idnits 2.17.1 

draft-templin-rfc4214bis-05.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** It looks like you're using RFC 3978 boilerplate.  You should update this
     to the boilerplate described in the IETF Trust License Policy document
     (see https://trustee.ietf.org/license-info), which is required now.

  -- Found old boilerplate from RFC 3978, Section 5.1 on line 18.

  -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on
     line 641.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 652.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 659.

  -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 665.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust Copyright Line does not match the
     current year

  == The document seems to lack the recommended RFC 2119 boilerplate, even if
     it appears to use RFC 2119 keywords. 

     (The document does seem to have the reference to RFC 2119 which the
     ID-Checklist requires).
  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (September 7, 2007) is 6074 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  == Missing Reference: 'STD13' is mentioned on line 340, but not defined

  ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200)

  ** Obsolete normative reference: RFC 2461 (Obsoleted by RFC 4861)

  ** Obsolete normative reference: RFC 2462 (Obsoleted by RFC 4862)

  -- Obsolete informational reference (is this intentional?): RFC 3041
     (Obsoleted by RFC 4941)

  -- Obsolete informational reference (is this intentional?): RFC 4294
     (Obsoleted by RFC 6434)


     Summary: 4 errors (**), 0 flaws (~~), 3 warnings (==), 9 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                         F. Templin
3	Internet-Draft                                      Boeing Phantom Works
4	Intended status: Informational                                T. Gleeson
5	Expires: March 10, 2008                               Cisco Systems K.K.
6	                                                               D. Thaler
7	                                                   Microsoft Corporation
8	                                                       September 7, 2007

10	        Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
11	                    draft-templin-rfc4214bis-05.txt

13	Status of this Memo

15	   By submitting this Internet-Draft, each author represents that any
16	   applicable patent or other IPR claims of which he or she is aware
17	   have been or will be disclosed, and any of which he or she becomes
18	   aware will be disclosed, in accordance with Section 6 of BCP 79.

20	   Internet-Drafts are working documents of the Internet Engineering
21	   Task Force (IETF), its areas, and its working groups.  Note that
22	   other groups may also distribute working documents as Internet-
23	   Drafts.

25	   Internet-Drafts are draft documents valid for a maximum of six months
26	   and may be updated, replaced, or obsoleted by other documents at any
27	   time.  It is inappropriate to use Internet-Drafts as reference
28	   material or to cite them other than as "work in progress."

30	   The list of current Internet-Drafts can be accessed at
31	   http://www.ietf.org/ietf/1id-abstracts.txt.

33	   The list of Internet-Draft Shadow Directories can be accessed at
34	   http://www.ietf.org/shadow.html.

36	   This Internet-Draft will expire on March 10, 2008.

38	Copyright Notice

40	   Copyright (C) The IETF Trust (2007).

42	Abstract

44	   The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) connects
45	   dual-stack (IPv6/IPv4) nodes over IPv4 networks.  ISATAP views the
46	   IPv4 network as a link layer for IPv6 and supports an automatic
47	   tunneling abstraction similar to the Non-Broadcast Multiple Access
48	   (NBMA) model.

50	Table of Contents

52	   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
53	   2.  Requirements . . . . . . . . . . . . . . . . . . . . . . . . .  3
54	   3.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
55	   4.  Domain of Applicability  . . . . . . . . . . . . . . . . . . .  4
56	   5.  Node Requirements  . . . . . . . . . . . . . . . . . . . . . .  4
57	   6.  Addressing Requirements  . . . . . . . . . . . . . . . . . . .  4
58	     6.1.  ISATAP Interface Identifiers . . . . . . . . . . . . . . .  4
59	     6.2.  ISATAP Interface Address Configuration . . . . . . . . . .  5
60	     6.3.  Multicast/Anycast  . . . . . . . . . . . . . . . . . . . .  5
61	   7.  Automatic Tunneling  . . . . . . . . . . . . . . . . . . . . .  5
62	     7.1.  Encapsulation  . . . . . . . . . . . . . . . . . . . . . .  6
63	     7.2.  Handling ICMPv4 Errors . . . . . . . . . . . . . . . . . .  6
64	     7.3.  Decapsulation  . . . . . . . . . . . . . . . . . . . . . .  6
65	     7.4.  Link-Local Addresses . . . . . . . . . . . . . . . . . . .  6
66	     7.5.  Neighbor Discovery over Tunnels  . . . . . . . . . . . . .  6
67	   8.  Neighbor Discovery for ISATAP Interfaces . . . . . . . . . . .  7
68	     8.1.  Conceptual Model of a Host . . . . . . . . . . . . . . . .  7
69	     8.2.  Router and Prefix Discovery - Router Specification . . . .  7
70	     8.3.  Router and Prefix Discovery - Host Specification . . . . .  7
71	       8.3.1.  Host Variables . . . . . . . . . . . . . . . . . . . .  7
72	       8.3.2.  Potential Router List Initialization . . . . . . . . .  8
73	       8.3.3.  Processing Received Router Advertisements  . . . . . .  8
74	       8.3.4.  Sending Router Solicitations . . . . . . . . . . . . .  8
75	     8.4.  Neighbor Unreachability Detection  . . . . . . . . . . . .  9
76	   9.  Site Administration Considerations . . . . . . . . . . . . . .  9
77	   10. Security Considerations  . . . . . . . . . . . . . . . . . . .  9
78	   11. IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
79	   12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
80	   13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
81	     13.1. Normative References . . . . . . . . . . . . . . . . . . . 11
82	     13.2. Informative References . . . . . . . . . . . . . . . . . . 12
83	   Appendix A.  Modified EUI-64 Addresses in the IANA Ethernet
84	                Address Block . . . . . . . . . . . . . . . . . . . . 12
85	   Appendix B.  Changes since RFC4214 . . . . . . . . . . . . . . . . 13
86	   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13
87	   Intellectual Property and Copyright Statements . . . . . . . . . . 15

89	1.  Introduction

91	   This document specifies a simple mechanism called the Intra-Site
92	   Automatic Tunnel Addressing Protocol (ISATAP) that connects dual-
93	   stack (IPv6/IPv4) nodes over IPv4 networks.  Dual-stack nodes use
94	   ISATAP to automatically tunnel IPv6 packets in IPv4, i.e., ISATAP
95	   views the IPv4 network as a link layer for IPv6.

97	   ISATAP enables automatic tunneling whether global or private IPv4
98	   addresses are used, and presents a Non-Broadcast Multiple Access
99	   (NBMA) abstraction similar to [RFC2491][RFC2492][RFC2529][RFC3056].

101	   The main objectives of this document are to: 1) describe the domain
102	   of applicability, 2) specify addressing requirements, 3) specify
103	   automatic tunneling using ISATAP, 4) specify the operation of IPv6
104	   Neighbor Discovery over ISATAP interfaces, and 5) discuss Site
105	   Administration, Security, and IANA considerations.

107	2.  Requirements

109	   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
110	   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
111	   document, are to be interpreted as described in [RFC2119].

113	   This document also uses internal conceptual variables to describe
114	   protocol behavior and external variables that an implementation must
115	   allow system administrators to change.  The specific variable names,
116	   how their values change, and how their settings influence protocol
117	   behavior are provided in order to demonstrate protocol behavior.  An
118	   implementation is not required to have them in the exact form
119	   described here, as long as its external behavior is consistent with
120	   that described in this document.

122	3.  Terminology

124	   The terminology of [RFC2460][RFC2461] applies to this document.  The
125	   following additional terms are defined:

127	   ISATAP node/host/router:
128	      A dual-stack (IPv6/IPv4) node/host/router that implements the
129	      specifications in this document.

131	   ISATAP interface:
132	      An ISATAP node's Non-Broadcast Multi-Access (NBMA) IPv6 interface,
133	      used for automatic tunneling of IPv6 packets in IPv4.

135	   ISATAP interface identifier:
136	      An IPv6 interface identifier with an embedded IPv4 address
137	      constructed as specified in Section 6.1.

139	   ISATAP address:
140	      An IPv6 unicast address that matches an on-link prefix on an
141	      ISATAP interface of the node, and that includes an ISATAP
142	      interface identifier.

144	   locator:
145	      An IPv4 address-to-interface mapping; i.e., a node's IPv4 address
146	      and its associated interface.

148	   locator set:
149	      A set of locators associated with an ISATAP interface.  Each
150	      locator in the set belongs to the same site.

152	4.  Domain of Applicability

154	   The domain of applicability for this technical specification is
155	   automatic tunneling of IPv6 packets in IPv4 for ISATAP nodes within
156	   sites that observe the security considerations found in this
157	   document, including host-to-router, router-to-host, and host-to-host
158	   automatic tunneling in certain enterprise networks and 3GPP/3GPP2
159	   wireless operator networks.  (Other scenarios with a sufficient trust
160	   basis ensured by the mechanisms specified in this document also fall
161	   within this domain of applicability.)

163	   Extensions to the above domain of applicability (e.g., by combining
164	   the mechanisms in this document with those in other technical
165	   specifications) are out of the scope of this document.

167	5.  Node Requirements

169	   ISATAP nodes observe the common functionality requirements for IPv6
170	   nodes found in [RFC4294] and the requirements for dual IP layer
171	   operation found in [RFC4213], Section 2.  They also implement the
172	   additional features specified in this document.

174	6.  Addressing Requirements

176	6.1.  ISATAP Interface Identifiers

178	   ISATAP interface identifiers are constructed in Modified EUI-64
179	   format per [RFC4291], Section 2.5.1 by concatenating the 24-bit IANA
180	   OUI (00-00-5E), the 8-bit hexadecimal value 0xFE, and a 32-bit IPv4
181	   address in network byte order as follows:

183	   |0              1|1              3|3                              6|
184	   |0              5|6              1|2                              3|
185	   +----------------+----------------+--------------------------------+
186	   |000000ug00000000|0101111011111110|mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm|
187	   +----------------+----------------+--------------------------------+

189	   When the IPv4 address is known to be globally unique, the "u" bit
190	   (universal/local) is set to 1; otherwise, the "u" bit is set to 0.
191	   "g" is the individual/group bit, and "m" are the bits of the IPv4
192	   address.

194	   Per [RFC4291], Section 2.5.1, ISATAP nodes are not required to
195	   validate that interface identifiers created with modified EUI-64
196	   tokens with the "u" bit set to universal are unique.

198	6.2.  ISATAP Interface Address Configuration

200	   Each ISATAP interface configures a set of locators consisting of IPv4
201	   address-to-interface mappings from a single site; i.e., an ISATAP
202	   interface's locator set MUST NOT span multiple sites.

204	   When an IPv4 address is removed from an interface, the corresponding
205	   locator SHOULD be removed from its associated locator set(s).  When a
206	   new IPv4 address is assigned to an interface, the corresponding
207	   locator MAY be added to the appropriate locator set(s).

209	   ISATAP interfaces form ISATAP interface identifiers from IPv4
210	   addresses in their locator set and use them to create link-local
211	   ISATAP addresses ([RFC2462], Section 5.3).

213	6.3.  Multicast/Anycast

215	   It is not possible to assume the general availability of wide-area
216	   IPv4 multicast, so (unlike 6over4 [RFC2529]) ISATAP must assume that
217	   its underlying IPv4 carrier network only has unicast capability.
218	   Support for IPv6 multicast over ISATAP interfaces is not described in
219	   this document.

221	   Similarly, support for Reserved IPv6 Subnet Anycast Addresses is not
222	   described in this document.

224	7.  Automatic Tunneling

226	   ISATAP interfaces use the basic tunneling mechanisms specified in

228	   [RFC4213], Section 3.  The following sub-sections describe additional
229	   specifications.

231	7.1.  Encapsulation

233	   ISATAP addresses are mapped to a link-layer address by a static
234	   computation; i.e., the last four octets are treated as an IPv4
235	   address.

237	7.2.  Handling ICMPv4 Errors

239	   ISATAP interfaces SHOULD process ARP failures and persistent ICMPv4
240	   errors as link-specific information indicating that a path to a
241	   neighbor may have failed ([RFC2461], Section 7.3.3).

243	7.3.  Decapsulation

245	   The specification in [RFC4213], Section 3.6 is used.  Additionally,
246	   when an ISATAP node receives an IPv4 protocol 41 datagram that does
247	   not belong to a configured tunnel interface, it determines whether
248	   the packet's IPv4 destination address and arrival interface match a
249	   locator configured in an ISATAP interface's locator set.

251	   If an ISATAP interface that configures a matching locator is found,
252	   the decapsulator MUST verify that the packet's IPv4 source address is
253	   correct for the encapsulated IPv6 source address.  The IPv4 source
254	   address is correct if:

256	   o  the IPv6 source address is an ISATAP address that embeds the IPv4
257	      source address in its interface identifier, or

259	   o  the IPv4 source address is a member of the Potential Router List
260	      (see Section 8.1).

262	   Packets for which the IPv4 source address is incorrect for this
263	   ISATAP interface are checked to determine whether they belong to
264	   another tunnel interface.

266	7.4.  Link-Local Addresses

268	   ISATAP interfaces use link-local addresses constructed as specified
269	   in Section 6 of this document.

271	7.5.  Neighbor Discovery over Tunnels

273	   ISATAP interfaces use the specifications for neighbor discovery found
274	   in the following section of this document.

276	8.  Neighbor Discovery for ISATAP Interfaces

278	   ISATAP interfaces use the neighbor discovery mechanisms specified in
279	   [RFC2461].  The following sub-sections describe specifications that
280	   are also implemented.

282	8.1.  Conceptual Model of a Host

284	   To the list of Conceptual Data Structures ([RFC2461], Section 5.1),
285	   ISATAP interfaces add the following:

287	   Potential Router List (PRL)
288	      A set of entries about potential routers; used to support router
289	      and prefix discovery.  Each entry ("PRL(i)") has an associated
290	      timer ("TIMER(i)"), and an IPv4 address ("V4ADDR(i)") that
291	      represents a router's advertising ISATAP interface.

293	8.2.  Router and Prefix Discovery - Router Specification

295	   Advertising ISATAP interfaces send Solicited Router Advertisement
296	   messages as specified in [RFC2461], Section 6.2.6 except that the
297	   messages are sent directly to the soliciting node; i.e., they might
298	   not be received by other nodes on the link.

300	8.3.  Router and Prefix Discovery - Host Specification

302	   The Host Specification in [RFC2461], Section 6.3 is used.  The
303	   following sub-sections describe specifications added by ISATAP
304	   interfaces.

306	8.3.1.  Host Variables

308	   To the list of host variables ([RFC2461], Section 6.3.2), ISATAP
309	   interfaces add the following:

311	   PrlRefreshInterval
312	      Time in seconds between successive refreshments of the PRL after
313	      initialization.  The designated value of all ones (0xffffffff)
314	      represents infinity.

316	      Default: 3600 seconds

318	   MinRouterSolicitInterval
319	      Minimum time in seconds between successive solicitations of the
320	      same advertising ISATAP interface.  The designated value of all
321	      ones (0xffffffff) represents infinity.

323	8.3.2.  Potential Router List Initialization

325	   ISATAP nodes initialize an ISATAP interface's PRL with IPv4 addresses
326	   acquired via manual configuration, a DNS Fully Qualified Domain Name
327	   (FQDN) [RFC1035], a DHCPv4 [RFC2131] vendor-specific option, or an
328	   unspecified alternate method.  Domain names are acquired via manual
329	   configuration, receipt of a DHCPv4 Domain Name option [RFC2132], or
330	   an unspecified alternate method.  FQDNs are resolved into IPv4
331	   addresses through a static host file lookup, querying the DNS
332	   service, querying a site-specific name service, or with an
333	   unspecified alternate method.

335	   After initializing an ISATAP interface's PRL, the node sets a timer
336	   for the interface to PrlRefreshInterval seconds and re-initializes
337	   the interface's PRL as specified above when the timer expires.  When
338	   an FQDN is used, and when it is resolved via a service that includes
339	   TTLs with the IPv4 addresses returned (e.g., DNS 'A' resource records
340	   [STD13]), the timer SHOULD be set to the minimum of
341	   PrlRefreshInterval and the minimum TTL returned.  (Zero-valued TTLs
342	   are interpreted to mean that the PRL is re-initialized before each
343	   Router Solicitation event; see Section 8.3.4.)

345	8.3.3.  Processing Received Router Advertisements

347	   To the list of checks for validating Router Advertisement messages
348	   ([RFC2461], Section 6.1.1), ISATAP interfaces add the following:

350	   o  IP Source Address is a link-local ISATAP address that embeds
351	      V4ADDR(i) for some PRL(i).

353	   Valid Router Advertisements received on an ISATAP interface are
354	   processed as specified in [RFC2461], Section 6.3.4.

356	8.3.4.  Sending Router Solicitations

358	   To the list of events after which Router Solicitation messages may be
359	   sent ([RFC2461], Section 6.3.7), ISATAP interfaces add the following:

361	   o  TIMER(i) for some PRL(i) expires.

363	   Since unsolicited Router Advertisements may be incomplete and/or
364	   absent, ISATAP nodes MAY schedule periodic Router Solicitation events
365	   for certain PRL(i)s by setting the corresponding TIMER(i).

367	   When periodic Router Solicitation events are scheduled, the node
368	   SHOULD set TIMER(i) so that the next event will refresh remaining
369	   lifetimes stored for PRL(i) before they expire, including the Router
370	   Lifetime, Valid Lifetimes received in Prefix Information Options, and
371	   Route Lifetimes received in Route Information Options [RFC4191].
372	   TIMER(i) MUST be set to no less than MinRouterSolicitInterval seconds
373	   where MinRouterSolicitInterval is configurable for the node, or for a
374	   specific PRL(i), with a conservative default value (e.g., 2 minutes).

376	   When TIMER(i) expires, the node sends Router Solicitation messages as
377	   specified in [RFC2461], Section 6.3.7 except that the messages are
378	   sent directly to PRL(i); i.e., they might not be received by other
379	   routers.  While the node continues to require periodic Router
380	   Solicitation events for PRL(i), and while PRL(i) continues to act as
381	   a router, the node resets TIMER(i) after each expiration event as
382	   described above.

384	8.4.  Neighbor Unreachability Detection

386	   ISATAP hosts SHOULD perform Neighbor Unreachability Detection
387	   ([RFC2461], Section 7.3).  ISATAP routers MAY perform neighbor
388	   unreachability detection, but this might not scale in all
389	   environments.

391	   After address resolution, ISATAP hosts SHOULD perform an initial
392	   reachability confirmation by sending Neighbor Solicitation messages
393	   and receiving a Neighbor Advertisement message.  ISATAP routers MAY
394	   perform this initial reachability confirmation, but this might not
395	   scale in all environments.

397	9.  Site Administration Considerations

399	   Site administrators maintain a Potential Router List (PRL) of IPv4
400	   addresses representing advertising ISATAP interfaces of routers.

402	   The PRL is commonly maintained as an FQDN for the ISATAP service in
403	   the site's name service (see Section 8.3.2).  There are no mandatory
404	   rules for the selection of the FQDN, but site administrators are
405	   encouraged to use the convention "isatap.domainname" (e.g.,
406	   isatap.example.com).

408	   When the site's name service includes TTLs with the IPv4 addresses
409	   returned, site administrators SHOULD configure the TTLs with
410	   conservative values to minimize control traffic.

412	10.  Security Considerations

414	   Implementers should be aware that, in addition to possible attacks
415	   against IPv6, security attacks against IPv4 must also be considered.
416	   Use of IP security at both IPv4 and IPv6 levels should nevertheless
417	   be avoided, for efficiency reasons.  For example, if IPv6 is running
418	   encrypted, encryption of IPv4 would be redundant unless traffic
419	   analysis is felt to be a threat.  If IPv6 is running authenticated,
420	   then authentication of IPv4 will add little.  Conversely, IPv4
421	   security will not protect IPv6 traffic once it leaves the ISATAP
422	   domain.  Therefore, implementing IPv6 security is required even if
423	   IPv4 security is available.

425	   The threats associated with IPv6 Neighbor Discovery are described in
426	   [RFC3756].

428	   There is a possible spoofing attack in which spurious ip-protocol-41
429	   packets are injected into an ISATAP link from outside.  Since an
430	   ISATAP link spans an entire IPv4 site, restricting access to the link
431	   can be achieved by restricting access to the site; i.e., by having
432	   site border routers implement IPv4 ingress filtering and
433	   ip-protocol-41 filtering.

435	   Another possible spoofing attack involves spurious ip-protocol-41
436	   packets injected from within an ISATAP link by a node pretending to
437	   be a router.  The Potential Router List (PRL) provides a list of IPv4
438	   addresses representing advertising ISATAP interfaces of routers that
439	   hosts use in filtering decisions.  Site administrators should ensure
440	   that the PRL is kept up to date, and that the resolution mechanism
441	   (see Section 9) cannot be subverted.

443	   The use of temporary addresses [RFC3041] and Cryptographically
444	   Generated Addresses [RFC3972] on ISATAP interfaces is outside the
445	   scope of this specification.

447	11.  IANA Considerations

449	   The IANA has specified the format for Modified EUI-64 address
450	   construction ([RFC4291], Appendix A) in the IANA Ethernet Address
451	   Block.  The text in Appendix A of this document has been offered as
452	   an example specification.  The current version of the IANA registry
453	   for Ether Types can be accessed at:

455	   http://www.iana.org/assignments/ethernet-numbers

457	12.  Acknowledgements

459	   The ideas in this document are not original, and the authors
460	   acknowledge the original architects.  Portions of this work were
461	   sponsored through SRI International, Nokia and Boeing internal
462	   projects and government contracts.  Government sponsors include
463	   Monica Farah Stapleton and Russell Langan (U.S. Army CECOM ASEO), and
464	   Dr. Allen Moshfegh (U.S. Office of Naval Research).  SRI
465	   International sponsors include Dr. Mike Frankel, J. Peter
466	   Marcotullio, Lou Rodriguez, and Dr. Ambatipudi Sastry.

468	   The following are acknowledged for providing peer review input: Jim
469	   Bound, Rich Draves, Cyndi Jung, Ambatipudi Sastry, Aaron Schrader,
470	   Ole Troan, and Vlad Yasevich.

472	   The following are acknowledged for their significant contributions:
473	   Marcelo Albuquerque, Brian Carpenter, Alain Durand, Hannu Flinck,
474	   Jason Goldschmidt, Christian Huitema, Nathan Lutchansky, Karen
475	   Nielsen, Mohan Parthasarathy, Chirayu Patel, Art Shelest, Markku
476	   Savela, Pekka Savola, Margaret Wasserman, Brian Zill and members of
477	   the IETF ipv6 and v6ops working groups.  Mohit Talwar contributed to
478	   earlier versions of this document.

480	   The authors acknowledge the work done by Brian Carpenter and Cyndi
481	   Jung in RFC2529 that introduced the concept of intra-site automatic
482	   tunneling.  This concept was later called: "Virtual Ethernet" and
483	   researched by Quang Nguyen under the guidance of Dr. Lixia Zhang.

485	13.  References

487	13.1.  Normative References

489	   [RFC1035]  Mockapetris, P., "Domain names - implementation and
490	              specification", STD 13, RFC 1035, November 1987.

492	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
493	              Requirement Levels", BCP 14, RFC 2119, March 1997.

495	   [RFC2131]  Droms, R., "Dynamic Host Configuration Protocol",
496	              RFC 2131, March 1997.

498	   [RFC2132]  Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
499	              Extensions", RFC 2132, March 1997.

501	   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
502	              (IPv6) Specification", RFC 2460, December 1998.

504	   [RFC2461]  Narten, T., Nordmark, E., and W. Simpson, "Neighbor
505	              Discovery for IP Version 6 (IPv6)", RFC 2461,
506	              December 1998.

508	   [RFC2462]  Thomson, S. and T. Narten, "IPv6 Stateless Address
509	              Autoconfiguration", RFC 2462, December 1998.

511	   [RFC4213]  Nordmark, E. and R. Gilligan, "Basic Transition Mechanisms
512	              for IPv6 Hosts and Routers", RFC 4213, October 2005.

514	   [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing
515	              Architecture", RFC 4291, February 2006.

517	13.2.  Informative References

519	   [RFC2491]  Armitage, G., Schulter, P., Jork, M., and G. Harter, "IPv6
520	              over Non-Broadcast Multiple Access (NBMA) networks",
521	              RFC 2491, January 1999.

523	   [RFC2492]  Armitage, G., Schulter, P., and M. Jork, "IPv6 over ATM
524	              Networks", RFC 2492, January 1999.

526	   [RFC2529]  Carpenter, B. and C. Jung, "Transmission of IPv6 over IPv4
527	              Domains without Explicit Tunnels", RFC 2529, March 1999.

529	   [RFC3041]  Narten, T. and R. Draves, "Privacy Extensions for
530	              Stateless Address Autoconfiguration in IPv6", RFC 3041,
531	              January 2001.

533	   [RFC3056]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains
534	              via IPv4 Clouds", RFC 3056, February 2001.

536	   [RFC3756]  Nikander, P., Kempf, J., and E. Nordmark, "IPv6 Neighbor
537	              Discovery (ND) Trust Models and Threats", RFC 3756,
538	              May 2004.

540	   [RFC3972]  Aura, T., "Cryptographically Generated Addresses (CGA)",
541	              RFC 3972, March 2005.

543	   [RFC4191]  Draves, R. and D. Thaler, "Default Router Preferences and
544	              More-Specific Routes", RFC 4191, November 2005.

546	   [RFC4294]  Loughney, J., "IPv6 Node Requirements", RFC 4294,
547	              April 2006.

549	Appendix A.  Modified EUI-64 Addresses in the IANA Ethernet Address
550	             Block

552	   Modified EUI-64 addresses ([RFC4291], Section 2.5.1 and Appendix A)
553	   in the IANA Ethernet Address Block are formed by concatenating the
554	   24-bit IANA OUI (00-00-5E) with a 40-bit extension identifier and
555	   inverting the "u" bit; i.e., the "u" bit is set to one (1) to
556	   indicate universal scope and set to zero (0) to indicate local scope.

558	   Modified EUI-64 addresses have the following appearance in memory
559	   (bits transmitted right-to-left within octets, octets transmitted
560	   left-to-right):

562	   0                       23                                        63
563	   |        OUI            |            extension identifier         |
564	   000000ug00000000 01011110xxxxxxxx xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx

566	   When the first two octets of the extension identifier encode the
567	   hexadecimal value 0xFFFE, the remainder of the extension identifier
568	   encodes a 24-bit vendor-supplied id as follows:

570	   0                       23               39                       63
571	   |        OUI            |     0xFFFE     |   vendor-supplied id   |
572	   000000ug00000000 0101111011111111 11111110xxxxxxxx xxxxxxxxxxxxxxxx

574	   When the first octet of the extension identifier encodes the
575	   hexadecimal value 0xFE, the remainder of the extension identifier
576	   encodes a 32-bit IPv4 address as follows:

578	   0                       23      31                                63
579	   |        OUI            |  0xFE |           IPv4 address          |
580	   000000ug00000000 0101111011111110 xxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxx

582	Appendix B.  Changes since RFC4214

584	   (RFC Editor Note: this section to be deleted before publication as an
585	   RFC.)

587	   o  noted that ISATAP nodes are not required to validate that
588	      interface identifiers with the 'u' bit set to universal are
589	      unique.

591	   o  clarifications on Potential Router List initialization.

593	   o  clarifications in neighbor unreachability detection.

595	   o  updated acknowledgements; corrected historical background.

597	   o  updated references.

599	Authors' Addresses

601	   Fred L. Templin
602	   Boeing Phantom Works
603	   P.O. Box 3707 MC 7L-49
604	   Seattle, WA  98124
605	   USA

607	   Email: fred.l.templin@boeing.com

609	   Tim Gleeson
610	   Cisco Systems K.K.
611	   Shinjuku Mitsui Building
612	   2-1-1 Nishishinjuku, Shinjuku-ku
613	   Tokyo  163-0409
614	   Japan

616	   Email: tgleeson@cisco.com

618	   Dave Thaler
619	   Microsoft Corporation
620	   One Microsoft Way
621	   Redmond, WA  98052-6399
622	   US

624	   Phone: +1 425 703 8835
625	   Email: dthaler@microsoft.com

627	Full Copyright Statement

629	   Copyright (C) The IETF Trust (2007).

631	   This document is subject to the rights, licenses and restrictions
632	   contained in BCP 78, and except as set forth therein, the authors
633	   retain all their rights.

635	   This document and the information contained herein are provided on an
636	   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
637	   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
638	   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
639	   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
640	   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
641	   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

643	Intellectual Property

645	   The IETF takes no position regarding the validity or scope of any
646	   Intellectual Property Rights or other rights that might be claimed to
647	   pertain to the implementation or use of the technology described in
648	   this document or the extent to which any license under such rights
649	   might or might not be available; nor does it represent that it has
650	   made any independent effort to identify any such rights.  Information
651	   on the procedures with respect to rights in RFC documents can be
652	   found in BCP 78 and BCP 79.

654	   Copies of IPR disclosures made to the IETF Secretariat and any
655	   assurances of licenses to be made available, or the result of an
656	   attempt made to obtain a general license or permission for the use of
657	   such proprietary rights by implementers or users of this
658	   specification can be obtained from the IETF on-line IPR repository at
659	   http://www.ietf.org/ipr.

661	   The IETF invites any interested party to bring to its attention any
662	   copyrights, patents or patent applications, or other proprietary
663	   rights that may cover technology that may be required to implement
664	   this standard.  Please address the information to the IETF at
665	   ietf-ipr@ietf.org.

667	Acknowledgment

669	   Funding for the RFC Editor function is provided by the IETF
670	   Administrative Support Activity (IASA).