idnits 2.17.1 draft-templin-aerolink-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == The 'Obsoletes: ' line in the draft header should list only the _numbers_ of the RFCs which will be obsoleted by this document (if approved); it should not include the word 'RFC' in the list. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 04, 2014) is 3734 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC0768' is defined on line 1130, but no explicit reference was found in the text == Unused Reference: 'RFC0791' is defined on line 1133, but no explicit reference was found in the text == Unused Reference: 'RFC0792' is defined on line 1136, but no explicit reference was found in the text == Unused Reference: 'RFC2460' is defined on line 1142, but no explicit reference was found in the text == Unused Reference: 'RFC4862' is defined on line 1159, but no explicit reference was found in the text == Unused Reference: 'RFC3315' is defined on line 1176, but no explicit reference was found in the text == Unused Reference: 'RFC6204' is defined on line 1207, but no explicit reference was found in the text == Unused Reference: 'RFC6980' is defined on line 1231, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 3633 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 6434 (Obsoleted by RFC 8504) -- Obsolete informational reference (is this intentional?): RFC 879 (Obsoleted by RFC 7805, RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 3315 (Obsoleted by RFC 8415) -- Obsolete informational reference (is this intentional?): RFC 5996 (Obsoleted by RFC 7296) -- Obsolete informational reference (is this intentional?): RFC 6204 (Obsoleted by RFC 7084) -- Obsolete informational reference (is this intentional?): RFC 6691 (Obsoleted by RFC 9293) Summary: 3 errors (**), 0 flaws (~~), 10 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group F. Templin, Ed. 3 Internet-Draft Boeing Research & Technology 4 Obsoletes: rfc6706 (if approved) February 04, 2014 5 Intended status: Standards Track 6 Expires: August 8, 2014 8 Transmission of IPv6 Packets over AERO Links 9 draft-templin-aerolink-06.txt 11 Abstract 13 This document specifies the operation of IPv6 over tunnel virtual 14 Non-Broadcast, Multiple Access (NBMA) links using Asymmetric Extended 15 Route Optimization (AERO). Nodes attached to AERO links can exchange 16 packets via trusted intermediate routers on the link that provide 17 forwarding services to reach off-link destinations and/or redirection 18 services to inform the node of an on-link neighbor that is closer to 19 the final destination. Operation of the IPv6 Neighbor Discovery (ND) 20 protocol over AERO links is based on an IPv6 link local address 21 format known as the AERO address. 23 Status of this Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on August 8, 2014. 40 Copyright Notice 42 Copyright (c) 2014 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 3. Asymmetric Extended Route Optimization (AERO) . . . . . . . . 5 60 3.1. AERO Node Types . . . . . . . . . . . . . . . . . . . . . 5 61 3.2. AERO Interface Characteristics . . . . . . . . . . . . . . 5 62 3.3. AERO Interface MTU Considerations . . . . . . . . . . . . 8 63 3.4. AERO Interface Encapsulation, Re-encapsulation and 64 Decapsulation . . . . . . . . . . . . . . . . . . . . . . 10 65 3.5. AERO Addresses . . . . . . . . . . . . . . . . . . . . . . 11 66 3.6. AERO Reference Operational Scenario . . . . . . . . . . . 12 67 3.7. AERO Router Discovery and Prefix Delegation . . . . . . . 13 68 3.7.1. AERO Client Behavior . . . . . . . . . . . . . . . . . 13 69 3.7.2. AERO Server Behavior . . . . . . . . . . . . . . . . . 14 70 3.8. AERO Neighbor Solicitation and Advertisement . . . . . . . 14 71 3.9. AERO Redirection . . . . . . . . . . . . . . . . . . . . . 16 72 3.9.1. Classical Redirection Approaches . . . . . . . . . . . 16 73 3.9.2. AERO Redirection Concept of Operations . . . . . . . . 17 74 3.9.3. AERO Redirection Message Format . . . . . . . . . . . 17 75 3.9.4. Sending Predirects . . . . . . . . . . . . . . . . . . 18 76 3.9.5. Processing Predirects and Sending Redirects . . . . . 19 77 3.9.6. Re-encapsulating and Relaying Redirects . . . . . . . 20 78 3.9.7. Processing Redirects . . . . . . . . . . . . . . . . . 21 79 3.10. Neighbor Reachability Considerations . . . . . . . . . . . 21 80 3.11. Mobility and Link-Layer Address Change Considerations . . 22 81 3.12. Underlying Protocol Version Considerations . . . . . . . . 22 82 3.13. Multicast Considerations . . . . . . . . . . . . . . . . . 23 83 3.14. Operation on Server-less AERO Links . . . . . . . . . . . 23 84 3.15. Other Considerations . . . . . . . . . . . . . . . . . . . 23 85 4. Implementation Status . . . . . . . . . . . . . . . . . . . . 24 86 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 87 6. Security Considerations . . . . . . . . . . . . . . . . . . . 24 88 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24 89 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25 90 8.1. Normative References . . . . . . . . . . . . . . . . . . . 25 91 8.2. Informative References . . . . . . . . . . . . . . . . . . 26 92 Appendix A. AERO Server and Relay Interworking . . . . . . . . . 27 93 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 29 95 1. Introduction 97 This document specifies the operation of IPv6 over tunnel virtual 98 Non-Broadcast, Multiple Access (NBMA) links using Asymmetric Extended 99 Route Optimization (AERO). Nodes attached to AERO links can exchange 100 packets via trusted intermediate routers on the link that provide 101 forwarding services to reach off-link destinations and/or redirection 102 services to inform the node of an on-link neighbor that is closer to 103 the final destination. 105 Nodes on AERO links use an IPv6 link-local address format known as 106 the AERO Address. This address type has properties that statelessly 107 link IPv6 Neighbor Discovery (ND) to IPv6 routing. The AERO link can 108 be used for tunneling to neighboring nodes on either IPv6 or IPv4 109 networks, i.e., AERO views the IPv6 and IPv4 networks as equivalent 110 links for tunneling. The remainder of this document presents the 111 AERO specification. 113 2. Terminology 115 The terminology in the normative references applies; the following 116 terms are defined within the scope of this document: 118 AERO link 119 a Non-Broadcast, Multiple Access (NBMA) tunnel virtual overlay 120 configured over a node's attached IPv6 and/or IPv4 networks. All 121 nodes on the AERO link appear as single-hop neighbors from the 122 perspective of IPv6. 124 AERO interface 125 a node's attachment to an AERO link. 127 AERO address 128 an IPv6 link-local address assigned to an AERO interface and 129 constructed as specified in Section 3.5. 131 AERO node 132 a node that is connected to an AERO link and that participates in 133 IPv6 Neighbor Discovery over the link. 135 AERO Client ("client") 136 a node that configures either a host interface or a router 137 interface on an AERO link. 139 AERO Server ("server") 140 a node that configures a router interface on an AERO link over 141 which it can provide default forwarding and redirection services 142 for other AERO nodes. 144 AERO Relay ("relay") 145 a node that relays IPv6 packets between Servers on the same AERO 146 link, and/or that forwards IPv6 packets between the AERO link and 147 the IPv6 Internet. An AERO Relay may or may not also be 148 configured as an AERO Server. 150 ingress tunnel endpoint (ITE) 151 an AERO interface endpoint that injects packets into an AERO link. 153 egress tunnel endpoint (ETE) 154 an AERO interface endpoint that receives tunneled packets from an 155 AERO link. 157 underlying network 158 a connected IPv6 or IPv4 network routing region over which AERO 159 nodes tunnel IPv6 packets. 161 underlying interface 162 an AERO node's interface point of attachment to an underlying 163 network. 165 underlying address 166 an IPv6 or IPv4 address assigned to an AERO node's underlying 167 interface. When UDP encapsulation is used, the UDP port number is 168 also considered as part of the underlying address. Underlying 169 addresses are used as the source and destination addresses of the 170 AERO encapsulation header. 172 link-layer address 173 the same as defined for "underlying address" above. 175 network layer address 176 an IPv6 address used as the source or destination address of the 177 inner IPv6 packet header. 179 end user network (EUN) 180 an IPv6 network attached to a downstream interface of an AERO 181 Client (where the AERO interface is seen as the upstream 182 interface). 184 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 185 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 186 document are to be interpreted as described in [RFC2119]. 188 3. Asymmetric Extended Route Optimization (AERO) 190 The following sections specify the operation of IPv6 over Asymmetric 191 Extended Route Optimization (AERO) links: 193 3.1. AERO Node Types 195 AERO Relays relay packets between nodes connected to the same AERO 196 link and also forward packets between the AERO link and the native 197 IPv6 network. The relaying process entails re-encapsulation of IPv6 198 packets that were received from a first AERO node and are to be 199 forwarded without modification to a second AERO node. 201 AERO Servers configure their AERO interfaces as router interfaces, 202 and provide default routing services to AERO Clients. AERO Servers 203 configure a DHCPv6 Relay or Server function and facilitate DHCPv6 204 Prefix Delegation (PD) exchanges. An AERO Server may also act as an 205 AERO Relay. 207 AERO Clients act as requesting routers to receive IPv6 prefixes 208 through a DHCPv6 PD exchange via an AERO Server over the AERO link. 209 Each AERO Client receives at least a /64 prefix delegation, and may 210 receive even shorter prefixes. 212 AERO Clients that act as routers configure their AERO interfaces as 213 router interfaces, i.e., even if the AERO Client otherwise displays 214 the outward characteristics of an ordinary host (for example, the 215 Client may internally configure both an AERO interface and (internal 216 virtual) End User Network (EUN) interfaces). AERO Clients that act 217 as routers sub-delegate portions of their received prefix delegations 218 to links on EUNs. 220 AERO Clients that act as ordinary hosts configure their AERO 221 interfaces as host interfaces and assign one or more IPv6 addresses 222 taken from their received prefix delegations to the AERO interface 223 but DO NOT assign the delegated prefix itself to the AERO interface. 224 Instead, the host assigns the delegated prefix to a "black hole" 225 route so that unused portions of the prefix are nullified. 227 End system applications on AERO hosts bind directly to the AERO 228 interface, while applications on AERO routers (or IPv6 hosts served 229 by an AERO router) bind to EUN interfaces. 231 3.2. AERO Interface Characteristics 233 AERO interfaces use IPv6-in-IPv6 encapsulation [RFC2473] to exchange 234 tunneled packets with AERO neighbors attached to an underlying IPv6 235 network, and use IPv6-in-IPv4 encapsulation [RFC4213] to exchange 236 tunneled packets with AERO neighbors attached to an underlying IPv4 237 network. AERO interfaces can also use IPsec encapsulation [RFC4301] 238 (either IPv6-in-IPv6 or IPv6-in-IPv4) in environments where strong 239 authentication and confidentiality are required. When NAT traversal 240 and/or filtering middlebox traversal is necessary, a UDP header is 241 further inserted between the outer IP encapsulation header and the 242 inner packet. 244 AERO interfaces configure a Maximum Transmission Unit (MTU) that is 245 as large as the MTU of the underlying interface minus the 246 encapsulation overhead (where the largest possible sizes are 64KB 247 minus encapsulation overhead over IPv4, and 4GB minus encapsulation 248 overhead over IPv6). 250 AERO interfaces maintain a neighbor cache and use a variation of 251 standard unicast IPv6 ND messaging. AERO interfaces use Neighbor 252 Solicitation (NS), Neighbor Advertisement (NA) and Redirect messages 253 the same as for any IPv6 link. They do not use Router Solicitation 254 (RS) and Router Advertisement (RA) messages for several reasons. 255 First, default router discovery is supported through other means more 256 appropriate for AERO links as described below. Second, discovery of 257 more-specific routes is through the receipt of NS, NA and Redirect 258 messages. Finally, AERO nodes receive IPv6 prefix delegations via 259 DHCPv6; hence, there is no need for RA-based prefix discovery. 261 AERO Neighbor Solicitation (NS) and Neighbor Advertisement (NA) 262 messages do not include Source/Target Link Layer Address Options 263 (S/TLLAO). Instead, AERO nodes determine the link-layer addresses of 264 neighbors by examining the encapsulation source address of any NS/NA 265 messages they receive and ignore any S/TLLAOs included in these 266 messages. This is vital to the operation of AERO links for which 267 neighbors are separated by Network Address Translators (NATs) - 268 either IPv4 or IPv6. 270 AERO Redirect messages include a TLLAO the same as for any IPv6 link. 271 The TLLAO includes the link-layer address of the target node, 272 including both the IP address and the UDP source port number used by 273 the target when it sends UDP-encapsulated packets over the AERO 274 interface (the TLLAO instead encodes the value 0 when the target does 275 not use UDP encapsulation). TLLAOs for target nodes that use an IPv6 276 underlying address include the full 16 bytes of the IPv6 address as 277 shown in Figure 1, while TLLAOs for target nodes that use an IPv4 278 underlying address include only the 4 bytes of the IPv4 address as 279 shown in Figure 2. 281 0 1 2 3 282 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 283 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 284 | Type = 2 | Length = 3 | UDP Source Port (or 0) | 285 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 286 | Reserved | 287 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 288 | | 289 +-- --+ 290 | | 291 +-- IPv6 Address --+ 292 | | 293 +-- --+ 294 | | 295 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 297 Figure 1: AERO TLLAO Format for IPv6 299 0 1 2 3 300 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 301 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 302 | Type = 2 | Length = 1 | UDP Source Port (or 0) | 303 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 304 | IPv4 Address | 305 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 307 Figure 2: AERO TLLAO Format for IPv4 309 Finally, nodes on AERO interfaces use a simple data origin 310 authentication for encapsulated packets they receive from other 311 nodes. In particular, AERO Clients accept encapsulated packets with 312 a link-layer source address belonging to their current AERO Server. 313 AERO nodes also accept encapsulated packets with a link-layer source 314 address that is correct for the network-layer source address. The 315 AERO node considers the link-layer source address correct for the 316 network-layer source address if there is an IPv6 route that matches 317 the network-layer source address as well as a neighbor cache entry 318 corresponding to the next hop that includes the link-layer address. 319 (An exception is that NS, NA and Redirect messages may include a 320 different link-layer address than the one currently in the neighbor 321 cache, and the new link-layer address updates the neighbor cache 322 entry.) 324 3.3. AERO Interface MTU Considerations 326 The base tunneling specifications for IPv4 and IPv6 typically set a 327 static MTU on the tunnel interface to 1500 bytes minus the 328 encapsulation overhead or smaller still if the tunnel is likely to 329 incur additional encapsulations such as IPsec on the path. This can 330 result in path MTU related black holes when packets that are too 331 large to be accommodated over the AERO link are dropped, but the 332 resulting ICMP Packet Too Big (PTB) messages are lost on the return 333 path. As a result, AERO nodes MUST use the following MTU mitigations 334 to accommodate larger packets. 336 AERO Clients MUST set their AERO interface MTU to the larger of 1280 337 bytes and the underlying interface MTU minus the encapsulation 338 overhead while AERO Relays and Servers MUST set their AERO interface 339 MTU to the larger of 1500 bytes and the underlying interface MTU 340 minus the encapsulation overhead. (AERO Relays and Servers set their 341 AERO interface MTU to at least 1500 bytes so that IPv6 packets up to 342 1500 bytes in length entering the AERO link from the IPv6 Internet 343 will not be dropped due to an MTU restriction resulting in a PTB 344 message being generated. AERO Clients MAY set a smaller MTU since 345 the loss of an IPv6 packet originating from their attached EUNs will 346 result in deterministic delivery of PTB messages to the IPv6 source.) 348 AERO Clients cache the minimum MTU for their AERO Servers in the 349 underlying IP path MTU discovery cache, where the minimum MTU is set 350 such that no fragmentation will occur on the path from the Client to 351 the Server - this size can be set statically or via measurement 352 through sending probes as described below. AERO Servers and Relays 353 discard any encapsulated packets they receive that arrive as 354 fragments. 356 AERO nodes optionally cache other per-neighbor MTU values in the 357 underlying IP path MTU discovery cache initialized to the underlying 358 interface MTU. The node then admits packets that are no larger than 359 1280 bytes minus the encapsulation overhead (*) as well as packets 360 that are larger than 1500 bytes into the tunnel without fragmentation 361 (i.e., as long as they are no larger than the AERO interface MTU 362 before encapsulation and also no larger than the cached per-neighbor 363 MTU following encapsulation). For IPv4, the node sets the "Don't 364 Fragment" (DF) bit to 0 for packets no larger than 1280 bytes minus 365 the encapsulation overhead (*) and sets the DF bit to 1 for packets 366 larger than 1500 bytes. If a large packet is lost in the path, the 367 node may optionally cache the MTU reported in the resulting PTB 368 message or may ignore the message, e.g., if there is a possibility 369 that the message is spurious. 371 For packets destined to an AERO Client that are larger than 1280 372 bytes minus the encapsulation overhead (*) but no larger than 1500 373 bytes, if the outer protocol is IPv6 the node uses outer IPv6 374 fragmentation to fragment the packet into two pieces (where the first 375 fragment contains at least 1024 bytes of the fragmented inner packet) 376 then admits the fragments into the tunnel. If the outer protocol is 377 IPv4, the node instead admits the packet into the tunnel with DF set 378 to 0 subject to rate limiting to ensure that any fragmentation 379 resulting in the path does not result in reassembly errors 380 [RFC4963][RFC6864]. For both IPv4 and IPv6, the node also sends a 381 1500 byte probe message to the neighbor, subject to rate limiting. 382 To construct a probe, the node prepares an ICMPv6 Neighbor 383 Solicitation (NS) message with trailing padding octets added to a 384 length of 1500 bytes but does not include the length of the padding 385 in the IPv6 Payload Length field. The node then encapsulates the NS 386 in the outer encapsulation headers (while including the length of the 387 padding in the outer length fields), sets DF to 1 (for IPv4) and 388 sends the padded NS message to the neighbor. If the neighbor returns 389 an NA message, the node may then send whole packets within this size 390 range and (for IPv4) relax the rate limiting requirement. 392 In addition to these MTU mitigations, AERO Clients rewrite the TCP 393 Maximum Segment Size (MSS) value in any TCP connection handshakes 394 they originate over the AERO interface [RFC0879][RFC6691]. The 395 Client performs this "MSS clamping" by rewriting the MSS to a size 396 that is no larger than 1500 bytes minus the length of the TCP and 397 IPv6 headers minus the encapsulation overhead minus the length of any 398 additional encapsulations (e.g., IPsec) expected on the path. 400 By writing a reduced value in the TCP MSS, the Client ensures that 401 the resulting TCP session will use packet sizes small enough to avoid 402 fragmentation. The communicating endpoints can subsequently probe 403 for larger packet sizes using Packetization Layer Path MTU Discovery 404 (PLMPMTUD) [RFC4821], which searches for successful packet sizes 405 larger than the original MSS. Other protocol types that do not 406 include an MSS exchange in their connection establishment (e.g., UDP) 407 will still see a maximal MTU even if a small amount of fragmentation 408 and reassembly are required. 410 AERO Clients MUST be capable of reassembling packets up to 1500 bytes 411 plus the encapsulation overhead length. It is therefore RECOMMENDED 412 that AERO Clients be capable of reassembling at least 2KB. 414 AERO Servers and Relays that exchange re-encapsulated packets with 415 one another MUST connect via a network that supports a minimum path 416 MTU of 1500 bytes plus the encapsulation overhead so that no 417 fragmentation and reassembly are required. If this cannot be 418 assured, AERO Servers and Relays instead MUST set their AERO 419 interface MTU to no more than 1500 bytes minus the encapsulation 420 overhead. In that case, large packets originiating from IPv6 nodes 421 outside the AERO link may be dropped with no assurance that a PTB 422 would make it back to the source. 424 (*) Note that if it is known that the minimum Path MTU to a an AERO 425 node is MINMTU bytes (where MINMTU > 1280) then MINMTU can be used 426 instead of 1280 in the fragmentation threshold considerations listed 427 above. Note also that AERO nodes can use NS MTU probes of various 428 sizes to test for a better fragmentation threshold value. 430 3.4. AERO Interface Encapsulation, Re-encapsulation and Decapsulation 432 AERO interfaces encapsulate IPv6 packets according to whether they 433 are entering the AERO interface for the first time or if they are 434 being forwarded out the same AERO interface that they arrived on. 435 This latter form of encapsulation is known as "re-encapsulation". 437 AERO interfaces encapsulate packets per the specifications in , 438 [RFC2473], [RFC4213] except that the interface copies the "TTL/Hop 439 Limit", "Type of Service/Traffic Class" and "Congestion Experienced" 440 values in the inner network layer header into the corresponding 441 fields in the outer IP header. For packets undergoing re- 442 encapsulation, the AERO interface instead copies the "TTL/Hop Limit", 443 "Type of Service/Traffic Class" and "Congestion Experienced" values 444 in the original outer IP header into the corresponding fields in the 445 new outer IP header (i.e., the values are transferred between outer 446 headers and *not* copied from the inner network layer header). 448 When UDP encapsulation is used, the AERO interface inserts a UDP 449 header between the inner packet and outer IP header. If the outer 450 header is IPv6 and is followed by an IPv6 Fragment header, the AERO 451 interface inserts the UDP header between the outer IPv6 header and 452 IPv6 Fragment header. The AERO interface sets the UDP source port to 453 a constant value that it will use in each successive packet it sends, 454 sets the UDP destination port to 8060 (i.e., the IANA-registered port 455 number for AERO), sets the UDP checksum field to zero (see: 456 [RFC6935][RFC6936]) and sets the UDP length field to the length of 457 the inner packet plus 8 bytes for the UDP header itself. 459 The AERO interface next sets the outer IP protocol number to the 460 appropriate value for the first protocol layer within the 461 encapsulation (e.g., IPv6, IPv6 Fragment Header, UDP, etc.). When 462 IPv6 is used as the outer IP protocol, the ITE then sets the flow 463 label value in the outer IPv6 header the same as described in 464 [RFC6438]. When IPv4 is used as the outer IP protocol, the AERO 465 interface sets the DF bit as discussed in Section 3.2. 467 AERO interfaces decapsulate packets destined either to the localhost 468 or to a destination reached via an interface other than the receiving 469 AERO interface per the specifications in , [RFC2473], [RFC4213]. 470 When the encapsulated packet includes a UDP header, the AERO 471 interfaces examines the first octet of data following the UDP header 472 to determine the inner header type. If the most significant four 473 bits of the first octet encode the value '0110', the inner header is 474 an IPv6 header. Otherwise, the interface considers the first octet 475 as an IP protocol type that encodes the value '44' for IPv6 fragment 476 header, the value '50' for Encapsulating Security Payload, the value 477 '51' for Authentication Header etc. (If the first octet encodes the 478 value '0', the interface instead discards the packet, since this is 479 the value reserved for experimentation under , [RFC6706]). During 480 the decapsulation, the AERO interface records the UDP source port in 481 the neighbor cache entry for this neighbor then discards the UDP 482 header. 484 3.5. AERO Addresses 486 An AERO address is an IPv6 link-local address assigned to an AERO 487 interface and with an IPv6 prefix embedded within the interface 488 identifier. The AERO address is formatted as: 490 fe80::[IPv6 prefix] 492 Each AERO Client configures an AERO address based on the delegated 493 prefix it has received from the AERO link prefix delegation 494 authority. The address begins with the prefix fe80::/64 and includes 495 in its interface identifier the base /64 prefix taken from the 496 Client's delegated IPv6 prefix. The base prefix is determined by 497 masking the delegated prefix with the prefix length. For example, if 498 an AERO Client has received the prefix delegation: 500 2001:db8:1000:2000::/56 502 it would construct its AERO address as: 504 fe80::2001:db8:1000:2000 506 An AERO Client may receive multiple non-contiguous IPv6 prefix 507 delegations, in which case it would configure multiple AERO addresses 508 - one for each prefix. 510 Each AERO Server configures the special AERO address fe80::1 to 511 support the operation of IPv6 Neighbor Discovery over the AERO link; 512 the address therefore has the properties of an IPv6 Anycast address. 513 While all Servers configure the same AERO address and therefore 514 cannot be distinguished from one another at the network layer, 515 Clients can still distinguish Servers at the link layer by examining 516 the Servers' link-layer addresses. 518 Nodes that are configured as pure AERO Relays (i.e., and that do not 519 also act as Servers) do not configure an IPv6 address of any kind on 520 their AERO interfaces. The Relay's AERO interface is therefore used 521 purely for transit and does not participate in IPv6 ND message 522 exchanges. 524 3.6. AERO Reference Operational Scenario 526 Figure 3 depicts the AERO reference operational scenario. The figure 527 shows an AERO Server('A'), two AERO Clients ('B', 'D') and three 528 ordinary IPv6 hosts ('C', 'E', 'F'): 529 .-(::::::::) 530 .-(::: IPv6 :::)-. +-------------+ 531 (:::: Internet ::::)--| Host F | 532 `-(::::::::::::)-' +-------------+ 533 `-(::::::)-' 2001:db8:3::1 534 | 535 +--------------+ 536 | AERO Server A| 537 | (C->B; E->D) | 538 +--------------+ 539 fe80::1 540 L2(A) 541 | 542 X-----+-----------+-----------+--------X 543 | AERO Link | 544 L2(B) L2(D) 545 fe80::2001:db8:0:0 fe80::2001:db8:1:0 .-. 546 +--------------+ +--------------+ ,-( _)-. 547 | AERO Client B| | AERO Client D| .-(_ IPv6 )-. 548 | (default->A) | | (default->A) |--(__ EUN ) 549 +--------------+ +--------------+ `-(______)-' 550 2001:DB8:0::/48 2001:DB8:1::/48 | 551 | 2001:db8:1::1 552 .-. +-------------+ 553 ,-( _)-. 2001:db8:0::1 | Host E | 554 .-(_ IPv6 )-. +-------------+ +-------------+ 555 (__ EUN )--| Host C | 556 `-(______)-' +-------------+ 558 Figure 3: AERO Reference Operational Scenario 560 In Figure 3, AERO Server ('A') connects to the AERO link and connects 561 to the IPv6 Internet, either directly or via an AERO Relay (not 562 shown). Server ('A') assigns the address fe80::1 to its AERO 563 interface with link-layer address L2(A). Server ('A') next arranges 564 to add L2(A) to a published list of valid Servers for the AERO link. 566 AERO Client ('B') receives the IPv6 prefix 2001:db8:0::/48 in a 567 DHCPv6 PD exchange via Server ('A') and assigns the address fe80:: 568 2001:db8:0:0 to its AERO interface with link-layer address L2(B). 569 Client ('B') configures a default route via the AERO interface with 570 next-hop address fe80::1 and link-layer address L2(A), then sub- 571 delegates the prefix 2001:db8:0::/48 to its attached EUNs. IPv6 host 572 ('C') connects to the EUN, and configures the address 2001:db8:0::1. 574 AERO Client ('D') receives the IPv6 prefix 2001:db8:1::/48 in a 575 DHCPv6 PD exchange via Server ('A') and assigns the address fe80:: 576 2001:db8:1:0 to its AERO interface with link-layer address L2(D). 577 Client ('D') configures a default route via the AERO interface with 578 next-hop address fe80::1 and link-layer address L2(A), then sub- 579 delegates the prefix 2001:db8:1::/48 to its attached EUNs. IPv6 host 580 ('E') connects to the EUN, and configures the address 2001:db8:1::1. 582 Finally, IPv6 host ('F') connects to an IPv6 network outside of the 583 AERO link domain. Host ('F') configures its IPv6 interface in a 584 manner specific to its attached IPv6 link, and assigns the address 585 2001:db8:3::1 to its IPv6 link interface. 587 3.7. AERO Router Discovery and Prefix Delegation 589 3.7.1. AERO Client Behavior 591 AERO Clients observe the IPv6 router requirements defined in 592 [RFC6434]. AERO Clients first discover the link-layer address of an 593 AERO Server via static configuration, or through an automated means 594 such as DNS name resolution. In the absence of other information, 595 the Client resolves the Fully-Qualified Domain Name (FQDN) 596 "linkupnetworks.domainname", where "domainname" is the DNS domain 597 appropriate for the Client's attached underlying network. The Client 598 then creates a neighbor cache entry with the IPv6 link-local address 599 fe80::1 and the discovered address as the link-layer address. The 600 Client further creates a default route with the link-local address 601 fe80::1 as the next hop. 603 Next, the Client acts as a requesting router to obtain IPv6 prefixes 604 through DHCPv6 Prefix Delegation [RFC3633] via the Server. After the 605 Client acquires prefixes, it sub-delegates them to nodes and links 606 within its attached EUNs. It also assigns the link-local AERO 607 address(es) taken from its delegated prefix(es) to the AERO interface 608 (see: Section 3.5). 610 After configuring a default route and obtaining prefixes, the Client 611 sends periodic NS messages to the server to obtain new NAs in order 612 to keep neighbor cache entries alive. The Client can also forward 613 IPv6 packets destined to networks beyond its local EUNs via the 614 Server as an IPv6 default router. The Server may in turn return a 615 Redirect message informing the Client of a neighbor on the AERO link 616 that is topologically closer to the final destination as specified in 617 Section 3.9. 619 3.7.2. AERO Server Behavior 621 AERO Servers observe the IPv6 router requirements defined in 622 [RFC6434]. They further configure a DHCPv6 relay/server function on 623 their AERO links. When the Server delegates prefixes, it also 624 establishes forwarding table and neighbor cache entries that list the 625 AERO address of the Client as the next hop toward the delegated IPv6 626 prefixes (where the AERO address is constructed as specified in 627 Section 3.5). 629 Servers respond to NS messages from Clients on their AERO interfaces 630 by returning an NA message. When the Server receives an NS message, 631 it updates the neighbor cache entry using the network layer source 632 address as the neighbor's network layer address and using the link- 633 layer source address of the NS message as the neighbor's link-layer 634 address. 636 When the Server forwards a packet via the same AERO interface on 637 which it arrived, it initiates an AERO route optimization procedure 638 as specified in Section 3.9. 640 3.8. AERO Neighbor Solicitation and Advertisement 642 After an AERO node has received a prefix delegation, it creates an 643 AERO address as specified in Section 3.5. It can then send NS 644 messages to elicit NA messages from other AERO nodes. When the AERO 645 node sends NS/NA messages, however, it must also include the length 646 of the prefix corresponding to the AERO address. AERO NS/NA messages 647 therefore include an 8-bit "Prefix Length" field take from the low- 648 order 8 bits of the Reserved field as shown in Figure 4 and Figure 5. 650 0 1 2 3 651 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 652 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 653 | Type (=135) | Code | Checksum | 654 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 655 | Reserved | Prefix Length | 656 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 657 | | 658 + + 659 | | 660 + Target Address + 661 | | 662 + + 663 | | 664 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 665 | Options ... 666 +-+-+-+-+-+-+-+-+-+-+-+- 668 Figure 4: AERO Neighbor Solicitation (NS) Message Format 670 0 1 2 3 671 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 672 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 673 | Type (=136) | Code | Checksum | 674 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 675 | R|S|O| Reserved | Prefix Length | 676 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 677 | | 678 + + 679 | | 680 + Target Address + 681 | | 682 + + 683 | | 684 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 685 | Options ... 686 +-+-+-+-+-+-+-+-+-+-+-+- 688 Figure 5: AERO Neighbor Advertisement (NA) Message Format 690 When an AERO node sends an NS/NA message, it MUST use its AERO 691 address as the IPv6 source address and MUST include its AERO address 692 prefix length in the Prefix Length field. 694 When an AERO node receives an NS/NA message, it accepts the message 695 if the Prefix Length applied to the source address is correct for the 696 neighbor; otherwise, it ignores the message. 698 3.9. AERO Redirection 700 Section 3.6 describes the AERO reference operational scenario. We 701 now discuss the operation and protocol details of AERO Redirection 702 with respect to this reference scenario. 704 3.9.1. Classical Redirection Approaches 706 With reference to Figure 3, when the IPv6 source host ('C') sends a 707 packet to an IPv6 destination host ('E'), the packet is first 708 forwarded via the EUN to AERO Client ('B'). Client ('B') then 709 forwards the packet over its AERO interface to AERO Server ('A'), 710 which then re-encapsulates and forwards the packet to AERO Client 711 ('D'), where the packet is finally forwarded to the IPv6 destination 712 host ('E'). When Server ('A') re-encapsulates and forwards the 713 packet back out on its advertising AERO interface, it must arrange to 714 redirect Client ('B') toward Client ('D') as a better next-hop node 715 on the AERO link that is closer to the final destination. However, 716 this redirection process applied to AERO interfaces must be more 717 carefully orchestrated than on ordinary links since the parties may 718 be separated by potentially many underlying network routing hops. 720 Consider a first alternative in which Server ('A') informs Client 721 ('B') only and does not inform Client ('D') (i.e., "classical 722 redirection"). In that case, Client ('D') has no way of knowing that 723 Client ('B') is authorized to forward packets from their claimed 724 network-layer source addresses, and it may simply elect to drop the 725 packets. Also, Client ('B') has no way of knowing whether Client 726 ('D') is performing some form of source address filtering that would 727 reject packets arriving from a node other than a trusted default 728 router, nor whether Client ('D') is even reachable via a direct path 729 that does not involve Server ('A'). 731 Consider a second alternative in which Server ('A') informs both 732 Client ('B') and Client ('D') separately, via independent redirection 733 control messages (i.e., "augmented redirection"). In that case, if 734 Client ('B') receives the redirection control message but Client 735 ('D') does not, subsequent packets sent by Client ('B') could be 736 dropped due to filtering since Client ('D') would not have a route to 737 verify their source network-layer addresses. Also, if Client ('D') 738 receives the redirection control message but Client ('B') does not, 739 subsequent packets sent in the reverse direction by Client ('D') 740 would be lost. 742 Since both of these alternatives have shortcomings, a new redirection 743 technique (i.e., "AERO redirection") is needed. 745 3.9.2. AERO Redirection Concept of Operations 747 Again, with reference to Figure 3, when source host ('C') sends a 748 packet to destination host ('E'), the packet is first forwarded over 749 the source host's attached EUN to Client ('B'), which then forwards 750 the packet via its AERO interface to Server ('A'). 752 Server ('A') then re-encapsulates forwards the packet out the same 753 AERO interface toward Client ('D') and also sends an AERO "Predirect" 754 message forward to Client ('D') as specified in Section 3.9.4. The 755 Predirect message includes Client ('B')'s network- and link-layer 756 addresses as well as information that Client ('D') can use to 757 determine the IPv6 prefix used by Client ('B') . After Client ('D') 758 receives the Predirect message, it process the message and returns an 759 AERO Redirect message destined for Client ("B") via Server ('A') as 760 specified in Section 3.9.5. During the process, Client ('D') also 761 creates or updates a neighbor cache entry for Client ('B'), and 762 creates an IPv6 route for Client ('B')'s IPv6 prefix. 764 When Server ('A') receives the Redirect message, it re-encapsulates 765 the message and forwards it on to Client ('B') as specified in 766 Section 3.9.6. The message includes Client ('D')'s network- and 767 link-layer addresses as well as information that Client ('B') can use 768 to determine the IPv6 prefix used by Client ('D'). After Client 769 ('B') receives the Redirect message, it processes the message as 770 specified in Section 3.9.7. During the process, Client ('B') also 771 creates or updates a neighbor cache entry for Client ('D'), and 772 creates an IPv6 route for Client ('D')'s IPv6 prefix. 774 Following the above Predirect/Redirect message exchange, forwarding 775 of packets from Client ('B') to Client ('D') without involving Server 776 ('A) as an intermediary is enabled. The mechanisms that support this 777 exchange are specified in the following sections. 779 3.9.3. AERO Redirection Message Format 781 AERO Redirect/Predirect messages use the same format as for ICMPv6 782 Redirect messages depicted in Section 4.5 of [RFC4861], but also 783 include a new "Prefix Length" field taken from the low-order 8 bits 784 of the Redirect message Reserved field. The Redirect/Predirect 785 messages are formatted as shown in Figure 6: 787 0 1 2 3 788 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 789 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 790 | Type (=137) | Code (=0/1) | Checksum | 791 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 792 | Reserved | Prefix Length | 793 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 794 | | 795 + + 796 | | 797 + Target Address + 798 | | 799 + + 800 | | 801 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 802 | | 803 + + 804 | | 805 + Destination Address + 806 | | 807 + + 808 | | 809 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 810 | Options ... 811 +-+-+-+-+-+-+-+-+-+-+-+- 813 Figure 6: AERO Redirect/Predirect Message Format 815 3.9.4. Sending Predirects 817 When an AERO Server forwards a packet out the same AERO interface 818 that it arrived on, the Server sends a Predirect message forward 819 toward the AERO Client nearest the destination instead of sending a 820 Redirect message back to AERO Client nearest the source. 822 In the reference operational scenario, when Server ('A') forwards a 823 packet sent by Client ('B') toward Client ('D'), it also sends a 824 Predirect message forward toward Client ('D'), subject to rate 825 limiting (see Section 8.2 of [RFC4861]). Server ('A') prepares the 826 Predirect message as follows: 828 o the link-layer source address is set to 'L2(A)' (i.e., the 829 underlying address of Server ('A')). 831 o the link-layer destination address is set to 'L2(D)' (i.e., the 832 underlying address of Client ('D')). 834 o the network-layer source address is set to fe80::1 (i.e., the AERO 835 address of Server ('A')). 837 o the network-layer destination address is set to fe80::2001:db8:1:0 838 (i.e., the AERO address of Client ('D')). 840 o the Type is set to 137. 842 o the Code is set to 1 to indicate "Predirect". 844 o the Prefix Length is set to the length of the prefix to be applied 845 to Target address. 847 o the Target Address is set to fe80::2001:db8:0::0 (i.e., the AERO 848 address of Client ('B')). 850 o the Destination Address is set to the IPv6 source address of the 851 packet that triggered the Predirection event. 853 o the message includes a TLLAO set to 'L2(B)' (i.e., the underlying 854 address of Client ('B')). 856 o the message includes a Redirected Header Option (RHO) that 857 contains the originating packet truncated to ensure that at least 858 the network-layer header is included but the size of the message 859 does not exceed 1280 bytes. 861 Server ('A') then sends the message forward to Client ('D'). 863 3.9.5. Processing Predirects and Sending Redirects 865 When Client ('D') receives a Predirect message, it accepts the 866 message only if it has a link-layer source address of the Server, 867 i.e. 'L2(A)'. Client ('D') further accepts the message only if it 868 is willing to serve as a redirection target. Next, Client ('D') 869 validates the message according to the ICMPv6 Redirect message 870 validation rules in Section 8.1 of [RFC4861]. 872 In the reference operational scenario, when the Client ('D') receives 873 a valid Predirect message, it either creates or updates a neighbor 874 cache entry that stores the Target Address of the message as the 875 network-layer address of Client ('B') and stores the link-layer 876 address found in the TLLAO as the link-layer address of Client ('B'). 877 Client ('D') then applies the Prefix Length to the Interface 878 Identifier portion of the Target Address and records the resulting 879 IPv6 prefix in its IPv6 forwarding table. 881 After processing the message, Client ('D') prepares a Redirect 882 message response as follows: 884 o the link-layer source address is set to 'L2(D)' (i.e., the link- 885 layer address of Client ('D')). 887 o the link-layer destination address is set to 'L2(A)' (i.e., the 888 link-layer address of Server ('A')). 890 o the network-layer source address is set to 'L3(D)' (i.e., the AERO 891 address of Client ('D')). 893 o the network-layer destination address is set to 'L3(B)' (i.e., the 894 AERO address of Client ('B')). 896 o the Type is set to 137. 898 o the Code is set to 0 to indicate "Redirect". 900 o the Prefix Length is set to the length of the prefix to be applied 901 to the Target and Destination address. 903 o the Target Address is set to fe80::2001:db8:1::1 (i.e., the AERO 904 address of Client ('D')). 906 o the Destination Address is set to the IPv6 destination address of 907 the packet that triggered the Redirection event. 909 o the message includes a TLLAO set to 'L2(D)' (i.e., the underlying 910 address of Client ('D')). 912 o the message includes as much of the RHO copied from the 913 corresponding AERO Predirect message as possible such that at 914 least the network-layer header is included but the size of the 915 message does not exceed 1280 bytes. 917 After Client ('D') prepares the Redirect message, it sends the 918 message to Server ('A'). 920 3.9.6. Re-encapsulating and Relaying Redirects 922 When Server ('A') receives a Redirect message, it accepts the message 923 only if it has a neighbor cache entry that associates the message's 924 link-layer source address with the network-layer source address. 925 Next, Server ('A') validates the message according to the ICMPv6 926 Redirect message validation rules in Section 8.1 of [RFC4861]. 927 Following validation, Server ('A') re-encapsulates the Redirect then 928 relays the re-encapsulated Redirect on to Client ('B') as follows. 930 In the reference operational scenario, Server ('A') receives the 931 Redirect message from Client ('D') and prepares to re-encapsulate and 932 forward the message to Client ('B'). Server ('A') first verifies 933 that Client ('D') is authorized to use the Prefix Length in the 934 Redirect message when applied to the AERO address in the network- 935 layer source of the Redirect message, and discards the message if 936 verification fails. Otherwise, Server ('A') re-encapsulates the 937 message by changing the link-layer source address of the message to 938 'L2(A)', changing the network-layer source address of the message to 939 fe80::1, and changing the link-layer destination address to 'L2(B)' . 940 Server ('A') finally relays the re-encapsulated message to the 941 ingress node ('B') without decrementing the network-layer IPv6 header 942 Hop Limit field. 944 While not shown in Figure 3, AERO Relays relay Redirect and Predirect 945 messages in exactly this same fashion described above. See Figure 7 946 in Appendix A for an extension of the reference operational scenario 947 that includes Relays. 949 3.9.7. Processing Redirects 951 When Client ('B') receives the Redirect message, it accepts the 952 message only if it has a link-layer source address of the Server, 953 i.e. 'L2(A)'. Next, Client ('B') validates the message according to 954 the ICMPv6 Redirect message validation rules in Section 8.1 of 955 [RFC4861]. Following validation, Client ('B') then processes the 956 message as follows. 958 In the reference operational scenario, when Client ('B') receives the 959 Redirect message, it either creates or updates a neighbor cache entry 960 that stores the Target Address of the message as the network-layer 961 address of Client ('D') and stores the link-layer address found in 962 the TLLAO as the link-layer address of Client ('D'). Client ('B') 963 then applies the Prefix Length to the Interface Identifier portion of 964 the Target Address and records the resulting IPv6 prefix in its IPv6 965 forwarding table. 967 Now, Client ('B') has an IPv6 forwarding table entry for 968 Client('D')'s prefix, and Client ('D') has an IPv6 forwarding table 969 entry for Client ('B')'s prefix. Thereafter, the clients may 970 exchange ordinary network-layer data packets directly without 971 forwarding through Server ('A'). 973 3.10. Neighbor Reachability Considerations 975 When a source Client discovers a target neighbor (either through 976 redirection or some other means) it MUST test the direct path to the 977 target, e.g., by sending an initial NS message to elicit a solicited 978 NA response. While testing the path, the Client SHOULD continue 979 sending packets via the Server until target reachability has been 980 confirmed. The Client MUST thereafter follow the Neighbor 981 Unreachability Detection (NUD) procedures in Section 7.3 of 982 [RFC4861], and can resume sending packets via the Server at any time 983 the direct path appears to be failing. 985 If the Client is unable to elicit a NUD response after MAX_RETRY 986 attempts, it SHOULD consider the direct path unusable for forwarding 987 purposes but still viable for ingress filtering purposes. 989 If reachability is confirmed, the Client SHOULD thereafter process 990 any link-layer errors as a hint that the direct path to the target 991 has either failed or has become intermittent. 993 On some AERO links, establishment and maintenance of a direct path 994 between neighbors requires coordination such as through the Internet 995 Key Exchange (IKEv2) protocol [RFC5996]. In those cases, link- 996 specific hints of forward progress can be used instead of NS/NA to 997 test neighbor reachability. 999 3.11. Mobility and Link-Layer Address Change Considerations 1001 When a Client needs to change its link-layer address (e.g., due to a 1002 mobility event, due to a change in underlying network interface, 1003 etc.), it sends an immediate NS message forward to any of its 1004 correspondents (including the Server and any other Clients) which 1005 then discover the new link-layer address. The Client may instead 1006 send an immediate NA message if there is strong assurance that the 1007 correspondent would receive the message with no need for an 1008 acknowledgement. 1010 If two Clients change their link-layer addresses simultaneously, the 1011 NS/NA messages may be lost. In that case, the Clients SHOULD delete 1012 their respective neighbor cache entries and allow packets to again 1013 flow through their Server(s), which MAY result in a new AERO 1014 redirection exchange. 1016 When a Client needs to change to a new Server, it performs a DHCPv6 1017 "Release" message exchange with the delegating router via the old 1018 Server then sends a DHCPv6 "Request" message to the delegating router 1019 via the new Server. Note that this may result in a temporary service 1020 outage during Server "handovers". 1022 3.12. Underlying Protocol Version Considerations 1024 A source Client may connect only to an IPvX underlying network, while 1025 the target Client connects only to an IPvY underlying network. In 1026 that case, the source Client has no means for reaching the target 1027 directly (since they connect to underlying networks of different IP 1028 protocol versions) and so must ignore any Redirects and continue to 1029 send packets via the Server. 1031 3.13. Multicast Considerations 1033 When the underlying network does not support multicast, AERO nodes 1034 map IPv6 link-scoped multicast addresses (including 1035 "All_DHCP_Relay_Agents_and_Servers") to the underlying IP address of 1036 the AERO Server. 1038 When the underlying network supports multicast, AERO nodes use the 1039 multicast address mapping specification found in [RFC2529] for IPv4 1040 underlying networks and use a direct multicast mapping for IPv6 1041 underlying networks. (In the latter case, "direct multicast mapping" 1042 means that if the IPv6 multicast destination address of the inner 1043 packet is "M", then the IPv6 multicast destination address of the 1044 encapsulating header is also "M".) 1046 3.14. Operation on Server-less AERO Links 1048 In some AERO link scenarios, there may be no Server on the link 1049 and/or no need for Clients to use a Server as an intermediary trust 1050 anchor. In that case, Clients can establish neighbor cache entries 1051 and IPv6 routes by performing direct Client-to-Client exchanges, and 1052 some other form of trust basis must be applied so that each Client 1053 can verify that the prospective neighbor is authorized to use its 1054 claimed prefix. 1056 When there is no Server on the link, Clients must arrange to receive 1057 prefix delegations and publish the delegations via a secure prefix 1058 discovery service through some means outside the scope of this 1059 document. 1061 3.15. Other Considerations 1063 IPv6 hosts serviced by an AERO Client can reach IPv4-only services 1064 via a NAT64 gateway [RFC6146] within the IPv6 network. 1066 AERO nodes can use the Default Address Selection Policy with DHCPv6 1067 option [RFC7078] the same as on any IPv6 link. 1069 All other (non-multicast) functions that operate over ordinary IPv6 1070 links operate in the same fashion over AERO links. 1072 4. Implementation Status 1074 An early implementation is available at: 1075 http://linkupnetworks.com/seal/sealv2-1.0.tgz. 1077 5. IANA Considerations 1079 This document uses the UDP Service Port Number 8060 reserved by IANA 1080 for AERO in [RFC6706]. Therefore, there are no new IANA actions 1081 required for this document. 1083 6. Security Considerations 1085 AERO link security considerations are the same as for standard IPv6 1086 Neighbor Discovery [RFC4861] except that AERO improves on some 1087 aspects. In particular, AERO is dependent on a trust basis between 1088 AERO Clients and Servers, where the Clients only engage in the AERO 1089 mechanism when it is facilitated by a trust anchor. 1091 AERO links must be protected against link-layer address spoofing 1092 attacks in which an attacker on the link pretends to be a trusted 1093 neighbor. Links that provide link-layer securing mechanisms (e.g., 1094 WiFi networks) and links that provide physical security (e.g., 1095 enterprise network LANs) provide a first line of defense that is 1096 often sufficient. In other instances, securing mechanisms such as 1097 Secure Neighbor Discovery (SeND) [RFC3971] or IPsec [RFC4301] must be 1098 used. 1100 AERO Clients MUST ensure that their delegated prefixes are not used 1101 by unauthorized nodes to gain access to a protected network. (This 1102 concern is no different than for ordinary IPv6 hosts that receive an 1103 IPv6 address delegation but then "share" the address with 1104 unauthorized nodes via an IPv6/IPv6 NAT function.) 1106 7. Acknowledgements 1108 Discussions both on the v6ops list and in private exchanges helped 1109 shape some of the concepts in this work. Individuals who contributed 1110 insights include Mikael Abrahamsson, Fred Baker, Stewart Bryant, 1111 Brian Carpenter, Brian Haberman, Joel Halpern, and Lee Howard. 1112 Members of the IESG also provided valuable input during their review 1113 process that greatly improved the document. Special thanks go to 1114 Stewart Bryant, Joel Halpern and Brian Haberman for their shepherding 1115 guidance. 1117 This work has further been encouraged and supported by Boeing 1118 colleagues including Balaguruna Chidambaram, Jeff Holland, Cam 1119 Brodie, Yueli Yang, Wen Fang, Ed King, Mike Slane, Kent Shuey, Gen 1120 MacLean, and other members of the BR&T and BIT mobile networking 1121 teams. 1123 Earlier works on NBMA tunneling approaches are found in 1124 [RFC2529][RFC5214][RFC5569]. 1126 8. References 1128 8.1. Normative References 1130 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, 1131 August 1980. 1133 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 1134 September 1981. 1136 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 1137 RFC 792, September 1981. 1139 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1140 Requirement Levels", BCP 14, RFC 2119, March 1997. 1142 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1143 (IPv6) Specification", RFC 2460, December 1998. 1145 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 1146 IPv6 Specification", RFC 2473, December 1998. 1148 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 1149 Host Configuration Protocol (DHCP) version 6", RFC 3633, 1150 December 2003. 1152 [RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms 1153 for IPv6 Hosts and Routers", RFC 4213, October 2005. 1155 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 1156 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 1157 September 2007. 1159 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 1160 Address Autoconfiguration", RFC 4862, September 2007. 1162 [RFC6434] Jankiewicz, E., Loughney, J., and T. Narten, "IPv6 Node 1163 Requirements", RFC 6434, December 2011. 1165 8.2. Informative References 1167 [IRON] Templin, F., "The Internet Routing Overlay Network 1168 (IRON)", Work in Progress, June 2012. 1170 [RFC0879] Postel, J., "TCP maximum segment size and related topics", 1171 RFC 879, November 1983. 1173 [RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4 1174 Domains without Explicit Tunnels", RFC 2529, March 1999. 1176 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 1177 and M. Carney, "Dynamic Host Configuration Protocol for 1178 IPv6 (DHCPv6)", RFC 3315, July 2003. 1180 [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure 1181 Neighbor Discovery (SEND)", RFC 3971, March 2005. 1183 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1184 Internet Protocol", RFC 4301, December 2005. 1186 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 1187 Discovery", RFC 4821, March 2007. 1189 [RFC4963] Heffner, J., Mathis, M., and B. Chandler, "IPv4 Reassembly 1190 Errors at High Data Rates", RFC 4963, July 2007. 1192 [RFC5214] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site 1193 Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214, 1194 March 2008. 1196 [RFC5569] Despres, R., "IPv6 Rapid Deployment on IPv4 1197 Infrastructures (6rd)", RFC 5569, January 2010. 1199 [RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, 1200 "Internet Key Exchange Protocol Version 2 (IKEv2)", 1201 RFC 5996, September 2010. 1203 [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful 1204 NAT64: Network Address and Protocol Translation from IPv6 1205 Clients to IPv4 Servers", RFC 6146, April 2011. 1207 [RFC6204] Singh, H., Beebee, W., Donley, C., Stark, B., and O. 1208 Troan, "Basic Requirements for IPv6 Customer Edge 1209 Routers", RFC 6204, April 2011. 1211 [RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label 1212 for Equal Cost Multipath Routing and Link Aggregation in 1213 Tunnels", RFC 6438, November 2011. 1215 [RFC6691] Borman, D., "TCP Options and Maximum Segment Size (MSS)", 1216 RFC 6691, July 2012. 1218 [RFC6706] Templin, F., "Asymmetric Extended Route Optimization 1219 (AERO)", RFC 6706, August 2012. 1221 [RFC6864] Touch, J., "Updated Specification of the IPv4 ID Field", 1222 RFC 6864, February 2013. 1224 [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and 1225 UDP Checksums for Tunneled Packets", RFC 6935, April 2013. 1227 [RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement 1228 for the Use of IPv6 UDP Datagrams with Zero Checksums", 1229 RFC 6936, April 2013. 1231 [RFC6980] Gont, F., "Security Implications of IPv6 Fragmentation 1232 with IPv6 Neighbor Discovery", RFC 6980, August 2013. 1234 [RFC7078] Matsumoto, A., Fujisaki, T., and T. Chown, "Distributing 1235 Address Selection Policy Using DHCPv6", RFC 7078, 1236 January 2014. 1238 Appendix A. AERO Server and Relay Interworking 1240 Figure 3 depicts a reference AERO operational scenario with a single 1241 Server on the AERO link. In order to support scaling to larger 1242 numbers of nodes, the AERO link can deploy multiple Servers and 1243 Relays, e.g., as shown in Figure 7. 1245 .-(::::::::) 1246 .-(::: IPv6 :::)-. 1247 (:: Internetwork ::) 1248 `-(::::::::::::)-' 1249 `-(::::::)-' 1250 | 1251 +--------------+ +------+-------+ +--------------+ 1252 |AERO Server C | | AERO Relay D | |AERO Server E | 1253 | (default->D) | | (A->C; G->E) | | (default->D) | 1254 | (A->B) | +-------+------+ | (G->F) | 1255 +-------+------+ | +------+-------+ 1256 | | | 1257 X---+---+-------------------+------------------+---+---X 1258 | AERO Link | 1259 +-----+--------+ +--------+-----+ 1260 |AERO Client B | |AERO Client F | 1261 | (default->C) | | (default->E) | 1262 +--------------+ +--------------+ 1263 .-. .-. 1264 ,-( _)-. ,-( _)-. 1265 .-(_ IPv6 )-. .-(_ IPv6 )-. 1266 (__ EUN ) (__ EUN ) 1267 `-(______)-' `-(______)-' 1268 | | 1269 +--------+ +--------+ 1270 | Host A | | Host G | 1271 +--------+ +--------+ 1273 Figure 7: AERO Server/Relay Interworking 1275 In this example, AERO Client ('B') associates with AERO Server ('C'), 1276 while AERO Client ('F') associates with AERO Server ('E'). 1277 Furthermore, AERO Servers ('C') and ('E') do not associate with each 1278 other directly, but rather have an association with AERO Relay ('D') 1279 (i.e., a router that has full topology information concerning its 1280 associated Servers and their Clients). Relay ('D') connects to the 1281 AERO link, and also connects to the native IPv6 Internetwork. 1283 When host ('A') sends a packet toward destination host ('G'), IPv6 1284 forwarding directs the packet through the EUN to Client ('B'), which 1285 forwards the packet to Server ('C') in absence of more-specific 1286 forwarding information. Server ('C') forwards the packet, and it 1287 also generates an AERO Predirect message that is then forwarded 1288 through Relay ('D') to Server ('E'). When Server ('E') receives the 1289 message, it forwards the message to Client ('F'). 1291 After processing the AERO Predirect message, Client ('F') sends an 1292 AERO Redirect message to Server ('E'). Server ('E'), in turn, 1293 forwards the message through Relay ('D') to Server ('C'). When 1294 Server ('C') receives the message, it forwards the message to Client 1295 ('B') informing it that host 'G's EUN can be reached via Client 1296 ('F'), thus completing the AERO redirection. 1298 The network layer routing information shared between Servers and 1299 Relays must be carefully coordinated in a manner outside the scope of 1300 this document. In particular, Relays require full topology 1301 information, while individual Servers only require partial topology 1302 information (i.e., they only need to know the EUN prefixes associated 1303 with their current set of Clients). See [IRON] for an architectural 1304 discussion of routing coordination between Relays and Servers. 1306 Author's Address 1308 Fred L. Templin (editor) 1309 Boeing Research & Technology 1310 P.O. Box 3707 1311 Seattle, WA 98124 1312 USA 1314 Email: fltemplin@acm.org