idnits 2.17.1 draft-templin-aerolink-22.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == The 'Obsoletes: ' line in the draft header should list only the _numbers_ of the RFCs which will be obsoleted by this document (if approved); it should not include the word 'RFC' in the list. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 29, 2014) is 3620 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC0768' is defined on line 1316, but no explicit reference was found in the text == Unused Reference: 'RFC0792' is defined on line 1322, but no explicit reference was found in the text == Unused Reference: 'RFC2460' is defined on line 1328, but no explicit reference was found in the text == Unused Reference: 'RFC4862' is defined on line 1352, but no explicit reference was found in the text == Unused Reference: 'RFC0879' is defined on line 1363, but no explicit reference was found in the text == Unused Reference: 'RFC6204' is defined on line 1415, but no explicit reference was found in the text == Unused Reference: 'RFC6691' is defined on line 1427, but no explicit reference was found in the text == Unused Reference: 'RFC6706' is defined on line 1430, but no explicit reference was found in the text == Unused Reference: 'RFC6980' is defined on line 1446, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 3633 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 6434 (Obsoleted by RFC 8504) -- Obsolete informational reference (is this intentional?): RFC 879 (Obsoleted by RFC 7805, RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 5246 (Obsoleted by RFC 8446) -- Obsolete informational reference (is this intentional?): RFC 5996 (Obsoleted by RFC 7296) -- Obsolete informational reference (is this intentional?): RFC 6204 (Obsoleted by RFC 7084) -- Obsolete informational reference (is this intentional?): RFC 6691 (Obsoleted by RFC 9293) Summary: 4 errors (**), 0 flaws (~~), 11 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group F. Templin, Ed. 3 Internet-Draft Boeing Research & Technology 4 Obsoletes: rfc6706 (if approved) May 29, 2014 5 Intended status: Standards Track 6 Expires: November 30, 2014 8 Transmission of IPv6 Packets over AERO Links 9 draft-templin-aerolink-22.txt 11 Abstract 13 This document specifies the operation of IPv6 over tunnel virtual 14 Non-Broadcast, Multiple Access (NBMA) links using Asymmetric Extended 15 Route Optimization (AERO). Nodes attached to AERO links can exchange 16 packets via trusted intermediate routers on the link that provide 17 forwarding services to reach off-link destinations and/or redirection 18 services to inform the node of an on-link neighbor that is closer to 19 the final destination. Operation of the IPv6 Neighbor Discovery (ND) 20 protocol over AERO links is based on an IPv6 link local address 21 format known as the AERO address. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on November 30, 2014. 40 Copyright Notice 42 Copyright (c) 2014 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 3. Asymmetric Extended Route Optimization (AERO) . . . . . . . . 5 60 3.1. AERO Node Types . . . . . . . . . . . . . . . . . . . . . 5 61 3.2. AERO Addresses . . . . . . . . . . . . . . . . . . . . . 6 62 3.3. AERO Interface Characteristics . . . . . . . . . . . . . 6 63 3.3.1. Coordination of Multiple Underlying Interfaces . . . 8 64 3.4. AERO Interface Neighbor Cache Maintenace . . . . . . . . 9 65 3.5. AERO Interface Data Origin Authentication . . . . . . . . 10 66 3.6. AERO Interface MTU Considerations . . . . . . . . . . . . 11 67 3.7. AERO Interface Encapsulation, Re-encapsulation and 68 Decapsulation . . . . . . . . . . . . . . . . . . . . . . 12 69 3.8. AERO Router Discovery, Prefix Delegation and Address 70 Configuration . . . . . . . . . . . . . . . . . . . . . . 14 71 3.8.1. AERO Client Behavior . . . . . . . . . . . . . . . . 14 72 3.8.2. AERO Server Behavior . . . . . . . . . . . . . . . . 15 73 3.9. AERO Redirection . . . . . . . . . . . . . . . . . . . . 16 74 3.9.1. Reference Operational Scenario . . . . . . . . . . . 16 75 3.9.2. Classical Redirection Approaches . . . . . . . . . . 18 76 3.9.3. Concept of Operations . . . . . . . . . . . . . . . . 19 77 3.9.4. Message Format . . . . . . . . . . . . . . . . . . . 19 78 3.9.5. Sending Predirects . . . . . . . . . . . . . . . . . 20 79 3.9.6. Processing Predirects and Sending Redirects . . . . . 21 80 3.9.7. Re-encapsulating and Relaying Redirects . . . . . . . 22 81 3.9.8. Processing Redirects . . . . . . . . . . . . . . . . 23 82 3.10. Neighbor Reachability Maintenance . . . . . . . . . . . . 24 83 3.11. Mobility and Link-Layer Address Change Considerations . . 25 84 3.12. Encapsulation Protocol Version Considerations . . . . . . 26 85 3.13. Multicast Considerations . . . . . . . . . . . . . . . . 26 86 3.14. Operation on AERO Links Without DHCPv6 Services . . . . . 26 87 3.15. Operation on Server-less AERO Links . . . . . . . . . . . 26 88 3.16. Other Considerations . . . . . . . . . . . . . . . . . . 27 89 4. Implementation Status . . . . . . . . . . . . . . . . . . . . 27 90 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 91 6. Security Considerations . . . . . . . . . . . . . . . . . . . 27 92 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28 93 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 28 94 8.1. Normative References . . . . . . . . . . . . . . . . . . 28 95 8.2. Informative References . . . . . . . . . . . . . . . . . 29 96 Appendix A. AERO Server and Relay Interworking . . . . . . . . . 31 97 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 33 99 1. Introduction 101 This document specifies the operation of IPv6 over tunnel virtual 102 Non-Broadcast, Multiple Access (NBMA) links using Asymmetric Extended 103 Route Optimization (AERO). Nodes attached to AERO links can exchange 104 packets via trusted intermediate routers on the link that provide 105 forwarding services to reach off-link destinations and/or redirection 106 services to inform the node of an on-link neighbor that is closer to 107 the final destination. This redirection provides a route 108 optimization capability that addresses the requirements outlined in 109 [RFC5522]. 111 Nodes on AERO links use an IPv6 link-local address format known as 112 the AERO Address. This address type has properties that avoid 113 duplication and statelessly link IPv6 Neighbor Discovery (ND) to IPv6 114 routing. The AERO link can be used for tunneling to neighboring 115 nodes on either IPv6 or IPv4 networks, i.e., AERO views the IPv6 and 116 IPv4 networks as equivalent links for tunneling. The remainder of 117 this document presents the AERO specification. 119 2. Terminology 121 The terminology in the normative references applies; the following 122 terms are defined within the scope of this document: 124 AERO link 125 a Non-Broadcast, Multiple Access (NBMA) tunnel virtual overlay 126 configured over a node's attached IPv6 and/or IPv4 networks. All 127 nodes on the AERO link appear as single-hop neighbors from the 128 perspective of IPv6. 130 AERO interface 131 a node's attachment to an AERO link. 133 AERO address 134 an IPv6 link-local address assigned to an AERO interface and 135 constructed as specified in Section 3.2. 137 AERO node 138 a node that is connected to an AERO link and that participates in 139 IPv6 Neighbor Discovery over the link. 141 AERO Client ("client") 142 a node that configures either a host interface or a router 143 interface on an AERO link. 145 AERO Server ("server") 146 a node that configures a router interface on an AERO link over 147 which it can provide default forwarding and redirection services 148 for other AERO nodes. 150 AERO Relay ("relay") 151 a node that relays IPv6 packets between Servers on the same AERO 152 link, and/or that forwards IPv6 packets between the AERO link and 153 the IPv6 Internet. An AERO Relay may or may not also be 154 configured as an AERO Server. 156 ingress tunnel endpoint (ITE) 157 an AERO interface endpoint that injects tunneled packets into an 158 AERO link. 160 egress tunnel endpoint (ETE) 161 an AERO interface endpoint that receives tunneled packets from an 162 AERO link. 164 underlying network 165 a connected IPv6 or IPv4 network routing region over which AERO 166 nodes tunnel IPv6 packets. 168 underlying interface 169 an AERO node's interface point of attachment to an underlying 170 network. 172 link-layer address 173 an IP address assigned to an AERO node's underlying interface. 174 When UDP encapsulation is used, the UDP port number is also 175 considered as part of the link-layer address. Link-layer 176 addresses are used as the encapsulation header source and 177 destination addresses. 179 network layer address 180 the source or destination address of the encapsulated IPv6 packet. 182 end user network (EUN) 183 an IPv6 network attached to a downstream interface of an AERO 184 Client (where the AERO interface is seen as the upstream 185 interface). 187 Throughout the document, the simple terms "Client", "Server" and 188 "Relay" refer to "AERO Client", "AERO Server" and "AERO Relay", 189 respectively. Capitalization is used to distinguish these terms from 190 DHCPv6 client/server/relay. This is an important distinction, since 191 an AERO Server may be a DHCPv6 relay, and an AERO Relay may be a 192 DHCPv6 server. 194 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 195 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 196 document are to be interpreted as described in [RFC2119]. 198 3. Asymmetric Extended Route Optimization (AERO) 200 The following sections specify the operation of IPv6 over Asymmetric 201 Extended Route Optimization (AERO) links: 203 3.1. AERO Node Types 205 AERO Relays relay packets between nodes connected to the same AERO 206 link and also forward packets between the AERO link and the native 207 IPv6 network. The relaying process entails re-encapsulation of IPv6 208 packets that were received from a first AERO node and are to be 209 forwarded without modification to a second AERO node. 211 AERO Servers configure their AERO interfaces as router interfaces, 212 and provide default routing services to AERO Clients. AERO Servers 213 configure a DHCPv6 relay or server function and facilitate DHCPv6 214 Prefix Delegation (PD) exchanges. An AERO Server may also act as an 215 AERO Relay. 217 AERO Clients act as requesting routers to receive IPv6 prefixes 218 through a DHCPv6 PD exchange via AERO Servers over the AERO link. 219 (Clients typically associate with a single Server at a time; Clients 220 MAY associate with multiple Servers, but associating with many 221 Servers may result in excessive control message overhead.) Each AERO 222 Client receives at least a /64 prefix delegation, and may receive 223 even shorter prefixes. 225 AERO Clients that act as routers configure their AERO interfaces as 226 router interfaces and sub-delegate portions of their received prefix 227 delegations to links on EUNs. End system applications on AERO 228 Clients that act as routers bind to EUN interfaces (i.e., and not the 229 AERO interface). 231 AERO Clients that act as ordinary hosts configure their AERO 232 interfaces as host interfaces and assign one or more IPv6 addresses 233 taken from their received prefix delegations to the AERO interface 234 but DO NOT assign the delegated prefix itself to the AERO interface. 235 Instead, the host assigns the delegated prefix to a "black hole" 236 route so that unused portions of the prefix are nullified. End 237 system applications on AERO Clients that act as hosts bind directly 238 to the AERO interface. 240 3.2. AERO Addresses 242 An AERO address is an IPv6 link-local address assigned to an AERO 243 interface and with an IPv6 prefix embedded within the interface 244 identifier. The AERO address is formatted as: 246 fe80::[IPv6 prefix] 248 Each AERO Server configures the AERO address 'fe80::'; this 249 corresponds to the IPv6 prefix '::/0' (i.e., "default") and provides 250 a handle for Clients to insert into a neighbor cache entry. 252 Each AERO Client configures an AERO address based on the prefix it 253 has received from the AERO link prefix delegation authority (e.g., 254 the DHCPv6 server). The address begins with the prefix fe80::/64 and 255 includes in its interface identifier the base /64 prefix taken from 256 the Client's delegated IPv6 prefix. The base prefix is determined by 257 masking the delegated prefix with the prefix length. For example, if 258 an AERO Client has received the prefix delegation: 260 2001:db8:1000:2000::/56 262 it would construct its AERO address as: 264 fe80::2001:db8:1000:2000 266 The AERO address remains stable as the Client moves between 267 topological locations, i.e., even if its underlying address changes. 269 3.3. AERO Interface Characteristics 271 AERO interfaces use IPv6-in-IPv6 encapsulation [RFC2473] to exchange 272 tunneled packets with AERO neighbors attached to an underlying IPv6 273 network, and use IPv6-in-IPv4 encapsulation [RFC4213] to exchange 274 tunneled packets with AERO neighbors attached to an underlying IPv4 275 network. AERO interfaces can also operate over secured tunnel types 276 such as IPsec [RFC4301] or TLS [RFC5246] in environments where strong 277 authentication and confidentiality are required. When Network 278 Address Translator (NAT) traversal and/or filtering middlebox 279 traversal may be necessary, a UDP header is further inserted 280 immediately above the IP encapsulation header. 282 Servers assign the AERO address fe80:: to their AERO interfaces. 283 Servers and Relays also use (non-AERO) administratively-assigned 284 link-local addresses to support the operation of the inter-Server/ 285 Relay routing system (see: [IRON]). 287 Clients initially use a temporary IPv6 link-local address in the 288 DHCPv6 PD exchanges used to receive an IPv6 prefix and derive an AERO 289 address. If the Client is pre-provisioned with an IPv6 prefix 290 associated with the AERO service, it SHOULD use the AERO address 291 derived from the prefix as the temporary address. Otherwise, the 292 Client can use any randomly-selected link-local address as the 293 temporary address, as it is merely a placeholder in DHCPv6 messages 294 and not used to create neighbor cache entries. After the Client 295 receives a prefix delegation, it assigns the corresponding AERO 296 address to the AERO interface. DHCPv6 is therefore used to bootstrap 297 the assignment of unique link-local addresses on the AERO link. 299 AERO interfaces maintain a neighbor cache and use an adaptation of 300 standard unicast IPv6 ND messaging. AERO interfaces use Neighbor 301 Solicitation (NS), Neighbor Advertisement (NA), Router Solicitation 302 (RS) and Router Advertisement (RA) messages the same as for any IPv6 303 link. AERO interfaces use two redirection message types -- the first 304 being the standard Redirect message and the second known as a 305 Predirect message (see Section 3.9). AERO links further use link- 306 local-only addressing; hence, Clients ignore any Prefix Information 307 Options (PIOs) they may receive in RA messages. 309 AERO interfaces use Source/Target Link Layer Address Options (S/ 310 TLLAOs) the same as for any IPv6 interface. The S/TLLAO option 311 format is shown in Figure 1: 313 0 1 2 3 314 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 315 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 316 | Type = 2 | Length = 1/3 | Reserved | 317 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 318 | Link ID | Preference | UDP Port Number (or 0) | 319 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 320 | | 321 +-- --+ 322 | | 323 +-- IP Address (Redirect/Predirect messages only) --+ 324 | | 325 +-- --+ 326 | | 327 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 329 Figure 1: AERO S/TLLAO Format 331 In this format, Link ID is an integer value between 0 and 255 332 corresponding to an underlying interface of the source/target node, 333 and Preference is an integer value between 0 and 255 indicating the 334 node's preference for this underlying interface (with 0 being highest 335 preference and 255 being lowest). For Redirect/Predirect messages, 336 Length is set to 3 and UDP Port Number/IP Address are set to the 337 addresses used by the target node when it sends encapsulated packets 338 over the underlying interface. For other ND messages, Length is set 339 to 1, UDP Port Number is set to 0 and IP Address is omitted. 341 Each AERO Redirect/Predirect message includes one or more TLLAOs, 342 i.e., one for each underlying interface the target node wishes to 343 publish. When no UDP encapsulation is used, UDP Port Number is set 344 to 0. When the encapsulation IP address family is IPv4, IP Address 345 is formed as an IPv4-compatible IPv6 address [RFC4291]. 347 AERO interface Redirect/Predirect messages can both update and create 348 neighbor cache entries. Redirect/Predirect messages SHOULD include a 349 Timestamp option (see Section 5.3 of [RFC3971]) that other AERO nodes 350 can use to verify the message time of origin. 352 Each AERO NS/NA/RS/RA message includes a single S/TLLAO with UDP Port 353 Number set to 0 and IP Address omitted (since the node has no way of 354 knowing whether it is behind a NAT and hence may be unable to convey 355 the correct values). Instead, AERO nodes determine the link-layer 356 addresses of neighbors by examining the encapsulation header IP 357 address and UDP port number of any NS/NA/RS/RA messages they receive. 359 AERO interface NS/NA/RS/RA messages only update existing neighbor 360 cache entires and do not create new neighbor cache entries. NS/RS 361 messages SHOULD include a Nonce option (see Section 5.3 of 362 [RFC3971]). If an NS/RS message contains a Nonce option, the 363 recipient MUST echo the option back in the corresponding NA/RA 364 response. Unsolicited NA/RA messages are not used on AERO 365 interfaces, and SHOULD be ignored on receipt. 367 3.3.1. Coordination of Multiple Underlying Interfaces 369 AERO interfaces may be configured over multiple underlying 370 interfaces. From the perspective of IPv6 Neighbor Discovery, the 371 AERO interface therefore appears as a single logical interface with 372 multiple link-layer addresses the same as described for "Inbound Load 373 Balancing" in Section 3 of [RFC4861]. The load balancing paradigm 374 applies to AERO Servers that are connected to stable backhaul 375 networks, but may not necessarily be appropriate for AERO Clients 376 that connect to multiple diverse media types. 378 For example, common handheld devices of the modern era have both 379 wireless local area network (aka "WiFi") and cellular wireless links. 380 These links are typically used "one at a time" with low-cost WiFi 381 preferred and highly-available cellular wireless as a cold standby. 383 In a more complex example, aircraft frequently have many wireless 384 data link types (e.g. satellite-based, terrestrial, directional 385 point-to-point, etc.) with diverse performance and cost properties. 387 If a Client's multiple underlying interfaces are used "one at a time" 388 (i.e., all other interfaces are disabled when one interface is 389 active), then the S/TLLAOs in ND messages SHOULD use the same Link ID 390 and Preference values regardless of the underlying interface and 391 Predirect/Redirect messages SHOULD include only a single TLLAO. If 392 the Client enables multiple underlying interfaces, it instead SHOULD 393 use a different Link ID and Preference value for the S/TLLAO 394 corresponding to each interface and Predirect/Redirect messages MAY 395 include multiple TLLAOs. In that case, the Client would need to send 396 separate NS/RS messages to each of its neighbors for each active 397 underlying interface. 399 3.4. AERO Interface Neighbor Cache Maintenace 401 Each AERO interface maintains a conceptual neighbor cache that 402 includes an entry for each neighbor it communicates with on the AERO 403 link, the same as for any IPv6 interface (see [RFC4861]). Neighbor 404 cache entries are created and maintained as follows: 406 When an AERO Server relays a DHCPv6 Reply message to an AERO Client, 407 it creates or updates a neighbor cache entry for the Client based on 408 the AERO address corresponding to the prefix in the IA_PD option as 409 the Client's network layer address and with the Client's 410 encapsulation IP address and UDP port number as the link-layer 411 address. 413 When an AERO Client receives a DHCPv6 Reply message from an AERO 414 Server, it creates or updates a neighbor cache entry for the Server 415 based on fe80:: as the network layer address and the Server's 416 encapsulation IP address and UDP port number as the link-layer 417 address. 419 When an AERO Client receives a valid Predirect message it creates or 420 updates a neighbor cache entry for the Predirect target network-layer 421 and link-layer addresses, and also creates an IPv6 forwarding table 422 entry for the Predirected (source) prefix. The node then sets an 423 "ACCEPT" timer for the neighbor and uses this timer to determine 424 whether messages received from the predirected neighbor can be 425 accepted. 427 When an AERO Client receives a valid Redirect message it creates or 428 updates a neighbor cache entry for the Redirect target network-layer 429 and link-layer addresses, and also creates an IPv6 forwarding table 430 entry for the redirected (destination) prefix. The node then sets a 431 "FORWARD" timer for the neighbor and uses this timer to determine 432 whether packets can be sent directly to the redirected neighbor. The 433 node also maintains a constant value MAX_RETRY to limit the number of 434 keepalives sent when a neighbor may have gone unreachable. 436 When an AERO Client receives a valid NS message it (re)sets the 437 ACCEPT timer for the neighbor to ACCEPT_TIME. 439 When an AERO Client receives a valid NA message, it (re)sets the 440 FORWARD timer for the neighbor to FORWARD_TIME. 442 It is RECOMMENDED that FORWARD_TIME be set to the default constant 443 value 30 seconds to match the default REACHABLE_TIME value specified 444 for IPv6 neighbor discovery [RFC4861]. 446 It is RECOMMENDED that ACCEPT_TIME be set to the default constant 447 value 40 seconds to allow a 10 second window so that the AERO 448 redirection procedure can converge before the ACCEPT timer decrements 449 below FORWARD_TIME. 451 It is RECOMMENDED that MAX_RETRY be set to 3 the same as described 452 for IPv6 neighbor discovery address resolution in Section 7.3.3 of 453 [RFC4861]. 455 Different values for FORWARD_TIME, ACCEPT_TIME, and MAX_RETRY MAY be 456 administratively set, if necessary, to better match the AERO link's 457 performance characteristics; however, if different values are chosen, 458 all nodes on the link MUST consistently configure the same values. 459 In particular, ACCEPT_TIME SHOULD be set to a value that is 460 sufficiently longer than FORWARD_TIME to allow the AERO redirection 461 procedure to converge. 463 3.5. AERO Interface Data Origin Authentication 465 AERO nodes use a simple data origin authentication for encapsulated 466 packets they receive from other nodes. In particular, AERO nodes 467 accept encapsulated packets with a link-layer source address 468 belonging to one of their current AERO Servers and accept 469 encapsulated packets with a link-layer source address that is correct 470 for the network-layer source address. 472 The AERO node considers the link-layer source address correct for the 473 network-layer source address if there is an IPv6 forwarding table 474 entry that matches the network-layer source address as well as a 475 neighbor cache entry corresponding to the next hop that includes the 476 link-layer address and the ACCEPT timer is non-zero. An exception is 477 that neighbor discovery messages may include a different link-layer 478 address than the one currently in the neighbor cache for this Link 479 ID, and the new link-layer address updates the neighbor cache entry. 481 3.6. AERO Interface MTU Considerations 483 The AERO link Maximum Transmission Unit (MTU) is 64KB minus the 484 encapsulation overhead for IPv4 [RFC0791] and 4GB minus the 485 encapsulation overhead for IPv6 [RFC2675]. This is the most that 486 IPv4 and IPv6 (respectively) can convey within the constraints of 487 protocol constants, but actual sizes available for tunneling will 488 frequently be much smaller. 490 The base tunneling specifications for IPv4 and IPv6 typically set a 491 static MTU on the tunnel interface to 1500 bytes minus the 492 encapsulation overhead or smaller still if the tunnel is likely to 493 incur additional encapsulations on the path. This can result in path 494 MTU related black holes when packets that are too large to be 495 accommodated over the AERO link are dropped, but the resulting ICMP 496 Packet Too Big (PTB) messages are lost on the return path. As a 497 result, AERO nodes use the following MTU mitigations to accommodate 498 larger packets. 500 AERO nodes set their AERO interface MTU to the larger of the 501 underlying interface MTU minus the encapsulation overhead, and 1500 502 bytes. (If there are multiple underlying interfaces, the node sets 503 the AERO interface MTU according to the largest underlying interface 504 MTU, or 64KB /4G minus the encapsulation overhead if the largest MTU 505 cannot be determined.) AERO nodes optionally cache other per- 506 neighbor MTU values in the underlying IP path MTU discovery cache 507 initialized to the underlying interface MTU. 509 AERO nodes admit packets that are no larger than 1280 bytes minus the 510 encapsulation overhead (*) as well as packets that are larger than 511 1500 bytes into the tunnel without fragmentation, i.e., as long as 512 they are no larger than the AERO interface MTU before encapsulation 513 and also no larger than the cached per-neighbor MTU following 514 encapsulation. For IPv4, the node sets the "Don't Fragment" (DF) bit 515 to 0 for packets no larger than 1280 bytes minus the encapsulation 516 overhead (*) and sets the DF bit to 1 for packets larger than 1500 517 bytes. If a large packet is lost in the path, the node may 518 optionally cache the MTU reported in the resulting PTB message or may 519 ignore the message, e.g., if there is a possibility that the message 520 is spurious. 522 For packets destined to an AERO node that are larger than 1280 bytes 523 minus the encapsulation overhead (*) but no larger than 1500 bytes, 524 the node uses IP fragmentation to fragment the encapsulated packet 525 into two pieces (where the first fragment contains 1024 bytes of the 526 original IPv6 packet) then admits the fragments into the tunnel. If 527 the encapsulation protocol is IPv4, the node admits each fragment 528 into the tunnel with DF set to 0 and subject to rate limiting to 529 avoid reassembly errors [RFC4963][RFC6864]. For both IPv4 and IPv6, 530 the node also sends a 1500 byte probe message (**) to the neighbor, 531 subject to rate limiting. 533 To construct a probe, the node prepares an NS message with a SLLAO, a 534 Nonce option, plus trailing padding octets added to a length of 1500 535 bytes without including the length of the padding in the IPv6 Payload 536 Length field. The node then encapsulates the NS in the encapsulation 537 headers (while including the length of the padding in the 538 encapsulation header length fields), sets DF to 1 (for IPv4) and 539 sends the padded NS message to the neighbor. If the neighbor returns 540 an NA message with a correct Nonce value, the node may then send 541 whole packets within this size range and (for IPv4) relax the rate 542 limiting requirement. (Note that the trailing padding SHOULD NOT be 543 included within the Nonce option itself but rather as padding beyond 544 the last option in the NS message; otherwise, the (large) Nonce 545 option would be echoed back in the solicited NA message and may be 546 lost at a link with a small MTU along the reverse path.) 548 AERO nodes MUST be capable of reassembling packets up to 1500 bytes 549 plus the encapsulation overhead length. It is therefore RECOMMENDED 550 that AERO nodes be capable of reassembling at least 2KB. 552 (*) Note that if it is known without probing that the minimum Path 553 MTU to an AERO node is MINMTU bytes (where 1280 < MINMTU < 1500) then 554 MINMTU can be used instead of 1280 in the fragmentation threshold 555 considerations listed above. 557 (**) It is RECOMMENDED that no probes smaller than 1500 bytes be used 558 for MTU probing purposes, since smaller probes may be fragmented if 559 there is a nested tunnel somewhere on the path to the neighbor. 560 Probe sizes larger than 1500 bytes MAY be used, but may be 561 unnecessary since original sources are expected to implement 562 [RFC4821] when sending large packets. Also, if the neighbor can be 563 reached by multiple underlying interfaces the paths via each 564 interface must be probed independently. 566 3.7. AERO Interface Encapsulation, Re-encapsulation and Decapsulation 568 AERO interfaces encapsulate IPv6 packets according to whether they 569 are entering the AERO interface for the first time or if they are 570 being forwarded out the same AERO interface that they arrived on. 571 This latter form of encapsulation is known as "re-encapsulation". 573 AERO interfaces encapsulate packets per the specifications in 574 [RFC2473][RFC4213][RFC4301][RFC5246] except that the interface copies 575 the "Hop Limit", "Traffic Class" and "Congestion Experienced" values 576 in the packet's IPv6 header into the corresponding fields in the 577 encapsulation header. For packets undergoing re-encapsulation, the 578 AERO interface instead copies the "TTL/Hop Limit", "Type of Service/ 579 Traffic Class" and "Congestion Experienced" values in the original 580 encapsulation header into the corresponding fields in the new 581 encapsulation header (i.e., the values are transferred between 582 encapsulation headers and *not* copied from the encapsulated packet's 583 network-layer header). 585 When AERO UDP encapsulation is used, the AERO interface encapsulates 586 the packet per the specifications in [RFC2473][RFC4213] except that 587 it inserts a UDP header between the encapsulation header and IPv6 588 packet header. The AERO interface sets the UDP source port to a 589 constant value that it will use in each successive packet it sends, 590 sets the UDP checksum field to zero (see: [RFC6935][RFC6936]) and 591 sets the UDP length field to the length of the IPv6 packet plus 8 592 bytes for the UDP header itself. For packets sent via a Server, the 593 AERO interface sets the UDP destination port to 8060 (i.e., the IANA- 594 registered port number for AERO) when AERO-only encapsulation is 595 used. For packets sent to a neighboring Client, the AERO interface 596 sets the UDP destination port to the port value stored in the 597 neighbor cache entry for this neighbor. 599 The AERO interface next sets the IP protocol number in the 600 encapsulation header to the appropriate value for the first protocol 601 layer within the encapsulation (e.g., IPv6, UDP, IPsec, etc.). When 602 IPv6 is used as the encapsulation protocol, the interface then sets 603 the flow label value in the encapsulation header the same as 604 described in [RFC6438]. When IPv4 is used as the encapsulation 605 protocol, the AERO interface sets the DF bit as discussed in 606 Section 3.6. 608 AERO interfaces decapsulate packets destined either to the node 609 itself or to a destination reached via an interface other than the 610 receiving AERO interface. When AERO UDP encapsulation is used (i.e., 611 when a UDP header with destination port 8060 is present) the 612 interface examines the first octet of the encapsulated packet. If 613 the most significant four bits of the first octet encode the value 614 '0110' (i.e., the version number value for IPv6), the packet is 615 accepted and the encapsulating UDP header is discarded; otherwise, 616 the packet is discarded. 618 Further decapsulation then proceeds according to the appropriate 619 tunnel type [RFC2473][RFC4213][RFC4301][RFC5246]. 621 3.8. AERO Router Discovery, Prefix Delegation and Address Configuration 623 3.8.1. AERO Client Behavior 625 AERO Clients observe the IPv6 node requirements defined in [RFC6434]. 626 AERO Clients first discover the link-layer addresses of AERO Servers 627 via static configuration, or through an automated means such as DNS 628 name resolution. In the absence of other information, the Client 629 resolves the Fully-Qualified Domain Name (FQDN) 630 "linkupnetworks.domainname", where "domainname" is the DNS domain 631 appropriate for the Client's attached underlying network. The Client 632 then creates a neighbor cache entry with fe80:: as the link-local 633 address and the discovered addresses of one or more Servers as the 634 link-layer addresses. 636 Next, the Client acts as a requesting router to request an IPv6 637 prefix through DHCPv6 PD [RFC3633] via each AERO Server it wishes to 638 associate with using a temporary link-local address (see Section 3.3) 639 as the IPv6 source address and fe80:: as the IPv6 destination 640 address. The Client includes a DHCPv6 Unique Identifier (DUID) in 641 the Client Identifier option of its DHCPv6 messages 642 [RFC3315][RFC6355] and includes any additional authenticating 643 information necessary to authenticate itself to the DHCPv6 server. 644 If the Client is pre-provisioned with an IPv6 prefix associated with 645 the AERO service, it MAY also include the prefix in an IA_PD option 646 in its DHCPv6 Request to indicate its preferred prefix to the DHCPv6 647 server. The Client then sends the encapsulated DHCPv6 request via 648 one of its active underlying interfaces (i.e., the "primary" 649 underlying interface for DHCPv6 transactions). 651 After the Client receives its prefix delegation, it assigns the link- 652 local AERO address taken from the prefix to the AERO interface and 653 sub-delegates the prefix to nodes and links within its attached EUNs 654 (the AERO link-local address thereafter remains stable as the Client 655 moves). The Client also sets both the ACCEPT and FORWARD timers for 656 each Server to infinity, since the Client will remain with this 657 Server unless it explicitly terminates the association. The Client 658 further renews its prefix delegation via standard DHCPv6 procedures 659 by sending DHCPv6 Renew messages with its AERO address as the IPv6 660 source address, fe80:: as the IPv6 destination address and the same 661 DUID value in the Client Identifier option. 663 The Client then sends an RS message to each of its associated Servers 664 to receive an RA message with a default router lifetime and any other 665 link-specific parameters. When the Client receives an RA message, it 666 configures a default route according to the default router lifetime 667 but ignores any Prefix Information Options (PIOs) included in the RA 668 message since the AERO link is link-local-only. The Client further 669 ignores any RS messages it might receive, since only Servers may 670 process RS messages. 672 The Client then sends periodic RS messages to each Server (subject to 673 rate limiting) to obtain new RA messages for Neighbor Unreachability 674 Detection (NUD), to refresh any network state, and to update the 675 default router lifetime and any other link-specific parameters. (If 676 the Client has multiple active underlying interfaces, it sends 677 periodic RS messages over each underlying interface.) The Client can 678 also forward IPv6 packets destined to networks beyond its local EUNs 679 via a Server as an IPv6 default router. The Server may in turn 680 return a redirection message informing the Client of a neighbor on 681 the AERO link that is topologically closer to the final destination 682 as specified in Section 3.9. 684 Note that, since the Client's AERO address is configured from the 685 unique DHCPv6 prefix delegation it receives, there is no need for 686 Duplicate Address Detection (DAD) on AERO links. Other nodes 687 maliciously attempting to hijack an authorized Client's AERO address 688 will be denied due to an unacceptable link-layer address and/or 689 security parameters (see: Security Considerations). 691 3.8.2. AERO Server Behavior 693 AERO Servers observe the IPv6 router requirements defined in 694 [RFC6434] and further configure a DHCPv6 relay function on their AERO 695 links. When the AERO Server relays a Client's DHCPv6 PD messages to 696 the DHCPv6 server, it wraps each message in a "Relay-forward" message 697 per [RFC3315] and includes a DHCPv6 Interface Identifier option that 698 encodes a value that identifies the AERO link to the DHCPv6 server. 700 The Server then includes the Client's link-layer address in a DHCPv6 701 Client Link Layer Address Option (CLLAO) [RFC6939] with the link- 702 layer address format shown in Figure 1. The Server sets the CLLAO 703 'option-length' field to 22 (2 plus the length of the link-layer 704 address) and sets the 'link-layer type' field to TBD (see: IANA 705 Considerations). The Server finally includes a DHCPv6 Echo Request 706 Option (ERO) [RFC4994] that encodes the option code for the CLLAO in 707 a 'requested-option-code-n' field. The CLLAO information will 708 therefore subsequently be echoed back in the DHCPv6 Server's "Relay- 709 reply" message. 711 When the DHCPv6 server issues the IPv6 prefix delegation in a "Relay- 712 reply" message via the AERO Server (acting as a DHCPv6 relay), the 713 AERO Server obtains the Client's link-layer address from the echoed 714 CLLAO option and obtains the Client's delegated prefix from the 715 included IA_PD option. The Server then creates a neighbor cache 716 entry for the Client's AERO address with the Client's link-layer 717 address as the link-layer address for the neighbor cache entry. The 718 neighbor cache entry is created with both ACCEPT and FORWARD timers 719 set to infinity, since the Client will remain with this Server unless 720 it explicitly terminates the association. 722 The Server also configures an IPv6 forwarding table entry that lists 723 the Client's AERO address as the next hop toward the delegated IPv6 724 prefix with a lifetime derived from the DHCPv6 lease lifetime. The 725 Server finally injects the Client's prefix as an IPv6 route into the 726 inter-Server/Relay routing system (see: [IRON]) then relays the 727 DHCPv6 message to the Client while using fe80:: as the IPv6 source 728 address, the link-local address found in the "peer address" field of 729 the Relay-reply message as the IPv6 destination address, and the 730 Client's link-layer address as the destination link-layer address. 732 Servers respond to RS/NS messages from Clients on their AERO 733 interfaces by returning an RA/NA message. When the Server receives 734 an RS/NS message, it updates the neighbor cache entry using the 735 network-layer source address as the neighbor's network-layer address 736 and using the link-layer source address of the RS/NS message as the 737 neighbor's link-layer address. The Server SHOULD NOT include PIOs in 738 the RA messages it sends to Clients, since the Client will ignore any 739 such options. 741 Servers ignore any RA messages they may receive from a Client. 742 Servers MAY examine RA messages received from other Servers for 743 consistency verification purposes. 745 When the Server forwards a packet via the same AERO interface on 746 which it arrived, it initiates an AERO route optimization procedure 747 as specified in Section 3.9. 749 3.9. AERO Redirection 751 3.9.1. Reference Operational Scenario 753 Figure 2 depicts the AERO redirection reference operational scenario. 754 The figure shows an AERO Server('A'), two AERO Clients ('B', 'D') and 755 three ordinary IPv6 hosts ('C', 'E', 'F'): 757 .-(::::::::) 758 .-(::: IPv6 :::)-. +-------------+ 759 (:::: Internet ::::)--| Host F | 760 `-(::::::::::::)-' +-------------+ 761 `-(::::::)-' 2001:db8:2::1 762 | 763 +--------------+ 764 | AERO Server A| 765 | (C->B; E->D) | 766 +--------------+ 767 fe80:: 768 L2(A) 769 | 770 X-----+-----------+-----------+--------X 771 | AERO Link | 772 L2(B) L2(D) 773 fe80::2001:db8:0:0 fe80::2001:db8:1:0 .-. 774 +--------------+ +--------------+ ,-( _)-. 775 | AERO Client B| | AERO Client D| .-(_ IPv6 )-. 776 | (default->A) | | (default->A) |--(__ EUN ) 777 +--------------+ +--------------+ `-(______)-' 778 2001:DB8:0::/48 2001:DB8:1::/48 | 779 | 2001:db8:1::1 780 .-. +-------------+ 781 ,-( _)-. 2001:db8:0::1 | Host E | 782 .-(_ IPv6 )-. +-------------+ +-------------+ 783 (__ EUN )--| Host C | 784 `-(______)-' +-------------+ 786 Figure 2: AERO Reference Operational Scenario 788 In Figure 2, AERO Server ('A') connects to the AERO link and connects 789 to the IPv6 Internet, either directly or via an AERO Relay (not 790 shown). Server ('A') assigns the address fe80:: to its AERO 791 interface with link-layer address L2(A). Server ('A') next arranges 792 to add L2(A) to a published list of valid Servers for the AERO link. 794 AERO Client ('B') receives the IPv6 prefix 2001:db8:0::/48 in a 795 DHCPv6 PD exchange via AERO Server ('A') then assigns the address 796 fe80::2001:db8:0:0 to its AERO interface with link-layer address 797 L2(B). Client ('B') configures a default route and neighbor cache 798 entry via the AERO interface with next-hop address fe80:: and link- 799 layer address L2(A), then sub-delegates the prefix 2001:db8:0::/48 to 800 its attached EUNs. IPv6 host ('C') connects to the EUN, and 801 configures the address 2001:db8:0::1. 803 AERO Client ('D') receives the IPv6 prefix 2001:db8:1::/48 in a 804 DHCPv6 PD exchange via AERO Server ('A') then assigns the address 805 fe80::2001:db8:1:0 to its AERO interface with link-layer address 806 L2(D). Client ('D') configures a default route and neighbor cache 807 entry via the AERO interface with next-hop address fe80:: and link- 808 layer address L2(A), then sub-delegates the prefix 2001:db8:1::/48 to 809 its attached EUNs. IPv6 host ('E') connects to the EUN, and 810 configures the address 2001:db8:1::1. 812 Finally, IPv6 host ('F') connects to an IPv6 network outside of the 813 AERO link domain. Host ('F') configures its IPv6 interface in a 814 manner specific to its attached IPv6 link, and assigns the address 815 2001:db8:2::1 to its IPv6 link interface. 817 3.9.2. Classical Redirection Approaches 819 With reference to Figure 2, when the IPv6 source host ('C') sends a 820 packet to an IPv6 destination host ('E'), the packet is first 821 forwarded via the EUN to AERO Client ('B'). Client ('B') then 822 forwards the packet over its AERO interface to AERO Server ('A'), 823 which then re-encapsulates and forwards the packet to AERO Client 824 ('D'), where the packet is finally forwarded to the IPv6 destination 825 host ('E'). When Server ('A') re-encapsulates and forwards the 826 packet back out on its advertising AERO interface, it must arrange to 827 redirect Client ('B') toward Client ('D') as a better next-hop node 828 on the AERO link that is closer to the final destination. However, 829 this redirection process applied to AERO interfaces must be more 830 carefully orchestrated than on ordinary links since the parties may 831 be separated by potentially many underlying network routing hops. 833 Consider a first alternative in which Server ('A') informs Client 834 ('B') only and does not inform Client ('D') (i.e., "classical 835 redirection"). In that case, Client ('D') has no way of knowing that 836 Client ('B') is authorized to forward packets from the claimed source 837 address, and it may simply elect to drop the packets. Also, Client 838 ('B') has no way of knowing whether Client ('D') is performing some 839 form of source address filtering that would reject packets arriving 840 from a node other than a trusted default router, nor whether Client 841 ('D') is even reachable via a direct path that does not involve 842 Server ('A'). 844 Consider a second alternative in which Server ('A') informs both 845 Client ('B') and Client ('D') separately, via independent redirection 846 control messages (i.e., "augmented redirection"). In that case, if 847 Client ('B') receives the redirection control message but Client 848 ('D') does not, subsequent packets sent by Client ('B') could be 849 dropped due to filtering since Client ('D') would not have a route to 850 verify the claimed source address. Also, if Client ('D') receives 851 the redirection control message but Client ('B') does not, subsequent 852 packets sent in the reverse direction by Client ('D') would be lost. 854 Since both of these alternatives have shortcomings, a new redirection 855 technique (i.e., "AERO redirection") is needed. 857 3.9.3. Concept of Operations 859 Again, with reference to Figure 2, when source host ('C') sends a 860 packet to destination host ('E'), the packet is first forwarded over 861 the source host's attached EUN to Client ('B'), which then forwards 862 the packet via its AERO interface to Server ('A'). 864 Server ('A') then re-encapsulates and forwards the packet out the 865 same AERO interface toward Client ('D') and also sends an AERO 866 "Predirect" message forward to Client ('D') as specified in 867 Section 3.9.5. The Predirect message includes Client ('B')'s 868 network- and link-layer addresses as well as information that Client 869 ('D') can use to determine the IPv6 prefix used by Client ('B') . 870 After Client ('D') receives the Predirect message, it process the 871 message and returns an AERO Redirect message destined for Client 872 ('B') via Server ('A') as specified in Section 3.9.6. During the 873 process, Client ('D') also creates or updates a neighbor cache entry 874 for Client ('B') and creates an IPv6 forwarding table entry for 875 Client ('B')'s IPv6 prefix. 877 When Server ('A') receives the Redirect message, it re-encapsulates 878 the message and forwards it on to Client ('B') as specified in 879 Section 3.9.7. The message includes Client ('D')'s network- and 880 link-layer addresses as well as information that Client ('B') can use 881 to determine the IPv6 prefix used by Client ('D'). After Client 882 ('B') receives the Redirect message, it processes the message as 883 specified in Section 3.9.8. During the process, Client ('B') also 884 creates or updates a neighbor cache entry for Client ('D') and 885 creates an IPv6 forwarding table entry for Client ('D')'s IPv6 886 prefix. 888 Following the above Predirect/Redirect message exchange, forwarding 889 of packets from Client ('B') to Client ('D') without involving Server 890 ('A) as an intermediary is enabled. The mechanisms that support this 891 exchange are specified in the following sections. 893 3.9.4. Message Format 895 AERO Redirect/Predirect messages use the same format as for ICMPv6 896 Redirect messages depicted in Section 4.5 of [RFC4861], but also 897 include a new "Prefix Length" field taken from the low-order 8 bits 898 of the Redirect message Reserved field (valid values for the Prefix 899 Length field are 0 through 64). The Redirect/Predirect messages are 900 formatted as shown in Figure 3: 902 0 1 2 3 903 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 904 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 905 | Type (=137) | Code (=0/1) | Checksum | 906 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 907 | Reserved | Prefix Length | 908 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 909 | | 910 + + 911 | | 912 + Target Address + 913 | | 914 + + 915 | | 916 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 917 | | 918 + + 919 | | 920 + Destination Address + 921 | | 922 + + 923 | | 924 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 925 | Options ... 926 +-+-+-+-+-+-+-+-+-+-+-+- 928 Figure 3: AERO Redirect/Predirect Message Format 930 3.9.5. Sending Predirects 932 When a Server forwards a packet out the same AERO interface that it 933 arrived on, the Server sends a Predirect message forward toward the 934 AERO Client nearest the destination instead of sending a Redirect 935 message back to the Client nearest the source. 937 In the reference operational scenario, when Server ('A') forwards a 938 packet sent by Client ('B') toward Client ('D'), it also sends a 939 Predirect message forward toward Client ('D'), subject to rate 940 limiting (see Section 8.2 of [RFC4861]). Server ('A') prepares the 941 Predirect message as follows: 943 o the link-layer source address is set to 'L2(A)' (i.e., the 944 underlying address of Server ('A')). 946 o the link-layer destination address is set to 'L2(D)' (i.e., the 947 underlying address of Client ('D')). 949 o the network-layer source address is set to fe80:: (i.e., the link- 950 local address of Server ('A')). 952 o the network-layer destination address is set to fe80::2001:db8:1:0 953 (i.e., the AERO address of Client ('D')). 955 o the Type is set to 137. 957 o the Code is set to 1 to indicate "Predirect". 959 o the Prefix Length is set to the length of the prefix to be applied 960 to Target address. 962 o the Target Address is set to fe80::2001:db8:0::0 (i.e., the AERO 963 address of Client ('B')). 965 o the Destination Address is set to the IPv6 source address of the 966 packet that triggered the Predirection event. 968 o the message includes one or more TLLAOs set to 'L2(B)' and any 969 other underlying address(es) of Client ('B'). 971 o the message includes a Redirected Header Option (RHO) that 972 contains the originating packet truncated to ensure that at least 973 the network-layer header is included but the size of the message 974 does not exceed 1280 bytes. 976 Server ('A') then sends the message forward to Client ('D'). 978 3.9.6. Processing Predirects and Sending Redirects 980 When Client ('D') receives a Predirect message, it accepts the 981 message only if the message has a link-layer source address of the 982 Server, i.e. 'L2(A)'. Client ('D') further accepts the message only 983 if it is willing to serve as a redirection target. Next, Client 984 ('D') validates the message according to the ICMPv6 Redirect message 985 validation rules in Section 8.1 of [RFC4861]. 987 In the reference operational scenario, when Client ('D') receives a 988 valid Predirect message, it either creates or updates a neighbor 989 cache entry that stores the Target Address of the message as the 990 network-layer address of Client ('B') and stores the link-layer 991 address(es) found in the TLLAO(s) as the link-layer address(es) of 992 Client ('B'). Client ('D') then sets the neighbor cache entry ACCEPT 993 timer with timeout value ACCEPT_TIME. Next, Client ('D') applies the 994 Prefix Length to the Interface Identifier portion of the Target 995 Address and records the resulting IPv6 prefix in its IPv6 forwarding 996 table. 998 After processing the message, Client ('D') prepares a Redirect 999 message response as follows: 1001 o the link-layer source address is set to 'L2(D)' (i.e., the link- 1002 layer address of Client ('D')). 1004 o the link-layer destination address is set to 'L2(A)' (i.e., the 1005 link-layer address of Server ('A')). 1007 o the network-layer source address is set to 'L3(D)' (i.e., the AERO 1008 address of Client ('D')). 1010 o the network-layer destination address is set to 'L3(B)' (i.e., the 1011 AERO address of Client ('B')). 1013 o the Type is set to 137. 1015 o the Code is set to 0 to indicate "Redirect". 1017 o the Prefix Length is set to the length of the prefix to be applied 1018 to the Target and Destination address. 1020 o the Target Address is set to fe80::2001:db8:1::1 (i.e., the AERO 1021 address of Client ('D')). 1023 o the Destination Address is set to the IPv6 destination address of 1024 the packet that triggered the Redirection event. 1026 o the message includes one or more TLLAOs with UDP port number and 1027 IP address set to '0' and with Link ID and Preference values set 1028 to the appropriate values for the underlying interfaces Client 1029 ('D') wishes to enable for accepting encapsulated packets from 1030 Client ('B'). 1032 o the message includes as much of the RHO copied from the 1033 corresponding AERO Predirect message as possible such that at 1034 least the network-layer header is included but the size of the 1035 message does not exceed 1280 bytes. 1037 After Client ('D') prepares the Redirect message, it sends the 1038 message to Server ('A'). 1040 3.9.7. Re-encapsulating and Relaying Redirects 1042 When Server ('A') receives a Redirect message from Client ('D'), it 1043 accepts the message only if it has a neighbor cache entry that 1044 associates the message's link-layer source address with the network- 1045 layer source address. Next, Server ('A') validates the message 1046 according to the ICMPv6 Redirect message validation rules in 1047 Section 8.1 of [RFC4861] and also verifies that Client ('D') is 1048 authorized to use the Prefix Length in the Redirect message when 1049 applied to the AERO address in the network-layer source of the 1050 Redirect message. If validation fails, Server ('A') discards the 1051 message; otherwise, it copies the correct UDP port numbers and IP 1052 addresses into the TLLAOs supplied by Client ('D') according to the 1053 Link ID in each TLLAO. 1055 Server ('A') then re-encapsulates the Redirect and relays it on to 1056 Client ('B') by changing the link-layer source address of the message 1057 to 'L2(A)', changing the network-layer source address of the message 1058 to fe80::, and changing the link-layer destination address to 'L2(B)' 1059 . Server ('A') finally forwards the re-encapsulated message to the 1060 ingress node ('B') without decrementing the network-layer IPv6 header 1061 Hop Limit field. 1063 While not shown in Figure 2, AERO Relays relay Redirect and Predirect 1064 messages in exactly this same fashion described above. See Figure 4 1065 in Appendix A for an extension of the reference operational scenario 1066 that includes Relays. 1068 3.9.8. Processing Redirects 1070 When Client ('B') receives the Redirect message, it accepts the 1071 message only if it has a link-layer source address of the Server, 1072 i.e. 'L2(A)'. Next, Client ('B') validates the message according to 1073 the ICMPv6 Redirect message validation rules in Section 8.1 of 1074 [RFC4861]. Following validation, Client ('B') then processes the 1075 message as follows. 1077 In the reference operational scenario, when Client ('B') receives the 1078 Redirect message, it either creates or updates a neighbor cache entry 1079 that stores the Target Address of the message as the network-layer 1080 address of Client ('D') and stores the link-layer address(es) found 1081 in the TLLAO(s) as the link-layer address(es) of Client ('D'). 1082 Client ('D') then sets the neighbor cache entry FORWARD timer with 1083 timeout value FORWARD_TIME. Next, Client ('B') applies the Prefix 1084 Length to the Interface Identifier portion of the Target Address and 1085 records the resulting IPv6 prefix in its IPv6 forwarding table. 1087 Now, Client ('B') has an IPv6 forwarding table entry for 1088 Client('D')'s prefix and a neighbor cache entry with a valid FORWARD 1089 time, while Client ('D') has an IPv6 forwarding table entry for 1090 Client ('B')'s prefix with a valid ACCEPT time. Thereafter, Client 1091 ('B') may forward ordinary network-layer data packets directly to 1092 Client ("D") without involving Server ('A') and Client ('D') can 1093 verify that the packets came from an acceptable source. (In order 1094 for Client ('D') to forward packets to Client ('B') a corresponding 1095 Predirect/Redirect message exchange is required in the reverse 1096 direction.) 1098 3.10. Neighbor Reachability Maintenance 1100 AERO nodes send unicast NS messages to elicit NA messages from 1101 neighbors the same as described for Neighbor Unreachability Detection 1102 (NUD) in [RFC4861]. When an AERO node sends an NS/NA message, it 1103 MUST use its AERO address as the IPv6 source address and the AERO 1104 address of the neighbor as the IPv6 destination address. When an 1105 AERO node receives an NS/NA message, it accepts the message if it has 1106 a neighbor cache entry for the neighbor; otherwise, it ignores the 1107 message. 1109 When a source Client is redirected to a target Client it SHOULD test 1110 the direct path to the target by sending an initial NS message to 1111 elicit a solicited NA response. While testing the path, the source 1112 Client SHOULD continue sending packets via the Server until target 1113 Client reachability has been confirmed. The source Client SHOULD 1114 thereafter continue to test the direct path to the target Client (see 1115 Section 7.3 of [RFC4861]) in order to keep neighbor cache entries 1116 alive. In particular, the source Client sends NS messages to the 1117 target Client subject to rate limiting in order to receive solicited 1118 NA messages. If at any time the direct path over all underlying 1119 interfaces appears to be failing, the source Client can resume 1120 sending packets via the Server which may or may not result in a new 1121 redirection event. 1123 When a target Client receives an NS message from a source Client, it 1124 resets the ACCEPT timer to ACCEPT_TIME if a neighbor cache entry 1125 exists; otherwise, it discards the NS message. 1127 When a source Client receives a solicited NA message from a target 1128 Client, it resets the FORWARD timer to FORWARD_TIME if a neighbor 1129 cache entry exists; otherwise, it discards the NA message. 1131 When the FORWARD timer on a neighbor cache entry expires, the source 1132 Client resumes sending any subsequent packets via the Server and may 1133 (eventually) receive a new Redirect message. When the ACCEPT timer 1134 on a neighbor cache entry expires, the target Client discards any 1135 subsequent packets received directly from the source Client. When 1136 both the FORWARD and ACCEPT timers on a neighbor cache entry expire, 1137 the Client deletes both the neighbor cache entry and the 1138 corresponding IPv6 forwarding table entry. 1140 If the source Client is unable to elicit an NA response from the 1141 target Client after MAX_RETRY attempts, it SHOULD consider the direct 1142 path unusable for forwarding purposes. Otherwise, the source Client 1143 considers the path usable and SHOULD thereafter process any link- 1144 layer errors as a hint that the direct path to the target Client has 1145 either failed or has become intermittent. 1147 3.11. Mobility and Link-Layer Address Change Considerations 1149 When a Client needs to change one of its link-layer addresses (e.g., 1150 due to a mobility event), it sends an immediate NS message to each of 1151 its active neighbors (including the Server) using the new link-layer 1152 address as the encapsulation source address and with the correct Link 1153 ID and Preference values in the SLLAO. The Client processes any NA 1154 messages returned as an indication that the neighbor has received the 1155 update and is ready to accept encapsulated packets with the new link- 1156 layer address. 1158 When a Client needs to associate with a new Server, it issues a new 1159 DHCPv6 Request message via the new Server as the DHCPv6 relay. The 1160 new Server then relays the message to the DHCPv6 server and processes 1161 the resulting exchange. After the Client receives the resulting 1162 DHCPv6 Reply message, it sends an RS message to the new Server to 1163 receive a new RA message and update its neighbor cache entry for 1164 fe80::. 1166 When a Client disassociates with an existing Server, it sends a 1167 "terminating RS" message to the old Server. The terminating RS 1168 message is prepared exactly the same as for an ordinary RS message, 1169 except that the Code field contains the value '1'. When the old 1170 Server receives the terminating RS message, it withdraws the IPv6 1171 route from the routing system and deletes the neighbor cache entry 1172 and IPv6 forwarding table entry for the Client. The old Server then 1173 returns an RA message with default router lifetime set to 0 which the 1174 Client can use to verify that the termination signal has been 1175 processed. The client then deletes both the default route and the 1176 neighbor cache entry for the old Server. (Note that the Client and 1177 the old Server MAY impose a small delay before deleting the neighbor 1178 cache and IPv6 forwarding table entries so that any packets already 1179 in the system can still be delivered to the Client.) 1181 An alternative to sending a "terminating RS" message would be for the 1182 Client to somehow perform a DHCPv6 exchange with the DHCPv6 relay 1183 function on the old AERO Server but without involving the DHCPv6 1184 server. This would be insecure because the Client only has a DHCPv6 1185 security association with the DHCPv6 server and not the DHCPv6 relay. 1186 Conversely, the Client and Server already require an authentic 1187 exchange of IPv6 Neighbor Discovery messages. 1189 3.12. Encapsulation Protocol Version Considerations 1191 A source Client may connect only to an IPvX underlying network, while 1192 the target Client connects only to an IPvY underlying network. In 1193 that case, the target and source Clients have no means for reaching 1194 each other directly (since they connect to underlying networks of 1195 different IP protocol versions) and so must ignore any redirection 1196 messages and continue to send packets via the Server. 1198 3.13. Multicast Considerations 1200 When the underlying network does not support multicast, AERO nodes 1201 map IPv6 link-scoped multicast addresses (including 1202 "All_DHCP_Relay_Agents_and_Servers") to the underlying IP address of 1203 a Server. 1205 When the underlying network supports multicast, AERO nodes use the 1206 multicast address mapping specification found in [RFC2529] for IPv4 1207 underlying networks and use a direct multicast mapping for IPv6 1208 underlying networks. (In the latter case, "direct multicast mapping" 1209 means that if the IPv6 multicast destination address of the 1210 encapsulated packet is "M", then the IPv6 multicast destination 1211 address of the encapsulating header is also "M".) 1213 3.14. Operation on AERO Links Without DHCPv6 Services 1215 When the AERO link does not provide DHCPv6 services, operation can 1216 still be accommodated through administrative configuration of 1217 prefixes on AERO Clients. In that case, administrative 1218 configurations of IPv6 routes and AERO interface neighbor cache 1219 entries on both the Server and Client are also necessary. However, 1220 this may preclude the ability for Clients to dynamically change to 1221 new Servers, and can expose the AERO link to misconfigurations unless 1222 the administrative configurations are carefully coordinated. 1224 3.15. Operation on Server-less AERO Links 1226 In some AERO link scenarios, there may be no Servers on the link and/ 1227 or no need for Clients to use a Server as an intermediary trust 1228 anchor. In that case, each Client can then act as its own Server to 1229 establish neighbor cache entries and IPv6 forwarding table entries by 1230 performing direct Client-to-Client Predirect/Redirect exchanges, and 1231 some other form of trust basis must be applied so that each Client 1232 can verify that the prospective neighbor is authorized to use its 1233 claimed prefix. 1235 When there is no Server on the link, Clients must arrange to receive 1236 prefix delegations and publish the delegations via a secure alternate 1237 prefix delegation authority through some means outside the scope of 1238 this document. 1240 3.16. Other Considerations 1242 IPv6 hosts serviced by an AERO Client can reach IPv4-only services 1243 via a NAT64 gateway [RFC6146] within the IPv6 network. 1245 AERO nodes can use the Default Address Selection Policy with DHCPv6 1246 option [RFC7078] the same as on any IPv6 link. 1248 All other (non-multicast) functions that operate over ordinary IPv6 1249 links operate in the same fashion over AERO links. 1251 4. Implementation Status 1253 An application-layer implementation is in progress. 1255 5. IANA Considerations 1257 The IANA is instructed to assign a new 2-octet Hardware Type number 1258 for AERO in the "arp-parameters" registry per Section 2 of [RFC5494]. 1259 The number is assigned from the 2-octet Unassigned range with 1260 Hardware Type "AERO" and with this document as the reference. 1262 6. Security Considerations 1264 AERO link security considerations are the same as for standard IPv6 1265 Neighbor Discovery [RFC4861] except that AERO improves on some 1266 aspects. In particular, AERO is dependent on a trust basis between 1267 Clients and Servers, where the Clients only engage in the AERO 1268 mechanism when it is facilitated by a trust anchor. 1270 AERO links must be protected against link-layer address spoofing 1271 attacks in which an attacker on the link pretends to be a trusted 1272 neighbor. Links that provide link-layer securing mechanisms (e.g., 1273 WiFi networks) and links that provide physical security (e.g., 1274 enterprise network wired LANs) provide a first line of defense that 1275 is often sufficient. In other instances, additional securing 1276 mechanisms such as Secure Neighbor Discovery (SeND) [RFC3971], IPsec 1277 [RFC4301] or TLS [RFC5246] may be necessary. 1279 AERO Clients MUST ensure that their connectivity is not used by 1280 unauthorized nodes on EUNs to gain access to a protected network, 1281 i.e., AERO Clients that act as IPv6 routers MUST NOT provide routing 1282 services for unauthorized nodes. (This concern is no different than 1283 for ordinary hosts that receive an IP address delegation but then 1284 "share" the address with unauthorized nodes via an IPv6/IPv6 NAT 1285 function.) 1287 On some AERO links, establishment and maintenance of a direct path 1288 between neighbors requires secured coordination such as through the 1289 Internet Key Exchange (IKEv2) protocol [RFC5996] to establish a 1290 security association. 1292 7. Acknowledgements 1294 Discussions both on IETF lists and in private exchanges helped shape 1295 some of the concepts in this work. Individuals who contributed 1296 insights include Mikael Abrahamsson, Fred Baker, Stewart Bryant, 1297 Brian Carpenter, Wojciech Dec, Brian Haberman, Joel Halpern, Sascha 1298 Hlusiak, Lee Howard, Joe Touch and Bernie Volz. Members of the IESG 1299 also provided valuable input during their review process that greatly 1300 improved the document. Special thanks go to Stewart Bryant, Joel 1301 Halpern and Brian Haberman for their shepherding guidance. 1303 This work has further been encouraged and supported by Boeing 1304 colleagues including Keith Bartley, Dave Bernhardt, Cam Brodie, 1305 Balaguruna Chidambaram, Wen Fang, Anthony Gregory, Jeff Holland, Ed 1306 King, Gen MacLean, Kent Shuey, Mike Slane, Julie Wulff, Yueli Yang, 1307 and other members of the BR&T and BIT mobile networking teams. 1309 Earlier works on NBMA tunneling approaches are found in 1310 [RFC2529][RFC5214][RFC5569]. 1312 8. References 1314 8.1. Normative References 1316 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, 1317 August 1980. 1319 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1320 1981. 1322 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 1323 RFC 792, September 1981. 1325 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1326 Requirement Levels", BCP 14, RFC 2119, March 1997. 1328 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1329 (IPv6) Specification", RFC 2460, December 1998. 1331 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 1332 IPv6 Specification", RFC 2473, December 1998. 1334 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 1335 and M. Carney, "Dynamic Host Configuration Protocol for 1336 IPv6 (DHCPv6)", RFC 3315, July 2003. 1338 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 1339 Host Configuration Protocol (DHCP) version 6", RFC 3633, 1340 December 2003. 1342 [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure 1343 Neighbor Discovery (SEND)", RFC 3971, March 2005. 1345 [RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms 1346 for IPv6 Hosts and Routers", RFC 4213, October 2005. 1348 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 1349 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 1350 September 2007. 1352 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 1353 Address Autoconfiguration", RFC 4862, September 2007. 1355 [RFC6434] Jankiewicz, E., Loughney, J., and T. Narten, "IPv6 Node 1356 Requirements", RFC 6434, December 2011. 1358 8.2. Informative References 1360 [IRON] Templin, F., "The Internet Routing Overlay Network 1361 (IRON)", Work in Progress, June 2012. 1363 [RFC0879] Postel, J., "TCP maximum segment size and related topics", 1364 RFC 879, November 1983. 1366 [RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4 1367 Domains without Explicit Tunnels", RFC 2529, March 1999. 1369 [RFC2675] Borman, D., Deering, S., and R. Hinden, "IPv6 Jumbograms", 1370 RFC 2675, August 1999. 1372 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 1373 Architecture", RFC 4291, February 2006. 1375 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1376 Internet Protocol", RFC 4301, December 2005. 1378 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 1379 Discovery", RFC 4821, March 2007. 1381 [RFC4963] Heffner, J., Mathis, M., and B. Chandler, "IPv4 Reassembly 1382 Errors at High Data Rates", RFC 4963, July 2007. 1384 [RFC4994] Zeng, S., Volz, B., Kinnear, K., and J. Brzozowski, 1385 "DHCPv6 Relay Agent Echo Request Option", RFC 4994, 1386 September 2007. 1388 [RFC5214] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site 1389 Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214, 1390 March 2008. 1392 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1393 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 1395 [RFC5494] Arkko, J. and C. Pignataro, "IANA Allocation Guidelines 1396 for the Address Resolution Protocol (ARP)", RFC 5494, 1397 April 2009. 1399 [RFC5522] Eddy, W., Ivancic, W., and T. Davis, "Network Mobility 1400 Route Optimization Requirements for Operational Use in 1401 Aeronautics and Space Exploration Mobile Networks", RFC 1402 5522, October 2009. 1404 [RFC5569] Despres, R., "IPv6 Rapid Deployment on IPv4 1405 Infrastructures (6rd)", RFC 5569, January 2010. 1407 [RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, 1408 "Internet Key Exchange Protocol Version 2 (IKEv2)", RFC 1409 5996, September 2010. 1411 [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful 1412 NAT64: Network Address and Protocol Translation from IPv6 1413 Clients to IPv4 Servers", RFC 6146, April 2011. 1415 [RFC6204] Singh, H., Beebee, W., Donley, C., Stark, B., and O. 1416 Troan, "Basic Requirements for IPv6 Customer Edge 1417 Routers", RFC 6204, April 2011. 1419 [RFC6355] Narten, T. and J. Johnson, "Definition of the UUID-Based 1420 DHCPv6 Unique Identifier (DUID-UUID)", RFC 6355, August 1421 2011. 1423 [RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label 1424 for Equal Cost Multipath Routing and Link Aggregation in 1425 Tunnels", RFC 6438, November 2011. 1427 [RFC6691] Borman, D., "TCP Options and Maximum Segment Size (MSS)", 1428 RFC 6691, July 2012. 1430 [RFC6706] Templin, F., "Asymmetric Extended Route Optimization 1431 (AERO)", RFC 6706, August 2012. 1433 [RFC6864] Touch, J., "Updated Specification of the IPv4 ID Field", 1434 RFC 6864, February 2013. 1436 [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and 1437 UDP Checksums for Tunneled Packets", RFC 6935, April 2013. 1439 [RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement 1440 for the Use of IPv6 UDP Datagrams with Zero Checksums", 1441 RFC 6936, April 2013. 1443 [RFC6939] Halwasia, G., Bhandari, S., and W. Dec, "Client Link-Layer 1444 Address Option in DHCPv6", RFC 6939, May 2013. 1446 [RFC6980] Gont, F., "Security Implications of IPv6 Fragmentation 1447 with IPv6 Neighbor Discovery", RFC 6980, August 2013. 1449 [RFC7078] Matsumoto, A., Fujisaki, T., and T. Chown, "Distributing 1450 Address Selection Policy Using DHCPv6", RFC 7078, January 1451 2014. 1453 Appendix A. AERO Server and Relay Interworking 1455 Figure 2 depicts a reference AERO operational scenario with a single 1456 Server on the AERO link. In order to support scaling to larger 1457 numbers of nodes, the AERO link can deploy multiple Servers and 1458 Relays, e.g., as shown in Figure 4. 1460 .-(::::::::) 1461 .-(::: IPv6 :::)-. 1462 (:: Internetwork ::) 1463 `-(::::::::::::)-' 1464 `-(::::::)-' 1465 | 1466 +--------------+ +------+-------+ +--------------+ 1467 |AERO Server C | | AERO Relay D | |AERO Server E | 1468 | (default->D) | | (A->C; G->E) | | (default->D) | 1469 | (A->B) | +-------+------+ | (G->F) | 1470 +-------+------+ | +------+-------+ 1471 | | | 1472 X---+---+-------------------+------------------+---+---X 1473 | AERO Link | 1474 +-----+--------+ +--------+-----+ 1475 |AERO Client B | |AERO Client F | 1476 | (default->C) | | (default->E) | 1477 +--------------+ +--------------+ 1478 .-. .-. 1479 ,-( _)-. ,-( _)-. 1480 .-(_ IPv6 )-. .-(_ IPv6 )-. 1481 (__ EUN ) (__ EUN ) 1482 `-(______)-' `-(______)-' 1483 | | 1484 +--------+ +--------+ 1485 | Host A | | Host G | 1486 +--------+ +--------+ 1488 Figure 4: AERO Server/Relay Interworking 1490 In this example, Client ('B') associates with Server ('C'), while 1491 Client ('F') associates with Server ('E'). Furthermore, Servers 1492 ('C') and ('E') do not associate with each other directly, but rather 1493 have an association with Relay ('D') (i.e., a router that has full 1494 topology information concerning its associated Servers and their 1495 Clients). Relay ('D') connects to the AERO link, and also connects 1496 to the native IPv6 Internetwork. 1498 When host ('A') sends a packet toward destination host ('G'), IPv6 1499 forwarding directs the packet through the EUN to Client ('B'), which 1500 forwards the packet to Server ('C') in absence of more-specific 1501 forwarding information. Server ('C') forwards the packet, and it 1502 also generates an AERO Predirect message that is then forwarded 1503 through Relay ('D') to Server ('E'). When Server ('E') receives the 1504 message, it forwards the message to Client ('F'). 1506 After processing the AERO Predirect message, Client ('F') sends an 1507 AERO Redirect message to Server ('E'). Server ('E'), in turn, 1508 forwards the message through Relay ('D') to Server ('C'). When 1509 Server ('C') receives the message, it forwards the message to Client 1510 ('B') informing it that host 'G's EUN can be reached via Client 1511 ('F'), thus completing the AERO redirection. 1513 The network layer routing information shared between Servers and 1514 Relays must be carefully coordinated in a manner outside the scope of 1515 this document. In particular, Relays require full topology 1516 information, while individual Servers only require partial topology 1517 information (i.e., they only need to know the EUN prefixes associated 1518 with their current set of Clients). See [IRON] for an architectural 1519 discussion of routing coordination between Relays and Servers. 1521 Author's Address 1523 Fred L. Templin (editor) 1524 Boeing Research & Technology 1525 P.O. Box 3707 1526 Seattle, WA 98124 1527 USA 1529 Email: fltemplin@acm.org