and shim6 is for further study, but 972 it might make sense to have Mobile IPv6 operate on locators as well, 973 meaning that the shim would be layered on top of the MIPv6 mechanism. 975 5. Message Formats 977 The shim6 messages are all carried using a new IP protocol number [to 978 be assigned by IANA]. The shim6 messages have a common header, 979 defined below, with some fixed fields, followed by type specific 980 fields. 982 The shim6 messages are structured as an IPv6 extension header since 983 the Payload extension header is used to carry the ULP packets after a 984 locator switch. The shim6 control messages use the same extension 985 header formats so that a single "protocol number" needs to be allowed 986 through firewalls in order for shim6 to function across the firewall. 988 5.1. Common shim6 Message Format 990 The first 17 bits of the shim6 header is common for the Payload 991 extension header and the control messages and looks as follows: 993 0 1 994 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 995 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 996 | Next Header | Hdr Ext Len |P| 997 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 999 Fields: 1001 Next Header: The payload which follows this header. 1003 Hdr Ext Len: 8-bit unsigned integer. Length of the shim6 header in 1004 8-octet units, not including the first 8 octets. 1006 P: A single bit to distinguish Payload extension headers 1007 from control messages. 1009 5.2. Payload Extension Header Format 1011 The payload extension headers is used to carry ULP packets where the 1012 receiver must replace the content of the source and/or destination 1013 fields in the IPv6 header before passing the packet to the ULP. Thus 1014 this extension header is required when the locators pair that is used 1015 is not the same as the ULID pair. 1017 0 1 2 3 1018 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1019 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1020 | Next Header | 0 |1| | 1021 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1022 | Receiver Context Tag | 1023 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1025 Fields: 1027 Next Header: The payload which follows this header. 1029 Hdr Ext Len: 0 (since the header is 8 octets). 1031 P: Set to one. A single bit to distinguish this from the 1032 shim6 control messages. 1034 Receiver Context Tag: 47-bit unsigned integer. Allocated by the 1035 receiver for use to identify the context. 1037 5.3. Common Shim6 Control header 1039 The common part of the header has a next header and header extension 1040 length field which is consistent with the other IPv6 extension 1041 headers, even if the next header value is always "NO NEXT HEADER" for 1042 the control messages; only the payload extension header use the Next 1043 Header field. 1045 The shim6 headers must be a multiple of 8 octets, hence the minimum 1046 size is 8 octets. 1048 The common shim control message header is as follows: 1050 0 1 2 3 1051 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1052 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1053 | Next Header | Hdr Ext Len |0| Type |Type-specific|0| 1054 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1055 | Checksum | | 1056 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1057 | Type-specific format | 1058 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1060 Fields: 1062 Next Header: 8-bit selector. Normally set to NO_NXT_HDR (59). 1064 Hdr Ext Len: 8-bit unsigned integer. Length of the shim6 header in 1065 8-octet units, not including the first 8 octets. 1067 P: Set to zero. A single bit to distinguish this from 1068 the shim6 payload extension header. 1070 Type: 7-bit unsigned integer. Identifies the actual message 1071 from the table below. Type codes 0-63 will not 1072 trigger R1bis messages on a missing context, while 64- 1073 127 will trigger R1bis. 1075 0: A single bit (set to zero) which allows shim6 and HIP 1076 to have a common header format yet telling shim6 and 1077 HIP messages apart. 1079 Checksum: 16-bit unsigned integer. The checksum is the 16-bit 1080 one's complement of the one's complement sum of the 1081 entire shim6 header message starting with the shim6 1082 next header field, and ending as indicated by the Hdr 1083 Ext Len. Thus when there is a payload following the 1084 shim6 header, the payload is NOT included in the shim6 1085 checksum. Note that unlike protocol like ICMPv6, 1086 there is no pseudo-header checksum part of the 1087 checksum, in order to provide locator agility without 1088 having to change the checksum. 1090 Type-specific: Part of message that is different for different 1091 message types. 1093 +------------+-----------------------------------------------------+ 1094 | Type Value | Message | 1095 +------------+-----------------------------------------------------+ 1096 | 1 | I1 (first establishment message from the initiator) | 1097 | | | 1098 | 2 | R1 (first establishment message from the responder) | 1099 | | | 1100 | 3 | I2 (2nd establishment message from the initiator) | 1101 | | | 1102 | 4 | R2 (2nd establishment message from the responder) | 1103 | | | 1104 | 5 | R1bis (Reply to reference to non-existent context) | 1105 | | | 1106 | 6 | I2bis (Reply to a R1bis message) | 1107 | | | 1108 | 64 | Update Request | 1109 | | | 1110 | 65 | Update Acknowledgement | 1111 | | | 1112 | 66 | Keepalive | 1113 | | | 1114 | 67 | Probe Message | 1115 +------------+-----------------------------------------------------+ 1117 Table 1 1119 5.4. I1 Message Format 1121 The I1 message is the first message in the context establishment 1122 exchange. 1124 0 1 2 3 1125 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1126 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1127 | 59 | Hdr Ext Len |0| Type = 1 | Reserved1 |0| 1128 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1129 | Checksum |R| | 1130 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1131 | Initiator Context Tag | 1132 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1133 | Initiator Nonce | 1134 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1135 | | 1136 + Options + 1137 | | 1138 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1140 Fields: 1142 Next Header: NO_NXT_HDR (59). 1144 Hdr Ext Len: At least 1, since the header is 16 octets when there 1145 are no options. 1147 Type: 1 1149 Reserved1: 7-bit field. Reserved for future use. Zero on 1150 transmit. MUST be ignored on receipt. 1152 R: 1-bit field. Reserved for future use. Zero on 1153 transmit. MUST be ignored on receipt. 1155 Initiator Context Tag: 47-bit field. The Context Tag the initiator 1156 has allocated for the context. 1158 Initiator Nonce: 32-bit unsigned integer. A random number picked by 1159 the initiator which the responder will return in the 1160 R1 message. 1162 The following options are defined for this message: 1164 ULID pair: When the IPv6 source and destination addresses in the 1165 IPv6 header does not match the ULID pair, this option 1166 MUST be included. An example of this is when 1167 recovering from a lost context. 1169 Forked Instance Identifier: When another instance of an existent 1170 context with the same ULID pair is being created, a 1171 Forked Instance Identifier option is included to 1172 distinguish this new instance from the existent one. 1174 Future protocol extensions might define additional options for this 1175 message. The C-bit in the option format defines how such a new 1176 option will be handled by an implementation. See Section 5.14. 1178 5.5. R1 Message Format 1180 The R1 message is the second message in the context establishment 1181 exchange. The responder sends this in response to an I1 message, 1182 without creating any state specific to the initiator. 1184 0 1 2 3 1185 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1186 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1187 | 59 | Hdr Ext Len |0| Type = 2 | Reserved1 |0| 1188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1189 | Checksum | Reserved2 | 1190 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1191 | Initiator Nonce | 1192 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1193 | Responder Nonce | 1194 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1195 | | 1196 + Options + 1197 | | 1198 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1200 Fields: 1202 Next Header: NO_NXT_HDR (59). 1204 Hdr Ext Len: At least 1, since the header is 16 octets when there 1205 are no options. 1207 Type: 2 1208 Reserved1: 7-bit field. Reserved for future use. Zero on 1209 transmit. MUST be ignored on receipt. 1211 Reserved2: 16-bit field. Reserved for future use. Zero on 1212 transmit. MUST be ignored on receipt. 1214 Initiator Nonce: 32-bit unsigned integer. Copied from the I1 1215 message. 1217 Responder Nonce: 32-bit unsigned integer. A number picked by the 1218 responder which the initiator will return in the I2 1219 message. 1221 The following options are defined for this message: 1223 Responder Validator: Variable length option. Typically a hash 1224 generated by the responder, which the responder uses 1225 together with the Responder Nonce value to verify that 1226 an I2 message is indeed sent in response to a R1 1227 message, and that the parameters in the I2 message are 1228 the same as those in the I1 message. 1230 Future protocol extensions might define additional options for this 1231 message. The C-bit in the option format defines how such a new 1232 option will be handled by an implementation. See Section 5.14. 1234 5.6. I2 Message Format 1236 The I2 message is the third message in the context establishment 1237 exchange. The initiator sends this in response to a R1 message, 1238 after checking the Initiator Nonce, etc. 1240 0 1 2 3 1241 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1242 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1243 | 59 | Hdr Ext Len |0| Type = 3 | Reserved1 |0| 1244 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1245 | Checksum |R| | 1246 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1247 | Initiator Context Tag | 1248 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1249 | Initiator Nonce | 1250 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1251 | Responder Nonce | 1252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1253 | Reserved2 | 1254 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1255 | | 1256 + Options + 1257 | | 1258 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1260 Fields: 1262 Next Header: NO_NXT_HDR (59). 1264 Hdr Ext Len: At least 2, since the header is 24 octets when there 1265 are no options. 1267 Type: 3 1269 Reserved1: 7-bit field. Reserved for future use. Zero on 1270 transmit. MUST be ignored on receipt. 1272 R: 1-bit field. Reserved for future use. Zero on 1273 transmit. MUST be ignored on receipt. 1275 Initiator Context Tag: 47-bit field. The Context Tag the initiator 1276 has allocated for the context. 1278 Initiator Nonce: 32-bit unsigned integer. A random number picked by 1279 the initiator which the responder will return in the 1280 R2 message. 1282 Responder Nonce: 32-bit unsigned integer. Copied from the R1 1283 message. 1285 Reserved2: 32-bit field. Reserved for future use. Zero on 1286 transmit. MUST be ignored on receipt. (Needed to 1287 make the options start on a multiple of 8 octet 1288 boundary.) 1290 The following options are defined for this message: 1292 Responder Validator: Variable length option. Just a copy of the 1293 Responder Validator option in the R1 message. 1295 ULID pair: When the IPv6 source and destination addresses in the 1296 IPv6 header does not match the ULID pair, this option 1297 MUST be included. An example of this is when 1298 recovering from a lost context. 1300 Forked Instance Identifier: When another instance of an existent 1301 context with the same ULID pair is being created, a 1302 Forked Instance Identifier option is included to 1303 distinguish this new instance from the existent one. 1305 Locator list: Optionally sent when the initiator immediately wants 1306 to tell the responder its list of locators. When it 1307 is sent, the necessary HBA/CGA information for 1308 verifying the locator list MUST also be included. 1310 Locator Preferences: Optionally sent when the locators don't all have 1311 equal preference. 1313 CGA Parameter Data Structure: Included when the locator list is 1314 included so the receiver can verify the locator list. 1316 CGA Signature: Included when the some of the locators in the list use 1317 CGA (and not HBA) for verification. 1319 Future protocol extensions might define additional options for this 1320 message. The C-bit in the option format defines how such a new 1321 option will be handled by an implementation. See Section 5.14. 1323 5.7. R2 Message Format 1325 The R2 message is the fourth message in the context establishment 1326 exchange. The responder sends this in response to an I2 message. 1327 The R2 message is also used when both hosts send I1 messages at the 1328 same time and the I1 messages cross in flight. 1330 0 1 2 3 1331 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1332 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1333 | 59 | Hdr Ext Len |0| Type = 4 | Reserved1 |0| 1334 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1335 | Checksum |R| | 1336 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1337 | Responder Context Tag | 1338 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1339 | Initiator Nonce | 1340 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1341 | | 1342 + Options + 1343 | | 1344 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1346 Fields: 1348 Next Header: NO_NXT_HDR (59). 1350 Hdr Ext Len: At least 1, since the header is 16 octets when there 1351 are no options. 1353 Type: 4 1355 Reserved1: 7-bit field. Reserved for future use. Zero on 1356 transmit. MUST be ignored on receipt. 1358 R: 1-bit field. Reserved for future use. Zero on 1359 transmit. MUST be ignored on receipt. 1361 Responder Context Tag: 47-bit field. The Context Tag the responder 1362 has allocated for the context. 1364 Initiator Nonce: 32-bit unsigned integer. Copied from the I2 1365 message. 1367 The following options are defined for this message: 1369 Locator List: Optionally sent when the responder immediately wants 1370 to tell the initiator its list of locators. When it 1371 is sent, the necessary HBA/CGA information for 1372 verifying the locator list MUST also be included. 1374 Locator Preferences: Optionally sent when the locators don't all have 1375 equal preference. 1377 CGA Parameter Data Structure: Included when the locator list is 1378 included so the receiver can verify the locator list. 1380 CGA Signature: Included when the some of the locators in the list use 1381 CGA (and not HBA) for verification. 1383 Future protocol extensions might define additional options for this 1384 message. The C-bit in the option format defines how such a new 1385 option will be handled by an implementation. See Section 5.14. 1387 5.8. R1bis Message Format 1389 Should a host receive a packet with a shim Payload extension header 1390 or shim6 control message with type code 64-127 (such as an Update or 1391 Probe message), and the host does not have any context state for the 1392 received context tag, then it will generate a R1bis message. 1394 This message allows the sender of the packet referring to the non- 1395 existent context to re-establish the context with a reduced context 1396 establishment exchange. Upon the reception of the R1bis message, the 1397 receiver can proceed reestablishing the lost context by directly 1398 sending an I2bis message. 1400 0 1 2 3 1401 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1402 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1403 | 59 | Hdr Ext Len |0| Type = 5 | Reserved1 |0| 1404 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1405 | Checksum |R| | 1406 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1407 | Packet Context Tag | 1408 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1409 | Responder Nonce | 1410 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1411 | | 1412 + Options + 1413 | | 1414 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1416 Fields: 1418 Next Header: NO_NXT_HDR (59). 1420 Hdr Ext Len: At least 1, since the header is 16 octets when there 1421 are no options. 1423 Type: 5 1425 Reserved1: 7-bit field. Reserved for future use. Zero on 1426 transmit. MUST be ignored on receipt. 1428 R: 1-bit field. Reserved for future use. Zero on 1429 transmit. MUST be ignored on receipt. 1431 Packet Context Tag: 47-bit unsigned integer. The context tag 1432 contained in the received packet that triggered the 1433 generation of the R1bis message. 1435 Responder Nonce: 32-bit unsigned integer. A number picked by the 1436 responder which the initiator will return in the I2bis 1437 message. 1439 The following options are defined for this message: 1441 Responder Validator: Variable length option. Typically a hash 1442 generated by the responder, which the responder uses 1443 together with the Responder Nonce value to verify that 1444 an I2bis message is indeed sent in response to a R1bis 1445 message. 1447 Future protocol extensions might define additional options for this 1448 message. The C-bit in the option format defines how such a new 1449 option will be handled by an implementation. See Section 5.14. 1451 5.9. I2bis Message Format 1453 The I2bis message is the third message in the context recovery 1454 exchange. This is sent in response to a R1bis message, after 1455 checking that the R1bis message refers to an existing context, etc. 1457 0 1 2 3 1458 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1459 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1460 | 59 | Hdr Ext Len |0| Type = 6 | Reserved1 |0| 1461 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1462 | Checksum |R| | 1463 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1464 | Initiator Context Tag | 1465 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1466 | Initiator Nonce | 1467 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1468 | Responder Nonce | 1469 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1470 | Reserved2 | 1471 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1472 | | | 1473 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1474 | Packet Context Tag | 1475 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1476 | | 1477 + Options + 1478 | | 1479 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1481 Fields: 1483 Next Header: NO_NXT_HDR (59). 1485 Hdr Ext Len: At least 3, since the header is 32 octets when there 1486 are no options. 1488 Type: 6 1490 Reserved1: 7-bit field. Reserved for future use. Zero on 1491 transmit. MUST be ignored on receipt. 1493 R: 1-bit field. Reserved for future use. Zero on 1494 transmit. MUST be ignored on receipt. 1496 Initiator Context Tag: 47-bit field. The Context Tag the initiator 1497 has allocated for the context. 1499 Initiator Nonce: 32-bit unsigned integer. A random number picked by 1500 the initiator which the responder will return in the 1501 R2 message. 1503 Responder Nonce: 32-bit unsigned integer. Copied from the R1bis 1504 message. 1506 Reserved2: 49-bit field. Reserved for future use. Zero on 1507 transmit. MUST be ignored on receipt. (Note that 17 1508 bits are not sufficient since the options need start 1509 on a multiple of 8 octet boundary.) 1511 Packet Context Tag: 47-bit unsigned integer. Copied from the Packet 1512 Context Tag contained in the received R1bis. 1514 The following options are defined for this message: 1516 Responder Validator: Variable length option. Just a copy of the 1517 Responder Validator option in the R1bis message. 1519 ULID pair: When the IPv6 source and destination addresses in the 1520 IPv6 header does not match the ULID pair, this option 1521 MUST be included. 1523 Forked Instance Identifier: When another instance of an existent 1524 context with the same ULID pair is being created, a 1525 Forked Instance Identifier option is included to 1526 distinguish this new instance from the existent one. 1528 Locator list: Optionally sent when the initiator immediately wants 1529 to tell the responder its list of locators. When it 1530 is sent, the necessary HBA/CGA information for 1531 verifying the locator list MUST also be included. 1533 Locator Preferences: Optionally sent when the locators don't all have 1534 equal preference. 1536 CGA Parameter Data Structure: Included when the locator list is 1537 included so the receiver can verify the locator list. 1539 CGA Signature: Included when the some of the locators in the list use 1540 CGA (and not HBA) for verification. 1542 Future protocol extensions might define additional options for this 1543 message. The C-bit in the option format defines how such a new 1544 option will be handled by an implementation. See Section 5.14. 1546 5.10. Update Request Message Format 1548 The Update Request Message is used to update either the list of 1549 locators, the locator preferences, and both. When the list of 1550 locators is updated, the message also contains the option(s) 1551 necessary for HBA/CGA to secure this. The basic sanity check that 1552 prevents off-path attackers from generating bogus updates is the 1553 context tag in the message. 1555 The update message contains options (the Locator List and the Locator 1556 Preferences) that, when included, completely replace the previous 1557 locator list and locator preferences, respectively. Thus there is no 1558 mechanism to just send deltas to the locator list. 1560 0 1 2 3 1561 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1562 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1563 | 59 | Hdr Ext Len |0| Type = 64 | Reserved1 |0| 1564 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1565 | Checksum |R| | 1566 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1567 | Receiver Context Tag | 1568 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1569 | Request Nonce | 1570 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1571 | | 1572 + Options + 1573 | | 1574 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1576 Fields: 1578 Next Header: NO_NXT_HDR (59). 1580 Hdr Ext Len: At least 1, since the header is 16 octets when there 1581 are no options. 1583 Type: 64 1585 Reserved1: 7-bit field. Reserved for future use. Zero on 1586 transmit. MUST be ignored on receipt. 1588 R: 1-bit field. Reserved for future use. Zero on 1589 transmit. MUST be ignored on receipt. 1591 Receiver Context Tag: 47-bit field. The Context Tag the receiver has 1592 allocated for the context. 1594 Request Nonce: 32-bit unsigned integer. A random number picked by 1595 the initiator which the peer will return in the 1596 acknowledgement message. 1598 The following options are defined for this message: 1600 Locator List: The list of the sender's (new) locators. The locators 1601 might be unchanged and only the preferences have 1602 changed. 1604 Locator Preferences: Optionally sent when the locators don't all have 1605 equal preference. 1607 CGA Parameter Data Structure (PDS): Included when the locator list is 1608 included and the PDS was not included in the 1609 I2/I2bis/R2 messages, so the receiver can verify the 1610 locator list. 1612 CGA Signature: Included when the some of the locators in the list use 1613 CGA (and not HBA) for verification. 1615 Future protocol extensions might define additional options for this 1616 message. The C-bit in the option format defines how such a new 1617 option will be handled by an implementation. See Section 5.14. 1619 5.11. Update Acknowledgement Message Format 1621 This message is sent in response to a Update Request message. It 1622 implies that the Update Request has been received, and that any new 1623 locators in the Update Request can now be used as the source locators 1624 of packets. But it does not imply that the (new) locators have been 1625 verified to be used as a destination, since the host might defer the 1626 verification of a locator until it sees a need to use a locator as 1627 the destination. 1629 0 1 2 3 1630 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1631 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1632 | 59 | Hdr Ext Len |0| Type = 65 | Reserved1 |0| 1633 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1634 | Checksum |R| | 1635 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1636 | Receiver Context Tag | 1637 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1638 | Request Nonce | 1639 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1640 | | 1641 + Options + 1642 | | 1643 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1645 Fields: 1647 Next Header: NO_NXT_HDR (59). 1649 Hdr Ext Len: At least 1, since the header is 16 octets when there 1650 are no options. 1652 Type: 65 1654 Reserved1: 7-bit field. Reserved for future use. Zero on 1655 transmit. MUST be ignored on receipt. 1657 R: 1-bit field. Reserved for future use. Zero on 1658 transmit. MUST be ignored on receipt. 1660 Receiver Context Tag: 47-bit field. The Context Tag the receiver has 1661 allocated for the context. 1663 Request Nonce: 32-bit unsigned integer. Copied from the Update 1664 Request message. 1666 No options are currently defined for this message. 1668 Future protocol extensions might define additional options for this 1669 message. The C-bit in the option format defines how such a new 1670 option will be handled by an implementation. See Section 5.14. 1672 5.12. Keepalive Message Format 1674 This message format is defined in [9]. 1676 The message is used to ensure that when a peer is sending ULP packets 1677 on a context, it always receives some packets in the reverse 1678 direction. When the ULP is sending bidirectional traffic, no extra 1679 packets need to be inserted. But for a unidirectional ULP traffic 1680 pattern, the shim will send back some Keepalive messages when it is 1681 receiving ULP packets. 1683 5.13. Probe Message Format 1685 This message and its semantics are defined in [9]. 1687 The idea behind that mechanism is to be able to handle the case when 1688 one locator pair works in from A to B, and another locator pair works 1689 from B to A, but there is no locator pair which works in both 1690 directions. The protocol mechanism is that as A is sending probe 1691 messages to B, B will observe which locator pairs it has received 1692 from and report that back in probe messages it is sending to A. 1694 5.14. Option Formats 1696 The format of the options is a snapshot of the current HIP option 1697 format [26]. However, there is no intention to track any changes to 1698 the HIP option format, nor is there an intent to use the same name 1699 space for the option type values. But using the same format will 1700 hopefully make it easier to import HIP capabilities into shim6 as 1701 extensions to shim6, should this turn out to be useful. 1703 All of the TLV parameters have a length (including Type and Length 1704 fields) which is a multiple of 8 bytes. When needed, padding MUST be 1705 added to the end of the parameter so that the total length becomes a 1706 multiple of 8 bytes. This rule ensures proper alignment of data. If 1707 padding is added, the Length field MUST NOT include the padding. Any 1708 added padding bytes MUST be zeroed by the sender, and their values 1709 SHOULD NOT be checked by the receiver. 1711 Consequently, the Length field indicates the length of the Contents 1712 field (in bytes). The total length of the TLV parameter (including 1713 Type, Length, Contents, and Padding) is related to the Length field 1714 according to the following formula: 1716 Total Length = 11 + Length - (Length + 3) % 8; 1718 0 1 2 3 1719 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1720 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1721 | Type |C| Length | 1722 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1723 ~ ~ 1724 ~ Contents ~ 1725 ~ +-+-+-+-+-+-+-+-+ 1726 ~ | Padding | 1727 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1729 Fields: 1731 Type: 15-bit identifier of the type of option. The options 1732 defined in this document are below. 1734 C: Critical. One if this parameter is critical, and MUST 1735 be recognized by the recipient, zero otherwise. An 1736 implementation might view the C bit as part of the 1737 Type field, by multiplying the type values in this 1738 specification by two. 1740 Length: Length of the Contents, in bytes. 1742 Contents: Parameter specific, defined by Type. 1744 Padding: Padding, 0-7 bytes, added if needed. 1746 +------+------------------------------+ 1747 | Type | Option Name | 1748 +------+------------------------------+ 1749 | 1 | Responder Validator | 1750 | | | 1751 | 2 | Locator List | 1752 | | | 1753 | 3 | Locator Preferences | 1754 | | | 1755 | 4 | CGA Parameter Data Structure | 1756 | | | 1757 | 5 | CGA Signature | 1758 | | | 1759 | 6 | ULID Pair | 1760 | | | 1761 | 7 | Forked Instance Identifier | 1762 | | | 1763 | 10 | Keepalive Timeout Option | 1764 +------+------------------------------+ 1766 Table 2 1768 Future protocol extensions might define additional options for the 1769 SHIM6 messages. The C-bit in the option format defines how such a 1770 new option will be handled by an implementation. 1772 If a host receives an option that it does not understand (an option 1773 that was defined in some future extension to this protocol) or is not 1774 listed as a valid option for the different message types above, then 1775 the Critical bit in the option determines the outcome. 1777 o If C=0 then the option is silently ignored, and the rest of the 1778 message is processed. 1780 o If C=1 then the host SHOULD send back an ICMP parameter problem 1781 (type 4, code 1), with the Pointer referencing the first octet in 1782 the option Type field. When C=1 the message MUST NOT be 1783 processed. 1785 5.14.1. Responder Validator Option Format 1787 The responder can choose exactly what input is used to compute the 1788 validator, and what one-way function (MD5, SHA1) it uses, as long as 1789 the responder can check that the validator it receives back in the I2 1790 or I2bis message is indeed one that: 1792 1)- it computed, 1794 2)- it computed for the particular context, and 1796 3)- that it isn't a replayed I2/I2bis message. 1798 Some suggestions on how to generate the validators are captured in 1799 Section 7.10.1 and Section 7.17.1. 1801 0 1 2 3 1802 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1803 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1804 | Type = 1 |0| Length | 1805 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1806 ~ Validator ~ 1807 ~ +-+-+-+-+-+-+-+-+ 1808 ~ | Padding | 1809 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1811 Fields: 1813 Validator: Variable length content whose interpretation is local 1814 to the responder. 1816 Padding: Padding, 0-7 bytes, added if needed. See 1817 Section 5.14. 1819 5.14.2. Locator List Option Format 1821 The Locator List Option is used to carry all the locators of the 1822 sender. Note that the order of the locators is important, since the 1823 Locator Preferences refers to the locators by using the index in the 1824 list. 1826 Note that we carry all the locators in this option even though some 1827 of them can be created automatically from the CGA Parameter Data 1828 Structure. 1830 0 1 2 3 1831 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1832 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1833 | Type = 2 |0| Length | 1834 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1835 | Locator List Generation | 1836 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1837 | Num Locators | N Octets of Verification Method | 1838 +-+-+-+-+-+-+-+-+ | 1839 ~ ~ 1840 ~ +-+-+-+-+-+-+-+-+ 1841 ~ | Padding | 1842 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1843 ~ Locators 1 through N ~ 1844 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1846 Fields: 1848 Locator List Generation: 32-bit unsigned integer. Indicates a 1849 generation number which is increased by one for each 1850 new locator list. This is used to ensure that the 1851 index in the Locator Preferences refer to the right 1852 version of the locator list. 1854 Num Locators: 8-bit unsigned integer. The number of locators that 1855 are included in the option. We call this number "N" 1856 below. 1858 Verification Method: N octets. The i'th octet specifies the 1859 verification method for the i'th locator. 1861 Padding: Padding, 0-7 bytes, added if needed so that the 1862 Locators start on a multiple of 8 octet boundary. 1863 NOTE that for this option there is never a need to pad 1864 at the end, since the locators are a multiple of 8 1865 octets in length. This internal padding is included 1866 in the length field. 1868 Locators: N 128-bit locators. 1870 The defined verification methods are: 1872 +-------+----------+ 1873 | Value | Method | 1874 +-------+----------+ 1875 | 0 | Reserved | 1876 | | | 1877 | 1 | HBA | 1878 | | | 1879 | 2 | CGA | 1880 | | | 1881 | 3-255 | Reserved | 1882 +-------+----------+ 1884 Table 3 1886 5.14.3. Locator Preferences Option Format 1888 The Locator Preferences option can have some flags to indicate 1889 whether or not a locator is known to work. In addition, the sender 1890 can include a notion of preferences. It might make sense to define 1891 "preferences" as a combination of priority and weight the same way 1892 that DNS SRV records has such information. The priority would 1893 provide a way to rank the locators, and within a given priority, the 1894 weight would provide a way to do some load sharing. See [10] for how 1895 SRV defines the interaction of priority and weight. 1897 The minimum notion of preferences we need is to be able to indicate 1898 that a locator is "dead". We can handle this using a single octet 1899 flag for each locator. 1901 We can extend that by carrying a larger "element" for each locator. 1902 This document presently also defines 2-octet and 3-octet elements, 1903 and we can add more information by having even larger elements if 1904 need be. 1906 The locators are not included in the preference list. Instead, the 1907 first element refers to locator that was in the first element in the 1908 Locator List option. The generation number carried in this option 1909 and the Locator List option is used to verify that they refer to the 1910 same version of the locator list. 1912 0 1 2 3 1913 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1914 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1915 | Type = 3 |0| Length | 1916 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1917 | Locator List Generation | 1918 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1919 | Element Len | Element[1] | Element[2] | Element[3] | 1920 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1921 ~ ... ~ 1922 ~ +-+-+-+-+-+-+-+-+ 1923 ~ | Padding | 1924 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1926 Case of Element Len = 1 is depicted. 1928 Fields: 1930 Locator List Generation: 32-bit unsigned integer. Indicates a 1931 generation number for the locator list to which the 1932 elements should apply. 1934 Element Len: 8-bit unsigned integer. The length in octets of each 1935 element. This specification defines the cases when 1936 the length is 1, 2, or 3. 1938 Element[i]: A field with a number of octets defined by the Element 1939 Len field. Provides preferences for the i'th locator 1940 in the Locator List option that is in use. 1942 Padding: Padding, 0-7 bytes, added if needed. See 1943 Section 5.14. 1945 When the Element length equals one, then the element consists of only 1946 a one octet flags field. The currently defined set of flags are: 1948 BROKEN: 0x01 1950 TEMPORARY: 0x02 1952 The intent of the BROKEN flag is to inform the peer that a given 1953 locator is known to be not working. The intent of TEMPORARY is to 1954 allow the distinction between more stable addresses and less stable 1955 addresses when shim6 is combined with IP mobility, when we might have 1956 more stable home locators, and less stable care-of-locators. 1958 When the Element length equals two, then the element consists of a 1 1959 octet flags field followed by a 1 octet priority field. The priority 1960 has the same semantics as the priority in DNS SRV records. 1962 When the Element length equals three, then the element consists of a 1963 1 octet flags field followed by a 1 octet priority field, and a 1 1964 octet weight field. The weight has the same semantics as the weight 1965 in DNS SRV records. 1967 This document doesn't specify the format when the Element length is 1968 more than three, except that any such formats MUST be defined so that 1969 the first three octets are the same as in the above case, that is, a 1970 of a 1 octet flags field followed by a 1 octet priority field, and a 1971 1 octet weight field. 1973 5.14.4. CGA Parameter Data Structure Option Format 1975 This option contains the CGA Parameter Data Structure (PDS). When 1976 HBA is used to verify the locators, the PDS contains the HBA 1977 multiprefix extension. When CGA is used to verify the locators, in 1978 addition to the PDS option, the host also needs to include the 1979 signature in the form of a CGA Signature option. 1981 0 1 2 3 1982 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1983 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1984 | Type = 4 |0| Length | 1985 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1986 ~ CGA Parameter Data Structure ~ 1987 ~ +-+-+-+-+-+-+-+-+ 1988 ~ | Padding | 1989 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1991 Fields: 1993 CGA Parameter Data Structure: Variable length content. Content 1994 defined in [6] and [8]. 1996 Padding: Padding, 0-7 bytes, added if needed. See 1997 Section 5.14. 1999 5.14.5. CGA Signature Option Format 2001 When CGA is used for verification of one or more of the locators in 2002 the Locator List option, then the message in question will need to 2003 contain this option. 2005 0 1 2 3 2006 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2007 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2008 | Type = 5 |0| Length | 2009 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2010 ~ CGA Signature ~ 2011 ~ +-+-+-+-+-+-+-+-+ 2012 ~ | Padding | 2013 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2015 Fields: 2017 CGA Signature: A variable-length field containing a PKCS#1 v1.5 2018 signature, constructed by using the sender's private 2019 key over the following sequence of octets: 2021 1. The 128-bit CGA Message Type tag [CGA] value for 2022 SHIM6, 0x4A 30 5662 4858 574B 3655 416F 506A 6D48. 2023 (The tag value has been generated randomly by the 2024 editor of this specification.). 2026 2. The Locator List Generation value of the 2027 correspondent Locator List Option. 2029 3. The subset of locators included in the 2030 correspondent Locator List Option which 2031 verification method is set to CGA. The locators 2032 MUST be included in the order they are listed in 2033 the Locator List Option. 2035 Padding: Padding, 0-7 bytes, added if needed. See 2036 Section 5.14. 2038 5.14.6. ULID Pair Option Format 2040 I1, I2, and I2bis messages MUST contain the ULID pair; normally this 2041 is in the IPv6 source and destination fields. In case that the ULID 2042 for the context differ from the address pair included in the source 2043 and destination address fields of the IPv6 packet used to carry the 2044 I1/I2/I2bis message, the ULID pair option MUST be included in the I1/ 2045 I2/I2bis message. 2047 0 1 2 3 2048 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2049 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2050 | Type = 6 |0| Length = 36 | 2051 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2052 | Reserved2 | 2053 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2054 | | 2055 + Sender ULID + 2056 | | 2057 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2058 | | 2059 + Receiver ULID + 2060 | | 2061 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2063 Fields: 2065 Reserved2: 32-bit field. Reserved for future use. Zero on 2066 transmit. MUST be ignored on receipt. (Needed to 2067 make the ULIDs start on a multiple of 8 octet 2068 boundary.) 2070 Sender ULID: A 128-bit IPv6 address. 2072 Receiver ULID: A 128-bit IPv6 address. 2074 5.14.7. Forked Instance Identifier Option Format 2076 0 1 2 3 2077 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2078 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2079 | Type = 7 |0| Length = 4 | 2080 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2081 | Forked Instance Identifier | 2082 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2084 Fields: 2086 Forked Instance Identifier: 32-bit field containing the identifier of 2087 the particular forked instance. 2089 5.14.8. Keepalive Timeout Option Format 2091 This option is defined in [9]. 2093 6. Conceptual Model of a Host 2095 This section describes a conceptual model of one possible data 2096 structure organization that hosts will maintain for the purposes of 2097 shim6. The described organization is provided to facilitate the 2098 explanation of how the shim6 protocol should behave. This document 2099 does not mandate that implementations adhere to this model as long as 2100 their external behavior is consistent with that described in this 2101 document. 2103 6.1. Conceptual Data Structures 2105 The key conceptual data structure for the shim6 protocol is the ULID 2106 pair context. This is a data structure which contains the following 2107 information: 2109 o The state of the context. See Section 6.2. 2111 o The peer ULID; ULID(peer) 2113 o The local ULID; ULID(local) 2115 o The Forked Instance Identifier; FII. This is zero for the default 2116 context i.e., when there is no forking. 2118 o The list of peer locators, with their preferences; Ls(peer) 2120 o The generation number for the most recently received, verified 2121 peer locator list. 2123 o For each peer locator, the verification method to use (from the 2124 Locator List option). 2126 o For each peer locator, a bit whether it has been verified using 2127 HBA or CGA, and a bit whether the locator has been probed to 2128 verify that the ULID is present at that location. 2130 o The preferred peer locator - used as destination; Lp(peer) 2132 o The set of local locators and the preferences; Ls(local) 2134 o The generation number for the most recently sent Locator List 2135 option. 2137 o The preferred local locator - used as source; Lp(local) 2139 o The context tag used to transmit control messages and payload 2140 extension headers - allocated by the peer; CT(peer) 2142 o The context to expect in received control messages and payload 2143 extension headers - allocated by the local host; CT(local) 2145 o Timers for retransmission of the messages during context 2146 establishment and update messages. 2148 o Depending how an implementation determines whether a context is 2149 still in use, there might be a need to track the last time a 2150 packet was sent/received using the context. 2152 o Reachability state for the locator pairs as specified in [9]. 2154 o During pair exploration, information about the probe messages that 2155 have been sent and received as specified in [9]. 2157 6.2. Context States 2159 The states that are used to describe the shim6 protocol are as 2160 follows: 2162 +---------------------+---------------------------------------------+ 2163 | State | Explanation | 2164 +---------------------+---------------------------------------------+ 2165 | IDLE | State machine start | 2166 | | | 2167 | I1-SENT | Initiating context establishment exchange | 2168 | | | 2169 | I2-SENT | Waiting to complete context establishment | 2170 | | exchange | 2171 | | | 2172 | I2BIS-SENT | Potential context loss detected | 2173 | | | 2174 | | | 2175 | ESTABLISHED | SHIM context established | 2176 | | | 2177 | E-FAILED | Context establishment exchange failed | 2178 | | | 2179 | NO-SUPPORT | ICMP Unrecognized Next Header type | 2180 | | (type 4, code 1) received indicating | 2181 | | that shim6 is not supported | 2182 +---------------------+---------------------------------------------+ 2183 In addition, in each of the aforementioned states, the following 2184 state information is stored: 2186 +---------------------+---------------------------------------------+ 2187 | State | Information | 2188 +---------------------+---------------------------------------------+ 2189 | IDLE | None | 2190 | | | 2191 | I1-SENT | ULID(peer), ULID(local), [FII], CT(local), | 2192 | | INIT nonce, Lp(local), Lp(peer), Ls(local) | 2193 | | | 2194 | I2-SENT | ULID(peer), ULID(local), [FII], CT(local), | 2195 | | INIT nonce, RESP nonce, Lp(local), Lp(peer),| 2196 | | Ls(local) | 2197 | | | 2198 | ESTABLISHED | ULID(peer), ULID(local), [FII], CT(local), | 2199 | | CT(peer), Lp(local), Lp(peer), Ls(local) | 2200 | | Ls(peer), INIT nonce?(to receive late R2) | 2201 | | | 2202 | I2BIS-SENT | ULID(peer), ULID(local), [FII], CT(local), | 2203 | | CT(peer), Lp(local), Lp(peer), Ls(local) | 2204 | | Ls(peer), CT(R1bis) | 2205 | | | 2206 | E-FAILED | ULID(peer), ULID(local) | 2207 | | | 2208 | NO-SUPPORT | ULID(peer), ULID(local) | 2209 +---------------------+---------------------------------------------+ 2211 7. Establishing ULID-Pair Contexts 2213 ULID-pair contexts are established using a 4-way exchange, which 2214 allows the responder to avoid creating state on the first packet. As 2215 part of this exchange each end allocates a context tag, and it shares 2216 this context tag and its set of locators with the peer. 2218 In some cases the 4-way exchange is not necessary, for instance when 2219 both ends try to setup the context at the same time, or when 2220 recovering from a context that has been garbage collected or lost at 2221 one of the hosts. 2223 7.1. Uniqueness of Context Tags 2225 As part of establishing a new context, each host has to assign a 2226 unique context tag. Since the Payload Extension headers are 2227 demultiplexed based solely on the context tag value (without using 2228 the locators), the context tag MUST be unique for each context. 2230 In addition, in order to minimize the reuse of context tags, the host 2231 SHOULD randomly cycle through the 2^47 context tag values,(e.g. 2232 following the guidelines described in [18]). 2234 7.2. Locator Verification 2236 The peer's locators might need to be verified during context 2237 establishment as well as when handling locator updates in Section 10. 2239 There are two separate aspects of locator verification. One is to 2240 verify that the locator is tied to the ULID, i.e., that the host 2241 which "owns" the ULID is also the one that is claiming the locator 2242 "ownership". The shim6 protocol uses the HBA or CGA techniques for 2243 doing this verification. The other is to verify that the host is 2244 indeed reachable at the claimed locator. Such verification is needed 2245 both to make sure communication can proceed, but also to prevent 3rd 2246 party flooding attacks [20]. These different verifications happen at 2247 different times, since the first might need to be performed before 2248 packets can be received by the peer with the source locator in 2249 question, but the latter verification is only needed before packets 2250 are sent to the locator. 2252 Before a host can use a locator (different than the ULID) as the 2253 source locator, it must know that the peer will accept packets with 2254 that source locator as being part of this context. Thus the HBA/CGA 2255 verification SHOULD be performed by the host before the host 2256 acknowledges the new locator, by sending an Update Acknowledgement 2257 message, or an R2 message. 2259 Before a host can use a locator (different than the ULID) as the 2260 destination locator it MUST perform the HBA/CGA verification if this 2261 was not performed before upon the reception of the locator set. In 2262 addition, it MUST verify that the ULID is indeed present at that 2263 locator. This verification is performed by doing a return- 2264 routability test as part of the Probe sub-protocol [9]. 2266 If the verification method in the Locator List option is not 2267 supported by the host, or if the verification method is not 2268 consistent with the CGA Parameter Data Structure (e.g., the Parameter 2269 Data Structure doesn't contain the multiprefix extension, and the 2270 verification method says to use HBA), then the host MUST ignore the 2271 Locator List and the message in which it is contained, and the host 2272 SHOULD generates an ICMP parameter problem (type 4, code 0), with the 2273 Pointer referencing the octet in the Verification method that was 2274 found inconsistent. 2276 7.3. Normal context establishment 2278 The normal context establishment consists of a 4 message exchange in 2279 the order of I1, R1, I2, R2 as can be seen in Figure 24. 2281 Initiator Responder 2283 IDLE IDLE 2284 ------------- I1 --------------> 2285 I1-SENT 2286 <------------ R1 --------------- 2287 IDLE 2288 ------------- I2 --------------> 2289 I2-SENT 2290 <------------ R2 --------------- 2291 ESTABLISHED ESTABLISHED 2293 Figure 24: Normal context establishment 2295 7.4. Concurrent context establishment 2297 When both ends try to initiate a context for the same ULID pair, then 2298 we might end up with crossing I1 messages. Alternatively, since no 2299 state is created when receiving the I1, a host might send a I1 after 2300 having sent a R1 message. 2302 Since a host remembers that it has sent an I1, it can respond to an 2303 I1 from the peer (for the same ULID-pair), with a R2, resulting in 2304 the message exchange shown in Figure 25. Such behavior is needed for 2305 other reasons such as to correctly respond to retransmitted I1 2306 messages, which occur when the R2 message has been lost. 2308 Host A Host B 2310 IDLE IDLE 2311 -\ 2312 I1-SENT---\ 2313 ---\ /--- 2314 --- I1 ---\ /--- I1-SENT 2315 ---\ 2316 /--- I1 ---/ ---\ 2317 /--- --> 2318 <--- 2320 -\ 2321 I1-SENT---\ 2322 ---\ /--- 2323 --- R2 ---\ /--- I1-SENT 2324 ---\ 2325 /--- R2 ---/ ---\ 2326 /--- --> 2327 <--- ESTABLISHED 2328 ESTABLISHED 2330 Figure 25: Crossing I1 messages 2332 If a host has received an I1 and sent an R1, it has no state to 2333 remember this. Thus if the ULP on the host sends down packets, this 2334 might trigger the host to send an I1 message itself. Thus while one 2335 end is sending an I1 the other is sending an I2 as can be seen in 2336 Figure 26. 2338 Host A Host B 2340 IDLE IDLE 2341 -\ 2342 ---\ 2343 I1-SENT ---\ 2344 --- I1 ---\ 2345 ---\ 2346 ---\ 2347 --> 2349 /--- 2350 /--- IDLE 2351 --- 2352 /--- R1--/ 2353 /--- 2354 <--- 2356 -\ 2357 I2-SENT---\ 2358 ---\ /--- 2359 --- I2---\ /--- I1-SENT 2360 ---\ 2361 /--- I1 ---/ ---\ 2362 /--- --> 2363 <--- ESTABLISHED 2365 -\ 2366 I2-SENT---\ 2367 ---\ /--- 2368 --- R2 ---\ /--- 2369 ---\ 2370 /--- R2 ---/ ---\ 2371 /--- --> 2372 <--- ESTABLISHED 2373 ESTABLISHED 2375 Figure 26: Crossing I2 and I1 2377 7.5. Context recovery 2379 Due to garbage collection, we can end up with one end having and 2380 using the context state, and the other end not having any state. We 2381 need to be able to recover this state at the end that has lost it, 2382 before we can use it. 2384 This need can arise in the following cases: 2386 o The communication is working using the ULID pair as the locator 2387 pair, but a problem arises, and the end that has retained the 2388 context state decides to probe alternate locator pairs. 2390 o The communication is working using a locator pair that is not the 2391 ULID pair, hence the ULP packets sent from a peer that has 2392 retained the context state use the shim6 Payload extension header. 2394 o The host that retained the state sends a control message (e.g. an 2395 Update Request message). 2397 In all the cases the result is that the peer without state receives a 2398 shim message for which it has to context for the context tag. 2400 In all of those cases we can recover the context by having the node 2401 which doesn't have a context state, send back an R1bis message, and 2402 have then complete the recovery with a I2bis and R2 message as can be 2403 seen in Figure 27. 2405 Host A Host B 2407 Context for 2408 CT(peer)=X Discards context for 2409 CT(local)=X 2411 ESTABLISHED IDLE 2413 ---- payload, probe, etc. -----> No context state 2414 for CT(local)=X 2416 <------------ R1bis ------------ 2417 IDLE 2419 ------------- I2bis -----------> 2420 I2BIS_SENT 2421 <------------ R2 --------------- 2422 ESTABLISHED ESTABLISHED 2424 Figure 27: Context loss at receiver 2426 If one end has garbage collected or lost the context state, it might 2427 try to create a new context state (for the same ULID pair), by 2428 sending an I1 message. The peer (that still has the context state) 2429 will reply with an R1 message and the full 4-way exchange will be 2430 performed again in this case as can be seen in Figure 28. 2432 Host A Host B 2434 Context for 2435 CT(peer)=X Discards context for 2436 ULIDs A1, B1 CT(local)=X 2438 ESTABLISHED IDLE 2440 Finds <------------ I1 --------------- Tries to setup 2441 existing for ULIDs A1, B1 2442 context, 2443 but CT(peer) I1-SENT 2444 doesn't match 2445 ------------- R1 ---------------> 2446 Left old context 2447 in ESTABLISHED 2449 <------------ I2 --------------- 2450 Recreate context 2452 with new CT(peer) I2-SENT 2453 and Ls(peer). 2455 ESTABLISHED 2456 ------------- R2 --------------> 2457 ESTABLISHED ESTABLISHED 2459 Figure 28: Context loss at sender 2461 7.6. Context confusion 2463 Since each end might garbage collect the context state we can have 2464 the case when one end has retained the context state and tries to use 2465 it, while the other end has lost the state. We discussed this in the 2466 previous section on recovery. But for the same reasons, when one 2467 host retains context tag X as CT(peer) for ULID pair , the 2468 other end might end up allocating that context tag as CT(local) for 2469 another ULID pair, e.g., between the same hosts. In this 2470 case we can not use the recovery mechanisms since there needs to be 2471 separate context tags for the two ULID pairs. 2473 This type of "confusion" can be observed in two cases (assuming it is 2474 A that has retained the state and B has dropped it): 2476 o B decides to create a context for ULID pair , and 2477 allocates X as its context tag for this, and sends an I1 to A. 2479 o A decides to create a context for ULID pair , and starts 2480 the exchange by sending I1 to B. When B receives the I2 message, 2481 it allocates X as the context tag for this context. 2483 In both cases, A can detect that B has allocated X for ULID pair even though that A still X as CT(peer) for ULID pair . 2485 Thus A can detect that B must have lost the context for . 2487 The confusion can be detected when I2/I2bis/R2 is received since we 2488 require that those messages MUST include a sufficiently large set of 2489 locators in a Locator List option that the peer can determine whether 2490 or not two contexts have the same host as the peer by comparing if 2491 there is any common locators in Ls(peer). 2493 The requirement is that the old context which used the context tag 2494 MUST be removed; it can no longer be used to send packets. Thus A 2495 would forcibly remove the context state for , so that it 2496 can accept the new context for . An implementation MAY 2497 re-create a context to replace the one that was removed; in this case 2498 for . The normal I1, R1, I2, R2 establishment exchange would 2499 then pick unique context tags for that replacement context. This re- 2500 creation is OPTIONAL, but might be useful when there is ULP 2501 communication which is using the ULID pair whose context was removed. 2503 Note that an I1 message with a duplicate context tag should not cause 2504 the removal of the old context state; this operation needs to be 2505 deferred until the reception of the I2 message. 2507 7.7. Sending I1 messages 2509 When the shim layer decides to setup a context for a ULID pair, it 2510 starts by allocating and initializing the context state for its end. 2511 As part of this it assigns a random context tag to the context that 2512 is not being used as CT(local) by any other context . In the case 2513 that a new API is used and the ULP requests a forked context, the 2514 Forked Instance Identifier value will be set to a non-zero value. 2515 Otherwise, the FII value is zero. Then the initiator can send an I1 2516 message and set the context state to I1-SENT. The I1 message MUST 2517 include the ULID pair; normally in the IPv6 source and destination 2518 fields. But if the ULID pair for the context is not used as locator 2519 pair for the I1 message, then a ULID option MUST be included in the 2520 I1 message. In addition, if a Forked Instance Identifier value is 2521 non-zero, the I1 message MUST include a Context Instance Identifier 2522 option containing the correspondent value. 2524 7.8. Retransmitting I1 messages 2526 If the host does not receive an I2 or R2 message in response to the 2527 I1 message after I1_TIMEOUT time, then it needs to retransmit the I1 2528 message. The retransmissions should use a retransmission timer with 2529 binary exponential backoff to avoid creating congestion issues for 2530 the network when lots of hosts perform I1 retransmissions. Also, the 2531 actual timeout value should be randomized between 0.5 and 1.5 of the 2532 nominal value to avoid self-synchronization. 2534 If, after I1_RETRIES_MAX retransmissions, there is no response, then 2535 most likely the peer does not implement the shim6 protocol, or there 2536 could be a firewall that blocks the protocol. In this case it makes 2537 sense for the host to remember to not try again to establish a 2538 context with that ULID. However, any such negative caching should 2539 retained for at most NO_R1_HOLDDOWN_TIME, to be able to later setup a 2540 context should the problem have been that the host was not reachable 2541 at all when the shim tried to establish the context. 2543 If the host receives an ICMP error with "Unrecognized Next Header" 2544 type (type 4, code 1) and the included packet is the I1 message it 2545 just sent, then this is a more reliable indication that the peer ULID 2546 does not implement shim6. Again, in this case, the host should 2547 remember to not try again to establish a context with that ULID. 2548 Such negative caching should retained for at most ICMP_HOLDDOWN_TIME, 2549 which should be significantly longer than the previous case. 2551 7.9. Receiving I1 messages 2553 A host MUST silently discard any received I1 messages that do not 2554 satisfy all of the following validity checks in addition to those 2555 specified in Section 12.2: 2557 o The Hdr Ext Len field is at least 1, i.e., the length is at least 2558 16 octets. 2560 Upon the reception of an I1 message, the host extracts the ULID pair 2561 and the Forked Instance Identifier from the message. If there is no 2562 ULID-pair option, then the ULID pair is taken from the source and 2563 destination fields in the IPv6 header. If there is no FII option in 2564 the message, then the FII value is taken to be zero. 2566 Next the host looks for an existing context which matches the ULID 2567 pair and the FII. 2569 If no state is found (i.e., the state is IDLE), then the host replies 2570 with a R1 message as specified below. 2572 If such a context exists in ESTABLISHED state, the host verifies that 2573 the locator of the Initiator is included in Ls(peer) (This check is 2574 unnecessary if there is no ULID-pair option in the I1 message). 2576 If the state exists in ESTABLISHED state and the locators do not fall 2577 in the locator sets, then the host replies with a R1 message as 2578 specified below. This completes the I1 processing, with the context 2579 state being unchanged. 2581 If the state exists in ESTABLISHED state and the locators do fall in 2582 the sets, then the host compares CT(peer) for the context with the CT 2583 contained in the I1 message. 2585 o If the context tags match, then this probably means that the R2 2586 message was lost and this I1 is a retransmission. In this case, 2587 the host replies with a R2 message containing the information 2588 available for the existent context. 2590 o If the context tags do not match, then it probably means that the 2591 Initiator has lost the context information for this context and it 2592 is trying to establish a new one for the same ULID-pair. In this 2593 case, the host replies with a R1 message as specified below. This 2594 completes the I1 processing, with the context state being 2595 unchanged. 2597 If the state exists in other state (I1-SENT, I2-SENT, I2BIS-SENT), we 2598 are in the situation of Concurrent context establishment described in 2599 Section 7.4. In this case, the host leaves CT(peer) unchanged, and 2600 replies with a R2 message. This completes the I1 processing, with 2601 the context state being unchanged. 2603 7.10. Sending R1 messages 2605 When the host needs to send a R1 message in response to the I1 2606 message, it copies the Initiator Nonce from the I1 message to the R1 2607 message, generates a Responder Nonce and calculates a Responder 2608 Validator option as suggested in the following section. No state is 2609 created on the host in this case.(Note that the information used to 2610 generate the R1 reply message is either contained in the received I1 2611 message or it is global information that is not associated with the 2612 particular requested context (the S and the Responder nonce values)). 2614 When the host needs to send a R2 message in response to the I1 2615 message, it copies the Initiator Nonce from the I1 message to the R2 2616 message, and otherwise follows the normal rules for forming an R2 2617 message (see Section 7.14). 2619 7.10.1. Generating the R1 Validator 2621 One way for the responder to properly generate validators is to 2622 maintain a single secret (S) and a running counter for the Responder 2623 Nonce. 2625 In the case the validator is generated to be included in a R1 2626 message, for each I1 message. The responder can increase the 2627 counter, use the counter value as the responder nonce, and use the 2628 following information concatenated as input to the one-way function: 2630 o The the secret S 2632 o That Responder Nonce 2634 o The Initiator Context Tag from the I1 message 2636 o The ULIDs from the I1 message 2638 o The locators from the I1 message (strictly only needed if they are 2639 different from the ULIDs) 2641 o The forked instance identifier if such option was included in the 2642 I1 message 2644 and then the output of the hash function is used as the validator 2645 octet string. 2647 7.11. Receiving R1 messages and sending I2 messages 2649 A host MUST silently discard any received R1 messages that do not 2650 satisfy all of the following validity checks in addition to those 2651 specified in Section 12.2: 2653 o The Hdr Ext Len field is at least 1, i.e., the length is at least 2654 16 octets. 2656 Upon the reception of an R1 message, the host extracts the Initiator 2657 Nonce and the Locator Pair from the message (the latter from the 2658 source and destination fields in the IPv6 header). Next the host 2659 looks for an existing context which matches the Initiator Nonce and 2660 where the locators are contained in Ls(peer) and Ls(local), 2661 respectively. If no such context is found, then the R1 message is 2662 silently discarded. 2664 If such a context is found, then the host looks at the state: 2666 o If the state is I1-SENT, then it sends an I2 message as specified 2667 below. 2669 o In any other state (I2-SENT, I2BIS-SENT, ESTABLISHED) then the 2670 host has already sent an I2 message then this is probably a reply 2671 to a retransmitted I1 message, so this R1 message MUST be silently 2672 discarded. 2674 When the host sends an I2 message, then it includes the Responder 2675 Validator option that was in the R1 message. The I2 message MUST 2676 include the ULID pair; normally in the IPv6 source and destination 2677 fields. If a ULID-pair option was included in the I1 message then it 2678 MUST be included in the I2 message as well. In addition, if the 2679 Forked Instance Identifier value for this context is non-zero, the I2 2680 message MUST contain a Forked Instance Identifier Option carrying 2681 this value. Besides, the I2 message contains an Initiator Nonce. 2682 This is not required to be the same than the one included in the 2683 previous I1 message. 2685 The I2 message also includes the Initiator's locator list and the CGA 2686 parameter data structure. If CGA (and not HBA) is used to verify the 2687 locator list, then Initiator also signs the key parts of the message 2688 and includes a CGA signature option containing the signature. 2690 When the I2 message has been sent, the state is set to I2-SENT. 2692 7.12. Retransmitting I2 messages 2694 If the initiator does not receive an R2 message after I2_TIMEOUT time 2695 after sending an I2 message it MAY retransmit the I2 message, using 2696 binary exponential backoff and randomized timers. The Responder 2697 Validator option might have a limited lifetime, that is, the peer 2698 might reject Responder Validator options that are older than 2699 VALIDATOR_MIN_LIFETIME to avoid replay attacks. Thus the initiator 2700 SHOULD fall back to retransmitting the I1 message when there is no R2 2701 received after retransmitting the I2 message I2_RETRIES_MAX times. 2703 7.13. Receiving I2 messages 2705 A host MUST silently discard any received I2 messages that do not 2706 satisfy all of the following validity checks in addition to those 2707 specified in Section 12.2: 2709 o The Hdr Ext Len field is at least 2, i.e., the length is at least 2710 24 octets. 2712 Upon the reception of an I2 message, the host extracts the ULID pair 2713 and the Forked Instance identifier from the message. If there is no 2714 ULID-pair option, then the ULID pair is taken from the source and 2715 destination fields in the IPv6 header. If there is no FII option in 2716 the message, then the FII value is taken to be zero. 2718 Next the host verifies that the Responder Nonce is a recent one 2719 (Nonces that are no older than VALIDATOR_MIN_LIFETIME SHOULD be 2720 considered recent), and that the Responder Validator option matches 2721 the validator the host would have computed for the ULID, locators, 2722 responder nonce, and FII. 2724 If a CGA Parameter Data Structure (PDS) is included in the message, 2725 then the host MUST verify if the actual PDS contained in the message 2726 corresponds to the ULID(peer). 2728 If any of the above verifications fails, then the host silently 2729 discards the message and it has completed the I2 processing. 2731 If all the above verifications are successful, then the host proceeds 2732 to look for a context state for the Initiator. The host looks for a 2733 context with the extracted ULID pair and FII. If none exist then 2734 state of the (non-existing) context is viewed as being IDLE, thus the 2735 actions depend on the state as follows: 2737 o If the state is IDLE (i.e., the context does not exist) the host 2738 allocates a context tag (CT(local)), creates the context state for 2739 the context, and sets its state to ESTABLISHED. It records 2740 CT(peer), and the peer's locator set as well as its own locator 2741 set in the context. It SHOULD perform the HBA/CGA verification of 2742 the peer's locator set at this point in time, as specified in 2743 Section 7.2. Then the host sends an R2 message back as specified 2744 below. 2746 o If the state is I1-SENT, then the host verifies if the source 2747 locator is included in Ls(peer) or, it is included in the Locator 2748 List contained in the the I2 message and the HBA/CGA verification 2749 for this specific locator is successful 2751 * If this is not the case, then the message is silently discarded 2752 and the context state remains unchanged. 2754 * If this is the case, then the host updates the context 2755 information (CT(peer), Ls(peer)) with the data contained in the 2756 I2 message and the host MUST send a R2 message back as 2757 specified below. Note that before updating Ls(peer) 2758 information, the host SHOULD perform the HBA/CGA validation of 2759 the peer's locator set at this point in time as specified in 2760 Section 7.2. The host moves to ESTABLISHED state. 2762 o If the state is ESTABLISHED, I2-SENT, or I2BIS-SENT, then the host 2763 verifies if the source locator is included in Ls(peer) or, it is 2764 included in the Locator List contained in the the I2 message and 2765 the HBA/CGA verification for this specific locator is successful 2767 * If this is not the case, then the message is silently discarded 2768 and the context state remains unchanged. 2770 * If this is the case, then the host updates the context 2771 information (CT(peer), Ls(peer)) with the data contained in the 2772 I2 message and the host MUST send a R2 message back as 2773 specified in Section 7.14. Note that before updating Ls(peer) 2774 information, the host SHOULD perform the HBA/CGA validation of 2775 the peer's locator set at this point in time as specified in 2776 Section 7.2. The context state remains unchanged. 2778 7.14. Sending R2 messages 2780 Before the host sends the R2 message it MUST look for a possible 2781 context confusion i.e. where it would end up with multiple contexts 2782 using the same CT(peer) for the same peer host. See Section 7.15. 2784 When the host needs to send an R2 message, the host forms the message 2785 using its locators and its context tag, copies the Initiator Nonce 2786 from the triggering message (I2, I2bis, or I1), and includes the 2787 necessary options so that the peer can verify the locators. In 2788 particular, the R2 message includes the Responder's locator list and 2789 the PDS option. If CGA (and not HBA) is used to verify the locator 2790 list, then the Responder also signs the key parts of the message and 2791 includes a CGA Signature option containing the signature. 2793 R2 messages are never retransmitted. If the R2 message is lost, then 2794 the initiator will retransmit either the I2/I2bis or I1 message. 2795 Either retransmission will cause the responder to find the context 2796 state and respond with an R2 message. 2798 7.15. Match for Context Confusion 2800 When the host receives an I2, I2bis, or R2 it MUST look for a 2801 possible context confusion i.e. where it would end up with multiple 2802 contexts using the same CT(peer) for the same peer host. This can 2803 happen when it has received the above messages since they create a 2804 new context with a new CT(peer). Same issue applies when CT(peer) is 2805 updated for an existing context. 2807 The host takes CT(peer) for the newly created or updated context, and 2808 looks for other contexts which: 2810 o Are in state ESTABLISHED or I2BIS-SENT. 2812 o Have the same CT(peer). 2814 o Where Ls(peer) has at least one locator in common with the newly 2815 created or updated context. 2817 If such a context is found, then the host checks if the ULID pair or 2818 the Forked Instance Identifier different than the ones in the newly 2819 created or updated context: 2821 o If either or both are different, then the peer is reusing the 2822 context tag for the creation of a context with different ULID pair 2823 or FII, which is an indication that the peer has lost the original 2824 context. In this case, we are in the Context confusion situation, 2825 and the host MUST NOT use the old context to send any packets. It 2826 MAY just discard the old context (after all, the peer has 2827 discarded it), or it MAY attempt to re-establish the old context 2828 by sending a new I1 message and moving its state to I1-SENT. In 2829 any case, once that this situation is detected, the host MUST NOT 2830 keep two contexts with overlapping Ls(peer) locator sets and the 2831 same context tag in ESTABLISHED state, since this would result in 2832 demultiplexing problems on the peer. 2834 o If both are the same, then this context is actually the context 2835 that is created or updated, hence there is no confusion. 2837 7.16. Receiving R2 messages 2839 A host MUST silently discard any received R2 messages that do not 2840 satisfy all of the following validity checks in addition to those 2841 specified in Section 12.2: 2843 o The Hdr Ext Len field is at least 1, i.e., the length is at least 2844 16 octets. 2846 Upon the reception of an R2 message, the host extracts the Initiator 2847 Nonce and the Locator Pair from the message (the latter from the 2848 source and destination fields in the IPv6 header). Next the host 2849 looks for an existing context which matches the Initiator Nonce and 2850 where the locators are Lp(peer) and Lp(local), respectively. Based 2851 on the state: 2853 o If no such context is found, i.e., the state is IDLE, then the 2854 message is silently dropped. 2856 o If state is I1-SENT, I2-SENT, or I2BIS-SENT then the host performs 2857 the following actions: If a CGA Parameter Data Structure (PDS) is 2858 included in the message, then the host MUST verify that the actual 2859 PDS contained in the message corresponds to the ULID(peer) as 2860 specified in Section 7.2. If the verification fails, then the 2861 message is silently dropped. If the verification succeeds, then 2862 the host records the information from the R2 message in the 2863 context state; it records the peer's locator set and CT(peer). 2864 The host SHOULD perform the HBA/CGA verification of the peer's 2865 locator set at this point in time, as specified in Section 7.2. 2867 The host sets its state to ESTABLISHED. 2869 o If the state is ESTABLISHED, the R2 message is silently ignored, 2870 (since this is likely to be a reply to a retransmitted I2 2871 message). 2873 Before the host completes the R2 processing it MUST look for a 2874 possible context confusion i.e. where it would end up with multiple 2875 contexts using the same CT(peer) for the same peer host. See 2876 Section 7.15. 2878 7.17. Sending R1bis messages 2880 Upon the receipt of a shim6 payload extension header where there is 2881 no current SHIM6 context at the receiver, the receiver is to respond 2882 with an R1bis message in order to enable a fast re-establishment of 2883 the lost SHIM6 context. 2885 Also a host is to respond with a R1bis upon receipt of any control 2886 messages that has a message type in the range 64-127 (i.e., excluding 2887 the context setup messages such as I1, R1, R1bis, I2, I2bis, R2 and 2888 future extensions), where the control message refers to a non 2889 existent context. 2891 We assume that all the incoming packets that trigger the generation 2892 of an R1bis message contain a locator pair (in the address fields of 2893 the IPv6 header) and a Context Tag. 2895 Upon reception of any of the packets described above, the host will 2896 reply with an R1bis including the following information: 2898 o The Responder Nonce is a number picked by the responder which the 2899 initiator will return in the I2bis message. 2901 o Packet Context Tag is the context tag contained in the received 2902 packet that triggered the generation of the R1bis message. 2904 o The Responder Validator option is included, with a validator that 2905 is computed as suggested in the next section. 2907 7.17.1. Generating the R1bis Validator 2909 One way for the responder to properly generate validators is to 2910 maintain a single secret (S) and a running counter for the Responder 2911 Nonce. 2913 In the case the validator is generated to be included in a R1bis 2914 message, for each received payload extension header or control 2915 message, the responder can increase the counter, use the counter 2916 value as the responder nonce, and use the following information 2917 concatenated as input to the one-way function: 2919 o The the secret S 2921 o That Responder Nonce 2923 o The Receiver Context tag included in the received packet 2925 o The locators from the received packet 2927 and then the output of the hash function is used as the validator 2928 octet string. 2930 7.18. Receiving R1bis messages and sending I2bis messages 2932 A host MUST silently discard any received R1bis messages that do not 2933 satisfy all of the following validity checks in addition to those 2934 specified in Section 12.2: 2936 o The Hdr Ext Len field is at least 1, i.e., the length is at least 2937 16 octets. 2939 Upon the reception of an R1bis message, the host extracts the Packet 2940 Context Tag and the Locator Pair from the message (the latter from 2941 the source and destination fields in the IPv6 header). Next the host 2942 looks for an existing context where the Packet Context Tag matches 2943 CT(peer) and where the locators match Lp(peer) and Lp(local), 2944 respectively. 2946 o If no such context is not found, i.e., the state is IDLE, then the 2947 R1bis message is silently discarded. 2949 o If the state is I1-SENT, I2-SENT, or I2BIS-SENT, then the R1bis 2950 message is silently discarded. 2952 o If the state is ESTABLISHED, then we are in the case where the 2953 peer has lost the context and the goal is to try to re-establish 2954 it. For that, the host leaves CT(peer) unchanged in the context 2955 state, transitions to I2BIS-SENT state, and sends a I2bis message, 2956 including the computed Responder Validator option, the Packet 2957 Context Tag, and the Responder Nonce received in the R1bis 2958 message. This I2bis message is sent using the locator pair 2959 included in the R1bis message. In the case that this locator pair 2960 differs from the ULID pair defined for this context, then an ULID 2961 option MUST be included in the I2bis message. In addition, if the 2962 Forked Instance Identifier for this context is non-zero, then a 2963 Forked Instance Identifier option carrying the instance identifier 2964 value for this context MUST be included in the I2bis message. 2966 7.19. Retransmitting I2bis messages 2968 If the initiator does not receive an R2 message after I2bis_TIMEOUT 2969 time after sending an I2bis message it MAY retransmit the I2bis 2970 message, using binary exponential backoff and randomized timers. The 2971 Responder Validator option might have a limited lifetime, that is, 2972 the peer might reject Responder Validator options that are older than 2973 VALIDATOR_MIN_LIFETIME to avoid replay attacks. Thus the initiator 2974 SHOULD fall back to retransmitting the I1 message when there is no R2 2975 received after retransmitting the I2bis message I2bis_RETRIES_MAX 2976 times. 2978 7.20. Receiving I2bis messages and sending R2 messages 2980 A host MUST silently discard any received I2bis messages that do not 2981 satisfy all of the following validity checks in addition to those 2982 specified in Section 12.2: 2984 o The Hdr Ext Len field is at least 3, i.e., the length is at least 2985 32 octets. 2987 Upon the reception of an I2bis message, the host extracts the ULID 2988 pair and the Forked Instance identifier from the message. If there 2989 is no ULID-pair option, then the ULID pair is taken from the source 2990 and destination fields in the IPv6 header. If there is no FII option 2991 in the message, then the FII value is taken to be zero. 2993 Next the host verifies that the Responder Nonce is a recent one 2994 (Nonces that are no older than VALIDATOR_MIN_LIFETIME SHOULD be 2995 considered recent), and that the Responder Validator option matches 2996 the validator the host would have computed for the ULID, locators, 2997 responder nonce, and FII as part of sending an R1bis message. 2999 If a CGA Parameter Data Structure (PDS) is included in the message, 3000 then the host MUST verify if the actual PDS contained in the message 3001 corresponds to the ULID(peer). 3003 If any of the above verifications fails, then the host silently 3004 discard the message and it has completed the I2bis processing. 3006 If both verifications are successful, then the host proceeds to look 3007 for a context state for the Initiator. The host looks for a context 3008 with the extracted ULID pair and FII. If none exist then state of 3009 the (non-existing) context is viewed as being IDLE, thus the actions 3010 depend on the state as follows: 3012 o If the state is IDLE (i.e., the context does not exist) the host 3013 allocates a context tag (CT(local)), creates the context state for 3014 the context, and sets its state to ESTABLISHED. The host SHOULD 3015 NOT use the Packet Context Tag in the I2bis message for CT(local); 3016 instead it should pick a new random context tag just as when it 3017 processes an I2 message. It records CT(peer), and the peer's 3018 locator set as well as its own locator set in the context. It 3019 SHOULD perform the HBA/CGA verification of the peer's locator set 3020 at this point in time as specified in Section 7.2. Then the host 3021 sends an R2 message back as specified in Section 7.14. 3023 o If the state is I1-SENT, then the host verifies if the source 3024 locator is included in Ls(peer) or, it is included in the Locator 3025 List contained in the the I2 message and the HBA/CGA verification 3026 for this specific locator is successful 3028 * If this is not the case, then the message is silently 3029 discarded. The the context state remains unchanged. 3031 * If this is the case, then the host updates the context 3032 information (CT(peer), Ls(peer)) with the data contained in the 3033 I2 message and the host MUST send a R2 message back as 3034 specified below. Note that before updating Ls(peer) 3035 information, the host SHOULD perform the HBA/CGA validation of 3036 the peer's locator set at this point in time as specified in 3037 Section 7.2. The host moves to ESTABLISHED state. 3039 o If the state is ESTABLISHED, I2-SENT, or I2BIS-SENT, then the host 3040 verifies if the source locator is included in Ls(peer) or, it is 3041 included in the Locator List contained in the the I2 message and 3042 the HBA/CGA verification for this specific locator is successful 3044 * If this is not the case, then the message is silently 3045 discarded. The the context state remains unchanged. 3047 * If this is the case, then the host updates the context 3048 information (CT(peer), Ls(peer)) with the data contained in the 3049 I2 message and the host MUST send a R2 message back as 3050 specified in Section 7.14. Note that before updating Ls(peer) 3051 information, the host SHOULD perform the HBA/CGA validation of 3052 the peer's locator set at this point in time as specified in 3053 Section 7.2. The context state remains unchanged. 3055 8. Handling ICMP Error Messages 3057 The routers in the path as well as the destination might generate 3058 various ICMP error messages, such as host unreachable, packet too 3059 big, and Unrecognized Next Header type. It is critical that these 3060 packets make it back up to the ULPs so that they can take appropriate 3061 action. 3063 This is an implementation issue in the sense that the mechanism is 3064 completely local to the host itself. But the issue of how ICMP 3065 errors are correctly dispatched to the ULP on the host are important, 3066 hence this section specifies the issue. 3068 +--------------+ 3069 | IPv6 Header | 3070 | | 3071 +--------------+ 3072 | ICMPv6 | 3073 | Header | 3074 - - +--------------+ - - 3075 | IPv6 Header | 3076 | src, dst as | Can be dispatched 3077 IPv6 | sent by ULP | unmodified to ULP 3078 | on host | ICMP error handler 3079 Packet +--------------+ 3080 | ULP | 3081 in | Header | 3082 +--------------+ 3083 Error | | 3084 ~ Data ~ 3085 | | 3086 - - +--------------+ - - 3088 Figure 29: ICMP error handling without payload extension header 3090 When the ULP packets are sent without the payload extension header, 3091 that is, while the initial locators=ULIDs are working, this 3092 introduces no new concerns; an implementation's existing mechanism 3093 for delivering these errors to the ULP will work. See Figure 29. 3095 But when the shim on the transmitting side inserts the payload 3096 extension header and replaces the ULIDs in the IP address fields with 3097 some other locators, then an ICMP error coming back will have a 3098 "packet in error" which is not a packet that the ULP sent. Thus the 3099 implementation will have to apply the reverse mapping to the "packet 3100 in error" before passing the ICMP error up to the ULP. See 3101 Figure 30. 3103 +--------------+ 3104 | IPv6 Header | 3105 | | 3106 +--------------+ 3107 | ICMPv6 | 3108 | Header | 3109 - - +--------------+ - - 3110 | IPv6 Header | 3111 | src, dst as | Needs to be 3112 IPv6 | modified by | transformed to 3113 | shim on host | have ULIDs 3114 +--------------+ in src, dst fields, 3115 Packet | SHIM6 ext. | and SHIM6 ext. 3116 | Header | header removed 3117 in +--------------+ before it can be 3118 | Transport | dispatched to the ULP 3119 Error | Header | ICMP error handler. 3120 +--------------+ 3121 | | 3122 ~ Data ~ 3123 | | 3124 - - +--------------+ - - 3126 Figure 30: ICMP error handling with payload extension header 3128 Note that this mapping is different than when receiving packets from 3129 the peer with a payload extension headers, because in that case the 3130 packets contain CT(local). But the ICMP errors have a "packet in 3131 error" with an payload extension header containing CT(peer). This is 3132 because they were intended to be received by the peer. In any case, 3133 since the has to be 3134 unique when received by the peer, the local host should also only be 3135 able to find one context that matches this tuple. 3137 If the ICMP error is a Packet Too Big, the reported MTU must be 3138 adjusted to be 8 octets less, since the shim will add 8 octets when 3139 sending packets. 3141 After the "packet in error" has had the original ULIDs inserted, then 3142 this payload extension header can be removed. The result is a 3143 "packet in error" that is passed to the ULP which looks as if the 3144 shim did not exist. 3146 9. Teardown of the ULID-Pair Context 3148 Each host can unilaterally decide when to tear down a ULID-pair 3149 context. It is RECOMMENDED that hosts do not tear down the context 3150 when they know that there is some upper layer protocol that might use 3151 the context. For example, an implementation might know this if there 3152 is an open socket which is connected to the ULID(peer). However, 3153 there might be cases when the knowledge is not readily available to 3154 the shim layer, for instance for UDP applications which do not 3155 connect their sockets, or any application which retains some higher 3156 level state across (TCP) connections and UDP packets. 3158 Thus it is RECOMMENDED that implementations minimize premature 3159 teardown by observing the amount of traffic that is sent and received 3160 using the context, and only after it appears quiescent, tear down the 3161 state. A reasonable approach would be not to tear down a context 3162 until at least 5 minutes have passed since the last message was sent 3163 or received using the context. 3165 Since there is no explicit, coordinated removal of the context state, 3166 there are potential issues around context tag reuse. One end might 3167 remove the state, and potentially reuse that context tag for some 3168 other communication, and the peer might later try to use the old 3169 context (which it didn't remove). The protocol has mechanisms to 3170 recover from this, which work whether the state removal was total and 3171 accidental (e.g., crash and reboot of the host), or just a garbage 3172 collection of shim state that didn't seem to be used. However, the 3173 host should try to minimize the reuse of context tags by trying to 3174 randomly cycle through the 2^47 context tag values. (See Appendix C 3175 for a summary how the recovery works in the different cases.) 3177 10. Updating the Peer 3179 The Update Request and Acknowledgement are used both to update the 3180 list of locators (only possible when CGA is used to verify the 3181 locator(s)), as well as updating the preferences associated with each 3182 locator. 3184 10.1. Sending Update Request messages 3186 When a host has a change in the locator set, then it can communicate 3187 this to the peer by sending an Update Request. When a host has a 3188 change in the preferences for its locator set, it can also 3189 communicate this to the peer. The Update Request message can include 3190 just a Locator List option, to convey the new set of locators (which 3191 requires a CGA signature option as well), just a Locator Preferences 3192 option, or both a new Locator List and new Locator Preferences. 3194 Should the host send a new Locator List, the host picks a new random 3195 local generation number, records this in the context, and puts it in 3196 the Locator List option. Any Locator Preference option, whether send 3197 in the same Update Request or in some future Update Request, will use 3198 that generation number to make sure the preferences get applied to 3199 the correct version of the locator list. 3201 The host picks a random Request Nonce for each update, and keeps the 3202 same nonce for any retransmissions of the Update Request. The nonce 3203 is used to match the acknowledgement with the request. 3205 10.2. Retransmitting Update Request messages 3207 If the host does not receive an Update Acknowledgement R2 message in 3208 response to the Update Request message after UPDATE_TIMEOUT time, 3209 then it needs to retransmit the Update Request message. The 3210 retransmissions should use a retransmission timer with binary 3211 exponential backoff to avoid creating congestion issues for the 3212 network when lots of hosts perform Update Request retransmissions. 3213 Also, the actual timeout value should be randomized between 0.5 and 3214 1.5 of the nominal value to avoid self-synchronization. 3216 Should there be no response, the retransmissions continue forever. 3217 The binary exponential backoff stops at MAX_UPDATE_TIMEOUT. But the 3218 only way the retransmissions would stop when there is no 3219 acknowledgement, is when the shim, through the Probe protocol or some 3220 other mechanism, decides to discard the context state due to lack of 3221 ULP usage in combination with no responses to the Probes. 3223 10.3. Newer Information While Retransmitting 3225 There can be at most one outstanding Update Request message at any 3226 time. Thus until e.g. an update with a new Locator List has been 3227 acknowledged, any even newer Locator List or new Locator Preferences 3228 can not just be sent. However, when there is newer information and 3229 the older information has not yet been acknowledged, the host can 3230 instead of waiting for an acknowledgement, abandon the previous 3231 update and construct a new Update Request (with a new Request Nonce) 3232 which includes the new information as well as the information that 3233 hadn't yet been acknowledged. 3235 For example, if the original locator list was just (A1, A2), and if 3236 an Update Request with the Locator List (A1, A3) is outstanding, and 3237 the host determines that it should both add A4 to the locator list, 3238 and mark A1 as BROKEN, then it would need to: 3240 o Pick a new random Request Nonce for the new Update Request. 3242 o Pick a new random Generation number for the new locator list. 3244 o Form the new locator list - (A1, A3, A4) 3246 o Form a Locator Preference option which uses the new generation 3247 number and has the BROKEN flag for the first locator. 3249 o Send the Update Request and start a retransmission timer. 3251 Any Update Acknowledgement which doesn't match the current request 3252 nonce, for instance an acknowledgement for the abandoned Update 3253 Request, will be silently ignored. 3255 10.4. Receiving Update Request messages 3257 A host MUST silently discard any received Update Request messages 3258 that do not satisfy all of the following validity checks in addition 3259 to those specified in Section 12.2: 3261 o The Hdr Ext Len field is at least 1, i.e., the length is at least 3262 16 octets. 3264 Upon the reception of an Update Request message, the host extracts 3265 the Context Tag from the message. It then looks for a context which 3266 has a CT(local) that matches the context tag. If no such context is 3267 found, it sends a R1bis message as specified in Section 7.17. 3269 Since context tags can be reused, the host MUST verify that the IPv6 3270 source address field is part of Ls(peer) and that the IPv6 3271 destination address field is part of Ls(local). If this is not the 3272 case, the sender of the Update Request has a stale context which 3273 happens to match the CT(local) for this context. In this case the 3274 host MUST send a R1bis message, and otherwise ignore the Update 3275 Request message. 3277 If a CGA Parameter Data Structure (PDS) is included in the message, 3278 then the host MUST verify if the actual PDS contained in the packet 3279 corresponds to the ULID(peer). If this verification fails, the 3280 message is silently discarded. 3282 Then, depending on the state of the context: 3284 o If ESTABLISHED: Proceed to process message. 3286 o If I1-SENT, discard the message and stay in I1-SENT. 3288 o If I2-SENT, then send I2 and proceed to process the message. 3290 o If I2BIS-SENT, then send I2bis and proceed to process the message. 3292 The verification issues for the locators carried in the Locator 3293 Update message are specified in Section 7.2. If the locator list can 3294 not be verified, this procedure might send an ICMP Parameter Problem 3295 error. In any case, if it can not be verified, there is no further 3296 processing of the Update Request. 3298 Once any Locator List option in the Update Request has been verified, 3299 the peer generation number in the context is updated to be the one in 3300 the Locator List option. 3302 If the Update message contains a Locator Preference option, then the 3303 Generation number in the preference option is compared with the peer 3304 generation number in the context. If they do not match, then the 3305 host generates an ICMP parameter problem (type 4, code 0) with the 3306 Pointer field referring to the first octet in the Generation number 3307 in the Locator Preference option. In addition, if the number of 3308 elements in the Locator Preference option does not match the number 3309 of locators in Ls(peer), then an ICMP parameter problem is sent with 3310 the Pointer referring to the first octet of the Length field in the 3311 Locator Preference option. In both cases of failures, no further 3312 processing is performed for the Locator Update message. 3314 If the generation number matches, the locator preferences are 3315 recorded in the context. 3317 Once the Locator List option (if present) has been verified and any 3318 new locator list or locator preferences have been recorded, the host 3319 sends an Update Acknowledgement message, copying the nonce from the 3320 request, and using the CT(peer) in as the Receiver Context Tag. 3322 Any new locators, or more likely new locator preferences, might 3323 result in the host wanting to select a different locator pair for the 3324 context. For instance, if the Locator Preferences lists the current 3325 Lp(peer) as BROKEN. The host uses the Probe message in [9] to verify 3326 that the new locator is reachable before changing Lp(peer). 3328 10.5. Receiving Update Acknowledgement messages 3330 A host MUST silently discard any received Update Acknowledgement 3331 messages that do not satisfy all of the following validity checks in 3332 addition to those specified in Section 12.2: 3334 o The Hdr Ext Len field is at least 1, i.e., the length is at least 3335 16 octets. 3337 Upon the reception of an Update Acknowledgement message, the host 3338 extracts the Context Tag and the Request Nonce from the message. It 3339 then looks for a context which has a CT(local) that matches the 3340 context tag. If no such context is found, it sends a R1bis message 3341 as specified in Section 7.17. 3343 Since context tags can be reused, the host MUST verify that the IPv6 3344 source address field is part of Ls(peer) and that the IPv6 3345 destination address field is part of Ls(local). If this is not the 3346 case, the sender of the Update Acknowledgement has a stale context 3347 which happens to match the CT(local) for this context. In this case 3348 the host MUST send a R1bis message, and otherwise ignore the Update 3349 Acknowledgement message. 3351 Then, depending on the state of the context: 3353 o If ESTABLISHED: Proceed to process message. 3355 o If I1-SENT, discard the message and stay in I1-SENT. 3357 o If I2-SENT, then send R2 and proceed to process the message. 3359 o If I2BIS-SENT, then send R2 and proceed to process the message. 3361 If the Request Nonce doesn't match the Nonce for the last sent Update 3362 Request for the context, then the Update Acknowledgement is silently 3363 ignored. If the nonce matches, then the update has been completed 3364 and the Update retransmit timer can be reset. 3366 11. Sending ULP Payloads 3368 When there is no context state for the ULID pair on the sender, there 3369 is no effect on how ULP packets are sent. If the host is using some 3370 heuristic for determining when to perform a deferred context 3371 establishment, then the host might need to do some accounting (count 3372 the number of packets sent and received) even before there is a ULID- 3373 pair context. 3375 If the context is not in ESTABLISHED or I2BIS-SENT state, then it 3376 there is also no effect on how the ULP packets are sent. Only in the 3377 ESTABLISHED and I2BIS-SENT states does the host have CT(peer) and 3378 Ls(peer) set. 3380 If there is a ULID-pair context for the ULID pair, then the sender 3381 needs to verify whether context uses the ULIDs as locators, that is, 3382 whether Lp(peer) == ULID(peer) and Lp(local) == ULID(local). 3384 If this is the case, then packets can be sent unmodified by the shim. 3385 If it is not the case, then the logic in Section 11.1 will need to be 3386 used. 3388 There will also be some maintenance activity relating to 3389 (un)reachability detection, whether packets are sent with the 3390 original locators or not. The details of this is out of scope for 3391 this document and is specified in [9]. 3393 11.1. Sending ULP Payload after a Switch 3395 When sending packets, if there is a ULID-pair context for the ULID 3396 pair, and the ULID pair is no longer used as the locator pair, then 3397 the sender needs to transform the packet. Apart from replacing the 3398 IPv6 source and destination fields with a locator pair, an 8-octet 3399 header is added so that the receiver can find the context and inverse 3400 the transformation. 3402 If there has been a failure causing a switch, and later the context 3403 switches back to sending things using the ULID pair as the locator 3404 pair, then there is no longer a need to do any packet transformation 3405 by the sender, hence there is no need to include the 8-octet 3406 extension header. 3408 First, the IP address fields are replaced. The IPv6 source address 3409 field is set to Lp(local) and the destination address field is set to 3410 Lp(peer). NOTE that this MUST NOT cause any recalculation of the ULP 3411 checksums, since the ULP checksums are carried end-to-end and the ULP 3412 pseudo-header contains the ULIDs which are preserved end-to-end. 3414 The sender skips any "routing sub-layer extension headers" that the 3415 ULP might have included, thus it skips any hop-by-hop extension 3416 header, any routing header, and any destination options header that 3417 is followed by a routing header. After any such headers the shim6 3418 extension header will be added. This might be before a Fragment 3419 header, a Destination Options header, an ESP or AH header, or a ULP 3420 header. 3422 The inserted shim6 Payload extension header includes the peer's 3423 context tag. It takes on the next header value from the preceding 3424 extension header, since that extension header will have a next header 3425 value of SHIM6. 3427 12. Receiving Packets 3429 As in normal IPv6 receive side packet processing the receiver parses 3430 the (extension) headers in order. Should it find a shim6 extension 3431 header it will look at the "P" field in that header. If this bit is 3432 zero, then the packet must be passed to the shim6 payload handling 3433 for rewriting. Otherwise, the packet is passed to the shim6 control 3434 handling. 3436 12.1. Receiving Payload Extension Headers 3438 The receiver extracts the context tag from the payload extension 3439 header, and uses this to find a ULID-pair context. If no context is 3440 found, the receiver SHOULD generate a R1bis message (see 3441 Section 7.17). 3443 Then, depending on the state of the context: 3445 o If ESTABLISHED: Proceed to process message. 3447 o If I1-SENT, discard the message and stay in I1-SENT. 3449 o If I2-SENT, then send I2 and proceed to process the message. 3451 o If I2BIS-SENT, then send I2bis and proceed to process the message. 3453 With the context in hand, the receiver can now replace the IP address 3454 fields with the ULIDs kept in the context. Finally, the Payload 3455 extension header is removed from the packet (so that the ULP doesn't 3456 get confused by it), and the next header value in the preceding 3457 header is set to be the actual protocol number for the payload. Then 3458 the packet can be passed to the protocol identified by the next 3459 header value (which might be some function associated with the IP 3460 endpoint sublayer, or a ULP). 3462 If the host is using some heuristic for determining when to perform a 3463 deferred context establishment, then the host might need to do some 3464 accounting (count the number of packets sent and received) for 3465 packets that does not have a shim6 extension header and for which 3466 there is no context. But the need for this depends on what 3467 heuristics the implementation has chosen. 3469 12.2. Receiving Shim Control messages 3471 A shim control message has the checksum field verified. The Shim 3472 header length field is also verified against the length of the IPv6 3473 packet to make sure that the shim message doesn't claim to end past 3474 the end of the IPv6 packet. Finally, it checks that the neither the 3475 IPv6 destination field nor the IPv6 source field is a multicast 3476 address. If any of those checks fail, the packet is silently 3477 dropped. 3479 The message is then dispatched based on the shim message type. Each 3480 message type is then processed as described elsewhere in this 3481 document. If the packet contains a shim message type which is 3482 unknown to the receiver, then an ICMPv6 Parameter Problem error is 3483 generated and sent back. The pointer field in the Parameter Problem 3484 is set to point at the first octet of the shim message type. The 3485 error is rate limited just like other ICMP errors [5]. 3487 All the control messages can contain any options with C=0. If there 3488 is any option in the message with C=1 that isn't known to the host, 3489 then the host MUST send an ICMPv6 Parameter Problem, with the Pointer 3490 field referencing the first octet of the Option Type. 3492 12.3. Context Lookup 3494 We assume that each shim context has its own state machine. We 3495 assume that a dispatcher delivers incoming packets to the state 3496 machine that it belongs to. Here we describe the rules used for the 3497 dispatcher to deliver packets to the correct shim context state 3498 machine. 3500 There is one state machine per context identified that is 3501 conceptually identified by ULID pair and Forked Instance Identifier 3502 (which is zero by default), or identified by CT(local). However, the 3503 detailed lookup rules are more complex, especially during context 3504 establishment. 3506 Clearly, if the required context is not established, it will be in 3507 IDLE state. 3509 During context establishment, the context is identified as follows: 3511 o I1 packets: Deliver to the context associated with the ULID pair 3512 and the Forked Instance Identifier. 3514 o I2 packets: Deliver to the context associated with the ULID pair 3515 and the Forked Instance Identifier. 3517 o R1 packets: Deliver to the context with the locator pair included 3518 in the packet and the Initiator nonce included in the packet (R1 3519 does not contain ULID pair nor the CT(local)). If no context 3520 exist with this locator pair and Initiator nonce, then silently 3521 discard. 3523 o R2 packets: Deliver to the context with the locator pair included 3524 in the packet and the Initiator nonce included in the packet (R2 3525 does not contain ULID pair nor the CT(local)). If no context 3526 exists with this locator pair and INIT nonce, then silently 3527 discard. 3529 o R1bis packet: deliver to the context that has the locator pair and 3530 the CT(peer) equal to the Packet Context Tag included in the R1bis 3531 packet. 3533 o I2bis packets: Deliver to the context associated with the ULID 3534 pair and the Forked Instance Identifier. 3536 o Payload extension headers: Deliver to the context with CT(local) 3537 equal to the Receiver Context Tag included in the packet. 3539 o Other control messages (Update, Keepalive, Probe): Deliver to the 3540 context with CT(local) equal to the Receiver Context Tag included 3541 in the packet. Verify that the IPv6 source address field is part 3542 of Ls(peer) and that the IPv6 destination address field is part of 3543 Ls(local). If not, send a R1bis message. 3545 o ICMP errors which contain a shim6 payload extension header or 3546 other shim control packet in the "packet in error": Use the 3547 "packet in error" for dispatching as follows. Deliver to the 3548 context with CT(peer) equal to the Receiver Context Tag, Lp(local) 3549 being the IPv6 source address, and Lp(peer) being the IPv6 3550 destination address. 3552 In addition, the shim on the sending side needs to be able to find 3553 the context state when a ULP packet is passed down from the ULP. In 3554 that case the lookup key is the pair of ULIDs and FII=0. If we have 3555 a ULP API that allows the ULP to do context forking, then presumably 3556 the ULP would pass down the Forked Instance Identifier. 3558 13. Initial Contact 3560 The initial contact is some non-shim communication between two ULIDs, 3561 as described in Section 2. At that point in time there is no 3562 activity in the shim. 3564 Whether the shim ends up being used or not (e.g., the peer might not 3565 support shim6) it is highly desirable that the initial contact can be 3566 established even if there is a failure for one or more IP addresses. 3568 The approach taken is to rely on the applications and the transport 3569 protocols to retry with different source and destination addresses, 3570 consistent with what is already specified in Default Address 3571 Selection [13], and some fixes to that specification [14] to make it 3572 try different source addresses and not only different destination 3573 addresses. 3575 The implementation of such an approach can potentially result in long 3576 timeouts. For instance, a naive implementation at the socket API 3577 which uses getaddrinfo() to retrieve all destination addresses and 3578 then tries to bind() and connect() to try all source and destination 3579 address combinations waiting for TCP to time out for each combination 3580 before trying the next one. 3582 However, if implementations encapsulate this in some new connect-by- 3583 name() API, and use non-blocking connect calls, it is possible to 3584 cycle through the available combinations in a more rapid manner until 3585 a working source and destination pair is found. Thus the issues in 3586 this domain are issues of implementations and the current socket API, 3587 and not issues of protocol specification. In all honesty, while 3588 providing an easy to use connect-by-name() API for TCP and other 3589 connection-oriented transports is easy; providing a similar 3590 capability at the API for UDP is hard due to the protocol itself not 3591 providing any "success" feedback. But even the UDP issue is one of 3592 APIs and implementation. 3594 14. Protocol constants 3596 The protocol uses the following constants: 3598 I1_RETRIES_MAX = 4 3600 I1_TIMEOUT = 4 seconds 3602 NO_R1_HOLDDOWN_TIME = 1 min 3604 ICMP_HOLDDOWN_TIME = 10 min 3606 I2_TIMEOUT = 4 seconds 3608 I2_RETRIES_MAX = 2 3610 I2bis_TIMEOUT = 4 seconds 3612 I2bis_RETRIES_MAX = 2 3614 VALIDATOR_MIN_LIFETIME = 30 seconds 3616 UPDATE_TIMEOUT = 4 seconds 3618 The retransmit timers (I1_TIMEOUT, I2_TIMEOUT, UPDATE_TIMEOUT) are 3619 subject to binary exponential backoff, as well as randomization 3620 across a range of 0.5 and 1.5 times the nominal (backed off) value. 3621 This removes any risk of synchronization between lots of hosts 3622 performing independent shim operations at the same time. 3624 The randomization is applied after the binary exponential backoff. 3625 Thus the first retransmission would happen based on a uniformly 3626 distributed random number in the range [0.5*4, 1.5*4] seconds, the 3627 second retransmission [0.5*8, 1.5*8] seconds after the first one, 3628 etc. 3630 15. Implications Elsewhere 3632 The general shim6 approach, as well as the specifics of this proposed 3633 solution, has implications elsewhere. The key implications are: 3635 o Applications that perform referrals, or callbacks using IP 3636 addresses as the 'identifiers' can still function in limited ways, 3637 as described in [23]. But in order for such applications to be 3638 able to take advantage of the multiple locators for redundancy, 3639 the applications need to be modified to either use fully qualified 3640 domain names as the 'identifiers', or they need to pass all the 3641 locators as the 'identifiers' i.e., the 'identifier' from the 3642 applications perspective becomes a set of IP addresses instead of 3643 a single IP address. 3645 o Firewalls that today pass limited traffic, e.g., outbound TCP 3646 connections, would presumably block the shim6 protocol. This 3647 means that even when shim6 capable hosts are communicating, the I1 3648 messages would be dropped, hence the hosts would not discover that 3649 their peer is shim6 capable. This is in fact a feature, since if 3650 the hosts managed to establish a ULID-pair context, then the 3651 firewall would probably drop the "different" packets that are sent 3652 after a failure (those using the shim6 payload extension header 3653 with a TCP packet inside it). Thus stateful firewalls that are 3654 modified to pass shim6 messages should also be modified to pass 3655 the payload extension header, so that the shim can use the 3656 alternate locators to recover from failures. This presumably 3657 implies that the firewall needs to track the set of locators in 3658 use by looking at the shim6 control exchanges. Such firewalls 3659 might even want to verify the locators using the HBA/CGA 3660 verification themselves, which they can do without modifying any 3661 of the shim6 packets they pass through. 3663 o Signaling protocols for QoS or other things that involve having 3664 devices in the network path look at IP addresses and port numbers, 3665 or IP addresses and Flow Labels, need to be invoked on the hosts 3666 when the locator pair changes due to a failure. At that point in 3667 time those protocols need to inform the devices that a new pair of 3668 IP addresses will be used for the flow. Note that this is the 3669 case even though this protocol, unlike some earlier proposals, 3670 does not overload the flow label as a context tag; the in-path 3671 devices need to know about the use of the new locators even though 3672 the flow label stays the same. 3674 o MTU implications. The path MTU mechanisms we use are robust 3675 against different packets taking different paths through the 3676 Internet, by computing a minimum over the recently observed path 3677 MTUs. When shim6 fails over from using one locator pair to 3678 another pair, this means that packets might travel over a 3679 different path through the Internet, hence the path MTU might be 3680 quite different. Perhaps such a path change would be a good hint 3681 to the path MTU mechanism to try a larger MTU? 3683 The fact that the shim will add an 8 octet payload extension 3684 header to the ULP packets after a locator switch, can also affect 3685 the usable path MTU for the ULPs. In this case the MTU change is 3686 local to the sending host, thus conveying the change to the ULPs 3687 is an implementation matter. 3689 o The precise interaction between Mobile IPv6 and shim6 is for 3690 further study, but it might make sense to have Mobile IPv6 operate 3691 on locators, meaning that the shim would be layered on top of the 3692 MIPv6 mechanism. 3694 16. Security Considerations 3696 This document satisfies the concerns specified in [20] as follows: 3698 o The HBA [6] and CGA technique [8] for verifying the locators to 3699 prevent an attacker from redirecting the packet stream to 3700 somewhere else. The minimum acceptable key length for public keys 3701 used in the generation of CGAs SHOULD be 1024 bits. Any 3702 implementation should follow prudent cryptographic practice in 3703 determining the appropriate key lengths. 3705 o Requiring a Reachability Probe+Reply before a new locator is used 3706 as the destination, in order to prevent 3rd party flooding 3707 attacks. 3709 o The first message does not create any state on the responder. 3710 Essentially a 3-way exchange is required before the responder 3711 creates any state. This means that a state-based DoS attack 3712 (trying to use up all of memory on the responder) at least 3713 requires the attacker to create state, cosnuming his own resources 3714 and also it provides an IPv6 address that the attacker was using. 3716 o The context establishment messages use nonces to prevent replay 3717 attacks, and to prevent off-path attackers from interfering with 3718 the establishment. 3720 o Every control message of the shim6 protocol, past the context 3721 establishment, carry the context tag assigned to the particular 3722 context. This implies that an attacker needs to discover that 3723 context tag before being able to spoof any shim6 control message. 3724 Such discovery probably requires to be along the path in order to 3725 be sniff the context tag value. The result is that through this 3726 technique, the shim6 protocol is protected against off-path 3727 attackers. 3729 Interaction with IPSec 3731 The shim6 sub-layer is implemented below the IPSec layer within the 3732 IP layer. This deserves some additional considerations for a couple 3733 of specific cases: First, it should be noted that the shim6 approach 3734 does not preclude using IPSEC tunnels on shim6 packets within the 3735 network transit path. Second, in case that IPSec is implemented as 3736 Bump-In-The-Wire (BITW) [7] it is expected that the shim6 sub-layer 3737 is also implemnted in the same fashion. 3739 Some of the residual threats in this proposal are: 3741 o An attacker which arrives late on the path (after the context has 3742 been established) can use the R1bis message to cause one peer to 3743 recreate the context, and at that point in time the attacker can 3744 observe all of the exchange. But this doesn't seem to open any 3745 new doors for the attacker since such an attacker can observe the 3746 context tags that are being used, and once known it can use those 3747 to send bogus messages. 3749 o An attacker which is present on the path so that it can find out 3750 the context tags, can generate a R1bis message after it has moved 3751 off the path. For this packet to be effective it needs to have a 3752 source locator which belongs to the context, thus there can not be 3753 "too much" ingress filtering between the attackers new location 3754 and the communicating peers. But this doesn't seem to be that 3755 severe, because once the R1bis causes the context to be re- 3756 established, a new pair of context tags will be used, which will 3757 not be known to the attacker. If this is still a concern, we 3758 could require a 2-way handshake "did you really loose the state?" 3759 in response to the error message. 3761 o It might be possible for an attacker to try random 47-bit context 3762 tags and see if they can cause disruption for communication 3763 between two hosts. In particular, in the case of payload packets, 3764 the effects of such attack would be similar of those of an 3765 attacker sending packets with spoofed source address. In the case 3766 of control packets, it is not enough to find the correct context 3767 tag, but additional information is required (e.g. nonces, proper 3768 source addresses) (see previous bullet for the case of R1bis). If 3769 a 47-bit tag, which is the largest that fits in an 8-octet 3770 extension header, isn't sufficient, one could use an even larger 3771 tag in the shim6 control messages, and use the low-order 47 bits 3772 in the payload extension header. 3774 o When the payload extension header is used, an attacker that can 3775 guess the 47-bit random context tag, can inject packets into the 3776 context with any source locator. Thus if there is ingress 3777 filtering between the attacker, this could potentially allow to 3778 bypass the ingress filtering. However, in addition to guessing 3779 the 47-bit context tag, the attacker also needs to find a context 3780 where, after the receiver's replacement of the locators with the 3781 ULIDs, the the ULP checksum is correct. But even this wouldn't be 3782 sufficient with ULPs like TCP, since the TCP port numbers and 3783 sequence numbers must match an existing connection. Thus, even 3784 though the issues for off-path attackers injecting packets are 3785 different than today with ingress filtering, it is still very hard 3786 for an off-path attacker to guess. If IPsec is applied then the 3787 issue goes away completely. 3789 o The validator included in the R1 and R1bis packets are generated 3790 as a hash of several input parameters. However, most of the 3791 inputs are actually determined by the sender, and only the secret 3792 value S is unknown to the sender. However, the resulting 3793 protection is deemed to be enough since it would be easier for the 3794 attacker to just obtain a new validator sending a I1 packet than 3795 performing all the computations required to determine the secret 3796 S. However, it is recommended that the host changes the secret S 3797 periodically. 3799 17. IANA Considerations 3801 IANA is directed to allocate a new IP Protocol Number value for the 3802 SHIM6 Protocol. 3804 IANA is directed to record a CGA message type for the SHIM6 Protocol 3805 in the [CGA] namespace registry with the value 0x4A30 5662 4858 574B 3806 3655 416F 506A 6D48. 3808 IANA is directed to establish a SHIM6 Parameter Registry with two 3809 components: SHIM6 Type registrations and SHIM6 Options registrations. 3811 The initial contents of the SHIM6 Type registry are as follows: 3813 +------------+-----------------------------------------------------+ 3814 | Type Value | Message | 3815 +------------+-----------------------------------------------------+ 3816 | 0 | RESERVED | 3817 | | | 3818 | 1 | I1 (first establishment message from the initiator) | 3819 | | | 3820 | 2 | R1 (first establishment message from the responder) | 3821 | | | 3822 | 3 | I2 (2nd establishment message from the initiator) | 3823 | | | 3824 | 4 | R2 (2nd establishment message from the responder) | 3825 | | | 3826 | 5 | R1bis (Reply to reference to non-existent context) | 3827 | | | 3828 | 6 | I2bis (Reply to a R1bis message) | 3829 | | | 3830 | 7-59 | Can be allocated using Standards Action | 3831 | | | 3832 | 60-63 | For Experimental use | 3833 | | | 3834 | 64 | Update Request | 3835 | | | 3836 | 65 | Update Acknowledgement | 3837 | | | 3838 | 66 | Keepalive | 3839 | | | 3840 | 67 | Probe Message | 3841 | | | 3842 | 68-123 | Can be allocated using Standards Action | 3843 | | | 3844 | 124-127 | For Experimental use | 3845 +------------+-----------------------------------------------------+ 3846 The initial contents of the SHIM6 Options registry are as follows: 3848 +-------------+----------------------------------+ 3849 | Type | Option Name | 3850 +-------------+----------------------------------+ 3851 | 0 | RESERVED | 3852 | | | 3853 | 1 | Responder Validator | 3854 | | | 3855 | 2 | Locator List | 3856 | | | 3857 | 3 | Locator Preferences | 3858 | | | 3859 | 4 | CGA Parameter Data Structure | 3860 | | | 3861 | 5 | CGA Signature | 3862 | | | 3863 | 6 | ULID Pair | 3864 | | | 3865 | 7 | Forked Instance Identifier | 3866 | | | 3867 | 8-9 | Allocated using Standards action | 3868 | | | 3869 | 10 | Keepalive Timeout Option | 3870 | | | 3871 | 11-16383 | Allocated using Standards action | 3872 | | | 3873 | 16384-32767 | For Experimental use | 3874 +-------------+----------------------------------+ 3876 18. Acknowledgements 3878 Over the years many people active in the multi6 and shim6 WGs have 3879 contributed ideas a suggestions that are reflected in this 3880 specification. Special thanks to the careful comments from Geoff 3881 Huston, Shinta Sugimoto, Pekka Savola, Dave Meyer, Deguang Le, Jari 3882 Arkko, Iljitsch van Beijnum, Jim Bound, Brian Carpenter, Sebastien 3883 Barre and Tom Henderson on earlier versions of this document. 3885 Appendix A. Possible Protocol Extensions 3887 During the development of this protocol, several issues have been 3888 brought up as important one to address, but are ones that do not need 3889 to be in the base protocol itself but can instead be done as 3890 extensions to the protocol. The key ones are: 3892 o As stated in the assumptions in Section 3, the in order for the 3893 shim6 protocol to be able to recover from a wide range of 3894 failures, for instance when one of the communicating hosts is 3895 singly-homed, and cope with a site's ISPs that do ingress 3896 filtering based on the source IPv6 address, there is a need for 3897 the host to be able to influence the egress selection from its 3898 site. Further discussion of this issue is captured in [21]. 3900 o Is there need for keeping the list of locators private between the 3901 two communicating endpoints? We can potentially accomplish that 3902 when using CGA but not with HBA, but it comes at the cost of doing 3903 some public key encryption and decryption operations as part of 3904 the context establishment. The suggestion is to leave this for a 3905 future extension to the protocol. 3907 o Defining some form of end-to-end "compression" mechanism that 3908 removes the need for including the Shim6 Payload extension header 3909 when the locator pair is not the ULID pair. 3911 o Supporting the dynamic setting of locator preferences on a site- 3912 wide basis, and use the Locator Preference option in the shim6 3913 protocol to convey these preferences to remote communicating 3914 hosts. This could mirror the DNS SRV record's notion of priority 3915 and weight. 3917 o Potentially recommend that more application protocols use DNS SRV 3918 records to allow a site some influence on load spreading for the 3919 initial contact (before the shim6 context establishment) as well 3920 as for traffic which does not use the shim. 3922 o Specifying APIs for the ULPs to be aware of the locators the shim 3923 is using, and be able to influence the choice of locators 3924 (controlling preferences as well as triggering a locator pair 3925 switch). This includes providing APIs the ULPs can use to fork a 3926 shim context. 3928 o Whether it is feasible to relax the suggestions for when context 3929 state is removed, so that one can end up with an asymmetric 3930 distribution of the context state and still get (most of) the shim 3931 benefits. For example, the busy server would go through the 3932 context setup but would quickly remove the context state after 3933 this (in order to save memory) but the not-so-busy client would 3934 retain the context state. The context recovery mechanism 3935 presented in Section 7.5 would then be recreate the state should 3936 the client send either a shim control message (e.g., probe message 3937 because it sees a problem), or a ULP packet in an payload 3938 extension header (because it had earlier failed over to an 3939 alternative locator pair, but had been silent for a while). This 3940 seems to provide the benefits of the shim as long as the client 3941 can detect the failure. If the client doesn't send anything, and 3942 it is the server that tries to send, then it will not be able to 3943 recover because the shim on the server has no context state, hence 3944 doesn't know any alternate locator pairs. 3946 o Study whether a host explicitly fail communication when a ULID 3947 becomes invalid (based on RFC 2462 lifetimes or DHCPv6), or should 3948 we let the communication continue using the invalidated ULID (it 3949 can certainly work since other locators will be used). 3951 o Study what it would take to make the shim6 control protocol not 3952 rely at all on a stable source locator in the packets. This can 3953 probably be accomplished by having all the shim control messages 3954 include the ULID-pair option. 3956 o If each host might have lots of locators, then the currently 3957 requirement to include essentially all of them in the I2 and R2 3958 messages might be constraining. If this is the case we can look 3959 into using the CGA Parameter Data Structure for the comparison, 3960 instead of the prefix sets, to be able to detect context 3961 confusion. This would place some constraint on a (logical) only 3962 using e.g., one CGA public key, and would require some carefully 3963 crafted rules on how two PDSs are compared for "being the same 3964 host". But if we don't expect more than a handful locators per 3965 host, then we don't need this added complexity. 3967 o ULP specified timers for the reachability detection mechanism 3968 (which can be useful particularly when there are forked contexts). 3970 o Pre-verify some "backup" locator pair, so that the failover time 3971 can be shorter. 3973 o Study how shim6 and Mobile IPv6 might interact. There existing an 3974 initial draft on this topic [22]. 3976 Appendix B. Simplified State Machine 3978 The states are defined in Section 6.2. The intent is that the 3979 stylized description below be consistent with the textual description 3980 in the specification, but should they conflict, the textual 3981 description is normative. 3983 The following table describes the possible actions in state IDLE and 3984 their respective triggers: 3986 +---------------------+---------------------------------------------+ 3987 | Trigger | Action | 3988 +---------------------+---------------------------------------------+ 3989 | Receive I1 | Send R1 and stay in IDLE | 3990 | | | 3991 | Heuristics trigger | Send I1 and move to I1-SENT | 3992 | a new context | | 3993 | establishment | | 3994 | | | 3995 | Receive I2, verify | If successful, send R2 and move to | 3996 | validator and | ESTABLISHED | 3997 | RESP nonce | | 3998 | | If fail, stay in IDLE | 3999 | | | 4000 | Receive I2bis, | If successful, send R2 and move to | 4001 | verify validator | ESTABLISHED | 4002 | and RESP nonce | | 4003 | | If fail, stay in IDLE | 4004 | | | 4005 | R1, R1bis, R2 | N/A (This context lacks the required info | 4006 | | for the dispatcher to deliver them) | 4007 | | | 4008 | Receive payload | Send R1bis and stay in IDLE | 4009 | extension header | | 4010 | or other control | | 4011 | packet | | 4012 +---------------------+---------------------------------------------+ 4013 The following table describes the possible actions in state I1-SENT 4014 and their respective triggers: 4016 +---------------------+---------------------------------------------+ 4017 | Trigger | Action | 4018 +---------------------+---------------------------------------------+ 4019 | Receive R1, verify | If successful, send I2 and move to I2-SENT | 4020 | INIT nonce | | 4021 | | If fail, discard and stay in I1-SENT | 4022 | | | 4023 | Receive I1 | Send R2 and stay in I1-SENT | 4024 | | | 4025 | Receive R2, verify | If successful, move to ESTABLISHED | 4026 | INIT nonce | | 4027 | | If fail, discard and stay in I1-SENT | 4028 | | | 4029 | Receive I2, verify | If successful, send R2 and move to | 4030 | validator and RESP | ESTABLISHED | 4031 | nonce | | 4032 | | If fail, discard and stay in I1-SENT | 4033 | | | 4034 | Receive I2bis, | If successful, send R2 and move to | 4035 | verify validator | ESTABLISHED | 4036 | and RESP nonce | | 4037 | | If fail, discard and stay in I1-SENT | 4038 | | | 4039 | Timeout, increment | If counter =< I1_RETRIES_MAX, send I1 and | 4040 | timeout counter | stay in I1-SENT | 4041 | | | 4042 | | If counter > I1_RETRIES_MAX, go to E-FAILED | 4043 | | | 4044 | Receive ICMP payload| Move to E-FAILED | 4045 | unknown error | | 4046 | | | 4047 | R1bis | N/A (Dispatcher doesn't deliver since | 4048 | | CT(peer) is not set) | 4049 | | | 4050 | Receive Payload or | Discard and stay in I1-SENT | 4051 | extension header | | 4052 | or other control | | 4053 | packet | | 4054 +---------------------+---------------------------------------------+ 4055 The following table describes the possible actions in state I2-SENT 4056 and their respective triggers: 4058 +---------------------+---------------------------------------------+ 4059 | Trigger | Action | 4060 +---------------------+---------------------------------------------+ 4061 | Receive R2, verify | If successful move to ESTABLISHED | 4062 | INIT nonce | | 4063 | | If fail, stay in I2-SENT | 4064 | | | 4065 | Receive I1 | Send R2 and stay in I2-SENT | 4066 | | | 4067 | Receive I2 | Send R2 and stay in I2-SENT | 4068 | verify validator | | 4069 | and RESP nonce | | 4070 | | | 4071 | Receive I2bis | Send R2 and stay in I2-SENT | 4072 | verify validator | | 4073 | and RESP nonce | | 4074 | | | 4075 | Receive R1 | Discard and stay in I2-SENT | 4076 | | | 4077 | Timeout, increment | If counter =< I2_RETRIES_MAX, send I2 and | 4078 | timeout counter | stay in I2-SENT | 4079 | | | 4080 | | If counter > I2_RETRIES_MAX, send I1 and go | 4081 | | to I1-SENT | 4082 | | | 4083 | R1bis | N/A (Dispatcher doesn't deliver since | 4084 | | CT(peer) is not set) | 4085 | | | 4086 | Receive payload or | Accept and send I2 (probably R2 was sent | 4087 | extension header | by peer and lost) | 4088 | other control | | 4089 | packet | | 4090 +---------------------+---------------------------------------------+ 4091 The following table describes the possible actions in state I2BIS- 4092 SENT and their respective triggers: 4094 +---------------------+---------------------------------------------+ 4095 | Trigger | Action | 4096 +---------------------+---------------------------------------------+ 4097 | Receive R2, verify | If successful move to ESTABLISHED | 4098 | INIT nonce | | 4099 | | If fail, stay in I2BIS-SENT | 4100 | | | 4101 | Receive I1 | Send R2 and stay in I2BIS-SENT | 4102 | | | 4103 | Receive I2 | Send R2 and stay in I2BIS-SENT | 4104 | verify validator | | 4105 | and RESP nonce | | 4106 | | | 4107 | Receive I2bis | Send R2 and stay in I2BIS-SENT | 4108 | verify validator | | 4109 | and RESP nonce | | 4110 | | | 4111 | Receive R1 | Discard and stay in I2BIS-SENT | 4112 | | | 4113 | Timeout, increment | If counter =< I2_RETRIES_MAX, send I2bis | 4114 | timeout counter | and stay in I2BIS-SENT | 4115 | | | 4116 | | If counter > I2_RETRIES_MAX, send I1 and | 4117 | | go to I1-SENT | 4118 | | | 4119 | R1bis | N/A (Dispatcher doesn't deliver since | 4120 | | CT(peer) is not set) | 4121 | | | 4122 | Receive payload or | Accept and send I2bis (probably R2 was | 4123 | extension header | sent by peer and lost) | 4124 | other control | | 4125 | packet | | 4126 +---------------------+---------------------------------------------+ 4127 The following table describes the possible actions in state 4128 ESTABLISHED and their respective triggers: 4130 +---------------------+---------------------------------------------+ 4131 | Trigger | Action | 4132 +---------------------+---------------------------------------------+ 4133 | Receive I1, compare | If no match, send R1 and stay in ESTABLISHED| 4134 | CT(peer) with | | 4135 | received CT | If match, send R2 and stay in ESTABLISHED | 4136 | | | 4137 | | | 4138 | Receive I2, verify | If successful, then send R2 and stay in | 4139 | validator and RESP | ESTABLISHED | 4140 | nonce | | 4141 | | Otherwise, discard and stay in ESTABLISHED | 4142 | | | 4143 | Receive I2bis, | If successful, then send R2 and stay in | 4144 | verify validator | ESTABLISHED | 4145 | and RESP nonce | | 4146 | | Otherwise, discard and stay in ESTABLISHED | 4147 | | | 4148 | Receive R2 | Discard and stay in ESTABLISHED | 4149 | | | 4150 | Receive R1 | Discard and stay in ESTABLISHED | 4151 | | | 4152 | Receive R1bis | Send I2bis and move to I2BIS-SENT | 4153 | | | 4154 | | | 4155 | Receive payload or | Process and stay in ESTABLISHED | 4156 | extension header | | 4157 | other control | | 4158 | packet | | 4159 | | | 4160 | Implementation | Discard state and go to IDLE | 4161 | specific heuristic | | 4162 | (E.g., No open ULP | | 4163 | sockets and idle | | 4164 | for some time ) | | 4165 +---------------------+---------------------------------------------+ 4166 The following table describes the possible actions in state E-FAILED 4167 and their respective triggers: 4169 +---------------------+---------------------------------------------+ 4170 | Trigger | Action | 4171 +---------------------+---------------------------------------------+ 4172 | Wait for | Go to IDLE | 4173 | NO_R1_HOLDDOWN_TIME | | 4174 | | | 4175 | Any packet | Process as in IDLE | 4176 +---------------------+---------------------------------------------+ 4178 The following table describes the possible actions in state NO- 4179 SUPPORT and their respective triggers: 4181 +---------------------+---------------------------------------------+ 4182 | Trigger | Action | 4183 +---------------------+---------------------------------------------+ 4184 | Wait for | Go to IDLE | 4185 | ICMP_HOLDDOWN_TIME | | 4186 | | | 4187 | Any packet | Process as in IDLE | 4188 +---------------------+---------------------------------------------+ 4190 Appendix B.1. Simplified State Machine diagram 4192 Timeout/Null +------------+ 4193 I1/R1 +------------------| NO SUPPORT | 4194 Payload or Control/R1bis | +------------+ 4195 +---------+ | ^ 4196 | | | ICMP Error/Null| 4197 | V V | 4198 +-----------------+ Timeout/Null +----------+ | 4199 | |<---------------| E-FAILED | | 4200 +-| IDLE | +----------+ | 4201 I2 or I2bis/R2 | | | ^ | 4202 | +-----------------+ (Tiemout#>MAX)/Null| | 4203 | ^ | | | 4204 | | +------+ | | 4205 I2 or I2bis/R2 | | Heuristic/I1| I1/R2 | | 4206 Payload/Null | | | Control/Null | | 4207 I1/R1 or R2 | +--+ | Payload/Null | | 4208 R1 or R2/Null | |Heuristic/Null | (Tiemout#| | 4213 | ESTABLISHED |<----------------------------| I1-SENT | 4214 | | | | 4215 +-------------------+ +----------------+ 4216 | ^ ^ | ^ ^ 4217 | | |R2/Null +-------------+ | | 4218 | | +----------+ |R1/I2 | | 4219 | | | V | | 4220 | | +------------------+ | | 4221 | | | |-------------+ | 4222 | | | I2-SENT | (Timeout#>Max)/I1 | 4223 | | | | | 4224 | | +------------------+ | 4225 | | | ^ | 4226 | | +--------------+ | 4227 | | I1 or I2bis or I2/R2 | 4228 | | (Timeout#Max)/I1 | 4231 | R2/Null| +------------------------------------------+ 4232 | V | 4233 | +-------------------+ 4234 | | |<-+ (Timeout#| I2bis-SENT | | I1 or I2 or I2bis/R2 4236 R1bis/I2bis | |--+ R1 or R1bis/Null 4237 +-------------------+ Payload/I2bis 4239 Appendix C. Context Tag Reuse 4241 The shim6 protocol doesn't have a mechanism for coordinated state 4242 removal between the peers, because such state removal doesn't seem to 4243 help given that a host can crash and reboot at any time. A result of 4244 this is that the protocol needs to be robust against a context tag 4245 being reused for some other context. This section summarizes the 4246 different cases in which a tag can be reused, and how the recovery 4247 works. 4249 The different cases are exemplified by the following case. Assume 4250 host A and B were communicating using a context with the ULID pair 4251 , and that B had assigned context tag X to this context. We 4252 assume that B uses only the context tag to demultiplex the received 4253 payload extension headers, since this is the more general case. 4254 Further we assume that B removes this context state, while A retains 4255 it. B might then at a later time assign CT(local)=X to some other 4256 context, and we have several cases: 4258 o The context tag is reassigned to a context for the same ULID pair 4259 . We've called this "Context Recovery" in this document. 4261 o The context tag is reassigned to a context for a different ULID 4262 pair between the same to hosts, e.g., . We've called this 4263 "Context Confusion" in this document. 4265 o The context tag is reassigned to a context between B and other 4266 host C, for instance for the ULID pair . That is a form 4267 of three party context confusion. 4269 Appendix C.1. Context Recovery 4271 This case is relatively simple, and is discussed in Section 7.5. The 4272 observation is that since the ULID pair is the same, when either A or 4273 B tries to establish the new context, A can keep the old context 4274 while B re-creates the context with the same context tag CT(B) = X. 4276 Appendix C.2. Context Confusion 4278 This cases is a bit more complex, and is discussed in Section 7.6. 4279 When the new context is created, whether A or B initiates it, host A 4280 can detect when it receives B's locator set (in the I2, or R2 4281 message), that it ends up with two contexts to the same peer host 4282 (overlapping Ls(peer) locator sets) that have the same context tag 4283 CT(peer) = X. At this point in time host A can clear up any 4284 possibility of causing confusion by not using the old context to send 4285 any more packets. It either just discards the old context (it might 4286 not be used by any ULP traffic, since B had discarded it), or it 4287 recreates a different context for the old ULID pair (), for 4288 which B will assign a unique CT(B) as part of the normal context 4289 establishment mechanism. 4291 Appendix C.3. Three Party Context Confusion 4293 The third case does not have a place where the old state on A can be 4294 verified, since the new context is established between B and C. Thus 4295 when B receives payload extension headers with X as the context tag, 4296 it will find the context for , hence rewrite the packets to 4297 have C3 in the source address field and B2 in the destination address 4298 field before passing them up to the ULP. This rewriting is correct 4299 when the packets are in fact sent by host C, but if host A ever 4300 happens to send a packet using the old context, then the ULP on A 4301 sends a packet with ULIDs and the packet arrives at the ULP 4302 on B with ULIDs . 4304 This is clearly an error, and the packet will most likely be rejected 4305 by the ULP on B due to a bad pseudo-header checksum. Even if the 4306 checksum is ok (probability 2^-16), the ULP isn't likely to have a 4307 connection for those ULIDs and port numbers. And if the ULP is 4308 connection-less, processing the packet is most likely harmless; such 4309 a ULP must be able to copy with random packets being sent by random 4310 peers in any case. 4312 This broken state, where packets sent from A to B using the old 4313 context on host A might persist for some time, but it will not remain 4314 for very long. The unreachability detection on host A will kick in, 4315 because it does not see any return traffic (payload or Keepalive 4316 messages) for the context. This will result in host A sending Probe 4317 messages to host B to find a working locator pair. The effect of 4318 this is that host B will notice that it does not have a context for 4319 the ULID pair and CT(B) = X, which will make host B send an 4320 R1bis packet to re-establish that context. The re-established 4321 context, just like in the previous section, will get a unique CT(B) 4322 assigned by host B, thus there will no longer be any confusion. 4324 In summary, there are cases where a context tag might be reused while 4325 some peer retains the state, but the protocol can recover from it. 4326 The probability of these events is low given the 47 bit context tag 4327 size. However, it is important that these recovery mechanisms be 4328 tested. Thus during development and testing it is recommended that 4329 implementations not use the full 47 bit space, but instead keep e.g. 4330 the top 40 bits as zero, only leaving the host with 128 unique 4331 context tags. This will help test the recovery mechanisms. 4333 Appendix D. Design Alternatives 4335 This document has picked a certain set of design choices in order to 4336 try to work out a bunch of the details, and stimulate discussion. 4337 But as has been discussed on the mailing list, there are other 4338 choices that make sense. This appendix tries to enumerate some 4339 alternatives. 4341 Appendix D.1. Context granularity 4343 Over the years various suggestions have been made whether the shim 4344 should, even if it operates at the IP layer, be aware of ULP 4345 connections and sessions, and as a result be able to make separate 4346 shim contexts for separate ULP connections and sessions. A few 4347 different options have been discussed: 4349 o Each ULP connection maps to its own shim context. 4351 o The shim is unaware of the ULP notion of connections and just 4352 operates on a host-to-host (IP address) granularity. 4354 o Hybrids where the shim is aware of some ULPs (such as TCP) and 4355 handles other ULPs on a host-to-host basis. 4357 Having shim state for every ULP connection potentially means higher 4358 overhead since the state setup overhead might become significant; 4359 there is utility in being able to amortize this over multiple 4360 connections. 4362 But being completely unaware of the ULP connections might hamper ULPs 4363 that want different communication to use different locator pairs, for 4364 instance for quality or cost reasons. 4366 The protocol has a shim which operates with host-level granularity 4367 (strictly speaking, with ULID-pair granularity, to be able to 4368 amortize the context establishment over multiple ULP connections. 4369 This is combined with the ability for shim-aware ULPs to request 4370 context forking so that different ULP traffic can use different 4371 locator pairs. 4373 Appendix D.2. Demultiplexing of data packets in shim6 communications 4375 Once a ULID-pair context is established between two hosts, packets 4376 may carry locators that differ from the ULIDs presented to the ULPs 4377 using the established context. One of main functions of the SHIM6 4378 layer is to perform the mapping between the locators used to forward 4379 packets through the network and the ULIDs presented to the ULP. In 4380 order to perform that translation for incoming packets, the SHIM6 4381 layer needs to first identify which of the incoming packets need to 4382 be translated and then perform the mapping between locators and ULIDs 4383 using the associated context. Such operation is called 4384 demultiplexing. It should be noted that because any address can be 4385 used both as a locator and as a ULID, additional information other 4386 than the addresses carried in packets, need to be taken into account 4387 for this operation. 4389 For example, if a host has address A1 and A2 and starts communicating 4390 with a peer with addresses B1 and B2, then some communication 4391 (connections) might use the pair as ULID and others might 4392 use e.g., . Initially there are no failures so these address 4393 pairs are used as locators i.e. in the IP address fields in the 4394 packets on the wire. But when there is a failure the shim6 layer on 4395 A might decide to send packets that used as ULIDs using as the locators. In this case B needs to be able to rewrite the 4397 IP address field for some packets and not others, but the packets all 4398 have the same locator pair. 4400 In order to accomplish the demultiplexing operation successfully, 4401 data packets carry a context tag that allows the receiver of the 4402 packet to determine the shim context to be used to perform the 4403 operation. 4405 Two mechanisms for carrying the context tag information have been 4406 considered in depth during the shim protocol design. Those carrying 4407 the context tag in the flow label field of the IPv6 header and the 4408 usage of a new extension header to carry the context tag. In this 4409 appendix we will describe the pros and cons of each approach and 4410 justify the selected option. 4412 Appendix D.2.1. Flow-label 4414 A possible approach is to carry the context tag in the Flow Label 4415 field of the IPv6 header. This means that when a shim6 context is 4416 established, a Flow Label value is associated with this context (and 4417 perhaps a separate flow label for each direction). 4419 The simplest approach that does this is to have the triple identify the context at 4421 the receiver. 4423 The problem with this approach is that because the locator sets are 4424 dynamic, it is not possible at any given moment to be sure that two 4425 contexts for which the same context tag is allocated will have 4426 disjoint locator sets during the lifetime of the contexts. 4428 Suppose that Node A has addresses IPA1, IPA2, IPA3 and IPA4 and that 4429 Host B has addresses IPB1 and IPB2. 4431 Suppose that two different contexts are established between HostA and 4432 HostB. 4434 Context #1 is using IPA1 and IPB1 as ULIDs. The locator set 4435 associated to IPA1 is IPA1 and IPA2 while the locator set associated 4436 to IPB1 is just IPB1. 4438 Context #2 uses IPA3 and IPB2 as ULIDs. The locator set associated 4439 to IPA3 is IPA3 and IPA4 and the locator set associated to IPB2 is 4440 just IPB2. 4442 Because the locator sets of the Context #1 and Context #2 are 4443 disjoint, hosts could think that the same context tag value can be 4444 assigned to both of them. The problem arrives when later on IPA3 is 4445 added as a valid locator for IPA1 and IPB2 is added as a valid 4446 locator for IPB1 in Context #1. In this case, the triple would not identify a 4448 unique context anymore and correct demultiplexing is no longer 4449 possible. 4451 A possible approach to overcome this limitation is simply not to 4452 repeat the Flow Label values for any communication established in a 4453 host. This basically means that each time a new communication that 4454 is using different ULIDs is established, a new Flow Label value is 4455 assigned to it. By this mean, each communication that is using 4456 different ULIDs can be differentiated because it has a different Flow 4457 Label value. 4459 The problem with such approach is that it requires that the receiver 4460 of the communication allocates the Flow Label value used for incoming 4461 packets, in order to assign them uniquely. For this, a shim 4462 negotiation of the Flow Label value to use in the communication is 4463 needed before exchanging data packets. This poses problems with non- 4464 shim capable hosts, since they would not be able to negotiate an 4465 acceptable value for the Flow Label. This limitation can be lifted 4466 by marking the packets that belong to shim sessions from those that 4467 do not. These marking would require at least a bit in the IPv6 4468 header that is not currently available, so more creative options 4469 would be required, for instance using new Next Header values to 4470 indicate that the packet belongs to a shim6 enabled communication and 4471 that the Flow Label carries context information as proposed in the 4472 now expired NOID draft. . However, even if this is done, this 4473 approach is incompatible with the deferred establishment capability 4474 of the shim protocol, which is a preferred function, since it 4475 suppresses the delay due to the shim context establishment prior to 4476 initiation of the communication and it also allows nodes to define at 4477 which stage of the communication they decide, based on their own 4478 policies, that a given communication requires to be protected by the 4479 shim. 4481 In order to cope with the identified limitations, an alternative 4482 approach that does not constraints the flow label values used by 4483 communications that are using ULIDs equal to the locators (i.e. no 4484 shim translation) is to only require that different flow label values 4485 are assigned to different shim contexts. In such approach 4486 communications start with unmodified flow label usage (could be zero, 4487 or as suggested in [17]). The packets sent after a failure when a 4488 different locator pair is used would use a completely different flow 4489 label, and this flow label could be allocated by the receiver as part 4490 of the shim context establishment. Since it is allocated during the 4491 context establishment, the receiver of the "failed over" packets can 4492 pick a flow label of its choosing (that is unique in the sense that 4493 no other context is using it as a context tag), without any 4494 performance impact, and respecting that for each locator pair, the 4495 flow label value used for a given locator pair doesn't change due to 4496 the operation of the multihoming shim. 4498 In this approach, the constraint is that Flow Label values being used 4499 as context identifiers cannot be used by other communications that 4500 use non-disjoint locator sets. This means that once that a given 4501 Flow Label value has been assigned to a shim context that has a 4502 certain locator sets associated, the same value cannot be used for 4503 other communications that use an address pair that is contained in 4504 the locator sets of the context. This is a constraint in the 4505 potential Flow Label allocation strategies. 4507 A possible workaround to this constraint is to mark shim packets that 4508 require translation, in order to differentiate them from regular IPv6 4509 packets, using the artificial Next Header values described above. In 4510 this case, the Flow Label values constrained are only those of the 4511 packets that are being translated by the shim. This last approach 4512 would be the preferred approach if the context tag is to be carried 4513 in the Flow Label field. This is not only because it imposes the 4514 minimum constraints to the Flow Label allocation strategies, limiting 4515 the restrictions only to those packets that need to be translated by 4516 the shim, but also because Context Loss detection mechanisms greatly 4517 benefit from the fact that shim data packets are identified as such, 4518 allowing the receiving end to identify if a shim context associated 4519 to a received packet is suppose to exist, as it will be discussed in 4520 the Context Loss detection appendix below. 4522 Appendix D.2.2. Extension Header 4524 Another approach, which is the one selected for this protocol, is to 4525 carry the context tag in a new Extension Header. These context tags 4526 are allocated by the receiving end during the shim6 protocol initial 4527 negotiation, implying that each context will have two context tags, 4528 one for each direction. Data packets will be demultiplexed using the 4529 context tag carried in the Extension Header. This seems a clean 4530 approach since it does not overload existing fields. However, it 4531 introduces additional overhead in the packet due to the additional 4532 header. The additional overhead introduced is 8 octets. However, it 4533 should be noted that the context tag is only required when a locator 4534 other than the one used as ULID is contained in the packet. Packets 4535 where both the source and destination address fields contain the 4536 ULIDs do not require a context tag, since no rewriting is necessary 4537 at the receiver. This approach would reduce the overhead, because 4538 the additional header is only required after a failure. On the other 4539 hand, this approach would cause changes in the available MTU for some 4540 packets, since packets that include the Extension Header will have an 4541 MTU 8 octets shorter. However, path changes through the network can 4542 result in different MTU in any case, thus having a locator change, 4543 which implies a path change, affect the MTU doesn't introduce any new 4544 issues. 4546 Appendix D.3. Context Loss Detection 4548 In this appendix we will present different approaches considered to 4549 detect context loss and potential context recovery strategies. The 4550 scenario being considered is the following: Node A and Node B are 4551 communicating using IPA1 and IPB1. Sometime later, a shim context is 4552 established between them, with IPA1 and IPB1 as ULIDs and 4553 IPA1,...,IPAn and IPB1,...,IPBm as locator set respectively. 4555 It may happen, that later on, one of the hosts, e.g. Host A looses 4556 the shim context. The reason for this can be that Host A has a more 4557 aggressive garbage collection policy than HostB or that an error 4558 occurred in the shim layer at host A resulting in the loss of the 4559 context state. 4561 The mechanisms considered in this appendix are aimed to deal with 4562 this problem. There are essentially two tasks that need to be 4563 performed in order to cope with this problem: first, the context loss 4564 must be detected and second the context needs to be recovered/ 4565 reestablished. 4567 Mechanisms for detecting context. loss 4569 These mechanisms basically consist in that each end of the context 4570 periodically sends a packet containing context-specific information 4571 to the other end. Upon reception of such packets, the receiver 4572 verifies that the required context exists. In case that the context 4573 does not exist, it sends a packet notifying the problem to the 4574 sender. 4576 An obvious alternative for this would be to create a specific context 4577 keepalive exchange, which consists in periodically sending packets 4578 with this purpose. This option was considered and discarded because 4579 it seemed an overkill to define a new packet exchange to deal with 4580 this issue. 4582 An alternative is to piggyback the context loss detection function in 4583 other existent packet exchanges. In particular, both shim control 4584 and data packets can be used for this. 4586 Shim control packets can be trivially used for this, because they 4587 carry context specific information, so that when a node receives one 4588 of such packets, it will verify if the context exists. However, shim 4589 control frequency may not be adequate for context loss detection 4590 since control packet exchanges can be very limited for a session in 4591 certain scenarios. 4593 Data packets, on the other hand, are expected to be exchanged with a 4594 higher frequency but they do not necessarily carry context specific 4595 information. In particular, packets flowing before a locator change 4596 (i.e. packet carrying the ULIDs in the address fields) do not need 4597 context information since they do not need any shim processing. 4598 Packets that carry locators that differ from the ULIDs carry context 4599 information. 4601 However, we need to make a distinction here between the different 4602 approaches considered to carry the context tag, in particular between 4603 those approaches where packets are explicitly marked as shim packets 4604 and those approaches where packets are not marked as such. For 4605 instance, in the case where the context tag is carried in the Flow 4606 Label and packets are not marked as shim packets (i.e. no new Next 4607 Header values are defined for shim), a receiver that has lost the 4608 associated context is not able to detect that the packet is 4609 associated with a missing context. The result is that the packet 4610 will be passed unchanged to the upper layer protocol, which in turn 4611 will probably silently discard it due to a checksum error. The 4612 resulting behavior is that the context loss is undetected. This is 4613 one additional reason to discard an approach that carries the context 4614 tag in the Flow Label field and does not explicitly mark the shim 4615 packets as such. On the other hand, approaches that mark shim data 4616 packets (like the Extension Header or the Flow Label with new Next 4617 Header values approaches) allow the receiver to detect if the context 4618 associated to the received packet is missing. In this case, data 4619 packets also perform the function of a context loss detection 4620 exchange. However, it must be noted that only those packets that 4621 carry a locator that differs form the ULID are marked. This 4622 basically means that context loss will be detected after an outage 4623 has occurred i.e. alternative locators are being used. 4625 Summarizing, the proposed context loss detection mechanisms uses shim 4626 control packets and payload extension headers to detect context loss. 4627 Shim control packets detect context loss during the whole lifetime of 4628 the context, but the expected frequency in some cases is very low. 4629 On the other hand, payload extension headers have a higher expected 4630 frequency in general, but they only detect context loss after an 4631 outage. This behavior implies that it will be common that context 4632 loss is detected after a failure i.e. once that it is actually 4633 needed. Because of that, a mechanism for recovering from context 4634 loss is required if this approach is used. 4636 Overall, the mechanism for detecting lost context would work as 4637 follows: the end that still has the context available sends a message 4638 referring to the context. Upon the reception of such message, the 4639 end that has lost the context identifies the situation and notifies 4640 the context loss event to the other end by sending a packet 4641 containing the lost context information extracted from the received 4642 packet. 4644 One option is to simply send an error message containing the received 4645 packets (or at least as much of the received packet that the MTU 4646 allows to fit in). One of the goals of this notification is to allow 4647 the other end that still retains context state, to reestablish the 4648 lost context. The mechanism to reestablish the loss context consists 4649 in performing the 4-way initial handshake. This is a time consuming 4650 exchange and at this point time may be critical since we are 4651 reestablishing a context that is currently needed (because context 4652 loss detection may occur after a failure). So, another option, which 4653 is the one used in this protocol, is to replace the error message by 4654 a modified R1 message, so that the time required to perform the 4655 context establishment exchange can be reduced. Upon the reception of 4656 this modified R1 message, the end that still has the context state 4657 can finish the context establishment exchange and restore the lost 4658 context. 4660 Appendix D.4. Securing locator sets 4662 The adoption of a protocol like SHIM that allows the binding of a 4663 given ULID with a set of locators opens the doors for different types 4664 of redirection attacks as described in [20]. The goal in terms of 4665 security for the design of the shim protocol is not to introduce any 4666 new vulnerability in the Internet architecture. It is a non-goal to 4667 provide additional protection than the currently available in the 4668 single-homed IPv6 Internet. 4670 Multiple security mechanisms were considered to protect the shim 4671 protocol. In this appendix we will present some of them. 4673 The simplest option to protect the shim protocol was to use cookies 4674 i.e. a randomly generated bit string that is negotiated during the 4675 context establishment phase and then it is included in following 4676 signaling messages. By this mean, it would be possible to verify 4677 that the party that was involved in the initial handshake is the same 4678 party that is introducing new locators. Moreover, before using a new 4679 locator, an exchange is performed through the new locator, verifying 4680 that the party located at the new locator knows the cookie i.e. that 4681 it is the same party that performed the initial handshake. 4683 While this security mechanisms does indeed provide a fair amount of 4684 protection, it does leave the door open for the so-called time 4685 shifted attacks. In these attacks, an attacker that once was on the 4686 path, it discovers the cookie by sniffing any signaling message. 4687 After that, the attacker can leave the path and still perform a 4688 redirection attack, since as he is in possession of the cookie, he 4689 can introduce a new locator in the locator set and he can also 4690 successfully perform the reachability exchange if he is able to 4691 receive packets at the new locator. The difference with the current 4692 single-homed IPv6 situation is that in the current situation the 4693 attacker needs to be on-path during the whole lifetime of the attack, 4694 while in this new situation where only cookie protection if provided, 4695 an attacker that once was on the path can perform attacks after he 4696 has left the on-path location. 4698 Moreover, because the cookie is included in signaling messages, the 4699 attacker can discover the cookie by sniffing any of them, making the 4700 protocol vulnerable during the whole lifetime of the shim context. A 4701 possible approach to increase the security was to use a shared secret 4702 i.e. a bit string that is negotiated during the initial handshake but 4703 that is used as a key to protect following messages. With this 4704 technique, the attacker must be present on the path sniffing packets 4705 during the initial handshake, since it is the only moment where the 4706 shared secret is exchanged. While this improves the security, it is 4707 still vulnerable to time shifted attacks, even though it imposes that 4708 the attacker must be on path at a very specific moment (the 4709 establishment phase) to actually be able to launch the attack. While 4710 this seems to substantially improve the situation, it should be noted 4711 that, depending on protocol details, an attacker may be able to force 4712 the recreation of the initial handshake (for instance by blocking 4713 messages and making the parties think that the context has been 4714 lost), so the resulting situation may not differ that much from the 4715 cookie based approach. 4717 Another option that was discussed during the design of the protocol 4718 was the possibility of using IPsec for protecting the shim protocol. 4719 Now, the problem under consideration in this scenario is how to 4720 securely bind an address that is being used as ULID with a locator 4721 set that can be used to exchange packets. The mechanism provided by 4722 IPsec to securely bind the address used with the cryptographic keys 4723 is the usage of digital certificates. This implies that an IPsec 4724 based solution would require that the generation of digital 4725 certificates that bind the key and the ULID by a common third trusted 4726 party for both parties involved in the communication. Considering 4727 that the scope of application of the shim protocol is global, this 4728 would imply a global public key infrastructure. The major issues 4729 with this approach are the deployment difficulties associated with a 4730 global PKI. 4732 Finally two different technologies were selected to protect the shim 4733 protocol: HBA [8] and CGA [6]. These two approaches provide a 4734 similar level of protection but they provide different functionality 4735 with a different computational cost. 4737 The HBA mechanism relies on the capability of generating all the 4738 addresses of a multihomed host as an unalterable set of intrinsically 4739 bound IPv6 addresses, known as an HBA set. In this approach, 4740 addresses incorporate a cryptographic one-way hash of the prefix-set 4741 available into the interface identifier part. The result is that the 4742 binding between all the available addresses is encoded within the 4743 addresses themselves, providing hijacking protection. Any peer using 4744 the shim protocol node can efficiently verify that the alternative 4745 addresses proposed for continuing the communication are bound to the 4746 initial address through a simple hash calculation. A limitation of 4747 the HBA technique is that once generated the address set is fixed and 4748 cannot be changed without also changing all the addresses of the HBA 4749 set. In other words, the HBA technique does not support dynamic 4750 addition of address to a previously generated HBA set. An advantage 4751 of this approach is that it requires only hash operations to verify a 4752 locator set, imposing very low computational cost to the protocol. 4754 In a CGA based approach the address used as ULID is a CGA that 4755 contains a hash of a public key in its interface identifier. The 4756 result is a secure binding between the ULID and the associated key 4757 pair. This allows each peer to use the corresponding private key to 4758 sign the shim messages that convey locator set information. The 4759 trust chain in this case is the following: the ULID used for the 4760 communication is securely bound to the key pair because it contains 4761 the hash of the public key, and the locator set is bound to the 4762 public key through the signature. The CGA approach then supports 4763 dynamic addition of new locators in the locator set, since in order 4764 to do that, the node only needs to sign the new locator with the 4765 private key associated with the CGA used as ULID. A limitation of 4766 this approach is that it imposes systematic usage of public key 4767 cryptography with its associate computational cost. 4769 Any of these two mechanisms HBA and CGA provide time-shifted attack 4770 protection, since the ULID is securely bound to a locator set that 4771 can only be defined by the owner of the ULID. 4773 So, the design decision adopted was that both mechanisms HBA and CGA 4774 are supported, so that when only stable address sets are required, 4775 the nodes can benefit from the low computational cost offered by HBA 4776 while when dynamic locator sets are required, this can be achieved 4777 through CGAs with an additional cost. Moreover, because HBAs are 4778 defined as a CGA extension, the addresses available in a node can 4779 simultaneously be CGAs and HBAs, allowing the usage of the HBA and 4780 CGA functionality when needed without requiring a change in the 4781 addresses used. 4783 Appendix D.5. ULID-pair context establishment exchange 4785 Two options were considered for the ULID-pair context establishment 4786 exchange: a 2-way handshake and a 4-way handshake. 4788 A key goal for the design of this exchange was that protection 4789 against DoS attacks. The attack under consideration was basically a 4790 situation where an attacker launches a great amount of ULID-pair 4791 establishment request packets, exhausting victim's resources, similar 4792 to TCP SYN flooding attacks. 4794 A 4 way-handshake exchange protects against these attacks because the 4795 receiver does not creates any state associate to a given context 4796 until the reception of the second packet which contains a prior 4797 contact proof in the form of a token. At this point the receiver can 4798 verify that at least the address used by the initiator is at some 4799 extent valid, since the initiator is able to receive packets at this 4800 address. In the worse case, the responder can track down the 4801 attacker using this address. The drawback of this approach is that 4802 it imposes a 4 packet exchange for any context establishment. This 4803 would be a great deal if the shim context needed to be established up 4804 front, before the communication can proceed. However, thanks to 4805 deferred context establishment capability of the shim protocol, this 4806 limitation has a reduced impact in the performance of the protocol. 4807 (It may however have a greater impact in the situation of context 4808 recover as discussed earlier, but in this case, it is possible to 4809 perform optimizations to reduce the number of packets as described 4810 above) 4812 The other option considered was a 2-way handshake with the 4813 possibility to fall back to a 4-way handshake in case of attack. In 4814 this approach, the ULID-pair establishment exchange normally consists 4815 in a 2-packet exchange and it does not verify that the initiator has 4816 performed a prior contact before creating context state. In case 4817 that a DoS attack is detected, the responder falls back to a 4-way 4818 handshake similar to the one described previously in order to prevent 4819 the detected attack to proceed. The main difficulty with this attack 4820 is how to detect that a responder is currently under attack. It 4821 should be noted, that because this is 2-way exchange, it is not 4822 possible to use the number of half open sessions (as in TCP) to 4823 detect an ongoing attack and different heuristics need to be 4824 considered. 4826 The design decision taken was that considering the current impact of 4827 DoS attacks and the low impact of the 4-way exchange in the shim 4828 protocol thanks to the deferred context establishment capability, a 4829 4-way exchange would be adopted for the base protocol. 4831 Appendix D.6. Updating locator sets 4833 There are two possible approaches to the addition and removal of 4834 locators: atomic and differential approaches. The atomic approach 4835 essentially send the complete locators set each time that a variation 4836 in the locator set occurs. The differential approach send the 4837 differences between the existing locator set and the new one. The 4838 atomic approach imposes additional overhead, since all the locator 4839 set has to be exchanged each time while the differential approach 4840 requires re-synchronization of both ends through changes i.e. that 4841 both ends have the same idea about what the current locator set is. 4843 Because of the difficulties imposed by the synchronization 4844 requirement, the atomic approach was selected. 4846 Appendix D.7. State Cleanup 4848 There are essentially two approaches for discarding an existing state 4849 about locators, keys and identifiers of a correspondent node: a 4850 coordinated approach and an unilateral approach. 4852 In the unilateral approach, each node discards the information about 4853 the other node without coordination with the other node based on some 4854 local timers and heuristics. No packet exchange is required for 4855 this. In this case, it would be possible that one of the nodes has 4856 discarded the state while the other node still hasn't. In this case, 4857 a No-Context error message may be required to inform about the 4858 situation and possibly a recovery mechanism is also needed. 4860 A coordinated approach would use an explicit CLOSE mechanism, akin to 4861 the one specified in HIP [26]. If an explicit CLOSE handshake and 4862 associated timer is used, then there would no longer be a need for 4863 the No Context Error message due to a peer having garbage collected 4864 its end of the context. However, there is still potentially a need 4865 to have a No Context Error message in the case of a complete state 4866 loss of the peer (also known as a crash followed by a reboot). Only 4867 if we assume that the reboot takes at least the CLOSE timer, or that 4868 it is ok to not provide complete service until CLOSE timer minutes 4869 after the crash, can we completely do away with the No Context Error 4870 message. 4872 In addition, other aspect that is relevant for this design choice is 4873 the context confusion issue. In particular, using an unilateral 4874 approach to discard context state clearly opens the possibility of 4875 context confusion, where one of the ends unilaterally discards the 4876 context state, while the peer does not. In this case, the end that 4877 has discarded the state can re-use the context tag value used for the 4878 discarded state for a another context, creating a potential context 4879 confusion situation. In order to illustrate the cases where problems 4880 would arise consider the following scenario: 4882 o Hosts A and B establish context 1 using CTA and CTB as context 4883 tags. 4885 o Later on, A discards context 1 and the context tag value CTA 4886 becomes available for reuse. 4888 o However, B still keeps context 1. 4890 This would become a context confusion situation in the following two 4891 cases: 4893 o A new context 2 is established between A and B with a different 4894 ULID pair (or Forked Instance Identifier), and A uses CTA as 4895 context tag, If the locator sets used for both contexts are not 4896 disjoint, we are in a context confusion situation. 4898 o A new context is established between A and C and A uses CTA as 4899 context tag value for this new context. Later on, B sends Payload 4900 extension header and/or control messages containing CTA, which 4901 could be interpreted by A as belonging to context 2 (if no proper 4902 care is taken). Again we are in a context confusion situation. 4904 One could think that using a coordinated approach would eliminate 4905 these context confusion situations, making the protocol much simpler. 4906 However, this is not the case, because even in the case of a 4907 coordinated approach using a CLOSE/CLOSE ACK exchange, there is still 4908 the possibility of a host rebooting without having the time to 4909 perform the CLOSE exchange. So, it is true that the coordinated 4910 approach eliminates the possibility of a context confusion situation 4911 because premature garbage collection, but it does not prevents the 4912 same situations due to a crash and reboot of one of the involved 4913 hosts. The result is that even if we went for a coordinated 4914 approach, we would still need to deal with context confusion and 4915 provide the means to detect and recover from this situations. 4917 Appendix E. Change Log 4919 [RFC Editor: please remove this section] 4921 The following changes have been made since draft-ietf-shim6-proto-06: 4923 o Changed wording in the renumberin considerations section, so that 4924 a shim6 context using a ULID that has been renumbered, MUST be 4925 discarded 4927 o Included text in the security considerations about IPSec BITW and 4928 IPSec tunnels. 4930 o Added text about the minimum key length of CGA in the security 4931 considerations section 4933 o fixed Payload/update message processing 4935 o synchonized with READ draft 4937 The following changes have been made since draft-ietf-shim6-proto-05: 4939 o Removed the possibility to keep on uding the ULID after a 4940 renumbering event 4942 o Editorial corrections resulting from Dave Meyer's and Jim Bound's 4943 reviews. 4945 The following changes have been made since draft-ietf-shim6-proto-04: 4947 o Defined I1_RETRIES_MAX as 4. 4949 o Added text in section 7.9 clarifying the no per context state is 4950 stored at the receiver in order to reply an I1 message. 4952 o Added text in section 5 and in section 5.14 in particular, on 4953 defining additional options (including critical and non critical 4954 options). 4956 o Added text in the security considerations about threats related to 4957 secret S for generating the validators and recommendation to 4958 change S periodically. 4960 o Added text in the security considerations about the effects of 4961 attacks based on guessing the context tag being similar to 4962 spoofing source addresses in the case of payload packets. 4964 o Added clarification on what a recent nonce is in I2 and I2bis. 4966 o Removed (empty) open issues section. 4968 o Editorial corrections. 4970 The following changes have been made since draft-ietf-shim6-proto-03: 4972 o Editorial clarifications based on comments from Geoff, Shinta, 4973 Jari. 4975 o Added "no IPv6 NATs as an explicit assumption. 4977 o Moving some things out of the Introduction and Overview sections 4978 to remove all SHOULDs and MUSTs from there. 4980 o Added requirement that any Locator Preference options which use an 4981 element length greater than 3 octets have the already defined 4982 first 3 octets of flags, priority and weight. 4984 o Fixed security hole where a single message (I1) could cause 4985 CT(peer) to be updated. Now a three-way handshake is required 4986 before CT(peer) is updated for an existing context. 4988 The following changes have been made since draft-ietf-shim6-proto-02: 4990 o Replaced the Context Error message with the R1bis message. 4992 o Removed the Packet In Error option, since it was only used in the 4993 Context Error message. 4995 o Introduced a I2bis message which is sent in response to an I1bis 4996 message, since the responders processing is quite in this case 4997 than in the regular R1 case. 4999 o Moved the packet formats for the Keepalive and Probe message types 5000 and Event option to [9]. Only the message type values and option 5001 type value are specified for those in this document. 5003 o Removed the unused message types. 5005 o Added a state machine description as an appendix. 5007 o Filled in all the TBDs - except the IANA assignment of the 5008 protocol number. 5010 o Specified how context recovery and forked contexts work together. 5011 This required the introduction of a Forked Instance option to be 5012 able to tell which of possibly forked instances is being 5013 recovered. 5015 o Renamed the "host-pair context" to be "ULID-pair context". 5017 o Picked some initial retransmit timers for I1 and I2; 4 seconds. 5019 o Added timer values as protocol constants. The retransmit timers 5020 use binary exponential backoff and randomization (between .5 and 5021 1.5 of the nominal value). 5023 o Require that the R1/R1bis verifiers be usable for some minimum 5024 time so that the initiator knows for how long time it can safely 5025 retransmit I2 before it needs to go back to sending I1 again. 5026 Picked 30 seconds. 5028 o Split the message type codes into 0-63, which will not generate 5029 R1bis messages, and 64-127 which will generate R1bis messages. 5030 This allows extensibility of the protocol with new message types 5031 while being able to control when R1bis is generated. 5033 o Expanded the context tag from 32 to 47 bits. 5035 o Specified that enough locators need to be included in I2 and R2 5036 messages. Specified that the HBA/CGA verification must be 5037 performed when the locator set is received. 5039 o Specified that ICMP parameter problem errors are sent in certain 5040 error cases, for instance when the verification method is unknown 5041 to the receiver, or there is an unknown message type or option 5042 type. 5044 o Renamed "payload message" to be "payload extension header". 5046 o Many editorial clarifications suggested by Geoff Huston. 5048 o Modified the dispatching of payload extension header to only 5049 compare CT(local) i.e., not compare the source and destination 5050 IPv6 address fields. 5052 The following changes have been made since draft-ietf-shim6-proto-00: 5054 o Removed the use of the flow label and the overloading of the IP 5055 protocol numbers. Instead, when the locator pair is not the ULID 5056 pair, the ULP payloads will be carried with an 8 octet extension 5057 header. The belief is that it is possible to remove these extra 5058 bytes by defining future shim6 extensions that exchange more 5059 information between the hosts, without having to overload the flow 5060 label or the IP protocol numbers. 5062 o Grew the context tag from 20 bits to 32 bits, with the possibility 5063 to grow it to 47 bits. This implies changes to the message 5064 formats. 5066 o Almost by accident, the new shim6 message format is very close to 5067 the HIP message format. 5069 o Adopted the HIP format for the options, since this makes it easier 5070 to describe variable length options. The original, ND-style, 5071 option format requires internal padding in the options to make 5072 them 8 octet length in total, while the HIP format handles that 5073 using the option length field. 5075 o Removed some of the control messages, and renamed the other ones. 5077 o Added a "generation" number to the Locator List option, so that 5078 the peers can ensure that the preferences refer to the right 5079 "version" of the Locator List. 5081 o In order for FBD and exploration to work when there the use of the 5082 context is forked, that is different ULP messages are sent over 5083 different locator pairs, things are a lot easier if there is only 5084 one current locator pair used for each context. Thus the forking 5085 of the context is now causing a new context to be established for 5086 the same ULID; the new context having a new context tag. The 5087 original context is referred to as the "default" context for the 5088 ULID pair. 5090 o Added more background material and textual descriptions. 5092 19. References 5094 19.1. Normative References 5096 [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement 5097 Levels", BCP 14, RFC 2119, March 1997. 5099 [2] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) 5100 Specification", RFC 2460, December 1998. 5102 [3] Narten, T., Nordmark, E., and W. Simpson, "Neighbor Discovery 5103 for IP Version 6 (IPv6)", RFC 2461, December 1998. 5105 [4] Thomson, S. and T. Narten, "IPv6 Stateless Address 5106 Autoconfiguration", RFC 2462, December 1998. 5108 [5] Conta, A. and S. Deering, "Internet Control Message Protocol 5109 (ICMPv6) for the Internet Protocol Version 6 (IPv6) 5110 Specification", RFC 2463, December 1998. 5112 [6] Aura, T., "Cryptographically Generated Addresses (CGA)", 5113 RFC 3972, March 2005. 5115 [7] Kent, S. and K. Seo, "Security Architecture for the Internet 5116 Protocol", RFC 4301, December 2005. 5118 [8] Bagnulo, M., "Hash Based Addresses (HBA)", 5119 draft-ietf-shim6-hba-02 (work in progress), October 2006. 5121 [9] Arkko, J. and I. Beijnum, "Failure Detection and Locator Pair 5122 Exploration Protocol for IPv6 Multihoming", 5123 draft-ietf-shim6-failure-detection-06 (work in progress), 5124 September 2006. 5126 19.2. Informative References 5128 [10] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for 5129 specifying the location of services (DNS SRV)", RFC 2782, 5130 February 2000. 5132 [11] Ferguson, P. and D. Senie, "Network Ingress Filtering: 5133 Defeating Denial of Service Attacks which employ IP Source 5134 Address Spoofing", BCP 38, RFC 2827, May 2000. 5136 [12] Narten, T. and R. Draves, "Privacy Extensions for Stateless 5137 Address Autoconfiguration in IPv6", RFC 3041, January 2001. 5139 [13] Draves, R., "Default Address Selection for Internet Protocol 5140 version 6 (IPv6)", RFC 3484, February 2003. 5142 [14] Bagnulo, M., "Updating RFC 3484 for multihoming support", 5143 draft-bagnulo-ipv6-rfc3484-update-00 (work in progress), 5144 December 2005. 5146 [15] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, 5147 "RTP: A Transport Protocol for Real-Time Applications", STD 64, 5148 RFC 3550, July 2003. 5150 [16] Abley, J., Black, B., and V. Gill, "Goals for IPv6 Site- 5151 Multihoming Architectures", RFC 3582, August 2003. 5153 [17] Rajahalme, J., Conta, A., Carpenter, B., and S. Deering, "IPv6 5154 Flow Label Specification", RFC 3697, March 2004. 5156 [18] Eastlake, D., Schiller, J., and S. Crocker, "Randomness 5157 Requirements for Security", BCP 106, RFC 4086, June 2005. 5159 [19] Hinden, R. and B. Haberman, "Unique Local IPv6 Unicast 5160 Addresses", RFC 4193, October 2005. 5162 [20] Nordmark, E. and T. Li, "Threats Relating to IPv6 Multihoming 5163 Solutions", RFC 4218, October 2005. 5165 [21] Huitema, C., "Ingress filtering compatibility for IPv6 5166 multihomed sites", draft-huitema-shim6-ingress-filtering-00 5167 (work in progress), September 2005. 5169 [22] Bagnulo, M. and E. Nordmark, "SHIM - MIPv6 Interaction", 5170 draft-bagnulo-shim6-mip-00 (work in progress), July 2005. 5172 [23] Nordmark, E., "Shim6 Application Referral Issues", 5173 draft-ietf-shim6-app-refer-00 (work in progress), July 2005. 5175 [24] Bagnulo, M. and J. Abley, "Applicability Statement for the 5176 Level 3 Multihoming Shim Protocol (Shim6)", 5177 draft-ietf-shim6-applicability-02 (work in progress), 5178 October 2006. 5180 [25] Huston, G., "Architectural Commentary on Site Multi-homing 5181 using a Level 3 Shim", draft-ietf-shim6-arch-00 (work in 5182 progress), July 2005. 5184 [26] Moskowitz, R., "Host Identity Protocol", draft-ietf-hip-base-06 5185 (work in progress), June 2006. 5187 [27] Eronen, P., "IKEv2 Mobility and Multihoming Protocol (MOBIKE)", 5188 draft-ietf-mobike-protocol-08 (work in progress), 5189 February 2006. 5191 Authors' Addresses 5193 Erik Nordmark 5194 Sun Microsystems 5195 17 Network Circle 5196 Menlo Park, CA 94025 5197 USA 5199 Phone: +1 650 786 2921 5200 Email: erik.nordmark@sun.com 5202 Marcelo Bagnulo 5203 Universidad Carlos III de Madrid 5204 Av. Universidad 30 5205 Leganes, Madrid 28911 5206 SPAIN 5208 Phone: +34 91 6248814 5209 Email: marcelo@it.uc3m.es 5210 URI: http://www.it.uc3m.es 5212 Intellectual Property Statement 5214 The IETF takes no position regarding the validity or scope of any 5215 Intellectual Property Rights or other rights that might be claimed to 5216 pertain to the implementation or use of the technology described in 5217 this document or the extent to which any license under such rights 5218 might or might not be available; nor does it represent that it has 5219 made any independent effort to identify any such rights. Information 5220 on the procedures with respect to rights in RFC documents can be 5221 found in BCP 78 and BCP 79. 5223 Copies of IPR disclosures made to the IETF Secretariat and any 5224 assurances of licenses to be made available, or the result of an 5225 attempt made to obtain a general license or permission for the use of 5226 such proprietary rights by implementers or users of this 5227 specification can be obtained from the IETF on-line IPR repository at 5228 http://www.ietf.org/ipr. 5230 The IETF invites any interested party to bring to its attention any 5231 copyrights, patents or patent applications, or other proprietary 5232 rights that may cover technology that may be required to implement 5233 this standard. Please address the information to the IETF at 5234 ietf-ipr@ietf.org. 5236 Disclaimer of Validity 5238 This document and the information contained herein are provided on an 5239 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 5240 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 5241 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 5242 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 5243 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 5244 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 5246 Copyright Statement 5248 Copyright (C) The Internet Society (2006). This document is subject 5249 to the rights, licenses and restrictions contained in BCP 78, and 5250 except as set forth therein, the authors retain all their rights. 5252 Acknowledgment 5254 Funding for the RFC Editor function is currently provided by the 5255 Internet Society.