idnits 2.17.1 draft-templin-aerolink-18.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == The 'Obsoletes: ' line in the draft header should list only the _numbers_ of the RFCs which will be obsoleted by this document (if approved); it should not include the word 'RFC' in the list. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 05, 2014) is 3643 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'DUID-EN' is mentioned on line 638, but not defined == Unused Reference: 'RFC0768' is defined on line 1191, but no explicit reference was found in the text == Unused Reference: 'RFC0792' is defined on line 1197, but no explicit reference was found in the text == Unused Reference: 'RFC2460' is defined on line 1203, but no explicit reference was found in the text == Unused Reference: 'RFC4862' is defined on line 1224, but no explicit reference was found in the text == Unused Reference: 'RFC0879' is defined on line 1235, but no explicit reference was found in the text == Unused Reference: 'RFC4821' is defined on line 1253, but no explicit reference was found in the text == Unused Reference: 'RFC6204' is defined on line 1279, but no explicit reference was found in the text == Unused Reference: 'RFC6691' is defined on line 1287, but no explicit reference was found in the text == Unused Reference: 'RFC6980' is defined on line 1306, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 3633 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 6434 (Obsoleted by RFC 8504) -- Obsolete informational reference (is this intentional?): RFC 879 (Obsoleted by RFC 7805, RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 5996 (Obsoleted by RFC 7296) -- Obsolete informational reference (is this intentional?): RFC 6204 (Obsoleted by RFC 7084) -- Obsolete informational reference (is this intentional?): RFC 6691 (Obsoleted by RFC 9293) Summary: 4 errors (**), 0 flaws (~~), 12 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group F. Templin, Ed. 3 Internet-Draft Boeing Research & Technology 4 Obsoletes: rfc6706 (if approved) May 05, 2014 5 Intended status: Standards Track 6 Expires: November 6, 2014 8 Transmission of IPv6 Packets over AERO Links 9 draft-templin-aerolink-18.txt 11 Abstract 13 This document specifies the operation of IPv6 over tunnel virtual 14 Non-Broadcast, Multiple Access (NBMA) links using Asymmetric Extended 15 Route Optimization (AERO). Nodes attached to AERO links can exchange 16 packets via trusted intermediate routers on the link that provide 17 forwarding services to reach off-link destinations and/or redirection 18 services to inform the node of an on-link neighbor that is closer to 19 the final destination. Operation of the IPv6 Neighbor Discovery (ND) 20 protocol over AERO links is based on an IPv6 link local address 21 format known as the AERO address. 23 Status of this Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on November 6, 2014. 40 Copyright Notice 42 Copyright (c) 2014 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 58 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 59 3. Asymmetric Extended Route Optimization (AERO) . . . . . . . . 6 60 3.1. AERO Node Types . . . . . . . . . . . . . . . . . . . . . 6 61 3.2. AERO Addresses . . . . . . . . . . . . . . . . . . . . . . 7 62 3.3. AERO Interface Characteristics . . . . . . . . . . . . . . 7 63 3.4. AERO Interface Data Origin Authentication . . . . . . . . 9 64 3.5. AERO Interface Conceptual Data Structures and Protocol 65 Constants . . . . . . . . . . . . . . . . . . . . . . . . 10 66 3.6. AERO Interface MTU Considerations . . . . . . . . . . . . 11 67 3.7. AERO Interface Encapsulation, Re-encapsulation and 68 Decapsulation . . . . . . . . . . . . . . . . . . . . . . 12 69 3.8. AERO Reference Operational Scenario . . . . . . . . . . . 13 70 3.9. AERO Router Discovery, Prefix Delegation and Address 71 Configuration . . . . . . . . . . . . . . . . . . . . . . 15 72 3.9.1. AERO Client Behavior . . . . . . . . . . . . . . . . . 15 73 3.9.2. AERO Server Behavior . . . . . . . . . . . . . . . . . 16 74 3.10. AERO Neighbor Solicitation and Advertisement . . . . . . . 17 75 3.11. AERO Redirection . . . . . . . . . . . . . . . . . . . . . 17 76 3.11.1. Classical Redirection Approaches . . . . . . . . . . . 17 77 3.11.2. AERO Redirection Concept of Operations . . . . . . . . 18 78 3.11.3. AERO Redirection Message Format . . . . . . . . . . . 19 79 3.11.4. Sending Predirects . . . . . . . . . . . . . . . . . . 20 80 3.11.5. Processing Predirects and Sending Redirects . . . . . 21 81 3.11.6. Re-encapsulating and Relaying Redirects . . . . . . . 22 82 3.11.7. Processing Redirects . . . . . . . . . . . . . . . . . 22 83 3.12. Neighbor Reachability Maintenance . . . . . . . . . . . . 23 84 3.13. Mobility and Link-Layer Address Change Considerations . . 24 85 3.14. Underlying Protocol Version Considerations . . . . . . . . 24 86 3.15. Multicast Considerations . . . . . . . . . . . . . . . . . 25 87 3.16. Operation on Server-less AERO Links . . . . . . . . . . . 25 88 3.17. Other Considerations . . . . . . . . . . . . . . . . . . . 25 89 4. Implementation Status . . . . . . . . . . . . . . . . . . . . 26 90 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 91 6. Security Considerations . . . . . . . . . . . . . . . . . . . 26 92 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 26 93 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27 94 8.1. Normative References . . . . . . . . . . . . . . . . . . . 27 95 8.2. Informative References . . . . . . . . . . . . . . . . . . 28 97 Appendix A. AERO Server and Relay Interworking . . . . . . . . . 29 98 Appendix B. DHCPv6 Client Link Layer Address Considerations . . . 31 99 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 32 101 1. Introduction 103 This document specifies the operation of IPv6 over tunnel virtual 104 Non-Broadcast, Multiple Access (NBMA) links using Asymmetric Extended 105 Route Optimization (AERO). Nodes attached to AERO links can exchange 106 packets via trusted intermediate routers on the link that provide 107 forwarding services to reach off-link destinations and/or redirection 108 services to inform the node of an on-link neighbor that is closer to 109 the final destination. This redirection provides a route 110 optimization capability that addresses the requirements outlined in 111 [RFC5522]. 113 Nodes on AERO links use an IPv6 link-local address format known as 114 the AERO Address. This address type has properties that statelessly 115 link IPv6 Neighbor Discovery (ND) to IPv6 routing. The AERO link can 116 be used for tunneling to neighboring nodes on either IPv6 or IPv4 117 networks, i.e., AERO views the IPv6 and IPv4 networks as equivalent 118 links for tunneling. The remainder of this document presents the 119 AERO specification. 121 2. Terminology 123 The terminology in the normative references applies; the following 124 terms are defined within the scope of this document: 126 AERO link 127 a Non-Broadcast, Multiple Access (NBMA) tunnel virtual overlay 128 configured over a node's attached IPv6 and/or IPv4 networks. All 129 nodes on the AERO link appear as single-hop neighbors from the 130 perspective of IPv6. 132 AERO interface 133 a node's attachment to an AERO link. The AERO interface Maximum 134 Transmission Unit (MTU) is less than or equal to the AERO link 135 MTU. 137 AERO address 138 an IPv6 link-local address assigned to an AERO interface and 139 constructed as specified in Section 3.6. 141 AERO node 142 a node that is connected to an AERO link and that participates in 143 IPv6 Neighbor Discovery over the link. 145 AERO Client ("client") 146 a node that configures either a host interface or a router 147 interface on an AERO link. 149 AERO Server ("server") 150 a node that configures a router interface on an AERO link over 151 which it can provide default forwarding and redirection services 152 for other AERO nodes. 154 AERO Relay ("relay") 155 a node that relays IPv6 packets between Servers on the same AERO 156 link, and/or that forwards IPv6 packets between the AERO link and 157 the IPv6 Internet. An AERO Relay may or may not also be 158 configured as an AERO Server. 160 ingress tunnel endpoint (ITE) 161 an AERO interface endpoint that injects tunneled packets into an 162 AERO link. 164 egress tunnel endpoint (ETE) 165 an AERO interface endpoint that receives tunneled packets from an 166 AERO link. 168 underlying network 169 a connected IPv6 or IPv4 network routing region over which AERO 170 nodes tunnel IPv6 packets. 172 underlying interface 173 an AERO node's interface point of attachment to an underlying 174 network. 176 underlying address 177 an IPv6 or IPv4 address assigned to an AERO node's underlying 178 interface. When UDP encapsulation is used, the UDP port number is 179 also considered as part of the underlying address. Underlying 180 addresses are used as the source and destination addresses of the 181 AERO encapsulation header. 183 link-layer address 184 the same as defined for "underlying address" above. 186 network layer address 187 an IPv6 address used as the source or destination address of the 188 inner IPv6 packet header. 190 end user network (EUN) 191 an IPv6 network attached to a downstream interface of an AERO 192 Client (where the AERO interface is seen as the upstream 193 interface). 195 Throughout the document, the simple terms "Server" and "Relay" refer 196 to "AERO Server" and "AERO Relay", respectively. Capitalization is 197 used to distinguish these terms from DHCPv6 server and DHCPv6 relay. 198 This is an important distinction, since an AERO Server may be a 199 DHCPv6 relay, and an AERO Relay may be a DHCPv6 server. 201 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 202 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 203 document are to be interpreted as described in [RFC2119]. 205 3. Asymmetric Extended Route Optimization (AERO) 207 The following sections specify the operation of IPv6 over Asymmetric 208 Extended Route Optimization (AERO) links: 210 3.1. AERO Node Types 212 AERO Relays relay packets between nodes connected to the same AERO 213 link and also forward packets between the AERO link and the native 214 IPv6 network. The relaying process entails re-encapsulation of IPv6 215 packets that were received from a first AERO node and are to be 216 forwarded without modification to a second AERO node. 218 AERO Servers configure their AERO interfaces as router interfaces, 219 and provide default routing services to AERO Clients. AERO Servers 220 configure a DHCPv6 relay or server function and facilitate DHCPv6 221 Prefix Delegation (PD) exchanges. An AERO Server may also act as an 222 AERO Relay. 224 AERO Clients act as requesting routers to receive IPv6 prefixes 225 through a DHCPv6 PD exchange via an AERO Server over the AERO link. 226 Each AERO Client receives at least a /64 prefix delegation, and may 227 receive even shorter prefixes. 229 AERO Clients that act as routers configure their AERO interfaces as 230 router interfaces, i.e., even if the AERO Client otherwise displays 231 the outward characteristics of an ordinary host (for example, the 232 Client may internally configure both an AERO interface and (internal 233 virtual) End User Network (EUN) interfaces). AERO Clients that act 234 as routers sub-delegate portions of their received prefix delegations 235 to links on EUNs. 237 AERO Clients that act as ordinary hosts configure their AERO 238 interfaces as host interfaces and assign one or more IPv6 addresses 239 taken from their received prefix delegations to the AERO interface 240 but DO NOT assign the delegated prefix itself to the AERO interface. 241 Instead, the host assigns the delegated prefix to a "black hole" 242 route so that unused portions of the prefix are nullified. 244 End system applications on AERO hosts bind directly to the AERO 245 interface, while applications on AERO routers (or IPv6 hosts served 246 by an AERO router) bind to EUN interfaces. 248 3.2. AERO Addresses 250 An AERO address is an IPv6 link-local address assigned to an AERO 251 interface and with an IPv6 prefix embedded within the interface 252 identifier. The AERO address is formatted as: 254 fe80::[IPv6 prefix] 256 Each AERO Client configures an AERO address based on the delegated 257 prefix it has received from the DHCPv6 server. The address begins 258 with the prefix fe80::/64 and includes in its interface identifier 259 the base /64 prefix taken from the Client's delegated IPv6 prefix. 260 The base prefix is determined by masking the delegated prefix with 261 the prefix length. For example, if an AERO Client has received the 262 prefix delegation: 264 2001:db8:1000:2000::/56 266 it would construct its AERO address as: 268 fe80::2001:db8:1000:2000 270 The AERO address remains stable as the Client moves between 271 topological locations, i.e., even if its underlying address changes. 273 3.3. AERO Interface Characteristics 275 AERO interfaces use IPv6-in-IPv6 encapsulation [RFC2473] to exchange 276 tunneled packets with AERO neighbors attached to an underlying IPv6 277 network, and use IPv6-in-IPv4 encapsulation [RFC4213] to exchange 278 tunneled packets with AERO neighbors attached to an underlying IPv4 279 network. AERO interfaces can also use IPsec encapsulation [RFC4301] 280 (either IPv6-in-IPsec-in-IPv6 or IPv6-in-IPsec-in-IPv4) in 281 environments where strong authentication and confidentiality are 282 required. When NAT traversal and/or filtering middlebox traversal is 283 necessary, a UDP header is further inserted immediately above the 284 outer IP encapsulation header. 286 Servers assign the link-local address 'fe80::0' to their AERO 287 interface; this provides a handle for Clients to insert into a 288 neighbor cache entry for their current Server. Servers also 289 configure administratively-assigned link-local addresses on their 290 AERO interfaces to support the operation of the inter-Server/Relay 291 routing system (see: [IRON]). 293 Clients initially assign no addresses on their AERO interface, but 294 use 'fe80::1' as the IPv6 link-local address in the DHCPv6 PD 295 exchanges used to receive an IPv6 prefix and derive an AERO address 296 (see: Section 3.2). After the Client receives a prefix delegation, 297 it assigns the corresponding AERO address to the AERO interface. 299 AERO interfaces maintain a neighbor cache and use an augmentation of 300 standard unicast IPv6 ND messaging. AERO interfaces use Neighbor 301 Solicitation (NS), Neighbor Advertisement (NA) and Redirect messages 302 the same as for any IPv6 link. They do not use Router Solicitation 303 (RS) and Router Advertisement (RA) messages for several reasons. 304 First, default router discovery is supported through other means more 305 appropriate for AERO links as described below. Second, discovery of 306 more-specific routes is through the receipt of Redirect messages. 307 Finally, the AERO link uses link-local-only addressing; hence, there 308 is no need for RA-based prefix discovery. 310 AERO Neighbor Solicitation (NS) and Neighbor Advertisement (NA) 311 messages do not include Source/Target Link Layer Address Options 312 (S/TLLAO). Instead, AERO nodes determine the link-layer addresses of 313 neighbors by examining the link-layer source address of any NS/NA 314 messages they receive and ignore any S/TLLAOs included in these 315 messages. This is vital to the operation of AERO links for which 316 neighbors are separated by Network Address Translators (NATs) - 317 either IPv4 or IPv6. 319 AERO Redirect messages include a TLLAO the same as for any IPv6 link. 320 The TLLAO includes the link-layer address of the target node, 321 including both the IP address and the UDP source port number used by 322 the target when it sends UDP-encapsulated packets over the AERO 323 interface (the TLLAO instead encodes the value 0 when the target does 324 not use UDP encapsulation). The TLLAO format is shown in Figure 1: 326 0 1 2 3 327 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 328 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 329 | Type = 2 | Length = 3 | UDP Source Port (or 0) | 330 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 331 | Reserved | 332 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 333 | | 334 +-- --+ 335 | | 336 +-- IP Address --+ 337 | | 338 +-- --+ 339 | | 340 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 342 Figure 1: AERO TLLAO Format for IPv6 344 (Note that in the above TLLAO format, the IP address is formed as an 345 IPv4-compatible IPv6 address (see: [RFC4291]) when the encapsulation 346 IP address family is IPv4. Note also that the TLLAO may appear more 347 than once in a Redirect message, e.g., if the target node has 348 multiple link-layer addresses.) 350 Finally, AERO interface NS/NA messages only update existing neighbor 351 cache entires and do not create new neighbor cache entries, whereas 352 Redirect messages both update and create neighbor cache entries. 353 This represents a departure from the normal operation of IPv6 ND over 354 common link types, but is consistent with the spirit of IPv6 over 355 NBMA links as discussed in [RFC4861]. Note however that this 356 restriction may be relaxed and/or redefined on AERO links that 357 participate in a fully distributed mobility management model 358 coordinated in a manner outside the scope of this document. 360 3.4. AERO Interface Data Origin Authentication 362 Nodes on AERO interfaces use a simple data origin authentication for 363 encapsulated packets they receive from other nodes. In particular, 364 AERO Clients accept encapsulated packets with a link-layer source 365 address belonging to their current AERO Server. AERO nodes also 366 accept encapsulated packets with a link-layer source address that is 367 correct for the network-layer source address. 369 The AERO node considers the link-layer source address correct for the 370 network-layer source address if there is an IPv6 forwarding table 371 entry that matches the network-layer source address as well as a 372 neighbor cache entry corresponding to the next hop that includes the 373 link-layer address. An exception is that NS, NA and Redirect 374 messages may include a different link-layer address than the one 375 currently in the neighbor cache, and the new link-layer address 376 updates the neighbor cache entry. 378 3.5. AERO Interface Conceptual Data Structures and Protocol Constants 380 Each AERO node maintains a per-AERO interface conceptual neighbor 381 cache that includes an entry for each neighbor it communicates with 382 on the AERO link, the same as for any IPv6 interface (see [RFC4861]). 383 Neighbor cache entries are either static or dynamic. Static neighbor 384 cache entries (including a Client's neighbor cache entry for a Server 385 or a Server's neighbor cache entry for a Client) do not have timeout 386 values and are retained until explicitly deleted. Dynamic neighbor 387 cache entries are created and maintained by the AERO redirection 388 procedures describe in the following sections. 390 When an AERO node receives a valid Predirect message (See Section 391 3.11.5) it creates or updates a dynamic neighbor cache entry for the 392 Predirect target L3 and L2 addresses, and also creates an IPv6 393 forwarding table entry for the Predirected (source) prefix. The node 394 then sets an ACCEPT timer and uses this timer to validate any 395 messages received from the Predirected neighbor. 397 When an AERO node receives a valid Redirect message (see Section 398 3.11.7) it creates or updates a dynamic neighbor cache entry for the 399 Redirect target L3 and L2 addresses, and also creates an IPv6 400 forwarding table entry for the Redirected (destination) prefix. The 401 node then sets a FORWARD timer and uses this timer to determine 402 whether packets can be sent directly to the Redirected neighbor. The 403 node also maintains a constant value MAX_RETRY to limit the number of 404 keepalives sent when a neighbor has gone unreachable. 406 It is RECOMMENDED that FORWARD_TIME be set to the default constant 407 value 30 seconds to match the default REACHABLE_TIME value specified 408 for IPv6 neighbor discovery [RFC4861]. 410 It is RECOMMENDED that ACCEPT_TIME be set to the default constant 411 value 40 seconds to allow a 10 second window so that the AERO 412 redirection procedure can converge before the ACCEPT_TIME timer 413 decrements below FORWARD_TIME. 415 It is RECOMMENDED that MAX_RETRY be set to 3 the same as described 416 for IPv6 neighbor discovery address resolution in Section 7.3.3 of 417 [RFC4861]. 419 Different values for FORWARD_TIME, ACCEPT_TIME, and MAX_RETRY MAY be 420 administratively set, if necessary, to better match the AERO link's 421 performance characteristics; however, if different values are chosen, 422 all nodes on the link MUST consistently configure the same values. 423 ACCEPT_TIME SHOULD further be set to a value that is sufficiently 424 longer than FORWARD_TIME to allow the AERO redirection procedure to 425 converge. 427 3.6. AERO Interface MTU Considerations 429 The AERO link Maximum Transmission Unit (MTU) is 64KB minus the 430 encapsulation overhead for IPv4 [RFC0791] and 4GB minus the 431 encapsulation overhead for IPv6 [RFC2675]. This is the most that 432 IPv4 and IPv6 (respectively) can convey within the constraints of 433 protocol constants, but actual sizes available for tunneling will 434 frequently be much smaller. 436 The base tunneling specifications for IPv4 and IPv6 typically set a 437 static MTU on the tunnel interface to 1500 bytes minus the 438 encapsulation overhead or smaller still if the tunnel is likely to 439 incur additional encapsulations such as IPsec on the path. This can 440 result in path MTU related black holes when packets that are too 441 large to be accommodated over the AERO link are dropped, but the 442 resulting ICMP Packet Too Big (PTB) messages are lost on the return 443 path. As a result, AERO nodes use the following MTU mitigations to 444 accommodate larger packets. 446 AERO nodes set their AERO interface MTU to the larger of 1500 bytes 447 and the underlying interface MTU minus the encapsulation overhead. 448 AERO nodes optionally cache other per-neighbor MTU values in the 449 underlying IP path MTU discovery cache initialized to the underlying 450 interface MTU. 452 AERO nodes admit packets that are no larger than 1280 bytes minus the 453 encapsulation overhead (*) as well as packets that are larger than 454 1500 bytes into the tunnel without fragmentation, i.e., as long as 455 they are no larger than the AERO interface MTU before encapsulation 456 and also no larger than the cached per-neighbor MTU following 457 encapsulation. For IPv4, the node sets the "Don't Fragment" (DF) bit 458 to 0 for packets no larger than 1280 bytes minus the encapsulation 459 overhead (*) and sets the DF bit to 1 for packets larger than 1500 460 bytes. If a large packet is lost in the path, the node may 461 optionally cache the MTU reported in the resulting PTB message or may 462 ignore the message, e.g., if there is a possibility that the message 463 is spurious. 465 For packets destined to an AERO node that are larger than 1280 bytes 466 minus the encapsulation overhead (*) but no larger than 1500 bytes, 467 the node uses outer IP fragmentation to fragment the packet into two 468 pieces (where the first fragment contains 1024 bytes of the 469 fragmented inner packet) then admits the fragments into the tunnel. 470 If the outer protocol is IPv4, the node admits the packet into the 471 tunnel with DF set to 0 and subject to rate limiting to avoid 472 reassembly errors [RFC4963][RFC6864]. For both IPv4 and IPv6, the 473 node also sends a 1500 byte probe message (**) to the neighbor, 474 subject to rate limiting. To construct a probe, the node prepares an 475 ICMPv6 Neighbor Solicitation (NS) message with trailing padding 476 octets added to a length of 1500 bytes but does not include the 477 length of the padding in the IPv6 Payload Length field. The node 478 then encapsulates the NS in the outer encapsulation headers (while 479 including the length of the padding in the outer length fields), sets 480 DF to 1 (for IPv4) and sends the padded NS message to the neighbor. 481 If the neighbor returns an NA message, the node may then send whole 482 packets within this size range and (for IPv4) relax the rate limiting 483 requirement. 485 AERO nodes MUST be capable of reassembling packets up to 1500 bytes 486 plus the encapsulation overhead length. It is therefore RECOMMENDED 487 that AERO nodes be capable of reassembling at least 2KB. 489 (*) Note that if it is known that the minimum Path MTU to an AERO 490 node is MINMTU bytes (where 1280 < MINMTU < 1500) then MINMTU can be 491 used instead of 1280 in the fragmentation threshold considerations 492 listed above. 494 (**) It is RECOMMENDED that no probes smaller than 1500 bytes be used 495 for MTU probing purposes, since smaller probes may be fragmented if 496 there is a nested tunnel somewhere on the path to the neighbor. 498 3.7. AERO Interface Encapsulation, Re-encapsulation and Decapsulation 500 AERO interfaces encapsulate IPv6 packets according to whether they 501 are entering the AERO interface for the first time or if they are 502 being forwarded out the same AERO interface that they arrived on. 503 This latter form of encapsulation is known as "re-encapsulation". 505 AERO interfaces encapsulate packets per the specifications in , 506 [RFC2473], [RFC4213], [RFC4301] except that the interface copies the 507 "Hop Limit", "Traffic Class" and "Congestion Experienced" values in 508 the inner IPv6 header into the corresponding fields in the outer IP 509 header. For packets undergoing re-encapsulation, the AERO interface 510 instead copies the "TTL/Hop Limit", "Type of Service/Traffic Class" 511 and "Congestion Experienced" values in the original outer IP header 512 into the corresponding fields in the new outer IP header (i.e., the 513 values are transferred between outer headers and *not* copied from 514 the inner network layer header). 516 When UDP encapsulation is used, the AERO interface inserts a UDP 517 header immediately above the outer IP header. The AERO interface 518 sets the UDP source port to a constant value that it will use in each 519 successive packet it sends, sets the UDP checksum field to zero (see: 520 [RFC6935][RFC6936]) and sets the UDP length field to the length of 521 the inner packet plus 8 bytes for the UDP header itself. For packets 522 sent via a Server, the AERO interface sets the UDP destination port 523 to 8060 (i.e., the IANA-registerd port number for AERO). For packets 524 sent to a neighboring Client, the AERO interface sets the UDP 525 destination port to the port value stored in the neighbor cache entry 526 for this neighbor. 528 The AERO interface next sets the outer IP protocol number to the 529 appropriate value for the first protocol layer within the 530 encapsulation (e.g., IPv6, UDP, IPsec, etc.). When IPv6 is used as 531 the outer IP protocol, the ITE then sets the flow label value in the 532 outer IPv6 header the same as described in [RFC6438]. When IPv4 is 533 used as the outer IP protocol, the AERO interface sets the DF bit as 534 discussed in Section 3.2. 536 AERO interfaces decapsulate packets destined either to the node 537 itself or to a destination reached via an interface other than the 538 receiving AERO interface per the specifications in , [RFC2473], 539 [RFC4213]. When the encapsulated packet includes a UDP header, the 540 AERO interface examines the first octet of data following the UDP 541 header to determine the inner header type. If the most significant 542 four bits of the first octet encode the value '0110', the inner 543 header is an IPv6 header. Otherwise, the interface considers the 544 first octet as an IP protocol type that encodes the value '50' for 545 Encapsulating Security Payload, the value '51' for Authentication 546 Header etc. (If the first octet encodes the value '0', the interface 547 instead discards the packet, since this is the value reserved for 548 experimentation under , [RFC6706]). During the decapsulation, the 549 AERO interface records the UDP source port in the neighbor cache 550 entry for this neighbor then discards the UDP header. 552 3.8. AERO Reference Operational Scenario 554 Figure 2 depicts the AERO reference operational scenario. The figure 555 shows an AERO Server('A'), two AERO Clients ('B', 'D') and three 556 ordinary IPv6 hosts ('C', 'E', 'F'): 558 .-(::::::::) 559 .-(::: IPv6 :::)-. +-------------+ 560 (:::: Internet ::::)--| Host F | 561 `-(::::::::::::)-' +-------------+ 562 `-(::::::)-' 2001:db8:3::1 563 | 564 +--------------+ 565 | AERO Server A| 566 | (C->B; E->D) | 567 +--------------+ 568 fe80::0 569 L2(A) 570 | 571 X-----+-----------+-----------+--------X 572 | AERO Link | 573 L2(B) L2(D) 574 fe80::2001:db8:0:0 fe80::2001:db8:1:0 .-. 575 +--------------+ +--------------+ ,-( _)-. 576 | AERO Client B| | AERO Client D| .-(_ IPv6 )-. 577 | (default->A) | | (default->A) |--(__ EUN ) 578 +--------------+ +--------------+ `-(______)-' 579 2001:DB8:0::/48 2001:DB8:1::/48 | 580 | 2001:db8:1::1 581 .-. +-------------+ 582 ,-( _)-. 2001:db8:0::1 | Host E | 583 .-(_ IPv6 )-. +-------------+ +-------------+ 584 (__ EUN )--| Host C | 585 `-(______)-' +-------------+ 587 Figure 2: AERO Reference Operational Scenario 589 In Figure 2, AERO Server ('A') connects to the AERO link and connects 590 to the IPv6 Internet, either directly or via an AERO Relay (not 591 shown). Server ('A') assigns the address fe80::0 to its AERO 592 interface with link-layer address L2(A). Server ('A') next arranges 593 to add L2(A) to a published list of valid Servers for the AERO link. 595 AERO Client ('B') registers the IPv6 prefix 2001:db8:0::/48 in a 596 DHCPv6 PD exchange via AERO Server ('A') then assigns the address 597 fe80::2001:db8:0:0 to its AERO interface with link-layer address 598 L2(B). Client ('B') configures a default route via the AERO 599 interface with next-hop address fe80::0 and link-layer address L2(A), 600 then sub-delegates the prefix 2001:db8:0::/48 to its attached EUNs. 601 IPv6 host ('C') connects to the EUN, and configures the address 2001: 602 db8:0::1. 604 AERO Client ('D') registers the IPv6 prefix 2001:db8:1::/48 in a 605 DHCPv6 PD exchange via AERO Server ('A') then assigns the address 606 fe80::2001:db8:1:0 to its AERO interface with link-layer address 607 L2(D). Client ('D') configures a default route via the AERO 608 interface with next-hop address fe80::0 and link-layer address L2(A), 609 then sub-delegates the prefix 2001:db8:1::/48 to its attached EUNs. 610 IPv6 host ('E') connects to the EUN, and configures the address 2001: 611 db8:1::1. 613 Finally, IPv6 host ('F') connects to an IPv6 network outside of the 614 AERO link domain. Host ('F') configures its IPv6 interface in a 615 manner specific to its attached IPv6 link, and assigns the address 616 2001:db8:3::1 to its IPv6 link interface. 618 3.9. AERO Router Discovery, Prefix Delegation and Address Configuration 620 3.9.1. AERO Client Behavior 622 AERO Clients observe the IPv6 node requirements defined in [RFC6434]. 623 AERO Clients first discover the link-layer address of an AERO Server 624 via static configuration, or through an automated means such as DNS 625 name resolution. In the absence of other information, the Client 626 resolves the Fully-Qualified Domain Name (FQDN) 627 "linkupnetworks.domainname", where "domainname" is the DNS domain 628 appropriate for the Client's attached underlying network. The Client 629 then creates a static neighbor cache entry with fe80::0 as the 630 network-layer address and the discovered address as the link-layer 631 address then creates a static default IPv6 forwarding table entry 632 with fe80::0 as the next hop address. 634 Next, the Client acts as a requesting router to request an IPv6 635 prefix through DHCPv6 PD [RFC3633] via the AERO Server using fe80::1 636 as the IPv6 source address and fe80::0 as the IPv6 destination 637 address. The Client includes a DHCPv6 Unique Identifier based on 638 Enterprise Number [DUID-EN] in the Client Identifier option of its 639 DHCPv6 messages as described in Section 9.3 of [RFC3315]. 641 After the Client receives its prefix delegation, it assigns the link- 642 local AERO address taken from the prefix to the AERO interface (see: 643 Section 3.3) and sub-delegates the prefix to nodes and links within 644 its attached EUNs (the AERO link-local address thereafter remains 645 stable as the Client moves). The Client further renews its prefix 646 delegation via standard DHCPv6 procedures by sending DHCPv6 Renew 647 messages with fe80::1 as the IPv6 source address, fe80::0 as the IPv6 648 destination address and the same DUID-EN value in the Client 649 Identifier option. 651 The Client sends periodic NS messages to the Server to obtain new NAs 652 in order to refresh any network state. The Client can also forward 653 IPv6 packets destined to networks beyond its local EUNs via the 654 Server as an IPv6 default router. The Server may in turn return a 655 Redirect message informing the Client of a neighbor on the AERO link 656 that is topologically closer to the final destination as specified in 657 Section 3.11. 659 Note that, since the Client's AERO address is configured from the 660 unique prefix delegation it receives via the Server, there is no need 661 for Duplicate Address Detection on AERO links. Other nodes 662 maliciously attempting to hijack an authorized Client's AERO address 663 will be denied due to an unacceptable link-layer address and/or 664 security parameters (see: Security Considerations). 666 3.9.2. AERO Server Behavior 668 AERO Servers observe the IPv6 router requirements defined in 669 [RFC6434] and further configure a DHCPv6 relay or server function on 670 their AERO links. When the AERO Server relays a Client's DHCPv6 PD 671 messages to the DHCPv6 server, it wraps each message in a "Relay- 672 forward" message per [RFC3315] and includes a DHCPv6 Interface 673 Identifier option that encodes a value that identifies the AERO link 674 to the DHCPv6 server. The AERO Server then encodes the Client's 675 link-layer source address and (when UDP encapsulation is used) UDP 676 source port number in the link-address and peer-address fields of the 677 "Relay-forward" message. This information will subsequently be 678 reflected back in the "Relay-reply" message (see Appendix B for 679 further explanation of this coding). 681 When the DHCPv6 server issues the IPv6 prefix delegation in a "Relay- 682 reply" message via the AERO Server (acting as a DHCPv6 relay), the 683 AERO Server creates a static neighbor cache entry for the Client's 684 AERO address (see: Section 3.3) with the Client's link-layer address 685 and UDP port number as the link-layer address for the neighbor cache 686 entry. The AERO Server also configures a static IPv6 forwarding 687 table entry that lists the Client's AERO address as the next hop 688 toward the delegated IPv6 prefix .The AERO Server finally injects the 689 Client's prefix as an IPv6 route into the inter-Server/Relay routing 690 system (see: [IRON]) then relays the DHCPv6 message to the Client 691 while using fe80::0 as the IPv6 source address, fe80::1 as the IPv6 692 destination address, and the Client's cached link-layer address as 693 the destination link-layer address. 695 Servers respond to NS messages from Clients on their AERO interfaces 696 by returning an NA message. When the Server receives an NS message, 697 it updates the neighbor cache entry using the network layer source 698 address as the neighbor's network layer address and using the link- 699 layer source address of the NS message as the neighbor's link-layer 700 address. 702 When the Server forwards a packet via the same AERO interface on 703 which it arrived, it initiates an AERO route optimization procedure 704 as specified in Section 3.11. 706 3.10. AERO Neighbor Solicitation and Advertisement 708 Each AERO node uses its delegated prefix to create an AERO address 709 (see: Section 3.3). It can then send unicast NS messages to elicit 710 NA messages from other AERO nodes the same as described for neighbor 711 unreachability detection in[RFC4861] except that the messages do not 712 include S/TLLAOs. 714 When an AERO node sends an NS/NA message, it MUST use its AERO 715 address as the IPv6 source address and the AERO address of the 716 neighbor as the IPv6 destination address. The AERO node also 717 includes the AERO address of the neighbor as the NS/NA message Target 718 address with the exception of "terminating NS" messages as described 719 in Section 3.13. 721 When an AERO node receives an NS/NA message, it accepts the message 722 if it has a neighbor cache entry for the neighbor; otherwise, it 723 ignores the message. 725 3.11. AERO Redirection 727 Section 3.8 describes the AERO reference operational scenario. We 728 now discuss the operation and protocol details of AERO Redirection 729 with respect to this reference scenario. 731 3.11.1. Classical Redirection Approaches 733 With reference to Figure 2, when the IPv6 source host ('C') sends a 734 packet to an IPv6 destination host ('E'), the packet is first 735 forwarded via the EUN to AERO Client ('B'). Client ('B') then 736 forwards the packet over its AERO interface to AERO Server ('A'), 737 which then re-encapsulates and forwards the packet to AERO Client 738 ('D'), where the packet is finally forwarded to the IPv6 destination 739 host ('E'). When Server ('A') re-encapsulates and forwards the 740 packet back out on its advertising AERO interface, it must arrange to 741 redirect Client ('B') toward Client ('D') as a better next-hop node 742 on the AERO link that is closer to the final destination. However, 743 this redirection process applied to AERO interfaces must be more 744 carefully orchestrated than on ordinary links since the parties may 745 be separated by potentially many underlying network routing hops. 747 Consider a first alternative in which Server ('A') informs Client 748 ('B') only and does not inform Client ('D') (i.e., "classical 749 redirection"). In that case, Client ('D') has no way of knowing that 750 Client ('B') is authorized to forward packets from the claimed source 751 address, and it may simply elect to drop the packets. Also, Client 752 ('B') has no way of knowing whether Client ('D') is performing some 753 form of source address filtering that would reject packets arriving 754 from a node other than a trusted default router, nor whether Client 755 ('D') is even reachable via a direct path that does not involve 756 Server ('A'). 758 Consider a second alternative in which Server ('A') informs both 759 Client ('B') and Client ('D') separately, via independent redirection 760 control messages (i.e., "augmented redirection"). In that case, if 761 Client ('B') receives the redirection control message but Client 762 ('D') does not, subsequent packets sent by Client ('B') could be 763 dropped due to filtering since Client ('D') would not have a route to 764 verify the claimed source address. Also, if Client ('D') receives 765 the redirection control message but Client ('B') does not, subsequent 766 packets sent in the reverse direction by Client ('D') would be lost. 768 Since both of these alternatives have shortcomings, a new redirection 769 technique (i.e., "AERO redirection") is needed. 771 3.11.2. AERO Redirection Concept of Operations 773 Again, with reference to Figure 2, when source host ('C') sends a 774 packet to destination host ('E'), the packet is first forwarded over 775 the source host's attached EUN to Client ('B'), which then forwards 776 the packet via its AERO interface to Server ('A'). 778 Server ('A') then re-encapsulates and forwards the packet out the 779 same AERO interface toward Client ('D') and also sends an AERO 780 "Predirect" message forward to Client ('D') as specified in 781 Section 3.11.4. The Predirect message includes Client ('B')'s 782 network- and link-layer addresses as well as information that Client 783 ('D') can use to determine the IPv6 prefix used by Client ('B') . 784 After Client ('D') receives the Predirect message, it process the 785 message and returns an AERO Redirect message destined for Client 786 ('B') via Server ('A') as specified in Section 3.11.5. During the 787 process, Client ('D') also creates or updates a dynamic neighbor 788 cache entry for Client ('B'), and creates an IPv6 forwarding table 789 entry for Client ('B')'s IPv6 prefix. 791 When Server ('A') receives the Redirect message, it re-encapsulates 792 the message and forwards it on to Client ('B') as specified in 793 Section 3.11.6. The message includes Client ('D')'s network- and 794 link-layer addresses as well as information that Client ('B') can use 795 to determine the IPv6 prefix used by Client ('D'). After Client 796 ('B') receives the Redirect message, it processes the message as 797 specified in Section 3.11.7. During the process, Client ('B') also 798 creates or updates a dynamic neighbor cache entry for Client ('D'), 799 and creates an IPv6 forwarding table entry for Client ('D')'s IPv6 800 prefix. 802 Following the above Predirect/Redirect message exchange, forwarding 803 of packets from Client ('B') to Client ('D') without involving Server 804 ('A) as an intermediary is enabled. The mechanisms that support this 805 exchange are specified in the following sections. 807 3.11.3. AERO Redirection Message Format 809 AERO Redirect/Predirect messages use the same format as for ICMPv6 810 Redirect messages depicted in Section 4.5 of [RFC4861], but also 811 include a new "Prefix Length" field taken from the low-order 8 bits 812 of the Redirect message Reserved field (valid values for the Prefix 813 Length field are 0 through 64). The Redirect/Predirect messages are 814 formatted as shown in Figure 3: 815 0 1 2 3 816 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 817 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 818 | Type (=137) | Code (=0/1) | Checksum | 819 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 820 | Reserved | Prefix Length | 821 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 822 | | 823 + + 824 | | 825 + Target Address + 826 | | 827 + + 828 | | 829 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 830 | | 831 + + 832 | | 833 + Destination Address + 834 | | 835 + + 836 | | 837 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 838 | Options ... 839 +-+-+-+-+-+-+-+-+-+-+-+- 841 Figure 3: AERO Redirect/Predirect Message Format 843 3.11.4. Sending Predirects 845 When an AERO Server forwards a packet out the same AERO interface 846 that it arrived on, the Server sends a Predirect message forward 847 toward the AERO Client nearest the destination instead of sending a 848 Redirect message back to AERO Client nearest the source. 850 In the reference operational scenario, when Server ('A') forwards a 851 packet sent by Client ('B') toward Client ('D'), it also sends a 852 Predirect message forward toward Client ('D'), subject to rate 853 limiting (see Section 8.2 of [RFC4861]). Server ('A') prepares the 854 Predirect message as follows: 856 o the link-layer source address is set to 'L2(A)' (i.e., the 857 underlying address of Server ('A')). 859 o the link-layer destination address is set to 'L2(D)' (i.e., the 860 underlying address of Client ('D')). 862 o the network-layer source address is set to fe80::0 (i.e., the 863 link-local address of Server ('A')). 865 o the network-layer destination address is set to fe80::2001:db8:1:0 866 (i.e., the AERO address of Client ('D')). 868 o the Type is set to 137. 870 o the Code is set to 1 to indicate "Predirect". 872 o the Prefix Length is set to the length of the prefix to be applied 873 to Target address. 875 o the Target Address is set to fe80::2001:db8:0::0 (i.e., the AERO 876 address of Client ('B')). 878 o the Destination Address is set to the IPv6 source address of the 879 packet that triggered the Predirection event. 881 o the message includes one or more TLLAOs set to 'L2(B)' and any 882 other underlying address(es) of Client ('B'). 884 o the message includes a Redirected Header Option (RHO) that 885 contains the originating packet truncated to ensure that at least 886 the network-layer header is included but the size of the message 887 does not exceed 1280 bytes. 889 Server ('A') then sends the message forward to Client ('D'). 891 3.11.5. Processing Predirects and Sending Redirects 893 When Client ('D') receives a Predirect message, it accepts the 894 message only if it has a link-layer source address of the Server, 895 i.e. 'L2(A)'. Client ('D') further accepts the message only if it 896 is willing to serve as a redirection target. Next, Client ('D') 897 validates the message according to the ICMPv6 Redirect message 898 validation rules in Section 8.1 of [RFC4861]. 900 In the reference operational scenario, when the Client ('D') receives 901 a valid Predirect message, it either creates or updates a dynamic 902 neighbor cache entry that stores the Target Address of the message as 903 the network-layer address of Client ('B') and stores the link-layer 904 address(es) found in the TLLAO(s) as the link-layer address(es) of 905 Client ('B'). Client ('D') then applies the Prefix Length to the 906 Interface Identifier portion of the Target Address and records the 907 resulting IPv6 prefix in its IPv6 forwarding table. 909 After processing the message, Client ('D') prepares a Redirect 910 message response as follows: 912 o the link-layer source address is set to 'L2(D)' (i.e., the link- 913 layer address of Client ('D')). 915 o the link-layer destination address is set to 'L2(A)' (i.e., the 916 link-layer address of Server ('A')). 918 o the network-layer source address is set to 'L3(D)' (i.e., the AERO 919 address of Client ('D')). 921 o the network-layer destination address is set to 'L3(B)' (i.e., the 922 AERO address of Client ('B')). 924 o the Type is set to 137. 926 o the Code is set to 0 to indicate "Redirect". 928 o the Prefix Length is set to the length of the prefix to be applied 929 to the Target and Destination address. 931 o the Target Address is set to fe80::2001:db8:1::1 (i.e., the AERO 932 address of Client ('D')). 934 o the Destination Address is set to the IPv6 destination address of 935 the packet that triggered the Redirection event. 937 o the message includes one or more TLLAOs set to 'L2(D)' and any 938 other underlying address(es) of Client ('D'). 940 o the message includes as much of the RHO copied from the 941 corresponding AERO Predirect message as possible such that at 942 least the network-layer header is included but the size of the 943 message does not exceed 1280 bytes. 945 After Client ('D') prepares the Redirect message, it sends the 946 message to Server ('A'). 948 3.11.6. Re-encapsulating and Relaying Redirects 950 When Server ('A') receives a Redirect message, it accepts the message 951 only if it has a neighbor cache entry that associates the message's 952 link-layer source address with the network-layer source address. 953 Next, Server ('A') validates the message according to the ICMPv6 954 Redirect message validation rules in Section 8.1 of [RFC4861]. 955 Following validation, Server ('A') re-encapsulates the Redirect then 956 relays the re-encapsulated Redirect on to Client ('B') as follows. 958 In the reference operational scenario, Server ('A') receives the 959 Redirect message from Client ('D') and prepares to re-encapsulate and 960 forward the message to Client ('B'). Server ('A') first verifies 961 that Client ('D') is authorized to use the Prefix Length in the 962 Redirect message when applied to the AERO address in the network- 963 layer source of the Redirect message, and discards the message if 964 verification fails. Otherwise, Server ('A') re-encapsulates the 965 message by changing the link-layer source address of the message to 966 'L2(A)', changing the network-layer source address of the message to 967 fe80::0, and changing the link-layer destination address to 'L2(B)' . 968 Server ('A') finally relays the re-encapsulated message to the 969 ingress node ('B') without decrementing the network-layer IPv6 header 970 Hop Limit field. 972 While not shown in Figure 2, AERO Relays relay Redirect and Predirect 973 messages in exactly this same fashion described above. See Figure 4 974 in Appendix A for an extension of the reference operational scenario 975 that includes Relays. 977 3.11.7. Processing Redirects 979 When Client ('B') receives the Redirect message, it accepts the 980 message only if it has a link-layer source address of the Server, 981 i.e. 'L2(A)'. Next, Client ('B') validates the message according to 982 the ICMPv6 Redirect message validation rules in Section 8.1 of 983 [RFC4861]. Following validation, Client ('B') then processes the 984 message as follows. 986 In the reference operational scenario, when Client ('B') receives the 987 Redirect message, it either creates or updates a dynamic neighbor 988 cache entry that stores the Target Address of the message as the 989 network-layer address of Client ('D') and stores the link-layer 990 address(es) found in the TLLAO(s) as the link-layer address(es) of 991 Client ('D'). Client ('B') then applies the Prefix Length to the 992 Interface Identifier portion of the Target Address and records the 993 resulting IPv6 prefix in its IPv6 forwarding table. 995 Now, Client ('B') has an IPv6 forwarding table entry for 996 Client('D')'s prefix, and Client ('D') has an IPv6 forwarding table 997 entry for Client ('B')'s prefix. Thereafter, the clients may 998 exchange ordinary network-layer data packets directly without 999 forwarding through Server ('A'). 1001 3.12. Neighbor Reachability Maintenance 1003 When a source Client is redirected to a target Client it MUST test 1004 the direct path to the target by sending an initial NS message to 1005 elicit a solicited NA response. While testing the path, the source 1006 Client SHOULD continue sending packets via the Server until target 1007 Client reachability has been confirmed. The source Client MUST 1008 thereafter continue to test the direct path to the target Client (see 1009 Section 7.3 of [RFC4861]) in order to keep dynamic neighbor cache 1010 entries alive. In particular, the source Client sends NS messages to 1011 the target Client subject to rate limiting in order to receive 1012 solicited NA messages. If at any time the direct path appears to be 1013 failing, the source Client can resume sending packets via the Server 1014 which may or may not result in a new redirection event. 1016 When a target Client receives an NS message from a source Client, it 1017 resets the ACCEPT_TIME timer if a neighbor cache entry exists; 1018 otherwise, it discards the NS message. 1020 When a source Client receives a solicited NA message form a target 1021 Client, it resets the FORWARD_TIME timer if a neighbor cache entry 1022 exists; otherwise, it discards the NA message. 1024 When both the FORWARD_TIME and ACCEPT_TIME timers on a dynamic 1025 neighbor cache entry expire, the Client deletes both the neighbor 1026 cache entry and the corresponding IPv6 forwarding table entry. 1028 If the source Client is unable to elicit an NA response from the 1029 target Client after MAX_RETRY attempts, it SHOULD consider the direct 1030 path unusable for forwarding purposes. Otherwise, the source Client 1031 may continue to send packets directly to the target Client and SHOULD 1032 thereafter process any link-layer errors as a hint that the direct 1033 path to the target Client has either failed or has become 1034 intermittent. 1036 3.13. Mobility and Link-Layer Address Change Considerations 1038 When a Client needs to change its link-layer address (e.g., due to a 1039 mobility event, due to a change in underlying network interface, 1040 etc.), it sends an immediate NS message forward to any of its 1041 correspondents (including the Server and any other Clients) which 1042 then discover the new link-layer address. 1044 If two Clients change their link-layer addresses simultaneously, the 1045 NS/NA messages may be lost. In that case, the Clients SHOULD delete 1046 their respective dynamic neighbor cache and IPv6 forwarding table 1047 entries, and allow packets to again flow through their Server(s) 1048 which MAY result in a new AERO redirection exchange. 1050 When a Client needs to change to a new AERO Server, it issues a new 1051 DHCPv6 Request message via the new AERO Server as the DHCPv6 relay. 1052 The new AERO Server then relays the message to the DHCPv6 server and 1053 processes the resulting exchange the same as described in Section 1054 3.9.2. After the Client receives the resulting DHCPv6 Reply message, 1055 it changes the link-layer address of the neighbor cache entry for 1056 fe80::0 to the address of the new AERO Server. 1058 After conducting the above exchange via the new AERO Server, the 1059 Client then sends a "terminating NS" message to the old AERO Server. 1060 The terminating NS message is prepared exactly the same as for an 1061 ordinary NS message, except that the Code field contains the value 1062 '1'. When the old Server receives the terminating NS message, it 1063 withdraws the IPv6 route from the routing system and deletes the 1064 neighbor cache entry and IPv6 forwarding table entry for the Client. 1065 The old Server then returns an NA message which the Client can use to 1066 verify that the termination signal has been processed. (Note that 1067 the old Server can impose a small delay before deleting the neighbor 1068 cache and IPv6 forwarding table entries so that any packets already 1069 in the system can still be delivered to the Client.) 1071 An alternative to sending a "terminating NS" message would be for the 1072 Client to somehow perform a DHCPv6 exchange with the DHCPv6 relay 1073 function on the old AERO Server but without involving the DHCPv6 1074 server. This would be insecure because the Client only has a DHCPv6 1075 security association with the DHCPv6 server and not the DHCPv6 relay. 1076 Conversely, the AERO Client and Server already require an authentic 1077 exchange of IPv6 Neighbor Discovery messages. 1079 3.14. Underlying Protocol Version Considerations 1081 A source Client may connect only to an IPvX underlying network, while 1082 the target Client connects only to an IPvY underlying network. In 1083 that case, the source Client has no means for reaching the target 1084 directly (since they connect to underlying networks of different IP 1085 protocol versions) and so must ignore any Redirects and continue to 1086 send packets via the Server. 1088 3.15. Multicast Considerations 1090 When the underlying network does not support multicast, AERO nodes 1091 map IPv6 link-scoped multicast addresses (including 1092 "All_DHCP_Relay_Agents_and_Servers") to the underlying IP address of 1093 the current AERO Server. 1095 When the underlying network supports multicast, AERO nodes use the 1096 multicast address mapping specification found in [RFC2529] for IPv4 1097 underlying networks and use a direct multicast mapping for IPv6 1098 underlying networks. (In the latter case, "direct multicast mapping" 1099 means that if the IPv6 multicast destination address of the inner 1100 packet is "M", then the IPv6 multicast destination address of the 1101 encapsulating header is also "M".) 1103 3.16. Operation on Server-less AERO Links 1105 In some AERO link scenarios, there may be no Server on the link 1106 and/or no need for Clients to use a Server as an intermediary trust 1107 anchor. In that case, Clients can establish dynamic neighbor cache 1108 entries and IPv6 forwarding table entries by performing direct 1109 Client-to-Client Predirect/Redirect exchanges, and some other form of 1110 trust basis must be applied so that each Client can verify that the 1111 prospective neighbor is authorized to use its claimed prefix. 1113 When there is no Server on the link, Clients must arrange to receive 1114 prefix delegations and publish the delegations via a secure prefix 1115 discovery service through some means outside the scope of this 1116 document. 1118 3.17. Other Considerations 1120 IPv6 hosts serviced by an AERO Client can reach IPv4-only services 1121 via a NAT64 gateway [RFC6146] within the IPv6 network. 1123 AERO nodes can use the Default Address Selection Policy with DHCPv6 1124 option [RFC7078] the same as on any IPv6 link. 1126 All other (non-multicast) functions that operate over ordinary IPv6 1127 links operate in the same fashion over AERO links. 1129 4. Implementation Status 1131 An early implementation is available at: 1132 http://linkupnetworks.com/aero/aerov2-0.3.tgz. 1134 5. IANA Considerations 1136 This document uses the UDP Service Port Number 8060 reserved by IANA 1137 for AERO in [RFC6706]. Therefore, there are no new IANA actions 1138 required for this document. 1140 6. Security Considerations 1142 AERO link security considerations are the same as for standard IPv6 1143 Neighbor Discovery [RFC4861] except that AERO improves on some 1144 aspects. In particular, AERO is dependent on a trust basis between 1145 AERO Clients and Servers, where the Clients only engage in the AERO 1146 mechanism when it is facilitated by a trust anchor. 1148 AERO links must be protected against link-layer address spoofing 1149 attacks in which an attacker on the link pretends to be a trusted 1150 neighbor. Links that provide link-layer securing mechanisms (e.g., 1151 WiFi networks) and links that provide physical security (e.g., 1152 enterprise network LANs) provide a first line of defense that is 1153 often sufficient. In other instances, securing mechanisms such as 1154 Secure Neighbor Discovery (SeND) [RFC3971] or IPsec [RFC4301] may be 1155 necessary. 1157 AERO Clients MUST ensure that their connectivity is not used by 1158 unauthorized nodes to gain access to a protected network. (This 1159 concern is no different than for ordinary hosts that receive an IP 1160 address delegation but then "share" the address with unauthorized 1161 nodes via an IPv6/IPv6 NAT function.) 1163 On some AERO links, establishment and maintenance of a direct path 1164 between neighbors requires secured coordination such as through the 1165 Internet Key Exchange (IKEv2) protocol [RFC5996]. 1167 7. Acknowledgements 1169 Discussions both on the v6ops list and in private exchanges helped 1170 shape some of the concepts in this work. Individuals who contributed 1171 insights include Mikael Abrahamsson, Fred Baker, Stewart Bryant, 1172 Brian Carpenter, Brian Haberman, Joel Halpern, Sascha Hlusiak, Lee 1173 Howard and Joe Touch. Members of the IESG also provided valuable 1174 input during their review process that greatly improved the document. 1175 Special thanks go to Stewart Bryant, Joel Halpern and Brian Haberman 1176 for their shepherding guidance. 1178 This work has further been encouraged and supported by Boeing 1179 colleagues including Keith Bartley, Balaguruna Chidambaram, Jeff 1180 Holland, Cam Brodie, Yueli Yang, Wen Fang, Ed King, Mike Slane, Kent 1181 Shuey, Gen MacLean, and other members of the BR&T and BIT mobile 1182 networking teams. 1184 Earlier works on NBMA tunneling approaches are found in 1185 [RFC2529][RFC5214][RFC5569]. 1187 8. References 1189 8.1. Normative References 1191 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, 1192 August 1980. 1194 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, 1195 September 1981. 1197 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 1198 RFC 792, September 1981. 1200 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1201 Requirement Levels", BCP 14, RFC 2119, March 1997. 1203 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1204 (IPv6) Specification", RFC 2460, December 1998. 1206 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 1207 IPv6 Specification", RFC 2473, December 1998. 1209 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 1210 and M. Carney, "Dynamic Host Configuration Protocol for 1211 IPv6 (DHCPv6)", RFC 3315, July 2003. 1213 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 1214 Host Configuration Protocol (DHCP) version 6", RFC 3633, 1215 December 2003. 1217 [RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms 1218 for IPv6 Hosts and Routers", RFC 4213, October 2005. 1220 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 1221 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 1222 September 2007. 1224 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 1225 Address Autoconfiguration", RFC 4862, September 2007. 1227 [RFC6434] Jankiewicz, E., Loughney, J., and T. Narten, "IPv6 Node 1228 Requirements", RFC 6434, December 2011. 1230 8.2. Informative References 1232 [IRON] Templin, F., "The Internet Routing Overlay Network 1233 (IRON)", Work in Progress, June 2012. 1235 [RFC0879] Postel, J., "TCP maximum segment size and related topics", 1236 RFC 879, November 1983. 1238 [RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4 1239 Domains without Explicit Tunnels", RFC 2529, March 1999. 1241 [RFC2675] Borman, D., Deering, S., and R. Hinden, "IPv6 Jumbograms", 1242 RFC 2675, August 1999. 1244 [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure 1245 Neighbor Discovery (SEND)", RFC 3971, March 2005. 1247 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 1248 Architecture", RFC 4291, February 2006. 1250 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1251 Internet Protocol", RFC 4301, December 2005. 1253 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 1254 Discovery", RFC 4821, March 2007. 1256 [RFC4963] Heffner, J., Mathis, M., and B. Chandler, "IPv4 Reassembly 1257 Errors at High Data Rates", RFC 4963, July 2007. 1259 [RFC5214] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site 1260 Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214, 1261 March 2008. 1263 [RFC5522] Eddy, W., Ivancic, W., and T. Davis, "Network Mobility 1264 Route Optimization Requirements for Operational Use in 1265 Aeronautics and Space Exploration Mobile Networks", 1266 RFC 5522, October 2009. 1268 [RFC5569] Despres, R., "IPv6 Rapid Deployment on IPv4 1269 Infrastructures (6rd)", RFC 5569, January 2010. 1271 [RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, 1272 "Internet Key Exchange Protocol Version 2 (IKEv2)", 1273 RFC 5996, September 2010. 1275 [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful 1276 NAT64: Network Address and Protocol Translation from IPv6 1277 Clients to IPv4 Servers", RFC 6146, April 2011. 1279 [RFC6204] Singh, H., Beebee, W., Donley, C., Stark, B., and O. 1280 Troan, "Basic Requirements for IPv6 Customer Edge 1281 Routers", RFC 6204, April 2011. 1283 [RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label 1284 for Equal Cost Multipath Routing and Link Aggregation in 1285 Tunnels", RFC 6438, November 2011. 1287 [RFC6691] Borman, D., "TCP Options and Maximum Segment Size (MSS)", 1288 RFC 6691, July 2012. 1290 [RFC6706] Templin, F., "Asymmetric Extended Route Optimization 1291 (AERO)", RFC 6706, August 2012. 1293 [RFC6864] Touch, J., "Updated Specification of the IPv4 ID Field", 1294 RFC 6864, February 2013. 1296 [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and 1297 UDP Checksums for Tunneled Packets", RFC 6935, April 2013. 1299 [RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement 1300 for the Use of IPv6 UDP Datagrams with Zero Checksums", 1301 RFC 6936, April 2013. 1303 [RFC6939] Halwasia, G., Bhandari, S., and W. Dec, "Client Link-Layer 1304 Address Option in DHCPv6", RFC 6939, May 2013. 1306 [RFC6980] Gont, F., "Security Implications of IPv6 Fragmentation 1307 with IPv6 Neighbor Discovery", RFC 6980, August 2013. 1309 [RFC7078] Matsumoto, A., Fujisaki, T., and T. Chown, "Distributing 1310 Address Selection Policy Using DHCPv6", RFC 7078, 1311 January 2014. 1313 Appendix A. AERO Server and Relay Interworking 1315 Figure 2 depicts a reference AERO operational scenario with a single 1316 Server on the AERO link. In order to support scaling to larger 1317 numbers of nodes, the AERO link can deploy multiple Servers and 1318 Relays, e.g., as shown in Figure 4. 1320 .-(::::::::) 1321 .-(::: IPv6 :::)-. 1322 (:: Internetwork ::) 1323 `-(::::::::::::)-' 1324 `-(::::::)-' 1325 | 1326 +--------------+ +------+-------+ +--------------+ 1327 |AERO Server C | | AERO Relay D | |AERO Server E | 1328 | (default->D) | | (A->C; G->E) | | (default->D) | 1329 | (A->B) | +-------+------+ | (G->F) | 1330 +-------+------+ | +------+-------+ 1331 | | | 1332 X---+---+-------------------+------------------+---+---X 1333 | AERO Link | 1334 +-----+--------+ +--------+-----+ 1335 |AERO Client B | |AERO Client F | 1336 | (default->C) | | (default->E) | 1337 +--------------+ +--------------+ 1338 .-. .-. 1339 ,-( _)-. ,-( _)-. 1340 .-(_ IPv6 )-. .-(_ IPv6 )-. 1341 (__ EUN ) (__ EUN ) 1342 `-(______)-' `-(______)-' 1343 | | 1344 +--------+ +--------+ 1345 | Host A | | Host G | 1346 +--------+ +--------+ 1348 Figure 4: AERO Server/Relay Interworking 1350 In this example, AERO Client ('B') associates with AERO Server ('C'), 1351 while AERO Client ('F') associates with AERO Server ('E'). 1352 Furthermore, AERO Servers ('C') and ('E') do not associate with each 1353 other directly, but rather have an association with AERO Relay ('D') 1354 (i.e., a router that has full topology information concerning its 1355 associated Servers and their Clients). Relay ('D') connects to the 1356 AERO link, and also connects to the native IPv6 Internetwork. 1358 When host ('A') sends a packet toward destination host ('G'), IPv6 1359 forwarding directs the packet through the EUN to Client ('B'), which 1360 forwards the packet to Server ('C') in absence of more-specific 1361 forwarding information. Server ('C') forwards the packet, and it 1362 also generates an AERO Predirect message that is then forwarded 1363 through Relay ('D') to Server ('E'). When Server ('E') receives the 1364 message, it forwards the message to Client ('F'). 1366 After processing the AERO Predirect message, Client ('F') sends an 1367 AERO Redirect message to Server ('E'). Server ('E'), in turn, 1368 forwards the message through Relay ('D') to Server ('C'). When 1369 Server ('C') receives the message, it forwards the message to Client 1370 ('B') informing it that host 'G's EUN can be reached via Client 1371 ('F'), thus completing the AERO redirection. 1373 The network layer routing information shared between Servers and 1374 Relays must be carefully coordinated in a manner outside the scope of 1375 this document. In particular, Relays require full topology 1376 information, while individual Servers only require partial topology 1377 information (i.e., they only need to know the EUN prefixes associated 1378 with their current set of Clients). See [IRON] for an architectural 1379 discussion of routing coordination between Relays and Servers. 1381 Appendix B. DHCPv6 Client Link Layer Address Considerations 1383 As discussed in Section 3.9.2, there is a requirement for the DHCPv6 1384 relay hosted on the AERO Server to encode the link-layer address of 1385 the Client in "Relay-forward" messages in a way that the DHCPv6 1386 Server will echo the link-layer address back in corresponding "Relay- 1387 reply" messages. This allows the AERO Server to remain stateless 1388 while the DHCPv6 server is authoritative for the delegation of IPv6 1389 prefixes to authorized AERO Clients. The link-address and peer- 1390 address fields of the "Relay-forward" message are available for 1391 coding since the message includes an "Interface-Id" option (thereby 1392 obviating the need for a link-address) and the source address of the 1393 DHCPv6 message will always be fe80::1 (thereby obviating the need for 1394 a peer-address). The manner of coding the information is 1395 implementor's choice and need not be formally specified. Per 1396 [RFC3315], this information will be echoed back in the Relay-reply 1397 message. 1399 A preferred alternative would be for the AERO Server to encode the 1400 link-layer information in an appropriate DHCPv6 option such as the 1401 Client Link-Layer Address Option per [RFC6939]. However, the Client 1402 Link-Layer Address Option is only required to appear in the DHCPv6 1403 relay's Relay-forward messages and there is no requirement that it be 1404 repeated back in the DHCPv6 server's Relay-reply message. While 1405 repeating the option in the Relay-reply message would not be in 1406 violation of [RFC6939], it would require modifications to DHCPv6 1407 server implementations in order to support AERO. 1409 This document therefore currently calls for echoing the Client's 1410 link-layer address in the link-address and peer-address fields of the 1411 Relay-forward/reply messages in order to avoid DHCPv6 server 1412 modifications. If consensus determines that DHCPv6 server 1413 modifications are acceptable, the preferred alternative would be to 1414 use the Client Link-Layer Address Option. 1416 Author's Address 1418 Fred L. Templin (editor) 1419 Boeing Research & Technology 1420 P.O. Box 3707 1421 Seattle, WA 98124 1422 USA 1424 Email: fltemplin@acm.org