idnits 2.17.1 draft-templin-aerolink-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == The 'Obsoletes: ' line in the draft header should list only the _numbers_ of the RFCs which will be obsoleted by this document (if approved); it should not include the word 'RFC' in the list. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 24, 2014) is 3627 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC0768' is defined on line 1177, but no explicit reference was found in the text == Unused Reference: 'RFC0792' is defined on line 1183, but no explicit reference was found in the text == Unused Reference: 'RFC2460' is defined on line 1189, but no explicit reference was found in the text == Unused Reference: 'RFC4862' is defined on line 1210, but no explicit reference was found in the text == Unused Reference: 'RFC0879' is defined on line 1225, but no explicit reference was found in the text == Unused Reference: 'RFC4821' is defined on line 1240, but no explicit reference was found in the text == Unused Reference: 'RFC6204' is defined on line 1261, but no explicit reference was found in the text == Unused Reference: 'RFC6691' is defined on line 1269, but no explicit reference was found in the text == Unused Reference: 'RFC6980' is defined on line 1285, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 3633 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 6434 (Obsoleted by RFC 8504) -- Obsolete informational reference (is this intentional?): RFC 879 (Obsoleted by RFC 7805, RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 5996 (Obsoleted by RFC 7296) -- Obsolete informational reference (is this intentional?): RFC 6204 (Obsoleted by RFC 7084) -- Obsolete informational reference (is this intentional?): RFC 6691 (Obsoleted by RFC 9293) Summary: 4 errors (**), 0 flaws (~~), 11 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group F. Templin, Ed. 3 Internet-Draft Boeing Research & Technology 4 Obsoletes: rfc6706 (if approved) April 24, 2014 5 Intended status: Standards Track 6 Expires: October 26, 2014 8 Transmission of IPv6 Packets over AERO Links 9 draft-templin-aerolink-14.txt 11 Abstract 13 This document specifies the operation of IPv6 over tunnel virtual 14 Non-Broadcast, Multiple Access (NBMA) links using Asymmetric Extended 15 Route Optimization (AERO). Nodes attached to AERO links can exchange 16 packets via trusted intermediate routers on the link that provide 17 forwarding services to reach off-link destinations and/or redirection 18 services to inform the node of an on-link neighbor that is closer to 19 the final destination. Operation of the IPv6 Neighbor Discovery (ND) 20 protocol over AERO links is based on an IPv6 link local address 21 format known as the AERO address. 23 Status of this Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on October 26, 2014. 40 Copyright Notice 42 Copyright (c) 2014 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 58 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 59 3. Asymmetric Extended Route Optimization (AERO) . . . . . . . . 6 60 3.1. AERO Node Types . . . . . . . . . . . . . . . . . . . . . 6 61 3.2. AERO Interface Characteristics . . . . . . . . . . . . . . 7 62 3.3. AERO Addresses . . . . . . . . . . . . . . . . . . . . . . 9 63 3.4. AERO Interface Data Origin Authentication . . . . . . . . 9 64 3.5. AERO Interface Conceptual Data Structures and Protocol 65 Constants . . . . . . . . . . . . . . . . . . . . . . . . 10 66 3.6. AERO Interface MTU Considerations . . . . . . . . . . . . 11 67 3.7. AERO Interface Encapsulation, Re-encapsulation and 68 Decapsulation . . . . . . . . . . . . . . . . . . . . . . 12 69 3.8. AERO Reference Operational Scenario . . . . . . . . . . . 13 70 3.9. AERO Router Discovery and Prefix Delegation . . . . . . . 15 71 3.9.1. AERO Client Behavior . . . . . . . . . . . . . . . . . 15 72 3.9.2. AERO Server Behavior . . . . . . . . . . . . . . . . . 16 73 3.10. AERO Neighbor Solicitation and Advertisement . . . . . . . 17 74 3.11. AERO Redirection . . . . . . . . . . . . . . . . . . . . . 17 75 3.11.1. Classical Redirection Approaches . . . . . . . . . . . 17 76 3.11.2. AERO Redirection Concept of Operations . . . . . . . . 18 77 3.11.3. AERO Redirection Message Format . . . . . . . . . . . 19 78 3.11.4. Sending Predirects . . . . . . . . . . . . . . . . . . 19 79 3.11.5. Processing Predirects and Sending Redirects . . . . . 20 80 3.11.6. Re-encapsulating and Relaying Redirects . . . . . . . 22 81 3.11.7. Processing Redirects . . . . . . . . . . . . . . . . . 22 82 3.12. Neighbor Reachability Maintenance . . . . . . . . . . . . 23 83 3.13. Mobility and Link-Layer Address Change Considerations . . 23 84 3.14. Underlying Protocol Version Considerations . . . . . . . . 24 85 3.15. Multicast Considerations . . . . . . . . . . . . . . . . . 24 86 3.16. Operation on Server-less AERO Links . . . . . . . . . . . 25 87 3.17. Other Considerations . . . . . . . . . . . . . . . . . . . 25 88 4. Implementation Status . . . . . . . . . . . . . . . . . . . . 25 89 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 90 6. Security Considerations . . . . . . . . . . . . . . . . . . . 25 91 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 26 92 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26 93 8.1. Normative References . . . . . . . . . . . . . . . . . . . 26 94 8.2. Informative References . . . . . . . . . . . . . . . . . . 27 95 Appendix A. AERO Server and Relay Interworking . . . . . . . . . 29 96 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 31 98 1. Introduction 100 This document specifies the operation of IPv6 over tunnel virtual 101 Non-Broadcast, Multiple Access (NBMA) links using Asymmetric Extended 102 Route Optimization (AERO). Nodes attached to AERO links can exchange 103 packets via trusted intermediate routers on the link that provide 104 forwarding services to reach off-link destinations and/or redirection 105 services to inform the node of an on-link neighbor that is closer to 106 the final destination. 108 Nodes on AERO links use an IPv6 link-local address format known as 109 the AERO Address. This address type has properties that statelessly 110 link IPv6 Neighbor Discovery (ND) to IPv6 routing. The AERO link can 111 be used for tunneling to neighboring nodes on either IPv6 or IPv4 112 networks, i.e., AERO views the IPv6 and IPv4 networks as equivalent 113 links for tunneling. The remainder of this document presents the 114 AERO specification. 116 2. Terminology 118 The terminology in the normative references applies; the following 119 terms are defined within the scope of this document: 121 AERO link 122 a Non-Broadcast, Multiple Access (NBMA) tunnel virtual overlay 123 configured over a node's attached IPv6 and/or IPv4 networks. All 124 nodes on the AERO link appear as single-hop neighbors from the 125 perspective of IPv6. 127 AERO interface 128 a node's attachment to an AERO link. The AERO interface Maximum 129 Transmission Unit (MTU) is less than or equal to the AERO link 130 MTU. 132 AERO address 133 an IPv6 link-local address assigned to an AERO interface and 134 constructed as specified in Section 3.6. 136 AERO node 137 a node that is connected to an AERO link and that participates in 138 IPv6 Neighbor Discovery over the link. 140 AERO Client ("client") 141 a node that configures either a host interface or a router 142 interface on an AERO link. 144 AERO Server ("server") 145 a node that configures a router interface on an AERO link over 146 which it can provide default forwarding and redirection services 147 for other AERO nodes. 149 AERO Relay ("relay") 150 a node that relays IPv6 packets between Servers on the same AERO 151 link, and/or that forwards IPv6 packets between the AERO link and 152 the IPv6 Internet. An AERO Relay may or may not also be 153 configured as an AERO Server. 155 ingress tunnel endpoint (ITE) 156 an AERO interface endpoint that injects tunneled packets into an 157 AERO link. 159 egress tunnel endpoint (ETE) 160 an AERO interface endpoint that receives tunneled packets from an 161 AERO link. 163 underlying network 164 a connected IPv6 or IPv4 network routing region over which AERO 165 nodes tunnel IPv6 packets. 167 underlying interface 168 an AERO node's interface point of attachment to an underlying 169 network. 171 underlying address 172 an IPv6 or IPv4 address assigned to an AERO node's underlying 173 interface. When UDP encapsulation is used, the UDP port number is 174 also considered as part of the underlying address. Underlying 175 addresses are used as the source and destination addresses of the 176 AERO encapsulation header. 178 link-layer address 179 the same as defined for "underlying address" above. 181 network layer address 182 an IPv6 address used as the source or destination address of the 183 inner IPv6 packet header. 185 end user network (EUN) 186 an IPv6 network attached to a downstream interface of an AERO 187 Client (where the AERO interface is seen as the upstream 188 interface). 190 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 191 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 192 document are to be interpreted as described in [RFC2119]. 194 3. Asymmetric Extended Route Optimization (AERO) 196 The following sections specify the operation of IPv6 over Asymmetric 197 Extended Route Optimization (AERO) links: 199 3.1. AERO Node Types 201 AERO Relays relay packets between nodes connected to the same AERO 202 link and also forward packets between the AERO link and the native 203 IPv6 network. The relaying process entails re-encapsulation of IPv6 204 packets that were received from a first AERO node and are to be 205 forwarded without modification to a second AERO node. 207 AERO Servers configure their AERO interfaces as router interfaces, 208 and provide default routing services to AERO Clients. AERO Servers 209 configure a DHCPv6 Relay or Server function and facilitate DHCPv6 210 Prefix Delegation (PD) exchanges. An AERO Server may also act as an 211 AERO Relay. 213 AERO Clients act as requesting routers to receive IPv6 prefixes 214 through a DHCPv6 PD exchange via an AERO Server over the AERO link. 215 Each AERO Client receives at least a /64 prefix delegation, and may 216 receive even shorter prefixes. 218 AERO Clients that act as routers configure their AERO interfaces as 219 router interfaces, i.e., even if the AERO Client otherwise displays 220 the outward characteristics of an ordinary host (for example, the 221 Client may internally configure both an AERO interface and (internal 222 virtual) End User Network (EUN) interfaces). AERO Clients that act 223 as routers sub-delegate portions of their received prefix delegations 224 to links on EUNs. 226 AERO Clients that act as ordinary hosts configure their AERO 227 interfaces as host interfaces and assign one or more IPv6 addresses 228 taken from their received prefix delegations to the AERO interface 229 but DO NOT assign the delegated prefix itself to the AERO interface. 230 Instead, the host assigns the delegated prefix to a "black hole" 231 route so that unused portions of the prefix are nullified. 233 End system applications on AERO hosts bind directly to the AERO 234 interface, while applications on AERO routers (or IPv6 hosts served 235 by an AERO router) bind to EUN interfaces. 237 3.2. AERO Interface Characteristics 239 AERO interfaces use IPv6-in-IPv6 encapsulation [RFC2473] to exchange 240 tunneled packets with AERO neighbors attached to an underlying IPv6 241 network, and use IPv6-in-IPv4 encapsulation [RFC4213] to exchange 242 tunneled packets with AERO neighbors attached to an underlying IPv4 243 network. AERO interfaces can also use IPsec encapsulation [RFC4301] 244 (either IPv6-in-IPsec-in-IPv6 or IPv6-in-IPsec-in-IPv4) in 245 environments where strong authentication and confidentiality are 246 required. When NAT traversal and/or filtering middlebox traversal is 247 necessary, a UDP header is further inserted between the outer IP 248 encapsulation header and the inner packet. 250 Servers assign the link-local address 'fe80::0' to their AERO 251 interface; this provides a handle for Clients to insert into a 252 neighbor cache entry for their current Server. Servers also 253 configure administratively-assigned link-local addresses on their 254 AERO interfaces to support the operation of the inter-Server/Relay 255 routing system (see: [IRON]). 257 Clients initially assign no addresses on their AERO interface, but 258 use 'fe80::1' as the IPv6 link-local address in the DHCPv6 PD 259 exchanges used to derive an AERO address. After the Client receives 260 a prefix delegation, it assigns the corresponding AERO address to the 261 AERO interface. 263 AERO interfaces maintain a neighbor cache and use a variation of 264 standard unicast IPv6 ND messaging. AERO interfaces use Neighbor 265 Solicitation (NS), Neighbor Advertisement (NA) and Redirect messages 266 the same as for any IPv6 link. They do not use Router Solicitation 267 (RS) and Router Advertisement (RA) messages for several reasons. 268 First, default router discovery is supported through other means more 269 appropriate for AERO links as described below. Second, discovery of 270 more-specific routes is through the receipt of Redirect messages. 271 Finally, AERO nodes obtain their delegated IPv6 prefixes using DHCPv6 272 PD; hence, there is no need for RA-based prefix discovery. 274 AERO Neighbor Solicitation (NS) and Neighbor Advertisement (NA) 275 messages do not include Source/Target Link Layer Address Options 276 (S/TLLAO). Instead, AERO nodes determine the link-layer addresses of 277 neighbors by examining the encapsulation IP source address and UDP 278 port number (when UDP encapsulation is used) of any NS/NA messages 279 they receive and ignore any S/TLLAOs included in these messages. 280 This is vital to the operation of AERO links for which neighbors are 281 separated by Network Address Translators (NATs) - either IPv4 or 282 IPv6. 284 AERO Redirect messages include a TLLAO the same as for any IPv6 link. 286 The TLLAO includes the link-layer address of the target node, 287 including both the IP address and the UDP source port number used by 288 the target when it sends UDP-encapsulated packets over the AERO 289 interface (the TLLAO instead encodes the value 0 when the target does 290 not use UDP encapsulation). TLLAOs for target nodes that use an IPv6 291 underlying address include the full 16 bytes of the IPv6 address as 292 shown in Figure 1, while TLLAOs for target nodes that use an IPv4 293 underlying address include only the 4 bytes of the IPv4 address as 294 shown in Figure 2. 296 0 1 2 3 297 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 298 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 299 | Type = 2 | Length = 3 | UDP Source Port (or 0) | 300 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 301 | Reserved | 302 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 303 | | 304 +-- --+ 305 | | 306 +-- IPv6 Address --+ 307 | | 308 +-- --+ 309 | | 310 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 312 Figure 1: AERO TLLAO Format for IPv6 314 0 1 2 3 315 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 316 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 317 | Type = 2 | Length = 1 | UDP Source Port (or 0) | 318 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 319 | IPv4 Address | 320 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 322 Figure 2: AERO TLLAO Format for IPv4 324 Finally, AERO interface NS/NA messages only update existing neighbor 325 cache entires and do not create new neighbor cache entries, whereas 326 Redirect messages both update and create neighbor cache entries. 327 This represents a departure from the normal operation of IPv6 ND over 328 common link types, but is consistent with the spirit of IPv6 over 329 NBMA links as discussed in [RFC4861]. Note however that this 330 restriction may be relaxed and/or redefined on AERO links that 331 participate in a fully distributed mobility management model 332 coordinated in a manner outside the scope of this document. 334 3.3. AERO Addresses 336 An AERO address is an IPv6 link-local address assigned to an AERO 337 interface and with an IPv6 prefix embedded within the interface 338 identifier. The AERO address is formatted as: 340 fe80::[IPv6 prefix] 342 Each AERO Client configures an AERO address based on the delegated 343 prefix it has received from the DHCPv6 server. The address begins 344 with the prefix fe80::/64 and includes in its interface identifier 345 the base /64 prefix taken from the Client's delegated IPv6 prefix. 346 The base prefix is determined by masking the delegated prefix with 347 the prefix length. For example, if an AERO Client has received the 348 prefix delegation: 350 2001:db8:1000:2000::/56 352 it would construct its AERO address as: 354 fe80::2001:db8:1000:2000 356 The AERO address remains stable as the Client moves between 357 topological locations, i.e., even if its underlying address changes. 359 3.4. AERO Interface Data Origin Authentication 361 Nodes on AERO interfaces use a simple data origin authentication for 362 encapsulated packets they receive from other nodes. In particular, 363 AERO Clients accept encapsulated packets with a link-layer source 364 address belonging to their current AERO Server. AERO nodes also 365 accept encapsulated packets with a link-layer source address that is 366 correct for the network-layer source address. 368 The AERO node considers the link-layer source address correct for the 369 network-layer source address if there is an IPv6 forwarding table 370 entry that matches the network-layer source address as well as a 371 neighbor cache entry corresponding to the next hop that includes the 372 link-layer address. An exception is that NS, NA and Redirect 373 messages may include a different link-layer address than the one 374 currently in the neighbor cache, and the new link-layer address 375 updates the neighbor cache entry. 377 3.5. AERO Interface Conceptual Data Structures and Protocol Constants 379 Each AERO node maintains a per-AERO interface conceptual neighbor 380 cache that includes an entry for each neighbor it communicates with 381 on the AERO link, the same as for any IPv6 interface (see [RFC4861]). 382 Neighbor cache entries are either static or dynamic. Static neighbor 383 cache entries (including a Client's neighbor cache entry for a Server 384 or a Server's neighbor cache entry for a Client) do not have timeout 385 values and are retained until explicitly deleted. Dynamic neighbor 386 cache entries are created and maintained by the AERO redirection 387 procedures describe in the following sections. 389 When an AERO node receives a valid Predirect message (See Section 390 3.11.5) it creates or updates a dynamic neighbor cache entry for the 391 Predirect target L3 and L2 addresses, and also creates an IPv6 392 forwarding table entry for the Predirected (source) prefix. The node 393 then sets an ACCEPT timer and uses this timer to validate any 394 messages received from the Predirected neighbor. 396 When an AERO node receives a valid Redirect message (see Section 397 3.11.7) it creates or updates a dynamic neighbor cache entry for the 398 Redirect target L3 and L2 addresses, and also creates an IPv6 399 forwarding table entry for the Redirected (destination) prefix. The 400 node then sets a FORWARD timer and uses this timer to determine 401 whether packets can be sent directly to the Redirected neighbor. The 402 node also maintains a constant value MAX_RETRY to limit the number of 403 keepalives sent when a neighbor has gone unreachable. 405 It is RECOMMENDED that FORWARD_TIME be set to the default constant 406 value 30 seconds to match the default REACHABLE_TIME value specified 407 for IPv6 neighbor discovery [RFC4861]. 409 It is RECOMMENDED that ACCEPT_TIME be set to the default constant 410 value 40 seconds to allow a 10 second window so that the AERO 411 redirection procedure can converge before the ACCEPT_TIME timer 412 decrements below FORWARD_TIME. 414 It is RECOMMENDED that MAX_RETRY be set to 3 the same as described 415 for IPv6 neighbor discovery address resolution in Section 7.3.3 of 416 [RFC4861]. 418 Different values for FORWARD_TIME, ACCEPT_TIME, and MAX_RETRY MAY be 419 administratively set, if necessary, to better match the AERO link's 420 performance characteristics; however, if different values are chosen, 421 all nodes on the link MUST consistently configure the same values. 422 ACCEPT_TIME SHOULD further be set to a value that is sufficiently 423 longer than FORWARD_TIME to allow the AERO redirection procedure to 424 converge. 426 3.6. AERO Interface MTU Considerations 428 The AERO link Maximum Transmission Unit (MTU) is 64KB minus the 429 encapsulation overhead for IPv4 [RFC0791] and 4GB minus the 430 encapsulation overhead for IPv6 [RFC2675]. This is the most that 431 IPv4 and IPv6 (respectively) can convey within the constraints of 432 protocol constants, but actual sizes available for tunneling will 433 frequently be much smaller. 435 The base tunneling specifications for IPv4 and IPv6 typically set a 436 static MTU on the tunnel interface to 1500 bytes minus the 437 encapsulation overhead or smaller still if the tunnel is likely to 438 incur additional encapsulations such as IPsec on the path. This can 439 result in path MTU related black holes when packets that are too 440 large to be accommodated over the AERO link are dropped, but the 441 resulting ICMP Packet Too Big (PTB) messages are lost on the return 442 path. As a result, AERO nodes use the following MTU mitigations to 443 accommodate larger packets. 445 AERO nodes set their AERO interface MTU to the larger of 1500 bytes 446 and the underlying interface MTU minus the encapsulation overhead. 447 AERO nodes optionally cache other per-neighbor MTU values in the 448 underlying IP path MTU discovery cache initialized to the underlying 449 interface MTU. 451 AERO nodes admit packets that are no larger than 1280 bytes minus the 452 encapsulation overhead (*) as well as packets that are larger than 453 1500 bytes into the tunnel without fragmentation, i.e., as long as 454 they are no larger than the AERO interface MTU before encapsulation 455 and also no larger than the cached per-neighbor MTU following 456 encapsulation. For IPv4, the node sets the "Don't Fragment" (DF) bit 457 to 0 for packets no larger than 1280 bytes minus the encapsulation 458 overhead (*) and sets the DF bit to 1 for packets larger than 1500 459 bytes. If a large packet is lost in the path, the node may 460 optionally cache the MTU reported in the resulting PTB message or may 461 ignore the message, e.g., if there is a possibility that the message 462 is spurious. 464 For packets destined to an AERO node that are larger than 1280 bytes 465 minus the encapsulation overhead (*) but no larger than 1500 bytes, 466 the node uses outer IP fragmentation to fragment the packet into two 467 pieces (where the first fragment contains 1024 bytes of the 468 fragmented inner packet) then admits the fragments into the tunnel. 469 If the outer protocol is IPv4, the node admits the packet into the 470 tunnel with DF set to 0 and subject to rate limiting to avoid 471 reassembly errors [RFC4963][RFC6864]. For both IPv4 and IPv6, the 472 node also sends a 1500 byte probe message (**) to the neighbor, 473 subject to rate limiting. To construct a probe, the node prepares an 474 ICMPv6 Neighbor Solicitation (NS) message with trailing padding 475 octets added to a length of 1500 bytes but does not include the 476 length of the padding in the IPv6 Payload Length field. The node 477 then encapsulates the NS in the outer encapsulation headers (while 478 including the length of the padding in the outer length fields), sets 479 DF to 1 (for IPv4) and sends the padded NS message to the neighbor. 480 If the neighbor returns an NA message, the node may then send whole 481 packets within this size range and (for IPv4) relax the rate limiting 482 requirement. 484 AERO nodes MUST be capable of reassembling packets up to 1500 bytes 485 plus the encapsulation overhead length. It is therefore RECOMMENDED 486 that AERO nodes be capable of reassembling at least 2KB. 488 (*) Note that if it is known that the minimum Path MTU to an AERO 489 node is MINMTU bytes (where 1280 < MINMTU < 1500) then MINMTU can be 490 used instead of 1280 in the fragmentation threshold considerations 491 listed above. 493 (**) It is RECOMMENDED that no probes smaller than 1500 bytes be used 494 for MTU probing purposes, since smaller probes may be fragmented if 495 there is a nested tunnel somewhere on the path to the neighbor. 497 3.7. AERO Interface Encapsulation, Re-encapsulation and Decapsulation 499 AERO interfaces encapsulate IPv6 packets according to whether they 500 are entering the AERO interface for the first time or if they are 501 being forwarded out the same AERO interface that they arrived on. 502 This latter form of encapsulation is known as "re-encapsulation". 504 AERO interfaces encapsulate packets per the specifications in , 505 [RFC2473], [RFC4213] except that the interface copies the "TTL/Hop 506 Limit", "Type of Service/Traffic Class" and "Congestion Experienced" 507 values in the inner network layer header into the corresponding 508 fields in the outer IP header. For packets undergoing re- 509 encapsulation, the AERO interface instead copies the "TTL/Hop Limit", 510 "Type of Service/Traffic Class" and "Congestion Experienced" values 511 in the original outer IP header into the corresponding fields in the 512 new outer IP header (i.e., the values are transferred between outer 513 headers and *not* copied from the inner network layer header). 515 When UDP encapsulation is used, the AERO interface inserts a UDP 516 header between the inner packet and outer IP header. If the outer 517 header is IPv6 and is followed by an IPv6 Fragment header, the AERO 518 interface inserts the UDP header between the outer IPv6 header and 519 IPv6 Fragment header. The AERO interface sets the UDP source port to 520 a constant value that it will use in each successive packet it sends, 521 sets the UDP checksum field to zero (see: [RFC6935][RFC6936]) and 522 sets the UDP length field to the length of the inner packet plus 8 523 bytes for the UDP header itself. For packets sent via a Server, the 524 AERO interface sets the UDP destination port to 8060 (i.e., the IANA- 525 registerd port number for AERO). For packets sent to a neighboring 526 Client, the AERO interface sets the UDP destination port to the port 527 value stored in the neighbor cache entry for this neighbor. 529 The AERO interface next sets the outer IP protocol number to the 530 appropriate value for the first protocol layer within the 531 encapsulation (e.g., IPv6, IPv6 Fragment Header, UDP, etc.). When 532 IPv6 is used as the outer IP protocol, the ITE then sets the flow 533 label value in the outer IPv6 header the same as described in 534 [RFC6438]. When IPv4 is used as the outer IP protocol, the AERO 535 interface sets the DF bit as discussed in Section 3.2. 537 AERO interfaces decapsulate packets destined either to the node 538 itself or to a destination reached via an interface other than the 539 receiving AERO interface per the specifications in , [RFC2473], 540 [RFC4213]. When the encapsulated packet includes a UDP header, the 541 AERO interface examines the first octet of data following the UDP 542 header to determine the inner header type. If the most significant 543 four bits of the first octet encode the value '0110', the inner 544 header is an IPv6 header. Otherwise, the interface considers the 545 first octet as an IP protocol type that encodes the value '44' for 546 IPv6 fragment header, the value '50' for Encapsulating Security 547 Payload, the value '51' for Authentication Header etc. (If the first 548 octet encodes the value '0', the interface instead discards the 549 packet, since this is the value reserved for experimentation under , 550 [RFC6706]). During the decapsulation, the AERO interface records the 551 UDP source port in the neighbor cache entry for this neighbor then 552 discards the UDP header. 554 3.8. AERO Reference Operational Scenario 556 Figure 3 depicts the AERO reference operational scenario. The figure 557 shows an AERO Server('A'), two AERO Clients ('B', 'D') and three 558 ordinary IPv6 hosts ('C', 'E', 'F'): 560 .-(::::::::) 561 .-(::: IPv6 :::)-. +-------------+ 562 (:::: Internet ::::)--| Host F | 563 `-(::::::::::::)-' +-------------+ 564 `-(::::::)-' 2001:db8:3::1 565 | 566 +--------------+ 567 | AERO Server A| 568 | (C->B; E->D) | 569 +--------------+ 570 fe80::0 571 L2(A) 572 | 573 X-----+-----------+-----------+--------X 574 | AERO Link | 575 L2(B) L2(D) 576 fe80::2001:db8:0:0 fe80::2001:db8:1:0 .-. 577 +--------------+ +--------------+ ,-( _)-. 578 | AERO Client B| | AERO Client D| .-(_ IPv6 )-. 579 | (default->A) | | (default->A) |--(__ EUN ) 580 +--------------+ +--------------+ `-(______)-' 581 2001:DB8:0::/48 2001:DB8:1::/48 | 582 | 2001:db8:1::1 583 .-. +-------------+ 584 ,-( _)-. 2001:db8:0::1 | Host E | 585 .-(_ IPv6 )-. +-------------+ +-------------+ 586 (__ EUN )--| Host C | 587 `-(______)-' +-------------+ 589 Figure 3: AERO Reference Operational Scenario 591 In Figure 3, AERO Server ('A') connects to the AERO link and connects 592 to the IPv6 Internet, either directly or via an AERO Relay (not 593 shown). Server ('A') assigns the address fe80::0 to its AERO 594 interface with link-layer address L2(A). Server ('A') next arranges 595 to add L2(A) to a published list of valid Servers for the AERO link. 597 AERO Client ('B') registers the IPv6 prefix 2001:db8:0::/48 in a 598 DHCPv6 PD exchange via Server ('A') then assigns the address fe80:: 599 2001:db8:0:0 to its AERO interface with link-layer address L2(B). 600 Client ('B') configures a default route via the AERO interface with 601 next-hop address fe80::0 and link-layer address L2(A), then sub- 602 delegates the prefix 2001:db8:0::/48 to its attached EUNs. IPv6 host 603 ('C') connects to the EUN, and configures the address 2001:db8:0::1. 605 AERO Client ('D') registers the IPv6 prefix 2001:db8:1::/48 in a 606 DHCPv6 PD exchange via Server ('A') then assigns the address fe80:: 607 2001:db8:1:0 to its AERO interface with link-layer address L2(D). 609 Client ('D') configures a default route via the AERO interface with 610 next-hop address fe80::0 and link-layer address L2(A), then sub- 611 delegates the prefix 2001:db8:1::/48 to its attached EUNs. IPv6 host 612 ('E') connects to the EUN, and configures the address 2001:db8:1::1. 614 Finally, IPv6 host ('F') connects to an IPv6 network outside of the 615 AERO link domain. Host ('F') configures its IPv6 interface in a 616 manner specific to its attached IPv6 link, and assigns the address 617 2001:db8:3::1 to its IPv6 link interface. 619 3.9. AERO Router Discovery and Prefix Delegation 621 3.9.1. AERO Client Behavior 623 AERO Clients observe the IPv6 node requirements defined in [RFC6434]. 624 AERO Clients first discover the link-layer address of an AERO Server 625 via static configuration, or through an automated means such as DNS 626 name resolution. In the absence of other information, the Client 627 resolves the Fully-Qualified Domain Name (FQDN) 628 "linkupnetworks.domainname", where "domainname" is the DNS domain 629 appropriate for the Client's attached underlying network. The Client 630 then creates a static neighbor cache entry with fe80::0 as the 631 network-layer address and the discovered address as the link-layer 632 address. The Client further creates a static default IPv6 forwarding 633 table entry with fe80::0 as the next hop address. 635 Next, the Client acts as a requesting router to request an IPv6 636 prefix through DHCPv6 PD [RFC3633] via the Server using fe80::1 as 637 the IPv6 source address and fe80::0 as the IPv6 destination address. 638 The Client further includes a DHCPv6 Unique Identifier (DUID) based 639 on a Universally Unique Identifier (UUID) (also known as DUID-UUID) 640 as described in [RFC6355]. 642 After the Client receives its prefix delegation, it assigns the link- 643 local AERO address taken from the prefix to the AERO interface (see: 644 Section 3.3) and sub-delegates the prefix to nodes and links within 645 its attached EUNs (the AERO link-local address thereafter remains 646 stable as the Client moves). The Client further renews its prefix 647 delegation via standard DHCPv6 procedures by sending DHCPv6 messages 648 with fe80::1 as the IPv6 source address, fe80::0 as the IPv6 649 destination address and the same DUID-UUID value as the DUID. 651 The Client sends periodic NS messages to the Server to obtain new NAs 652 in order to refresh any network state. The Client can also forward 653 IPv6 packets destined to networks beyond its local EUNs via the 654 Server as an IPv6 default router. The Server may in turn return a 655 Redirect message informing the Client of a neighbor on the AERO link 656 that is topologically closer to the final destination as specified in 657 Section 3.11. 659 3.9.2. AERO Server Behavior 661 AERO Servers observe the IPv6 router requirements defined in 662 [RFC6434] and further configure a DHCPv6 relay function on their AERO 663 links. When the Server relays a Client's DHCPv6 PD messages to the 664 DHCPv6 Server, it wraps each message in a "Relay-forward" message per 665 [RFC3315] and includes a DHCPv6 "Interface-Id" option that encodes a 666 value that identifies the AERO link to the DHCPv6 Server. The Server 667 then encodes the Client's link-layer source address and (when UDP 668 encapsulation is used) UDP source port number in the link-address and 669 peer-address fields of the "Relay-forward" message. (Note that the 670 link-address and peer-address fields of the "Relay-forward" message 671 are available for coding since the message includes an "Interface-Id" 672 option (thereby obviating the need for a link-address) and the source 673 address of the DHCPv6 message will always be fe80::1 (thereby 674 obviating the need for a peer-address). Most importantly, encoding 675 the link-layer information in this manner allows the AERO Server to 676 remain stateless while the DHCPv6 Server is authoritative for the 677 delegation of IPv6 prefixes to authorized AERO Clients.) 679 When the DHCPv6 Server issues the IPv6 prefix delegation via the AERO 680 Server (acting as a DHCPv6 Relay), the Server creates a static 681 neighbor cache entry for the Client's AERO address (see: Section 3.3) 682 with the coded link-layer address and UDP port number as the link- 683 layer address for the neighbor cache entry. The Server also 684 configures a static IPv6 forwarding table entry that lists the 685 Client's AERO address as the next hop toward the delegated IPv6 686 prefix .The Server finally injects the Client's prefix as an IPv6 687 route into the inter-Server/Relay routing system (see: [IRON]) then 688 relays the DHCPv6 message to the Client while using fe80::0 as the 689 IPv6 source address, fe80::1 as the IPv6 destination address, and the 690 Client's cached link-layer address as the destination link-layer 691 address. 693 Servers respond to NS messages from Clients on their AERO interfaces 694 by returning an NA message. When the Server receives an NS message, 695 it updates the neighbor cache entry using the network layer source 696 address as the neighbor's network layer address and using the link- 697 layer source address of the NS message as the neighbor's link-layer 698 address. 700 When the Server forwards a packet via the same AERO interface on 701 which it arrived, it initiates an AERO route optimization procedure 702 as specified in Section 3.11. 704 3.10. AERO Neighbor Solicitation and Advertisement 706 Each AERO node uses its delegated prefix to create an AERO address 707 (see: Section 3.3). It can then send unicast NS messages to elicit 708 NA messages from other AERO nodes the same as described for neighbor 709 unreachability detection in[RFC4861] except that the messages do not 710 include S/TLLAOs. 712 When an AERO node sends an NS/NA message, it MUST use its AERO 713 address as the IPv6 source address and the AERO address of the 714 neighbor as the IPv6 destination address. The AERO node also 715 includes the AERO address of the neighbor as the NS/NA message Target 716 address with the exception of "terminating NS" messages as described 717 in Section 3.13. 719 When an AERO node receives an NS/NA message, it accepts the message 720 if it has a neighbor cache entry for the neighbor; otherwise, it 721 ignores the message. 723 3.11. AERO Redirection 725 Section 3.8 describes the AERO reference operational scenario. We 726 now discuss the operation and protocol details of AERO Redirection 727 with respect to this reference scenario. 729 3.11.1. Classical Redirection Approaches 731 With reference to Figure 3, when the IPv6 source host ('C') sends a 732 packet to an IPv6 destination host ('E'), the packet is first 733 forwarded via the EUN to AERO Client ('B'). Client ('B') then 734 forwards the packet over its AERO interface to AERO Server ('A'), 735 which then re-encapsulates and forwards the packet to AERO Client 736 ('D'), where the packet is finally forwarded to the IPv6 destination 737 host ('E'). When Server ('A') re-encapsulates and forwards the 738 packet back out on its advertising AERO interface, it must arrange to 739 redirect Client ('B') toward Client ('D') as a better next-hop node 740 on the AERO link that is closer to the final destination. However, 741 this redirection process applied to AERO interfaces must be more 742 carefully orchestrated than on ordinary links since the parties may 743 be separated by potentially many underlying network routing hops. 745 Consider a first alternative in which Server ('A') informs Client 746 ('B') only and does not inform Client ('D') (i.e., "classical 747 redirection"). In that case, Client ('D') has no way of knowing that 748 Client ('B') is authorized to forward packets from the claimed source 749 address, and it may simply elect to drop the packets. Also, Client 750 ('B') has no way of knowing whether Client ('D') is performing some 751 form of source address filtering that would reject packets arriving 752 from a node other than a trusted default router, nor whether Client 753 ('D') is even reachable via a direct path that does not involve 754 Server ('A'). 756 Consider a second alternative in which Server ('A') informs both 757 Client ('B') and Client ('D') separately, via independent redirection 758 control messages (i.e., "augmented redirection"). In that case, if 759 Client ('B') receives the redirection control message but Client 760 ('D') does not, subsequent packets sent by Client ('B') could be 761 dropped due to filtering since Client ('D') would not have a route to 762 verify the claimed source address. Also, if Client ('D') receives 763 the redirection control message but Client ('B') does not, subsequent 764 packets sent in the reverse direction by Client ('D') would be lost. 766 Since both of these alternatives have shortcomings, a new redirection 767 technique (i.e., "AERO redirection") is needed. 769 3.11.2. AERO Redirection Concept of Operations 771 Again, with reference to Figure 3, when source host ('C') sends a 772 packet to destination host ('E'), the packet is first forwarded over 773 the source host's attached EUN to Client ('B'), which then forwards 774 the packet via its AERO interface to Server ('A'). 776 Server ('A') then re-encapsulates and forwards the packet out the 777 same AERO interface toward Client ('D') and also sends an AERO 778 "Predirect" message forward to Client ('D') as specified in 779 Section 3.11.4. The Predirect message includes Client ('B')'s 780 network- and link-layer addresses as well as information that Client 781 ('D') can use to determine the IPv6 prefix used by Client ('B') . 782 After Client ('D') receives the Predirect message, it process the 783 message and returns an AERO Redirect message destined for Client 784 ('B') via Server ('A') as specified in Section 3.11.5. During the 785 process, Client ('D') also creates or updates a dynamic neighbor 786 cache entry for Client ('B'), and creates an IPv6 forwarding table 787 entry for Client ('B')'s IPv6 prefix. 789 When Server ('A') receives the Redirect message, it re-encapsulates 790 the message and forwards it on to Client ('B') as specified in 791 Section 3.11.6. The message includes Client ('D')'s network- and 792 link-layer addresses as well as information that Client ('B') can use 793 to determine the IPv6 prefix used by Client ('D'). After Client 794 ('B') receives the Redirect message, it processes the message as 795 specified in Section 3.11.7. During the process, Client ('B') also 796 creates or updates a dynamic neighbor cache entry for Client ('D'), 797 and creates an IPv6 forwarding table entry for Client ('D')'s IPv6 798 prefix. 800 Following the above Predirect/Redirect message exchange, forwarding 801 of packets from Client ('B') to Client ('D') without involving Server 802 ('A) as an intermediary is enabled. The mechanisms that support this 803 exchange are specified in the following sections. 805 3.11.3. AERO Redirection Message Format 807 AERO Redirect/Predirect messages use the same format as for ICMPv6 808 Redirect messages depicted in Section 4.5 of [RFC4861], but also 809 include a new "Prefix Length" field taken from the low-order 8 bits 810 of the Redirect message Reserved field (valid values for the Prefix 811 Length field are 0 through 64). The Redirect/Predirect messages are 812 formatted as shown in Figure 4: 813 0 1 2 3 814 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 815 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 816 | Type (=137) | Code (=0/1) | Checksum | 817 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 818 | Reserved | Prefix Length | 819 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 820 | | 821 + + 822 | | 823 + Target Address + 824 | | 825 + + 826 | | 827 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 828 | | 829 + + 830 | | 831 + Destination Address + 832 | | 833 + + 834 | | 835 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 836 | Options ... 837 +-+-+-+-+-+-+-+-+-+-+-+- 839 Figure 4: AERO Redirect/Predirect Message Format 841 3.11.4. Sending Predirects 843 When an AERO Server forwards a packet out the same AERO interface 844 that it arrived on, the Server sends a Predirect message forward 845 toward the AERO Client nearest the destination instead of sending a 846 Redirect message back to AERO Client nearest the source. 848 In the reference operational scenario, when Server ('A') forwards a 849 packet sent by Client ('B') toward Client ('D'), it also sends a 850 Predirect message forward toward Client ('D'), subject to rate 851 limiting (see Section 8.2 of [RFC4861]). Server ('A') prepares the 852 Predirect message as follows: 854 o the link-layer source address is set to 'L2(A)' (i.e., the 855 underlying address of Server ('A')). 857 o the link-layer destination address is set to 'L2(D)' (i.e., the 858 underlying address of Client ('D')). 860 o the network-layer source address is set to fe80::0 (i.e., the 861 link-local address of Server ('A')). 863 o the network-layer destination address is set to fe80::2001:db8:1:0 864 (i.e., the AERO address of Client ('D')). 866 o the Type is set to 137. 868 o the Code is set to 1 to indicate "Predirect". 870 o the Prefix Length is set to the length of the prefix to be applied 871 to Target address. 873 o the Target Address is set to fe80::2001:db8:0::0 (i.e., the AERO 874 address of Client ('B')). 876 o the Destination Address is set to the IPv6 source address of the 877 packet that triggered the Predirection event. 879 o the message includes a TLLAO set to 'L2(B)' (i.e., the underlying 880 address of Client ('B')). 882 o the message includes a Redirected Header Option (RHO) that 883 contains the originating packet truncated to ensure that at least 884 the network-layer header is included but the size of the message 885 does not exceed 1280 bytes. 887 Server ('A') then sends the message forward to Client ('D'). 889 3.11.5. Processing Predirects and Sending Redirects 891 When Client ('D') receives a Predirect message, it accepts the 892 message only if it has a link-layer source address of the Server, 893 i.e. 'L2(A)'. Client ('D') further accepts the message only if it 894 is willing to serve as a redirection target. Next, Client ('D') 895 validates the message according to the ICMPv6 Redirect message 896 validation rules in Section 8.1 of [RFC4861]. 898 In the reference operational scenario, when the Client ('D') receives 899 a valid Predirect message, it either creates or updates a dynamic 900 neighbor cache entry that stores the Target Address of the message as 901 the network-layer address of Client ('B') and stores the link-layer 902 address found in the TLLAO as the link-layer address of Client ('B'). 903 Client ('D') then applies the Prefix Length to the Interface 904 Identifier portion of the Target Address and records the resulting 905 IPv6 prefix in its IPv6 forwarding table. 907 After processing the message, Client ('D') prepares a Redirect 908 message response as follows: 910 o the link-layer source address is set to 'L2(D)' (i.e., the link- 911 layer address of Client ('D')). 913 o the link-layer destination address is set to 'L2(A)' (i.e., the 914 link-layer address of Server ('A')). 916 o the network-layer source address is set to 'L3(D)' (i.e., the AERO 917 address of Client ('D')). 919 o the network-layer destination address is set to 'L3(B)' (i.e., the 920 AERO address of Client ('B')). 922 o the Type is set to 137. 924 o the Code is set to 0 to indicate "Redirect". 926 o the Prefix Length is set to the length of the prefix to be applied 927 to the Target and Destination address. 929 o the Target Address is set to fe80::2001:db8:1::1 (i.e., the AERO 930 address of Client ('D')). 932 o the Destination Address is set to the IPv6 destination address of 933 the packet that triggered the Redirection event. 935 o the message includes a TLLAO set to 'L2(D)' (i.e., the underlying 936 address of Client ('D')). 938 o the message includes as much of the RHO copied from the 939 corresponding AERO Predirect message as possible such that at 940 least the network-layer header is included but the size of the 941 message does not exceed 1280 bytes. 943 After Client ('D') prepares the Redirect message, it sends the 944 message to Server ('A'). 946 3.11.6. Re-encapsulating and Relaying Redirects 948 When Server ('A') receives a Redirect message, it accepts the message 949 only if it has a neighbor cache entry that associates the message's 950 link-layer source address with the network-layer source address. 951 Next, Server ('A') validates the message according to the ICMPv6 952 Redirect message validation rules in Section 8.1 of [RFC4861]. 953 Following validation, Server ('A') re-encapsulates the Redirect then 954 relays the re-encapsulated Redirect on to Client ('B') as follows. 956 In the reference operational scenario, Server ('A') receives the 957 Redirect message from Client ('D') and prepares to re-encapsulate and 958 forward the message to Client ('B'). Server ('A') first verifies 959 that Client ('D') is authorized to use the Prefix Length in the 960 Redirect message when applied to the AERO address in the network- 961 layer source of the Redirect message, and discards the message if 962 verification fails. Otherwise, Server ('A') re-encapsulates the 963 message by changing the link-layer source address of the message to 964 'L2(A)', changing the network-layer source address of the message to 965 fe80::0, and changing the link-layer destination address to 'L2(B)' . 966 Server ('A') finally relays the re-encapsulated message to the 967 ingress node ('B') without decrementing the network-layer IPv6 header 968 Hop Limit field. 970 While not shown in Figure 3, AERO Relays relay Redirect and Predirect 971 messages in exactly this same fashion described above. See Figure 5 972 in Appendix A for an extension of the reference operational scenario 973 that includes Relays. 975 3.11.7. Processing Redirects 977 When Client ('B') receives the Redirect message, it accepts the 978 message only if it has a link-layer source address of the Server, 979 i.e. 'L2(A)'. Next, Client ('B') validates the message according to 980 the ICMPv6 Redirect message validation rules in Section 8.1 of 981 [RFC4861]. Following validation, Client ('B') then processes the 982 message as follows. 984 In the reference operational scenario, when Client ('B') receives the 985 Redirect message, it either creates or updates a dynamic neighbor 986 cache entry that stores the Target Address of the message as the 987 network-layer address of Client ('D') and stores the link-layer 988 address found in the TLLAO as the link-layer address of Client ('D'). 989 Client ('B') then applies the Prefix Length to the Interface 990 Identifier portion of the Target Address and records the resulting 991 IPv6 prefix in its IPv6 forwarding table. 993 Now, Client ('B') has an IPv6 forwarding table entry for 994 Client('D')'s prefix, and Client ('D') has an IPv6 forwarding table 995 entry for Client ('B')'s prefix. Thereafter, the clients may 996 exchange ordinary network-layer data packets directly without 997 forwarding through Server ('A'). 999 3.12. Neighbor Reachability Maintenance 1001 When a source Client is redirected to a target Client it MUST test 1002 the direct path to the target by sending an initial NS message to 1003 elicit a solicited NA response. While testing the path, the source 1004 Client SHOULD continue sending packets via the Server until target 1005 Client reachability has been confirmed. The source Client MUST 1006 thereafter continue to test the direct path to the target Client (see 1007 Section 7.3 of [RFC4861]) in order to keep dynamic neighbor cache 1008 entries alive. In particular, the source Client sends NS messages to 1009 the target Client subject to rate limiting in order to receive 1010 solicited NA messages. If at any time the direct path appears to be 1011 failing, the source Client can resume sending packets via the Server 1012 which may or may not result in a new redirection event. 1014 When a target Client receives an NS message from a source Client, it 1015 resets the ACCEPT_TIME timer if a neighbor cache entry exists; 1016 otherwise, it discards the NS message. 1018 When a source Client receives a solicited NA message form a target 1019 Client, it resets the FORWARD_TIME timer if a neighbor cache entry 1020 exists; otherwise, it discards the NA message. 1022 When both the FORWARD_TIME and ACCEPT_TIME timers on a dynamic 1023 neighbor cache entry expire, the Client deletes both the neighbor 1024 cache entry and the corresponding IPv6 forwarding table entry. 1026 If the source Client is unable to elicit an NA response from the 1027 target Client after MAX_RETRY attempts, it SHOULD consider the direct 1028 path unusable for forwarding purposes. Otherwise, the source Client 1029 may continue to send packets directly to the target Client and SHOULD 1030 thereafter process any link-layer errors as a hint that the direct 1031 path to the target Client has either failed or has become 1032 intermittent. 1034 3.13. Mobility and Link-Layer Address Change Considerations 1036 When a Client needs to change its link-layer address (e.g., due to a 1037 mobility event, due to a change in underlying network interface, 1038 etc.), it sends an immediate NS message forward to any of its 1039 correspondents (including the Server and any other Clients) which 1040 then discover the new link-layer address. 1042 If two Clients change their link-layer addresses simultaneously, the 1043 NS/NA messages may be lost. In that case, the Clients SHOULD delete 1044 their respective dynamic neighbor cache and IPv6 forwarding table 1045 entries, and allow packets to again flow through their Server(s) 1046 which MAY result in a new AERO redirection exchange. 1048 When a Client needs to change to a new Server, it changes the link- 1049 layer address of the neighbor cache entry for fe80::0 to the address 1050 of the new Server and performs a DHCPv6 PD exchange via the new 1051 Server. After the PD exchange is satisfied, the Client sends a 1052 "terminating NS" message to the old Server. The terminating NS 1053 message is prepared exactly the same as for an ordinary NS message, 1054 except that the Target Address field contains the value '0'. 1056 When the Server receives the terminating NS message, it withdraws the 1057 IPv6 route from the routing system and deletes the neighbor cache 1058 entry and IPv6 forwarding table entry for the Client. The Server 1059 then returns an NA message which the Client can use to verify that 1060 the termination signal has been processed. (Note that the Server can 1061 impose a small delay before deleting the neighbor cache and IPv6 1062 forwarding table entries so that any packets already in the system 1063 can still be delivered to the Client.) 1065 3.14. Underlying Protocol Version Considerations 1067 A source Client may connect only to an IPvX underlying network, while 1068 the target Client connects only to an IPvY underlying network. In 1069 that case, the source Client has no means for reaching the target 1070 directly (since they connect to underlying networks of different IP 1071 protocol versions) and so must ignore any Redirects and continue to 1072 send packets via the Server. 1074 3.15. Multicast Considerations 1076 When the underlying network does not support multicast, AERO nodes 1077 map IPv6 link-scoped multicast addresses (including 1078 "All_DHCP_Relay_Agents_and_Servers") to the underlying IP address of 1079 the AERO Server. 1081 When the underlying network supports multicast, AERO nodes use the 1082 multicast address mapping specification found in [RFC2529] for IPv4 1083 underlying networks and use a direct multicast mapping for IPv6 1084 underlying networks. (In the latter case, "direct multicast mapping" 1085 means that if the IPv6 multicast destination address of the inner 1086 packet is "M", then the IPv6 multicast destination address of the 1087 encapsulating header is also "M".) 1089 3.16. Operation on Server-less AERO Links 1091 In some AERO link scenarios, there may be no Server on the link 1092 and/or no need for Clients to use a Server as an intermediary trust 1093 anchor. In that case, Clients can establish dynamic neighbor cache 1094 entries and IPv6 forwarding table entries by performing direct 1095 Client-to-Client Predirect/Redirect exchanges, and some other form of 1096 trust basis must be applied so that each Client can verify that the 1097 prospective neighbor is authorized to use its claimed prefix. 1099 When there is no Server on the link, Clients must arrange to receive 1100 prefix delegations and publish the delegations via a secure prefix 1101 discovery service through some means outside the scope of this 1102 document. 1104 3.17. Other Considerations 1106 IPv6 hosts serviced by an AERO Client can reach IPv4-only services 1107 via a NAT64 gateway [RFC6146] within the IPv6 network. 1109 AERO nodes can use the Default Address Selection Policy with DHCPv6 1110 option [RFC7078] the same as on any IPv6 link. 1112 All other (non-multicast) functions that operate over ordinary IPv6 1113 links operate in the same fashion over AERO links. 1115 4. Implementation Status 1117 An early implementation is available at: 1118 http://linkupnetworks.com/aero/aerov2-0.1.tgz. 1120 5. IANA Considerations 1122 This document uses the UDP Service Port Number 8060 reserved by IANA 1123 for AERO in [RFC6706]. Therefore, there are no new IANA actions 1124 required for this document. 1126 6. Security Considerations 1128 AERO link security considerations are the same as for standard IPv6 1129 Neighbor Discovery [RFC4861] except that AERO improves on some 1130 aspects. In particular, AERO is dependent on a trust basis between 1131 AERO Clients and Servers, where the Clients only engage in the AERO 1132 mechanism when it is facilitated by a trust anchor. 1134 AERO links must be protected against link-layer address spoofing 1135 attacks in which an attacker on the link pretends to be a trusted 1136 neighbor. Links that provide link-layer securing mechanisms (e.g., 1137 WiFi networks) and links that provide physical security (e.g., 1138 enterprise network LANs) provide a first line of defense that is 1139 often sufficient. In other instances, securing mechanisms such as 1140 Secure Neighbor Discovery (SeND) [RFC3971] or IPsec [RFC4301] may be 1141 necessary. 1143 AERO Clients MUST ensure that their connectivity is not used by 1144 unauthorized nodes to gain access to a protected network. (This 1145 concern is no different than for ordinary hosts that receive an IP 1146 address delegation but then "share" the address with unauthorized 1147 nodes via an IPv6/IPv6 NAT function.) 1149 On some AERO links, establishment and maintenance of a direct path 1150 between neighbors requires secured coordination such as through the 1151 Internet Key Exchange (IKEv2) protocol [RFC5996]. 1153 7. Acknowledgements 1155 Discussions both on the v6ops list and in private exchanges helped 1156 shape some of the concepts in this work. Individuals who contributed 1157 insights include Mikael Abrahamsson, Fred Baker, Stewart Bryant, 1158 Brian Carpenter, Brian Haberman, Joel Halpern, Sascha Hlusiak, Lee 1159 Howard and Joe Touch. Members of the IESG also provided valuable 1160 input during their review process that greatly improved the document. 1161 Special thanks go to Stewart Bryant, Joel Halpern and Brian Haberman 1162 for their shepherding guidance. 1164 This work has further been encouraged and supported by Boeing 1165 colleagues including Keith Bartley, Balaguruna Chidambaram, Jeff 1166 Holland, Cam Brodie, Yueli Yang, Wen Fang, Ed King, Mike Slane, Kent 1167 Shuey, Gen MacLean, and other members of the BR&T and BIT mobile 1168 networking teams. 1170 Earlier works on NBMA tunneling approaches are found in 1171 [RFC2529][RFC5214][RFC5569]. 1173 8. References 1175 8.1. Normative References 1177 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, 1178 August 1980. 1180 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 1181 September 1981. 1183 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 1184 RFC 792, September 1981. 1186 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1187 Requirement Levels", BCP 14, RFC 2119, March 1997. 1189 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1190 (IPv6) Specification", RFC 2460, December 1998. 1192 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 1193 IPv6 Specification", RFC 2473, December 1998. 1195 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 1196 and M. Carney, "Dynamic Host Configuration Protocol for 1197 IPv6 (DHCPv6)", RFC 3315, July 2003. 1199 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 1200 Host Configuration Protocol (DHCP) version 6", RFC 3633, 1201 December 2003. 1203 [RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms 1204 for IPv6 Hosts and Routers", RFC 4213, October 2005. 1206 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 1207 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 1208 September 2007. 1210 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 1211 Address Autoconfiguration", RFC 4862, September 2007. 1213 [RFC6355] Narten, T. and J. Johnson, "Definition of the UUID-Based 1214 DHCPv6 Unique Identifier (DUID-UUID)", RFC 6355, 1215 August 2011. 1217 [RFC6434] Jankiewicz, E., Loughney, J., and T. Narten, "IPv6 Node 1218 Requirements", RFC 6434, December 2011. 1220 8.2. Informative References 1222 [IRON] Templin, F., "The Internet Routing Overlay Network 1223 (IRON)", Work in Progress, June 2012. 1225 [RFC0879] Postel, J., "TCP maximum segment size and related topics", 1226 RFC 879, November 1983. 1228 [RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4 1229 Domains without Explicit Tunnels", RFC 2529, March 1999. 1231 [RFC2675] Borman, D., Deering, S., and R. Hinden, "IPv6 Jumbograms", 1232 RFC 2675, August 1999. 1234 [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure 1235 Neighbor Discovery (SEND)", RFC 3971, March 2005. 1237 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1238 Internet Protocol", RFC 4301, December 2005. 1240 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 1241 Discovery", RFC 4821, March 2007. 1243 [RFC4963] Heffner, J., Mathis, M., and B. Chandler, "IPv4 Reassembly 1244 Errors at High Data Rates", RFC 4963, July 2007. 1246 [RFC5214] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site 1247 Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214, 1248 March 2008. 1250 [RFC5569] Despres, R., "IPv6 Rapid Deployment on IPv4 1251 Infrastructures (6rd)", RFC 5569, January 2010. 1253 [RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, 1254 "Internet Key Exchange Protocol Version 2 (IKEv2)", 1255 RFC 5996, September 2010. 1257 [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful 1258 NAT64: Network Address and Protocol Translation from IPv6 1259 Clients to IPv4 Servers", RFC 6146, April 2011. 1261 [RFC6204] Singh, H., Beebee, W., Donley, C., Stark, B., and O. 1262 Troan, "Basic Requirements for IPv6 Customer Edge 1263 Routers", RFC 6204, April 2011. 1265 [RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label 1266 for Equal Cost Multipath Routing and Link Aggregation in 1267 Tunnels", RFC 6438, November 2011. 1269 [RFC6691] Borman, D., "TCP Options and Maximum Segment Size (MSS)", 1270 RFC 6691, July 2012. 1272 [RFC6706] Templin, F., "Asymmetric Extended Route Optimization 1273 (AERO)", RFC 6706, August 2012. 1275 [RFC6864] Touch, J., "Updated Specification of the IPv4 ID Field", 1276 RFC 6864, February 2013. 1278 [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and 1279 UDP Checksums for Tunneled Packets", RFC 6935, April 2013. 1281 [RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement 1282 for the Use of IPv6 UDP Datagrams with Zero Checksums", 1283 RFC 6936, April 2013. 1285 [RFC6980] Gont, F., "Security Implications of IPv6 Fragmentation 1286 with IPv6 Neighbor Discovery", RFC 6980, August 2013. 1288 [RFC7078] Matsumoto, A., Fujisaki, T., and T. Chown, "Distributing 1289 Address Selection Policy Using DHCPv6", RFC 7078, 1290 January 2014. 1292 Appendix A. AERO Server and Relay Interworking 1294 Figure 3 depicts a reference AERO operational scenario with a single 1295 Server on the AERO link. In order to support scaling to larger 1296 numbers of nodes, the AERO link can deploy multiple Servers and 1297 Relays, e.g., as shown in Figure 5. 1299 .-(::::::::) 1300 .-(::: IPv6 :::)-. 1301 (:: Internetwork ::) 1302 `-(::::::::::::)-' 1303 `-(::::::)-' 1304 | 1305 +--------------+ +------+-------+ +--------------+ 1306 |AERO Server C | | AERO Relay D | |AERO Server E | 1307 | (default->D) | | (A->C; G->E) | | (default->D) | 1308 | (A->B) | +-------+------+ | (G->F) | 1309 +-------+------+ | +------+-------+ 1310 | | | 1311 X---+---+-------------------+------------------+---+---X 1312 | AERO Link | 1313 +-----+--------+ +--------+-----+ 1314 |AERO Client B | |AERO Client F | 1315 | (default->C) | | (default->E) | 1316 +--------------+ +--------------+ 1317 .-. .-. 1318 ,-( _)-. ,-( _)-. 1319 .-(_ IPv6 )-. .-(_ IPv6 )-. 1320 (__ EUN ) (__ EUN ) 1321 `-(______)-' `-(______)-' 1322 | | 1323 +--------+ +--------+ 1324 | Host A | | Host G | 1325 +--------+ +--------+ 1327 Figure 5: AERO Server/Relay Interworking 1329 In this example, AERO Client ('B') associates with AERO Server ('C'), 1330 while AERO Client ('F') associates with AERO Server ('E'). 1331 Furthermore, AERO Servers ('C') and ('E') do not associate with each 1332 other directly, but rather have an association with AERO Relay ('D') 1333 (i.e., a router that has full topology information concerning its 1334 associated Servers and their Clients). Relay ('D') connects to the 1335 AERO link, and also connects to the native IPv6 Internetwork. 1337 When host ('A') sends a packet toward destination host ('G'), IPv6 1338 forwarding directs the packet through the EUN to Client ('B'), which 1339 forwards the packet to Server ('C') in absence of more-specific 1340 forwarding information. Server ('C') forwards the packet, and it 1341 also generates an AERO Predirect message that is then forwarded 1342 through Relay ('D') to Server ('E'). When Server ('E') receives the 1343 message, it forwards the message to Client ('F'). 1345 After processing the AERO Predirect message, Client ('F') sends an 1346 AERO Redirect message to Server ('E'). Server ('E'), in turn, 1347 forwards the message through Relay ('D') to Server ('C'). When 1348 Server ('C') receives the message, it forwards the message to Client 1349 ('B') informing it that host 'G's EUN can be reached via Client 1350 ('F'), thus completing the AERO redirection. 1352 The network layer routing information shared between Servers and 1353 Relays must be carefully coordinated in a manner outside the scope of 1354 this document. In particular, Relays require full topology 1355 information, while individual Servers only require partial topology 1356 information (i.e., they only need to know the EUN prefixes associated 1357 with their current set of Clients). See [IRON] for an architectural 1358 discussion of routing coordination between Relays and Servers. 1360 Author's Address 1362 Fred L. Templin (editor) 1363 Boeing Research & Technology 1364 P.O. Box 3707 1365 Seattle, WA 98124 1366 USA 1368 Email: fltemplin@acm.org