idnits 2.17.1 draft-templin-aerolink-31.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == The 'Obsoletes: ' line in the draft header should list only the _numbers_ of the RFCs which will be obsoleted by this document (if approved); it should not include the word 'RFC' in the list. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 15, 2014) is 3542 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC0768' is defined on line 1647, but no explicit reference was found in the text == Unused Reference: 'RFC0792' is defined on line 1653, but no explicit reference was found in the text == Unused Reference: 'RFC2460' is defined on line 1662, but no explicit reference was found in the text == Unused Reference: 'RFC4862' is defined on line 1686, but no explicit reference was found in the text == Unused Reference: 'RFC6434' is defined on line 1689, but no explicit reference was found in the text == Unused Reference: 'RFC0879' is defined on line 1694, but no explicit reference was found in the text == Unused Reference: 'RFC4994' is defined on line 1722, but no explicit reference was found in the text == Unused Reference: 'RFC5494' is defined on line 1733, but no explicit reference was found in the text == Unused Reference: 'RFC6146' is defined on line 1749, but no explicit reference was found in the text == Unused Reference: 'RFC6204' is defined on line 1753, but no explicit reference was found in the text == Unused Reference: 'RFC6691' is defined on line 1765, but no explicit reference was found in the text == Unused Reference: 'RFC6706' is defined on line 1768, but no explicit reference was found in the text == Unused Reference: 'RFC6939' is defined on line 1781, but no explicit reference was found in the text == Unused Reference: 'RFC6980' is defined on line 1784, but no explicit reference was found in the text == Unused Reference: 'RFC7078' is defined on line 1787, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 3315 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 3633 (Obsoleted by RFC 8415) ** Obsolete normative reference: RFC 6434 (Obsoleted by RFC 8504) -- Obsolete informational reference (is this intentional?): RFC 879 (Obsoleted by RFC 7805, RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 5246 (Obsoleted by RFC 8446) -- Obsolete informational reference (is this intentional?): RFC 5996 (Obsoleted by RFC 7296) -- Obsolete informational reference (is this intentional?): RFC 6204 (Obsoleted by RFC 7084) -- Obsolete informational reference (is this intentional?): RFC 6691 (Obsoleted by RFC 9293) Summary: 4 errors (**), 0 flaws (~~), 17 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group F. Templin, Ed. 3 Internet-Draft Boeing Research & Technology 4 Obsoletes: rfc6706 (if approved) August 15, 2014 5 Intended status: Standards Track 6 Expires: February 16, 2015 8 Transmission of IP Packets over AERO Links 9 draft-templin-aerolink-31.txt 11 Abstract 13 This document specifies the operation of IP over tunnel virtual links 14 using Asymmetric Extended Route Optimization (AERO). Nodes attached 15 to AERO links can exchange packets via trusted intermediate routers 16 that provide forwarding services to reach off-link destinations and 17 redirection services for route optimization. AERO provides an IPv6 18 link-local address format known as the AERO address that supports 19 operation of the IPv6 Neighbor Discovery (ND) protocol and links IPv6 20 ND to IP forwarding. Admission control and provisioning are 21 supported by the Dynamic Host Configuration Protocol for IPv6 22 (DHCPv6), and node mobility is naturally supported through dynamic 23 neighbor cache updates. Although DHCPv6 and IPv6 ND messaging is 24 used in the control plane, both IPv4 and IPv6 are supported in the 25 data plane. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at http://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on February 16, 2015. 44 Copyright Notice 46 Copyright (c) 2014 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 62 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 3. Asymmetric Extended Route Optimization (AERO) . . . . . . . . 5 64 3.1. AERO Link Reference Model . . . . . . . . . . . . . . . . 5 65 3.2. AERO Node Types . . . . . . . . . . . . . . . . . . . . . 7 66 3.3. AERO Addresses . . . . . . . . . . . . . . . . . . . . . 8 67 3.4. AERO Interface Characteristics . . . . . . . . . . . . . 9 68 3.4.1. Coordination of Multiple Underlying Interfaces . . . 11 69 3.5. AERO Interface Neighbor Cache Maintenace . . . . . . . . 12 70 3.6. AERO Interface Sending Algorithm . . . . . . . . . . . . 13 71 3.7. AERO Interface Encapsulation, Re-encapsulation and 72 Decapsulation . . . . . . . . . . . . . . . . . . . . . . 15 73 3.8. AERO Interface Data Origin Authentication . . . . . . . . 16 74 3.9. AERO Interface MTU Considerations . . . . . . . . . . . . 16 75 3.10. AERO Router Discovery, Prefix Delegation and Address 76 Configuration . . . . . . . . . . . . . . . . . . . . . . 18 77 3.10.1. AERO DHCPv6 Service Model . . . . . . . . . . . . . 18 78 3.10.2. AERO Client Behavior . . . . . . . . . . . . . . . . 19 79 3.10.3. AERO Server Behavior . . . . . . . . . . . . . . . . 20 80 3.11. AERO Relay/Server Routing System . . . . . . . . . . . . 22 81 3.12. AERO Redirection . . . . . . . . . . . . . . . . . . . . 22 82 3.12.1. Reference Operational Scenario . . . . . . . . . . . 22 83 3.12.2. Concept of Operations . . . . . . . . . . . . . . . 24 84 3.12.3. Message Format . . . . . . . . . . . . . . . . . . . 24 85 3.12.4. Sending Predirects . . . . . . . . . . . . . . . . . 25 86 3.12.5. Re-encapsulating and Relaying Predirects . . . . . . 26 87 3.12.6. Processing Predirects and Sending Redirects . . . . 27 88 3.12.7. Re-encapsulating and Relaying Redirects . . . . . . 29 89 3.12.8. Processing Redirects . . . . . . . . . . . . . . . . 29 90 3.12.9. Server-Oriented Redirection . . . . . . . . . . . . 30 91 3.13. Neighbor Unreachability Detection (NUD) . . . . . . . . . 30 92 3.14. Mobility Management . . . . . . . . . . . . . . . . . . . 31 93 3.14.1. Announcing Link-Layer Address Changes . . . . . . . 31 94 3.14.2. Moving to a New Server . . . . . . . . . . . . . . . 33 95 3.15. Encapsulation Protocol Version Considerations . . . . . . 33 96 3.16. Multicast Considerations . . . . . . . . . . . . . . . . 33 97 3.17. Operation on AERO Links Without DHCPv6 Services . . . . . 34 98 3.18. Operation on Server-less AERO Links . . . . . . . . . . . 34 99 4. Implementation Status . . . . . . . . . . . . . . . . . . . . 34 100 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 101 6. Security Considerations . . . . . . . . . . . . . . . . . . . 34 102 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 35 103 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 36 104 8.1. Normative References . . . . . . . . . . . . . . . . . . 36 105 8.2. Informative References . . . . . . . . . . . . . . . . . 37 106 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 39 108 1. Introduction 110 This document specifies the operation of IP over tunnel virtual links 111 using Asymmetric Extended Route Optimization (AERO). The AERO link 112 can be used for tunneling to neighboring nodes over either IPv6 or 113 IPv4 networks, i.e., AERO views the IPv6 and IPv4 networks as 114 equivalent links for tunneling. Nodes attached to AERO links can 115 exchange packets via trusted intermediate routers that provide 116 forwarding services to reach off-link destinations and redirection 117 services for route optimization that addresses the requirements 118 outlined in [RFC5522]. 120 AERO provides an IPv6 link-local address format known as the AERO 121 address that supports operation of the IPv6 Neighbor Discovery (ND) 122 [RFC4861] protocol and links IPv6 ND to IP forwarding. Admission 123 control and provisioning are supported by the Dynamic Host 124 Configuration Protocol for IPv6 (DHCPv6) [RFC3315], and node mobility 125 is naturally supported through dynamic neighbor cache updates. 126 Although DHCPv6 and IPv6 ND message signalling is used in the control 127 plane, either of IPv4 and IPv6 can be used in the data plane. The 128 remainder of this document presents the AERO specification. 130 2. Terminology 132 The terminology in the normative references applies; the following 133 terms are defined within the scope of this document: 135 AERO link 136 a Non-Broadcast, Multiple Access (NBMA) tunnel virtual overlay 137 configured over a node's attached IPv6 and/or IPv4 networks. All 138 nodes on the AERO link appear as single-hop neighbors from the 139 perspective of the virtual overlay. 141 AERO interface 142 a node's attachment to an AERO link. 144 AERO address 145 an IPv6 link-local address constructed as specified in Section 3.2 146 and applied to a Client's AERO interface. 148 AERO node 149 a node that is connected to an AERO link and that participates in 150 IPv6 ND over the link. 152 AERO Client ("Client") 153 a node that applies an AERO address to an AERO interface and 154 receives an IP prefix delegation. 156 AERO Server ("Server") 157 a node that configures an AERO interface to provide default 158 forwarding and DHCPv6 services for AERO Clients. The Server 159 applies the IPv6 link-local subnet router anycast address (fe80::) 160 to the AERO interface and also applies an administratively 161 assigned IPv6 link-local unicast address used for operation of the 162 IPv6 ND protocol. 164 AERO Relay ("Relay") 165 a node that configures an AERO interface to relay IP packets 166 between nodes on the same AERO link and/or forward IP packets 167 between the AERO link and the native Internetwork. The Relay 168 applies an administratively assigned IPv6 link-local unicast 169 address to the AERO interface the same as for a Server. 171 ingress tunnel endpoint (ITE) 172 an AERO interface endpoint that injects tunneled packets into an 173 AERO link. 175 egress tunnel endpoint (ETE) 176 an AERO interface endpoint that receives tunneled packets from an 177 AERO link. 179 underlying network 180 a connected IPv6 or IPv4 network routing region over which the 181 tunnel virtual overlay is configured. 183 underlying interface 184 an AERO node's interface point of attachment to an underlying 185 network. 187 link-layer address 188 an IP address assigned to an AERO node's underlying interface. 189 When UDP encapsulation is used, the UDP port number is also 190 considered as part of the link-layer address. Link-layer 191 addresses are used as the encapsulation header source and 192 destination addresses. 194 network layer address 195 the source or destination address of the encapsulated IP packet. 197 end user network (EUN) 198 an internal virtual or external edge IP network that an AERO 199 Client connects to the rest of the network via the AERO interface. 201 AERO Service Prefix (ASP) 202 an IP prefix associated with the AERO link and from which AERO 203 Client Prefixes (ACPs) are derived (for example, the IPv6 ACP 204 2001:db8:1:2::/64 is derived from the IPv6 ASP 2001:db8::/32). 206 AERO Client Prefix (ACP) 207 a more-specific IP prefix taken from an ASP and delegated to a 208 Client. 210 Throughout the document, the simple terms "Client", "Server" and 211 "Relay" refer to "AERO Client", "AERO Server" and "AERO Relay", 212 respectively. Capitalization is used to distinguish these terms from 213 DHCPv6 client/server/relay. 215 Throughout the document, it is said that an address is "applied" to 216 an AERO interface since the address need not always be "assigned" to 217 the interface in the traditional sense. However, the address must at 218 least be bound to the interface in some fashion for operation of 219 DHCPv6 and the IPv6 ND protocol. 221 The terminology of [RFC4861] (including the names of node variables 222 and protocol constants) applies to this document. Also throughout 223 the document, the term "IP" is used to generically refer to either 224 Internet Protocol version (i.e., IPv4 or IPv6). 226 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 227 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 228 document are to be interpreted as described in [RFC2119]. 230 3. Asymmetric Extended Route Optimization (AERO) 232 The following sections specify the operation of IP over Asymmetric 233 Extended Route Optimization (AERO) links: 235 3.1. AERO Link Reference Model 236 .-(::::::::) 237 .-(:::: IP ::::)-. 238 (:: Internetwork ::) 239 `-(::::::::::::)-' 240 `-(::::::)-' 241 | 242 +--------------+ +------+-------+ +--------------+ 243 |AERO Server S1| | AERO Relay R | |AERO Server S2| 244 | (default->R) | |(C->S1; D->S2)| | (default->R) | 245 | Nbr: A | +-------+------+ | Nbr: B | 246 +-------+------+ | +------+-------+ 247 | | | 248 X---+---+-------------------+------------------+---+---X 249 | AERO Link | 250 +-----+--------+ +--------+-----+ 251 |AERO Client A | |AERO Client B | 252 | default->S1 | | default->S2 | 253 +--------------+ +--------------+ 254 .-. .-. 255 ,-( _)-. ,-( _)-. 256 .-(_ IP )-. .-(_ IP )-. 257 (__ EUN ) (__ EUN ) 258 `-(______)-' `-(______)-' 259 | | 260 +--------+ +--------+ 261 | Host C | | Host D | 262 +--------+ +--------+ 264 Figure 1: AERO Link Reference Model 266 Figure 1 above presents the AERO link reference model. In this 267 model: 269 o Relay R associates with Servers S1 and S2, and connects the link 270 to the rest of the IP Internetwork 272 o Servers S1 and S2 associate with Relay R and also act as default 273 routers for their associated Clients A and B. They further serve 274 as DHCPv6 servers for the delegation of ACPs taken from the AERO 275 link's ASPs 277 o Clients A and B associate with Servers S1 and S2, respectively and 278 also act as default routers for their associated EUNs 280 o Hosts C and D attach to the EUNs served by Clients A and B, 281 respectively 283 In this model, there may be many additional Relays, Servers and 284 Clients. Each Server peers with each Relay in a dynamic routing 285 protocol session to advertise its list of associated Clients. Each 286 Relay advertises the ASPs for the AERO link into the native IP 287 Internetwork and serves as a gateway between the AERO link and the 288 Internetwork. Clients may associate with only a single Server or 289 with multiple Servers, e.g., for fault tolerance and/or load 290 balancing. 292 3.2. AERO Node Types 294 AERO Relays relay packets between nodes connected to the same AERO 295 link and also forward packets between the AERO link and the native 296 Internetwork. The relaying process entails re-encapsulation of IP 297 packets that were received from a first AERO node and are to be 298 forwarded without modification to a second AERO node. AERO Relays 299 present the AERO link to the native Internetwork as a set of one or 300 more ASPs. 302 AERO Servers provide default routing and DHCPv6 services to AERO 303 Clients. AERO Servers configure a DHCPv6 server function to 304 facilitate Prefix Delegation (PD) exchanges with AERO Clients. Each 305 delegated prefix becomes an AERO Client Prefix (ACP) taken from an 306 ASP. 308 AERO Clients act as requesting routers to receive ACPs through DHCPv6 309 PD exchanges with AERO Servers over the AERO link. (Each Client MAY 310 associate with a single Server or with multiple Servers.) Each IPv6 311 AERO Client receives at least a /64 IPv6 ACP, and may receive even 312 shorter prefixes. Similarly, each IPv4 AERO Client receives at least 313 a /32 IPv4 ACP (i.e., a singleton IPv4 address), and may receive even 314 shorter prefixes. 316 AERO Clients that act as routers sub-delegate portions of their ACPs 317 to links on EUNs. End system applications on AERO Clients that act 318 as routers bind to EUN interfaces (i.e., and not the AERO interface). 320 AERO Clients that act as ordinary hosts assign one or more IP 321 addresses from their ACPs to the AERO interface but DO NOT assign the 322 ACP itself to the AERO interface. Instead, the Client assigns the 323 ACP to a "black hole" route so that unused portions of the prefix are 324 nullified. End system applications on AERO Clients that act as hosts 325 bind directly to the AERO interface. 327 3.3. AERO Addresses 329 An AERO address is an IPv6 link-local address with an embedded ACP 330 and applied to a Client's AERO interface. The AERO address is formed 331 as follows: 333 fe80::[ACP] 335 For IPv6, the AERO address begins with the prefix fe80::/64 and 336 includes in its interface identifier the base prefix taken from the 337 Client's IPv6 ACP. The base prefix is determined by masking the ACP 338 with the prefix length. For example, if the AERO Client receives the 339 IPv6 ACP: 341 2001:db8:1000:2000::/56 343 it constructs its AERO address as: 345 fe80::2001:db8:1000:2000 347 For IPv4, the AERO address is formed as an IPv4-mapped IPv6 address 348 [RFC4291] that includes the base prefix taken from the Client's IPv4 349 ACP. For example, if the AERO Client receives the IPv4 ACP: 351 192.0.2.32/28 353 it constructs its AERO address as: 355 fe80::FFFF:192.0.2.32 357 The AERO address remains stable as the Client moves between 358 topological locations, i.e., even if its link-layer addresses change. 360 NOTE: In some cases, prospective neighbors may not have a priori 361 knowledge of the Client's ACP length and may therefore send initial 362 IPv6 ND messages with an AERO destination address that matches the 363 ACP but does not correspond to the base prefix. In that case, the 364 Client MUST accept the address as equivalent to the base address, but 365 then use the base address as the source address of any IPv6 ND 366 message replies. For example, if the Client receives the IPv6 ACP 367 2001:db8:1000:2000::/56 then subsequently receives an IPv6 ND message 368 with destination address fe80::2001:db8:1000:2001, it accepts the 369 message but uses fe80::2001:db8:1000:2000 as the source address of 370 any IPv6 ND replies. 372 3.4. AERO Interface Characteristics 374 AERO interfaces use IP-in-IPv6 encapsulation [RFC2473] to exchange 375 tunneled packets with AERO neighbors attached to an underlying IPv6 376 network, and use IP-in-IPv4 encapsulation [RFC2003][RFC4213] to 377 exchange tunneled packets with AERO neighbors attached to an 378 underlying IPv4 network. AERO interfaces can also coordinate secured 379 tunnel types such as IPsec [RFC4301] or TLS [RFC5246]. When Network 380 Address Translator (NAT) traversal and/or filtering middlebox 381 traversal may be necessary, a UDP header is further inserted 382 immediately above the IP encapsulation header. 384 AERO interfaces maintain a neighbor cache, and AERO Clients and 385 Servers use an adaptation of standard unicast IPv6 ND messaging. 386 AERO interfaces use unicast Neighbor Solicitation (NS), Neighbor 387 Advertisement (NA), Router Solicitation (RS) and Router Advertisement 388 (RA) messages the same as for any IPv6 link. AERO interfaces use two 389 redirection message types -- the first known as a Predirect message 390 and the second being the standard Redirect message (see Section 3.9). 391 AERO links further use link-local-only addressing; hence, AERO nodes 392 ignore any Prefix Information Options (PIOs) they may receive in RA 393 messages. 395 AERO interface ND messages include Target Link-Layer Address Options 396 (TLLAOs) formatted as shown in Figure 2: 398 0 1 2 3 399 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 400 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 401 | Type = 2 | Length = 3 | Reserved | 402 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 403 | Link ID | Preference | UDP Port Number (or 0) | 404 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 405 | | 406 +-- --+ 407 | | 408 +-- IP Address --+ 409 | | 410 +-- --+ 411 | | 412 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 414 Figure 2: AERO Target Link-Layer Address Option (TLLAO) Format 416 In this format, Link ID is an integer value between 0 and 255 417 corresponding to an underlying interface of the target node, and 418 Preference is an integer value between 0 and 255 indicating the 419 node's preference for this underlying interface, with 0 being highest 420 preference and 255 being lowest. UDP Port Number and IP Address are 421 set to the addresses used by the target node when it sends 422 encapsulated packets over the underlying interface. When no UDP 423 encapsulation is used, UDP Port Number is set to 0. When the 424 encapsulation IP address family is IPv4, IP Address is formed as an 425 IPv4-mapped IPv6 address [RFC4291]. 427 When a Relay enables an AERO interface, it applies an 428 administratively assigned link-local address fe80::ID to the 429 interface for communicating with Servers on the link. Each fe80::ID 430 address MUST be unique among all Relays and Servers on the link, and 431 MUST NOT collide with any potential AERO addresses, e.g., the 432 addresses could be assigned as fe80::1, fe80::2, fe80::3, etc. The 433 Relay also maintains an IP forwarding table entry for each Client- 434 Server association and maintains a neighbor cache entry for each 435 Server on the link. Relays do not require the use of IPv6 ND 436 messaging for reachability determination since Relays and Servers 437 engage in a dynamic routing protocol over the AERO interface. At a 438 minimum, however, Relays respond to NS messages by returning an NA. 440 When a Server enables an AERO interface, it applies the address 441 fe80:: to the interface as a link-local Subnet Router Anycast 442 address, and also applies an administratively assigned link-local 443 address fe80::ID to support the operation of DHCPv6 and the IPv6 ND 444 protocol, as well as to communicate with Relays on the link. The 445 Server configures a DHCPv6 server function to facilitate DHCPv6 PD 446 exchanges with AERO Clients. The Server also maintains a neighbor 447 cache entry for each Relay on the link, and also creates per-Client 448 neighbor cache entries whenever it discovers a new Client. At a 449 minimum, when the Server receives an NS/RS messages on the AERO 450 interface it returns an NA/RA message. When the Server receives an 451 IPv6 ND message, it also update timers in existing neighbor cache 452 entries but does not create new neighbor cache entries nor update 453 cached link-layer addresses. Servers also engage in a dynamic 454 routing protocol with all Relays on the link. Finally, the Server 455 provides a simple conduit between Clients and Relays, or between 456 Clients and other Clients. Therefore, packets enter the Server's 457 AERO interface from the link layer and are forwarded back out the 458 link layer without ever leaving the AERO interface and therefore 459 without ever disturbing the network layer. 461 When a Client enables an AERO interface, it invokes DHCPv6 PD to 462 receive an ACP from an AERO Server. Next, it applies the 463 corresponding AERO address to the AERO interface, i.e., the prefix 464 delegation bootstraps the provisioning of a unique link-local 465 address. The Client maintains a neighbor cache entry for each of its 466 Servers and each of its active peer Clients. When the Client 467 receives Redirect/Predirect messages on the AERO interface it updates 468 or creates neighbor cache entries, including link-layer address 469 information. Unsolicited NA messages update the cached link-layer 470 address for the neighbor Client (e.g., following a link-layer address 471 change due to node mobility) but do not create new neighbor cache 472 entries. RA messages as well as NS/NA messages used for Neighbor 473 Unreachability Detection (NUD) update timers in existing neighbor 474 cache entires but do not update link-layer addresses nor create new 475 neighbor cache entries. Redirect, Predirect and unsolicited NA 476 messages SHOULD include a Timestamp option (see Section 5.3 of 477 [RFC3971]) that other AERO nodes can use to verify the message time 478 of origin. Predirect, NS and RS messages SHOULD include a Nonce 479 option (see Section 5.3 of [RFC3971]) that recipients echo back in 480 corresponding responses. Finally, the Client need not maintain any 481 IP forwarding table entries for neighboring Clients. Instead, it can 482 set a single "route-to-interface" default route in the IP forwarding 483 table pointing to the AERO interface, and all forwarding decisions 484 can be made within the AERO interface based on neighbor cache 485 entries. 487 3.4.1. Coordination of Multiple Underlying Interfaces 489 AERO interfaces may be configured over multiple underlying 490 interfaces. For example, common mobile handheld devices have both 491 wireless local area network ("WLAN") and cellular wireless links. 492 These links are typically used "one at a time" with low-cost WLAN 493 preferred and highly-available cellular wireless as a standby. In a 494 more complex example, aircraft frequently have many wireless data 495 link types (e.g. satellite-based, terrestrial, air-to-air 496 directional, etc.) with diverse performance and cost properties. 498 If a Client's multiple underlying interfaces are used "one at a time" 499 (i.e., all other interfaces are in standby mode while one interface 500 is active), then Redirect, Predirect and unsolicited NA messages 501 include only a single TLLAO with Link ID set to 0. 503 If the Client has multiple active underlying interfaces, then from 504 the perspective of IPv6 ND it would appear to have a single link- 505 local address with multiple link-layer addresses. In that case, 506 Redirect, Predirect and unsolicited NA messages MAY include multiple 507 TLLAOs -- each with a different Link ID that corresponds to a 508 specific underlying interface of the Client. Further details on 509 coordination of multiple active underlying interfaces are outside the 510 scope of this specification. 512 3.5. AERO Interface Neighbor Cache Maintenace 514 Each AERO interface maintains a conceptual neighbor cache that 515 includes an entry for each neighbor it communicates with on the AERO 516 link, the same as for any IPv6 interface [RFC4861]. Neighbor cache 517 entries are created and maintained as follows: 519 AERO Relays maintain a permanent neighbor cache entry for each Server 520 on the link, and AERO Servers maintain a permanent neighbor cache 521 entry for each Relay on the link. AERO Clients maintain a neighbor 522 cache entry for each of their associated Servers, and AERO Servers 523 maintain a neighbor cache for each of their associated Clients with a 524 lifetime based on the DHCPv6 lease lifetime. AERO Clients maintain 525 neighbor cache entries for each of their active correspondent Clients 526 with lifetimes based on IPv6 ND messaging constants. 528 When an AERO Server sends a DHCPv6 Reply message to an AERO Client 529 containing a prefix delegation, it creates or updates a neighbor 530 cache entry for the Client based on the AERO address corresponding to 531 the Client's ACP as the network-layer address and with the Client's 532 encapsulation IP address and UDP port number as the link-layer 533 address. The Server also records the ACP's lease lifetime and prefix 534 length in the neighbor cache entry. 536 When an AERO Client receives a DHCPv6 Reply message from an AERO 537 Server, it creates or updates a neighbor cache entry for the Server 538 based on the Reply message link-local source address as the network- 539 layer address, the lease lifetime as the neighbor cache entry 540 lifetime, and the encapsulation IP source address and UDP source port 541 number as the link-layer address. 543 When an AERO Client receives a valid Predirect message it creates or 544 updates a neighbor cache entry for the Predirect target network-layer 545 and link-layer addresses plus prefix length. The node then sets an 546 "AcceptTime" variable for the neighbor and uses this value to 547 determine whether packets received from the predirected neighbor can 548 be accepted. 550 When an AERO Client receives a valid Redirect message it creates or 551 updates a neighbor cache entry for the Redirect target network-layer 552 and link-layer addresses plus prefix length. The node then sets a 553 "ForwardTime" variable for the neighbor and uses this value to 554 determine whether packets can be sent directly to the redirected 555 neighbor. The node also maintains a "Retry" variable to limit the 556 number of keepalives sent when a neighbor may have gone unreachable. 558 When an AERO Client receives a valid NS message corresponding to a 559 neighbor cache entry for another Client, it (re)sets AcceptTime for 560 the neighbor to ACCEPT_TIME. 562 When an AERO Client receives a valid solicited NA message 563 corresponding to a neighbor cache entry for another Client, it 564 (re)sets ForwardTime for the neighbor to FORWARD_TIME and sets Retry 565 to MAX_RETRY. (When an AERO Client receives a valid unsolicited NA 566 message, it updates the neighbor's link-layer address but DOES NOT 567 reset ForwardTime or Retries.) 569 It is RECOMMENDED that FORWARD_TIME be set to the default constant 570 value 30 seconds to match the default REACHABLE_TIME value specified 571 for IPv6 ND [RFC4861]. 573 It is RECOMMENDED that ACCEPT_TIME be set to the default constant 574 value 40 seconds to allow a 10 second window so that the AERO 575 redirection procedure can converge before AcceptTime decrements below 576 FORWARD_TIME. 578 It is RECOMMENDED that MAX_RETRY be set to 3 the same as described 579 for IPv6 ND address resolution in Section 7.3.3 of [RFC4861]. 581 Different values for FORWARD_TIME, ACCEPT_TIME, and MAX_RETRY MAY be 582 administratively set, if necessary, to better match the AERO link's 583 performance characteristics; however, if different values are chosen, 584 all nodes on the link MUST consistently configure the same values. 585 Most importantly, ACCEPT_TIME SHOULD be set to a value that is 586 sufficiently longer than FORWARD_TIME to allow the AERO redirection 587 procedure to converge. 589 For AERO Client<->Server neighbor cache entries, AcceptTime and 590 ForwardTime are set based on the DHCPv6 lease lifetime and may be 591 modified based on the Router Lifetime advertised in the Server's RA 592 messages. 594 3.6. AERO Interface Sending Algorithm 596 When an IP packet enters a Client's AERO interface from the network 597 layer, the Client searches its neighbor cache for an entry with an 598 AERO address that matches the packet's destination address. If there 599 is a match, the Client uses the link-layer address in the neighbor 600 cache entry as the link-layer address for encapsulation then admits 601 the packet into the tunnel. If there is no match, the Client instead 602 uses the link-layer address of a neighboring Server as the link-layer 603 address for encapsulation. (Note that the Client caches the ASPs for 604 the AERO link and can thus search the neighbor cache only for 605 destination addresses that are covered by an ASP.) 606 When an IP packet enters a Server's AERO interface from the link 607 layer, the Server searches for a neighbor cache match the same as for 608 a Client. If there is a match, the Server uses the link-layer 609 address in the neighbor cache entry as the link-layer address for re- 610 encapsulation. If there is no match, the Server instead uses the 611 link-layer address of a neighboring Relay as the link-layer address 612 for encapsulation. Servers also relay Predirect, Redirect and 613 unsolicited Neighbor Advertisement messages received from a Client 614 and with an AERO destination address. If the AERO destination 615 address is the address of a neighbor, the Server changes the link- 616 layer source address to its own address, changes the link-layer 617 destination address to the address of the neighbor and forwards the 618 message to the neighbor. If the AERO destination address is not a 619 neighbor, the Server instead forwards the message to a Relay. When 620 an AERO Relay forwards either a data packet or an IPv6 ND message to 621 an AERO Server, the Server MUST NOT forward the packet back to the 622 same or a different Relay. 624 When an IP packet enters a Relay's AERO interface from the network 625 layer, the Relay searches its IP forwarding table for an entry that 626 is covered by an ASP and also matches the destination. If there is a 627 match, the Relay uses the link-layer address in the neighbor cache 628 entry for the next-hop Server as the link-layer address for 629 encapsulation. When an IP packet enters a Relay's AERO interface 630 from the link-layer, if the destination is not covered by an ASP the 631 Relay forwards the packet to another IP link as indicated by the IP 632 forwarding table. If the destination is covered by an ASP, and there 633 is a more-specific forwarding table entry that matches the 634 destination, the Relay uses the link-layer address in the neighbor 635 cache entry for the next-hop Server as the link-layer address for 636 encapsulation. If there is no more-specific entry, the Relay instead 637 drops the packet. Relays also relay Predirect, Redirect and 638 unsolicited Neighbor Advertisement messages by searching for an IP 639 forwarding table entry that matches the message's AERO destination 640 address. If there is a match, the Relay proxies the packet in the 641 same manner as described for Servers above; otherwise, the Relay 642 drops the packet. When an AERO Server forwards either a data packet 643 or an IPv6 ND message to an AERO Relay, the Relay MUST NOT forward 644 the packet back to the same Server. 646 Note that in the above this tunnel exit determination is often based 647 on consulting the neighbor cache instead of the IP forwarding table. 648 IP forwarding is therefore linked to IPv6 ND via the AERO address. 650 When an AERO node forwards a packet back out the same AERO interface 651 the packet arrived on, the node MUST NOT decrement the network layer 652 TTL/Hop-count. 654 3.7. AERO Interface Encapsulation, Re-encapsulation and Decapsulation 656 AERO interfaces encapsulate IP packets according to whether they are 657 entering the AERO interface from the network layer or if they are 658 being forwarded out the same AERO interface that they arrived on. 659 This latter form of encapsulation is known as "re-encapsulation". 661 AERO interfaces encapsulate packets per the specifications in 662 [RFC2003][RFC2473][RFC4213][RFC4301][RFC5246] (etc.) except that the 663 interface copies the "TTL/Hop Limit", "Type of Service/Traffic Class" 664 and "Congestion Experienced" values in the packet's IP header into 665 the corresponding fields in the encapsulation header. For packets 666 undergoing re-encapsulation, the AERO interface instead copies the 667 "TTL/Hop Limit", "Type of Service/Traffic Class" and "Congestion 668 Experienced" values in the original encapsulation header into the 669 corresponding fields in the new encapsulation header (i.e., the 670 values are transferred between encapsulation headers and *not* copied 671 from the encapsulated packet's network-layer header). 673 When AERO UDP encapsulation is used, the AERO interface encapsulates 674 the packet per the above tunneling specifications except that it 675 inserts a UDP header between the encapsulation header and the 676 packet's IP header. The AERO interface sets the UDP source port to a 677 constant value that it will use in each successive packet it sends, 678 sets the UDP checksum field to zero (see: [RFC6935][RFC6936]) and 679 sets the UDP length field to the length of the IP packet plus 8 bytes 680 for the UDP header itself. For packets sent via a Server, the AERO 681 interface sets the UDP destination port to 8060 (i.e., the IANA- 682 registered port number for AERO) when AERO-only encapsulation is 683 used. For packets sent to a neighboring Client, the AERO interface 684 sets the UDP destination port to the port value stored in the 685 neighbor cache entry for this neighbor. 687 The AERO interface next sets the IP protocol number in the 688 encapsulation header to the appropriate value for the first protocol 689 layer within the encapsulation (e.g., IPv4, IPv6, UDP, IPsec, etc.). 690 When IPv6 is used as the encapsulation protocol, the interface then 691 sets the flow label value in the encapsulation header the same as 692 described in [RFC6438]. When IPv4 is used as the encapsulation 693 protocol, the AERO interface sets the DF bit as discussed in 694 Section 3.7. 696 AERO interfaces decapsulate packets destined either to the node 697 itself or to a destination reached via an interface other than the 698 AERO interface the packet was received on. When AERO UDP 699 encapsulation is used (i.e., when a UDP header with destination port 700 8060 is present) the interface examines the first octet of the 701 encapsulated packet. If the most significant four bits of the first 702 octet encode the value '0110' (i.e., the version number value for 703 IPv6) or the value '0100' (i.e., the version number value for IPv4), 704 the packet is accepted and the encapsulating UDP header is discarded; 705 otherwise, the packet is discarded. 707 Further decapsulation then proceeds according to the appropriate 708 tunnel type per the above specifications. 710 3.8. AERO Interface Data Origin Authentication 712 AERO nodes employ simple data origin authentication procedures for 713 encapsulated packets they receive from other nodes. In particular, 714 AERO Clients accept encapsulated packets with a link-layer source 715 address belonging to one of their current AERO Servers, and AERO 716 Clients and Servers accept encapsulated packets with a link-layer 717 source address that is correct for the network-layer source address. 719 The AERO node considers the link-layer source address correct for the 720 network-layer source address if there is an AERO interface neighbor 721 cache entry with an AERO address that matches the packet's network- 722 layer source address prefix, with a link-layer address that matches 723 the packet's link-layer source address, and AcceptTime is non-zero. 725 An AERO Server also accepts packets with a link-layer source address 726 that matches one of its associated Relays, and an AERO Relay accepts 727 packets with a source address that matches one of its associated 728 Servers. 730 Note that this simple data origin authentication only applies to 731 environments in which link-layer addresses cannot be spoofed. 732 Additional security mitigations may be necessary in other 733 environments. 735 3.9. AERO Interface MTU Considerations 737 The AERO link Maximum Transmission Unit (MTU) is 64KB minus the 738 encapsulation overhead for IPv4 as the link-layer [RFC0791] and 4GB 739 minus the encapsulation overhead for IPv6 as the link layer 740 [RFC2675]. This is the most that IPv4 and IPv6 (respectively) can 741 convey within the constraints of protocol constants, but actual sizes 742 available for tunneling will frequently be much smaller. 744 The base tunneling specifications for IPv4 and IPv6 typically set a 745 static MTU on the tunnel interface to 1500 bytes minus the 746 encapsulation overhead or smaller still if the tunnel is likely to 747 incur additional encapsulations on the path. This can result in path 748 MTU related black holes when packets that are too large to be 749 accommodated over the AERO link are dropped, but the resulting ICMP 750 Packet Too Big (PTB) messages are lost on the return path. As a 751 result, AERO nodes use the following MTU mitigations to accommodate 752 larger packets. 754 AERO nodes set their AERO interface MTU to the larger of the 755 underlying interface MTU minus the encapsulation overhead, and 1500 756 bytes. (If there are multiple underlying interfaces, the node sets 757 the AERO interface MTU according to the largest underlying interface 758 MTU, or 64KB /4G minus the encapsulation overhead if the largest MTU 759 cannot be determined.) AERO nodes optionally cache other per- 760 neighbor MTU values in the underlying IP path MTU discovery cache 761 initialized to the underlying interface MTU. 763 AERO nodes admit packets that are no larger than 1280 bytes minus the 764 encapsulation overhead (*) as well as packets that are larger than 765 1500 bytes into the tunnel without fragmentation, i.e., as long as 766 they are no larger than the AERO interface MTU before encapsulation 767 and also no larger than the cached per-neighbor MTU following 768 encapsulation. For IPv4, the node sets the "Don't Fragment" (DF) bit 769 to 0 for packets no larger than 1280 bytes minus the encapsulation 770 overhead (*) and sets the DF bit to 1 for packets larger than 1500 771 bytes. If a large packet is lost in the path, the node may 772 optionally cache the MTU reported in the resulting PTB message or may 773 ignore the message, e.g., if there is a possibility that the message 774 is spurious. 776 For packets destined to an AERO node that are larger than 1280 bytes 777 minus the encapsulation overhead (*) but no larger than 1500 bytes, 778 the node uses IP fragmentation to fragment the encapsulated packet 779 into two pieces (where the first fragment contains 1024 bytes of the 780 original IP packet) then admits the fragments into the tunnel. If 781 the link-layer protocol is IPv4, the node admits each fragment into 782 the tunnel with DF set to 0 and subject to rate limiting to avoid 783 reassembly errors [RFC4963][RFC6864]. For both IPv4 and IPv6, the 784 node also sends a 1500 byte probe message (**) to the neighbor, 785 subject to rate limiting. 787 To construct a probe, the node prepares an NS message with a Nonce 788 option plus trailing padding octets added to a length of 1500 bytes 789 without including the length of the padding in the IPv6 Payload 790 Length field. The node then encapsulates the NS in the encapsulation 791 headers (while including the length of the padding in the 792 encapsulation header length fields), sets DF to 1 (for IPv4) and 793 sends the padded NS message to the neighbor. If the neighbor returns 794 an NA message with a correct Nonce value, the node may then send 795 whole packets within this size range and (for IPv4) relax the rate 796 limiting requirement. (Note that the trailing padding SHOULD NOT be 797 included within the Nonce option itself but rather as padding beyond 798 the last option in the NS message; otherwise, the (large) Nonce 799 option would be echoed back in the solicited NA message and may be 800 lost at a link with a small MTU along the reverse path.) 802 AERO nodes MUST be capable of reassembling packets up to 1500 bytes 803 plus the encapsulation overhead length. It is therefore RECOMMENDED 804 that AERO nodes be capable of reassembling at least 2KB. 806 (*) Note that if it is known without probing that the minimum Path 807 MTU to an AERO node is MINMTU bytes (where 1280 < MINMTU < 1500) then 808 MINMTU can be used instead of 1280 in the fragmentation threshold 809 considerations listed above. 811 (**) It is RECOMMENDED that no probes smaller than 1500 bytes be used 812 for MTU probing purposes, since smaller probes may be fragmented if 813 there is a nested tunnel somewhere on the path to the neighbor. 814 Probe sizes larger than 1500 bytes MAY be used, but may be 815 unnecessary since original sources are expected to implement 816 [RFC4821] when sending large packets. 818 3.10. AERO Router Discovery, Prefix Delegation and Address 819 Configuration 821 3.10.1. AERO DHCPv6 Service Model 823 Each AERO Server configures a DHCPv6 server function to facilitate PD 824 requests from Clients. Each Server is pre-configured with an 825 identical list of ACP-to-Client ID mappings for all Clients enrolled 826 in the AERO system, as well as any information necessary to 827 authenticate Clients. The configuration information is maintained by 828 a central administrative authority for the AERO link and securely 829 propagated to all Servers whenever a new Client is enrolled or an 830 existing Client is deprecated. 832 With these identical configurations, each Server can function 833 independently of all other Servers, including the maintenance of 834 active leases. Therefore, no Server-to-Server DHCPv6 state 835 synchronization is necessary, and Clients can potentially hold 836 separate leases for the same ACP from multiple Servers. 838 In this way, Clients can easily associate with multiple Servers, and 839 can receive new leases from new Servers before deprecating leases 840 held through old Servers. This gives way to a graceful "make-before- 841 break" capability. 843 3.10.2. AERO Client Behavior 845 AERO Clients discover the link-layer addresses of AERO Servers via 846 static configuration, or through an automated means such as DNS name 847 resolution. In the absence of other information, the Client resolves 848 the Fully-Qualified Domain Name (FQDN) "linkupnetworks.[domainname]" 849 where "linkupnetworks" is a constant text string and "[domainname]" 850 is the connection-specific DNS suffix for the Client's underlying 851 network connection. After discovering the link-layer addresses, the 852 Client associates with one or more of the corresponding Servers. 854 To associate with a Server, the Client acts as a requesting router to 855 request an ACP through DHCPv6 PD [RFC3315][RFC3633][RFC6355] using 856 'fe80::ffff:ffff:ffff:ffff' as the IPv6 source address, 857 'All_DHCP_Relay_Agents_and_Servers' as the IPv6 destination address 858 and the link-layer address of the Server as the link-layer 859 destination address. The Client includes a DHCPv6 Unique Identifier 860 (DUID) in the Client Identifier option of its DHCPv6 messages (as 861 well as a DHCPv6 authentication option if necessary) to identify 862 itself to the DHCPv6 server. If the Client is pre-provisioned with 863 an ACP associated with the AERO service, it MAY also include the ACP 864 in its DHCPv6 PD Request to indicate its preferred ACP to the DHCPv6 865 server. The Client then sends the encapsulated DHCPv6 Solicit/ 866 Request message via an underlying interface. 868 When the Client receives its ACP and the set of ASPs via a DHCPv6 869 Reply from the AERO Server, it creates a neighbor cache entry with 870 the Server's link-local address (i.e., fe80::ID) as the network-layer 871 address and the Server's encapsulation address as the link-layer 872 address. The Client then records the lifetime for the ACP in the 873 neighbor cache entry and marks the neighbor cache entry as "default", 874 i.e., the Client considers the Server as a default router. If the 875 Reply message contains a Vendor-Specific Information Option (see: 876 Section 3.10.3) the Client also caches each ASP in the option. 878 The Client then applies the AERO address to the AERO interface and 879 sub-delegates the ACP to nodes and links within its attached EUNs 880 (the AERO address thereafter remains stable as the Client moves). 881 The Client also assigns a default IP route to the AERO interface as a 882 route-to-interface, i.e., with no explicit next-hop. The next hop 883 will then be determined after a packet has been submitted to the AERO 884 interface by inspecting the neighbor cache (see above). 886 The Client subsequently renews its ACP delegation through each of its 887 Servers by performing DHCPv6 Renew/Reply exchanges with its AERO 888 address as the IPv6 source address, 889 'All_DHCP_Relay_Agents_and_Servers' as the IPv6 destination address, 890 the link-layer address of a Server as the link-layer destination 891 address and the same DUID and authentication information. 893 Since the Client's AERO address is configured from the unique ACP 894 delegation it receives, there is no need for Duplicate Address 895 Detection (DAD) on AERO links. Other nodes maliciously attempting to 896 hijack an authorized Client's AERO address will be denied access to 897 the network by the DHCPv6 server due to an unacceptable link-layer 898 address and/or security parameters (see: Security Considerations). 900 AERO Clients ignore the IP address and UDP port number in any S/TLLAO 901 options in ND messages they receive directly from another AERO 902 Client, but examine the Link ID and Preference values to match the 903 message with the correct link-layer address information. 905 When a source Client forwards a packet to a prospective destination 906 Client (i.e., one for which the packet's destination address is 907 covered by an ASP), the source Client initiates an AERO route 908 optimization procedure as specified in Section 3.12. 910 3.10.3. AERO Server Behavior 912 AERO Servers configure a DHCPv6 server function on their AERO links. 913 AERO Servers arrange to add their encapsulation layer IP addresses 914 (i.e., their link-layer addresses) to the DNS resource records for 915 the FQDN "linkupnetworks.[domainname]" before entering service. 917 When an AERO Server receives a prospective Client's DHCPv6 PD 918 Solicit/Request message, it first authenticates the Client and 919 ignores the request if authentication fails. Otherwise, the Server 920 delegates the ACP then creates a neighbor cache entry for the 921 Client's AERO address with the Client's link-layer address as the 922 link-layer address and with lifetime set to no more than the lease 923 lifetime. The Server then injects the ACP as an IP route into the 924 inter-Server/Relay routing system (see: Section 3.11). Finally, the 925 Server sends a DHCPv6 Reply message to the Client while using 926 fe80::ID as the IPv6 source address, the Client's link-local address 927 as the IPv6 destination address, and the Client's link-layer address 928 as the destination link-layer address. 930 When the Server sends the DHCPv6 Reply message, it also includes a 931 DHCPv6 Vendor-Specific Information Option with 'enterprise-number' 932 set to "TBD" (see: IANA Considerations). The option is formatted as 933 shown in[RFC3315] and with the AERO enterprise-specific format shown 934 in Figure 3: 936 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 937 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 938 | OPTION_VENDOR_OPTS | option-len | 939 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 940 | enterprise-number ("TBD") | 941 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 942 | Reserved | Prefix Length | 943 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 944 | | 945 + ASP (1) + 946 | | 947 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 948 | Reserved | Prefix Length | 949 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 950 | | 951 + ASP (2) + 952 | | 953 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 954 | Reserved | Prefix Length | 955 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 956 | | 957 + ASP (3) + 958 | | 959 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 960 . (etc.) . 961 . . 962 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 964 Figure 3: AERO Vendor-Specific Information Option 966 Per Figure 3, the option includes one or more ASP. The Prefix Length 967 field must contain a value between 0 - 64, and the ASP field contains 968 the IP prefix as it would appear in the interface identifier portion 969 of the corresponding AERO address (see: Section 3.3). 971 After the initial Solicit/Request/Reply exchange, the AERO Server 972 maintains the neighbor cache entry and IP route for the Client as 973 long as the lease lifetime remains current. If the Client issues a 974 Renew/Reply exchange, the Server extends the lifetime. If the Client 975 issues a Release/Reply exchange, or if the Client does not issue a 976 Renew/Reply within the lease lifetime, the Server deletes the 977 neighbor cache entry for the Client and withdraws the IP route from 978 the routing system. 980 3.11. AERO Relay/Server Routing System 982 Relays require full topology information of all Client/Server 983 associations, while individual Servers only require partial topology 984 information, i.e., they only need to know the ACPs associated with 985 their current set of associated Clients. This is accomplished 986 through the use of an internal instance of the Border Gateway 987 Protocol (BGP) [RFC4271] coordinated between Servers and Relays. 988 This internal BGP instance does not interact with the public Internet 989 BGP instance; therefore, the AERO link is presented to the IP 990 Internetwork as a small set of ASPs as opposed to the full set of 991 individual ACPs. 993 In a reference BGP arrangement, each AERO Server is configured as an 994 Autonomous System Border Router (ASBR) for a stub Autonomous System 995 (AS) (possibly using a private AS Number (ASN) [RFC1930]), and each 996 Server further peers with each Relay but does not peer with other 997 Servers. Similarly, Relays need not peer with each other, since they 998 will receive all updates from all Servers and will therefore have a 999 consistent view of the AERO link ACP delegations. 1001 Each Server maintains a working set of associated Clients, and 1002 dynamically announces new ACPs and withdraws departed ACPs in its BGP 1003 updates to Relays. Relays do not send BGP updates to Servers, 1004 however, such that the BGP route reporting is unidirectional from the 1005 Servers to the Relays. 1007 The Relays therefore discover the full topology of the AERO link in 1008 terms of the working set of ACPs associated with each Server, while 1009 the Servers only discover the ACPs of their associated Clients. 1010 Since Clients are expected to remain associated with their current 1011 set of Servers for extended timeframes, the amount of BGP control 1012 messaging between Servers and Relays should be minimal. However, BGP 1013 peers SHOULD dampen any route oscillations caused by impatient 1014 Clients that repeatedly associate and disassociate with Servers. 1016 3.12. AERO Redirection 1018 3.12.1. Reference Operational Scenario 1020 Figure 4 depicts the AERO redirection reference operational scenario, 1021 using IPv6 addressing as the example (while not shown, a 1022 corresponding example for IPv4 addressing can be easily constructed). 1023 The figure shows an AERO Relay ('R'), two AERO Servers ('S1', 'S2'), 1024 two AERO Clients ('A', 'B') and two ordinary IPv6 hosts ('C', 'D'): 1026 +--------------+ +--------------+ +--------------+ 1027 | Server S1 | | Relay R | | Server S2 | 1028 | Nbr: A | |(C->S1; D->S2)| | Nbr: B | 1029 +--------------+ +--------------+ +--------------+ 1030 fe80::2 fe80::1 fe80::3 1031 L2(S1) L2(R) L2(S2) 1032 | | | 1033 X-----+-----+------------------+-----------------+----+----X 1034 | AERO Link | 1035 L2(A) L2(B) 1036 fe80::2001:db8:0:0 fe80::2001:db8:1:0 1037 +--------------+ +--------------+ 1038 | AERO Client A| | AERO Client B| 1039 | (default->S1)| | (default->S2)| 1040 +--------------+ +--------------+ 1041 2001:DB8:0::/48 2001:DB8:1::/48 1042 | | 1043 .-. .-. 1044 ,-( _)-. 2001:db8:0::1 2001:db8:1::1 ,-( _)-. 1045 .-(_ IP )-. +---------+ +---------+ .-(_ IP )-. 1046 (__ EUN )--| Host C | | Host D |--(__ EUN ) 1047 `-(______)-' +---------+ +---------+ `-(______)-' 1049 Figure 4: AERO Reference Operational Scenario 1051 In Figure 4, Relay ('R') applies the address fe80::1 to its AERO 1052 interface with link-layer address L2(R), Server ('S1') applies the 1053 address fe80::2 with link-layer address L2(S1),and Server ('S2') 1054 applies the address fe80::3 with link-layer address L2(S2). Servers 1055 ('S1') and ('S2') next arrange to add their link-layer addresses to a 1056 published list of valid Servers for the AERO link. 1058 AERO Client ('A') receives the ACP 2001:db8:0::/48 in a DHCPv6 PD 1059 exchange via AERO Server ('S1') then assigns the address 1060 fe80::2001:db8:0:0 to its AERO interface with link-layer address 1061 L2(A). Client ('A') configures a default route and neighbor cache 1062 entry via the AERO interface with next-hop address fe80::2 and link- 1063 layer address L2(S1), then sub-delegates the ACP to its attached 1064 EUNs. IPv6 host ('C') connects to the EUN, and configures the 1065 address 2001:db8:0::1. 1067 AERO Client ('B') receives the ACP 2001:db8:1::/48 in a DHCPv6 PD 1068 exchange via AERO Server ('S2') then assigns the address 1069 fe80::2001:db8:1:0 to its AERO interface with link-layer address 1070 L2(B). Client ('B') configures a default route and neighbor cache 1071 entry via the AERO interface with next-hop address fe80::3 and link- 1072 layer address L2(S2), then sub-delegates the ACP to its attached 1073 EUNs. IPv6 host ('D') connects to the EUN, and configures the 1074 address 2001:db8:1::1. 1076 3.12.2. Concept of Operations 1078 Again, with reference to Figure 4, when source host ('C') sends a 1079 packet to destination host ('D'), the packet is first forwarded over 1080 the source host's attached EUN to Client ('A'). Client ('A') then 1081 forwards the packet via its AERO interface to Server ('S1') and also 1082 sends a Predirect message toward Client ('B') via Server ('S1'). 1083 Server ('S1') then re-encapsulates and forwards both the packet and 1084 the Predirect message out the same AERO interface toward Client ('B') 1085 via Relay ('R'). 1087 When Relay ('R') receives the packet and Predirect message, it 1088 consults its forwarding table to discover Server ('S2') as the next 1089 hop toward Client ('B'). Relay ('R') then forwards both messages to 1090 Server ('S2'), which then forwards them to Client ('B'). 1092 After Client ('B') receives the Predirect message, it process the 1093 message and returns a Redirect message toward Client ('A') via Server 1094 ('S2'). During the process, Client ('B') also creates or updates a 1095 neighbor cache entry for Client ('A'). 1097 When Server ('S2') receives the Redirect message, it re-encapsulates 1098 the message and forwards it on to Relay ('R'), which forwards the 1099 message on to Server ('S1') which forwards the message on to Client 1100 ('A'). After Client ('A') receives the Redirect message, it 1101 processes the message and creates or updates a neighbor cache entry 1102 for Client ('C'). 1104 Following the above Predirect/Redirect message exchange, forwarding 1105 of packets from Client ('A') to Client ('B') without involving any 1106 intermediate nodes is enabled. The mechanisms that support this 1107 exchange are specified in the following sections. 1109 3.12.3. Message Format 1111 AERO Redirect/Predirect messages use the same format as for ICMPv6 1112 Redirect messages depicted in Section 4.5 of [RFC4861], but also 1113 include a new "Prefix Length" field taken from the low-order 8 bits 1114 of the Redirect message Reserved field. (For IPv6, valid values for 1115 the Prefix Length field are 0 through 64; for IPv4, valid values are 1116 0 through 32.) The Redirect/Predirect messages are formatted as 1117 shown in Figure 5: 1119 0 1 2 3 1120 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1121 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1122 | Type (=137) | Code (=0/1) | Checksum | 1123 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1124 | Reserved | Prefix Length | 1125 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1126 | | 1127 + + 1128 | | 1129 + Target Address + 1130 | | 1131 + + 1132 | | 1133 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1134 | | 1135 + + 1136 | | 1137 + Destination Address + 1138 | | 1139 + + 1140 | | 1141 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1142 | Options ... 1143 +-+-+-+-+-+-+-+-+-+-+-+- 1145 Figure 5: AERO Redirect/Predirect Message Format 1147 3.12.4. Sending Predirects 1149 When a Client forwards a packet with a source address from one of its 1150 ACPs toward a destination address covered by an ASP (i.e., toward 1151 another AERO Client connected to the same AERO link), the source 1152 Client MAY send a Predirect message forward toward the destination 1153 Client via the Server. 1155 In the reference operational scenario, when Client ('A') forwards a 1156 packet toward Client ('B'), it MAY also send a Predirect message 1157 forward toward Client ('B'), subject to rate limiting (see 1158 Section 8.2 of [RFC4861]). Client ('A') prepares the Predirect 1159 message as follows: 1161 o the link-layer source address is set to 'L2(A)' (i.e., the link- 1162 layer address of Client ('A')). 1164 o the link-layer destination address is set to 'L2(S1)' (i.e., the 1165 link-layer address of Server ('S1')). 1167 o the network-layer source address is set to fe80::2001:db8:0:0 1168 (i.e., the AERO address of Client ('A')). 1170 o the network-layer destination address is set to fe80::2001:db8:1:0 1171 (i.e., the AERO address of Client ('B')). 1173 o the Type is set to 137. 1175 o the Code is set to 1 to indicate "Predirect". 1177 o the Prefix Length is set to the length of the prefix to be applied 1178 to the Target Address. 1180 o the Target Address is set to fe80::2001:db8:0:0 (i.e., the AERO 1181 address of Client ('A')). 1183 o the Destination Address is set to the source address of the 1184 originating packet that triggered the Predirection event. (If the 1185 originating packet is an IPv4 packet, the address is constructed 1186 in IPv4-compatible IPv6 address format). 1188 o the message includes a TLLAO with Link ID and Preference set to 1189 appropriate values for Client ('A')'s underlying interface, and 1190 with UDP Port Number and IP Address set to 0'. 1192 o the message SHOULD include a Timestamp option. 1194 o the message includes a Redirected Header Option (RHO) that 1195 contains the originating packet truncated to ensure that at least 1196 the network-layer header is included but the size of the message 1197 does not exceed 1280 bytes. 1199 Note that the act of sending Predirect messages is cited as "MAY", 1200 since Client ('A') may have advanced knowledge that the direct path 1201 to Client ('B') would be unusable. If the direct path later becomes 1202 unusable after the initial route optimization, Client ('A') simply 1203 allows packets to again flow through Server ('S1'). 1205 3.12.5. Re-encapsulating and Relaying Predirects 1207 When Server ('S1') receives a Predirect message from Client ('A'), it 1208 first verifies that the requested redirection is authorized. If the 1209 redirection is not permitted, Server ('S1') discards the message. 1210 Otherwise, Server ('S1') validates the message according to the 1211 ICMPv6 Redirect message validation rules in Section 8.1 of [RFC4861], 1212 except that the Predirect has Code=1. Server ('S1') also verifies 1213 that Client ('A') is authorized to use the Prefix Length in the 1214 Predirect when applied to the AERO address in the network-layer 1215 source address by searching for the AERO address in the neighbor 1216 cache. If validation fails, Server ('S1') discards the Predirect; 1217 otherwise, it copies the correct UDP Port number and IP Address for 1218 Client ('A') into the (previously empty) TLLAO. 1220 Server ('S1') then examines the network-layer destination address of 1221 the Predirect to determine the next hop toward Client ('B') by 1222 searching for the AERO address in the neighbor cache. Since Client 1223 ('B') is not one of its neighbors, Server ('S1') re-encapsulates the 1224 Predirect and relays it via Relay ('R') by changing the link-layer 1225 source address of the message to 'L2(S1)' and changing the link-layer 1226 destination address to 'L2(R)'. Server ('S1') finally forwards the 1227 re-encapsulated message to Relay ('R') without decrementing the 1228 network-layer TTL/Hop Limit field. 1230 When Relay ('R') receives the Predirect message from Server ('S1') it 1231 determines that Server ('S2') is the next hop toward Client ('B') by 1232 consulting its forwarding table. Relay ('R') then re-encapsulates 1233 the Predirect while changing the link-layer source address to 'L2(R)' 1234 and changing the link-layer destination address to 'L2(S2)'. Relay 1235 ('R') then relays the Predirect via Server ('S2'). 1237 When Server ('S2') receives the Predirect message from Relay ('R') it 1238 determines that Client ('B') is a neighbor by consulting its neighbor 1239 cache. Server ('S2') then re-encapsulates the Predirect while 1240 changing the link-layer source address to 'L2(S2)' and changing the 1241 link-layer destination address to 'L2(B)'. Server ('S2') then 1242 forwards the message to Client ('B'). 1244 3.12.6. Processing Predirects and Sending Redirects 1246 When Client ('B') receives the Predirect message, it accepts the 1247 Predirect only if the message has a link-layer source address of one 1248 of its Servers (e.g., L2(S2)). Client ('B') further accepts the 1249 message only if it is willing to serve as a redirection target. 1250 Next, Client ('B') validates the message according to the ICMPv6 1251 Redirect message validation rules in Section 8.1 of [RFC4861], except 1252 that it accepts the message even though Code=1 and even though the 1253 network-layer source address is not that of it's current first-hop 1254 router. 1256 In the reference operational scenario, when Client ('B') receives a 1257 valid Predirect message, it either creates or updates a neighbor 1258 cache entry that stores the Target Address of the message as the 1259 network-layer address of Client ('A') , stores the link-layer address 1260 found in the TLLAO as the link-layer address(es) of Client ('A') and 1261 stores the Prefix Length as the length to be applied to the network- 1262 layer address for forwarding purposes. Client ('B') then sets 1263 AcceptTime for the neighbor cache entry to ACCEPT_TIME. 1265 After processing the message, Client ('B') prepares a Redirect 1266 message response as follows: 1268 o the link-layer source address is set to 'L2(B)' (i.e., the link- 1269 layer address of Client ('B')). 1271 o the link-layer destination address is set to 'L2(S2)' (i.e., the 1272 link-layer address of Server ('S2')). 1274 o the network-layer source address is set to fe80::2001:db8:1:0 1275 (i.e., the AERO address of Client ('B')). 1277 o the network-layer destination address is set to fe80::2001:db8:0:0 1278 (i.e., the AERO address of Client ('A')). 1280 o the Type is set to 137. 1282 o the Code is set to 0 to indicate "Redirect". 1284 o the Prefix Length is set to the length of the prefix to be applied 1285 to the Target Address. 1287 o the Target Address is set to fe80::2001:db8:1:0 (i.e., the AERO 1288 address of Client ('B')). 1290 o the Destination Address is set to the destination address of the 1291 originating packet that triggered the Redirection event. (If the 1292 originating packet is an IPv4 packet, the address is constructed 1293 in IPv4-compatible IPv6 address format). 1295 o the message includes a TLLAO with Link ID and Preference set to 1296 appropriate values for Client ('B')'s underlying interface, and 1297 with UDP Port Number and IP Address set to '0'. 1299 o the message SHOULD include a Timestamp option. 1301 o the message includes as much of the RHO copied from the 1302 corresponding AERO Predirect message as possible such that at 1303 least the network-layer header is included but the size of the 1304 message does not exceed 1280 bytes. 1306 After Client ('B') prepares the Redirect message, it sends the 1307 message to Server ('S2'). 1309 3.12.7. Re-encapsulating and Relaying Redirects 1311 When Server ('S2') receives a Redirect message from Client ('B'), it 1312 first verifies that the requested redirection is authorized. If the 1313 redirection is not permitted, Server ('S2') discards the message. 1314 Otherwise, Server ('S2') validates the message according to the 1315 ICMPv6 Redirect message validation rules in Section 8.1 of [RFC4861]. 1316 Server ('S2') also verifies that Client ('B') is authorized to use 1317 the Prefix Length in the Redirect when applied to the AERO address in 1318 the network-layer source address by searching for the AERO address in 1319 the neighbor cache. If validation fails, Server ('S2') discards the 1320 Predirect; otherwise, it copies the correct UDP Port number and IP 1321 Address for Client ('B') into the (previously empty) TLLAO. 1323 Server ('S2') then examines the network-layer destination address of 1324 the Predirect to determine the next hop toward Client ('A') by 1325 searching for the AERO address in the neighbor cache. Since Client 1326 ('A') is not one of its neighbors, Server ('S2') re-encapsulates the 1327 Predirect and relays it via Relay ('R') by changing the link-layer 1328 source address of the message to 'L2(S2)' and changing the link-layer 1329 destination address to 'L2(R)'. Server ('S2') finally forwards the 1330 re-encapsulated message to Relay ('R') without decrementing the 1331 network-layer TTL/Hop Limit field. 1333 When Relay ('R') receives the Predirect message from Server ('S2') it 1334 determines that Server ('S1') is the next hop toward Client ('A') by 1335 consulting its forwarding table. Relay ('R') then re-encapsulates 1336 the Predirect while changing the link-layer source address to 'L2(R)' 1337 and changing the link-layer destination address to 'L2(S1)'. Relay 1338 ('R') then relays the Predirect via Server ('S1'). 1340 When Server ('S1') receives the Predirect message from Relay ('R') it 1341 determines that Client ('A') is a neighbor by consulting its neighbor 1342 cache. Server ('S1') then re-encapsulates the Predirect while 1343 changing the link-layer source address to 'L2(S1)' and changing the 1344 link-layer destination address to 'L2(A)'. Server ('S1') then 1345 forwards the message to Client ('A'). 1347 3.12.8. Processing Redirects 1349 When Client ('A') receives the Redirect message, it accepts the 1350 message only if it has a link-layer source address of one of its 1351 Servers (e.g., ''L2(S1)'). Next, Client ('A') validates the message 1352 according to the ICMPv6 Redirect message validation rules in 1353 Section 8.1 of [RFC4861], except that it accepts the message even 1354 though the network-layer source address is not that of it's current 1355 first-hop router. Following validation, Client ('A') then processes 1356 the message as follows. 1358 In the reference operational scenario, when Client ('A') receives the 1359 Redirect message, it either creates or updates a neighbor cache entry 1360 that stores the Target Address of the message as the network-layer 1361 address of Client ('B'), stores the link-layer address found in the 1362 TLLAO as the link-layer address of Client ('B') and stores the Prefix 1363 Length as the length to be applied to the network-layer address for 1364 forwarding purposes. Client ('A') then sets ForwardTime for the 1365 neighbor cache entry to FORWARD_TIME. 1367 Now, Client ('A') has a neighbor cache entry with a valid ForwardTime 1368 value, while Client ('B') has a neighbor cache entry with a valid 1369 AcceptTime value. Thereafter, Client ('A') may forward ordinary 1370 network-layer data packets directly to Client ("B") without involving 1371 any intermediate nodes, and Client ('B') can verify that the packets 1372 came from an acceptable source. (In order for Client ('B') to 1373 forward packets to Client ('A'), a corresponding Predirect/Redirect 1374 message exchange is required in the reverse direction; hence, the 1375 mechanism is asymmetric.) 1377 3.12.9. Server-Oriented Redirection 1379 In some environments, the Server nearest the destination Client may 1380 need to serve as the redirection target, e.g., if direct Client-to- 1381 Client communications are not possible. In that case, the Server 1382 prepares the Redirect message the same as if it were the destination 1383 Client (see: Section 3.9.6), except that it writes its own link-layer 1384 address in the TLLAO option. The Server must then maintain a 1385 neighbor cache entry for the redirected source Client. 1387 3.13. Neighbor Unreachability Detection (NUD) 1389 AERO nodes perform NUD by sending unicast NS messages to elicit 1390 solicited NA messages from neighbors the same as described in 1391 [RFC4861]. When an AERO node sends an NS/NA message, it MUST use its 1392 AERO address as the IPv6 source address and the link-local address of 1393 the neighbor as the IPv6 destination address. When an AERO node 1394 receives an NS message or a solicited NA message, it accepts the 1395 message if it has a neighbor cache entry for the neighbor; otherwise, 1396 it ignores the message. 1398 When a source Client is redirected to a target Client it SHOULD test 1399 the direct path by sending an initial NS message to elicit a 1400 solicited NA response. While testing the path, the source Client can 1401 optionally continue sending packets via the Server, maintain a small 1402 queue of packets until target reachability is confirmed, or 1403 (optimistically) allow packets to flow directly to the target. The 1404 source Client SHOULD thereafter continue to test the direct path to 1405 the target Client (see Section 7.3 of [RFC4861]) periodically in 1406 order to keep neighbor cache entries alive. 1408 In particular, while the source Client is actively sending packets to 1409 the target Client it SHOULD also send NS messages separated by 1410 RETRANS_TIMER milliseconds in order to receive solicited NA messages. 1411 If the source Client is unable to elicit a solicited NA response from 1412 the target Client after MAX_RETRY attempts, it SHOULD set ForwardTime 1413 to 0 and resume sending packets via the Server which may or may not 1414 result in a new redirection event. Otherwise, the source Client 1415 considers the path usable and SHOULD thereafter process any link- 1416 layer errors as a hint that the direct path to the target Client has 1417 either failed or has become intermittent. 1419 When a target Client receives an NS message from a source Client, it 1420 resets AcceptTime to ACCEPT_TIME if a neighbor cache entry exists; 1421 otherwise, it discards the NS message. 1423 When a source Client receives a solicited NA message from a target 1424 Client, it resets ForwardTime to FORWARD_TIME if a neighbor cache 1425 entry exists; otherwise, it discards the NA message. 1427 When ForwardTime for a neighbor cache entry expires, the source 1428 Client resumes sending any subsequent packets via the Server and may 1429 (eventually) attempt to re-initiate the AERO redirection process. 1430 When AcceptTime for a neighbor cache entry expires, the target Client 1431 discards any subsequent packets received directly from the source 1432 Client. When both ForwardTime and AcceptTime for a neighbor cache 1433 entry expire, the Client deletes the neighbor cache entry. 1435 3.14. Mobility Management 1437 3.14.1. Announcing Link-Layer Address Changes 1439 When a Client needs to change its link-layer address, e.g., due to a 1440 mobility event, it performs an immediate DHCPv6 Rebind/Reply via each 1441 of its Servers using the new link-layer address as the source. The 1442 Server will re-authenticate the Client and (assuming authentication 1443 succeeds) update its neighbor cache and send a DHCPv6 Reply. 1445 Next, the Client sends unsolicited NA messages to each of its active 1446 neighbors using the same procedures as specified in Section 7.2.6 of 1447 [RFC4861], except that it sends the messages as unicast to each 1448 neighbor via a Server instead of multicast. In this process, the 1449 Client should send no more than MAX_NEIGHBOR_ADVERTISEMENT messages 1450 separated by no less than RETRANS_TIMER seconds to each neighbor. 1452 With reference to Figure 4, Client ('B') sends unicast unsolicited NA 1453 messages to Client ('A') via Server ('S2') as follows: 1455 o the link-layer source address is set to 'L2(B)' (i.e., the link- 1456 layer address of Client ('B')). 1458 o the link-layer destination address is set to 'L2(S2)' (i.e., the 1459 link-layer address of Server ('S2')). 1461 o the network-layer source address is set to fe80::2001:db8:1:0 1462 (i.e., the AERO address of Client ('B')). 1464 o the network-layer destination address is set to fe80::2001:db8:0:0 1465 (i.e., the AERO address of Client ('A')). 1467 o the Type is set to 136. 1469 o the Code is set to 0. 1471 o the Solicited flag is set to 0. 1473 o the Override flag is set to 1. 1475 o the Target Address is set to fe80::2001:db8:1:0 (i.e., the AERO 1476 address of Client ('B')). 1478 o the message includes a TLLAO with Link ID and Preference set to 1479 appropriate values for Client ('B')'s underlying interface, and 1480 with UDP Port Number and IP Address set to '0'. 1482 o the message SHOULD include a Timestamp option. 1484 When Server ('S1') receives the NA message, it relays the message in 1485 the same way as described for relaying Redirect messages in 1486 Section 3.12.7. In particular, Server ('S1') copies the correct UDP 1487 port number and IP address into the TLLAO, changes the link-layer 1488 source address to its own address, changes the link-layer destination 1489 address to the address of Relay ('R'), then forwards the NA message 1490 via the relaying chain the same as for a Redirect. 1492 When Client ('A') receives the NA message, it accepts the message 1493 only if it already has a neighbor cache entry for Client ('B') then 1494 updates the link-layer address for Client ('B') based on the address 1495 in the TLLAO. However, Client ('A') MUST NOT update ForwardTime 1496 since Client ('B') will not have updated AcceptTime. 1498 Note that these unsolicited NA messages are unacknowledged; hence, 1499 Client ('B') has no way of knowing whether Client ('A') has received 1500 them. If the messages are somehow lost, however, Client ('A') will 1501 soon learn of the mobility event via the NUD procedures specified in 1502 Section 3.13. 1504 3.14.2. Moving to a New Server 1506 When a Client associates with a new Server, it issues a new DHCPv6 1507 Solicit/Request message to the new Server. If authentication 1508 succeeds, the Server updates its neighbor cache and issues a DHCPv6 1509 Reply containing the Client's ACP. 1511 When a Client disassociates with an existing Server, it sends a 1512 DHCPv6 Release message to the old Server. When the old Server 1513 receives the DHCPv6 Release, it first authenticates the message. If 1514 the message, is authentic, the old Server withdraws the IP route from 1515 the routing system and deletes the neighbor cache entry for the 1516 Client. The old Server then returns a DHCPv6 Reply message which the 1517 Client can use to verify that the termination signal has been 1518 processed. The client then deletes both the default route and the 1519 neighbor cache entry for the old Server. The old Server SHOULD 1520 impose a small delay before deleting the neighbor cache entry so that 1521 any packets already in the system can still be delivered to the 1522 Client. 1524 Clients SHOULD NOT move rapidly between Servers in order to avoid 1525 causing unpredictable oscillations in the Server/Relay routing 1526 system. Such oscillations could result in intermittent reachability 1527 for the Client itself, while causing little harm to the network due 1528 to routing protocol dampening. Examples of when a Client might wish 1529 to change to a different Server include a Server that has gone 1530 unreachable, topological movements of significant distance, etc. 1532 3.15. Encapsulation Protocol Version Considerations 1534 A source Client may connect only to an IPvX underlying network, while 1535 the target Client connects only to an IPvY underlying network. In 1536 that case, the target and source Clients have no means for reaching 1537 each other directly (since they connect to underlying networks of 1538 different IP protocol versions) and so must ignore any redirection 1539 messages and continue to send packets via the Server. 1541 3.16. Multicast Considerations 1543 When the underlying network does not support multicast, AERO nodes 1544 map IPv6 link-scoped multicast addresses (including 1545 'All_DHCP_Relay_Agents_and_Servers') to the link-layer address of a 1546 Server. 1548 When the underlying network supports multicast, AERO nodes use the 1549 multicast address mapping specification found in [RFC2529] for IPv4 1550 underlying networks and use a direct multicast mapping for IPv6 1551 underlying networks. (In the latter case, "direct multicast mapping" 1552 means that if the IPv6 multicast destination address of the 1553 encapsulated packet is "M", then the IPv6 multicast destination 1554 address of the encapsulating header is also "M".) 1556 3.17. Operation on AERO Links Without DHCPv6 Services 1558 When the AERO link does not provide DHCPv6 services, operation can 1559 still be accommodated through administrative configuration of ACPs on 1560 AERO Clients. In that case, administrative configurations of AERO 1561 interface neighbor cache entries on both the Server and Client are 1562 also necessary. However, this may interfere with the ability for 1563 Clients to dynamically change to new Servers, and can expose the AERO 1564 link to misconfigurations unless the administrative configurations 1565 are carefully coordinated. 1567 3.18. Operation on Server-less AERO Links 1569 In some AERO link scenarios, there may be no Servers on the link and/ 1570 or no need for Clients to use a Server as an intermediary trust 1571 anchor. In that case, each Client acts as a Server unto itself to 1572 establish neighbor cache entries by performing direct Client-to- 1573 Client Predirect/Redirect exchanges, and some other form of trust 1574 basis must be applied so that each Client can verify that the 1575 prospective neighbor is authorized to use its claimed ACP. 1577 When there is no Server on the link, Clients must arrange to receive 1578 ACPs and publish them via a secure alternate prefix delegation 1579 authority through some means outside the scope of this document. 1581 4. Implementation Status 1583 An application-layer implementation is in progress. 1585 5. IANA Considerations 1587 The IANA is instructed to assign a 4-octet Enterprise Number "TBD" 1588 for AERO in the "enterprise-numbers" registry per [RFC3315]. 1590 6. Security Considerations 1592 AERO link security considerations are the same as for standard IPv6 1593 Neighbor Discovery [RFC4861] except that AERO improves on some 1594 aspects. In particular, AERO uses a trust basis between Clients and 1595 Servers, where the Clients only engage in the AERO mechanism when it 1596 is facilitated by a trust anchor. AERO also uses DHCPv6 1597 authentication for Client authentication and network admission 1598 control. 1600 AERO links must be protected against link-layer address spoofing 1601 attacks in which an attacker on the link pretends to be a trusted 1602 neighbor. Links that provide link-layer securing mechanisms (e.g., 1603 IEEE 802.1X WLANs) and links that provide physical security (e.g., 1604 enterprise network wired LANs) provide a first line of defense that 1605 is often sufficient. In other instances, additional securing 1606 mechanisms such as Secure Neighbor Discovery (SeND) [RFC3971], IPsec 1607 [RFC4301] or TLS [RFC5246] may be necessary. 1609 AERO Clients MUST ensure that their connectivity is not used by 1610 unauthorized nodes on EUNs to gain access to a protected network, 1611 i.e., AERO Clients that act as routers MUST NOT provide routing 1612 services for unauthorized nodes. (This concern is no different than 1613 for ordinary hosts that receive an IP address delegation but then 1614 "share" the address with unauthorized nodes via a NAT function.) 1616 On some AERO links, establishment and maintenance of a direct path 1617 between neighbors requires secured coordination such as through the 1618 Internet Key Exchange (IKEv2) protocol [RFC5996] to establish a 1619 security association. 1621 7. Acknowledgements 1623 Discussions both on IETF lists and in private exchanges helped shape 1624 some of the concepts in this work. Individuals who contributed 1625 insights include Mikael Abrahamsson, Fred Baker, Stewart Bryant, 1626 Brian Carpenter, Wojciech Dec, Ralph Droms, Brian Haberman, Joel 1627 Halpern, Sascha Hlusiak, Lee Howard, Andre Kostur, Ted Lemon, Joe 1628 Touch and Bernie Volz. Members of the IESG also provided valuable 1629 input during their review process that greatly improved the document. 1630 Special thanks go to Stewart Bryant, Joel Halpern and Brian Haberman 1631 for their shepherding guidance. 1633 This work has further been encouraged and supported by Boeing 1634 colleagues including Keith Bartley, Dave Bernhardt, Cam Brodie, 1635 Balaguruna Chidambaram, Claudiu Danilov, Wen Fang, Anthony Gregory, 1636 Jeff Holland, Ed King, Gen MacLean, Kent Shuey, Brian Skeen, Mike 1637 Slane, Julie Wulff, Yueli Yang, and other members of the BR&T and BIT 1638 mobile networking teams. 1640 Earlier works on NBMA tunneling approaches are found in 1641 [RFC2529][RFC5214][RFC5569]. 1643 8. References 1645 8.1. Normative References 1647 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, 1648 August 1980. 1650 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1651 1981. 1653 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 1654 RFC 792, September 1981. 1656 [RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003, 1657 October 1996. 1659 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1660 Requirement Levels", BCP 14, RFC 2119, March 1997. 1662 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1663 (IPv6) Specification", RFC 2460, December 1998. 1665 [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in 1666 IPv6 Specification", RFC 2473, December 1998. 1668 [RFC3315] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., 1669 and M. Carney, "Dynamic Host Configuration Protocol for 1670 IPv6 (DHCPv6)", RFC 3315, July 2003. 1672 [RFC3633] Troan, O. and R. Droms, "IPv6 Prefix Options for Dynamic 1673 Host Configuration Protocol (DHCP) version 6", RFC 3633, 1674 December 2003. 1676 [RFC3971] Arkko, J., Kempf, J., Zill, B., and P. Nikander, "SEcure 1677 Neighbor Discovery (SEND)", RFC 3971, March 2005. 1679 [RFC4213] Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms 1680 for IPv6 Hosts and Routers", RFC 4213, October 2005. 1682 [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 1683 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 1684 September 2007. 1686 [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless 1687 Address Autoconfiguration", RFC 4862, September 2007. 1689 [RFC6434] Jankiewicz, E., Loughney, J., and T. Narten, "IPv6 Node 1690 Requirements", RFC 6434, December 2011. 1692 8.2. Informative References 1694 [RFC0879] Postel, J., "TCP maximum segment size and related topics", 1695 RFC 879, November 1983. 1697 [RFC1930] Hawkinson, J. and T. Bates, "Guidelines for creation, 1698 selection, and registration of an Autonomous System (AS)", 1699 BCP 6, RFC 1930, March 1996. 1701 [RFC2529] Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4 1702 Domains without Explicit Tunnels", RFC 2529, March 1999. 1704 [RFC2675] Borman, D., Deering, S., and R. Hinden, "IPv6 Jumbograms", 1705 RFC 2675, August 1999. 1707 [RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway 1708 Protocol 4 (BGP-4)", RFC 4271, January 2006. 1710 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 1711 Architecture", RFC 4291, February 2006. 1713 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1714 Internet Protocol", RFC 4301, December 2005. 1716 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 1717 Discovery", RFC 4821, March 2007. 1719 [RFC4963] Heffner, J., Mathis, M., and B. Chandler, "IPv4 Reassembly 1720 Errors at High Data Rates", RFC 4963, July 2007. 1722 [RFC4994] Zeng, S., Volz, B., Kinnear, K., and J. Brzozowski, 1723 "DHCPv6 Relay Agent Echo Request Option", RFC 4994, 1724 September 2007. 1726 [RFC5214] Templin, F., Gleeson, T., and D. Thaler, "Intra-Site 1727 Automatic Tunnel Addressing Protocol (ISATAP)", RFC 5214, 1728 March 2008. 1730 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1731 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 1733 [RFC5494] Arkko, J. and C. Pignataro, "IANA Allocation Guidelines 1734 for the Address Resolution Protocol (ARP)", RFC 5494, 1735 April 2009. 1737 [RFC5522] Eddy, W., Ivancic, W., and T. Davis, "Network Mobility 1738 Route Optimization Requirements for Operational Use in 1739 Aeronautics and Space Exploration Mobile Networks", RFC 1740 5522, October 2009. 1742 [RFC5569] Despres, R., "IPv6 Rapid Deployment on IPv4 1743 Infrastructures (6rd)", RFC 5569, January 2010. 1745 [RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen, 1746 "Internet Key Exchange Protocol Version 2 (IKEv2)", RFC 1747 5996, September 2010. 1749 [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful 1750 NAT64: Network Address and Protocol Translation from IPv6 1751 Clients to IPv4 Servers", RFC 6146, April 2011. 1753 [RFC6204] Singh, H., Beebee, W., Donley, C., Stark, B., and O. 1754 Troan, "Basic Requirements for IPv6 Customer Edge 1755 Routers", RFC 6204, April 2011. 1757 [RFC6355] Narten, T. and J. Johnson, "Definition of the UUID-Based 1758 DHCPv6 Unique Identifier (DUID-UUID)", RFC 6355, August 1759 2011. 1761 [RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label 1762 for Equal Cost Multipath Routing and Link Aggregation in 1763 Tunnels", RFC 6438, November 2011. 1765 [RFC6691] Borman, D., "TCP Options and Maximum Segment Size (MSS)", 1766 RFC 6691, July 2012. 1768 [RFC6706] Templin, F., "Asymmetric Extended Route Optimization 1769 (AERO)", RFC 6706, August 2012. 1771 [RFC6864] Touch, J., "Updated Specification of the IPv4 ID Field", 1772 RFC 6864, February 2013. 1774 [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and 1775 UDP Checksums for Tunneled Packets", RFC 6935, April 2013. 1777 [RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement 1778 for the Use of IPv6 UDP Datagrams with Zero Checksums", 1779 RFC 6936, April 2013. 1781 [RFC6939] Halwasia, G., Bhandari, S., and W. Dec, "Client Link-Layer 1782 Address Option in DHCPv6", RFC 6939, May 2013. 1784 [RFC6980] Gont, F., "Security Implications of IPv6 Fragmentation 1785 with IPv6 Neighbor Discovery", RFC 6980, August 2013. 1787 [RFC7078] Matsumoto, A., Fujisaki, T., and T. Chown, "Distributing 1788 Address Selection Policy Using DHCPv6", RFC 7078, January 1789 2014. 1791 Author's Address 1793 Fred L. Templin (editor) 1794 Boeing Research & Technology 1795 P.O. Box 3707 1796 Seattle, WA 98124 1797 USA 1799 Email: fltemplin@acm.org